16.0 Upgrading Administration Console

IMPORTANT:If the base operating system is RHEL 7.8, you must first upgrade to Access Manager 5.0, and then upgrade to RHEL 7.9.

Access Manager by default supports Tomcat 9.0.41 and OpenSSL 1.0.2x. Due to this, Identity Server and Access Gateway disable requests from clients that are on versions lower than TLS1. However, Access Gateway can continue communication with web servers that are on versions lower than TLS1.

If Identity Server is installed on the same machine as Administration Console, Identity Server is automatically upgraded with Administration Console. If you are upgrading this configuration and you have custom JSP pages, backup these files or allow the upgrade program to back them up for you.

NOTE:To prevent security vulnerability, Access Manager uses the jQuery version that is higher than the version used in the earlier release of Access Manager. The higher version of jQuery is not compatible with the Skype for Business 2016 application. Hence, after the upgrade, you cannot log in to Skype for Business 2016 using the Identity Server login page.

If you want to continue using an old version of jQuery, which is less secure, see Single Sign-on Fails in Skype for Business 2016 in the NetIQ Access Manager 5.0 Administration Guide.

Perform the following steps to upgrade Administration Console:

  1. Back up any customized JSP pages and related files.

    Even though the upgrade program backs up the JSP directory and its related files in the /root/nambkup folder, it is a good practice to backup these files.

    /var/opt/novell/tomcat/webapps/nidp/jsp

  2. Open a terminal window and log in as the root user.

  3. Download the upgrade file from Micro Focus Downloads and extract the tar.gz file using the tar -xzvf <filename> command.

    NOTE:For information about the name of the upgrade file, see the specific Release Notes on the Access Manager Documentation website.

  4. Change to the directory where you unpacked the file using the./upgrade.sh command.

  5. A confirmation message is displayed with the list of installed components. For example, if Administration Console and Identity Server are installed on the same machine, the following message is displayed:

    The following components were installed on this machine 
1. Access Manager Administration Console 
2. Identity Server 
Do you want to upgrade the above components (y/n)?

  6. Type Y and press Enter.

    The system displays a warning message because the latest version of Access Manager uses stronger TLS protocols, ciphers, and other security settings.

    If you are using a BTRFS filesystem, the system displays a warning message that the BTRFS filesystem might cause performance issues with the eDirectory database. It is recommended to change the filesystem from BTRFS to any other available filesystem.

    For information about moving the existing database from BTRFS filesystem to any other available filesystem, see TID 7022755.

  7. Type Y to continue with the upgrade, then press Enter.

    If you do not want to include the security configurations, then type n. This stops the upgrade.

  8. Enter the Access Manager Administration Console user ID. For example, admin

  9. Enter the Access Manager Administration Console password.

  10. Re-enter the password for verification.

  11. The system displays the following confirmation message:

    Do you want to back up the configuration before the upgrade (y/n)?

  12. Type Y and press Enter.

  13. The system displays the following message when the upgrade is complete:

    Upgrade completed successfully.

    NOTE:If the configuration backup fails, the system displays the following message:

    The configuration backup failed. Do you want to continue the upgrade without a backup (y/n)?

    You can complete the upgrade by typing Y. However, the configuration will not have a backup.

  14. (Optional) To view the upgrade files:

    • To view the upgrade log files, see the files in the /tmp/novell_access_manager directory.

    • If you selected to back up your configuration and used the default directory, see the zip file in the /root/nambkup directory. The log file for this backup is located in the /var/log directory.

    • If Identity Server is installed on the same machine, the JSP directory was backed up to the /root/nambkup directory. The file is prefixed with nidp_jps and contains the date and time of the backup.

NOTE:If you have customized the Java settings in the /opt/novell/nam/idp/conf/tomcat.conf file, then after the upgrade, you must copy the customized setting to the new file using Advanced File Configurator. See Modifying Configurations in the NetIQ Access Manager 5.0 Administration Guide.

NOTE:Post-Upgrade: To avoid any mismatch of customizations seen on Advanced File Configurator user interface and the file present in the VM server, it is recommended to click the Send Configurations to Servers icon () operation for all non-temporary files and folders in Administration Console from the Advanced File Configurator user interface. This action must be performed even if file status is displayed as Configuration sent successfully on the Advanced File Configurator user interface post-upgrade.

If you encounter an error, see Troubleshooting Administration Console Upgrade.