Skip Headers
Oracle® Access Manager Upgrade Guide
10
g
(10.1.4.3)
Part Number E12495-01
Home
Book List
Index
Contact Us
Next
View PDF
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Access Manager?
Product and Component Name Changes
Enhancements Available in 10
g
(10.1.4.3)
Upgrade Using the Zero Downtime Method
Upgrade Planning, Methodology, and Deployment Scenarios
Upgrade Planning and Tracking Summaries
Upgrade Concepts and Methods
Automated Upgrade Processes and Manual Tasks
Support Changes
Globalization, System Behaviors, and Backward Compatibility
Upgrade Prerequisites and Preparation
Upgrading the Schema and Data
Component Upgrades
Customization Upgrades
Auditing and Reporting Changes
Combining Challenge and Response Attributes on a Panel
Validating Your Upgraded Installation
Upgrading With a Switch From Solaris to Linux
Troubleshooting
Part I Introduction
1
Introduction to Oracle Access Manager Upgrades and Planning
1.1
About Upgrading, Upgrade Methodologies, and Upgrade Packages
1.1.1
In-Place Upgrade Method
1.1.2
Zero Downtime Upgrade Method
1.1.3
Upgrade Packages
1.2
Typical Deployment Scenarios
1.2.1
About Upgrading Identity System Only Deployments
1.2.2
About Upgrading Joint Identity System and Access System Deployments
1.3
In-Place Upgrade Task Overview
1.3.1
About the Planning Stage
1.3.2
About the Execution Stage for In-Place Upgrades
1.4
In-Place Upgrade Planning and Deliverables
1.4.1
Planning Considerations
1.4.2
In-place Schema and Data Upgrade Planning
1.4.3
Customization Upgrade Planning
1.4.4
Planning Deliverables
1.5
Planning Considerations for System Downtime During In-Place Upgrades
1.5.1
Minimizing Downtime During In-Place Upgrades
1.5.2
Downtime Assessments for In-Place Upgrades
1.5.3
Downtime Assessment Example for In-Place Upgrades
1.6
Planning Considerations for Extranet and Intranet Deployments
1.6.1
Extranet Deployments
1.6.2
Intranet Deployments
1.7
Upgrade Paths
1.7.1
Direct Upgrade Paths
1.7.1.1
From Release 6.1.1
1.7.1.2
From Release 6.5
1.7.1.3
From Release 7.x
1.7.2
Indirect Upgrade Paths
2
Upgrade Concepts, Strategies, and Methods
2.1
Upgrade Terms and Concepts
2.1.1
Oracle Product Numbering
2.1.2
Package Types
2.1.3
Available Releases
2.1.4
Upgrade Methods
2.1.5
Incremental Upgrade Processing
2.2
About Upgrading the Oracle Application Server
2.3
Backup and Recovery Strategies
2.3.1
Backup Strategies Before Upgrading
2.3.2
Backup Strategies After Upgrading
2.3.3
Recovery Strategies
2.4
Zero Downtime Upgrade Start Methods
2.5
In-Place Upgrade Start Methods
2.5.1
GUI Method
2.5.2
Console Method
2.6
Upgrade Event Modes
2.6.1
Automatic Mode
2.6.2
Confirmed Mode
2.7
Support Deprecated
2.8
Upgrade Strategies When Support is Changed or Deprecated
2.8.1
Upgrading When Third-Party Support Has Changed
2.8.2
Upgrading When Third-Party Support Has Been Deprecated
2.8.2.1
Upgrading with Manual Web Server Configuration When Support is Deprecated
2.8.2.2
Upgrading Oracle Access Manager In Phases When Third-Party Support is Deprecated
3
About Automated Processes and Manual Tasks
3.1
Supported Components and Applications
3.2
About Automated Upgrade Processing and Events
3.2.1
About Processing and Events
3.2.2
About Log Files
3.3
Upgraded Items
3.4
Preserved Items
3.4.1
Directory Server Failover
3.4.1.1
Impact of the Upgrade on Directory Server Failover
3.4.2
Connection Pool Details
3.4.2.1
Impact of the Upgrade on Connection Pools
3.4.3
Encryption Schemes and the Shared Secret
3.5
Items that You Must Manually Upgrade
3.5.1
Auditing and Access Reporting
3.5.2
C++ Programs
3.5.3
Challenge and Response Attributes Must Appear on a Panel
3.5.4
Customized Styles
3.5.5
Language Packs
3.5.6
Plug-ins
3.6
The Latest Patch Sets
4
System Behavior and Backward Compatibility
4.1
Platform and SDK .NET Support
4.2
About Installers, Patch Sets, Bundle Patches, and Newly Certified Components
4.2.1
Definitions
4.2.2
Packages for Upgrades
4.3
Obtaining Packages for Upgrades
4.4
About Expanding Environments
4.5
About Upgrading and Backward Compatibility
4.6
Schema Changes
4.7
General Behavior Changes
4.7.1
10
g
(10.1.4.3) Packages
4.7.1.1
Definitions
4.7.1.2
Packages for Upgrades
4.7.2
Acquiring and Using Multiple Languages
4.7.3
Auditing and Access Reporting
4.7.4
Automatic Login and the Password Redirect URL
4.7.5
Automatic Schema Update Support for ADAM
4.7.6
C++ Programs
4.7.7
Cache Flush
4.7.8
Certificate Store and Localized Certificates
4.7.9
Compilers for Plug-ins
4.7.10
Configuration Files
4.7.11
Connection Pool Details
4.7.12
Console-based Command-line Interfaces
4.7.13
Customized Styles, Images, and JavaScript
4.7.14
Database Input and Output
4.7.15
Date and Time Formats
4.7.16
Default Product Pages
4.7.17
Detecting Cross-site Scripting and SQL Injection
4.7.18
Diagnostic Tools for Identity and Access Servers
4.7.19
Directory Profiles and Database Instance Profiles
4.7.20
Directory Server Connection Details
4.7.21
Directory Server Failover
4.7.22
Directory Server Interface
4.7.23
Directory Structure
4.7.24
Domain Names, URIs, and URLs
4.7.25
Encryption Schemes
4.7.26
Failover and Failback
4.7.27
File and Path Names
4.7.28
Graphical User Interface
4.7.29
HTML Pages
4.7.30
Installation Packages
4.7.31
LDAP Bind Password
4.7.32
Message and Parameter Files
4.7.33
Migrating User Data At First Login
4.7.34
Minimum Number of Search Characters
4.7.35
Multiple Values in Challenge Phrase and Response Attributes
4.7.36
Names Assigned by Administrators and Product Names
4.7.37
Namespaces for Policy Data and User Data Stored Separately
4.7.38
Native POSIX Thread Library (NPTL) for Linux
4.7.39
Object Classes and Attributes
4.7.40
obVer Attribute Changes
4.7.41
Password Policies and Lost Password Management
4.7.42
Reconfiguring the Logging Framework without a Restart
4.7.43
Secure Logging
4.7.44
Support Changes
4.7.45
Transport Security for the Directory Server
4.7.46
Upgrade Enhancements
4.7.47
Web Components and Backward Compatibility
4.7.48
Web Server Configuration Files
4.7.49
Writing a Stack Trace to a Log File
4.7.50
XML Catalogs and XSL Stylesheet Encoding
4.8
Identity System Behavior Changes
4.8.1
Challenge and Response Attributes
4.8.2
Content-length Header in a WebPass Response
4.8.3
Email Notifications
4.8.4
Identity Server Backward Compatability
4.8.5
Identity System Event Plug-ins
4.8.5.1
Identity Event Plug-in Backward Compatibility
4.8.5.2
Common Uses of the Identity Event Plug-in API
4.8.5.3
Identity Event Plug-in Action Types
4.8.5.4
Identity Event Plug-in Event Types
4.8.6
IdentityXML and SOAP Requests and Responses
4.8.7
IdentityXML Enhancement
4.8.8
Java Applets
4.8.9
Large Group Evaluations
4.8.10
Large Static Groups
4.8.11
Mail Notification Enhancements
4.8.12
Minimum Number of Search Characters
4.8.13
Multi-Step Identity Workflow Engine
4.8.14
Oracle Identity Protocol (OIP)
4.8.15
New Parameters in globalparams.xml
4.8.16
Password Policies and Password Management Run Time Changes
4.8.17
Portal Inserts and the URI Query String
4.8.18
PresentationXML Directories
4.8.19
Sorting User Search Results
4.8.20
Tuning Internal DBAgent Cache
4.8.21
Web Services Code
4.8.22
XSLProcessor Parameter
4.9
Access System Behavior Changes
4.9.1
Access Server Backward Compatibility
4.9.2
Access Manager SDK, Access Manager API, and Custom AccessGates
4.9.2.1
Access Manager SDK Support for .NET
4.9.3
Access Server Cache Flush in Replicated Environments
4.9.4
Asynchronous Cache Flush
4.9.5
Authentication Scheme Updates
4.9.6
Authorization Rules and Access Policies
4.9.7
Custom Authentication and Authorization Plug-ins and Interfaces
4.9.7.1
Access Server Backward Compatibility
4.9.7.2
Authentication and Authorization Plug-ins Background
4.9.8
Directory Profiles
4.9.9
Dynamic Group Filter Size
4.9.10
Error Handling for Message Channel Initialization During Cache Flush
4.9.11
Forms-based Authentication
4.9.12
Global Sequence Number Corruption Recovery
4.9.13
idleSessionTimeoutLogic
4.9.14
Internet Protocol Version 6
4.9.15
Large Authorization Expressions
4.9.16
Large Group Evaluations
4.9.17
Maximum Elements in Session Token Cache
4.9.18
Mixed-Mode Communication for Cache Flush Requests
4.9.19
Oracle Access Protocol (OAP) Updates
4.9.20
OracleAS Web Cache Integration
4.9.21
Overriding Windows-enabled Impersonation
4.9.22
Policy Manager
4.9.23
Policy Manager API
4.9.24
Preferred HTTP Host
4.9.25
Shared Secret
4.9.26
Synchronous Cache Flush Between Multiple Access Servers
4.9.27
Triggering Authentication Actions After the ObSSOCookie Is Set
4.9.28
WebGates
4.10
Enhancements Included from Release 10.1.4 Patch Set 1 (10.1.4.2.0)
Part II Upgrading the Schema and Data
5
Preparing for Schema and Data Upgrades
5.1
About Schema and Data Upgrades
5.1.1
Considerations for Workflows in Multiple Directories
5.1.2
About Preparing For and Performing the In-Place Schema and Data Upgrade
5.1.3
Error Logging for All Directory Servers
5.2
Strategies for Upgrading in a Replicated Environment
5.2.1
About User Data Replication
5.2.1.1
Failover Configuration
5.2.1.2
Load Balancing Configuration
5.2.1.3
Load Balancing and Failover Configuration
5.2.1.4
Operation-based Load Balancing Configuration
5.2.2
About Configuration Data Replication
5.3
Configuring the Challenge/Response Phrase at the Object Class Level
5.4
Configuring Unique Namespaces for Directory Connection Information
5.5
Preparing Your Directory Instances for the Schema and Data Upgrade
5.5.1
Preparing a Directory Server When Its Release is Deprecated
5.5.2
Changing the Directory Server Search Size Limit Parameter
5.5.3
Active Directory Considerations and Preparation
5.5.3.1
Changing the MaxPageSize Parameter
5.5.3.2
Confirming You Are Using a Schema Master
5.5.4
Active Directory Application Mode Considerations and Preparation
5.5.5
IBM Directory Server Considerations and Preparation
5.5.6
Oracle Internet Directory
5.5.7
Siemens DirX Directory Deprecation
5.5.8
Sun Directory Server Considerations and Preparation
5.6
Backing Up Existing Oracle Access Manager Data
5.6.1
Backing up the Earlier Oracle Access Manager Schema
5.6.2
Backing up Oracle Access Manager Configuration and Policy Data
5.6.3
Backing Up User and Group Data
5.6.4
Backing Up Workflow Data
5.6.5
Archiving Processed Workflow Instances
5.7
Backing Up Existing Directory Instances
5.8
Halting On-the-fly User Data Migration at First Login Temporarily
5.8.1
Halting On-the-fly Migration of User Data: Phase 1
5.9
Preparing Host Computers for Master Components
5.10
Adding An Earlier Identity System to Use as a Master for the In-place Method
5.10.1
Defining Additional Instances in the Existing System Console
5.10.2
Installing the Master COREid Server Instance
5.10.3
Installing the Master WebPass
5.10.4
Setting Up the Master Identity System for the In-place Schema and Data Upgrade
5.11
Adding an Earlier Access Manager to Use as a Master for the In-Place Method
5.11.1
Installing the Master Access Manager for the In-place Schema and Data Upgrade
5.11.2
Setting Up the Master Access Manager for the In-place Method
5.11.2.1
Specifying Directory Server Details and Data Locations
5.11.2.2
Configuring Authentication Schemes
5.11.2.3
Finishing the Master Access Manager Setup
5.12
Finishing Preparation for the In-Place Schema and Data Upgrade
6
Upgrading Identity System Schema and Data In Place
6.1
About Upgrading the Identity System Schema and Data
6.2
Upgrading the Schema and Data In Place with the Master Identity Server
6.2.1
Master Identity System Schema and Data Upgrade Prerequisites
6.2.2
Starting the Master Identity Server Upgrade
6.2.3
Specifying the Target Directory and Languages
6.2.4
Updating the Identity System Schema and Data
6.2.5
Enabling Multi-Language Capability
6.2.6
Upgrading Identity Server Configuration Files
6.2.7
Upgrading the Software Developer Kit (SDK) Configuration
6.2.8
Finishing and Verifying the Master COREid Server Upgrade
6.3
Upgrading the Master WebPass
6.3.1
Master WebPass Upgrade Prerequisites
6.3.2
Starting the Master WebPass Upgrade, Specifying a Target Directory and Languages
6.3.3
Upgrading WebPass Configuration Files and Web Server Configuration
6.3.4
Finishing and Verifying the Master WebPass Upgrade
6.4
Verifying the Identity System Schema and Data Upgrade
6.5
Uploading Directory Server Index Files
6.5.1
Verifying and Uploading Oracle Internet Directory and Sun Directory Indexes
6.5.2
Verifying and Uploading Novell eDirectory Indexes
6.6
Renaming Audit Files After Upgrading the Schema and Data
6.7
Backing Up Upgraded Identity Data
6.8
Halting On-the-fly Migration of User Data: Phase 2
6.9
Recovering From an Identity System Schema or Data Upgrade Failure
6.10
Looking Ahead
7
Upgrading Access System Schema and Data In Place
7.1
About Access System Schema and Data Upgrades
7.2
Upgrading the Schema and Data with the Master Access Manager Component
7.2.1
Access System Schema and Data Upgrade Prerequisites
7.2.2
Starting the Master Access Manager Upgrade
7.2.3
Specifying the Target Directory and Languages
7.2.4
Updating the Access System Schema and Policy Data
7.2.5
Upgrading the Access Manager and Web Server Configuration Files
7.2.6
Finishing and Verifying the Access System Schema and Data Upgrade
7.3
Uploading Directory Server Index Files
7.4
Verifying the Access Schema and Data Upgrade
7.5
Creating a Temporary Directory Profile For Access System Upgrades
7.6
Backing Up Upgraded Policy Data
7.7
Recovering From an Access System Schema or Data Upgrade Failure
7.8
Looking Ahead
Part III Upgrading Components
8
Preparing Components for the Upgrade
8.1
Checking Compatibility with Previous Releases
8.2
Copying Custom Identity Event Plug-ins
8.3
Preparing Earlier Customizations
8.4
Preparing the Default Logout in the Policy Manager
8.5
Preparing Host Computers
8.5.1
Changing Read Permissions on Password Files
8.5.2
Confirming Free Disk Space
8.6
Preparing Release 6.x Environments
8.6.1
Adding Packages for Release 6.5.0.x
8.6.2
Adding Packages for Release 6.5.2.x Patch
8.7
Preparing Multi-Language Installations
8.8
Backing Up File System Directories, Web Server Configurations, and Registry Details
8.8.1
Backing Up the Existing Component Installation Directory
8.8.2
Backing Up the Existing Web Server Configuration File
8.8.3
Backing Up Windows Registry Data
8.9
Stopping Servers and Services
8.10
Logging in with Appropriate Administrative Rights
9
Upgrading Remaining Identity System Components In Place
9.1
About In-Place Identity System Upgrades
9.2
Upgrading Remaining Identity Servers In Place
9.2.1
Identity Server Upgrade Prerequisites
9.2.2
Starting the Identity Server Upgrade
9.2.3
Specifying the Target Directory and Languages
9.2.4
Upgrading Identity Server Configuration Files
9.2.5
Upgrading the Software Developer Kit Configuration
9.2.6
Finishing and Verifying the Identity Server Upgrade
9.3
Upgrading Remaining WebPass Instances In Place
9.3.1
WebPass Upgrade Prerequisites
9.3.2
Starting the WebPass Upgrade, Specifying the Target Directory and Languages
9.3.3
Upgrading WebPass Configuration Files and Web Server Configuration File
9.3.4
Finishing and Verifying the WebPass Upgrade
9.4
Validating the In-place Identity System Upgrade
9.5
Backing Up Upgraded Identity Component Information
9.6
Recovering From an In-place Identity Component Upgrade Failure
9.7
Looking Ahead
10
Upgrading Access System Components In Place
10.1
About In-place Access System Component Upgrades
10.2
Upgrading Remaining Policy Managers In Place
10.2.1
In-place Policy Manager Upgrade Prerequisites
10.2.2
Starting the Policy Manager Upgrade, Specifying a Target Directory and Languages
10.2.3
Upgrading Policy Manager and Web Server Configuration Files
10.2.4
Finishing and Verifying the Policy Manager Upgrade
10.3
Upgrading Access Servers In Place
10.3.1
In-place Access Server Upgrade Prerequisites
10.3.2
Starting the Access Server Upgrade, Specifying a Directory and Languages
10.3.3
Upgrading Access Server Configuration Files
10.3.4
Finishing and Verifying the Access Server Upgrade
10.4
Upgrading WebGates In Place
10.4.1
In-place WebGate Upgrade Prerequisites
10.4.2
Starting the WebGate Upgrade, Specifying a Target Directory and Languages
10.4.3
Upgrading WebGate and Web Server Configuration Files
10.4.4
Finishing and Verifying the WebGate Upgrade
10.5
Backing Up Upgraded Access System Component Directories
10.6
Recovering From an In-place Access System Upgrade Failure
10.7
Looking Ahead
11
Upgrading Integration Components and an Independently Installed SDK
11.1
Upgrading Third-Party Integration Connectors
11.1.1
Integration Upgrade Prerequisites
11.1.2
Starting the Integration Connector Upgrade
11.1.3
Upgrading Security Provider for WebLogic SSPI
11.1.4
Finishing the Integration Connector Upgrade
11.2
Upgrading Independently Installed Software Developer Kits
11.2.1
SDK Upgrade Prerequisites
11.2.2
Starting the SDK Upgrade, Specifying a Target Directory and Languages
11.2.3
Upgrading the SDK Configuration and Verifying the Upgrade
11.3
Backing Up Upgraded Integration Connector or SDK Data
11.4
Recovering From an Integration Connector or SDK Upgrade Failure
11.5
Looking Ahead
Part IV Upgrading Your Customizations
12
Upgrading Your Identity System Customizations
12.1
Prerequisites and Guidelines
12.2
Upgrading Auditing and Access Reporting for the Identity System
12.2.1
Upgrading Auditing and Reporting with a Microsoft SQL Server
12.2.1.1
Database Record Sizing
12.2.2
Upgrading Auditing and Reporting with an Oracle Database
12.3
Combining Challenge and Response Attributes on a Panel
12.4
Confirming Identity System Failover and Load Balancing
12.5
Migrating Custom Identity Event Plug-Ins
12.6
Ensuring Compatibility with Earlier Portal Inserts
12.7
About Custom Items and Upgrades
12.8
Incorporating Customizations from Release 6.5 and 7.x
12.9
Incorporating Customizations from Releases Earlier than 6.5
12.9.1
Style Customization Prerequisites
12.9.2
Recreating Custom Style Directories in 10
g
(10.1.4.0.1)
12.9.3
Customizing New Stylesheets
12.9.4
Incorporating Custom Images
12.9.4.1
gifPathName and jsPathName Variables
12.9.5
Using New Customized Styles
12.9.6
Incorporating JavaScript Customizations
12.9.7
Handling Language-Specific Message Catalogs
12.9.7.1
Handling XSL Stylesheet Messages
12.9.7.2
Handling Messages for JavaScript
12.10
Validating Identity System Customization Upgrades
12.11
Backing Up Upgraded Identity System Customizations
12.12
Recovering from an Identity System Customization Upgrade Failure
12.13
Looking Ahead
13
Upgrading Your Access System Customizations
13.1
Prerequisites and Guidelines
13.2
Upgrading Auditing and Reporting for the Access Server
13.3
Confirming Access System Failover and Load Balancing
13.4
Upgrading Forms-based Authentication
13.5
Recompiling and Redesigning Custom Authentication and Authorization Plug-Ins
13.6
Recompiling Custom AccessGates for .NET 2 Support
13.7
Associating Release 6.1.1 Authorization Rules with Access Policies
13.8
Assuring Proper Authorization Failure Re-directs After Upgrading from 6.1.1
13.9
Updating the ObAMMasterAuditRule_getEscapeCharacter in Custom C Code
13.10
Validating Access System Customization Upgrades
13.11
Backing Up Upgraded Access System Customizations
13.12
Recovering from an Access System Customization Upgrade Failure
13.13
Looking Ahead
Part V Validating the Upgrade
14
Validating the Entire System Upgrade
14.1
Validating the Identity System Upgrade
14.2
Validating Access System Upgrades
14.3
Applying the Latest Patch Set
14.4
Preparing Upgraded Environments for 10
g
(10.1.4.3) Language Packs
14.4.1
English is the Default Language in the Upgraded 10.1.4 Environment
14.4.2
Non-English Default Language in the Upgraded 10.1.4 Environment
14.5
Restarting On-the-fly User Data Migration for In-place Upgrades
14.6
Deleting the Temporary Directory Server Profile
14.7
Reverting Backward Compatibility
14.7.1
Reverting Identity Server Backward Compatibility
14.7.2
Reverting Access Server Backward Compatibility
Part VI Upgrading Using the Zero Downtime Upgrade Method
15
Introduction to the Zero Downtime Upgrade Method
15.1
About Zero Downtime Upgrades and Planning
15.1.1
Deployment Scenarios for Zero Downtime Upgrades
15.1.2
Original and Clone Environments for the Zero Downtime Upgrade Method
15.1.2.1
The Original Environment
15.1.2.2
The Clone Environment
15.1.3
Hardware Requirements for Zero Downtime Upgrades
15.1.4
Web Server Requirements for Zero Downtime Upgrades
15.1.4.1
Web Server Support for Multiple Oracle Access Manager Releases
15.1.5
Directory Server Requirements for the Zero Downtime Upgrade
15.1.6
Schema and Data Upgrades with the Zero Downtime Upgrade Method
15.1.6.1
About The Schema Upgrade
15.1.6.2
About Configuration and Policy Data Upgrades
15.1.6.3
User-Data Migration and Multiple Values in Challenge and Response Attributes for LPM
15.1.7
Preparation Tasks for the Zero Downtime Method
15.1.8
Validation During a Zero Downtime Upgrade
15.1.9
Customization Upgrades Using the Zero Downtime Upgrade Method
15.2
Zero Downtime Upgrade Tasks and Sequencing
15.3
Duration of Zero Downtime Tasks and Validation
15.3.1
About Isolating the Original and Cloned Environments
15.3.2
About Retrieving Changes to the Original Branch Before Upgrading Original Instances
15.4
Zero Downtime Upgrade Tools, Processes, and Logs
15.4.1
About Mkbranch Mode Processing
15.4.2
About Schema Mode Processing
15.4.3
About Clone Mode Processing
15.4.4
About Original Mode (Prod) Processing
15.5
Backup and Recovery Strategies for Zero Downtime Upgrades
15.5.1
Recovery
15.5.2
Rolling Back
15.5.3
Reinstating Original Windows Registry Entries During a Rollback Operation
15.6
Developing a Plan for a Zero Downtime Upgrade
16
Upgrading the Schema, Data, and Clone System
16.1
Prerequisites Before Starting a Zero Downtime Upgrade
16.2
Preparing the Original Installation for a Zero Downtime Upgrade
16.2.1
Bringing Host Computers to Oracle Access Manager 10.1.4 Support Levels
16.2.2
Preparing Directory Server Instances and Data
16.2.3
Adding New Hardware or Earlier Instances to Your Deployment
16.2.4
Adding Profiles for Planned COREid Server Clones in the System Console
16.2.5
Adding Profiles for Planned WebPass Clones in the System Console
16.2.6
Associating WebPass Clone Profiles with COREid Server Clone Profiles
16.2.6.1
Viewing Details for Existing COREid Servers Associated with a WebPass
16.2.6.2
Associating a COREid Server Clone with a WebPass Clone
16.2.7
Adding New Directory Server Profiles for Cloned COREid Servers
16.2.8
About Entries for Access Manager Clones
16.2.9
Adding a Profile for Access Server Clones
16.2.10
Creating New Directory Server Profiles for Access System Clones
16.2.11
Associating Original WebGates with Access Server Clones
16.2.11.1
Alternative Procedure to Associate Original WebGates and Clone Access Servers
16.2.12
Recovering From Issues With Information Entered in the System Console
16.2.13
Rolling Back to the Starting Point After Entering Clone Details
16.3
Cloning Earlier Components for a Zero Downtime Upgrade
16.3.1
About Creating Clones
16.3.2
Setting Up the File System and Creating Clone Instances
16.3.3
Creating A New Web Server Instance for Cloned Web Components
16.3.4
Rolling Back Changes After Cloning Components
16.4
About Destination Creation and Obtaining Tools for a Zero Downtime Upgrade
16.4.1
Destination Creation: Extracting 10
g
(10.1.4.0.1) Libraries and Files
16.4.2
Obtaining Tools: Applying Release 10.1.4 Patch Set 1 (10.1.4.2.0)
16.5
Copying Configuration and Policy Data to a New Branch in the LDAP Directory Server
16.5.1
About Creating and Populating a New Branch in the LDAP Directory Server
16.5.2
Creating and Populating a New
oblix
Branch
16.5.3
Recovering from Problems With Populating the New Branch
16.5.4
Rolling Back Changes Made for the New
oblix
Branch
16.6
Configuring Cloned Components and Services
16.6.1
Configuring Cloned COREid Server Services and Details
16.6.2
Configuring Cloned WebPass Instances to Operate with Cloned COREid Servers
16.6.3
Setting Up the Cloned COREid System to Use the New Branch
16.6.4
Setting Up Cloned Access Managers to Use the New Branch
16.6.4.1
Updating Cloned Access Manager Web Server Configuration Files
16.6.4.2
Setting Up the Cloned Access Manager to use the New Branch
16.6.5
Configuring Cloned Access Servers
16.6.6
Isolating Environments
16.6.6.1
Isolating the Clone Setup and Providing WebGate Coverage
16.6.6.2
About Isolating the Original Setup
16.6.7
Rolling Back Changes for Reconfigured Clones
16.7
Upgrading the Schema During a Zero Downtime Upgrade
16.7.1
About Upgrading the Schema
16.7.2
Upgrading the Identity System Schema
16.7.3
Upgrading the Access System Schema
16.8
Validating Successful Operations in Your Environment
16.8.1
Validating Identity System Operations
16.8.2
Validating Access System Operations
16.8.3
Rolling Back After the Schema Upgrade
16.9
Upgrading the Cloned Identity System
16.9.1
Turning Off the Access Server Cache Flush
16.9.2
Preparing Cloned Identity System Components for the Upgrade
16.9.3
Upgrading Cloned COREid Servers
16.9.4
Upgrading Cloned WebPass Instances
16.9.5
Validating the Upgraded Cloned Identity System
16.9.6
Backing Up Upgraded Identity System Clones
16.9.7
Recovering From a Cloned Identity System Upgrade Failure
16.9.8
Rolling Back After Upgrading Identity System Clones
16.9.9
Looking Ahead
16.10
Renaming Audit Files After Upgrading Identity System Clones
16.11
Upgrading Identity System Customizations
16.12
Upgrading the Cloned Access System
16.12.1
Preparing Cloned Access System Components for the Upgrade
16.12.2
Upgrading Cloned Access Manager Instances
16.12.3
Upgrading Cloned Access Servers
16.12.4
Validating the Upgraded Cloned Access System
16.12.5
Backing Up Upgraded Access System Clones
16.12.6
Recovering from a Failed Cloned Access System Component Upgrade
16.12.7
Rolling Back After Upgrading Access System Clones
16.12.8
Looking Ahead
16.13
Upgrading SDKs, Integration Connectors, and Access System Customizations
17
Upgrading the Original System
17.1
Prerequisites For Original Upgrades with the Zero Downtime Method
17.2
Retrieving Changes in the Original Branch Before Upgrading Originals
17.3
Reconfiguring Domain Name Systems (DNS) to Use Upgraded Clones
17.4
Upgrading Your Original Identity System
17.4.1
About Upgrading Original Identity System Instances
17.4.2
Turning Off the Access Server Cache Flush
17.4.3
Preparing Original Identity System Components for the Upgrade
17.4.4
Upgrading Original COREid Servers that are Associated with a Single WebPass
17.4.5
Configuring Upgraded Original COREid Servers
17.4.6
Upgrading An Original Associated WebPass Instance
17.4.7
Configuring the Upgraded Original WebPass for Upgraded COREid Servers
17.4.8
Adding a Temporary Directory Profile for Original Access System Upgrades
17.4.9
About Creating Individual Profiles for WebGates that Share a Profile
17.4.10
Setting Up the Upgraded Original Identity System
17.4.11
Validating the Upgraded Original Identity System
17.4.12
Backing Up the Upgraded Original Identity System
17.4.13
Recovering From an Original Identity System Upgrade Failure
17.4.14
Rolling Back After Upgrading the Original Identity System
17.4.15
Looking Ahead
17.5
Upgrading SDKs and Identity System Customizations
17.6
Upgrading Your Original Access System
17.6.1
About Upgrading Original Access System Instances
17.6.2
Preparing Original Access System Components for the Upgrade
17.6.3
Creating Individual Profiles for WebGates that Share a Profile
17.6.4
Upgrading An Original Access Manager Instance
17.6.5
Setting Up the Upgraded Original Access Manager
17.6.5.1
Setting Up the Original Access Manager to Use the New Branch
17.6.6
Configuring Original Access Servers to Use the New Branch
17.6.7
Upgrading Original Access Server Instances
17.6.8
Upgrading Original WebGates
17.6.8.1
Upgrading Original WebGates
17.6.8.2
Reconfiguring Upgraded WebGates
17.6.9
Validating the Upgraded Original Access System
17.6.10
Backing Up the Upgraded Original Access System
17.6.11
Recovering From an Original Access System Upgrade Failure
17.6.12
Rolling Back After Upgrading the Original Access System
17.6.13
Looking Ahead
17.7
Upgrading SDKs, Integration Connectors, and Access System Customizations
17.8
Validating the Entire Upgraded Original Environment
17.9
Starting On-the-fly User Data Migration
17.10
Reconfiguring Domain Name Systems to Use the Upgraded Original Deployment
17.11
Deleting the Temporary Directory Server Profile
17.12
Reverting Backward Compatibility
17.13
Removing the Cloned System After Upgrading Originals
Part VII Appendixes
A
Oracle Access Manager Directory Structure Changes
A.1
About the 10
g
(10.1.4.0.1) Directory Structure
A.1.1
\lang Directory and \
langtag
Subdirectories
A.1.2
\logs Directory
A.1.3
\obsymbols Directory
A.1.4
\reports Directory
A.1.5
\scoreboard Directory
A.1.6
\WebServices Directory
A.2
Identity Server Directories
A.3
WebPass Directories
A.4
Directories for Access System Components
A.4.1
Subdirectories for the Policy Manager
A.4.2
Subdirectories for the Access Server
A.4.3
Subdirectories for WebGate
A.5
PresentationXML Directories
A.5.1
PresentationXML Directories with Oracle Access Manager Release 6.5 and Later
A.5.2
PresentationXML Directories Before Oracle Access Manager 6.5
A.5.3
Message Storage
B
Migrating from a Solaris Platform to a Linux Platform While Upgrading
B.1
About Migrating from a Solaris Platform to a Linux Platform
B.2
Considerations for Upgrades with a Solaris to Linux Switch
B.2.1
Considerations for Identity Server and Policy Manager Components
B.2.2
Considerations for Oracle Access Manager Web Components
B.3
Prerequisites and Preparation
B.3.1
Preparing Your Linux Host
B.3.2
Installing Oracle Access Manager 10
g
(10.1.4.0.1) Components on the Linux Host
B.3.3
Making Earlier Installation Directories on Solaris Available to the Linux Host
B.3.4
Finishing Host Preparation
B.4
Upgrading Identity System Components while Switching to Linux
B.4.1
Upgrading Identity Servers while Switching to Linux
B.4.2
Upgrading WebPass Instances while Switching to Linux
B.4.3
Finishing the Identity System Upgrade After Switching to Linux
B.4.3.1
Re-configuring the Identity Server for Its Linux Host
B.4.3.2
Reconfiguring WebPass To Communicate with the Identity Server on Linux
B.4.4
Validating and Backing up the Upgraded Identity System
B.4.4.1
Validating your Identity System Upgrade
B.4.4.2
Backing Up Upgraded Identity Component Information
B.5
Upgrading Access System Components while Switching to Linux
B.5.1
Upgrading Policy Manager Instances while Switching to Linux
B.5.2
Upgrading Access Servers while Switching to Linux
B.5.3
Upgrading WebGates while Switching to Linux
B.5.4
Finishing the Access System Upgrade with a Solaris to Linux Switch
B.5.4.1
Reconfiguring Access Servers
B.5.4.2
Reconfiguring WebGate
B.5.5
Validating and Backing up the Upgraded Access System
B.5.5.1
Validating the Upgraded Access System
B.5.5.2
Backing Up Upgraded Access System Component Directories
B.6
Applying the Latest Patch Set
B.7
Recovering From an Identity Component Upgrade Failure
B.8
Recovering From an Access System Upgrade Failure
C
Upgrade Process and Utilities
C.1
About Upgrade Events
C.2
MigrateOAM Script for Zero Downtime Upgrades
C.3
Primary Utility: obmigratenp
C.4
File Upgrade: obmigratefiles
C.5
Message and Parameter Upgrade: obmigrateparamsg
C.6
Schema Upgrade: obmigrateds
C.7
Data Upgrade: obmigratedata
C.8
Web Server Upgrade: obmigratews
C.9
Component-Specific Upgrades
C.9.1
Identity Server: obMigrateNetPointOis
C.9.2
WebPass: obMigrateNetPointWP
C.9.3
Policy Manager: obMigrateNetPointAM
C.9.4
Access Server: obMigrateNetPointAAA
C.9.5
WebGate: obMigrateNetPointWG
C.9.6
Software Developer Kit (SDK): obMigrateNetPointASDK
D
Manual Schema and Data Upgrades
D.1
About Upgrading Schema and Data Manually
D.2
Upgrading the Schema Manually
D.3
About Upgrading Data Manually
D.4
Upgrading Data Manually
D.4.1
Suppressing Automatic Data Upgrades
D.4.2
Upgrading the Configuration Tree Manually
D.4.3
Removing Obsolete Schema Elements for Release 6.5 and 7.0
D.4.3.1
Cleaning Up Obsolete Elements During Identity Server Upgrades
D.4.3.2
Cleaning Up Obsolete Elements During Policy Manager Upgrades
D.4.4
Uploading the Generated LDIF
D.4.5
Upgrading User Data Manually
D.5
Sample Default obmigratenpparams.lst File
D.6
Sample data_520_to_600_xxx.lst
E
Upgrading Sun Web Server Version 4 to Version 6 on Windows 2000
E.1
Upgrading Sun Web Server version 4.x to version 6
E.2
Configuring the New Web Server Instance
E.2.1
Configuring magnus.conf
E.2.2
Configuring obj.conf
E.3
Troubleshooting
F
Planning and Tracking Summaries
F.1
About Planning for the Upgrade
F.2
Summary of General Details Needed for Upgrade Planning
F.3
Summary of Information Needed for Directory Server Instances
F.4
Summary of DIT and Object Definition Details
F.5
Summary of Directory Server/RDBMS Profile Details
F.6
Summary of Database Instance Profile Details
F.7
Summary of Details Needed for Earlier Identity Servers
F.8
Summary of Details Needed for Earlier WebPass Instances
F.9
Summary of Details Needed for Earlier Policy Manager Instances
F.10
Summary of Details Needed for Earlier Access Servers
F.11
Summary of Details Needed for Earlier WebGates/AccessGates
F.12
Summary of Details for Integration Components and Independently Installed SDKs
F.13
Summary of Details Needed for Customizations
F.14
Summary of Schema and Data Preparation Tasks
F.15
Summary of Upgrading Schema and Data: In-Place Upgrade Method
F.16
Summary of Component Preparation Tasks
F.17
Summary of In-Place Upgrade Tasks
F.18
Summary of a Zero Downtime Upgrade Tasks
F.19
Summary for Integration Connector/SDK Upgrade Tasks
F.20
Summary for Customization Upgrade Tasks
F.21
Summary of Validating the Entire Upgrade
G
Troubleshooting the Upgrade Process
G.1
Accessing Log Files
G.2
Accessing Data Issues
G.3
Access Server Not Processing Earlier WebGate Data Properly
G.4
Auditing and Access Reporting Issues
G.5
Authentication Failures
G.6
Authorization Failure Re-direct Problems After Upgrading from 6.1.1
G.7
Challenge and Response Phrase Issues
G.8
Challenge Response Might Not Convert Properly
G.9
Compatibility of Earlier Plug-ins in the Upgraded Environment
G.10
Customized Styles, Images, and JavaScript
G.11
Deleting the vpd.properties File
G.12
Ensuring Compatibility with Earlier Portal Inserts
G.13
Failover and Load Balancing Issues in Upgraded Environments
G.14
Identity Server Not Processing Data from Earlier Plug-ins
G.15
IdentityXML Calls Fail After WebGate Install
G.16
Language Issues
G.17
LDAP Add Errors in a Replicated Environment
G.18
Manual Schema Upload Fails
G.19
Mime_types -related Customizations Not Retained
G.20
NPTL Requirements and Post-Installation Tasks
G.21
Page Not Found Error While Accessing the Access or Identity URL
G.22
Searches Are Slow
G.23
Simple Mode Password File Not Converted During Upgrade
G.24
Troubleshooting Sun Web Server Upgrades
G.25
Users Cannot Log In
G.26
Users Who Do Not Satisfy a Large Group Dynamic Filter Are Part of the Group
G.27
WebSphere Application Server 6.1 Registrytester File is Missing
G.28
Weblogic Connectors Simple Mode Password File is Not Migrated
G.29
WebSphere Application Server and Portal Server Upgrades
G.30
Zero Downtime Upgrade Issues
G.30.1
Creating a New Branch During Zero Downtime Upgrade when the a DN Contains a Space
G.30.2
Generating a New Registry Key To Use When Rolling Back an Original Instance Upgrade
G.30.3
No Registry Key for Upgraded Web Component Clones with IIS v5
Index