All protocols, ciphers, and filter configurations in all components are made highly secure by default in Access Manager 4.3 and later. If your Access Manager setup is configured with less secure settings, upgrading it to 4.3 or later may result in communications issues. The following are few example scenarios when you may need to restore your previous security settings:
When browsers do not support TLS1.1 or TLS1.2 protocol or secure ciphers suites.
When third-party service provider does not support TLS1.1 or TLS1.2 protocol or secure cipher suites along with the following configuration:
A SAML or Liberty federation with artifact binding between Access Manager and third-party service provider.
WS-Trust federation between Access Manager and third-party service provider.
When OAuth clients or OAuth resource servers do not support TLS1.1 or TLS1.2 protocol or secure cipher suites.
When you upgrade Access Manager, the upgrade script backs up the following files to enable you restoring the previous configuration:
Administration Console: tomcat8.conf, server.xml, web.xml
Identity Server: tomcat.conf, server.xml, web.xml
Access Gateway:web.xml, httpd.conf, NovellAgSettings.conf, tomcat.conf, sever.xml
The backup files are located in /root/nambkup (separate folders for Administration Console, Identity Server, and Access Gateway).
NOTE:Compare each upgraded configuration file with the corresponding backup file. If the backup file includes the similar configuration as it is in the upgraded file, you do not need to make any changes.