With the release of Identity Manager 4.6, we have designed a Simplified Identity Applications Upgrade Program Utility to upgrade Identity Applications and supported components from Identity Applications version 4.5.x/4.5.5 to our new Identity Applications 4.6. This article will walk through how to upgrade in a simplified way.
Consider the Use Case below that we are going to solve with the Identity Application Upgrade Program.
We have installed Identity Manager 4.5.5 and server component versions:
Stage I: Before invoking Identity Manager 4.6 ‘RBPM_Upgrade.bin/exe‘ we need to consider following:
Stage II: Running Identity Applications Upgrade Program/RBPM_Upgrade Utility:
Get the RBPM_Upgrade.bin/executable from ‘Identity_Manager_4.6_<platform>.iso’:/products/RBPM directory or from ‘Identity_Manager_4.6_<platform>_IdentityApplications.iso’:/RBPM directory.
[Ensure running RBPM_Upgrade.bin/exe from products/RBPM or RBPM directory where “OSP, SSPR and user_app_install” directories are present as internally the Identity Applications upgrade program uses those individual installers for the upgrade process]
Once you run ‘RBPM_Upgrade.bin’ there will be five phases:
Screens available with the Identity Applications Upgrade Program:
Snap 1: Introduction Screen [guides you through the upgrade of following components]
Identity Applications – 4.6 (including new idmdash, IDMProv, rra, dash, landing); side-note: dash and landing will be deprecated sooner.
Tomcat – 8.5.9
ActiveMQ – 5.14
Java – 1.8.0_112
One SSO Provider – 6.1.3
Self Service Password Reset – 4.1. 0.0
Snap 2: Discovered Applications/Detected Applications; Read out warning message alerted, if non-Identity Applications deployed on same server
Snap 3: Detected Path/Browse and Select existing installation directories for OSP, SSPR and UserApplications.
Snap 4: Database Connection Details and Update Database schema on valid parameters provided.
Upgrade the database schema on already upgraded PostgreSQL database platform (as per pre-req/stage -I)
Snap 5: Pre-Upgrade Summary screen: if Required Disk space is less than 3 GB (the upgrade program prompts and aborts the flow, plan to have more space in the installation directory and /tmp directory or redirecting to /non_tmp as mentioned in Pre-req stage-I)
Snap 6: Upgrade completed wizard and URL to new Identity Applications dashboard #http://<ipaddress_or_dnsname>:<port>/idmdash
Review the upgrade logs and necessary files from /tmp/rbpm_upgrade/Logs directory.
Stage III: Post-Upgrade Tasks
After the upgrade, we need to perform post-upgrade tasks before starting tomcat service.
<Connector port="8543" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="path_to_keystore_file" keystorePass="keystore_password" />
<Connector port="8543" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="path_to_keystore_file" keystorePass="keystore_password" />
One SSO Platform:
Self Service Password Reset:
To update the SSPR configuration details, perform the following steps:
Select Settings > Auditing > Audit Forwarding > Syslog Audit Server Certificates. Import these certificates from the sever and click Save.
In the top-right corner for the page, click Configuration Manager from the drop-down menu. Click LocalDB.
Click Import (Upload) LocalDB Archive File.
Configure administrator permissions for SSPR, as per Post-Installation Tasks of the SSPR documentation section.
NOTE: If you are upgrading from SSPR 4.0 to SSPR 4.1, the customized location of SSPR configurations is changed to the default location of SSPR 4.1. You can find additional information about the configuration locations in the setenv.sh file. However, this change does not affect the behavior of the components.
Identity Applications: If we have non default IDMProv(non_IDMProv), change the name back to original name(non_IDMProv) using the configupdate utility as per the documentation at https://www.netiq.com/documentation/identity-manager-46/setup/data/t428q5h2aqb4.html#t42fi6a6idy5
To verify that the upgrade is successful, launch the upgraded Identity Applications/new Graphical User Interface webcontext http://<ipaddress_or_dnsname>:<port>/idmdash
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.