Migrate the Data
CentraSite scripts migrate configuration data from the old CentraSite and assets from the old Registry Repository to the new CentraSite installation. They also transform and migrate the LDAP configuration from the old Registry Repository to the new CentraSite JAAS configuration.
1. Import configuration data and assets from the Zip file you created earlier. Open a command window or shell, go to the 9.9_Software AG_directory/CentraSite/utilities directory, and run this command:
sbsImport.{cmd|sh} /full_path_to_Zip_file
An example of this command is ./sbsImport.sh /tmp/sbs_cs82_data.zip
2. Start CentraSite 9.9.
3. 9.0, 9.5, or 9.6 upgrade: Transform and migrate the LDAP configuration to the new JAAS configuration. From the 9.9_Software AG_directory/CentraSite/utilities directory, run this command:
CentraSiteCommand.{cmd|sh} generate JaasConfiguration -url CentraSite_9.9_URL
-user CentraSite_9.9_admin_user -password password
The script generates JAAS LoginModule entries that correspond to the old LDAP configuration and saves the entries in the jaas.config file in the 9.9_Software AG_directory/CentraSite/profiles/CTP/configuration directory. For each LDAP domain, the script creates user and group files that map internal (CentraSite) properties to external (LDAP) properties and saves the files in the 9.9_Software AG_directory/CentraSite/profiles/CTP/configuration/com.softwareag.platform.config.propsloader directory.
4. If you use single sign-on with CentraSite, do the following:
a. Open the jaas.config file in the old and new Software AG_directory/CentraSite/profiles/CTP/configuration directories. Copy the following from the old file to the 9.9 file:
ServletHeaderLoginModule for extracting the user ID from the incoming HTTP header.
SimpleNameMappingLoginModule, if you are using it.
Any other entries you are using to process the extracted user ID.
The 9.9 jaas.config file should look like this:
CentraSite {
com.softwareag.centrasite.security.cache.ShortTermTokenLoginModule sufficient;
com.softwareag.security.jaas.login.internal.InternalLoginModule sufficient
...
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule sufficient
...
com.softwareag.security.jaas.login.modules.ServletHeaderLoginModule
required
...
com.softwareag.security.jaas.login.modules.SimpleNameMappingLoginModule
required
...
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required
...
};
The ShortTermTokenLoginModule establishes delegated authentication in CentraSiteSite to perform secured internal communication. The initial InternalLoginModule is normally only for users in the INTERNAL domain, and the initial LDAPLoginModule is for LDAP users that are logging in directly and not via single sign-on. If you need only single-sign on logins, you can remove the initial InternalLoginModule and LDAPLoginModule.
b. Set up your LDAP configuration to resolve the extracted user ID via LDAP. Modify the generated LDAP login module to enable single sign-on-related options, such as technical user. Apply LDAP single sign-on technical user credentials if necessary.
