This chapter describes how to upgrade your existing Oracle Access Manager 11g Release 1 (11.1.1.5.0) environment to Oracle Access Management Access Manager (Access Manager) 11g Release 2 (11.1.2).
This chapter contains the following sections:
Creating Oracle Access Management Access Manager Schemas Using Repository Creation Utility
Starting the Administration Server and Access Manager Managed Servers
Redeploying Oracle Access Management Access Manager Servers and Shared Libraries
Stopping the Administration Server and Access Manager Managed Servers
Starting the Administration Server and Access Manager Managed Servers
Read the Oracle Fusion Middleware System Requirements and Specifications document to ensure that your environment meets the minimum requirements for the products you are installing or upgrading.
Note:
If you do not follow the exact sequence provided in this task table, your Oracle Access Manager upgrade may not be successful.
Table 4-1 lists the steps to upgrade Oracle Access Manager 11.1.1.5.0.
| Task No. | Task | For More Information |
|---|---|---|
|
1 |
Shut down all servers. This includes both Administration Server and Managed Servers. |
See, Shutting Down Administration Server and Managed Servers |
|
2 |
Back up your environment. |
See, Backing Up Oracle Access Manager 11g Release 1 (11.1.1.5.0) |
|
3 |
Optional - Upgrade Oracle WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6. |
|
|
4 |
Run Oracle Fusion Middleware Repository Creation Utility (RCU) to create and load Access Manager schemas and OPSS schema. |
See, Creating Oracle Access Management Access Manager Schemas Using Repository Creation Utility |
|
5 |
Upgrade 11.1.1.5.0 Oracle Home to 11.1.2. |
|
|
6 |
Extend your Oracle Access Manager 11.1.1.5.0 domain with the OPSS template. |
|
|
7 |
Upgrade Oracle Platform Security Services. |
|
|
8 |
Run the |
See, Configuring Oracle Platform Security ServicesSecurity Store |
|
9 |
Export access data. |
|
|
10 |
Import access data. |
|
|
11 |
Start the Administration Server and Oracle Access Management Access Manager Managed Servers. |
See, Starting the Administration Server and Access Manager Managed Servers |
|
12 |
Redeploy Access Manager servers and shared libraries. |
See, Redeploying Oracle Access Management Access Manager Servers and Shared Libraries |
|
13 |
Stop the Administration Server and Oracle Access Management Access Manager Managed Server. |
See, Stopping the Administration Server and Access Manager Managed Servers |
|
14 |
Delete the |
See, Deleting Folders |
|
15 |
Start the Administration Server and Oracle Access Management Access Manager Managed Servers. |
See, Starting the Administration Server and Access Manager Managed Servers |
|
16 |
Verify the Access Manager upgrade. |
The upgrade process involves changes to the binaries and to the schema. Therefore, before you begin the upgrade process, you must shut down the Administration Server and Managed Servers.
To shut down the Servers, do the following:
Stopping the Administration Server
To stop the Administration Server, do the following:
On UNIX:
Run the following command:
cd <MW_HOME>/user_projects/domains/<domain_name>/bin
./stopWebLogic.sh
On Windows:
Run the following command:
cd <MW_HOME>\user_projects\domains\<domain_name>\bin
stopWebLogic.cmd
To stop the Managed Servers, do the following:
On UNIX:
Move from your present working directory to the <MW_HOME>/user_projects/domains/<domain_name>/bin directory by running the following command on the command line:
cd <MW_HOME>/user_projects/domains/<domain_name>/bin
Run the following command to stop the servers:
./stopManagedWebLogic.sh <server_name> <admin_url> <user_name> <password>
where
<server_name> is the name of the Managed Server.
<admin_url> is URL of the WebLogic administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.
<user_name> is the username of the WebLogic Administration Server.
<password> is the password of the WebLogic Administration Server.
On Windows:
Move from your present working directory to the <MW_HOME>\user_projects\domains\<domain_name>\bin directory by running the following command on the command line:
cd <MW_HOME>\user_projects\domains\<domain_name>\bin
Run the following command to stop the Managed Servers:
stopManagedWebLogic.cmd <server_name> <admin_url> <username> <password>
where
<server_name> is the name of the Managed Server.
<admin_url> is URL of the WebLogic administration console. Specify it in the format http://<host>:<port>/console. specify only if the WebLogic Administration Server is on a different computer.
<username> is the username of the WebLogic Administration Server.
<password> is the password of the WebLogic Administration Server.
For more information, see "Stopping the Stack" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
You must back up your Oracle Access Manager 11.1.1.5.0 environment before you upgrade to Access Manager 11.1.2.
After stopping the servers, back up the following:
MW_HOME directory, including the Oracle Home directories inside Middleware Home
Domain Home directory
Oracle Access Manager schemas
MDS schemas
Audit and any other dependent schemas
Note:
Upgrading Oracle WebLogic Server is not mandatory. However, Oracle recommends that you upgrade Oracle WebLogic Server to 10.3.6.
You can upgrade WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6 by using the WebLogic 10.3.6 Upgrade Installer. Complete the following steps:
Download the WebLogic 10.3.6 Upgrade Installer from Oracle Technology Network.
For more information, see "Downloading the Installer From Oracle Technology Network" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
Run the Upgrade Installer in graphical mode to upgrade your WebLogic Server.
For more information, see "Running the Upgrade Installer in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
Upgrading Oracle Access Manager 11.1.1.5.0 schema to Oracle Access Management Access Manager 11.1.2 is not supported. You cannot update Oracle Access Manager 11.1.1.5.0 schemas to Access Manager 11.1.2, so, you must create new Access Manager 11.1.2 schemas.
Run Repository Creation utility (RCU) to create the Access Manager schema. Select all dependent schemas so that OPSS schema gets created too.
For more information, see "Creating Schemas" in the Using Repository Creation Utility.
Note:
Even if you are creating new schemas, do not delete your Oracle Access Manager 11.1.1.5.0 schemas and do not use the old schema name, as you will need the old schema credentials while "Exporting Access Data".
To upgrade Oracle Access Manager, you must use the 11.1.2 installer. During the procedure, point the Middleware Home to your existing 11.1.1.5.0 Oracle Access Manager Middleware Home. Your Oracle Home is upgraded from 11.1.1.5.0 to 11.1.2.
This section contains the following topics:
Starting the Oracle Identity and Access Management 11g Release 2 (11.1.2) Installer
Installing Oracle Identity and Access Management 11g Release 2 (11.1.2)
For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
This topic explains how to start the Oracle Identity and Access Management Installer.
Notes:
If you are installing on an IBM AIX operating system, you must run the rootpre.sh script from the Disk1 directory before you start the Installer.
Starting the Installer as the root user is not supported.
Start the Installer by doing the following:
On UNIX:
Move from your present working directory to the directory where you extracted the contents of the Installer to.
Move to the following location:
cd Disk1
Run the following command:
./runInstaller -jreLoc <full path to the JRE directory>
For example:
./runInstaller -jreLoc <MW_HOME>/jdk160_29/jre
On Windows:
Move from your present working directory to the directory where you extracted the contents of the Installer to.
Move to the following location:
cd Disk1
Run the following command:
setup.exe -jreLoc <full path to the JRE directory>
For Example:
setup.exe -jreLoc <MW_HOME>\jdk160_29\jre
Note:
If you do not specify the -jreLoc option on the command line when using the Oracle JRockit JDK, the following warning message is displayed:
-XX:MaxPermSize=512m is not a valid VM option. Ignoring
This warning message does not affect the installation. You can continue with the installation.
On 64-bit platforms, when you install Oracle WebLogic Server using the generic jar file, the jrockit_1.6.0_29 directory is not created in your Middleware Home. You must enter the absolute path to the JRE folder from where your JDK is located.
Use the Oracle Identity and Access Management 11.1.2 Installer to upgrade Oracle Access Manager 11.1.1.5.0 to Access Manager 11.1.2:
After you start the Installer, the Welcome screen appears.
Click Next on the Welcome screen. The Install Software Updates screen appears. Select whether or not you want to search for updates. Click Next.The Prerequisite Checks screen appears. If all prerequisite checks pass inspection, click Next. The Specify Installation Location screen appears.
On the Specify Installation Location screen, point the Middleware Home to your existing 11.1.1.5.0 Middleware Home installed on your system.
In the Oracle Home Directory field, specify the path of the existing Oracle Identity and Access Management Home. This directory is also referred to as <IAM_HOME> in this book.
Click Next. The Installation Summary screen appears.
The Installation Summary screen displays a summary of the choices that you made. Review this summary and decide whether you want to proceed with the installation. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing Oracle Identity and Access Management, click Install. The Installation Progress screen appears. Click Next.
Note:
If you cancel or abort when the installation is in progress, you must manually delete the <IAM_HOME> directory before you can reinstall the Oracle Identity and Access Management software.
To invoke online help at any stage of the installation process, click Help on the installation wizard screens.
The Installation Complete screen appears. On the Installation Complete screen, click Finish.
This installation process copies the 11.1.2 Oracle Identity and Access Management software to your system.
For more information, see "Installing and Configuring Oracle Identity and Access Management (11.1.2)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
Oracle Access Management Access Manager 11.1.2 uses the database to store policies. This requires extending Oracle Access Manager 11.1.1.5.0 domain to include the OPSS data source.
To extend your Oracle Access Manager 11.1.1.5.0 component domain with the OPSS template, complete the following steps:
Run the following command:
On UNIX:
./config.sh
It is located in the <MW_HOME>/<Oracle_IDM1>/common/bin directory.
On Windows:
config.cmd
It is located in the <MW_HOME>\<Oracle_IDM1>\common\bin directory.
On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.
On the Select a WebLogic Domain Directory screen, browse to the directory that contains the WebLogic domain in which you configured Oracle Access Manager. Click Next. The Select Extension Source screen appears.
On the Select Extension Source screen, select the Oracle Platform Security Service - 11.1.1.0 [Oracle_IDM1] option. After selecting the domain configuration options, click Next.
The Configure JDBC Data Sources screen appears. Update the component schemas: Access Manager Infrastructure and OPSS schema. Configure Access Manager Infrastructure, by updating the older Oracle Access Manager 11.1.1.5.0 schema information shown in the screen, with new Access Manager 11.1.2 schema details and OPSS schema data source. After the test succeeds, the Configure JDBC Component Schema screen appears.
On the Configure JDBC Component Schema screen, select Oracle Platform Security Services.
Set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next.
The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.
On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines and Deployments and Services. Do not select anything as you have already configured your Oracle Access Manager 11.1.1.5.0 environment. Click Next.
On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.
Your existing Oracle Access Manager domain is extended to support Oracle Platform Security Services (OPSS), and Oracle Access Manager is configured to use the newly created 11.1.2 OPSS policy schema.
To upgrade Oracle Platform Security Services (OPSS) schema, do the following:
Move from your present working directory to the <MW_HOME>/oracle_common/common/bin directory by running the following command on the command line:
cd <MW_HOME>/oracle_common/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
At the WLST prompt, run the following command:
upgradeOpss(jpsConfig="existing_jps_config_file", jaznData="system_jazn_data_file")
For example:
upgradeOpss(jpsConfig="<MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml",jaznData="<MW_HOME>/oracle_common/modules/oracle.jps_11.1.1/domain_config/system-jazn-data.xml")
Exit the WLST console using the exit()command.
Move from your present working directory to the <MW_HOME>\oracle_common\common\bin directory by running the following command on the command line:
cd <MW_HOME>\oracle_common\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
At the WLST prompt, run the following command:
upgradeOpss(jpsConfig="existing_jps_config_file", jaznData="system_jazn_data_file")
For example:
upgradeOpss(jpsConfig="<MW_HOME>\\user_projects\\domains\\base_domain\\config\\fmwconfig\\jps-config.xml",jaznData="<MW_HOME>\\oracle_common\\modules\\oracle.jps_11.1.1\\domain_config\\system-jazn-data.xml")
Exit the WLST console using the exit() command.
Table 4-2 describes the parameters you need to specify on the command line:
Table 4-2 Parameters for Upgrading OPSS
| Parameter | Description |
|---|---|
|
|
Specify the path to the On UNIX, it is located in the On Windows, it is located in the |
|
|
Specify the path to the On UNIX, it is located in the On Windows, it is located in the |
You must configure the Database Security Store as it is the only security store type supported by Oracle Identity and Access Management 11g Release 2 (11.1.2).
For more information on configuring Oracle Platform Security Services, see "Configuring Database Security Store for an Oracle Identity and Access Management Domain" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
Policy information from Oracle Access Manager 11.1.1.5.0 schema needs to be extracted before importing it to the Access Manager 11.1.2 schema. The exportAccessData WLST command exports the Access Manager policy and configuration information from the 11.1.1.5.0 Oracle Access Manager domain. You must export Oracle Access Manager 11.1.1.5.0 configuration details, policy stores, keys, and CSF Passwords.
Complete the following steps to export data:
Move from your present working directory to the <IAM_HOME>/common/bin directory by running the following command on the command line:
cd <IAM_HOME>/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
At the WLST prompt, run the following script:
exportAccessData("<UPGRADE_PROPERTIES_FILE>")
For example:
exportAccessData("<IAM_HOME>/oam/server/wlst/scripts/sample_properties/oam_upgrade.properties")
See Table 4-4 for sample properties and description.
Exit the WLST console using the exit() command.
Move from your present working directory to the <IAM_HOME>\common\bin directory by running the following command on the command line:
cd <IAM_HOME>\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
At the WLST prompt, run the following script:
exportAccessData("<UPGRADE_PROPERTIES_FILE>")
For example:
exportAccessData("<IAM_HOME>\\oam\\server\\wlst\\scripts\\sample_properties\\oam_upgrade.properties")
See Table 4-4 for sample properties and description.
Exit the WLST console using the exit() command.
Table 4-3 describes the parameters you must specify on the command line:
Table 4-3 Parameters for Exporting Data
| Parameter | Description |
|---|---|
|
|
Specify the path to the On UNIX, it is located in the On Windows, it is located in the |
Table 4-4 lists the properties of oam_upgrade.properties:
Table 4-4 Property Description
| Properties | Description |
|---|---|
|
|
Specify the complete path to the Middleware Home. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
|
Specify the complete path to the Oracle Identity and Access Management location. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
|
This property refers to the location of the Oracle Identity and Access Management software. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
|
This property refers to the existing Oracle Access Manager 11.1.1.5.0 domain home. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
|
This property refers to the common components home. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
|
This property refers to the location where you want to place the upgrade artifacts, such as Oracle Access Manager 11.1.1.5.0 configuration and policy files. |
|
|
This is an |
|
|
This property is used to specify if you run the upgrade in an incremental mode. Incremental form of upgrade is not supported in Access Manager 11.1.2. Therefore, set the value as |
|
|
As a part of the Oracle Access Manager policy upgrade, the changes to the out of the box Access Manager policies are applied on top of the existing (11.1.1.5.0) out of the box policies. This process involves a three way merge of the Access Manager policies. This is a time consuming process (takes about 30 minutes). If you want to proceed with the merge, set the property to If you want to replace the Oracle Access Manager 11.1.1.5.0 out of the box policies with the new ones, without the merge process, set this property to |
|
|
Use this property to connect to the 11.1.1.5.0 policy store. Specify the Oracle Access Manager 11.1.1.5.0 schema owner. |
|
|
Use this property to connect to the 11.1.1.5.0 policy store. Specify the Oracle Access Manager 11.1.1.5.0 schema credentials. |
|
|
Use this property to connect to the 11.1.1.5.0 policy store. Specify the Oracle Access Manager 11.1.1.5.0 Oracle Entitlements Server database credential alias as:
|
|
|
Use this property to connect to the 11.1.1.5.0 policy store. Specify the JDBC connection string in the following format:
|
|
|
Use this property to connect to the 11.1.1.5.0 policy store. Specify the JDBC driver class in the following format:
|
|
|
Use this property to connect to the 11.1.1.5.0 policy store. Specify the properties as:
|
|
|
This property refers to the absolute path to the XML file where extracted 11.1.1.5.0 policy needs to be saved. Specify the path where you want to save the extracted Oracle Access Manager 11.1.1.5.0 policies. For example: On UNIX, specify the following path:
On Windows, specify the following path:
|
|
|
Upgrade frameworks loads version specific jars for Exporting and Importing data. This property refers to the Oracle Access Manager 11.1.1.5.0 policy jars available at the following path: On UNIX, it is located in the On Windows, it is located in the |
|
|
This property refers to the Oracle Access Manager 11.1.1.5.0 configuration files available in the following location: On UNIX, it is located in the On Windows, it is located in the |
|
|
This property refers to the absolute path to the temporary policy XML. This temporary XML will be used for policy transformation. Specify the temporary location of the XML file. For example: On UNIX, specify the following path:
On Windows, specify the following path:
|
|
|
Upgrade frameworks loads version specific jars for exporting and importing data. This property refers to the Access Manager 11.1.2 policy jars available at the following location: On UNIX, it is located in the On Windows, it is located in the |
|
|
This property refers to the Access Manager 11.1.2 configuration files available at the following location: On UNIX, it is located in the On Windows, it is located in the |
|
|
The Oracle Access Manager source version is 11.1.1.5.0. |
|
|
The Access Manager target version is 11.1.2. |
Note:
The variables listed in Table 4-4 are not environment variables. These variables must be defined in the oam_upgrade.properties file.
Sample Output of exportAccessData
wls:/offline> exportAccessData("<IAM_HOME>/oam/server/wlst/scripts/sample_properties/oam_upgrade.properties")
Jul 7, 2012 1:37:30 AM oracle.security.access.upgrade.WLSTExecutor executeCommand
INFO: EXPORT_DATA_COMMAND
Jul 7, 2012 1:37:30 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand
INFO: OAAM PRODUCT
Jul 7, 2012 1:37:30 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand
INFO: OAM PRODUCT
Jul 7, 2012 1:37:30 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand
INFO: oamPlugin.getName() = oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory
Jul 7, 2012 1:37:30 AM oracle.security.am.upgrade.plugin.util.UpgradeUtil exportConfiguration
INFO: Copying configuration file....
oracle.security.am.upgrade.plugin.upgradehelper.OAMVersionSpecificClassLoader@1e330f43
[EL Info]: 2012-07-07 01:37:32.849--ServerSession(503497062)--EclipseLink, version: Eclipse Persistence Services - 1.1.0.r3634
[EL Info]: 2012-07-07 01:37:35.212--ServerSession(503497062)--file:$ORACLE_HOME/oam/server/lib/upgrade/ps1-policy/oes-d8/jps-internal.jar-JpsDBDataManager login successful
Jul 7, 2012 1:37:39 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2012-07-07 01:37:39.026/135.466 Oracle Coherence 3.5.3/465p2 <Info> (thread=Main Thread, member=n/a): Loaded operational configuration from resource "jar:file:$ORACLE_HOME/oam/server/lib/upgrade/ps1-policy/coherence.jar!/tangosol-coherence.xml"
Jul 7, 2012 1:37:39 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2012-07-07 01:37:39.035/135.474 Oracle Coherence 3.5.3/465p2 <Info> (thread=Main Thread, member=n/a): Loaded operational overrides from resource "jar:file:$ORACLE_HOME/oam/server/lib/upgrade/ps1-policy/coherence.jar!/tangosol-coherence-override-dev.xml"
...................
WARNING: Cannot load audit configuration.
Jul 7, 2012 1:37:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Jul 7, 2012 1:37:47 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Jul 7, 2012 1:37:47 AM oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory exportData
INFO: Extraction Done!!
Jul 7, 2012 1:37:47 AM oracle.security.am.upgrade.plugin.util.UpgradeCommonUtil removeDirectory
INFO: Deletion of Directory: true path: $OAM_ARTIFACTS_DIRECTORTY/temp.zip
Jul 7, 2012 1:37:47 AM oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory exportData
INFO: Export completed successfully!
It is necessary to import the extracted Oracle Access Manager 11.1.1.5.0 data to the Access Manager 11.1.2 schema. The Oracle Access Manager 11.1.1.5.0 domain configuration is also merged with the Access Manager 11.1.2 configuration.
To import Oracle Access Manager 11.1.1.5.0 configuration data into Access Manager 11.1.2, complete the following steps:
Move from your present working directory to the <IAM_HOME>/common/bin directory by running the following command on the command line:
cd <IAM_HOME>/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
At the WLST prompt, run the following script:
importAccessData("<UPGRADE_PROPERTIES_FILE>")
For example:
importAccessData("<IAM_HOME>/oam/server/wlst/scripts/sample_properties/oam_upgrade.properties")
See Table 4-4 for sample properties and description.
Exit the WLST console using the exit() command.
Move from your present working directory to the <IAM_HOME>\common\bin directory by running the following command on the command line:
cd <IAM_HOME>\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
At the WLST prompt, run the following script:
importAccessData("<UPGRADE_PROPERTIES_FILE>")
For example:
importAccessData("<IAM_HOME>\\oam\\server\\wlst\\scripts\\sample_properties\\oam_upgrade.properties")
See Table 4-4 for sample properties and description.
Exit the WLST console using the exit() command.
Table 4-5 describes the parameters you need to specify on the command line:
Table 4-5 Parameters for Importing Data
| Parameter | Description |
|---|---|
|
|
Specify the path to the On UNIX, it is located in the On Windows, it is located in the |
Sample Output of importAccessData
wls:/offline> importAccessData("<IAM_HOME>/oam/server/wlst/scripts/sample_properties/oam_upgrade.properties")
LOGGER intialised java.util.logging.Logger@1e26e4b1
Jul 7, 2012 1:38:25 AM oracle.security.access.upgrade.WLSTExecutor executeCommand
INFO: IMPORT_DATA_COMMAND
Jul 7, 2012 1:38:25 AM oracle.security.access.upgrade.util.WLSTImportDataUtil executeCommand
INFO: OAAM PRODUCT IMPORT DATA
Jul 7, 2012 1:38:25 AM oracle.security.access.upgrade.util.WLSTImportDataUtil executeCommand
INFO: OAM PRODUCT
Jul 7, 2012 1:38:25 AM oracle.security.access.upgrade.util.WLSTImportDataUtil executeCommand
INFO: oamPlugin.getName() = oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory
Jul 7, 2012 1:38:27 AM oracle.security.am.common.policy.admin.provider.xml.XMLStore <init>
INFO: Loading policy store file: $OAM_ARTIFACTS_DIRECTORTY/oam-policy.xml.
Jul 7, 2012 1:38:30 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2012-07-07 01:38:30.069/17.816 Oracle Coherence 3.7.1.1 <Info> (thread=Main Thread, member=n/a): Loaded operational configuration from "jar:file:$MIDDLEWARE_HOMEoracle_common/modules/oracle.coherence/coherence.jar!/tangosol-coherence.xml"
Jul 7, 2012 1:38:30 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2012-07-07 01:38:30.103/17.850 Oracle Coherence 3.7.1.1 <Info> (thread=Main Thread, member=n/a): Loaded operational overrides from "jar:file:$MIDDLEWARE_HOMEoracle_common/modules/oracle.coherence/coherence.jar!/tangosol-coherence-override-dev.xml"
Jul 7, 2012 1:38:30 AM com.tangosol.coherence.component.util.logOutput.Jdk log
INFO: 2012-07-07 01:38:30.107/17.854 Oracle Coherence 3.7.1.1 <Info> (thread=Main Thread, member=n/a): Loaded operational overrides from "jar:file:$ORACLE_HOME/oam/server/lib/upgrade/ps2-policy/mapstore-coherence.jar!/tangosol-coherence-override.xml"
.....
Jul 7, 2012 1:38:36 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Jul 7, 2012 1:38:36 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Jul 7, 2012 1:38:36 AM oracle.security.am.common.audit.AuditHandler getAuditor
WARNING: Cannot load audit configuration.
Jul 7, 2012 1:38:38 AM oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory importData
INFO: Import completed successfully!!
Note:
When you start the Administration Server and the Managed Servers, the Access Manager Administration console application and the Access Manager Managed server application does not start up. This is expected.
The redeploy command is an online WLST command. Therefore, you must start the Oracle Access Management Access Manager Administration and Managed Servers before running the redeploy command.
Starting the Administration Server
To start the Administration Server, do the following:
On UNIX:
Run the following command:
cd <MW_HOME>/user_projects/domains/<domain_name>/bin
./startWebLogic.sh
On Windows:
Run the following command:
cd <MW_HOME>\user_projects\domains\<domain_name>\bin
startWebLogic.cmd
The following exception is displayed when you start the Administration Server. Ignore it:
<Month Date, year Time Timezone> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oracle.oaam.libs [LibSpecVersion=11.1.1.3.0,LibImplVersion=11.1.1.3.0]' due to error weblogic.application.library.LibraryDeployment Exception: [J2EE:160145]Failed to deploy library Extension-Name: oracle.oaam.libs, Specification-Version:11.1.2, Implementation-Version: 11.1.2.0.0, because of conflicting library Manifest values,and library information registered with the server: [Specification-Version: 11.1.2 vs. 11.1.1.3, Implementation-Version: 11.1.2.0.0 vs. 11.1.1.3.0]. Check the library"s MANIFEST.MF file, and correct version info there to match server settings. Or undeploy the misconfigured library.. weblogic.application.library.LibraryDeploymentException: [J2EE:160145]Failed to deploy library Extension-Name: oracle.oaam.libs, Specification-Version: 11.1.2, Implementation-Version: 11.1.2.0.0, because of conflicting library Manifest values, and library information registered with the server: [Specification-Version: 11.1.2 vs. 11.1.1.3, Implementation-Version: 11.1.2.0.0 vs. 11.1.1.3.0]. Check the library"s MANIFEST.MF file, and correct version info there to match server settings. Or undeploy the misconfigured library. at weblogic.application.internal.library.LibraryDeploymentFactory.getLibData(Libr aryDeploymentFactory.java:113) at weblogic.application.internal.library.LibraryDeploymentFactory.createDeploymen t(LibraryDeploymentFactory.java:48) at weblogic.application.internal.DeploymentManagerImpl.createDeployment(Deploymen tManagerImpl.java:84) at weblogic.deploy.internal.targetserver.BasicDeployment.createDeployment(BasicDe ployment.java:149) at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java :114) Truncated. see log file for complete stacktrace
<Month Date, year Time Timezone> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oam_server' due to error weblogic.management.DeploymentException: [Deployer:149268]Static deployment of non-versioned application 'oam_server' failed due it its manifest defines version.. weblogic.management.DeploymentException: [Deployer:149268]Static deployment of non-versioned application 'oam_server' failed due it its manifest defines version. at weblogic.deploy.internal.targetserver.AppDeployment.staticDeployValidationForN onVersion(AppDeployment.java:186) at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:108) at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:40) at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191) at weblogic.management.deploy.internal.AppTransit
To start the Access Manager Managed Servers, do the following:
On UNIX:
Move from your present working directory to the <MW_HOME>/user_projects/domains/<domain_name>/bin directory by running the following command on the command line:
cd <MW_HOME>/user_projects/domains/<domain_name>/bin
Run the following command to start the Servers:
./startManagedWebLogic.sh <managed_server_name> <admin_url> <user_name> <password>
where
<managed_server_name> is the name of the Managed Server
<admin_url> is URL of the administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.
<user_name> is the username of the WebLogic Administration Server.
<password> is the password of the WebLogic Administration Server.
On Windows:
Move from your present working directory to the <MW_HOME>\user_projects\domains\<domain_name>\bin directory by running the following command on the command line:
cd <MW_HOME>\user_projects\domains\<domain_name>\bin
Run the following command to start the Managed Servers:
startManagedWebLogic.cmd <managed_server_name> <admin_url> <user_name> <password>
where
<managed_server_name> is the name of the Managed Server.
<admin_url> is URL of the administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.
<user_name> is the username of the WebLogic Administration Server.
<password> is the password of the WebLogic Administration Server.
The following exception is displayed when you start the Managed Server. Ignore it:
<Month Date, year Time Timezone> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oracle.oaam.libs [LibSpecVersion=11.1.1.3.0,LibImplVersion=11.1.1.3.0]' due to error weblogic.application.library.LibraryDeploymentException: [J2EE:160145]Failed to deploy library Extension-Name: oracle.oaam.libs, Specification-Version: 11.1.2, Implementation-Version: 11.1.2.0.0, because of conflicting library Manifest values, and library information registered with the server: [Specification-Version: 11.1.2 vs. 11.1.1.3, Implementation-Version: 11.1.2.0.0 vs. 11.1.1.3.0]. Check the library"s MANIFEST.MF file, and correct version info there to match server settings. Or undeploy the misconfigured library.. weblogic.application.library.LibraryDeploymentException: [J2EE:160145]Failed to deploy library Extension-Name: oracle.oaam.libs, Specification-Version: 11.1.2, Implementation-Version: 11.1.2.0.0, because of conflicting library Manifest values, and library information registered with the server: [Specification-Version: 11.1.2 vs. 11.1.1.3, Implementation-Version: 11.1.2.0.0 vs. 11.1.1.3.0]. Check the library"s MANIFEST.MF file, and correct version info there to match server settings. Or undeploy the misconfigured library. at weblogic.application.internal.library.LibraryDeploymentFactory.getLibData(LibraryDeploymentFactory.java:113) at weblogic.application.internal.library.LibraryDeploymentFactory.createDeployment(LibraryDeploymentFactory.java:48) at weblogic.application.internal.DeploymentManagerImpl.createDeployment(DeploymentManagerImpl.java:84) at weblogic.deploy.internal.targetserver.BasicDeployment.createDeployment(BasicDeployment.java:149) at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:114) Truncated. see log file for complete stacktrace
<Month Date, year Time Timezone> <Error> <Deployer> <BEA-149205> <Failed to initialize the application 'oam_server' due to error weblogic.management.DeploymentException: [Deployer:149268]Static deployment of non-versioned application 'oam_server' failed due it its manifest defines version.. weblogic.management.DeploymentException: [Deployer:149268]Static deployment of non-versioned application 'oam_server' failed due it its manifest defines version. at weblogic.deploy.internal.targetserver.AppDeployment.staticDeployValidationForN onVersion(AppDeployment.java:186) at weblogic.deploy.internal.targetserver.AppDeployment.prepare(AppDeployment.java:108) at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:40) at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191) at weblogic.management.deploy.internal.AppTransit
For more information, see "Starting the Stack" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
You must redeploy Oracle Access Management Access Manager for the following reasons:
To uptake new shared libraries that Access Manager servers are dependent on.
To uptake newer versions of Access Manager Administration and Managed Server applications.
To redeploy Access Manager servers and shared Access Manager libraries, complete the following steps:
Move from your present working directory to the <IAM_HOME>/common/bin directory by running the following command on the command line:
cd <IAM_HOME>/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
Connect to the Administration Server using the following command:
connect('weblogic-username','weblogic-password','<weblogic_host>:<port>')
Run the following command:
redeployOAM("<ORACLE_HOME>","<ORACLE_COMMON_HOME>",adminTarget="Admin_name",serverTarget="oam_server1")
Note:
The following exception is displayed after the Access Manager server deployment because tmp and stage directories still exists. You can ignore the errors:
[HTTP:101216]Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam". java.lang.ExceptionInInitializerError at java.lang.J9VMInternals.initialize(J9VMInternals.java:222) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:97) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:75) at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56 at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:200) at oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46 Caused by: oracle.security.am.common.utilities.exception.AmRuntimeException:OAM Server Key initialization failed Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
Exit the WLST console using the exit() command.
Move from your present working directory to the <IAM_HOME>\common\bin directory by running the following command on the command line:
cd <IAM_HOME>\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
Connect to the Administration Server using the following command:
connect('weblogic-username','weblogic-password','<weblogic_host>:<port>')
Run the following command:
redeployOAM("<MW_HOME>","<ORACLE_COMMON_HOME>",adminTarget="AdminServer",serverTarget="oam_server1"
Note:
The following exception is displayed after Access Manager server deployment because the tmp and stage directories still exists. You can ignore the errors:
[HTTP:101216]Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam". java.lang.ExceptionInInitializerError at java.lang.J9VMInternals.initialize(J9VMInternals.java:222) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:97) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:75) at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56 at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:200) at oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46) Caused by: oracle.security.am.common.utilities.exception.AmRuntimeException:OAM Server Key initialization failed Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
Exit the WLST console using the exit() command.
Table 4-6 describes the parameters you need to specify on the command line:
Table 4-6 Parameters for Redeploying Access Manager Servers and Shared Libraries
| Parameter | Description |
|---|---|
|
|
Specify the complete path to the Oracle Home. For example: On UNIX, it is located in the On Windows, it is located in the |
|
|
Specify the complete path to the Oracle common home. For example: On UNIX, it is located in the On Windows, it is located in the |
|
|
Specify the Administration Server name you have given while configuring Access Manager. |
|
|
Specify the Managed Server name you have given while configuring Access Manager. |
The deployment may fail if the SDP library is already installed as a part of the SOA deployments. See Section 4.18.2, "Redeploy Oracle Access Management Access Manager" for recovery procedures.
To stop the servers, see Section 4.2, "Shutting Down Administration Server and Managed Servers".
This step is required to uptake new version of the Access Manager Managed Server. The redeploy command does not delete the tmp directories.
In order to deploy Oracle Access Manager 11.1.1.5.0 server content and applications to Access Manager 11.1.2, you must delete all folders in the following location:
<MW_Home>/user_projects/domains/domain_home/servers/<OAM_MANAGED_SERVER_NAME>
<MW_Home>\user_projects\domains\domain_home\servers\<OAM_MANAGED_SERVER_NAME>
To start the servers, see Section 4.12, "Starting the Administration Server and Access Manager Managed Servers".
Note:
The Administration server start-up takes approximately 30 minutes due to policy migration.
Use the following URL in a web browser to verify that Oracle Access Management Access Manager 11g Release 2 (11.1.2) is running:
http(s)://<oam_admin_server_host>:<oam_admin_server_port>/oamconsole
Note:
This note is applicable only to users who currently have Oracle Identity Manager and Oracle Access Manager components integrated in 11g R1 (11.1.1.5.1) or earlier versions, and are upgrading both Oracle Identity Manager and Access Manager to 11g R2 (11.1.2).
After upgrading the components to 11g Release 2 (11.1.2), see "Using the idmConfigTool Command" in the Oracle Fusion Middleware Integration Guide for Oracle Identity Management Suite.
For troubleshooting topics, see the following sections:
If you get a class not found exception, it is because you have not exited from the WLST console after running the exportAccessData command.
Exit the WLST console using the exit() command.
If you get the following exception, then the SDP library is already installed.
<Month <Date>, Year Time Time ZOne> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating deploy operation for application, oracle.sdp.client#11.1.1@11.1.1 [archive: <ORACLE_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar], to oam_server1 .> weblogic.management.ManagementException: [Deployer:149007]New source location, '<ORACLE_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar', cannot be deployed to configured application, 'oracle.sdp.client [LibSpecVersion=11.1.1,LibImplVersion=11.1.1]'. The application source is at '<ORACLE_SOA_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar'. Changing the source location is not allowed for a previously attempted deployment. Try deploying without specifying the source.Failed to deploy the application with status failed Current Status of your Deployment: Deployment command type: deploy Deployment State : failed Deployment Message : weblogic.management.ManagementException: [Deployer:149007]New source location, '<ORACLE_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar', cannot be deployed to configured application, 'oracle.sdp.client [LibSpecVersion=11.1.1,LibImplVersion=11.1.1]'. The application source is at '<ORACLE_SOA_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar'. Changing the source location is not allowed for a previously attempted deployment. Try deploying without specifying the source. Error occured while performing deploy : Target exception thrown while deploying application: Error occured while performing deploy : Deployment Failed. : Error occured while performing deploy : Deployment Failed. Use dumpStack() to view the full stacktrace Deploying application from <ORACLE_HOME>/oam/server/apps/oam-admin.ear to targets AdminServer (upload=false) ...
Complete the following steps to recover:
Log into the WebLogic console.
Check for the following library:
oracle.sdp.client(11.1.1,11.1.1)
Target this library to oam_server1
Run the following command:
deployOAMServer("<ORACLE_HOME>",adminTarget="AdminServer",serverTarget="oam_server1")
If you get the following error after the Access Manager server deployment, it is because the tmp and stage directories still exist in your environment.
Ignore it:
[HTTP:101216]Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam". java.lang.ExceptionInInitializerError at java.lang.J9VMInternals.initialize(J9VMInternals.java:222) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:97) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:75) at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56) at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:200) at oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46)
If you get the following error, the 11.1.2 Repository Creation Utility is not new and has data.
oracle.security.am.common.policy.admin.impl.PolicyValidationException: OAMSSA-06045: An object of this type named "HTTP" already exists. at oracle.security.am.common.policy.admin.impl.ResourceTypeManagerImpl.isValidWrite(ResourceTypeManagerImpl.java:482) at oracle.security.am.common.policy.admin.impl.ResourceTypeManagerImpl.createResourceType(ResourceTypeManagerImpl.java:165) at oracle.security.am.common.policy.tools.OAMPolicyStoreBootstrap.createResourceType(OAMPolicyStoreBootstrap.java:554) at oracle.security.am.common.policy.tools.OAMPolicyStoreBootstrap.addOAMObjs(OAMPolicyStoreBootstrap.java:328) at oracle.security.am.common.policy.tools.OAMPolicyStoreBootstrap.addPolicyObjects(OAMPolicyStoreBootstrap.java:280) at oracle.security.am.common.policy.tools.OAMPolicyStoreBootstrap.bootstrap(OAMPolicyStoreBootstrap.java:233) at oracle.security.am.install.OAMInstaller.bootstrapOES(OAMInstaller.java:1064) at oracle.security.am.install.OAMInstaller.bootstrapPolicy(OAMInstaller.java:1423) at oracle.security.am.install.OAMInstaller.upgradePolicy(OAMInstaller.java:1513)
Check if a new Repository Creation Utility schema is created for Access Manager. Also check if the domain has been updated to use the new 11.1.2 Repository Creation Utility.
If you get the following error, the tmp and stage folders still exists:
Caused by: com.bea.security.ParameterException: Invalid configuration: cannot locate class: com.bea.security.ssal.micro.MicroSecurityServiceManagerWrapper at com.bea.security.impl.SecurityRuntimeImpl.getNewInstance(SecurityRuntimeImpl.java:263) at com.bea.security.impl.SecurityRuntimeImpl.initialize(SecurityRuntimeImpl.java:313) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.bea.security.SecurityRuntime.initialize(SecurityRuntime.java:140) at com.bea.security.impl.MicroSMImpl.getInstance(MicroSMImpl.java:167)
This error is resolved once you remove the tmp and stage folders, as instructed in Section 4.15, "Deleting Folders".