Post-Upgrade Tasks

The following sections contain post-migration tasks for some specific deployment issues.

• Migrating Roles from the Old LDAPv3 Plugin to the OpenSSO Enterprise Sun DS Plugin

• Configuring OpenSSO Enterprise for the Apache Agent

• Modifying Policy Definitions

• Uninstall Packages on Windows

• Remove Federation Manager Staging Directory

Migrating Roles from the Old LDAPv3 Plugin to the OpenSSO Enterprise Sun DS Plugin

OpenSSO Enterprise 8.0 does not support role management or password management when using the Generic LDAPv3 data store plugin. If the instance you are upgrading is configured to use this plugin, follow the instructions in Chapter 15, Enabling the Access Manager SDK (AMSDK) Identity Repository Plug-in, in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide to enable the AMSDK Identity Repository plugin. Alternately, you can add a new Sun DS data store using the OpenSSO Enterprise schema, point to the same LDAPv3 directory server, and remove the LDAPv3 data store plugin when this has been finished.

Configuring OpenSSO Enterprise for the Apache Agent

The Policy Agent 2.2 for Apache encodes the appssotoken cookies, but OpenSSO Enterprise 8.0 does not decode them properly. To decode properly, enable cookie encoding on the server side using the following procedure.

To Enable Cookie Encoding for the Apache Agent

1. Log in to the OpenSSO Enterprise console as administrator; by default, amadmin.

2. Click the Configuration tab.

3. Under Servers and Sites, click Default Server Settings.

4. Click the Security tab.

5. Under Cookie, enable Encode Cookie Value.

   Be sure to enable this attribute on each individual server either individually or through inheritance.

6. Click Save.

7. Log out of the OpenSSO Enterprise console.

Modifying Policy Definitions

With the release of OpenSSO Enterprise 8.0, policy evaluation for URL pattern matching of rules with query parameters no longer match the generic asterisk (*); you must explicitly allow query parameters for the URL policies. For those URLs which include query parameters, the policy definition must include the following rules.

• http*://host:port/appcontext/*

• http*://host:port/appcontext/*?*

This modification can be done before the upgrade as Access Manager 7.x will evaluate these additional rules without issue.

Uninstall Packages on Windows

On Windows, you must the uninstall the Access Manager packages manually. For information, see the Sun Java Enterprise System 5 Installation Guide for Microsoft Windows.

Remove Federation Manager Staging Directory

You can manually remove the Federation Manager 7.0 staging directory.