18.10 Post Upgrade Task

Perform the following actions after upgrade:

18.10.1 Upgrading Service Drivers

NOTE:Before updating the driver packages, ensure that you have updated to the latest version of Identity Applications.

After updating Identity Applications to the latest version, you can update the User Application driver package to 4.10.0.20241023190534, the Role and Resource Service Driver package to 4.8.8.20231216023752, and Data Collection Services driver package to 2.4.2.20230627174512.

Perform the following steps to update the driver package:

  1. Open the project containing the required service driver.

  2. Right-click the service driver, then click Driver > Properties.

  3. Click Packages.

    A check mark indicates a newer version of a package in the Available Upgrades column.

  4. (Conditional) For UAD package, click Select operation against the NOVLUABASE_4.10.0.20241023190534.jar package.

  5. (Conditional) For RRSD package, click Select operation against the NOVLRSERVB_4.8.8.20231216023752.jar package.

  6. (Conditional) For DCS package, click Select operation against the NOVLIDMDCSB_2.4.2.20230627174512.jar package.

  7. From the drop-down list, click Upgrade.

  8. Select the version that you want to upgrade to, then click OK.

    NOTE:Designer lists all versions available for upgrade.

  9. Click Apply.

  10. (Conditional) Fill in the fields with appropriate information to upgrade the package, then click Next.

    Depending on which package you selected for upgrade, you must fill in the required information appropriately to upgrade the package.

  11. Read the summary of the packages that will be installed, then click Finish.

  12. Review the upgraded package, then click OK to close the Package Management page.

  13. Deploy the changes and restart the driver.

  14. Restart the OpenText eDirectory service.

18.10.2 Removing Unused Log4j JAR

The log4j-1.2.13.jar is installed in the /opt/netiq/idm/lightWeightDesigner/plugins/com.novell.soa.eai.integrationActivity_4.0.0.201910221801/lib directory as part of OpenText Identity Manager 4.10 installation. OpenText Identity Manager no longer uses this jar. Locate and delete the log4j-1.2.13.jar from the directory.

18.10.3 Configuring TLSv1.3 for Tomcat Services

Perform the following steps to configure TLSv1.3:

  1. Navigate to /opt/netiq/idm/apps/tomcat/conf directory and add the following entries to server.xml file.

    useServerCipherSuitesOrder="true"
    ciphers="TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
    sslEnabledProtocols="TLSv1.2+TLSv1.3"

    For example:

    <Connector port="8543" protocol="HTTP/1.1" URIEncoding="UTF-8" maxThreads="200" enableLookups="true" scheme="https" secure="true" maxHttpHeaderSize="65536" SSLEnabled="true" sslProtocol="TLS" disableUploadTimeout="true" keystoreFile="conf/tomcat.ks" keystorePass="novell" useServerCipherSuitesOrder="true" ciphers="TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" sslEnabledProtocols="TLSv1.2+TLSv1.3" />

  2. Open the ism-configuration.properties and edit the following entry that is change TLSv1.2 to TLSv1.3:

    com.netiq.idm.sslProtocol = TLSv1.3

  3. Restart the tomcat services.

NOTE:In the OpenText Identity Manager environment, if there is a mismatch in SSPR and Tomcat TLS configuration, then regardless of whether the SSPR TLS configuration is set to 1.2, Tomcat TLS configuration takes the precedence, which is set to 1.3 in ism-configuration.properties.