test

Sun OpenSSO Enterprise 8.0 Upgrade Guide

ProcedureTo Modify ssoUpgradeConfig.properties and AMConfig.properties.bak

Before You Begin

This procedure assumes you are still logged in to the host machine as super user.

  1. Rename the previous version's configuration files (AMConfig.properties and serverconfig.xml) using the .bak extension.


    # cp AMConfig.properties AMConfig.properties.bak
# cp serverconfig.xml serverconfig.xml.bak

  2. Move the renamed configuration files (AMConfig.properties.bak and serverconfig.xml.bak) to the /zip-root/opensso/upgrade/config directory.


    # mv AMConfig.properties.bak /zip-root/opensso/upgrade/config/
# mv serverconfig.xml.bak /zip-root/opensso/upgrade/config/

  3. Change to the /zip-root/opensso/upgrade/config/ directory.

  4. Open ssoUpgradeConfig.properties in a text editor and set the following properties.

    • XML_ENCODING: For example: XML_ENCODING=UTF-8

    • BASEDIR: The directory in which the OpenSSO Enterprise 8.0 ZIP is exploded. For example: BASEDIR=/zip-root/opensso

    • ORG_NAMING_ATTR: Organization naming attribute. Default is o. For example: ORG_NAMING_ATTR=o

    • USER_NAMING_ATTR: User naming attribute. Default is uid. For example: USER_NAMING_ATTR=uid

    • DEPLOY_URI: OpenSSO Enterprise deployment URI. For example: DEPLOY_URI=amserver

    • PAM_SERVICE_NAME:

      • Solaris systems: PAM_SERVICE_NAME=other

      • Linux systems: PAM_SERVICE_NAME=password

      Note –

      PAM is the Pluggable Authentication Module for Unix. The defined name is based on the operating system flavor.

    • DB_NAME: OpenSSO Enterprise back-end database. Default name: userRoot

    • INSTANCE_TYPE: Set to the instance type you are upgrading:

      • Access Manager: INSTANCE_TYPE=AM

      • Federation Manager: INSTANCE_TYPE=FM

    • LDAP_USER_PASS: amldapuser password

    • ORG_OBJECT_CLASS=sunismanagedorganization is the default.

    • USER_OBJECT_CLASS=inetorgperson is the default.

  5. Save ssoUpgradeConfig.properties.

  6. Open AMConfig.properties.bak in a text editor and make the following modifications.

    Earlier versions of OpenSSO Enterprise supported, by default, Java Security Services (JSS) encryption. Now, by default, OpenSSO Enterprise supports Java Cryptography Extension (JCE) encryption.

    1. Change the value of com.iplanet.security.SecureRandomFactoryImpl from com.iplanet.am.util.JSSSecureRandomFactoryImpl to com.iplanet.am.util.SecureRandomFactoryImpl.

    2. Change the value of com.iplanet.security.SSLSocketFactoryImpl from com.iplanet.services.ldap.JSSSocketFactory to netscape.ldap.factory.JSSESocketFactory.

    3. Change the value of com.iplanet.security.encryptor from com.iplanet.services.util.JSSEncryption to com.iplanet.services.util.JCEEncryption.

    Caution – Caution –

    If you use a web container not developed and branded by Sun Microsystems (something other than Glassfish, Web Server and Application Server), it is recommended to make this change.

  7. Save AMConfig.properties.bak.