Complete the Upgrade
1. If you use encrypted entries in the jaas.config file or in other properties files, you must enter the value stored there again in plain text.
a. Open the jaas.config file in the new Software AG_directory /profiles/CTP/configuration folder and search for entries starting with "@secure.".
b. Re-enter passwords or other information in plain text.
c. Open all files in the new Software AG_directory /profiles/CTP/configuration/com.softwareag.platform.config.propsloader folder the names of which start with “com.softwareag.security.ldap.server.” and end with “.properties”.
d. Search for entries which start with "@secure." and re-enter passwords or other information in plain text.
After you save the files, the passwords are re-encrypted within a few seconds.
2. Start the new CentraSite.
3. If you use single sign-on with CentraSite, do the following:
a. Open the jaas.config file in the old and new Software AG_directory /profiles/CTP/configuration directories. Copy the following from the old file to the new file:
ServletHeaderLoginModule for extracting the user ID from the incoming HTTP header.
SimpleNameMappingLoginModule, if you are using it.
Any other entries you are using to process the extracted user ID.
The new jaas.config file should look like this:
CentraSite {
com.softwareag.centrasite.security.cache.ShortTermTokenLoginModule sufficient;
com.softwareag.security.jaas.login.internal.InternalLoginModule sufficient
...
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule sufficient
...
com.softwareag.security.jaas.login.modules.ServletHeaderLoginModule
required
... com.softwareag.security.jaas.login.modules.SimpleNameMappingLoginModule
required
...
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required
...
};
The ShortTermTokenLoginModule establishes delegated authentication in CentraSite to perform secured internal communication. The initial InternalLoginModule is normally only for users in the INTERNAL domain, and the initial LDAPLoginModule is for LDAP users that are logging in directly and not via single sign-on. If you need only single-sign on logins, you can remove the initial InternalLoginModule and LDAPLoginModule.
b. Set up your LDAP configuration to resolve the extracted user ID via LDAP. Modify the generated LDAP login module to enable single sign-on-related options, such as technical user. Apply LDAP single sign-on technical user credentials if necessary.
4. If you used metrics with the old CentraSite and downloaded the old XML metrics objects earlier in this procedure, convert the objects to JSON and load them to CentraSite using the CentraSiteToolbox command. A sample CentraSiteToolbox command is shown below.
CentraSiteToolbox ConvertAndLoadMetrics.jar
-dburl http://host:port/CentraSite/CentraSite
-user user -password password -xmlfile metrics_file_name
5. If you are using API Portal with CentraSite or API Gateway, republish all API Portal instances you created in the old release to the new API Portal. For instructions, see the CentraSite or API Gateway documentation.