Updating the Federated Sign-in Module

Periodically, XTAM updates its Federated Sign-in Module to support new authentication providers or to address new security protocols.

As these updates are infrequent, they are not included as part of the weekly XTAM software updates.

The procedure outlined in this article should be used to update the Federated Sign-in Module when new versions are released.

Considerations

  • If possible, we would recommend you update a test environment first to become comfortable with the procedure and to test the results before updating production.
  • Any customizations that you may have made to Federated Sign-in Module will be lost during the upgrade process and will need to be manually remade after the update is complete.
  • Each XTAM node where the Federated Sign-in Module is deployed will need to be updated using this procedure.

Step 1. Download and Extract Federated Sign-in Module

Download the latest supported Federated Sign-in Module for XTAM to your XTAM host server and extract this archive outside the $XTAM directory.

If you have multiple nodes, you will need to perform this procedure on all node servers.

https://bin.xtontech.com/product/pam-cas.zip

Step 2. Stop the XTAM Service

Once the service is stopped, this XTAM node will become inaccessible until the update is completed.

  • For Windows deployments, stop the PamManagement service:
Copy
net stop PamManagement
  • For Linux deployments, stop the pammanager service:
Copy
service pammanager stop

Step 3. Updating the Federated Sign-in Module

 

Navigate to $XTAMweb/webapps and move both the existing cas.war file and the /cas directory to a location outside of $XTAM (do not simply rename them in place).

Once both have been moved to a location outside of $XTAM, copy the new cas.war file downloaded and extracted from step 1 to this same location ($XTAM/web/webapps).

Step 4. Start the XTAM Services

  • For Windows deployments, start the PamManagement service:
Copy
net start PamManagement
  • For Linux deployments, start the pammanager service:
Copy
service pammanager start

 

During startup, XTAM will automatically deploy the new Federated Sign-in Module.

This process may take several minutes to complete.

Step 5. Test and Verify

 

Once the service comes back online, you can now open the XTAM login page and test authentication.

This should include all authentication methods configured in XTAM, for example, local user authentication, AD authentication, SSO or MFA.

If no issues are found during testing, then the update process is complete.

You may now remake any customizations that you had made previously.

Rollback

During testing, if you found issues with the new Federated Sign-in Module, you can rollback to your previously working version using this procedure.

If you do not need to rollback, please proceed to the next steps:

  1. Stop the XTAM service as described earlier.
  2. Delete the new cas.war and /cas directory that were deployed to $XTAM\web\webapps
  3. Copy back your original cas.war and /cas directory to this location ($XTAM\web\webapps)
  4. Start the XTAM service as described earlier.

Step 6. Cleanup

After your testing is complete and the new Federated Sign-in Module is working as expected, you may choose to remove the following as part of the cleanup process:

  • Files downloaded in Step 1 and the extracted archive
  • The backup copy of cas.war and the /cas directory.