Upgrade Web Agent

  1. Read the Release Notes for information about changes in Web Agent.

  2. Back up the directories for the agent installation, and the web server configuration:

  3. Redirect client traffic away from the protected website.

  4. Stop the web server where the agent is installed.

  5. Remove the old Web Agent, as described in Remove Web Agent.

  6. Install the new agent, as described in Install Web Agent.

    In local configuration mode, provide the agent.conf and OpenSSOAgentBootstrap.properties files, containing properties for the agent version.

  7. Review the agent configuration:

  8. If you provided the agent.conf or OpenSSOAgentBootstrap.properties files to the installer, and you are upgrading from an agent version earlier than 4.1.0 hotfix 23, re-encrypt the password specified in the Agent Profile Password:

    1. Obtain the encryption key from the bootstrap property Agent Profile Password Encryption Key in the new agent.conf file.

    2. (Unix only) Store the agent profile password in a file; for example, newpassword.file. Obtain the encryption key from the

    3. Encrypt the agent profile password with the encryption key by running the agentadmin Command with the --p option.

      • Unix

      • Windows

      $ ./agentadmin --p "YWM0OThlMTQtMzMxOS05Nw==" “cat newpassword.file”
      Encrypted password value: 07bJOSeM/G8ydO4=
      $ agentadmin.exe --p "YWM0OThlMTQtMzMxOS05Nw==" "newpassword"
      Encrypted password value: 07bJOSeM/G8ydO4=
    4. Set the encrypted password as the value of the Agent Profile Password property in the new agent.conf file.

  9. (NGINX Plus and Unix Apache agents only) Configure shared runtime resources and shared memory. For more information, see Configure Shared Runtime Resources and Memory.

  10. Ensure the communication between AM and the web agent is secured with the appropriate keys. For more information, see Configuring AM to Sign Authentication Information.

  11. Start the web server where the agent is installed.

    Web Agent 5 changed the default size of the agent session and policy cache from 1 GB to 16 MB. In the unlikely case that an old Apache agent could not release the shared memory, the new Apache agent may not start. For more information, see Troubleshooting.
  12. Validate that the agent is performing as expected.

    For example, go to a protected page on the website and confirm whether you can access it according to your configuration.

    To troubleshoot your environment, run the agentadmin command with the --V option.
  13. Allow client traffic to flow to the protected website.