Symantec Access Management

  • Private Community

  • 1.  CA Single Sign On Upgrade from 12.6.1 to 12.7

    Posted Oct 30, 2017 04:33 PM

    Hello Everyone,

     

    Can you please let me know the steps to be followed for CA Single Sign-On upgrade from 12.6.1 to 12.7 version. I  want to do the upgrade instead of fresh installation.

     

    I have the below doubts in specific with the upgrade :

     

    1. Do we need to import the Data Definitions (DD) in the upgrade? Or will the upgrade take care of this automatically? 

    XPSDDInstall SmMaster.xdd

     

    2. Do we need to import the default policy objects in the upgrade? Or will the upgrade take care of this automatically? 

    XPSImport smpolicy.xml

    XPSImport smpolicy-secure.xml

     

    I know we have to do the above steps with a fresh install but my doubt is do we need to do it in the upgrade? 

     

    Can you please share your thoughts? Thank you.



  • 2.  Re: CA Single Sign On Upgrade from 12.6.1 to 12.7

    Posted Oct 30, 2017 04:53 PM

    Hi Gopi,


    Yes, you will have to perform both the above steps.

    Basically , you will also need to upgrade policy store.



  • 3.  Re: CA Single Sign On Upgrade from 12.6.1 to 12.7

    Posted Oct 30, 2017 04:54 PM

    The simple answer is, if we have a policy store which the installer supports, then the installer would handle the binary and policy store upgrade. If we have a policy store which the installer does not support, then installer would handle the binary upgrade and we would have to manually upgrade the policy store (using the commands listed above).

     

     

    If we are manually upgrading the policy store, should we import default objects. I recommend "YES"; as if there are new objects they'd only be added by this step. Be careful, you need to import either smpolicy.xml OR smpolicy-secure.xml (not both).

     

    https://docops.ca.com/ca-single-sign-on/12-7/en/upgrading/in-place-upgrade/upgrade-policy-store

    We may not need to do all the steps listed here, since we are at 12.6.1, the only applicable ones seem to be...

    Step-2 : Import the Policy Store Data Definitions.

    Step-3 : Import the Default Policy Store Objects

    Step-4 : Import the Federation Policy Store Objects

    There may be also a few steps to import additional default objects. These are not defined in the doc, but it is good to compare and ascertain.

    ampolicy.xml

    fedpolicy-12.5.xml

     

     

    I'll create a checklist of OS versions / bitness, policy store versions, JDK versions etc - just to make sure we have cross verified all support matrix version compatibilities, before we even talk about steps / process. I am sure we'd done, the checks, but listing'em nevertheless.



  • 4.  Re: CA Single Sign On Upgrade from 12.6.1 to 12.7

    Posted Oct 30, 2017 05:15 PM

    Hi Dennis,

     

    Yes, I have verified the compatibility between the components and I don't see any issues with it.

     

    Can you please provide more details with regard to "policy store which the installer supports" from your earlier post. We are using CA Directory as the policy store.

     

    Thanks,

    Gopi.