If you are upgrading from OpenSSO Enterprise 8.0 to an OpenSSO 8.0 Update 1 patch release and OpenSSO Enterprise 8.0 has been configured as a site with a load balancer, the updateschema.sh script fails while executing the ssoadm utility.
Workaround. Before you run the updateschema.sh or updateschema.bat script:
Install the ssoadm utility from the OpenSSO Enterprise Update 1 patch release.
After you install the ssoadm utility, edit the ssoadm or ssoadm.bat utility by adding the following property to the java command:
where loadbalancer is the load balancer for the OpenSSO Enterprise site, and sso1 is the OpenSSO Enterprise server where ssoadm or ssoadm.bat is installed.
After configuring OpenSSO Enterprise against an existing schema (DIT) , you cannot log in to the console, because the encryption key entered during the configuration (the one from the old Access Manager or Federation Manager instance) is not used. Instead, a new incorrect encryption key is generated, which creates an incorrect serverconfig.xml file.
Change to OpenSSO Enterprise config directory.
Change the encryption key in the AMConfig.properties file with the correct value.
Copy the backup copy of serverconfig.xml from the previous Access Manager or Federation Manager instance.
Restart OpenSSO Enterprise server.
If OpenSSO is configured with an Access Manager 7.1 Directory Server schema (DIT) in coexistence mode and a non-admin user logs in to the OpenSSO Console, the user is taken to an invalid URL. For example:
Workaround. Edit the URL as follows:
If OpenSSO is configured with an Access Manager 7.1 Directory Server schema (DIT) in coexistence mode, an attempt to log in as amadmin to the Console using LDAP authentication fails.
Workaround. To log in as amadmin to the OpenSSO Console in coexistence mode, add the module=DataStore query parameter. For example:
The OpenSSO Enterprise Distributed Authentication UI server component works only with OpenSSO Enterprise. The following scenarios are not supported:
Distributed Authentication UI server 7.0 or 7.1 with a OpenSSO Enterprise server
OpenSSO Enterprise Distributed Authentication UI server with an Access Manager 7.0 or 7.1 server
If you are upgrading from a previous release of Access Manager or Federation Manager to OpenSSO Enterprise 8.0, ID-FF profiles do not work unless you also upgrade the Access Manager or Federation Manager schema.
Workaround. Before you try the ID-FF profiles, upgrade the Access Manager or Federation Manager schema. For more information about upgrading the schema, see the Sun OpenSSO Enterprise 8.0 Upgrade Guide.