11 Upgrading an Oracle Identity Federation High Availability Environment

This chapter describes how to upgrade Oracle Identity Federation in a high availability environment.

This chapter contains the following sections:

11.1 Task 1: Understand the Oracle Identity Federation High Availability Upgrade

Refer to the following sections to prepare for the Oracle Identity Federation high availbility upgrade:

11.1.1 Prerequisites for Oracle Identity Federation High Availability Upgrade

Before you begin this upgrade procedure, it is assumed that:

  • The 10g source topology is equivalent to the 11g destination topology.

    In other words, the Oracle Identity Federation topology that you are planning to install should be similar in its design to the 10g environment. For example, it is assumed that you will be running the same number hosts and the same number Oracle Identity Federation instances in the 11g environment.

  • For each Oracle Identity Federation instance you are upgrading, the target Oracle Identity Federation 11g Oracle Home must be on the same host as the source Oracle Identity Federation 10g Oracle home.

  • The database that will be used to host the Oracle Identity Federation schema has been upgraded to a version supported by Oracle Fusion Middleware 11g.

    For more information, see "Upgrading and Preparing Your Databases" in the Oracle Fusion Middleware Upgrade Planning Guide.

11.1.2 Conventions Used in This Chapter

The examples in this chapter assume you are upgrading two Oracle Identity Federation instances running on two separate host computers. These are referre to as IDMHOST1 and IDMHOST2.

In addition, the examples assume you have two database servers, also running two separate hosts, DBHOST1 and DBHOST2.

11.2 Task 2: Install the Oracle Identity Federation Schema in the Database

Before you can install Oracle Identity Federation 11g in preparation for upgrade, you must install the Oracle Identity Federation 11g schema in a supported database.

You use the Repository Creation Utility to create the schema and select the Oracle Identity Federation component on the Select Components screen of the Repository Creation Utility.

For more information, refer to Section 6.2, "Task 2: Use the Repository Creation Utility to Install the Oracle Identity Federation Schema in the Database".

11.3 Task 3: Install Oracle WebLogic Server and Create the Middleware Home

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.

11.4 Task 4: Configure the Oracle WebLogic Server Domain with Only Oracle Enterprise Manager Fusion Middleware Control

Use the following procedure to install and configure Oracle Internet Directory in preparation for an Oracle Identity Federation high availability upgrade:

  1. Locate the Oracle Identity Management CD–ROM.

    Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:

    http://www.oracle.com/technology/

  2. If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

    Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.

  3. Start Oracle Universal Installer:

    On UNIX systems, enter the following command to install Repository Creation Utility:

    ./runInstaller

    On Windows systems, double-click the setup.exe file.

  4. Follow the instructions in the installer to install Oracle Identity Federation.

    Refer to the following resources during the installation and configuration:

    Table 11-1, which provides information on specific instructions required when installing and configuring the software for an Oracle Identity Federation high availability upgrade.

    Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and other prompts required during an Oracle Identity Federation installation.

  5. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

Table 11-1 Summary of the Installation Screens When Installing and Configuring Oracle Identity Federation High Availability in Preparation for Upgrade

Screen Description and Actions to Take

Select Installation Type

Select Install and Configure.

Prerequisite Checks

This screen verifies that your host computer meets all the system requirements for the Oracle Identity Management components.

Select Domain

Select Create New Domain, and provide a password for the weblogic administrator user.

Enter an easy to recognize domain name, such as OIFDomain.

Specify Installation Locations

  • Specify the location of the Middleware home and Oracle WebLogic Server directory you created in "Task 3: Install Oracle WebLogic Server and Create the Middleware Home".

  • Specify a name for the Oracle home that will be created inside the Middleware home during this installation. For this example, use the name "admin" to identify this as the Administration Oracle home.

  • Specify a name and location for the Oracle instance that will be created during this installation. For this example, enter "admin_inst" as the name of the Oracle instance to identify it as the instance where Fusion Middleware Control and the Oracle WebLogic Server Administration Console are running.

For more information, click Help or refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.

Select Components

This screen identifies which components to install on disk.

For the purposes of this procedure, select all the components on this screen.

Configure Components

This screen identifies the components that will be configured during this installation and configuration session.

For the purposes of this procedure, select only Enterprise Manager. Do not select any other components on this screen. You will configure the Oracle Identity Federation component later.

11.5 Task 5: Extend the Domain and Create the First Oracle Identity Federation 11g Oracle Instance

Now that you have configured an Oracle WebLogic Server domain, you can extend the domain and create the first Oracle Identity Federation component Oracle instance. Refer to the following sections for more information:

11.5.1 Extending the Domain and Configuring Oracle Identity Federation

To extend the domain and configure Oracle Identity Federation:

  1. Start Oracle Universal Installer:

    On UNIX systems, enter the following command to install Repository Creation Utility:

    ./runInstaller

    On Windows systems, double-click the setup.exe file.

  2. Follow the instructions in the installer to install Oracle Identity Federation.

    Refer to the following resources during the installation and configuration:

    Table 11-2, which provides information on specific instructions required when installing and configuring the software for an Oracle Identity Federation high availability upgrade.

    Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and other prompts required during an Oracle Identity Federation installation.

  3. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

Table 11-2 Summary of the Installation Screens When Configuring the First Oracle Identity Federation Oracle Instance

Screen Description and Actions to Take

Select Installation Type

Select Install and Configure.

Prerequisite Checks

This screen verifies that your host computer meets all the system requirements for the Oracle Identity Management components.

Select Domain

Specify Installation Locations

  • Specify the location of the Middleware home and Oracle WebLogic Server directory you created in "Task 3: Install Oracle WebLogic Server and Create the Middleware Home".

  • Specify a name for the Oracle home that will be created inside the Middleware home during this installation. For this example, enter "oif" to identify this as the Oracle home that contains the program files for the first Oracle Identity Federation intance.

  • Specify a name and location for the Oracle instance that will be created during this installation. Enter "oif_inst1" to identify this as the first Oracle Identity Federation instance in the high availability topology.

For more information, click Help or refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.

Select Components

This screen identifies which components to install on disk.

For the purposes of this procedure, select all the components on this screen.

Configure Components

This screen identifies the components to configure during this installation and configuration session.

For the purposes of this procedure:

Specify Cluster Details

Use this screen to specify the multicast address and port used by the managed servers within the Oracle WebLogic Server cluster.

For example:

  • Multicast Address: 239.192.0.0

  • Multicast Port: 8001

Specify OIF Details

For this example, enter the following in the fields on this screen:

  • PKCS12 Password: Enter a security password.

  • Confirm Password: Enter the password again to confirm you typed it correctly.

  • Server Id: For this example, enter oif_OIFDomain.

OIF Advanced Flow Attributes

Enter the following for each field on this screen:

Authentication Type: JAAS

User Store: NONE

Federation Store: NONE

User Session Store: RDBMS (default selection, which cannot be changed for a cluster)

Message Store: RDBMS (default selection, which cannot be changed for a cluster.

Configuration Store: RDBMS (default selection, which cannot be changed for a cluster.

Transient Store Database Details

Enter the following information on this screen:

  • Connect String: Provide the connect string to your database. If it is a RAC database, then enter each node, separated with the carot character (^). For example:

    oifdbhost1-vip.mycompany.com:1521:oifdb1^
oifdbhost2-vip.mycompany.com:1521:oifdb2@ oifdb.mycompany.com

  • User Name: Enter the name (including the prefix) for the Oracle Identity Federation schema that you created in Section 11.2, "Task 2: Install the Oracle Identity Federation Schema in the Database"

  • Password: The password you entered when you created the Oracle Identity Federation schema.

11.5.2 About Selecting and Configuring Oracle HTTP Server with Oracle Identity Federation

Oracle Identity Federation requires an Oracle HTTP Server instance. However, you can choose to install and configure the Oracle HTTP Server instance on the same host as Oracle Identity Federation, or you can install it on a separate host as part of a Web tier installation.

Note the following when deciding whether or not to install Oracle HTTP Server on the same host or not:

  • If you install Oracle HTTP Server on the same host as Oracle Identity Federation, you can use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle HTTP Server instance at the same time you are upgrading Oracle Identity Federation.

    This means that the Upgrade Assistant can then migrate all your SSL certificates, OSSO integration configuration from the source Oracle Identity Federation 10g source topology to the Oracle Identity Federation 11g destination topology.

  • If you install Oracle HTTP Server on a separate host, the Upgrade Assistant will not migrate the SSL certificates and OSSO integration configuration. These artifacts will have to be migrated manually post upgrade.

11.6 Task 6: Use the Upgrade Assistant to Upgrade the First Oracle Identity Federation Oracle Instance

The Oracle Fusion Middleware Upgrade Assistant automates the upgrade of many aspects of your Oracle Application Server 10g environment.

The Upgrade Assistant is installed automatically into the bin directory of your Oracle Fusion Middleware Oracle home.

The following sections provide more information:

11.6.1 Task 6a: Start the Upgrade Assistant for an Oracle Identity Federation Upgrade

To start the Upgrade Assistant using the graphical user interface:

Note:

You can also use the Upgrade Assistant command-line interface to upgrade your Oracle Application Server 10g Oracle homes. For more information, see "Using the Upgrade Assistant Command-Line Interface" in the Oracle Fusion Middleware Upgrade Planning Guide.

  1. Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.

  2. Enter the following command to start the Upgrade Assistant.

    On UNIX system:

    ./ua

    On Windows systems:

    ua.bat

    The Upgrade Assistant displays the Welcome screen as shown in Figure 11-1

    Figure 11-1 Upgrade Assistant Welcome Screen

    Description of Figure 11-1 follows
    Description of "Figure 11-1 Upgrade Assistant Welcome Screen"

  3. Click Next to display the Select Operation screen (Figure 11-2).

    The options available in the Upgrade Assistant are specific to the Oracle home from which it started. When you start Upgrade Assistant from an Oracle Application Server Identity Management Oracle home, the options shown on the Select Operation screen are the valid options for an Oracle Application Server Identity Management Oracle home.

    Figure 11-2 Upgrade Assistant Select Operation Screen for an Oracle Identity Federation Upgrade

    Description of Figure 11-2 follows
    Description of "Figure 11-2 Upgrade Assistant Select Operation Screen for an Oracle Identity Federation Upgrade"

11.6.2 Task 6b: Upgrade Oracle Identity Federation

When you upgrade Oracle Identity Federation, the Upgrade Assistant upgrades the configuration files in the Oracle Identity Federation middle tier.

To upgrade Oracle Identity Federation when they reside in the same Oracle instance:

  1. Start the Upgrade Assistant as described in Task 6a: Start the Upgrade Assistant for an Oracle Identity Federation Upgrade.

  2. Select Upgrade Identity Management Instance on the Select Operation screen (Figure 11-2).

  3. Refer to Table 11-3 for a description of the Upgrade Assistant screens that require input from you during an Oracle Identity Federation upgrade.

  4. After the Specify Upgrade Options screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:

    • Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.

    • Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.

    • Provides a progress screen so you can see the status of the upgrade as it proceeds.

    • Alerts you of any errors or problems that occur during the upgrade.

      See Also:

      "Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant

    • Displays the End of Upgrade screen, which confirms that the upgrade was complete.

  5. Exit the Upgrade Assistant.

Table 11-3 Upgrade Assistant Screens That Require Input During an Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

Upgrade Assistant Screen Description

Specify Source Home

Select the 10g (10.1.4.0.1) source Oracle home.

If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide.

Specify Destination Instance

Enter the complete path to the destination 11g Oracle home that you installed inside the middleware home. This is the Oracle home that contains the Oracle Identity Federation software.

Alternatively, click Browse to select the directory.

Specify WebLogic Server

Enter the host, Administration Server port, and administration user credentials for the Oracle WebLogic Server domain you configured in Section 11.4, "Task 4: Configure the Oracle WebLogic Server Domain with Only Oracle Enterprise Manager Fusion Middleware Control".

Warning Dialog Box

The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance.

This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home.

If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance.

Specify Upgrade Options

This screen offers these upgrade options:

  • Use source Oracle home ports in destination: If you want to migrate the port assignments used by your Oracle Application Server 10g Oracle home to your new Oracle Fusion Middleware Oracle instance.

    Note that Oracle recommends that you always select this option when upgrading Oracle Identity Federation.

  • Start destination components after successful upgrade: if you want the Upgrade Assistant to automatically start the components in the destination Oracle home after the upgrade is complete. If you do not select this option, then you will have to manually start the destination instance after the upgrade.

For the purposes of this example, select both of these upgrade options.

11.7 Task 7: Install Oracle WebLogic Server and Create the Middleware Home on IDMHOST2

Before you can expand the Oracle WebLogic Server cluster you created on IDMHOST1 to include IDMHOST2, you must install the Oracle WebLogic Server binary files on IDMHOST2 and create Middleware home on IDMHOST2.

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.

11.8 Task 7: Install and Configure the Second Oracle Identity Federation Instance on IDMHOST2

To install and configure the domain and configure Oracle Identity Federation:

  1. Start Oracle Universal Installer:

    On UNIX systems, enter the following command to install Repository Creation Utility:

    ./runInstaller

    On Windows systems, double-click the setup.exe file.

  2. Follow the instructions in the installer to install Oracle Identity Federation.

    Refer to the following resources during the installation and configuration:

    Table 11-2, which provides information on specific instructions required when installing and configuring the software for an Oracle Identity Federation high availability upgrade.

    Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and other prompts required during an Oracle Identity Federation installation.

  3. When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

Table 11-4 Summary of the Installation Screens When Configuring the Second Oracle Identity Federation Oracle Instance

Screen Description and Actions to Take

Select Installation Type

Select Install and Configure.

Prerequisite Checks

This screen verifies that your host computer meets all the system requirements for the Oracle Identity Management components.

Select Domain

Select Expand Cluster and enter the domain details.

Enter the host, port, user name, and password for the administration server in the domain you created on IDMHOST1 in "Task 4: Configure the Oracle WebLogic Server Domain with Only Oracle Enterprise Manager Fusion Middleware Control".

Click Next.

For more information, click Help or refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

Specify Installation Locations

  • Specify the location of the Middleware home and Oracle WebLogic Server directory you created in "Task 7: Install Oracle WebLogic Server and Create the Middleware Home on IDMHOST2".

  • Specify a name for the Oracle home that will be created inside the Middleware home during this installation. For this example, enter "oif" to identify this as the Oracle home that contains the program files for the first Oracle Identity Federation intance.

  • Specify a name and location for the Oracle instance that will be created during this installation. Enter "oif_inst2" to identify this as the second Oracle Identity Federation instance in the high availability topology.

For more information, click Help or refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.

Select Components

This screen identifies which components to install on disk.

For the purposes of this procedure, select all the components on this screen.

Configure Components

This screen identifies the components to configure during this installation and configuration session.

For the purposes of this procedure:

Specify Cluster Details

Use this screen to specify the multicast address and port used by the managed servers within the Oracle WebLogic Server cluster.

For example:

  • Multicast Address: 239.192.0.0

  • Multicast Port: 8001

Specify OIF Details

For this example, enter the following in the fields on this screen:

  • PKCS12 Password: Enter a security password.

  • Confirm Password: Enter the password again to confirm you typed it correctly.

  • Server Id: For this example, enter oif_OIFDomain.

OIF Advanced Flow Attributes

Enter the following for each field on this screen:

Authentication Type: JAAS

User Store: NONE

Federation Store: NONE

User Session Store: RDBMS (default selection, which cannot be changed for a cluster)

Message Store: RDBMS (default selection, which cannot be changed for a cluster.

Configuration Store: RDBMS (default selection, which cannot be changed for a cluster.

Transient Store Database Details

Enter the following information on this screen:

  • Connect String: Provide the connect string to your database. If it is a RAC database, then enter each node, separated with the carot character (^). For example:

    oifdbhost1-vip.mycompany.com:1521:oifdb1^
oifdbhost2-vip.mycompany.com:1521:oifdb2@ oifdb.mycompany.com

  • User Name: Enter the name (including the prefix) for the Oracle Identity Federation schema that you created in Section 11.2, "Task 2: Install the Oracle Identity Federation Schema in the Database"

  • Password: The password you entered when you created the Oracle Identity Federation schema.

11.9 Task 8: Copy the Oracle Identity Federation Application from IDMHOST1 to IDMHOST2

The Oracle Directory Integration Platform application is deployed on IDMHOST1 as an externally staged application. The application must be copied from IDMHOST1 to OIFHOST2; otherwise the managed server on IDMHOST2 is listed in the Oracle WebLogic Server administration console as being in an "unknown" state:

  1. Create a stage directory on IDMHOST2:

    MW_HOME/user_projects/domains/IDMDomain/servers
      /wls_oif2/stage/OIF/11.1.1.0.0/OIF

  2. Locate the Oracle Identity Federation stage directory on IDMHOST1:

    MW_HOME/user_projects/domains/IDMDomain/servers
      /wls_oif1/stage/OIF/11.1.1.0.0/OIF

  3. Copy the directory and its contents to the stage location on IDMHOST2.

11.10 Task 9: Start the Managed Server on IDMHOST2

Follow these steps to start the wls_ods2 managed server in a cluster:

  1. Open a browser and navigate to the WebLogic Administration Console at:

    http://idmhost1.mycompany.com:port/console

  2. Log in to the WebLogic Administration Console using the administrator credentials.

  3. In the left pane of the WebLogic Administration Console, expand Environment and select Clusters.

  4. Select the cluster (cluster_oif) containing the managed server (wls_oif2) you want to start.

  5. Select Control.

  6. Under Managed Server Instances in this Cluster, select the check box next to the managed server (wls_ods2) you want to start and click Start.

  7. On the Server Life Cycle Assistant page, click Yes to confirm.

Note:

Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.

11.11 Task 10: Complete Post-Upgrade Procedures

Refer to the following sections for information about important post-upgrade Oracle Identity Federation high availability procedures:

11.11.1 Configuring Routing Between Oracle Identity Federation and Oracle HTTP Server

Follow the steps shown below to create a new Oracle HTTP Server instance and to enable communication between the Oracle HTTP Server instance and the Oracle Identity Federation server instance on IDMHOST1 and IDMHOST2.

When you install and configure Oracle Identity Federation, the Oracle HTTP Server software is installed in the Oracle home, but an Oracle HTTP Server instance is not configured by default:

  1. Create an Oracle HTTP Server instance to configure with Oracle Identity Federation:

    INSTANCE_HOME/bin/opmnctl createcomponent 
          -componentType OHS 
          -componentName ohs1

  2. On IDMHOST2, edit the following configuration file:

    INSTANCE_HOME/config/OHS/ohs_name/moduleconf/oif.conf

    In this example, ohs_name is the name of the Oracle HTTP Server component; for example: ohs1

  3. Uncomment and set the WebLogicCluster variable to reference the managed servers running the Oracle Identity Federation Server instances.

    For example, if the host and port of each managed server is as follows:

    idmhost1.mycompany.com:7499
idmhost2.mycompany.com:7499

    Then update the file to contain the following entry:

    <Location /fed>
     WebLogicCluster idmhost1.mycompany.com:7499,idmhost2.mycompany.com:7499
     SetHandler weblogic-handler
</Location>

  4. Save the oif.conf file.

  5. Start the Oracle HTTP Server as shown below:

    INSTANCE_HOME /bin/opmnctl startproc process-type=OHS

11.11.2 Configuring the Load Balancer

Oracle Identity Federation topologies deployed in high availability configurations are front-ended by an external load balancer, which provides load balancing of the HTTP requests between the various OIF instances.

After upgrading the Oracle Identity Federation high availability environment, configure your load balancer to listen to the Oracle HTTP Server instances on IDMHOST1 and IDMHOST2.Refer to the documentation provided by the load balancer vendor to accomplish this task.

11.11.3 Set Oracle Identity Federation Configuration Properties

Follow the steps below to enable the Oracle Identity Federation instances on IDMHOST1 and IDMHOST2 to recognize the Load Balancer Virtual Hostname.

Use Oracle Enterprise Manager Fusion Middleware Control to complete this task.

  1. Log in to Fusion Middleware Control and locate the Oracle Identity Federation instance home page.

  2. Modify the server properties as follows:

    1. From the Oracle Identity Federation menu, select Administration, and then Server Properties.

    2. Change the Host field to reflect the virtual host name of the load balancer.

    3. Change the Port and SSL Enabled, as well as the SOAP Port and SSL Enabled options to reflect the ports used by the load balancer.

    4. Save the changes.

  3. Modify the Identity Provider properties as follows:

    1. From the Administration menu, select Identity Provider.

    2. In the Provider ID field, enter the URL for the load balancer virtual host name and port.

      For example:

      http://load_balancer_host:port

  4. Modify the Service Provider properties as follows:

    1. From the Administration menu, select Service Provider.

    2. In the Provider ID field, enter the URL for the load balancer virtual host name and port.

      For example:

      http://load_balancer_host:port

  5. Repeat Steps 2 through 4 for the subsequent Oracle Identity Federation instances in the high availability environment.

  6. Because the Oracle Identity Federation metadata will have changed, redistribute the metadata to any remote partners to notify them of the configuration changes you just made.

11.12 Task 11: Verify the Oracle Identity Federation High Availbility Upgrade

Follow the steps below to validate the upgraded Oracle Identity Federation high availability upgrade:

  1. Use a web browser to access the URL's shown below:

    http://<LoadBalancerHost>:<LoadBalancerPort>/fed/sp/metadata
http://<LoadBalancerHost>:<LoadBalancerPort>/fed/idp/metadata

  2. Follow the instructions in the following sections of the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Federation to import metadata from the SP into the IdP and the IDP metadata into the SP:

  3. Go to the following URL and do a Single Sign-On operation:

    http://Loadbalancer_SP_Host:Loadbalancer SP_port/fed/user/testspsso

  4. During the upgrade, the single sign-on configurations from your 10g environment should have been migrated to the upgraded instances. As a result, you should be able to access those URLs, if the upgrade process completed successfully.