The Symantec Siteminder Administrative UI bundles the following versions of JAVA JRE:

r12.8.6/6a: AdoptOpenJDK 1.8.0_302-b08
r12.8.7:      AdoptOpenJDK 1.8.0_322-b06
r12.8.8:      AdoptOpenJDK 1.8.0_322-b06
r12.8.8.1:   AdoptOpenJDK 1.8.0_362-b09

The Siteminder AdminUI uses InstallAnywhere for installation. 

InstallAnywhere uses Oracle Java JRE 1.8.0_51-b16. 

PRODUCT: Siteminder

Release : 12.8.6 and higher

Component : Admin UI

OS: ANY

Analyzing the file system of a Siteminder AdminUI installation, will find 3 instances of 'JAVA.exe' in different paths:

=============================

Version of JAVA used by InstallAnywhere.

<Install_Dir>\SiteMinder\adminui\install_config_info\install_config_jre\bin\JAVA.exe

Oracle Java JRE 1.8.0_51-b16. 

---------------------------

Version of JAVA used by the Siteminder AdminUI

<Install_Dir>\SiteMinder\adminui\runtime\bin\JAVA.exe

<Install_Dir>\SiteMinder\adminui\runtime\jre\bin\JAVA.exe

AdoptOpenJDK 1.8.0_xxx-bxx

=============================

Note that the installer uses Oracle JAVA JRE, while the Siteminder AdminUI is bundled with AdoptOpenJDK JRE.

If a vulnerability has been published for a version equal to or higher than what is installed, you may want to upgrade the version of JAVA installed. 

How to Update JAVA on the Siteminder Administrative UI.

1) Download Oracle Java SE Runtime Environment (JRE) 1.8.x (8uxxx) from Oracle. (Download the 'Compressed Archive' version)

Downloads: https://www.oracle.com/java/technologies/javase/javase8u211-later-archive-downloads.html

example:

Windows: jre-8uxxx-windows-x64.tar.gz
Linux:       jre-8uxxx-linux-x64.tar.gz

NOTE: Must be Oracle Java SE Runtime Environment (JRE) 1.8.x (8uxxx) from Oracle

2) Download AdoptOpenJDK JRE 1.8.x (jdk8uxxx-bxx) from Adoptium. (Download the JRE Binary)

Downloads: https://adoptium.net/temurin/archive/?version=8

example:

Windows: OpenJDK8U-jre_x64_windows_hotspot_8uxxxbxx.zip
Linux:       OpenJDK8U-jre_x64_linux_hotspot_8uxxxbxx.tar.gz

NOTE: Must be AdoptOpenJDK JRE 1.8.x (jdk8uxxx-bxx) from Adoptium

3) Copy both the Oracle JAVA and AdoptOpenJDK packages to the Siteminder AdminUI Host

4) Decompress both the Oracle JAVA and AdoptOpenJDK packages to their own directories.

5) Back-up the following directories:

<Install_Dir>\SiteMinder\adminui\install_config_info\install_config_jre\bin\
<Install_Dir>\SiteMinder\adminui\install_config_info\install_config_jre\lib\

<Install_Dir>\SiteMinder\adminui\runtime\bin\
<Install_Dir>\SiteMinder\adminui\runtime\lib\

<Install_Dir>\SiteMinder\adminui\runtime\jre\bin\
<Install_Dir>\SiteMinder\adminui\runtime\jre\lib\

EXAMPLE:

cp -r /<Install_Dir>/SiteMinder/adminui/install_config_info/install_config_jre/bin /<Install_Dir>/SiteMinder/adminui/install_config_info/install_config_jre/bin-BAK

Update the JAVA for Install Anywhere (JBOSS Wildfly)

1) Stop the Siteminder AdminUI server

2) Copy the binary files from the new Oracle JRE binaries to the Siteminder AdminUI installer

Source: <install_Dir>/jre-8uxxx-linux-x64/jre1.8.0_xxx/bin/*

Destination: <Install_Dir>/SiteMinder/adminui/install_config_info/install_config_jre/bin/

3) Copy the library files from the new Oracle JRE binaries to the Siteminder AdminUI installer

Source: <install_Dir>/jre-8uxxx-linux-x64/jre1.8.0_xxx/lib/*

Destination: <Install_Dir>/SiteMinder/adminui/install_config_info/install_config_jre/lib/

NOTE: DOT NOT replace the /bin and /lib directories. Copy the FILES from the source directories to the target directories.

example:

cp -rf <install_Dir>/jre-8uxxx-linux-x64/jre1.8.0_xxx/bin/* <Install_Dir>/SiteMinder/adminui/install_config_info/install_config_jre/bin/

4) Start the Siteminder AdminUI serer

5) Deleted the backed-up directories

<Install_Dir>\SiteMinder\adminui\install_config_info\install_config_jre\bin-BAK
<Install_Dir>\SiteMinder\adminui\install_config_info\install_config_jre\lib-BAK

Update the JAVA for the Siteminder AdminUI

OPTION #1  Replace the Binaries

1) Stop the Siteminder AdminUI server

2) Copy the binary files from the new AdoptOpenJDK binaries to the Siteminder AdminUI

Source: <install_Dir>/OpenJDK8U-jre_x64_linux_hotspot_8uxxxbxx-jre/bin/*

Destinations: <Install_Dir>/SiteMinder/adminui/runtime/bin/
                      <Install_Dir>/SiteMinder/adminui/runtime/jre/bin/

3) Copy the library files from the new AdoptOpenJDK binaries to the Siteminder AdminUI

Source: <install_Dir>/OpenJDK8U-jre_x64_linux_hotspot_8uxxxbxx-jre/lib/*

Destinations: <Install_Dir>/SiteMinder/adminui/runtime/lib/
                      <Install_Dir>/SiteMinder/adminui/runtime/jre/lib/

NOTE: DOT NOT replace the /bin and /lib directories. Copy the FILES from the source directories to the target directories.

example:

cp -rf <install_Dir>/OpenJDK8U-jre_x64_linux_hotspot_8uxxxbxx-jre/bin/* <Install_Dir>/SiteMinder/adminui/runtime/bin/

4) Start the Siteminder AdminUI

5) Test functionality to verify upgrade was successful

6) Delete the backed-up directories

<Install_Dir>\SiteMinder\adminui\runtime\bin-BAK
<Install_Dir>\SiteMinder\adminui\runtime\lib-BAK

<Install_Dir>\SiteMinder\adminui\runtime\jre\bin-BAK
<Install_Dir>\SiteMinder\adminui\runtime\jre\lib-BAK

OPTION #2:  Redirect to Update Binaries

1) Stop the Siteminder AdminUI

2) Install an upgraded version of the AdoptOpenJDK 1.8.x.

3) Edit the 'standalone.sh' script to point the 'JAVA_HOME' environment variable to the new AdoptOpenJDK instance

<Install_Dir>/SiteMinder/adminui/bin/standalone.sh

JAVA_HOME="<install_Dir>/OpenJDK8U-jre_x64_linux_hotspot_8uxxxbxx-jre"

4) Start the Siteminder AdminUI

5) Test functionality to verify upgrade was successful

6) Delete the backed-up directories

<Install_Dir>\SiteMinder\adminui\runtime\bin-BAK
<Install_Dir>\SiteMinder\adminui\runtime\lib-BAK

<Install_Dir>\SiteMinder\adminui\runtime\jre\bin-BAK
<Install_Dir>\SiteMinder\adminui\runtime\jre\lib-BAK

AdminUI R12.8.x does not work with Oracle JAVA  11 or AdoptOpenJDK 11.

NOTE: Upgrading the JAVA JDK is done at one's own risk.  Each version is not validated by the Siteminder QA team.  Customer's should implement a detailed upgrade plan, along with adequate testing and a rollback plan.  It is advisable to implement and test in a lower environment rather than testing in PRD.