Policy Store Migration and Upsizing on Windows NT

ColdFusion 5 includes an updated OEM version of Netegrity SiteMinder v4.1.1 for Advanced Security. This newer version makes use of a Policy Store storage format that is not compatible with SiteMinder v3.5.1, used in ColdFusion 4.5. A one-time migration process is required before using ColdFusion 4.5 Policy Store data directly in ColdFusion 5.

Your Coldfusion 4.5x policy store has been exported into an XML file smpolicystore451export.xml located in the database subdirectory of your main ColdFusion installation directory
(for example,"C:\cfusion\database\smpolicystore451export.xml").


About the Provided MS Access-based Policy Store
The ColdFusion 5 installer installs an initialized MS Access Policy Store which you can use to explore basic Advanced Security functionality in the ColdFusion Administrator. Customers are strongly cautioned against using MS Access as a permanent Policy Store location, since the use of MS Access with SiteMinder is known to produce unpredictable results due to asynchronous database update problems. Macromedia strongly recommends customers to switch the active SiteMinder Policy Store from the default provided MS Access DB to a Microsoft SQL Server database, Lightweight Directory Access Protocol (LDAP) directory, or Oracle Server database.


The "Start Security Wizard Upgrade" link below will launch the Policy Store Migration Wizard that will walk you through the process of upsizing your policy store and importing your Coldfusion 4.5x data.


** Important Note about Policy Store Users during Import **
The import utility relies on the SiteMinder 4.1.1 APIs to import data into the Policy Store. However, when using these API's for importing data, SiteMinder attempts to verify imported user data from the appropriate User Directory data source. As each user is added from a User Directory to a Policy, SiteMinder verifies that the user is found in that User Directory before allowing the data to be inserted into the Policy Store. If a User Directory data source from which a user is added is not reachable, the user cannot be verified, and will not be inserted into the Policy Store. The import status and list of rejected users are logged into a file named "smpolicystore451.log" in the "\database" subdirectory of your main ColdFusion installation directory. To avoid SiteMinder user data import failures caused by unreachable User Directories, be sure these User Directory data sources are configured, online and available during the Policy Store data import step below.


Upgrade for ColdFusion 4.x policy data.

Alternatively, the steps documenting the process used to convert the Policy Store to another format can be found here for ODBC Policy Stores and here for LDAP Policy Stores.