This issue occurs in a dual identity server cluster configuration. After upgrading Access Manager, X509 authentication fails because the context.xml file gets overwritten and some configurations get deleted.
To workaround this issue, perform the following steps:
Before upgrading Access Manager, back up the context.xml file if you have customized it.
After upgrading Access Manager, add the customized content to the upgraded file and uncomment the following lines in the context.xml file:
<!-- Force use the old Cookie processor (because this new tomcat version uses RFC6265 Cookie Specification) --><!-- <CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" /> --> </Context>
For more information about how to modify a file, see Modifying Configurations
in the NetIQ Access Manager 5.0 Administration Guide.