The following sections contain post-migration tasks for some specific deployment issues.
OpenSSO Enterprise 8.0 does not support role management or password management when using the Generic LDAPv3 data store plugin. If the instance you are upgrading is configured to use this plugin, follow the instructions in Chapter 15, Enabling the Access Manager SDK (AMSDK) Identity Repository Plug-in, in Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide to enable the AMSDK Identity Repository plugin. Alternately, you can add a new Sun DS data store using the OpenSSO Enterprise schema, point to the same LDAPv3 directory server, and remove the LDAPv3 data store plugin when this has been finished.
The Policy Agent 2.2 for Apache encodes the appssotoken cookies, but OpenSSO Enterprise 8.0 does not decode them properly. To decode properly, enable cookie encoding on the server side using the following procedure.
Log in to the OpenSSO Enterprise console as administrator; by default, amadmin.
Click the Configuration tab.
Under Servers and Sites, click Default Server Settings.
Click the Security tab.
Under Cookie, enable Encode Cookie Value.
Be sure to enable this attribute on each individual server either individually or through inheritance.
Click Save.
Log out of the OpenSSO Enterprise console.
With the release of OpenSSO Enterprise 8.0, policy evaluation for URL pattern matching of rules with query parameters no longer match the generic asterisk (*); you must explicitly allow query parameters for the URL policies. For those URLs which include query parameters, the policy definition must include the following rules.
http*://host:port/appcontext/*
http*://host:port/appcontext/*?*
This modification can be done before the upgrade as Access Manager 7.x will evaluate these additional rules without issue.
On Windows, you must the uninstall the Access Manager packages manually. For information, see the Sun Java Enterprise System 5 Installation Guide for Microsoft Windows.
You can manually remove the Federation Manager 7.0 staging directory.