IBM Support

IBM Security Access Manager for Enterprise Single Sign-On IMS Server fix pack 8.2.0-ISS-SAMESSO-IMS-FP0010

Download


Abstract

Fix pack for IBM Security Access Manager for Enterprise Single Sign-On IMS Server, Version 8.2.0.

Download Description

This fix pack package contains fixes for IBM Security Access Manager for Enterprise Single Sign-On IMS Server software. 8.2.0-ISS-SAMESSO-IMS-FP0010 contains new fixes and all fixes from the previous fix pack. For information about defects resolved in the previous fix pack, including the manual configurations, see the previous fix pack readme.

This fix pack requires IMS Server, version 8.2.0 to be installed successfully.

  • Fix pack contents
    • This readme file
    • 8.2.0-ISS-SAMESSO-IMS-FP0010.pak- This .PAK file is the Update Installer maintenance package for IMS Server.
    • etc-ISS-SAMESSO-8.2.zip
  • Dependencies
    This fix pack has the following dependencies:

    APARS and defects fixed

    This fix pack corrects the following issues found in IBM Security Access Manager for Enterprise Single Sign-On, version 8.2.0 release.

    • This fix pack contains fixes for some security vulnerabilities. A security bulletin is issued for resolved vulnerabilities.

    Software Limitations

    You must use WebSphere Update Installer, version 7.0.0.1 or later. WebSphere Update Installer, version 7.0.0.0, does not support updating the IMS Server.

Installation Instructions

Before you begin

Copy the IMS Server installation folder to a backup directory.

Installing the fix pack automatically

Before you begin

Ensure that:
  • You have a copy of 8.2.0-ISS-SAMESSO-IMS-FP0010.zip. This fix pack contains 8.2.0-ISS-SAMESSO-IMS-FP0010.pak and etc-ISS-SAMESSO-8.2.zip.
  • WebSphere Application Server 7.0 is installed and running.
  • IBM HTTP Server 7.0 is installed and configured for the IMS Server.

About this task

Do an automatic installation of the fix pack if the IMS Server is already installed and deployed in the WebSphere Application Server 7.0. If it is not installed and deployed, see INSTALLING THIS FIX PACK MANUALLY.
Note: Do not remap the ISAMESSOIMSConfig module. Otherwise, you cannot access the IMS™ Configuration Wizard or IMS Configuration Utility.
  1. Download the 8.2.0-ISS-SAMESSO-IMS-FP0010.zip file from IBM Support & downloads.
  2. Extract the contents of the 8.2.0-ISS-SAMESSO-IMS-FP0010.zip file onto your local computer.
  3. Extract the etc-ISS-SAMESSO-8.2.zip file into your selected directory.
  4. Copy the extracted etc folder into the root of the <IMS Server installation directory>.

    For example: C:\Program Files\IBM\ISAM ESSO\IMS Server\etc

  5. From the <IMS Server installation directory>\etc\ folder, open the tamesso.ims.appserver.properties file with a text editor and edit the values of the following variables:
was.hostname=was_hostname
was.connector.port=was_connector_port
was.security.enabled=true
was.admin.user.id=was_admin_id
was.admin.user.pwd=was_admin_pw
was.truststore.file=truststore_file
was.truststore.pwd=truststore_pwd
was.keystore.file=
was.keystore.pwd=
    1. Replace was_hostname with the name of your computer.
    2. Replace was_connector_port with the SOAP connector port. For example: 8880.

      Retrieve the SOAP connector port value from: C:\Program Files\IBM\WebSphere\AppServer\profiles\<profile_name>\logs\AboutThisProfile.txt

      Note: If you use WebSphere Application Server Network Deployment, <profile_name> is the deployment manager profile name.
    3. Take one of the following actions, if WebSphere Application Server security:
      • Is enabled, replace was_admin_id and was_admin_pw with your WebSphere Application Server user name and password.
      • Is not enabled, set the value of was.security.enabled to false.
    4. Set the truststore_file and truststore_pwd.
      Note: Use any of these valid formats when you specify the path for the truststore file:
      C:/.../...
      C:\\...\\...
      truststore_file

      Replace truststore_file with the path where the truststore file is located.

      Follow the format in the tamesso.ims.appserver.properties file.

      • For WebSphere Application Server stand-alone:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\<cell_name>\nodes\<node_name>\trust.p12

        See the following example:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\ibmusvr1Node01Cell\nodes\ibmusvr1Node01\trust.p12

      • For WebSphere Application Server Network Deployment:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\<Dmgr_profilename>\config\cells\<cell_name>\trust.p12

        See the following example:

        C:\Program Files\IBM\WebSphere\AppServer\Profiles\Dmgr01\config\cells\ibm-svr1Cell01\trust.p12

      truststore_pwd

      Replace truststore_pwd with your WebSphere Application Server trust store password.

      The default password for WebSphere Application Server trust store is WebAS.

    5. If two-way SSL is enabled, set the was.keystore.file and was.keystore.pwd.
      Note: Use any of these valid formats when you specify the path for the keystore file:
      C:/.../...
      C:\\...\\...
      was.keystore.file

      Specify the path where the keystore file is located.

      Follow the format indicated in the tamesso.ims.appserver.properties file. For example:
      • For WebSphere Application Server stand-alone:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\<cell_name>\nodes\<node_name>\key.p12

        See the following example:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\ibmusvr1Node01Cell\nodes\ibmusvr1Node01\key.p12

      • For WebSphere Application Server Network Deployment:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\<Dmgr_profilename>\config\cells\<cell_name>\key.p12

        See the following example:

        C:\Program Files\IBM\WebSphere\AppServer\Profiles\Dmgr01\config\cells\ibm-svr1Cell01\key.p12

      was.keystore.pwd
      Specify the WebSphere Application Server keystore password.
      Note: Remove the value after the installation to avoid compromising security.
    6. Click Save and close the file.
  1. Launch the IBM Update Installer for WebSphere Software.
    1. On your Microsoft Windows Desktop, select Start > All Programs > IBM WebSphere > Update Installer for WebSphere V7.0 Software. The IBM Update Installer for WebSphere Software wizard is displayed.
    2. Click Next. The Product Selection page is displayed.
    3. Click Browse to select the location of the <IMS Server installation directory> and click Open. For example: C:\Program Files\IBM\ISAM ESSO\IMS Server
    4. Click Next. The Maintenance Operation Selection page is displayed.
    5. Select Install maintenance package.
    6. Click Next. The Maintenance Package Directory Selection page is displayed.
    7. Click Browse to select the location of the 8.2.0-ISS-SAMESSO-IMS-FP0010.pak file and click Open.
    8. Click Next.
    9. Select the 8.2.0-ISS-SAMESSO-IMS-FP0010.pak file.
    10. Click Next. The Installation Summary page is displayed.
    11. Click Next. There are two possible messages that can be displayed:
      Success: The following maintenance package was installed.

      Displays if you provided the correct connection properties.

      Success: The following maintenance package was partially installed.

      Displays if you provided the wrong connection properties. See INSTALLING THIS FIX PACK MANUALLY.

    12. Click Finish. The IMS Server version is updated with the latest fix pack and deployed in the WebSphere Application Server.
  2. Remapping the ISAMESSOIMS module.
    Note: Do not remap the ISAMESSOIMSConfig module.
    1. Log on to the IBM Integrated Solutions Console.
    2. On the Integrated Solutions Console left navigation pane, select Applications > Application Types > WebSphere enterprise applications.
    3. Click ISAMESSOIMS.
    4. Under Modules, click Manage Modules.
    5. Click Select All.
    6. Select all entries in the Clusters and servers field.
    7. Click Apply. The list is updated.
    8. Click OK.
    9. Click Save.
    10. Restart the IBM HTTP Server.

What to do next

  • Do the post installation configurations.
  • Verify the IMS Server version.
 

Installing the fix pack manually

Before you begin

Ensure that:
  • You have a copy of 8.2.0-ISS-SAMESSO-IMS-FP0010.zip. This fix pack contains 8.2.0-ISS-SAMESSO-IMS-FP0010.pak and etc-ISS-SAMESSO-8.2.zip.
  • WebSphere Application Server 7.0 is installed and running.
  • IBM HTTP Server 7.0 is installed and configured for the IMS Server.

About this task

This manual installation of the fix pack involves the uninstallation and reinstallation of the IMS Server in the WebSphere Application Server.

Installing the fix pack
  1. Download the 8.2.0-ISS-SAMESSO-IMS-FP0010.zip file from IBM Support & downloads.
  2. Extract the contents of the 8.2.0-ISS-SAMESSO-IMS-FP0010.zip file onto your local computer.
  3. Launch the IBM Update Installer for WebSphere Software.
    1. On your Microsoft Windows Desktop, select Start > All Programs > IBM WebSphere > Update Installer for WebSphere V7.0 Software. The IBM Update Installer for WebSphere Software wizard is displayed.
    2. Click Next. The Product Selection page is displayed.
    3. Click Browse to select the location of the <IMS Server installation directory> and click Open. For example: C:\Program Files\IBM\ISAM ESSO\IMS Server
    4. Click Next. The Maintenance Operation Selection page is displayed.
    5. Select Install Maintenance package.
    6. Click Next. The Maintenance Package Directory Selection page is displayed.
    7. Click Browse to select the location of the 8.2.0-ISS-SAMESSO-IMS-FP0010.pak file and click Open.
    8. Click Next.
    9. Select the 8.2.0-ISS-SAMESSO-IMS-FP0010.pak file.
    10. Click Next. The Installation Summary page is displayed.
    11. Click Next. The message Success: The following maintenance package was partially installed is displayed.
    12. Click Finish.
  4. Log on to the IBM Integrated Solutions Console.
Uninstalling the IMS Server
  1. On the Integrated Solutions Console left navigation pane, select Applications > Application Types > WebSphere enterprise applications.
  2. Select the ISAMESSOIMS and ISAMESSOIMSConfig check box.
  3. Click Uninstall.
  4. Click OK.
  5. Click Save.
Installing the ISAMESSOIMSConfig application
  1. On the Start menu, click Run.
  2. In Open, type cmd.
  3. From the command prompt, browse to the <ims_home>\bin directory. For example: C:\Program Files\IBM\ISAM ESSO\IMS Server\bin.
  4. Run deployIsamessoImsConfig.bat. For example:

    deployIsamessoImsConfig.bat <WAS Admin user ID> <password>

Installing the ISAMESSOIMS application
  1. On the Integrated Solutions Console left navigation pane, select Applications > Application Types > WebSphere enterprise applications.
  2. Click Install.
  3. Under Path to the new application, select between Local file system and Remote file system.
  4. Under Path, click Browse. The com.ibm.tamesso.ims-delhi.deploy.isamessoIms.ear file is located by default in C:\Program Files\IBM\ISAM ESSO\IMS Server\.
  5. Click Next.

    The Preparing for the application installation page is displayed.

  6. Select Fast Path - Prompt only when additional information is required.
  7. Click Next.

    The Install New Application page is displayed.

  8. Retain the default values under Select installation options.
  9. Click Next.
  10. Click Select All.
  11. Select all entries in the Clusters and servers field.
  12. Click Apply.

    The list is updated with the selected clusters and servers.

  13. Click Next.
  14. Click Finish.

    The installation is successful.

  15. Click Save.
What to do next
  • Do the post installation configurations.
  • Verify the IMS Server version.

Post installation configuration

If you are using Web 2.0 and Mobile feature pack on WebSphere Application Server Version 7.0, map the ISAMESSOIMS application to the shared library

1. In the navigation pane, click Applications > Application Types > WebSphere enterprise applications.

2. In the Enterprise Applications page, click ISAMESSOIMS.

3. In the Configuration page, under References, click Shared library references.

4. Select ISAMESSOIMS.

5. Click Reference shared libraries.

6. In the Available list, select the jaxrslib library.

7. Move the jaxrslib library to the Selected list by clicking the >> button.

8. Click OK twice.


If you are using WebSphere Application Server Network Deployment, override session management.

1. In the WebSphere administrative console navigation pane, click Applications > Application types > WebSphere enterprise applications.

2. Click ISAMESSOIMS.

3. Under Web Module Properties, click Session management.

4. Under General Properties, select the Override session management check box.

5. Click Apply.

6. In the Messages box, click Save. The ISAMESSOIMS application is stopped.

7. Configure session management override for AccessAdmin.


a. In the Enterprise Applications page, click ISAMESSOIMS.
b. Under Modules, click Manage Modules.
c. Click the ISAM ESSO IMS Server AccessAdmin <version number> link.
d. Under Additional Properties, click Session management.
e. Select the Override session management check box.
f. Click OK.
g. Click Save.

8. Resynchronize the nodes.


a. Click System administration > Nodes.
b. Select the check box for each corresponding node.
c. Click Full Resynchronize.

9. Start the cluster.

If you are using WebSphere Application Server Stand-alone, start the IMS Server.

1. On the Integrated Solutions Console left navigation pane, select Applications > Application Types > WebSphere enterprise applications.

2. Select the ISAMESSOIMS check box.

3. Click Start.

To uninstall the fix pack, see Uninstalling the IMS Server fix pack.
Before uninstalling this fix pack

To uninstall the fix pack and revert to IMS Server, version 8.2, you must have access to the IMS Server, version 8.2, installation files.

UNINSTALLING THIS FIX PACK AUTOMATICALLY

These steps uninstall the IMS Server 8.2 fix pack and automatically redeploys the IMS Server in the WebSphere Application Server 7.0.

Before you begin

Ensure that:
  • You extracted the etc-ISS-SAMESSO-8.2.zip file into your selected directory and copied the extracted etc folder into the root of the IMS Server 8.2 installation directory.
  • IMS Server, version 8.2.0.0.825 is installed.
  • WebSphere Application Server 7.0 is installed and running.
  • IBM HTTP Server 7.0 is installed and configured for the IMS Server.
Procedure
  1. From the <IMS Server installation directory>\etc\ folder, open the tamesso.ims.appserver.properties file with a text editor.
  2. Edit the values of these variables.
    was.hostname=was_hostname
    was.connector.port=was_connector_port
    was.security.enabled=true
    was.admin.user.id=was_admin_id
    was.admin.user.pwd=was_admin_pw
    was.truststore.file=truststore_file
    was.truststore.pwd=truststore_pwd
    was.keystore.file=
    was.keystore.pwd=
    1. Replace was_hostname with the name of your computer.
    2. Replace was_connector_port with the SOAP connector port. For example: 8880.

      Retrieve the SOAP connector port value from: C:\Program Files\IBM\WebSphere\AppServer\profiles\<profile_name>\logs\AboutThisProfile.txt

      Note: If you use WebSphere Application Server Network Deployment, <profile_name> is the deployment manager profile name.
    3. Take one of the following actions, if WebSphere Application Server security:
      • Is enabled, replace was_admin_id and was_admin_pw with your WebSphere Application Server user name and password.
      • Is not enabled, set the value of was.security.enabled to false.
    4. Set the truststore_file and truststore_pwd.
      Note: Use any of these valid formats when you specify the path for the truststore file:
      C:/.../...
      C:\\...\\...
      truststore_file

      Replace truststore_file with the path where the truststore file is located.

      Follow the format in the tamesso.ims.appserver.properties file.

      • For WebSphere Application Server stand-alone:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\<cell_name>\nodes\<node_name>\trust.p12

        See the following example:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\ibmusvr1Node01Cell\nodes\ibmusvr1Node01\trust.p12

      • For WebSphere Application Server Network Deployment:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\<Dmgr_profilename>\config\cells\<cell_name>\trust.p12

        See the following example:

        C:\Program Files\IBM\WebSphere\AppServer\Profiles\Dmgr01\config\cells\ibm-svr1Cell01\trust.p12

      truststore_pwd

      Replace truststore_pwd with your WebSphere Application Server trust store password.

      The default password for WebSphere Application Server trust store is WebAS.

    5. If two-way SSL is enabled, set the was.keystore.file and was.keystore.pwd.
      Note: Use any of these valid formats when you specify the path for the keystore file:
      C:/.../...
      C:\\...\\...
      was.keystore.file

      Specify the path where the keystore file is located.

      Follow the format indicated in the tamesso.ims.appserver.properties file. For example:
      • For WebSphere Application Server stand-alone:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\<profile_name>\config\cells\<cell_name>\nodes\<node_name>\key.p12

        See the following example:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\ibmusvr1Node01Cell\nodes\ibmusvr1Node01\key.p12

      • For WebSphere Application Server Network Deployment:

        C:\Program Files\IBM\WebSphere\AppServer\profiles\<Dmgr_profilename>\config\cells\<cell_name>\key.p12

        See the following example:

        C:\Program Files\IBM\WebSphere\AppServer\Profiles\Dmgr01\config\cells\ibm-svr1Cell01\key.p12

      was.keystore.pwd
      Specify the WebSphere Application Server keystore password.
      Note: Remove the value after the installation to avoid compromising security.
    6. Click Save and close the file.
  3. Launch the IBM Update Installer for WebSphere Software.
    1. On your Microsoft Windows Desktop, select Start > All Programs > IBM WebSphere > Update Installer for WebSphere V7.0 Software. The IBM Update Installer for WebSphere Software wizard is displayed.
    2. Click Next. The Product Selection page is displayed.
    3. Click Browse to select the location of the <IMS Server installation directory> and click Open. For example: C:\Program Files\IBM\ISAM ESSO\IMS Server
    4. Click Next. The Maintenance Operation Selection page is displayed.
    5. Select Uninstall Maintenance package.
    6. Click Next. The Maintenance Package Directory Selection page is displayed.
    7. Click Next.
    8. Select the 8.2.0-ISS-SAMESSO-IMS-FP0010.pak file.
    9. Click Next. The Installation Summary page is displayed.
    10. Click Next. There are two possible messages that can be displayed:
      Success: The following maintenance package was uninstalled.

      Displays if you provided the correct connection properties.

      Success: The following maintenance package was partially uninstalled.

      Displays if you provided the wrong connection properties. See UNINSTALLING THIS FIX PACK MANUALLY

  4. Click Finish.
What to do next
  • Manually uninstall the IMS Server.
  • Install the ISAMESSOIMSConfig application.
  • Install the ISAMESSOIMS application.
  • Map the ISAMESSOIMS module.
  • Do the post installation configurations.
  • Verify that the IMS Server version was changed to the previously installed version.

Verifying the IMS Server version after fix pack installation
You can verify the IMS Server version to determine whether the fix pack installation was successful.

About this task
After you apply the fix pack, complete these steps to verify that the IMS Server version was updated. If the fix pack installation failed, manually uninstall the IMS Server and install the IMS Server in the WebSphere Application Server.

Procedure

1. Log on to AccessAdmin(https://<Web server name>/admin).

2. Select System > Status > IMS Server version.

If you successfully installed 8.2.1-ISS-SAMESSO-IMS-FP0008, the IMS Server version is updated to 8.2.1.0.31.

On
[{"DNLabel":"8.2.0-ISS-SAMESSO-IMS-FP0010","DNDate":"04 Oct 2019","DNLang":"English","DNSize":"254305938 B","DNPlat":{"label":"Windows","code":"PF033"},"DNURL":"https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/Tivoli+Access+Manager+for+Enterprise+Single+Sign-On&release=8.2.0&platform=All&function=all","DNURL_FTP":"","DDURL":null}]
[{"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"IMS Server","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.2.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
07 October 2019

UID

ibm11077975