+

Search Tips   |   Advanced Search

Migrate, coexist, and interoperate - Security considerations

Use this topic to migrate the security configuration of previous WebSphere Application Server releases and its applications to the new installation of WAS.

This information addresses the need to migrate the security configurations from a previous release of IBM WebSphere Application Server to WebSphere Application Server 8.0. Complete the following steps to migrate the security configurations:

In WebSphere Application Server Version 8.0, be aware of the following additional migration requirements for security:


Results

The security configuration of previous WebSphere Application Server releases and its applications are migrated to the new installation of WAS v8.5.


What to do next

We must migrate any custom class files that are not migrated.

(zos) If we are migrating a Version 6.1 environment or earlier with System Authorization Facility (SAF) authorization enabled, be aware that the term describing the string that is prepended to the EJBROLE profile names, which was previously referred to as the z/OS security domain, has been updated to "SAF profile prefix". Additionally, the corresponding property name in security.xml has been updated to com.ibm.security.SAF.profilePrefix The old property names are security.zOS.domainName and security.zOS.domainType. The term has changed to more accurately describe the purpose of this property and to avoid confusion with the WebSphere security domains feature that was introduced in Version 7.0. If a SAF profile prefix is specified and scriptCompatiblity is a false value, further action is not necessary during migration; the old properties are converted to the new properties.

(zos)

The SAF distributed identity mapping feature is not supported in a mixed-version cell (nodes prior to WebSphere Application Server v8.5).

(iseries) If the previous version instance is configured to enable secure connections using digital certificates that are signed by the Digital Certificate Manager (DCM) local certificate authority, those certificates must be renewed. For example, they must be renewed for the previous version instance, the WAS v8.5 profile, and all of the Secure Socket Layer-enabled clients and servers that connect to WebSphere Application Server.

(iseries) IBM i *SYSTEM certificate stores for applications are deprecated in WebSphere Application Server Version 5. In WebSphere Application Server v8.5, migrate the applications to use Java keystores.

(zos) If we are migrating a Version 6.0.x environment with Sync to OS Thread enabled to a v8.5 environment, you should be aware of the following migration considerations:


Subtopics


Related concepts

  • Java Authentication and Authorization Service
  • Web component security
  • Java EE connector security

    (zos) System Authorization Facility classes and profiles


    Related tasks

  • Configure inbound identity mapping