13 Upgrading Oracle Identity Manager Environment

This chapter describes how to upgrade the existing 9.1 Oracle Identity Manager to Oracle Identity Manager 11g. For information on starting point for Oracle Identity Manager upgrade, see Section 9.3, "Supported Starting Points for Oracle Identity Manager".

This chapter contains the following sections:

Notes:

• You cannot upgrade Oracle Identity Manager 9.1 running on Microsoft SQL database to Oracle Identity Manager 11g.

• If you have an existing Oracle Identity and Access Management 11g Release 1 (11.1.1.3.0) installation then you can patch it to Oracle Identity and Access Management 11g Release 1 (11.1.1.5.0) as described in the chapter "Patching Oracle Identity and Access Management" in the Oracle Fusion Middleware Patching Guide.

• Upgrade Overview

• Prerequisites

• Task 1: Identify and Prepare Oracle Database for Oracle Identity Manager 11g (Optional)

• Task 2: Use the Repository Creation Utility to Create the Schema in the Database

• Task 3: Install Oracle Fusion Middleware

• Task 4: Use Upgrade Assistant to Upgrade the Oracle Identity Manager Schema

• Task 5: Create a WebLogic Domain for Oracle Identity Manager

• Task 6: Start the WebLogic Administration Server

• Task 7: Configure Oracle Identity Manager Server 11g

• Task 8: Configure Node Manager to Start Managed Servers

• Task 9: Start the SOA Managed Server

• Task 10: Start the Oracle Identity Manager Managed Server

• Task 11: Stop the Oracle Identity Manager Managed Server

• Task 12: Use Upgrade Assistant to Upgrade Oracle Identity Manager Middle Tier

• Task 13: Start the Oracle Identity Manager Managed Server

• Task 14: Complete Any Required Oracle Identity Manager Post-Upgrade Tasks

• Task 15: Verify the Oracle Identity Manager Upgrade

13.1 Upgrade Overview

When you run Upgrade Assistant to upgrade from Oracle Identity Manager 9.1 to Oracle Identity Manager 11g, the Upgrade Assistant upgrades most of the Oracle Identity Manager 9.1 configuration to Oracle Identity Manager 11g.

This section describes some of the key differences in Oracle Identity Manager 11g such as the following:

• Application Server and JVM Support

• Database Support

• Request Management

• Authorization

• Access Policy

• Approval Process

• Scheduled Tasks

• User Interfaces Customization

• Object Forms

• Prepopulate Adapters

• Task Assignment Adapters

• Event Handlers

• Signature-Based Login

• Application Programming Interface

• Task Assignments

• After You Upgrade

13.1.1 Application Server and JVM Support

Oracle Identity Manager 11g only supports Oracle WebLogic Server as the deployment platform. Other application Servers such as OC4J, IBM WebSphere, and JBoss are not supported. Table 13-1 gives a comparison between the Application Server and JVM combinations supported for Oracle Identity Manager 9.1 and Oracle Identity Manager 11g.

Table 13-1 Application Server and JDK Support for Oracle Identity Manager 11g

Oracle Identity Manager 9.1	Oracle Identity Manager 11g
Oracle WebLogic Server on Sun JDK, Oracle JRockit, or HP JDK.	Oracle WebLogic Server on Sun JDK or JRockit JDK.
JBoss Application Server on Sun JDK, Oracle JRockit, or HP JDK.	Oracle WebLogic Server on Sun JDK or JRockit JDK.
OC4J on Sun JDK, Oracle JRockit, or HP JDK.	Oracle WebLogic Server on Sun JDK or JRockit JDK.
IBM WebSphere Application Server on IBM JDK	Oracle WebLogic Server on Sun JDK or JRockit JDK.

Note:

When you are upgrading to Oracle Identity Manager 11g ensure that you use the same JDK provided that you used in Oracle Identity Manager 9.1.

13.1.2 Database Support

Oracle Identity Manager 9.1 supports Microsoft SQL Server and Oracle Database. In Oracle Identity Manager 11g only Oracle Database is supported.

13.1.3 Request Management

Oracle Identity Manager 11g supports:

• SOA Composite based approval processes

• New types of Requests like Create User and Assign Roles

• Enhanced Bulk Request

• Request Templates

Note:

Oracle Identity Manager 11g does not support organization - based request - provisioning.

Many Oracle Identity Manager 9.1 request related customizations may no longer be necessary after upgrading to Oracle Identity Manager 11g, since they are available out-of-the box. For more information about request related features refer to the Oracle Fusion Middleware User's Guide for Oracle Identity Manager.

13.1.4 Authorization

Application access controls to perform various operations are controlled by the authorization engine embedded in Oracle Identity Manager 11g with the help of authorization policies. The authorization policies determine at runtime whether a user is allowed to perform a particular action or not. You can define authorization policies that satisfy the authorization requirements within Oracle Identity Manager 11g.

In Oracle Identity Manager 9.1, each component defined and managed its own authorization policy user interface and backend implementation.

In Oracle Identity Manager 11g, authorization policy management is centralized as an administrative feature and enforced by an embedded version of Oracle Entitlements Server. These authorization policies secure access control to the Oracle Identity Manager 11g application, thereby defining "who can do what" inside the application.

In Oracle Identity Manager 9.1, all data related to Organization Administrator was stored in the AAD table in the Oracle Identity Manager schema. This information is primarily used to ascertain the user groups which are allowed to perform operations on the respective organizations and hence the users in that organization.

In Oracle Identity Manager 11g, during the upgrade process the contents of AAD table will be read and an Oracle Entitlements Server policy will be created for User Management feature.

In Oracle Identity Manager 9.1, all data related to Group Administrator was stored in GPP table in the Oracle Identity Manager schema. This information is primarily used to ascertain the user groups, which are allowed to perform operations on the other groups they manage.

In Oracle Identity Manager 11g, during the upgrade process the contents of GPP table will be read and an Oracle Entitlements Server policy will be created for User Management feature.

For more details about Oracle Entitlements Server, see http://www.oracle.com/technology/products/id_mgmt/oes/index.html.

13.1.5 Access Policy

Access policies are a list of roles to which you define roles for provisioning resources to users that are members of the roles to which the access policy is attached. Access policies are defined using the Create Access Policy and Manage Access Policies menu items in the Oracle Identity Manager 11g Administrative and User Console. For more information, see the Oracle Fusion Middleware User's Guide for Oracle Identity Manager.

13.1.6 Approval Process

Table 13-2 shows how the approval process differ when you upgrade from Oracle Identity Manager 9.1 to Oracle Identity Manager 11g.

Table 13-2 Approval Process

Oracle Identity Manager 9.1	Oracle Identity Manager 11g
Approval Processes	SOA Composites
Process Determination Rules	Approval Policies

When you run Upgrade Assistant for upgrading the Oracle Identity Manager middle tier upgrade, a report is generated. This report lists the new approval policies and SOA composites that will be created during the upgrade. This report is located at IDM_HOME/upgrade/workflow/report.html.

After upgrading from Oracle Identity Manager 9.1 to Oracle Identity Manager 11g, note the following:

• Some of the approval processes may not be fully converted to SOA composites. These SOA composites must be manually modified.

• The generated SOA composites are not automatically deployed to the SOA Server. After you complete the upgrade process, you can deploy SOA composite to SOA server as described in "Deploying the SOA Composite" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

• For all the approval processes that are specific to a resource, the corresponding approval policies created as part of the upgrade will be at the operational level. For the approval processes associated with the resource “Request”, the corresponding approval policies created will be at the request level. For more information about approval policy, refer to the Oracle Fusion Middleware User's Guide for Oracle Identity Manager.

• Approval processes associated with organization provisioning are not upgraded as part of the middle tier upgrade. Request-based organization provisioning is not supported in Oracle Identity Manager 11g.

• Approval policies that are created during the upgrade will always be associated with DefaultOperationalApproval. Workflow upgrade report will specify this information.

• E-mail templates associated with approval processes will not be migrated to SOA composites.

Note:

Oracle recommends you to reuse similar SOA composites as approval processes for different resources.

For more information, see Task 14: Complete Any Required Oracle Identity Manager Post-Upgrade Tasks.

The Approval process is partially upgraded if:

• Event handlers or adapters are associated with System Validation and provide Information tasks.

• Task information is used in creating the task assignment rule.

• Process information is used in framing the task assignment rule with attributes, such as Process Name and Process Type.

• Task of the approval process is associated with the Task Assignment Adapter or Event Handler or Process Task Adapter.

13.1.7 Scheduled Tasks

After upgrade, all scheduled tasks are migrated automatically to the Oracle Identity Manager 11g Scheduled Tasks and Jobs. For more information, see "Managing Scheduled Tasks" in the Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager.

The content of the Oracle Identity Manager 9.1 Job History will be obsolete after you upgrade to Oracle Identity Manager 11g.

13.1.8 User Interfaces Customization

In Oracle Identity Manager 9.1 you can customize the following components of your Oracle Identity Manager Administrative and User Console:

• General page layout

• Descriptive text, labels, and error messages

• Colors, fonts, and alignment

• Logos

• Self-registration, user initiated profile editing, and related approvals

• Field configuration on pages

• Menu selections that are available to users

Oracle Identity Manager 11g upgrade process does not retain the above customizations done in Oracle Identity Manager 9.1 environment. You must recreate user interface customizations after you upgrade to Oracle Identity Manager 11g. If the user interface is an ADF-based page, then the user interface customization needs to done using ADF Faces technology. Transitional-UI-based pages can be customized using the same Oracle Identity Manager 9.1 Struts-based technology. For more information on user interface customizations, see "Customizing Oracle Identity Manager Interfaces"refer to the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

Notes:

• Visible menu items cannot be customized by changing menu permissions.

• User Defined Fields request form are not upgraded to Oracle Identity Manager 11g.

13.1.9 Object Forms

As part of the upgrade process, all the object forms are converted to request datasets. The dataflow mappings are also migrated to request datasets. After upgrading to Oracle Identity Manager 11g you must reattach a prepopulate adapter to a form field. For more information, see Rewriting Prepopulate Adapters.

13.1.10 Prepopulate Adapters

Prepopulate adapters attached to Oracle Identity Manager 9.1 Object Forms should be converted or re-implemented as prepopulate plug-ins in Oracle Identity Manager 11g. For Process Forms, the prepopulate adapters work similarly to how Prepopulate adapters worked in Oracle Identity Manager 9.1. After upgrade you must complete the steps described in Rewriting Prepopulate Adapters.

13.1.11 Task Assignment Adapters

Task Assignment adapters associated with approval tasks are not upgraded. The task assignment logic of approval tasks that correspond to approval processes should be re-written as SOA composites. For more information, see Using Generated SOA Composite as Approval Process.

13.1.12 Event Handlers

In Oracle Identity Manager 9.1, event handlers provided the capability to add various customizations on a certain data object life cycle events like Insert, Update, or Delete using Data Object Manager in the Design Console.

In Oracle Identity Manager 11g, User Management, Role Management and Request have been redesigned to use the Orchestration Framework where you can define various event handlers for life cycle management events like Create, Update, or Delete. The orchestration framework also provides the capability for event handlers to be executed in either a synchronous or asynchronous fashion. Table 13-3 shows the mapping for Role entity. Similar mapping will also be applicable for User and Request entities.

Table 13-3 Event Handlers Mapping

Form Name	Handler	Stage	Action
User Group	Pre Insert	Pre Processing	CREATE
User Group	Post Insert	Post Processing	CREATE
User Group	Pre Update	Pre Processing	MODIFY
User Group	Post Update	Post Processing	MODIFY
User Group	Pre Delete	Pre Processing	DELETE
User Group	Post Delete	Post Processing	DELETE

13.1.13 Signature-Based Login

In Oracle Identity Manager 9.1, connecting remotely to Oracle Identity Manager and execute Oracle Identity Manager APIs was done by signature-based login. Oracle Identity Manager 11g supports signature-based login. However, Oracle recommends that you use the username-password approach for logging into Oracle Identity Manager. To do this in a secure manner, use the Credential Store Framework. For more information, see Oracle Fusion Middleware Application Security Guide.

13.1.14 Application Programming Interface

Oracle provides a network-aware, Java-based application programming interface (API) that exposes services available in Oracle Identity Manager. This API is based on Plain Old Java Objects (POJO) and handles the plumbing required to interact with Oracle Identity Manager. This API can be used for building clients for Oracle Identity Manager and for integrating third-party products with the Oracle Identity Manager platform.

In Oracle Identity Manager 11g, some of the legacy APIs have been rewritten to use the new architecture. The corresponding utility services or interface classes have been changed. Table 13-4 provides a high-level mapping between the legacy and new interfaces.

Table 13-4 API Mapping

Legacy Service	New Service
Thor.API.Operations.tcUserOperationsIntf	oracle.iam.identity.usermgmt.api.UserManager
Thor.API.Operations.tcGroupOperationsIntf	oracle.iam.identity.rolemgmt.api.RoleManager
Thor.API.Operations.tcOrganizationOperationsIntf	oracle.iam.identity.orgmgmt.api.OrganizationManager
Thor.API.Operations.tcRequestOperationsIntf	oracle.iam.request.api.RequestService
Thor.API.Operations.tcSchedulerOperationsIntf	oracle.iam.scheduler.api.SchedulerService
Thor.API.Operations.tcEmailOperationsIntf	oracle.iam.notification.api.NotificationService

Note:

You must manually implement and compile the APIs after you upgrade to Oracle Identity Manager 11g. For more information, see "Using APIs" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

13.1.15 Task Assignments

In Oracle Identity Manager 11g, some of the task assignments have been rewritten to use new architecture. Table 13-5 provides a high-level mapping between the legacy and new assignment types.

After upgrading to Oracle Identity Manager 11g, you need to manually reimplement task assignment logic in SOA composite.

Table 13-5 Assignment Types

Assignment Types in Oracle Identity Manager 9.1	Assignment Types in Oracle Identity Manager 11g
Object Administrator User with Least Load	Object Administrator User with Least Load
Object Administrator	Object Administrator
Object Authorizer User with Highest Priority	This will be assigned to role Object Authorizer
Group User With Highest Priority	'This will assigned to role
Object Authorizer User with Least Load	Object Authorizer User with Least Load
Requestor's Manager	Requestor's Manager
Request Target Users Manager	Beneficiary Manager Approval
Group User with Least Load	Group User with Least Load
Group	This will be assigned to role

After upgrading to Oracle Identity Manager 11g:

• Process tasks assigned to Group User With Highest Priority will be modified and assigned to Group User With Least Load.

• Process tasks assigned to Object Authorizer User With Highest Priority will be modified and assigned to Object Authorizer User With Least Load.

13.1.16 After You Upgrade

After upgrading to Oracle Identity Manager 11g:

• Event handlers associated with User data object has been removed from Oracle Identity Manager 11g:

  • tcUSRcheckACT

  • tcUSRTriggerUserProcesses

  • tcUSRCheckUsrOrgChange

  • tcUSRautoGroupMembership

  • tcUSRevaluatePolicies

• The logged-in user can not create a user in other organizations but can see all the organizations.

• Users cannot modify manager or organization attributes that is created by other organization.

• All approval tasks for new requests will be assigned to System Administrator (xelsysadm).

• All credentials are moved to the CSF Store.

• Vacation rules for each Oracle Identity Manager 9.1 proxy user is automatically created.

• Custom jars (Located at OIM_HOME/JavaTasks, OIM_HOME/ScheduleTask, and OIM_HOME/ThirdParty) and custom resource bundles stored in the file system folder in Oracle Identity Manager 9.1 are move to Oracle Identity Manager 11g schema.

• The ALL USERS role cannot be assigned to the XELSYSADM user. Oracle recommends that you do not have resources or entitlements in target applications granted due to the ALL USERS role.

13.2 Prerequisites

You must complete the following prerequisites before upgrading to the Oracle Identity Manager 11g environment:

• Backing Up the Oracle Identity Manager 9.1 Database

• Running Pending Transaction Report Utility

• Running OSI Data Upgrade Utility

• Running Schedule Task to Process the Audit Messages

• Emptying JMS queues

• Circular Dependencies for Approval Workflow

13.2.1 Backing Up the Oracle Identity Manager 9.1 Database

Ensure that you back up your existing Oracle Identity Manager database. For more information see:

• Oracle9i Backup and Recovery Documentation Online Roadmap

• Oracle Database Backup and Recovery Basics 10g Release 2 (10.2)

• Oracle Database Backup and Recovery Reference 11g Release 1 (11.1)

13.2.2 Running Pending Transaction Report Utility

You must run the pending transaction report utility to analyze your Oracle Identity Manager 9.1 before you start the upgrade process. You must download the pending transaction report utility as described in the note 1316738.1 note at https://support.oracle.com and complete the following steps:

1. Set the environment variables as shown in Table 13-6:

   Table 13-6 Environment Variables

   Environment Variable	Values
   MW_HOME	Specify the path of the Oracle Identity Manager's Middleware home. The following example shows the full path: /oracle/Middleware
   WL_HOME	Specify the path of the Oracle WebLogic Server home. The following example shows the full path: oracle/Middleware/wlserver_10.3
   JAVA_HOME	Specify the path of the Java home. The following example shows the full path: MW_HOME/jdk160_24/
   XEL_HOME	Specify the path of the Oracle Identity Manager 9.1 server home. The following example shows the full path: /installServer/Xellerate

   
   

2. Run generatePendingTransactionReport.bat (Located at MW_HOME\Oracle_IDM1\server\bin) for Windows or generatePendingTransactionReport.sh (Located at MW_HOME/Oracle_IDM1/server/bin) for UNIX and provide the following details:

   • jdbc url [hostname:portname:sid]

   • Oracle Identity Manager schema username

   • Oracle Identity Manager schema password

   • Directory where you save the reports.

The pending transaction report utility generates a report which includes the following details:

• Pending Recon: This includes all events that are deferred to a later date.

• Pending Request: This includes all requests (including self registration) pending approval.

• JMS Queues: This includes all messages, which are in unprocessed state. A JMS message is submitted in case of off-line provisioning. So this report will provide details of the entire pending provisioning task including task, which are initiated in offline mode.

The following are the pending transactions which can exist in your environment:

• All pending recon events generated in OIM 9.1 must be processed. Failed events will not be upgraded, if left unaddressed.

• All pending approval tasks generated in Oracle Identity Manager 9.1 must be processed. Pending approval tasks will not be upgraded, if left unaddressed. Ensure that these reach a final state before the Upgrade.

• Scheduled task execution history in Oracle Identity Manager 9.1 will not be upgraded. Ensure that you finish all pending scheduled tasks and there is no scheduled task running during the upgrade period.

• Any asynchronous audit processing must be processed in Oracle Identity Manager 9.1 before upgrading to Oracle Identity Manager 11g.

• All JMS queues should be empty. JMS messages in regular or error queues will not be migrated in Oracle Identity Manager 11g. Wait for all JMS messages to be consumed, take proper manual actions for JMS error messages and clean all JMS tables before upgrading to Oracle Identity Manager 11g. For more information, see Emptying JMS queues.

13.2.3 Running OSI Data Upgrade Utility

You must run the OSI Data Upgrade utility for Oracle Identity Manager 9.1 before you start the upgrade process. To do so, refer to the note 1303215.1 at https://support.oracle.com.

Notes:

• Ensure that you back up your existing Oracle Identity Manager database as described in Section 13.2.1, "Backing Up the Oracle Identity Manager 9.1 Database".

• OSI Data Upgrade utility is available with the Oracle Identity Manager 9.1.0.2 Bundle Patch 15.

13.2.4 Running Schedule Task to Process the Audit Messages

Oracle recommends you to run the Issue Audit Messages Task schedule task to process pending audit messages for Oracle Identity Manager 9.1.

13.2.5 Emptying JMS queues

You must empty the JMS queues to ensure that the JMS messages are processed before you start the upgrade. To do so, complete the following:

1. Disable access by end-users, SPML, or API clients to Oracle Identity Manager. The steps to do this will depend on your existing environment. For example, you can modify the firewall configuration to deny end-users access to Oracle Identity Manager or if you have fronted the Oracle Identity Manager application server with a Oracle HTTP server then you can shutdown the Oracle HTTP server but ensure that the application server is up and running. Any SPML or API clients (For example, Active Directory Password Synch or any custom clients) can be shutdown.

2. Disable all scheduled tasks using the Design Console. For more information, see Oracle Identity Manager Design Console Guide.

3. Monitor the JMS queues and allow Oracle Identity Management to run for some time, until all JMS queues except error queues (e.g. xlErrorQueue), are empty.

4. Stop the Oracle Identity Manager 9.1. Depending on the application server you use, see the Oracle Identity Management Release 9.1.0.1 documentation library for more information.

See:

For more information, see the Oracle Identity Management Release 9.1.0.1 documentation library at: https://download.oracle.com/docs/cd/E14049_01/index.htm

13.2.6 Circular Dependencies for Approval Workflow

Oracle Identity Manager 11g does not support circular dependencies for approval workflow where a approval task you create for example task1 response to another approval task for example task2, and task2 response is set to task1. Before you start the upgrade process, you must remove task2 from the response generated tasks in task1 using the Design Console. For more information, see Oracle Identity Manager Design Console Guide.

13.3 Task 1: Identify and Prepare Oracle Database for Oracle Identity Manager 11g (Optional)

This is an optional step, for an out-of-place upgrade using a new database instance and schema. Before upgrading to Oracle Identity Manager 11g, you must decide on one of the following option for the Oracle database:

• Importing the Existing Oracle Identity Manager 9.1 Database

• Installing a New Oracle Database

The database must also be compatible with Oracle Fusion Middleware Repository Creation Utility (RCU), which is used to create the schemas that Oracle Identity Management components require. For information about RCU requirements, refer to the system requirements document at the following Web site:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requirements-100147.html

13.3.1 Importing the Existing Oracle Identity Manager 9.1 Database

You can import the Oracle Identity Manager 9.1 Database to Oracle Identity Manager 11g database. To do so, complete the following steps:

1. Set the environment variables, by running the following commands on the command line:

   export ORACLE_HOME= <Installlation directory of oracle Database, for example: /app/product/11.1.0/db_1
   export ORACLE_SID=orcl
   export PATH=$PATH:app/product/11.1.0/db_1/bin 
   

2. Create the user, by running prepare_xl_db.sh command (Located at: OIM9101/installServer/Xellerate/db/oracle in UNIX) or prepare_xl_db.bat command (Located at: OIM9101\installServer\Xellerate\db\oracle in Windows) on the command line and enter the required information as shown in the following example:

   ## Enter the ORACLE HOME directory or Press [Enter] to
      accept the default Oracle/product/11.1.0/db_1 as ORACLE_HOME.
    
   ## Current database <ORACLE_SID> is orcl
      Do you want to continue with this database [y,Y,n,N] ?
    
   y
    
   ## Enter the Oracle Identity Manager user name
    
   oim1
    
   ## Enter the password for Oracle Identity Manager (oimn1) user
    
   ## Enter the tablespace to hold the Oracle Identity Manager user data
    
   oimn1
    
   ## Enter the directory to store the datafile for the Oracle Identity Manager tablespace
    
   /Oracle
    
   ## Enter the name of the datafile without the extension .dbf
      (For e.g. xeltspace_01)
    
   oim1
    
   ## Enter the Temporary tablespace for Oracle Identity Manager User
    
   temp
    
   Validating the given inputs...
   Validating the given inputs is done.
    
   Preparing the database for Oracle Identity Manager. Please wait...
    
   Database preparation is successful. Please check the log
   file prepare_xell_db.lst for more info.
   

3. Export Oracle Identity Manager 9.1 database, as shown in the following example:

   expdp system/welcome@psr  DIRECTORY=DATA_PUMP_DIR SCHEMAS=Name_OIM  DUMPFILE= expmOIMa%U.dmp,expmOIMb%U.dmp,expmOIMc%U.dmp,expmOIMd%U.dmp PARALLEL=4 LOGFILE=exp_ilt_oim_OIM_05jan.log   content=ALL JOB_NAME=exp_05jan
   

4. Import Oracle Identity Manager 9.1 database, as shown in the following example:

   Note:

   Ensure that you set NLS_LANG to match the database charset before importing. If you do not set the NLS_LANG correctly, you will get the following warnings:

   • EXP-00091: Exporting questionable statistics

   • non-English characters in your data may become corrupted

   impdp system/welcome@psr  DIRECTORY=DATA_PUMP_DIR SCHEMAS=Name_OIM  DUMPFILE= expmOIMa%U.dmp,expmOIMb%U.dmp,expmOIMc%U.dmp,expmOIMd%U.dmp PARALLEL=4 LOGFILE=imp_ilt_oim_OIM_05jan.log   content=ALL JOB_NAME=imp_05jan
   

13.3.2 Installing a New Oracle Database

If you do not have an Oracle Database installed, then you can install an Oracle Database before you can install Oracle Identity Manager 11g. The database must be up and running to install the Oracle Identity Manager 11g. The database does not have to be on the same system where you are installing the Oracle Identity Manager 11g.

Note:

Ensure that the following database parameters are set:

• 'aq_tm_processes' >= 1

• 'db_cache_size' >= '150994944'

• 'java_pool_size'>= '125829120'

• 'shared_pool_size' >= '183500800'

If you are installing a new database, be sure to configure your database to use AL32UTF8 character set encoding. If your database does not use the AL32UTF8 character set, you will see the following warning when running RCU: "The database you are connecting is with non-AL32UTF8 character set. Oracle strongly recommends using AL32UTF8 as the database character set." You can ignore this warning and continue using RCU. You need AL32UTF8 for globalization support in Oracle Identity Manager.

The following database versions are supported:

• 10.2.0.4

• 11.1.0.7

• 11.2

Note:

For the latest information about supported databases, visit the following Web site:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

Table 13-7 lists the databases requirements for RCU at the time of publication:

Table 13-7 RCU Database Requirements

Category	Minimum or Accepted Value
Version	Oracle Database 10.2.0.4, 11.1.0.7, or 11.2 (11.1.0.7 or later for non-XE database). Note: When installing the database, you must choose the AL32UTF8 character set.
Shared Pool Size	147456 KB
SGA Maximum Size	147456 KB
Block Size	8 KB
Processes	500

Note:

After installing the Oracle 11g database, you must complete the following steps:

1. Log in to the database as the sys (default) user.

2. Run the following commands:

   alter system set session_cached_cursors=100 scope=spfile;

   alter system set processes=500 scope=spfile;

3. Bounce the database and continue with the installation of Oracle Fusion Middleware Repository Creation Utility (RCU) and loading of schemas.

13.4 Task 2: Use the Repository Creation Utility to Create the Schema in the Database

Before you can upgrade to Oracle Identity Manager 11g, you must first create the Oracle Meta Data Services (MDS) schema and SOA schema into a supported database.

For more information, see "Upgrading and Preparing Your Databases" in the Oracle Fusion Middleware Upgrade Planning Guide.

For more information about installing the Oracle Meta Data Services (MDS) schema and SOA schema, refer to the following sections:

• Verifying that the Database Meets the Minimum Requirements for the Oracle Identity Manager Schema

• Running the Repository Creation Utility in Preparation for Upgrading Oracle Identity Manager

13.4.1 Verifying that the Database Meets the Minimum Requirements for the Oracle Identity Manager Schema

Before performing any installation you should read the system requirements and certification documentation to ensure that your environment meets the minimum installation requirements for the products you are installing.

For more information, refer to "System Requirements and Prerequisites" in the Oracle Fusion Middleware Installation Planning Guide.

13.4.2 Running the Repository Creation Utility in Preparation for Upgrading Oracle Identity Manager

To run the Repository Creation Utility to install the Oracle Identity Manager schema in the database, refer to the following resources:

• Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU) in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management

• Oracle Fusion Middleware Repository Creation Utility User's Guide.

After you start the Repository Creation Utility, follow the instructions on the Repository Creation Utility screens to connect to the database and create the required schemas.

During the installation of the schema, on the Select Components screen, expand Oracle AS Repository Components, and select the following:

• Select Metadata Services under AS Common Schemas.

• Select SOA Infrastructure and User Messaging Service under SOA and BPM Infrastructure.

13.5 Task 3: Install Oracle Fusion Middleware

The following sections describes how to install Oracle Fusion Middleware 11g middle tier instances in preparation for an upgrade to Oracle Fusion Middleware 11g:

• Task 3a: Installing Oracle WebLogic Server and Creating the Middleware Home

• Task 3b: Installing Oracle Identity Manager 11g Release 1 (11.1.1.5.0)

• Task 3c: Installing Oracle SOA 11g Release 1 (11.1.1.5.0) Suite

13.5.1 Task 3a: Installing Oracle WebLogic Server and Creating the Middleware Home

Before you can install Oracle Identity and Access Management 11g Release 1 (11.1.1) components, you must install Oracle WebLogic Server and create the Oracle Middleware Home directory.

For more information, see "Install Oracle WebLogic Server" in Oracle Fusion Middleware Installation Planning Guide.

In addition, see Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server for complete information about installing Oracle WebLogic Server.

13.5.2 Task 3b: Installing Oracle Identity Manager 11g Release 1 (11.1.1.5.0)

You must install Oracle Identity Manager in the new middleware home you created in Task 3a: Installing Oracle WebLogic Server and Creating the Middleware Home. For installing Oracle Identity Management, refer to the section "Installing Oracle Identity and Access Management (11.1.1.5.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

Note:

Do not configure the Oracle Identity Manager domain during the installation process.

13.5.3 Task 3c: Installing Oracle SOA 11g Release 1 (11.1.1.5.0) Suite

You must install Oracle SOA Suite in the new middleware home you created in Task 3a: Installing Oracle WebLogic Server and Creating the Middleware Home.To install Oracle SOA Suite, refer to the "Installing Oracle SOA Suite" chapter in the Oracle Fusion Middleware Installation Guide for Oracle SOA Suite.

Note:

Ensure that you install a dedicated Oracle SOA Suite for Oracle Identity Manager.

13.6 Task 4: Use Upgrade Assistant to Upgrade the Oracle Identity Manager Schema

To upgrade the Oracle Identity Manager schema using Upgrade Assistant, perform the following steps:

1. Enter the following command to launch Upgrade Assistant.

   On UNIX systems (Located at MW_HOME/Oracle_IDM1/bin):

   ./ua
   

   On Windows systems (Located at MW_HOME\Oracle_IDM1\bin):

   ua.bat
   

   The Oracle Fusion Middleware Upgrade Assistant Welcome screen is displayed, as shown in Figure 13-1.

   Figure 13-1 Upgrade Assistant Welcome Screen

   
   Description of "Figure 13-1 Upgrade Assistant Welcome Screen"
   
   

2. Click Next.

   The Specify Operation screen is displayed.

3. Select the Upgrade Oracle Identity Manager Schema.

4. Click Next.

   The Prerequisite screen is displayed.

5. Check the Database Schema backup completed, Database version is certified by Oracle for Fusion Middleware upgrade, and OSI Data Upgrade Performed check boxes.

   Database schema backup completed - Oracle recommends that you backup your Oracle Identity Manager repositories on the database before upgrading. The Upgrade Assistant does not verify that the repositories have been backed up, so this option serves as a reminder.

   Database version is certified by Oracle for Fusion Middleware upgrade - The Upgrade Assistant requires that the Oracle Data Integrator repositories reside on a supported database.

   A list of supported databases can also be found on the Oracle Technology Network (OTN) at http://www.oracle.com/technology/software/products/ias/files/fusion_certification.html

   OSI Data Upgrade Performed - Ensure that you complete the required steps described in Running OSI Data Upgrade Utility.

6. Click Next.

   The Specify OIM Database screen is displayed.

7. Enter the following information:

   • Host: Enter the name of the server where your database is running.

   • Port: Enter the port number for your database. The default port number for Oracle databases is 1521.

   • Service Name: Specify the service name for the database. Typically, the service name is the same as the global database name.

   • OIM Schema: Specify the Oracle Identity Manager schema name.

   • SYS Password: Enter the password for your SYS user.

8. Click Next.

   The Examining Components screen is displayed.

9. Click Next.

   The Upgrade Summary screen is displayed.

10. Click Upgrade.

    The Upgrade Progress screen is displayed. This screen provides the following information:

    • The status of the upgrade

    • Any errors or problems that occur during the upgrade

      See Also:

      "Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant

11. Click Next.

    The Upgrade Complete screen is displayed. This screen confirms that the upgrade was complete.

12. Click Close.

13.7 Task 5: Create a WebLogic Domain for Oracle Identity Manager

To create a WebLogic Domain for Oracle Identity Manager, refer to the section "OIM Without LDAP Sync in a New Domain" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

Notes:

• Ensure that the Oracle WebLogic Domain for Oracle Identity Manager includes Oracle SOA 11g. Oracle Identity Manager uses process workflows and approvals provided by Oracle SOA 11g. When the domain is configured the Administration Server and Managed Servers for Oracle Identity Manager and Oracle SOA 11g are created.

• Ensure that you use the schemas created in Task 2: Use the Repository Creation Utility to Create the Schema in the Database.

13.8 Task 6: Start the WebLogic Administration Server

You can start the Oracle WebLogic Server Administration Server by using the following command on the command line:

Note:

If you want to automatically generate a boot.properties file, ensure that the security folder is created at MW_HOME/user_projects/domains/domain_name/servers/AdminServer. If this folder does not exist then you must create the folder.

UNIX

MW_HOME/user_projects/domains/domain_name/bin/startWebLogic.sh
         -Dweblogic.management.username=weblogic
         -Dweblogic.management.password=password
         -Dweblogic.system.StoreBootIdentity=true

Windows

MW_HOME\user_projects\domains\domain_name\bin\startWebLogic
         -Dweblogic.management.username=weblogic
         -Dweblogic.management.password=password
         -Dweblogic.system.StoreBootIdentity=true

13.9 Task 7: Configure Oracle Identity Manager Server 11g

To install Oracle Identity Manager, refer to the chapter "Configuring Oracle Identity Manager Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

Notes:

• When configuring Oracle Identity Manager Server, ensure that you do not select the Enable LDAP Sync option on the BI Publisher screen in the Oracle Identity Manager Configuration Wizard. LDAP Sync is not supported when you upgrade from Oracle Identity Management 9.1 to Oracle Identity Management 11g.

• If you are importing the Oracle Identity Management 9.1 database, then ensure that you copy the .xldatabasekey database keystore (Located in OIM9101\xellerate\config directory) to the config/fmwconfig location under the Oracle WebLogic Domain you have created.

13.10 Task 8: Configure Node Manager to Start Managed Servers

For information about configuring Node Manager, refer to the "Configuring Node Manager to Start Managed Servers" section in the Oracle Fusion Middleware Administrator's Guide.

Note:

Ensure that you enter the value true for StartScriptEnabled parameter in the nodemanager.properties file.

13.11 Task 9: Start the SOA Managed Server

You can start the SOA Managed Server by using the following command on the command line:

UNIX

MW_HOME/user_projects/domains/domain_name/bin/startManagedWebLogic.sh
           managed_server_name admin_url

Windows

MW_HOME\user_projects\domains\domain_name\bin\startManagedWebLogic.cmd
           managed_server_name admin_url

When prompted, enter your user name and password.

13.12 Task 10: Start the Oracle Identity Manager Managed Server

You must start the Oracle Identity Manager Managed Server to populate the MDS by using the following command on the command line:

UNIX

MW_HOME/user_projects/domains/domain_name/bin/startManagedWebLogic.sh
           managed_server_name admin_url

Windows

MW_HOME\user_projects\domains\domain_name\bin\startManagedWebLogic.cmd
           managed_server_name admin_url

For managed_server_name admin_url, specify your Oracle Identity Manager Managed Server name and URL. When prompted, enter your user name and password.

Note:

The following error message is displayed:

Password for .xldatabasekey is not seeded in CSF.
.
oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
Password for .xldatabasekey is not seeded in CSF.
 
        at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAppInitializationListener.java:145)
        at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
        at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:199)
        Truncated. see log file for complete stacktrace
Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
OIM application intialization failed because of the following reasons:
Password for .xldatabasekey is not seeded in CSF.
 
        at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAppInitializationListener.java:145)
        at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.run(BaseLifecycleFlow.java:282)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
        at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:199)
        Truncated. see log file for complete stacktrace
>

You can ignore the above error message.

13.13 Task 11: Stop the Oracle Identity Manager Managed Server

You can stop the Oracle Identity Manager Managed Server by using the following command on the command line:

UNIX

MW_HOME/user_projects/domains/domain_name/bin/stopManagedWebLogic.sh
           managed_server_name admin_url

Windows

MW_HOME\user_projects\domains\domain_name\bin\stopManagedWebLogic.cmd
           managed_server_name admin_url

When prompted, enter your user name and password.

Note:

If you get any error message, you can ignore it.

13.14 Task 12: Use Upgrade Assistant to Upgrade Oracle Identity Manager Middle Tier

To upgrade the Oracle Identity Manager middle tier, complete the following steps:

Notes:

• Ensure that your Administration Server and the SOA Managed Server are up and running.

• You can also use the Upgrade Assistant command-line interface to upgrade your Oracle Identity Manager 9.1 Oracle homes. For more information, see "Using the Upgrade Assistant Command-Line Interface" in the Oracle Fusion Middleware Upgrade Planning Guide.

1. Enter the following command to launch Upgrade Assistant.

   On UNIX systems (Located at MW_HOME/Oracle_IDM1/bin):

   ./ua
   

   On Windows systems (Located at MW_HOME\Oracle_IDM1\bin):

   ua.bat
   

   The Oracle Fusion Middleware Upgrade Assistant Welcome screen is displayed, as shown in Figure 13-2.

   Figure 13-2 Upgrade Assistant Welcome Screen

   
   Description of "Figure 13-2 Upgrade Assistant Welcome Screen"
   
   

2. Click Next.

   The Specify Operation screen is displayed.

3. Select Upgrade Oracle Identity Manager Middle Tier.

4. Click Next.

   The Specify Source Directory screen is displayed.

5. Click Browse and enter the directory location of your Oracle Identity Manager 9.1 installation.

6. Click Next.

   The Specify OIM Database screen is displayed.

7. Enter the following information:

   • Host: Enter the name of the host computer where the database resides.

   • Port: Enter the listening port of the database; for example, 1521.

   • Service Name: Enter the service name of the database. Note that the service name typically consists of the system identifier (SID) and the network domain address of the database.

   • OIM Schema: Enter the name of the Oracle Identity Manager 9.1 schema that resides in the database.

   • SYS Password: Enter the password for the SYS database account of the database that hosts the Oracle Identity Manager 9.1 schema. The Upgrade Assistant needs these login credentials to connect to the database and read the contents of the Oracle Identity Manager schema.

8. Click Next.

   The Specify MDS Database screen is displayed.

9. Enter the following information:

   • Host: Enter the name of the host computer where the database resides.

   • Port: Enter the listening port of the database; for example, 1521.

   • Service Name: Enter the service name of the database. Note that the service name typically consists of the system identifier (SID) and the network domain address of the database.

   • SYS Password: Enter the password of the database SYS user. The Upgrade Assistant needs these login credentials to connect to the database and read the contents of the MDS schema.

10. Click Next.

    The Specify MDS Schema screen is displayed.

11. Complete the following:

    • Select the MDS schemas from the drop-down menu.

    • Enter the password for the schema in the Password field. This password is required so that the Upgrade Assistant can upgrade and modify the schema. This is the Oracle MDS schema password that you set in the Repository Creation Utility (RCU) when you installed the schema in the database.

12. Click Next.

    The Specify WebLogic Server screen is displayed.

13. Enter the following information:

    • Host: The host where the Oracle WebLogic Server domain resides.

      Ensure to include the full host name; for example:

      IDMHost1.example.com
      

    • Port: The listening port of the administration server. Typically, the administration server listens on port 7001.

    • Username: The user name that is used to log in to the administration server. This is the same username you use to log in to the Administration Console for the domain.

    • Password: The password for the administrator account that is used to log in to the administration server. This is the same password you use to log in to the Administration Console for the domain.

14. Click Next.

    The Specify SOA Server screen is displayed.

15. Enter the following information:

    • Host: The host where the SOA Managed Server resides.

    • Port: The listening port of the SOA Managed Server.

    • Username: The user name that is used to log in to the SOA Managed Server. This is the same username you use to log in to the Administration Console for the domain.

    • Password: The password for the administrator account that is used to log in to the SOA Managed Server. This is the same password you use to log in to the Administration Console for the domain.

16. Click Next.

    The Specify Upgrade Options screen is displayed.

17. Select Start destination components after successful upgrade and click Next.

    Note:

    Select this option, if you want the Upgrade Assistant to automatically start the components in the destination Oracle home after a successful upgrade is complete. If you do not select this option, then you will have to manually start the destination instance after the upgrade. Note that this option works only if the upgrade is successful.

    The Examining Components screen is displayed.

18. Click Next.

    The Upgrade Summary screen is displayed.

19. Click Upgrade.

    The Upgrade Progress screen is displayed. This screen provides the following information:

    • The status of upgrade

    • Any errors or problems that occur during the upgrade

      See Also:

      "Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant

20. Click Next.

    The Upgrade Complete screen is displayed. This screen confirms that the upgrade was complete.

21. Click Close.

    The Post upgrade summary report is generated (Located at IDM_HOMe\upgrade\temp\oimUpgradeReportDi\index.html). This report gives detail on the feature name, its upgrade status and feature related report.

13.15 Task 13: Start the Oracle Identity Manager Managed Server

You can start the Oracle Identity Manager Managed Server by using by using the following command in the command line:

UNIX

MW_HOME/user_projects/domains/domain_name/bin/startManagedWebLogic.sh
           managed_server_name admin_url

Windows

MW_HOME\user_projects\domains\domain_name\bin\startManagedWebLogic.cmd
           managed_server_name admin_url

When prompted, enter your user name and password.

13.16 Task 14: Complete Any Required Oracle Identity Manager Post-Upgrade Tasks

The following sections describe the manual steps that you must perform after upgrading to Oracle Identity Manager 11g:

• Customizing Oracle Identity Manager User Interfaces

• Recompiling Adapters

• Rewriting Prepopulate Adapters

• Disabling User Login

• Upgrading Oracle Identity Management Reports

• Using Generated SOA Composite as Approval Process

• Defining Connectors

• Configuring Auto-Approval for Self-Registration

• Generating an Audit Snapshot

• Upgrading User Defined Fields

• Enabling Audit

• Importing and Exporting Data Using the Deployment Manager

13.16.1 Customizing Oracle Identity Manager User Interfaces

If you used any user interfaces in Oracle Identity Manager 9.1 then after the upgrade you can customize the user interfaces for Oracle Identity Manager 11g as described in "Customizing Oracle Identity Manager Interfaces" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

13.16.2 Recompiling Adapters

After you upgrade to Oracle Identity Management 11g, you must recompile the adapters as described in "Compiling Adapters" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager. Some of your adapters may fail to compile. You must identify and recompile the adapters as described in the note 1311574.1 note at https://support.oracle.com.

13.16.3 Rewriting Prepopulate Adapters

After you upgrade to Oracle Identity Management 11g, you must rewrite the prepopulate adapter as described in "Prepopulation of an Attribute Value During Request Creation" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

13.16.4 Disabling User Login

In Oracle Identity Manager 11g the User login field is not mandatory. You must disable the user login mandatory option by completing the following steps:

1. Export the user.xml file (Located at /file/User.xml in the MDS) as described in "Using the Export Utility" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

2. Open the user.xml file in text editor and set the User Login attribute to false, as shown in following example:

   <attribute name="User Login">
    <required>false</required>
   

3. Import the user.xml file as described in "Using the Import Utility" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

13.16.5 Upgrading Oracle Identity Management Reports

If you have a configured Oracle Identity Management Reports in Oracle Identity Manager 9.1 then you must upgrade the reports as described in "Upgrading to 11g Release 1 (11.1.1)" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

Note:

BI Publisher cannot be accessed through the Oracle Identity Manager Administrative and User Console. You must open BI Publisher explicitly to access the Oracle Identity Manager 11g reports.

13.16.6 Using Generated SOA Composite as Approval Process

If you use a generated SOA composite as approval process then you must complete the following steps:

Notes:

• report.html (Located at, MW_HOME/Oracle_IDM1/upgrade/workflow) lists out the list of approval processes that are successfully upgraded as SOA Composites and the list of approval processes that are partially upgraded as SOA Composites. The partially upgrade SOA composites need to be manually updated as per the corresponding Oracle Identity Manager 9.1 Approval process using the Cause and Action information provided in the report.

• SOA composites generated as part of the middle tier upgrade is located at, IDM_HOME/upgrade/workflow/BPELComposites.

1. Configure the SOA Composite as described in "Configuring the SOA Composite By Using JDeveloper" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager. After you configure the SOA Composite you need to recreate the task assignment and implement it in the corresponding SOA Composite. For more information, see "Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite"

2. Deploy SOA composite to SOA server as described in "Deploying the SOA Composite" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

3. Register the SOA composite with Oracle Identity Manager 11g before it can be used as an approval process as described in "Registering a SOA Composite with Oracle Identity Manager" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

4. Specify SOA composite as approval process in the corresponding Approval Policy(ies) as described in "Understanding Approval Process Development in Oracle SOA Suite" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

   Note:

   For the e-mail notifications in Oracle Identity Manager 9.1 approval process, you need to configure it to the corresponding generated SOA Composite and use the Oracle SOA server to send e-mail notifications. For configuring Oracle SOA server to send e-mail notifications, see "Configuring Oracle User Messaging Service" in the Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite.

13.16.7 Defining Connectors

After upgrading to Oracle Identity Manager, you must define the connectors as described in "Defining Connectors" in the Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager.

13.16.8 Configuring Auto-Approval for Self-Registration

After upgrading from Oracle Identity Manager 9.1 the auto approval feature is disabled for Oracle Identity Manager 11g. You must configure auto-approval for self-registration as described in "Configuring Auto-Approval for Self-Registration" in the Oracle Fusion Middleware User's Guide for Oracle Identity Manager.

13.16.9 Generating an Audit Snapshot

You must generate an audit snapshot of the audit tables as described in "Generating an Audit Snapshot" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.

13.16.10 Upgrading User Defined Fields

If your Oracle Identity Manager 9.1 organization data model contain User Defined Fields (UDFs) then you must complete the following steps:

1. Start the Design Console.

2. In the Design Console Explorer, expand Administration and then select User Defined Field Definition.

3. Open Organizations form and click Save.

   This will update the MDS definitions for the organization UDFs, which will then be visible in the OIM 11g Administrator UI.

13.16.11 Enabling Audit

The audit features will not be enabled after upgrade if it was not there in Oracle Identity Manager 9.1. You can enable audit as described in "Modifying System Properties" in the Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager.

13.16.12 Importing and Exporting Data Using the Deployment Manager

If you have any issue with importing and exporting data Using the Deployment Manager then see "Troubleshooting Deployment Manager" in the Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager.

13.17 Task 15: Verify the Oracle Identity Manager Upgrade

To verify your Oracle Identity Manager upgrade, perform the following steps:

1. Run Upgrade Assistant, and select Verify Instance on the Specify Operation page.

   Follow the instructions on the screen for information on how to verify that specific Oracle Fusion Middleware components are up and running.

2. Run sqlplus and connect to your database and then run the following query, to ensure that the schema upgrade was successful:

   select feature_id,feature_upgrade_state,is_feature_upgraded from upgrade_feature_state;
   

3. Use the following URL in a web browser to verify that Oracle Identity Manager 11g is up and running:

   http://oim.example.com:14000/oim
   

   Alternatively, you can use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are up and running in the Oracle Fusion Middleware environment.

   For more information, see "Getting Started Using Oracle Enterprise Manager Fusion Middleware Control" in the Oracle Fusion Middleware Administrator's Guide.

4. Install the Diagnostic Dashboard and run the following tests:

   • Oracle Database Connectivity Check

   • Account Lock Status

   • Data Encryption Key Verification

   • Scheduler Service Status

   • JMS Messaging Verification

   • SOA-Oracle Identity Manager Configuration Check

   • SPML Web Service

   • Test OWSM setup

   • Test SPML to Oracle Identity Manager request invocation

   • SPML attributes to Oracle Identity Manager attributes

   • Username Test

   For more information, see "Working with the Diagnostic Dashboard" in the Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager.