Symantec Access Management

  • Private Community
 View Only

 In-place upgrade from Siteminder Single-Sign-On 12.7SP2 to 12.8 SP4

P Soni's profile image
P Soni posted Jan 22, 2021 09:39 AM
​​​Hi,

We are trying to perform In-place upgrade from Siteminder Single-Sign-On 12.7SP2 to 12.8 SP4. It is not clear from the documentation the steps that we need to perform to upgrade LDAP policy-store. We will appreciate if could get answers to below questions.
- Is there a schema change from 12.7 to 12.8
- Are there new policy objects which will be created as a part of this in-place upgrade?
- Should we be selecting configuring policy-store option from the policy-server configuration wizard? Will it overwrite the policy-store? Should we perform this step from the configuration wizard?
- From the documentation to upgrade policy-store, we need to do following:
  - import the policy-store data definition (XPSDDInstall SmMaster.xdd)
  - Import the default policy-store objects (XPSImport smpolicy.xml -npass)

Do we need to perform indexing on the store after performing above steps?
Will the above steps overwrite the application data that we have already in our store?

It is very crucial for us to know what steps need to be performed as it is a in-place upgrade and we can not cause any outage for our applications.

Any help will be greatly appreciated!

-Thanks.
Patrick Dussault's profile image
Broadcom Employee Patrick Dussault posted Jan 25, 2021 02:37 AM
Hi Soni,

Yes, even if documentation only mention 12.5x to 12.8, the upgrade of
the Policy Store data is still needed from 12.7 to 12.8 :

Upgrade Policy Store
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade/upgrade-policy-store.html

There are differences in the Policy Store objects as the latest
12.8SP5 Policy Server brings new functionalities and further
configurations as OIDC, JWT and others.

To upgrade Policy Store data, we strongly suggest you to do it
manually as per documentation here :

Upgrade Policy Store
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade/upgrade-policy-store.html

More, you might consider to import also objects from
default-fedobjects-config.xml :

Import the Federation Policy Store Objects
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/upgrading/in-place-upgrade/upgrade-policy-store.html

These operations won't overwrite the existing data, except when
running XPSSweeper, data might be corrected if needed. It's also a
good idea to re-index the store to insure that the data are fully
indexed after operations.

Before executing your upgrade procedure in Production, we advise you
to test it in lower environment to help you to identify specificities
from your environment and bring adjustments.

I hope this helps,

Best Regards,
Patrick