OpenEdge Authentication Gateway instances created in OpenEdge 11.6.x or 11.7.x are not compatible with OpenEdge 12.

To upgrade your Authentication Gateway instance configuration from 11.7.x to Release 12, complete the following steps:
  1. Back up the instance to save your 11.7.x configuration.
  2. Create a new Authentication Gateway server instance during the OpenEdge 12 installation process.
  3. Upgrade the 11.7.x configuration from the backup to the new Version 12 instance:
    1. Configure the HTTPS port (the procedure is unchanged from 11.7.x).
    2. Copy the tomcat-keystore.p12 file, which has the server instance’s TLS private key and server certificate, to the Version 12 instance (/oeauthserver/conf).
    3. Merge any HTTPS keystore and password configuration.
    4. Merge any configuration changes made to the conf/openedge.properties file from the 11.7.x instance using your preferred merge tool.
    5. Copy the tomcat-users.xml file from the 11.7.x instance to the Version 12 instance (/oeauthserver/conf).
    6. Copy any .r ABL application files from the 11.7.x instance (OERealm, Policy, and Event handlers) to the Version 12 instance.
    7. Copy the OpenEdge domains configuration file (domains.json) from the 11.7.x instance to the Version 12 instance (/oeauthserver/webapps/ROOT/WEB-INF/config directory).
    8. Copy the users.properties file from the 11.7.x instance to the Version 12 instance (/oeauthserver/webapps/ROOT/WEB-INF/config directory).
    9. Create a new domain registry keystore file (domains.keystore) from the 11.7.x instance’s domainsks.csv file using the gendomreg utility, and add the new domains.keystore file to the /oeauthserver/webapps/ROOT/WEB-INF/config directory in the Version 12 instance.
    10. Merge the 11.7.x instance sts.properties configuration file with the Version 12 instance sts.properties file using your preferred merge tool.
  4. If you have Security Token Service (STS) key security enabled for your 11.7.x instance, then:
    1. Create a new Version 12 STS server key file using the same -url parameter as was used to generate the 11.7.x server-key file. Store the new STS server key file in the location that is specified as the value of the sts.server.keyfile property in the sts.properties file.
    2. Install a new STS client key file on the local server using the stskeyutil tool.
    3. Test the STS server key access using the stskeyutil tool.
  5. Start the Version 12 instance, and then test access to the instance OpenEdge domain configurations using the stsclientutil tool.
  6. If you have enabled STS key security for your Authentication Gateway, then:
    1. Install a new STS client key in all OpenEdge 12 client installations that replaced the 11.7.x installations.
    2. Test the client key access using the stsclientutil tool.
  7. Test the Version 12 PAS for OpenEdge and OpenEdge database connections that are configured to use the Authentication Gateway.