Use this topic to migrate the security configuration of previous WebSphere® Application Server releases and its applications to the new installation of WebSphere Application Server.
This information addresses the need to migrate your security configurations from a previous release of IBM® WebSphere Application Server to WebSphere Application Server Version 7.0 or later. Complete the following steps to migrate your security configurations:
The security configuration of previous WebSphere Application Server releases and its applications are migrated to the new installation of WebSphere Application Server Version 7.0.
If a custom user registry is used in the previous version, the migration process does not migrate the class files that are used by the standalone custom registry in the previous app_server_root/classes directory. Therefore, after migration, copy your custom user registry implementation classes to the app_server_root/classes directory.
If you upgrade from WebSphere Application Server, Version 5.x to WebSphere Application Server Version 7.0, the data that is associated with Version 5.x trust associations is not automatically migrated. To migrate trust associations, see Migrating trust association interceptors.
If
you are migrating a Version 6.1 environment or earlier with System
Authorization Facility (SAF) authorization enabled, be aware that
the term describing the string that is prepended to the EJBROLE profile
names, which was previously referred to as the z/OS security
domain, has been updated to "SAF profile prefix". Additionally, the
corresponding property name in the security.xml file
has been updated to com.ibm.security.SAF.profilePrefix The
old property names are security.zOS.domainName and security.zOS.domainType.
The term has changed to more accurately describe the purpose of this
property and to avoid confusion with the WebSphere security
domains feature that has been introduced in Version 7.0. If a SAF profile
prefix is specified and scriptCompatiblity is a false value,
further action is not necessary during migration; the old properties
are converted to the new properties.
If the
previous version instance is configured to enable secure connections
using digital certificates that are signed by the Digital Certificate
Manager (DCM) local certificate authority, those certificates must
be renewed. For example, they must be renewed for the previous version
instance, the WebSphere Application Server Version 7.0 profile, and all
of the Secure Socket Layer-enabled clients and servers that connect
to WebSphere Application Server. For more
information, see SSL handshake failure using digital certificates signed
by a Digital Certificate Manager (DCM) local certificate authority.
IBM i *SYSTEM certificate stores
for applications are deprecated in WebSphere Application Server Version 5. In WebSphere Application Server Version 7.0, you must migrate
your applications to use Java™ keystores.
The os400.security.password.validation.list.object
property is profile-dependent. If you are migrating from Version 5,
see Migrating Java thin clients that use the password encoding algorithm for instructions
on how to migrate your client configuration.
In this information ...Subtopics
Related concepts
Related tasks
| IBM Redbooks, demos, education, and more(Index) |