9.5 Upgrading the Identity Server

9.5.1 Upgrading the Linux Identity Server

IMPORTANT:Make sure to complete the following before you begin:

  • If you are upgrading the Access Manager components on multiple machines, ensure that the time and date are synchronized on all machines.

  • Make sure that the Access Manager Administration Console is running. However, you must not perform any configuration tasks in the Administration Console during an Identity Server upgrade.

Use the following procedure to upgrade the stand-alone Identity Server or the Identity Server installed along with the SSL VPN server. If you have installed both the Identity Server and the Administration Console on the same machine, see Section 9.4.1, Upgrading the Linux Administration Console

  1. Back up any customized JSP pages and related files. The upgrade process replaces all JSP pages in the /opt/novell/nids/lib/webapp/jsp directory.

    Even though the upgrade program backs up the JSP directory and its related files, it is a good practice to backup these files.

  2. Open a terminal window.

  3. Log in as the root user.

  4. (Conditional) If you have installed the SSL VPN server with the Identity Server and you have customized the SSL VPN user interface, make a backup of the customized sslvpnclient.jsp file, then save it as /var/opt/novell/tomcat5/webapps/sslvpnsslvpnclient. jsp.rpmsave file.

    If a file with that name already exists, then either delete the existing file or move it to another location before saving the current .jsp file. See Customizing the SSL VPN User Interface in the Novell Access Manager 3.1 SP3 SSL VPN Server Guide.

  5. Back up any customized Tomcat files.

    If you have customized the tomcat5.conf file or the server.xml file, back up these files before upgrading. These files are overwritten during the upgrade process.

  6. Download the upgrade file from Novell and extract the file.

    One of the extracted files contains the Administration Console, the Identity Server, and SSL VPN. For the actual filename, see the Readme.

  7. After downloading the upgrade, unpack the tar.gz file using the following command:

    tar -xzvf <filename>

    For this installation, you need to unpack the Identity Server .tar.gz file.

  8. Open the unpacked Identity Server file, and enter the following at the terminal window:

    ./install.sh
    
  9. When you are prompted to install a product, type 2 to select Install Novell Identity Server, then press the Enter key.

    The system detects whether an Identity Server is installed, and prompts you whether to upgrade.

  10. If you have backed up your custom JSP pages or you haven’t created any, answer Y to prompt to continue the upgrade. Otherwise, answer N and back up the custom JSP pages before upgrading.

  11. (Conditional) If you have customized login pages, decide whether you want your customized pages restored automatically. Be aware of the following problems with the automatic restore:

    • Your customized files might not compile without modifications. For example, customized 3.0 login pages cannot compile and run on SP2 without some major modifications.

    • Any new features introduced in JSP files that have the same name as your files are lost when your file overwrites the installed file.

    You might want to wait until after the upgrade, then compare your customized file with the newly installed file. You can then decide whether you need to modify your file before restoring it.

  12. Review and accept the License Agreement.

  13. Press Enter to accept the current Administration Console IP address.

  14. Specify the name of the administrator for the Administration Console.

  15. Specify the administration password.

  16. Confirm the password, then wait as the system installs the components.

    This completes the Novell Identity Server upgrade. The install logs are located in the /tmp/novell_access_manager/ directory. These logs are all dated and time-stamped.

  17. (Conditional) Copy any custom login pages to the jsp directory.

    /opt/novell/nids/lib/webapp/jsp

9.5.2 Upgrading the Windows Identity Server

If you have installed only the Identity Server on the machine, use the following procedure to upgrade the Identity Server. If you have installed both the Identity Server and the Administration Console on the same machine, see Section 9.4.2, Upgrading the Windows Administration Console.

  1. (Conditional) Back up any customized JSP pages and related files in the C:\Program Files\Novell\Tomcat\webapps\nidp\jsp directory.

    Even though the upgrade program backs up the JSP directory and its related files, we recommend that you have your own backup of these files.

  2. (Conditional) If you have modified the main.jsp page in 3.1, rename the backed-up version of this file to nidp.jsp.

  3. Back up any customized Tomcat files.

    If you have customized the tomcat5.conf file or the server.xml file, back up these files before upgrading. These files are overwritten during the upgrade process.

  4. Download the upgrade file from Novell.

    For the filename, see the Readme.

  5. Run the executable.

    This is the installation program. When it detects an installed version of the Identity Server, it automatically prompts you to upgrade.

  6. On the Introduction page, click Next.

  7. Accept the License Agreement.

  8. At the upgrade prompt, click Continue.

  9. Specify the following information for the Administration Console:

    Administration user ID: Specify the name of the administration user for the Administration Console.

    Password and Re-enter Password: Specify the password and re-enter the password for the administration user account.

    Server IP Address: Specify the IP address of the Administration Console.

  10. (Conditional) If you have customized login pages, decide whether you want your customized pages restored automatically. Be aware of the following problems with the automatic restore:

    • Your customized files might not compile without modifications. For example, customized 3.0 login pages cannot compile and run on SP3 without some major modifications.

    • Any new features introduced in JSP files that have the same name as your files are lost when your file overwrites the installed file.

    You might want to wait until after the upgrade, then compare your customized file with the newly installed file. You can then decide whether you need to modify your file before restoring it.

  11. Review the summary, then click Install.

  12. (Optional) View the upgrade log file found in the following location:

    Windows Server 2003: \Program Files\Novell\log\AccessManagerServer_ InstallLog.log

    Windows Server 2008: \Program Files (x86)\Novell\log\AccessManagerServer_ InstallLog.log

  13. (Conditional) Copy any custom login pages to the C:\Program Files\Novell\Tomcat\webapps\nidp\jsp directory.

9.5.3 Access Failure Issues with the Intersite Transfer Service

If the Novell Access Manager is federated with other service providers or if the users are redirected to Access Gateway protected resources from the Identity Server using the target_url, you may see errors regardless of successful authentication. The ConfigUpgrade script enables ‘Allow any target’for the ‘Intersite Transfer Service’configuration service for all the service providers. For instructions to run the ConfigUpgrade script, see Section 9.6.6, Session Stickiness Upgrade Issue in 3.1 SP3.