If you have downloaded the evaluation version and want to keep your configuration after purchasing the product, you need to upgrade each of your components with the purchased version. The upgrade to the purchased version automatically changes your installation to a licensed version.
After you have purchased the product, log in to the NetIQ Customer Center and follow the link that allows you to download the product. Then follow the instructions in Section 11.2.2, Upgrading Administration Console.
Log in to the NetIQ Downloads page and follow the link that allows you to download the product.
If you have installed only Identity Server on the server, use the following procedure to upgrade Identity Server:
NOTE:To prevent security vulnerability, Access Manager uses the jQuery version that is higher than the version used in the earlier release of Access Manager. The higher version of jQuery is not compatible with the Skype for Business 2016 application. Hence, after the upgrade, you cannot log in to Skype for Business 2016 using the Identity Server login page.
If you want to continue using an old version of jQuery, which is less secure, see Single Sign-on Fails in Skype for Business 2016
in the Access Manager 4.5 Administration Guide.
Manually back up the JSP pages and related files in the C:\Program Files (x86)\Novell\Tomcat\webapps\nidp\jsp directory.
IMPORTANT:We recommend that you have your own backup of the customized files.
If you have customized the tomcat.conf file or the server.xml file at C:\Program Files (x86)\Novell\Tomcat\conf\, back up these files before upgrading. The registries and the file are overwritten during the upgrade process.
Download and run AM_45_AccessManagerService_Win64.exe file from NetIQ.
This file starts the installation program. When the program detects an installed version of Identity Server, it automatically prompts you to upgrade.
On the Introduction page, click Next.
Accept the License Agreement.
At the upgrade prompt, click Continue.
Type Y and press Enter.
The system displays an information message to enable Syslog after the upgrade.
Type Y to continue with the upgrade, then press Enter.
Specify the following information for Administration Console:
Administration user ID: Specify the name of the administration user for Administration Console.
Password and Re-enter Password: Specify and re-enter the password for the administration user account.
If you have customized login pages, decide whether you want your customized pages restored automatically. Be aware that any new feature introduced in the JSP files that have the same name as your files are lost when your file overwrites the installed file with the automatic restore.
You may want to wait until after the upgrade, then compare your customized file with the newly installed file. You can then decide whether you need to modify your file before restoring it.
NOTE:Ensure that you sanitize the restored customized JSP file to prevent XSS attacks. For more information about how to sanitize the JSP file, see Preventing Cross-site Scripting Attacks in the Access Manager 4.5 Administration Guide.
Review the summary, then click Install.
NOTE:If OAuth and OpenID Connect protocol is enabled, then after upgrading all members of Identity Server cluster, you must update the Identity Server cluster to use the JSON Web Token (JWT token). For more information about JWT token, see Understanding How Access Manager Uses OAuth and OpenID Connect in the Access Manager 4.5 Administration Guide.
View the upgrade log file found in the following location:
C:\Program Files\Novell\log\AccessManagerServer_ InstallLog.log
Copy any custom login pages to the C:\Program Files\Novell\Tomcat\webapps\nidp\jsp directory.
Restore any customized files from the backup taken earlier.
To restore the files, copy the content of the following files to the corresponding file in the new location.
server.xml
If you have customized the server.xml file from the backup taken in 4.4.x, ensure that you apply the same to the new server.xml located at C:\Program Files\Novell\Tomcat\conf\ directory.
Also, add the following line to the server.xml file to use the new features on the user portal:
<Connector NIDP_Name="localConnector" URIEncoding="utf-8" acceptCount="100" address="127.0.0.1" connectionTimeout="20000" maxThreads="600" minSpareThreads="5" port="8088" protocol="HTTP/1.1" />
An example below shows that the IP address is removed and ciphers added.<Connector NIDP_Name="connector" port="8443" address="" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, ... ../>
Tomcat properties:
Go to C:\Program Files\Novell\Tomcat\bin\tomcat7w. Double-click the tomcat7w file and make a note of any elements or attributes customized in 4.4.x.
On the 4.5 server, go to C:\Program Files\Tomcat\bin\tomcat8w. Change the values and attributes as required.
Restart tomcat server using the Windows service. Go to Start > Control Panel > System and Security > Administrative Tools > Services.
IMPORTANT:If NetIQ Access Manager is federated with other service providers or if the users are redirected to Access Gateway protected resources from Identity Server using the target_url, you may see errors regardless of successful authentication. The ConfigUpgrade script enables ‘Allow any target’ for the ‘Intersite Transfer Service’ configuration service for all the service providers.