Manually migrating from WAS 5.1 to WebSphere Application Server 6.x with Tivoli Access Manager enabled on a stand-alone server
After upgrading WAS version 5.1 on a stand-alone system to version 6.x, you can migrate the Tivoli Access Manager authorization configuration. This should be performed before the Application Server is started. Do not start the Application Server after running the migration wizard or using the migration scripts. The migration will have missed some relevant Tivoli Access Manager files that will prevent the Application Server from starting.
Procedure
- Copy the following files from the version 5.1 directory to the same directory for the version 6.x installation:
- %WAS_HOME%\java\jre\PDPerm.properties
- %WAS_HOME%\java\jre\lib\security\pdperm.ks
- %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
- %WAS_HOME%\java\jre\PolicyDirector\PD.properties
- %WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
- Open the PD.properties file with a text editor and change the following pd-home, java-home and pdvar-home configuration elements to point to your Tivoli Access Manager Policy Server. For example:
pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjcefw.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjsse.jar, C\:\\Program Files \\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmpkcs.jar, C\:\\Program Files\\WebSphere \\AppServer\\java\\jre\\lib\\ext\\jaas.jar, C\:\\Program Files\\WebSphere\\AppServer\\java \\jre\\lib\\ext\\local_policy.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib \\ext\\PD.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\US_export_policy.jar
- Open the PdPerm.properties file with a text editor and change the following configuration settings:
pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJ<appsvr-servername>MessageFileHandler.fileName=C\:\\Program Files\\IBM \\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__<appsvr-servername>.log pdcert-url=file\:/c\:/progra~1/IBM/WAS/AppServer/java/jre/lib/security/pdperm.ks baseGroup.PDJ<appsvr-servername>TraceFileHandler.fileName=C\:\\Program Files\\IBM \\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/trace__<appsvr-servername>.log pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjcefw.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjsse.jar, C\:\\Program Files \\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmpkcs.jar, C\:\\Program Files\\WebSphere \\AppServer\\java\\jre\\lib\\ext\\jaas.jar, C\:\\Program Files\\WebSphere\\AppServer\\java \\jre\\lib\\ext\\local_policy.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib \\ext\\PD.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\US_export_policy.jarFor the purposes of this example it is assumed that the Application Server has been installed on the C drive running Microsoft Windows. If your Application Server installation is not on the C drive then change the file paths in the configuration settings accordingly.
The <appsvr-servername> value is located in the PdPerm.properties file.
Results
You can now start the Application Server.
Manually configuring Tivoli Access Manager only for authentication on WAS 6.x
Manually migrating from WAS 5.1 to WebSphere Application Server 6.x with Tivoli Access Manager enabled on multiple nodes