When Tivoli® Access
Manager security is configured for your existing environment and security
is enabled for a single node, you can migrate
to WebSphere® Application Server, Versão 9.0.
Before you begin
Your profiles must be migrated using the migration tools to
migrate product configurations.
Important: Do not restart
the WebSphere Application Server Versão 9.0 server until after
performing the following procedure. The migration tools omit some
files that enable the server to start correctly.
About this task
After migrating your profiles, additional steps are required
when Tivoli Access Manager
security is configured.
Note: WebSphere Application
Server Version 8.0 and later hosts Tivoli Access
Manager specific files under the %WAS_HOME%/tivoli/tam directory.
In previous versions, these files were hosted under the %WAS_HOME%/java/jre/ hierarchy.
![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
![[z/OS]](../images/ngzos.gif)
Note: In the following steps, %WASX% refers
to the installation root of the source WebSphere Application Server product, and %WAS8% refers
to the installation root of the target WebSphere Application Server product (the
Version 8.0 installation root).
Procedure
![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
Copy the following files from the source
location to target location. Table 1. Files to copy from the source location to the target location. Files to copy from the source location to the target locationSource Location |
Target Location |
%WASX%\java\jre\PDPerm.properties |
%WAS8%\tivoli\tam\PDPerm.properties |
%WASX%\java\jre\lib\security\PdPerm.ks (if
found) |
%WAS8%\tivoli\tam\lib\security\PdPerm.ks |
%WASX%\java\jre\lib\PdPerm.ks (if
found) |
%WAS8%\tivoli\tam\PdPerm.ks |
%WASX%\java\jre\PolicyDirector\PDCA.ks |
%WAS8%\tivoli\tam\PolicyDirector\PDCA.ks |
%WASX%\java\jre\PolicyDirector\PD.properties |
%WAS8%\tivoli\tam\PolicyDirector\PD.properties |
%WASX%\java\jre\PolicyDirector\etc\pdjrte_paths |
%WAS8%\tivoli\tam\PolicyDirector\etc\pdjrte_paths |
%WASX%\java\jre\PolicyDirector\etc\pdjrte_mapping |
%WAS8%\tivoli\tam\PolicyDirector\etc\pdjrte_mapping |
![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
Edit the PD.properties file,
and change the following configuration settings: appsvr-plcysvrs=null\:0:\:1
config_type=standalone
Make the appropriate changes to
point to your Tivoli Access
Manager Policy Server, for example:appsvr-plcysvrs=pdmgrd.test.gc.au.ibm.com\:7135\:1
config_type=full
![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
Edit the following four files on the
target system and make sure that all of the path references are corrected: - %WAS8%/tivoli/tam/PdPerm.properties
- %WAS8%/tivoli/tam/PolicyDirector/PD.properties
- %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_paths
- %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_mapping
When you correct the paths, complete the following steps
in order:
- Ensure that all references from %WASX%/java/jre/PolicyDirector are
changed to %WAS8%/tivoli/tam/PolicyDirector.
- Ensure that all references (in the PdPerm.properties file)
from the%WASX%/java/jre/[security]/PdPerm.ks file
are changed to %WAS8%/tivoli/tam/pdPerm.ks.
- Ensure that all remaining references from %WASX%/java/jre are
changed to %WAS8%/java/jre.
- Edit the %WAS8%/tivoli/tam/PolicyDirector/etc/pdjrte_mapping file.
It contains the JRE->JRE mapping: %WAS8%/java/jre=%WAS8%/java/jre.
Change
this mapping to JRE->tivoli/tam: %WAS8%/java/jre=%WAS8%/tivoli/tam.
Copy the profile_root1/PolicyDirector directory
and it's contents to profile_root2/PolicyDirector. For this example:- profile_root1 is the root directory of the profile being migrated.
- profile_root2 is the root directory of the version 6.1 profile.
- From an IBM® i
command line, type STRQSH and press Enter.
- Type cp -R profile_root1/PolicyDirector profile_root2 and
press Enter.
Copy the key file of the profile being
migrated to the version 8.0 profile. The location of the
key file is defined in profile_root1/PolicyDirector/PdPerm.properties.
For this example: - The PdPerm.properties file contains pdcert-url=file\:/QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb.
- /QIBM/UserData/WebAS51/Base/AppSvr1 is the
root directory of a Version 6.1 profile.
- From an IBM i
command line type STRQSH and press Enter.
- Type cp /QIBM/UserData/WebAS51/Base/AppSvr1/etc/AppSvr1.kdb
profile_root2/etc/AppSvr1.kdb and press Enter.
Edit the property values in profile_root2/PolicyDirector/PdPerm.properties and
in profile_root2/PolicyDirector/Pd.properties to
replace occurrences of profile_root1 with profile_root2 in
the file path name values.
What to do next
Also see Migrating with Tivoli Access Manager for authentication enabled
on multiple nodes for more information.