Download backup files from the /root/nambkup/idp <time stamp of upgrade> folder.
For information about how to download backup files, see Downloading Files from a Server
in the NetIQ Access Manager 5.0 Administration Guide.
Open the backup server.xml file from the backup folder, search for the sslProtocol attribute, and copy the value.
Open Identity Server’s new server.xml file and search for the sslProtocol attribute.
For information about how to open and modify a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.
You will see the following value:
sslProtocol="TLSv1.2" sslEnabledProtocols="SSLv2Hello,TLSv1.1,TLSv1.2"
Replace this attribute value with the value that you copied in step 2.
Download backup files from the /root/nambkup/idp <time stamp of upgrade> folder.
For information about how to download backup files, see Downloading Files from a Server
in the NetIQ Access Manager 5.0 Administration Guide.
Open the backup server.xml from the backup folder, search for the cipher attribute in NIDP_Name="connector" inside the <Connectors> element, and copy the list of ciphers.
Open Identity Server’s new server.xml and search for the cipher attribute in NIDP_Name="connector" in the <Connector> element.
For information about how to open and modify a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.
Replace this list of ciphers with the list copied in step 2.
Download backup files from the /root/nambkup/idp <time stamp of upgrade> folder.
For information about how to download backup files, see Downloading Files from a Server
in the NetIQ Access Manager 5.0 Administration Guide.
Open the backed up server.xml from the backup folder, search for the cipher attribute in NIDP_Name="connector" inside the <Connectors> element, and copy the list of ciphers.
Open Identity Server’s new server.xml file. Search for the cipher attribute in NIDP_Name="connector" in the <Connectors> element.
For information about how to open and modify a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.
Replace the list of ciphers with the value you copied in step 2.
Open Identity Server’s tomcat.conf.
Remove the following line:
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048"For information about how to open and modify a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.
Open Identity Server’s web.xml file and comment out the httpHeaderSecurity filter definition.
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
</filter>Comment out the hstsMaxAgeSeconds parameter:
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>Comment out the filter mapping.
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>For information about how to open and modify a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.
Open Identity Server’s web.xml file.
Comment out the following Tomcat filter configuration:
<filter>
<filter-name>TomcatSameOriginFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>TomcatSameOriginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>For information about how to open and modify a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.