Install an Upgraded Version of Apache Tomcat

The IdentityIQ Cloud Gateway enables IdentityIQ to securely connect to and remotely manage applications located on a different IP zone than IdentityIQ. The Cloud Gateway application is shipped with IdentityIQ version 7.1 which is bundled with Apache Tomcat version 7.0.32 which may have security vulnerabilities. So, SailPoint recommends that you update Apache Tomcat as soon as possible to take advantage of the latest security enhancements.

Note
Cloud Gateway patches should be applied if you install an IIQ patch upgrade such as IIQ 8.4.2. Cloud Gateway patches for IIQ upgrades to a major release, such as IIQ 8.4.0, are not required.

Caution
IdentityIQ supports most major versions of Apache Tomcat, minor versions may not have been tested.

When upgrading to the latest version of IdentityIQ and for IdentityIQ Cloud Gateway to work with the latest supported versions of Apache Tomcat, perform the following steps:

  1. Unzip and extract the required new version of Apache Tomcat in a directory (for example, \tmp).

  2. Copy the CloudGateway directory from your currently installed version of IdentityIQ Cloud Gateway. The directory can be found in pathOfCloudGateway\apache-tomcat64-X.X.XX\webapps. Paste the directory in the following location:

    \tmp\apache-tomcat-Y.Y.YY\webapps

    In the above step:

    • tmp – Directory where the new version of Apache Tomcat is extracted

    • pathOfCloudGateway – Directory of the previous version of IdentityIQ Cloud Gateway with Apache Tomcat version 7.0.32

    • X.X.XX – Existing version of Apache Tomcat

    • Y.Y.YY – New version of Apache Tomcat

  3. Copy the keystore directory from the previously installed version of IdentityIQ Cloud Gateway. The directory can be found in pathOfCloudGateway\apache-tomcat64-X.X.XX\. Paste the directory to the following location:

    \tmp\apache-tomcat-Y.Y.YY\

  4. Server configurations – Set up the HTTPS communication. To do so, perform the following changes in the server.xml file located in the \tmp\apachex.x\apache-tomcat-Y.Y.YY\conf directory.

    1. In the Connector Port configuration section, add the following entry highlighted in bold:

      <Connector port="4443" protocol="org.apache.coyote.http11.Http11NioProtocol"

      maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

      keystoreFile="keystore/mykeystore.keystore" keystorePass="trustno1"

      clientAuth="false" sslProtocol="TLS" />