Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Sun Java System Application Server 8.1/8.2/9.0/9.1 and GlassFish

Migrating a Version 2.2 Policy Agent

The version 3.0 agentadmin program includes the new --migrate option to migrate a version 2.2 agent to version 3.0. After you migrate a version 2.2 agent, the agent can use the new version 3.0 agent features.

The migration process migrates the agent's binary files, updates the agent's deployment container configuration, and converts the agent's AMAgent.properties file to the new version 3.0 OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties files.

Migrating a version 2.2 agent involves these general steps:

On the server where the version 2.2 agent is installed, run the version 3.0 agentadmin program with the --migrate option.

To get the version 3.0 agentadmin program, you must download the version 3.0 agent that corresponds to the version 2.2 agent you are migrating. For example, if you are migrating the version 2.2 Application Server 8.2/9.0/9.1 agent, download the version 3.0 Application Server and GlassFish agent.
On the OpenSSO Enterprise server, run the ssoadm utility to create the new version 3.0 agent configuration in the centralized agent configuration repository.

Therefore, the ssoadm utility must be installed from the ssoAdminTools.zip file on the OpenSSO Enterprise server. For information, see “Installing the OpenSSO Enterprise Utilities and Scripts” in the Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide.

The agentadmin program creates a new deployment directory for the migrated agent, starting with Agent_001. The program does not modify the version 2.2 agent deployment directory files, in case you need these files after you migrate.

The following procedure, the migrated version 3.0 agent instance uses a new agent profile name, which is AS9v3Agent in the examples. The old version 2.2 and new version 3.0 agent profile passwords are the same. If you need to change the password for the new version 3.0 agent profile, see Changing the Password for an Agent Profile.

To Migrate a Version 2.2 Agent:

Login to the server where the version 2.2 agent is installed.

To migrate the agent, you must have write permission to the version 2.2 agent's deployment container files and directories.

Stop the Application Server instance for the version 2.2 agent.

Create a directory to download and unzip the version 3.0 agent. For example: v30agent

Download and unzip the version 3.0 agent that corresponds to the version 2.2 agent you are migrating.

The version 3.0 agents are available from the sites listed in Downloading and Unzipping the appserver_v9_agent.zip Distribution File.

Change to the version 3.0 agent's /bin directory.

For example, if you downloaded and unzipped the version 3.0 Application Server and GlassFish agent in the v30agent directory:

cd /v30agent/j2ee_agents/appserver_v9_agent/bin

On Solaris and Linux systems, set the permissions for the agentadmin program as follows, if needed:

# chmod 755 agentadmin

Run the version 3.0 agentadmin program with the --migrate option. For example:

./agentadmin --migrate

When the agentadmin program prompts you, enter the path to the version 2.2 agent's deployment directory. For example:
```
...
Enter the migrated agent's deployment directory:
/opt/j2ee_agents/appserver_v9_agent
...
```
In this example, /opt is the directory where you downloaded and upzipped the version 2.2 agent.

The agentadmin program migrates the version 2.2 agent.

After the agentadmin program finishes, set the following properties:
1. In Agent_nnn/config/OpenSSOAgentBootstrap.properties, change:
  
  com.sun.identity.agents.config.username = new-v3.0-agent-profile-name
  
  For example:
  
  com.sun.identity.agents.config.username = AS9v3Agent

Copy the Agent_nnn/config/OpenSSOAgentConfiguration.properties file to the /bin directory where ssoadm is installed on the OpenSSO Enterprise server.

In OpenSSOAgentConfiguration.properties, add the un-encrypted version 2.2 agent profile password at the end of the file, as follows:

userpassword=v2.2–agent-profile-password

On OpenSSO Enterprise server, create a password file for the OpenSSO Enterprise administrator (amadmin).

This password file is an ASCII text file with only one line specifying the amadmin password in plain text. For example: /tmp/amadminpw

On OpenSSO Enterprise server, run ssoadm to create a new agent configuration in the OpenSSO Enterprise centralized agent configuration repository. For example:
```
cd tools_zip_root/opensso/bin
./ssoadm create-agent -e / -b AS9v3Agent -t J2EEAgent -u amadmin 
-f /tmp/amadminpw -D ./OpenSSOAgentConfiguration.properties
```
In this example:
- tools_zip_root is the directory where you unzipped ssoAdminTools.zip.
- -e / specifies the specifies the root realm for the agent configuration.
- -b AS9v3Agent specifies the version 3.0 agent configuration name.
- -t J2EEAgent specifies the agent type for J2EE agents.
- -u amadmin species the OpenSSO Enterprise administrator
- -f /tmp/amadminpw specifies the path to the administrator password file.
- -D ./OpenSSOAgentConfiguration.properties specifies the agent configuration file
Caution: After you run ssoadm, you might want to delete OpenSSOAgentConfiguration.properties from the /bin directory. This file contains sensitive information, including as the agent profile password, and the original file is maintained on the server where the agent is installed.

Restart the Application Server and GlassFish instance for the migrated agent.

Next Steps

After you migrate the agent, you can manage the new 3.0 agent configuration using the OpenSSO Enterprise Administration Console or the ssoadm utility, as described in Managing the Application Server and GlassFish Agent.