COMPASS 6.3 migration guide

COMPASS Version 6.2, 6.3, 6.4 © General Re Corporation 2021 - 2026. All Rights Reserved (created: 2025-08-22 generated: 2026-07-10)

Please follow the steps to migrate from COMPASS 6.2 to 6.3.

1. Update the environment

  • Update Java from version 11 to 17

  • Update Application Server (Tomcat / Wildfly / …​ ) only if required. We tested COMPASS 6.3 with Tomcat Server. COMPASS 6.3 cannot run with Tomcat 9.x version as it needs Jakarta EE dependencies. Therefore Tomcat server has to be updated to 10.1.x version in order to run COMPASS 6.3

2. Update the configuration

2.1 Update RuleManagerService configuration (RuleManagerService.properties / RuleManagerService.yaml)

Properties to be deleted

  • compass.security.oauthServerUrl

  • compass.security.resource_id

  • compass.security.clientSecret

  • compass.security.tokenValidationTimeout

Properties to be added

  • springdoc.api-docs.version=openapi_3_1

  • Used for Swagger Documentation.

  • rulemanager.security.authServerUrl

  • define the COMPASS 6.3 Authorization server URL / Keycloak Authorization server URL Example:

  • For Keycloak: rulemanager.security.authServerUrl=https://localhost:8085/realms/Compass

  • For COMPASS 6.3 Authorization server: rulemanager.security.authServerUrl=https://localhost:8091/AuthorizationServer

  • rulemanager.security.requireHttps

  • This property is used by RuleManagerApp for COMPASS 6.3 Authorization server / Keycloak Authorization server. It is used to define the https for the Authorization server. If set to true, Authorization server URL needs to use https. Example:

  • rulemanager.security.requireHttps=true

  • rulemanager.security.sessionCheckInterval

  • This property is used by RuleManagerApp for COMPASS 6.3 Authorization server / Keycloak Authorization server. Tokens will be checked in the defined regular interval if they are valid. Example:

  • rulemanager.security.sessionCheckInterval=15000

  • rulemanager.security.roleBasedResourceAccessEnabled

  • This property is used to secure the REST API based on the user role. If active, only users with role RULES can access all the REST API from RuleManagerService. If users without the role RULES try to access the REST API, HTTP error 403 forbidden will be thrown. If not active, then all the users independent of roles can access the REST API. Example:

  • rulemanager.security.roleBasedResourceAccessEnabled=true

Properties to be updated

Old Properties New Properties

compass.language=en

rulemanager.language=en

compass.country=DE

rulemanager.country=DE

compass.subLocale.languages=nl

rulemanager.subLocale.languages=nl

compass.subLocale.countries=BE

rulemanager.subLocale.countries=BE

compass.database.global.url=jdbc:mariadb://localhost:3306/rm60

rulemanager.database.global.url=jdbc:mariadb://localhost:3306/rm60

compass.database.global.driver=org.mariadb.jdbc.Driver

rulemanager.database.global.driver=org.mariadb.jdbc.Driver

compass.database.global.user=username

rulemanager.database.global.user=username

compass.database.global.password=xxxxx

rulemanager.database.global.password=xxxxx

compass.login.check.enabled=true

rulemanager.login.check.enabled=true

compass.security.cors.enabled=true

rulemanager.security.cors.enabled=true

compass.security.cors.crossOrigin.urls=http://localhost:8080/RuleManagerService

rulemanager.security.cors.crossOrigin.urls=http://localhost:8080/RuleManagerService

compass.security.clientId=rm-client

rulemanager.security.clientId=rulemanager-client

spring.security.oauth2.resourceserver.jwt.issuer-uri=http://10.130.130.115:8085/realms/RuleManager

spring.security.oauth2.resourceserver.jwt.issuer-uri=${rulemanager.security.authServerUrl}

compass.database.knowledge.url=jdbc:mariadb://localhost:3306/rm60

rulemanager.database.knowledge.url=jdbc:mariadb://localhost:3306/rm60

compass.database.knowledge.user=username

rulemanager.database.knowledge.user=username

compass.database.knowledge.password=xxxxx

rulemanager.database.knowledge.password=xxxxx

compass.database.knowledge.driver=org.mariadb.jdbc.Driver

rulemanager.database.knowledge.driver=org.mariadb.jdbc.Driver

compass.database.knowledge.reconnect=false

rulemanager.database.knowledge.reconnect=false

compass.database.knowledge.real=java.lang.Double

rulemanager.database.knowledge.real=java.lang.Double

compass.database.knowledge.viewname.Author=c40_author

rulemanager.database.knowledge.viewname.Author=c40_author

compass.database.knowledge.viewname.BoolOrInt=c40_boolorint

rulemanager.database.knowledge.viewname.BoolOrInt=c40_boolorint

compass.database.knowledge.viewname.Double=c40_double

rulemanager.database.knowledge.viewname.Double=c40_double

compass.database.knowledge.viewname.Group=c40_groupid

rulemanager.database.knowledge.viewname.Group=c40_groupid

compass.database.knowledge.viewname.Index=c40_index

rulemanager.database.knowledge.viewname.Index=c40_index

compass.database.knowledge.viewname.Keys=c40_keys

rulemanager.database.knowledge.viewname.Keys=c40_keys

compass.database.knowledge.viewname.Name=c40_name

rulemanager.database.knowledge.viewname.Name=c40_name

compass.database.knowledge.viewname.PersObj=c40_persobj

rulemanager.database.knowledge.viewname.PersObj=c40_persobj

compass.database.knowledge.viewname.Relation=c40_relation

rulemanager.database.knowledge.viewname.Relation=c40_relation

compass.database.knowledge.viewname.Search=c40_search

rulemanager.database.knowledge.viewname.Search=c40_search

compass.database.knowledge.viewname.String=c40_string

rulemanager.database.knowledge.viewname.String=c40_string

2.2 Update CompassService configuration (CompassService.properties / CompassService.yaml)

Properties to be deleted

  • compass.security.oauthServerUrl

  • compass.security.resource_id

  • compass.security.clientSecret

  • compass.security.tokenValidationTimeout

Properties to be added

  • compass.security.authServerUrl

  • define the COMPASS 6.3 Authorization server URL / Keycloak Authorization server URL Example:

  • For Keycloak: compass.security.authServerUrl=https://localhost:8085/realms/Compass

  • For COMPASS 6.3 Authorization server: compass.security.authServerUrl=https://localhost:8091/AuthorizationServer

  • compass.security.requireHttps

  • This property is used by CaseViewerApp for COMPASS 6.3 Authorization server / Keycloak Authorization server. It is used to define the https for the Authorization server. If set to true, Authorization server URL needs to use https. Example:

  • compass.security.requireHttps=true

  • compass.security.sessionCheckInterval

  • This property is used by CaseViewerApp for COMPASS 6.3 Authorization server / Keycloak Authorization server. Tokens will be checked in the defined regular interval if they are valid. Example:

  • compass.security.sessionCheckInterval=15000

  • compass.security.roleBasedResourceAccessEnabled

  • This property is used to secure the REST API based on the user role. If active, only users with role CASES can access all the REST API from CompassService. If users without the role CASES try to access the REST API, HTTP error 403 forbidden will be thrown. If not active, then all the users independent of roles can access the REST API. Example:

  • compass.security.roleBasedResourceAccessEnabled=true

Properties to be updated

Old Properties

New Properties

compass.security.clientId=case-viewer

compass.security.clientId=caseviewer-client

spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8085/realms/CaseViewer

spring.security.oauth2.resourceserver.jwt.issuer-uri=${compass.security.authServerUrl}

Cloud properties to be updated (Optional - only when more languages are needed)

In case there is no compass home directory defined, the information from the compass.properties need to be/can be added to the service property/yaml file. For the sublanguages and countries, they need to be added like this:
  • compass.country.subLocale.languages=nl;nl;en

  • compass.country.subLocale.countries=;BE;

2.3 Update RuleManagerApp configuration (appConfig.json)

Properties to be deleted

"CompassAuthorizationBase": "/CompassAuthorization/"

"KeycloakAuthorization": {
    "baseHref": "/RuleManagerApp/",
    "silentTokenRefreshEnabled": false,
    "moduleConfig": {
    "clientId": "rulemanager-client",
    "requireHttps": false,
    "issuer": "http://localhost:8080/realms/RuleManager",
    "sessionCheckIntervall": 15000,
    "showDebugInformation": false
}

Properties to be added

"baseHref": "/RuleManagerApp/"
  • RuleManagerApp context path

2.4 Update CaseViewerApp configuration (appConfig.json)

Properties to be deleted

"silentTokenRefreshEnabled": false,

"keycloakModuleConfig": {
    "clientId": "caseviewer-client",
    "requireHttps": false,
    "issuer": "http://localhost:8080/realms/CaseViewer",
    "sessionCheckIntervall": 15000,
    "showDebugInformation": false
}

Properties to be added

"idleTimeout": {
    "showDialogAfterMs": 600000,
    "timerMs": 300000
}
  • showDialogAfterMS - defines the Idle timeout duration (in millisecond) after which Session about to end dialog will appear.

  • timerMS - the time duration (in millisecond), the session about to end dialog is displayed after which the user is automatically logged out if no action is taken. This time is visibly counted down in the dialog.

2.5 Update Authorization Server

Please follow the below 3 steps in order to migrate from COMPASS Authorization Server (version 6.2 or older) to COMPASS 6.3 Authorization Server

2.5.1 Update Artifact (WAR file)

  • Delete the old CompassAuthorization.war file.

  • Use the new AuthorizationServer.war file.

2.5.2 Check Database version to run COMPASS 6.3 Authorization Server

  • Please check the minimum Database version required to run the COMPASS 6.3 Authorization Server from this site

2.5.3 Update Properties (CompassAuthorization.properties / CompassAuthorization.yaml)

Properties to be deleted
  • spring.datasource.driverClassName

  • spring.datasource.jdbcUrl

  • spring.jpa.database-platform

  • ldap.enabled

  • security.tokenEndpoint.retryEnabled

  • security.tokenEndpoint.numberOfRetries

  • security.tokenEndpoint.retryWaitingTime

  • security.connectionPoolEnabled

Properties to be added
  • locale

  • Define the language for the login screen. If set to de, then the login screen will be in German language. If set to en, then the login screen will be in English language Example:

  • For German language: locale=de

  • spring.profiles.active

  • Authorization PROFILE. There are totally 2 profiles available - "database-auth", "ldap-auth". To authorize with Database connectivity, configure database-auth. To authorize with LDAP Connectivity, configure ldap-auth Example:

  • For Database Authorization: spring.profiles.active=database-auth

  • spring.jpa.hibernate.ddl-auto=validate

  • To validate the database schema

Properties to be updated

Old Properties

New Properties

server.servlet.contextPath=/CompassAuthorization

server.servlet.contextPath=/AuthorizationServer

Note: Only if the connection pool is configured, the following properties need to be updated in addition to the above update.

Old Properties

New Properties

spring.datasource.minimumIdle

spring.datasource.hikari.minimumIdle

spring.datasource.maximumPoolSize

spring.datasource.hikari.maximumPoolSize

spring.datasource.idleTimeout

spring.datasource.hikari.idleTimeout

spring.datasource.poolName

spring.datasource.hikari.poolName

spring.datasource.maxLifetime

spring.datasource.hikari.maxLifetime

spring.datasource.connectionTimeout

spring.datasource.hikari.connectionTimeout

spring.datasource.type=

spring.datasource.hikari.type

2.5.4 SQL migration script

There are updates in the Database and therefore it needs to be migrated. SQL migration script for Authorization server can be found here

3. Update the artifacts and start the application

Replace the old artifacts (WAR files) with the COMPASS 6.3 artifacts and start the application