All protocols, ciphers, and filter configurations in all components are made highly secure by default in Access Manager 4.3 and later. If your Access Manager setup is configured with less secure settings, upgrading it to 4.3 or later may result in communications issues. The following are few example scenarios when you may need to restore your previous security settings:
When browsers do not support TLS1.1 or TLS1.2 protocol or secure ciphers suites.
When third-party service provider does not support TLS1.1 or TLS1.2 protocol or secure cipher suites along with the following configuration:
A SAML or Liberty federation with artifact binding between Access Manager and third-party service provider.
WS-Trust federation between Access Manager and third-party service provider.
When OAuth clients or OAuth resource servers do not support TLS1.1 or TLS1.2 protocol or secure cipher suites.
When you upgrade to Access Manager 4.3 or later, the upgrade script backs up the following files to enable you restoring the previous configuration:
Administration Console: tomcat7.conf (tomcat7w.exe on Windows), server.xml, web.xml
Identity Server: tomcat.conf (tomcat7w.exe on windows), server.xml, web.xml
Access Gateway:web.xml, httpd.conf, NovellAgSettings.conf, tomcat.conf (tomcat8w.exe on Windows), sever.xml
The backup files are located at the following location:
Linux: /root/nambkup (separate folders for Administration Console, Identity Server, and Access Gateway)
Windows: C:\nambkup (Backed up files are available in tomcat_conf.zip). Name of the backed up Identity Server web.xml is nidp_web.xml and Administration Console web.xml is ac_web.xml.
NOTE:Compare each upgraded configuration file with the corresponding backup file. If your backup file includes the similar configuration as it is in the upgraded file, you do not need to make any changes.
This section includes the following topics: