Fix Readme
Abstract
Upgrading SDI JRE To Java 8.0.8.30
Content
+-----------------------------------------------------+
Interim fix 7.2.0-ISS-SDI-LA003 README
Security Directory Integrator 7.2.0
LA interim fix 33
(All platforms)
JRE Level: IBM Java 8.0.8.30
Date: September 2024
+-----------------------------------------------------+
Interim fix 7.2.0-ISS-SDI-LA003 README
Security Directory Integrator 7.2.0
LA interim fix 33
(All platforms)
JRE Level: IBM Java 8.0.8.30
Date: September 2024
+-----------------------------------------------------+
COPYRIGHT STATEMENT
====================
September 2024
====================
September 2024
References in this publication to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM licensed program product in this publication is not intended to state or imply that only IBM's licensed program product can be used. Any functionally equivalent program might be used. IBM is a trademark of the International Business Machines Corporation. Copyright International Business Machines Corporation 2023. All rights reserved.
Fix For
========
========
APAR - NA
PMR - NA
PMR - NA
General Description:
====================
Upgrading to Java 8 Service Refresh 8 fix pack 30.
Details:
========
Support for Java 8 SR 8 FP30 for Security Directory Integrator.
Prerequisites:
==============
Security Directory Integrator v7.2.0 with or without any fix pack must be installed.
==============
Security Directory Integrator v7.2.0 with or without any fix pack must be installed.
Platforms:
==========
All supported platforms
==========
All supported platforms
Downloading the Fix:
====================
- Under the Download options section, click on the "Change Download options" link.
- Set the "Include prerequisites and co-requisite fixes (you can select the ones you need later)" checkbox to true.
Applying the Fix:
=================
- Shutdown SDI.
=================
- Shutdown SDI.
- Extract the fix package to a temporary directory. The LA contains platform-specific JRE's, copy the .zip or the .tar.gz to respective platforms.
- Extract the .zip /.tar.gz files into a temp directory.
- Backup/rename the existing <SDI_Install_Dir\jvm\jre directory.
- Copy the <temp directory>\<extracted_jvm_dir>\jre directory and content as a subdirectory to the <SDI_Install_Dir>\jvm directory.
- Apply command 'chmod -R 755 jre' for nonwindows platform.
- Refer to the following properties for enabling TLSv1.3 protocols.
# Setting TLSv1.3 as the default protocol in many cases when SDI is the client.
jdk.tls.client.protocols=TLSv1.3,TLSv1.2
# When SDI is the server, for example for the HTTP Server Connector
jdk.tls.server.protocols=TLSv1.3,TLSv1.2
# Setting TLSv1.3 as the default protocol for many cases where SDI creates the SSLContext:
com.ibm.di.SSLProtocols=TLSv1.3,TLSv1.2
# For RMI, there is this property as well:
com.ibm.di.SSLServerProtocols=TLSv1.3,TLSv1.2
# For some WebService connectors and similar components that use HttpsUrlConnection or URL.openStream()
https.protocols=TLSv1.3,TLSv1.2
# For some mail components:
mail.smtp.ssl.protocols=TLSv1.3,TLSv1.2
# For Jetty resources used for built-in SDI Server web traffic.
# e.g.
# https://localhost:1098/dashboard
# https://localhost:1098/sdi
# https://localhost:1098/rest
org.eclipse.equinox.http.jetty.ssl.protocol=TLSv1.3,TLSv1.2
# If any SSL issues occur, the following property can be used to assist in diagnosing the problem. It should be used sparingly and only when SDI is invoked from the command line.
# javax.net.debug=ssl:all
Changes to the Java policy file for the Derby server to start
=================================================
- The Derby server does not start as the new JVM does not grant permissions by default.
=================================================
- The Derby server does not start as the new JVM does not grant permissions by default.
- To resolve, append the following lines to the end of {SDI_Install_dir}\jvm\jre\lib\security\java.policy
Refer to the adjacent link for additional information. http://www-01.ibm.com/support/docview.wss?uid=swg21450475
grant codeBase "file:${derby.system.home}/-" {
permission java.security.AllPermission;
};
Confirming the Fix has been applied successfully:
=================================================
Launch SDI, it should work with the newly applied version of Java.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSXZ8BA","label":"IBM Security Directory Integrator"},"ARM Category":[{"code":"a8m0z0000001hGKAAY","label":"@Readme"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Product Synonym
SDI
Was this topic helpful?
Document Information
Modified date:
17 September 2024
UID
ibm17168664