When upgrading using JDK 1.8 sees the following Error:
"ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] (Thread-525) Exception caught while encrypting.
12:31:43,660 ERROR [com.netegrity.crypto.AESCBCPKCS5PaddingHandler] (Thread-525) ; com.rsa.jsafe.JSAFE_InputException: invalid character"
Issue was caused by custom JSP and jars on the IDM system. They had 3 custom jars which needed to be recompiled in JDK 1.8. These custom connector jars were for CA directory endpoints. It allowed them through PX rules to modify the endpoint accounts through the custom jars.
Once they recompiled their custom jar files for JDK 1.8 the upgrade worked as expected.