Applying Connect Portal patch

Owned by Akash Kumar Jaiswal (Unlicensed)
Last updated: Aug 18, 2020Version comment

This section lists the prerequisites and steps for applying and verifying this patch.

Though every release of Adeptia comes with seamless upgrades and bug-free patches, for customer's complex use cases, we recommend applying the patch in a non-production environment first followed by testing. After the use cases run successfully without any errors or warnings, you can apply the patch in the production environment. 

Prerequisites

  • Read and Write permissions on all sub-folders and files of .../AdeptiaConnect-<Version>
  • Take backup of launcher.properties file from …<ConnectPoratlInstallFolder>\conf location. This backup file will help you replicate the manual changes in case you have done earlier in the launcher.properties file before applying this patch.  
  • Take backup of server.xml file from …<ConnectPortalInstallFolder>\conf location. This backup file will help you replicate the manual changes in case you have done earlier in the server.xml file before applying this patch.  
  • Take backup of securityContext.xml file from …<ConnectPortalInstallFolder>\resources_config\saml location. This backup file will help you replicate the manual changes in case you have done earlier in the securityContext.xml file before applying this patch.  
  • Take backup of apps.properties file from …<ConnectPortalInstallFolder>\resources_config location. This backup file will help you replicate the manual changes in case you have done earlier in the apps.properties file before applying this patch.  
  • Connect Server services are running.
  • Connect Portal service is stopped.

Applying the patch

 For Windows
  1. Extract the Adeptia Connect zip file from the downloaded folder.
  2. Open the Command Prompt.
  3. Go to the folder where you have extracted the zip file.
  4. Run the following command to apply the patch:
    Apply-Patch.bat -portal “<Path where Connect Portal is installed till ConnectPortal folder>” 

    For example:

    Apply-Patch.bat -portal  "C:/Program Files/AdeptiaConnect-x.x/ConnectPortal"
     
    Once the patch is applied, a confirmation message will be displayed. 
 For Linux
  1. Open the Terminal.
  2. Extract the downloaded zip file in a directory.
  3. Go to the directory where you have extracted the zip file.

  4. Run the following command to apply the patch:

    ./Apply-Patch.sh -portal <Path where Connect Portal is installed till ConnectPortal folder> 

    For example:

    ./Apply-Patch.sh -portal /mnt/AdeptiaConnect-x.x/ConnectPortal

    Once the patch is applied, a confirmation message will be displayed.

After applying this patch, refer to post patch deployment section for manual changes.

Post patch deployment steps

In this release, some manual changes are required in Connect Portal.

Changes in launcher.properties file

  1. Go to …<ConnectPoratlInstallFolder>\conf location.
  2. Open launcher.properties file.
  3. Do the same manual changes in the file that you have done in your previous launcher.properties file (that you had saved as a backup). For example, you may need to update the JVM settings as they are there in the backup file.
  4. Save the file.

Changes in server.xml file

  1. Go to …<ConnectPortalInstallFolder>\conf location.
  2. Open server.xml filand do the following changes:
    1. Add parameter secretRequired="false" in Connector tag for AJP.



    2. Expand the section below to copy the "ciphers" parameters with its values and paste it just after the "server="Adeptia" xpoweredby="false" clientauth="true" text in the <Connector> tag of  server.xml file.

      ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
			TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
			TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
			TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
			TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
			TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
			TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
			TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
			TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
			TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
			TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
			TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
			TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
			TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
			TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
			TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
			TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
			TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
			TLS_ECDH_RSA_WITH_RC4_128_SHA,
			TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
			TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
			TLS_RSA_WITH_AES_256_GCM_SHA384,
			TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
			TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
			TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
			TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			TLS_RSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
			TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
			TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
			TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
			TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
			TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
			TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
			TLS_EMPTY_RENEGOTIATION_INFO_SCSVF"


    3. Expand the section below to copy the code and paste it just after the last </Service> tag in the server.xml file.

      <Service name="SoapService">
	
			<!-- 
			<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000"
			redirectPort="443" compression="on" noCompressionUserAgents="gozilla, 
			traviata" compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json" 
			useSendfile="false" server="Adeptia" xpoweredby="false" />
			 -->
			
			<!-- 
			<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="5000" 
			scheme="https" secure="true" compressionMinSize="128" connectionTimeout="20000" 
			maxConnections="10000" clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" keystoreFile="./keystore/adeptiaBPM.keystore" 
			keystoreType="JKS" keystorePass="password" compression="on" noCompressionUserAgents="gozilla, 
			traviata" compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json" 
			useSendfile="false" server="Adeptia" xpoweredby="false" />
			-->
			
			<Engine defaultHost="localhost" name="soapwebapps">
			
				<Realm className="org.apache.catalina.realm.LockOutRealm">
					<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
				</Realm>
				
				<Host appBase="soapwebapps/wars" autoDeploy="true" name="localhost" unpackWARs="true">
					<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log" suffix=".txt"/>
					<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
				</Host>
				
			</Engine>
	</Service>
	
	  <Service name="RestService">
	
			<!-- 
			<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000"
			redirectPort="443" compression="on" noCompressionUserAgents="gozilla, 
			traviata" compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json" 
			useSendfile="false" server="Adeptia" xpoweredby="false" />
			-->
			
			<!-- 
			<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="5000" 
			scheme="https" secure="true" compressionMinSize="128" connectionTimeout="20000" 
			maxConnections="10000" clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" keystoreFile="./keystore/adeptiaBPM.keystore" 
			keystoreType="JKS" keystorePass="password" compression="on" noCompressionUserAgents="gozilla, 
			traviata" compressableMimeType="text/html,text/xml,text/css,application/javascript,application/json" 
			useSendfile="false" server="Adeptia" xpoweredby="false" />
			-->
			
			<Engine defaultHost="localhost" name="restwebapps">
			
				<Realm className="org.apache.catalina.realm.LockOutRealm">
					<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
				</Realm>
				
				<Host appBase="restwebapps/wars" autoDeploy="true" name="localhost" unpackWARs="true">
					<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log" suffix=".txt"/>
					<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false"/>
				</Host>
				
			</Engine>
	</Service>
  3. Save the file.

Changes in securityContext.xml file

  1. Go to the downloaded Adeptia Connect zip folder and rename the securityContext.xml_Portal file to securityContext.xml.
  2. Copy the renamed securityContext.xml file.
  3. Replace the existing file with the copied file at the following location: …<ConnectPortalInstallFolder>\resources_config\saml.
  4. In case you are using SAML authentication, open the updated securityContext.xml file and do the following changes:

    1. Uncomment the following property:

      <!-- <property name="entityBaseURL" value="http://localhost:8080/adeptia"/> -->
    2. Update the URL as required. Where localhost is the IP address and port of the Connect Portal.
    3. Uncomment the idp.xml property:



    4. If you are using Adeptia Connect with load balancer, follow these steps:
      • Remove or comment out the existing contextProvider bean
        <bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderImpl"/>
      • Add the below contextProvider bean
        <bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderLB">
         <property name="scheme" value="http"/>
         <property name="serverName" value="www.myserver.com"/>
         <property name="serverPort" value="8080"/>
         <property name="includeServerPortInRequestURL" value="false"/>
         <property name="contextPath" value="/adeptia"/>
        </bean>

      This table explains the each property of contextProvider bean:

      schemeName of the scheme (http or https).
      serverNameName of the server.
      serverPortPort number of the server.
      includeServerPortInRequestURLTo include server port number in the URL or not. It must be false.
      contextPathPrefix of a URL path used to select the context(s) to which an incoming request is passed. A URL is in the format: http://hostname.com/contextPath/, where each of the path elements can be zero or more separated elements. It must be /adeptia.

      Property Name

      Description

      It will look like:

      <bean id="contextProvider" class="org.springframework.security.saml.context.SAMLContextProviderLB">
       <property name="scheme" value="http"/>
       <property name="serverName" value="www.myserver.com"/>
       <property name="serverPort" value="8080"/>
       <property name="includeServerPortInRequestURL" value="false"/>
       <property name="contextPath" value="/adeptia"/>
      </bean>
    5. If there were any other changes in the old file, you have to do the same changes manually in the replaced securityContext.xml file.
    6. Save the file.

  5. Restart the Connect Portal.

Changes in apps.properties file

  1. Go to …<ConnectPortalInstallFolder>\resources_config location.
  2. Open apps.properties file.

  3. Replace the details for Microsoft SharePoint by the details given below:

    microsoftsharepoint.oauthVersion=2.0
microsoftsharepoint.oauth20.authorize={baseUrl}/_layouts/15/OAuthAuthorize.aspx
microsoftsharepoint.oauth20.accessToken=https://accounts.accesscontrol.windows.net/{realmId}/tokens/OAuth/2
microsoftsharepoint.scope=Site.Manage List.Manage Web.Manage Web.Write AllSites.Manage AllProfiles.Manage
microsoftsharepoint.AccessTokenValueMap=resource$00000003-0000-0ff1-ce00-000000000000/{domain}.sharepoint.com@{realmId}
  4. Save the file.

Once the post installation steps are done, start the Connect Portal.

Verifying Connect Portal patch

Login to Adeptia Connect. If you log in successfully, indicates Connect Portal is updated successfully.