Upgrade Web Agent
-
Read the Release Notes for information about changes in Web Agent.
-
Back up the directories for the agent installation, and the web server configuration:
-
$ cp -r /path/to/web_agents/apache24_agent /path/to/backup $ cp -r /path/to/apache/httpd/conf /path/to/backup
-
In centralized configuration mode, back up as described in AM’s Maintenance Guide.
-
-
Redirect client traffic away from the protected website.
-
Stop the web server where the agent is installed.
-
Remove the old Web Agent, as described in Remove Web Agent.
-
Install the new agent, as described in Install Web Agent.
In local configuration mode, provide the
agent.conf
andOpenSSOAgentBootstrap.properties
files, containing properties for the agent version. -
Review the agent configuration:
-
In local configuration mode, use the backed-up copy of
agent.conf
file for guidance, the agent’s Release Notes, and AM’s Release Notes to check for changes. Update the file manually to include properties for your environment.To prevent errors, make sure that the agent.conf
file contains all required properties. For a list of required properties, see Configuration Location. -
In centralized configuration mode, review the agent’s Release Notes and AM’s Release Notes to check for changes. If necessary, change the agent configuration using the AM console.
-
-
If you provided the
agent.conf
orOpenSSOAgentBootstrap.properties
files to the installer, and you are upgrading from an agent version earlier than 4.1.0 hotfix 23, re-encrypt the password specified in the Agent Profile Password:-
Obtain the encryption key from the bootstrap property Agent Profile Password Encryption Key in the new
agent.conf
file. -
(Unix only) Store the agent profile password in a file; for example,
newpassword.file
. Obtain the encryption key from the -
Encrypt the agent profile password with the encryption key by running the agentadmin Command with the
--p
option. -
Set the encrypted password as the value of the Agent Profile Password property in the new
agent.conf
file.
-
-
(NGINX Plus and Unix Apache agents only) Configure shared runtime resources and shared memory. For more information, see Configure Shared Runtime Resources and Memory.
-
Ensure the communication between AM and the web agent is secured with the appropriate keys. For more information, see Configuring AM to Sign Authentication Information.
-
Start the web server where the agent is installed.
Web Agent 5 changed the default size of the agent session and policy cache from 1 GB to 16 MB. In the unlikely case that an old Apache agent could not release the shared memory, the new Apache agent may not start. For more information, see Troubleshooting. -
Validate that the agent is performing as expected.
For example, go to a protected page on the website and confirm whether you can access it according to your configuration.
To troubleshoot your environment, run the agentadmin command with the --V
option. -
Allow client traffic to flow to the protected website.