pbianchino Absent Member.
Absent Member.
979 views

UserApp 4.5 upgrade - Is it necessary to import Master Key?

Hi, when we upgrade the UserApplication from 4.0.2 to 4.5 version, the IA installation GUI ask if you want to import the Master Key or create a new one. We know for sure, that for a cluster configuration, it is mandatory to have the same master key in both servers. But, assuming we have only one UserApplication node, it is not clear if we need to import the Master Key from the old UserApplication 4.0.2 server, or you can create a new one during the 4.5 migration.

In the following NetIQ links, we could not find the answer to our question:

- Installing the Identity Applications (Security - Master Key) -> https://www.netiq.com/documentation/idm45/setup_guide/data/bcz3452.html
- Upgrading the Identity Applications -> https://www.netiq.com/documentation/idm45/setup_guide/data/bng0jsq.html

Do you have any idea about it? Maybe if we not import the master key from UA 402, then we could not finish any pending workflow we had after migrating to 4.5.

Thanks in advance,
kind Regards
Labels (1)
0 Likes
13 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: UserApp 4.5 upgrade - Is it necessary to import Master Key?

On 8/2/2017 4:54 PM, pbianchino wrote:
>
> Hi, when we upgrade the UserApplication from 4.0.2 to 4.5 version, the
> IA installation GUI ask if you want to import the Master Key or create a
> new one. We know for sure, that for a cluster configuration, it is
> mandatory to have the same master key in both servers. But, assuming we
> have only one UserApplication node, it is not clear if we need to import
> the Master Key from the old UserApplication 4.0.2 server, or you can
> create a new one during the 4.5 migration.
>
> In the following NetIQ links, we could not find the answer to our
> question:
>
> - Installing the Identity Applications (Security - Master Key) ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bcz3452.html
> - Upgrading the Identity Applications ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bng0jsq.html
>
> Do you have any idea about it? Maybe if we not import the master key
> from UA 402, then we could not finish any pending workflow we had after
> migrating to 4.5.


It should be in /opt/netiq/idm/apps/UserApplication of the like, as a
file with the obvious name of MasterKey or somesuch.

0 Likes
spsivasubramanian Absent Member.
Absent Member.

Re: UserApp 4.5 upgrade - Is it necessary to import Master K

geoffc;2463328 wrote:
On 8/2/2017 4:54 PM, pbianchino wrote:
>
> Hi, when we upgrade the UserApplication from 4.0.2 to 4.5 version, the
> IA installation GUI ask if you want to import the Master Key or create a
> new one. We know for sure, that for a cluster configuration, it is
> mandatory to have the same master key in both servers. But, assuming we
> have only one UserApplication node, it is not clear if we need to import
> the Master Key from the old UserApplication 4.0.2 server, or you can
> create a new one during the 4.5 migration.
>
> In the following NetIQ links, we could not find the answer to our
> question:
>
> - Installing the Identity Applications (Security - Master Key) ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bcz3452.html
> - Upgrading the Identity Applications ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bng0jsq.html
>
> Do you have any idea about it? Maybe if we not import the master key
> from UA 402, then we could not finish any pending workflow we had after
> migrating to 4.5.


It should be in /opt/netiq/idm/apps/UserApplication of the like, as a
file with the obvious name of MasterKey or somesuch.


Dear,

Filename to refer '/opt/netiq/idm/apps/UserApplication/master-key.txt', also you could get master-key from '/opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties => property name is 'com.novell.idm.masterkey'

If it is single server(non-cluster mode); We may select 'No' for 'Would you like to import a master key value' - when prompts, further/in future if we have plan to move cluster based environment that time we could get master.key value from above suggestion/files.
0 Likes
pbianchino Absent Member.
Absent Member.

Re: UserApp 4.5 upgrade - Is it necessary to import Master K

SPSivasubramanian;2463337 wrote:
Dear,

Filename to refer '/opt/netiq/idm/apps/UserApplication/master-key.txt', also you could get master-key from '/opt/netiq/idm/apps/tomcat/conf/ism-configuration.properties => property name is 'com.novell.idm.masterkey'

If it is single server(non-cluster mode); We may select 'No' for 'Would you like to import a master key value' - when prompts, further/in future if we have plan to move cluster based environment that time we could get master.key value from above suggestion/files.


Hi Siva, thanks for your response. However, I still have the doubt if having already an implementation in UA 402 is it necessary to import the actual master key, or we need to create a new one during the upgrade/installation GUI.
0 Likes
pbianchino Absent Member.
Absent Member.

Re: UserApp 4.5 upgrade - Is it necessary to import Master K

geoffc;2463328 wrote:
On 8/2/2017 4:54 PM, pbianchino wrote:
>
> Hi, when we upgrade the UserApplication from 4.0.2 to 4.5 version, the
> IA installation GUI ask if you want to import the Master Key or create a
> new one. We know for sure, that for a cluster configuration, it is
> mandatory to have the same master key in both servers. But, assuming we
> have only one UserApplication node, it is not clear if we need to import
> the Master Key from the old UserApplication 4.0.2 server, or you can
> create a new one during the 4.5 migration.
>
> In the following NetIQ links, we could not find the answer to our
> question:
>
> - Installing the Identity Applications (Security - Master Key) ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bcz3452.html
> - Upgrading the Identity Applications ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bng0jsq.html
>
> Do you have any idea about it? Maybe if we not import the master key
> from UA 402, then we could not finish any pending workflow we had after
> migrating to 4.5.


It should be in /opt/netiq/idm/apps/UserApplication of the like, as a
file with the obvious name of MasterKey or somesuch.


Hi Geoff, thanks for your response but my doubt was not related where is the master key file located. What I'd like to know if having already an implementation in UA 402 is it necessary to import the actual master key, or we need to create a new one during the upgrade/installation GUI. What could happen if we create a new one and not import the existing one on the node?
0 Likes
Knowledge Partner
Knowledge Partner

Re: UserApp 4.5 upgrade - Is it necessary to import Master Key?

> Hi Geoff, thanks for your response but my doubt was not related where is
> the master key file located. What I'd like to know if having already an
> implementation in UA 402 is it necessary to import the actual master
> key, or we need to create a new one during the upgrade/installation GUI.
> What could happen if we create a new one and not import the existing one
> on the node?


If it is an upgrade, you should keep the Master Key the same. I do
think it will affect running workflows in the DB, as the new key would
suggest it is a new instance of UA and might not process. Steve can be
more authoritative on that issue.

Why are you contemplating NOT importing it, if you happen to have it
handy and are keeping the DB? Actually do you get this question on an
upgrade vs a fresh install? Adding an node in a cluster it is critical.
0 Likes
pbianchino Absent Member.
Absent Member.

Re: UserApp 4.5 upgrade - Is it necessary to import Master K

geoffc;2463388 wrote:
> Hi Geoff, thanks for your response but my doubt was not related where is
> the master key file located. What I'd like to know if having already an
> implementation in UA 402 is it necessary to import the actual master
> key, or we need to create a new one during the upgrade/installation GUI.
> What could happen if we create a new one and not import the existing one
> on the node?


If it is an upgrade, you should keep the Master Key the same. I do
think it will affect running workflows in the DB, as the new key would
suggest it is a new instance of UA and might not process. Steve can be
more authoritative on that issue.

Why are you contemplating NOT importing it, if you happen to have it
handy and are keeping the DB? Actually do you get this question on an
upgrade vs a fresh install? Adding an node in a cluster it is critical.


Yes, it is an upgrade from IDM 402 to 45 where we are upgrading the actual Userapplication db. So I suppose we should import the actual master key in the server as you mention. To be more precise, our doubt was if running workflows could be approve or not after upgrading without importing the master key.

It is not that we are contemplating NOT importing it, we just didn't know if importing master key only was relevant for a cluster configuration, or also was necessary in an upgrade scenario.

Thanks!
0 Likes
Knowledge Partner
Knowledge Partner

Re: UserApp 4.5 upgrade - Is it necessary to import Master Key?

On 8/3/2017 10:56 AM, pbianchino wrote:
>
> geoffc;2463388 Wrote:
>>> Hi Geoff, thanks for your response but my doubt was not related where

>> is
>>> the master key file located. What I'd like to know if having already

>> an
>>> implementation in UA 402 is it necessary to import the actual master
>>> key, or we need to create a new one during the upgrade/installation

>> GUI.
>>> What could happen if we create a new one and not import the existing

>> one
>>> on the node?

>>
>> If it is an upgrade, you should keep the Master Key the same. I do
>> think it will affect running workflows in the DB, as the new key would
>> suggest it is a new instance of UA and might not process. Steve can be
>> more authoritative on that issue.
>>
>> Why are you contemplating NOT importing it, if you happen to have it
>> handy and are keeping the DB? Actually do you get this question on an
>> upgrade vs a fresh install? Adding an node in a cluster it is critical.

>
> Yes, it is an upgrade from IDM 402 to 45 where we are upgrading the
> actual Userapplication db. So I suppose we should import the actual
> master key in the server as you mention. To be more precise, our doubt
> was if running workflows could be approve or not after upgrading without
> importing the master key.
>
> It is not that we are contemplating NOT importing it, we just didn't
> know if importing master key only was relevant for a cluster
> configuration, or also was necessary in an upgrade scenario.


There is more than just the key, the name of the instance (not DNS, but
some name in the DB i think) needs to be the same for running PRD's to
process after the upgrade.

Please report back on how the upgrade went. As you may have noticed
some folk have had issues with it.

Check the forum for ideas. (Key is to enable liquibase logging in the DB
update command, and then fix each issue it dies on until it completes).


0 Likes
pbianchino Absent Member.
Absent Member.

Re: UserApp 4.5 upgrade - Is it necessary to import Master K

geoffc;2463413 wrote:
On 8/3/2017 10:56 AM, pbianchino wrote:
>
> geoffc;2463388 Wrote:
>>> Hi Geoff, thanks for your response but my doubt was not related where

>> is
>>> the master key file located. What I'd like to know if having already

>> an
>>> implementation in UA 402 is it necessary to import the actual master
>>> key, or we need to create a new one during the upgrade/installation

>> GUI.
>>> What could happen if we create a new one and not import the existing

>> one
>>> on the node?

>>
>> If it is an upgrade, you should keep the Master Key the same. I do
>> think it will affect running workflows in the DB, as the new key would
>> suggest it is a new instance of UA and might not process. Steve can be
>> more authoritative on that issue.
>>
>> Why are you contemplating NOT importing it, if you happen to have it
>> handy and are keeping the DB? Actually do you get this question on an
>> upgrade vs a fresh install? Adding an node in a cluster it is critical.

>
> Yes, it is an upgrade from IDM 402 to 45 where we are upgrading the
> actual Userapplication db. So I suppose we should import the actual
> master key in the server as you mention. To be more precise, our doubt
> was if running workflows could be approve or not after upgrading without
> importing the master key.
>
> It is not that we are contemplating NOT importing it, we just didn't
> know if importing master key only was relevant for a cluster
> configuration, or also was necessary in an upgrade scenario.


There is more than just the key, the name of the instance (not DNS, but
some name in the DB i think) needs to be the same for running PRD's to
process after the upgrade.

Please report back on how the upgrade went. As you may have noticed
some folk have had issues with it.

Check the forum for ideas. (Key is to enable liquibase logging in the DB
update command, and then fix each issue it dies on until it completes).


Ok Geoff, thanks a lot for your help!
Kind Regards
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: UserApp 4.5 upgrade - Is it necessary to import Master Key?

On 8/2/17 4:54 PM, pbianchino wrote:
>
> Hi, when we upgrade the UserApplication from 4.0.2 to 4.5 version, the
> IA installation GUI ask if you want to import the Master Key or create a
> new one. We know for sure, that for a cluster configuration, it is
> mandatory to have the same master key in both servers. But, assuming we
> have only one UserApplication node, it is not clear if we need to import
> the Master Key from the old UserApplication 4.0.2 server, or you can
> create a new one during the 4.5 migration.
>
> In the following NetIQ links, we could not find the answer to our
> question:
>
> - Installing the Identity Applications (Security - Master Key) ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bcz3452.html
> - Upgrading the Identity Applications ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bng0jsq.html
>
> Do you have any idea about it? Maybe if we not import the master key
> from UA 402, then we could not finish any pending workflow we had after
> migrating to 4.5.
>
> Thanks in advance,
> kind Regards
>
>

Greetings,

1) Was you 4.0.2 set-up Standard Edition or Advanced?

2) With version 4.0.2, were you utilizing the "Identiy Self-Service"
service tab of the User Application?

3) If yes to #2, what pages/portlets were you using?

4) If yes to #2, had to cloned any of the portlets?

5) If yes to #2, did you have any custom written portlets?



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
pbianchino Absent Member.
Absent Member.

Re: UserApp 4.5 upgrade - Is it necessary to import Master K

stevewdj;2463351 wrote:
On 8/2/17 4:54 PM, pbianchino wrote:
>
> Hi, when we upgrade the UserApplication from 4.0.2 to 4.5 version, the
> IA installation GUI ask if you want to import the Master Key or create a
> new one. We know for sure, that for a cluster configuration, it is
> mandatory to have the same master key in both servers. But, assuming we
> have only one UserApplication node, it is not clear if we need to import
> the Master Key from the old UserApplication 4.0.2 server, or you can
> create a new one during the 4.5 migration.
>
> In the following NetIQ links, we could not find the answer to our
> question:
>
> - Installing the Identity Applications (Security - Master Key) ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bcz3452.html
> - Upgrading the Identity Applications ->
> https://www.netiq.com/documentation/idm45/setup_guide/data/bng0jsq.html
>
> Do you have any idea about it? Maybe if we not import the master key
> from UA 402, then we could not finish any pending workflow we had after
> migrating to 4.5.
>
> Thanks in advance,
> kind Regards
>
>

Greetings,

1) Was you 4.0.2 set-up Standard Edition or Advanced?

2) With version 4.0.2, were you utilizing the "Identiy Self-Service"
service tab of the User Application?

3) If yes to #2, what pages/portlets were you using?

4) If yes to #2, had to cloned any of the portlets?

5) If yes to #2, did you have any custom written portlets?



--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus


Hi Steven, thanks for your help. Below you have my responses:

1. It is Advance Edition:
4.0.2.0 AE
RBPM 4.0.2 Parche E Build Revision 41620

2. Yes

3. The following ones:

INFORMATION MANAGEMENT
Roles Model
Roles Search
Organization Chart
My Profile
Directory Search

PASSWORD MANAGEMENT
Password Challenge Response
Password Hint Change
Change Password
Password Policy Status
Password Sync Status

DIRECTORY MANAGEMENT
Alta de Unidad de Negocio
Alta de Formato/Dirección
Alta de Punto Operacional
Alta de Sector
Alta de Tipo de Puesto
Create User or Group
ver Tipos de Puestos
Alta de Puesto
Alta de Perfil
Gestionar Perfiles por Puesto
Listado Usuarios
Listado Usuarios-Puestos
Listado Puestos
Listado Puestos-Perfiles

4. No

5. Yes
0 Likes
pbianchino Absent Member.
Absent Member.

Re: UserApp 4.5 upgrade - Is it necessary to import Master K

pbianchino;2463378 wrote:
Hi Steven, thanks for your help. Below you have my responses:

1. It is Advance Edition:
4.0.2.0 AE
RBPM 4.0.2 Parche E Build Revision 41620

2. Yes

3. The following ones:

INFORMATION MANAGEMENT
Roles Model
Roles Search
Organization Chart
My Profile
Directory Search

PASSWORD MANAGEMENT
Password Challenge Response
Password Hint Change
Change Password
Password Policy Status
Password Sync Status

DIRECTORY MANAGEMENT
Alta de Unidad de Negocio
Alta de Formato/Dirección
Alta de Punto Operacional
Alta de Sector
Alta de Tipo de Puesto
Create User or Group
ver Tipos de Puestos
Alta de Puesto
Alta de Perfil
Gestionar Perfiles por Puesto
Listado Usuarios
Listado Usuarios-Puestos
Listado Puestos
Listado Puestos-Perfiles

4. No

5. Yes


Sorry, in order to clarify, when I say yes to custom porlet (point 5), I mean we register a new one from DetailPortlet definition
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: UserApp 4.5 upgrade - Is it necessary to import Master Key?

On 8/3/17 10:54 AM, pbianchino wrote:
>
> pbianchino;2463378 Wrote:
>> Hi Steven, thanks for your help. Below you have my responses:
>>
>> 1. It is Advance Edition:
>> 4.0.2.0 AE
>> RBPM 4.0.2 Parche E Build Revision 41620
>>
>> 2. Yes
>>
>> 3. The following ones:
>>
>> INFORMATION MANAGEMENT
>> Roles Model
>> Roles Search
>> Organization Chart
>> My Profile
>> Directory Search
>>
>> PASSWORD MANAGEMENT
>> Password Challenge Response
>> Password Hint Change
>> Change Password
>> Password Policy Status
>> Password Sync Status
>>
>> DIRECTORY MANAGEMENT
>> Alta de Unidad de Negocio
>> Alta de Formato/Direcci�n
>> Alta de Punto Operacional
>> Alta de Sector
>> Alta de Tipo de Puesto
>> Create User or Group
>> ver Tipos de Puestos
>> Alta de Puesto
>> Alta de Perfil
>> Gestionar Perfiles por Puesto
>> Listado Usuarios
>> Listado Usuarios-Puestos
>> Listado Puestos
>> Listado Puestos-Perfiles
>>
>> 4. No
>>
>> 5. Yes

>
> Sorry, in order to clarify, when I say yes to custom porlet (point 5), I
> mean we register a new one from DetailPortlet definition
>
>

Greetings,

A) Since you are fully upgrading (meaning that you are keeping the db)
you will need to use the same masterkey. Especially since you are using
portlets.

B) Keep in mind that after the upgrade to 4.5 all of the "Password Self
Service" pages will be hidden to your users by default. This was done
by design. The company is moving to SSPR for Password Self Service as
compared to the Password Self Service within User App. The pages are
still there, just hidden. If you are not ready to fully move over to
SSPR you can enable the pages. You will also need to change the setting
in configupdate to select the User App for Forgot Password instead of SSPR.


You will be able to show the pages again

1) Login as the Admin and to to Administration -> Page Admin -> select
the page in question (like Password Management -> Change Password)

2.a) Press the Assign Permissions button (new pop-up window will appear)
2.b) Uncheck the checkbox next to "View Permission Set to Admin Only"
2.c) Press Save

**Note, if you have previously set different ACLs on the page they
should listed on the right hand side.

3) Repeat as necessary.


All of this should be in the 4.5 docs

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
pbianchino Absent Member.
Absent Member.

Re: UserApp 4.5 upgrade - Is it necessary to import Master K

stevewdj;2463425 wrote:
On 8/3/17 10:54 AM, pbianchino wrote:
>
> pbianchino;2463378 Wrote:
>> Hi Steven, thanks for your help. Below you have my responses:
>>
>> 1. It is Advance Edition:
>> 4.0.2.0 AE
>> RBPM 4.0.2 Parche E Build Revision 41620
>>
>> 2. Yes
>>
>> 3. The following ones:
>>
>> INFORMATION MANAGEMENT
>> Roles Model
>> Roles Search
>> Organization Chart
>> My Profile
>> Directory Search
>>
>> PASSWORD MANAGEMENT
>> Password Challenge Response
>> Password Hint Change
>> Change Password
>> Password Policy Status
>> Password Sync Status
>>
>> DIRECTORY MANAGEMENT
>> Alta de Unidad de Negocio
>> Alta de Formato/Direcci�n
>> Alta de Punto Operacional
>> Alta de Sector
>> Alta de Tipo de Puesto
>> Create User or Group
>> ver Tipos de Puestos
>> Alta de Puesto
>> Alta de Perfil
>> Gestionar Perfiles por Puesto
>> Listado Usuarios
>> Listado Usuarios-Puestos
>> Listado Puestos
>> Listado Puestos-Perfiles
>>
>> 4. No
>>
>> 5. Yes

>
> Sorry, in order to clarify, when I say yes to custom porlet (point 5), I
> mean we register a new one from DetailPortlet definition
>
>

Greetings,

A) Since you are fully upgrading (meaning that you are keeping the db)
you will need to use the same masterkey. Especially since you are using
portlets.

B) Keep in mind that after the upgrade to 4.5 all of the "Password Self
Service" pages will be hidden to your users by default. This was done
by design. The company is moving to SSPR for Password Self Service as
compared to the Password Self Service within User App. The pages are
still there, just hidden. If you are not ready to fully move over to
SSPR you can enable the pages. You will also need to change the setting
in configupdate to select the User App for Forgot Password instead of SSPR.


You will be able to show the pages again

1) Login as the Admin and to to Administration -> Page Admin -> select
the page in question (like Password Management -> Change Password)

2.a) Press the Assign Permissions button (new pop-up window will appear)
2.b) Uncheck the checkbox next to "View Permission Set to Admin Only"
2.c) Press Save

**Note, if you have previously set different ACLs on the page they
should listed on the right hand side.

3) Repeat as necessary.


All of this should be in the 4.5 docs

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus


Great Steven, Thank you very much for your help!
We'll do some testing and let you know any news.
Best regards
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.