After upgrading WebSphere Application Server version 5.1 on a stand-alone
system to version 6.x, you can migrate the Tivoli Access Manager authorization
configuration. This should be performed before the Application Server is started.
Before you begin
Do not start the Application Server after running the migration wizard
or using the migration scripts. The migration will have missed some relevant
Tivoli Access Manager files that will prevent the Application Server from
starting.
Procedure
- Copy the following files from the version 5.1 directory to the
same directory for the version 6.x installation:
- %WAS_HOME%\java\jre\PDPerm.properties
- %WAS_HOME%\java\jre\lib\security\pdperm.ks
- %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
- %WAS_HOME%\java\jre\PolicyDirector\PD.properties
- %WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
- Open the PD.properties file with a text editor
and change the following pd-home, java-home and pdvar-home configuration
elements to point to your Tivoli Access Manager Policy Server. For example:
pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjcefw.jar,
C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjsse.jar,
C\:\\Program Files \\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmpkcs.jar,
C\:\\Program Files\\WebSphere \\AppServer\\java\\jre\\lib\\ext\\jaas.jar,
C\:\\Program Files\\WebSphere\\AppServer\\java \\jre\\lib\\ext\\local_policy.jar,
C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib \\ext\\PD.jar,
C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\US_export_policy.jar
- Open the PdPerm.properties file with a text
editor and change the following configuration settings:
pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
baseGroup.PDJ<appsvr-servername>MessageFileHandler.fileName=C\:\\Program Files\\IBM
\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__<appsvr-servername>.log
pdcert-url=file\:/c\:/progra~1/IBM/WebSphere/AppServer/java/jre/lib/security/pdperm.ks
baseGroup.PDJ<appsvr-servername>TraceFileHandler.fileName=C\:\\Program Files\\IBM
\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__<appsvr-servername>.log
pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector
java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre
jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjcefw.jar,
C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjsse.jar,
C\:\\Program Files \\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmpkcs.jar,
C\:\\Program Files\\WebSphere \\AppServer\\java\\jre\\lib\\ext\\jaas.jar,
C\:\\Program Files\\WebSphere\\AppServer\\java \\jre\\lib\\ext\\local_policy.jar,
C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib \\ext\\PD.jar,
C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\US_export_policy.jar
Note: For
the purposes of this example it is assumed that the Application Server has
been installed on the C drive running Microsoft Windows. If your Application
Server installation is not on the C drive then change the file paths in the
configuration settings accordingly.
Note: The <appsvr-servername> value
is located in the PdPerm.properties file.
Results
You can now start the Application Server.