How can we update the embedded JDK version that is available in the CA SSO admin UI to a version equal to or greater than 1.8.0_3xx?

Siteminder Version 12.08.03

Admin Version 12.08.03.2138

Release : 12.8

Component : SITEMINDER WAM UI

Improve 3rd party JDK version vulnerability and performance.

The specific version of Admin Version 12.08.03.2138, is pre-shipped with ./adminui/runtime/bin/java (AdoptOpenJDK 1.8.0_212-b04)

According to the support matrix, one can only use AdoptOpenJDK 1.8.212 (or later updates on 1.8.x) 64 bit, so do not attempt JDK 11 or later version.

If already obtained JDK 1.8.0_3xx, then follow these steps.

~siteminder/adminui/bin/standalone.sh (standalone.bat on Windows) has JAVA_HOME location.

~/CA/siteminder/adminui/runtime is where default AdoptOpenJDK 1.8.212 deployed.

One can either edit JAVA_HOME to point to the new JDK 1.8.0_3xx installation location, then start admin ui, or replace the actual file content of ~/CA/siteminder/adminui/runtime.

To replace the actual file content of ~/CA/siteminder/adminui/runtime

1. Verify admin UI login works, then stop admin UI. Take back up as necessary.

2. zip up the entire content under folder ~/siteminder/adminui/runtime, and move it somewhere else.  This is where the default AdoptOpenJDK 1.8.0_212-b04 was deployed.

3. Replace the content of ~/siteminder/adminui/runtime with your own JDK 1.8.0_3xx, maintain the exact similar structure as the previous deployment (bin, include, jre, lib, man, etc).

4. Check file ownership and permission are correct.

5. Restart admin UI and verify.

Please be aware, that there is no standard documentation for this change, customers will need to fully test the change on their own and ensure it is working as it should.

There is no guarantee that the same steps will work in the future as 3rd party JDK is changing from time to time on each release.

The latest SiteMinder 12.8sp6 version already has OpenJDK version "1.8.0_302" installed for admin UI.

AdminUI R12.8.x does not work with AdoptOpenJDK 11.