Account Center Application Upgrades

Notes and Resources

  • All SQL scripts referenced in the process steps can be found in the idm-util GitHub repository.
  • The Fischer support website requires you to log in. Additionally, to download installers from the product releases section of the Fischer website, you must have separate credentials, which can be requested from Fischer. If you need assistance with these accounts, reach out to the IAM team lead.

Process Steps

  1. Download both the Identity and DataForum application installers from the Fischer support website.
  2. Copy the installers to the E:\Fischer_Install_Files directory of both Fischer application servers.
  3. Extract the contents of the installer zip files to their own directories.
  4. Work with ESYS to verify that snaps have been taken of the application server VMs.
  5. Stop Tomcat on both servers.
  6. Work with an ESYS DBA to set a restore point for the Fischer database.
  7. Uncompress all tables in the FISCIDM schema.
    1. As FISCADMIN, run upgrade-generate-uncompress.sql.
    2. Copy and paste the results of that query into a new SQL window, and run the code.
  8. Rebuild all indexes in the FISCIDM schema.
    1. As FISCADMIN, run upgrade-generate-index-rebuild.sql.
    2. Copy and paste the results of that query into a new SQL window, and run the code.
  9. Install the Fischer application.
    1. On the first server, copy E:\Fisher\Provisioning\ext\ojdbc.jar to the ext subdirectory of both identity and provisioning installer directories.
    2. On the first server, run the identity installer (identity-install.bat) as an administrator.
    3. On the first server, run the provisioning installer (prov-install.bat) as an administrator.
    4. Repeat steps 8 through 10 on the second server.
  10. Compress all tables in the FISCIDM schema.
    1. As FISCADMIN, run upgrade-generate-compress.sql.
    2. Copy and paste the results of that query into a new SQL window, and run the code.
  11. Complete post-upgrade steps.
    1. Apply license: run E:\Fischer\IdM\identity\license\applylicense.bat as an administrator. (This only needs to be completed on one of the application servers.)
    2. Apply customizations. (Each of these steps must be completed on both application servers.)
      1. Configure CAS in E:\Fischer\Identity\wars\identity\WEB-INF\web.xml files on both servers. Update the CAS Authentication Filter and CAS Validation Filter sections as show in 'CAS Configuration Detail' below. You will need to update the URLs.
      2. Build the identity WAR file by running E:\Fischer\Identity\wars\war.bat as an administrator.
      3. Copy the identity WAR file (E:\Fischer\Identity\wars\identity.war) to the Tomcat webapps directory (C:\apache-tomcat-8.5.34\webapps).
      4. Copy the provisioning WAR file (E:\Fischer\Provisioning\wars\dataforum.war) to the Tomcat webapps directory (C:\apache-tomcat-8.5.34\webapps).
  12. Verify Tomcat settings.
    1. Verify that the Tomcat service is set to automatic delayed start.
    2. Verify that the user for the Tomcat service is set to CHICO\fischer-iam and that the current password for that service account has been entered.
  13. Start the application.
    1. Start Tomcat on the first application server.
    2. On the Server->HA tab of the Admin UI, verify that both provisioning and identity are running for the first server.
    3. Start Tomcat on the second application server.
    4. On the Server->HA tab of the Admin UI, verify that both provisioning and identity are running for the second server.

CAS Configuration Detail

    <!-- CAS client filters -->
    <filter>
        <filter-name>CAS Authentication Filter</filter-name>
        <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
        <init-param>
            <param-name>casServerLoginUrl</param-name>
            <param-value>https://shibboleth.csuchico.edu/idp/profile/cas/login</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>https://accountcenter.csuchico.edu</param-value>
        </init-param>
    </filter>

    <filter>
        <filter-name>CAS Validation Filter</filter-name>
        <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
        <init-param>
            <param-name>casServerUrlPrefix</param-name>
            <param-value>https://shibboleth.csuchico.edu/idp/profile/cas</param-value>
        </init-param>
        <init-param>
            <param-name>serverName</param-name>
            <param-value>https://accountcenter.csuchico.edu</param-value>
        </init-param>
        <init-param>
            <param-name>redirectAfterValidation</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
Print Article

Details

Article ID: 113948
Created
Tue 6/11/24 1:30 PM
Modified
Tue 6/11/24 1:30 PM