Skip Headers
Oracle® Fusion Middleware Upgrade and Migration Guide for Oracle Identity and Access Management
11g Release 2 (11.1.2)

Part Number E28183-12
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

7 Upgrading Oracle Entitlements Server 11g Release 1 (11.1.1.5.0) Environments

This chapter describes how to upgrade your existing Oracle Entitlements Server 11g Release 1 (11.1.1.5.0) environment to Oracle Entitlements Server 11g Release 2 (11.1.2).This chapter contains the following sections:

Read the Oracle Fusion Middleware System Requirements and Specifications document to ensure that your environment meets the minimum requirements for the products you are installing or upgrading.

7.1 Upgrading Oracle Entitlements Server Administration Server

This section contains the following topics:

7.1.1 Upgrade Roadmap for Oracle Entitlements Server Administration Server

Note:

If you do not follow the exact sequence provided in this task table, your Oracle Entitlements Server Administration Server upgrade may not be successful.

Table 7-1 lists the steps to upgrade Oracle Entitlements Server Administration Server upgrade.

Table 7-1 Upgrade Flow

Task No. Task For More Information

1

Shut down all servers. This includes both Administration Server and Managed Servers.

See, Shutting Down Administration Server and Managed Servers

2

Back up your environment.

See, Backing Up Oracle Entitlements Server 11g Release 1 (11.1.1.5.0)

3

Optional - Upgrade Oracle WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6.

See, Optional: Upgrading Oracle WebLogic Server

4

Upgrade 11.1.1.5.0 Oracle Home to 11.1.2.

See, Upgrading Oracle Entitlements Server Administration Server 11g Release 2 (11.1.2)

5

Create new Oracle Platform Security Services schema.

See, Creating Oracle Platform Security Service Schema

6

Create new Oracle Entitlements Server domain.

See, Creating New Oracle Entitlements Server Domain

7

Using the exportEncryptionKey(), extract the encryption key.

See, Exporting Encryption Key

8

Run the configuresecuritystore.py script to re-associate policy stores.

See, Re-Associating Policy Stores

9

Upgrade Oracle Platform Security Services.

See, Upgrading Oracle Platform Security Services

10

Start the Administration Server and Oracle Entitlements Server Managed servers.

See, Starting the Administration Server and Oracle Entitlements Server Managed Servers

11

Redeploy APM.

See, Redeploying APM

12

Verify the Oracle Entitlements Server upgrade.

See, Verifying the Upgrade


7.1.2 Shutting Down Administration Server and Managed Servers

The upgrade process involves changes to the binaries and to the schema. Therefore, before you begin the upgrade process, you must shut down the Administration Server and Managed Servers.To shut down the Servers, do the following:

Stopping the Administration Server

To stop the Administration Server, do the following:

On UNIX:

Run the following command:

cd <MW_HOME>/user_projects/domains/<domain_name>/bin

./stopWebLogic.sh

On Windows:

Run the following command:

cd <MW_HOME>\user_projects\domains\<domain_name>\bin

stopWebLogic.cmd

Stopping the Managed Servers

To stop the Managed Servers, do the following:

On UNIX:

  1. Move from your present working directory to the <MW_HOME>/user_projects/domains/<domain_name>/bin directory by running the following command on the command line:

    cd <MW_HOME>/user_projects/domains/<domain_name>/bin

  2. Run the following command to stop the servers:

    ./stopManagedWebLogic.sh <server_name> <admin_url> <user_name> <password>

    where

    <server_name> is the name of the Managed Server.

    <admin_url> is URL of the administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.

    <user_name> is the username of the WebLogic Administration Server.

    <password> is the password of the WebLogic Administration Server.

On Windows:

  1. Move from your present working directory to the <MW_HOME>\user_projects\domains\<domain_name>\bin by running the following command on the command line:

    cd <MW_HOME>\user_projects\domains\<domain_name>\bin

  2. Run the following command to stop the Managed Servers:

    stopManagedWebLogic.cmd <server_name> <admin_url> <username> <password>

    where

    <server_name> is the name of the Managed Server.

    <admin_url> is URL of the administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.

    <username> is the username of the WebLogic Administration Server.

    <password> is the password of the WebLogic Administration Server.

For more information, see "Stopping the Stack" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

7.1.3 Backing Up Oracle Entitlements Server 11g Release 1 (11.1.1.5.0)

You must back up your Oracle Entitlements Server 11.1.1.5.0 environment before you upgrade to Oracle Entitlements Server 11.1.2.

After stopping the servers, back up the following:

  • MW_HOME directory, including the Oracle Home directories inside Middleware Home

  • Domain Home directory

  • Oracle Entitlements Server schemas

7.1.4 Optional: Upgrading Oracle WebLogic Server

Note:

Upgrading Oracle WebLogic Server is not mandatory. However, Oracle recommends that you upgrade Oracle WebLogic Server to 10.3.6.

You can upgrade WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6 by using the WebLogic 10.3.6 Upgrade Installer. Complete the following steps:

  1. Download the WebLogic 10.3.6 Upgrade Installer from Oracle Technology Network.

    For more information, see "Downloading the Installer From Oracle Technology Network" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

  2. Run the Upgrade Installer in graphical mode to upgrade your WebLogic Server.

    For more information, see "Running the Upgrade Installer in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

7.1.5 Upgrading Oracle Entitlements Server Administration Server 11g Release 2 (11.1.2)

To upgrade Oracle Entitlements Server Administration Server, you must use the Oracle Identity and Access Management 11.1.2 Installer. During the procedure, point the Middleware Home to your existing 11.1.1.5.0 Middleware Home. Your Oracle Home is upgraded from 11.1.1.5.0 to 11.1.2.

This section contains the following topics:

7.1.5.1 Obtaining the Software

For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.

7.1.5.2 Starting the Oracle Identity and Access Management Installer

This topic explains how to start the Oracle Identity and Access Management 11.1.2 Installer.

Notes:

  • If you are installing on an IBM AIX operating system, you must run the rootpre.sh script from the Disk1 directory before you start the Installer.

  • Starting the Installer as the root user is not supported.

Start the Installer by doing the following:

On UNIX:

  1. Move from your present working directory to the directory where you have extracted the contents of the Installer to.

  2. Move to the following location:

    cd Disk1

  3. Run the following command:

    ./runInstaller -jreLoc <complete path to the JRE directory>

    For example:

    ./runInstaller -jreLoc <MW_HOME>/jdk160_29/jre

On Windows:

  1. Move from your present working directory to the directory where you have extracted the contents of the Installer to.

  2. Move to the following location:

    cd Disk1

  3. Run the following command:

    setup.exe -jreLoc <complete path to the JRE directory>

    For example:

    setup.exe -jreLoc <MW_HOME>\jdk160_29\jre

Note:

If you do not specify the -jreLoc option on the command line when using the Oracle JRockit JDK, the following warning message is displayed:

-XX:MaxPermSize=512m is not a valid VM option. Ignoring

This warning message does not affect the installation. You can continue with the installation.

On 64-bit platforms, when you install Oracle WebLogic Server using the generic jar file, the jrockit_1.6.0_29 directory is not created in your Middleware Home. You must enter the absolute path to the JRE folder from where your JDK is located.

7.1.5.3 Installing Oracle Identity and Access Management 11g Release 2 (11.1.2)

Use the Oracle Identity and Access Management 11.1.2 Installer to upgrade Oracle Entitlements Server 11.1.1.5.0 to Oracle Entitlements Server 11.1.2:

  1. After you start the Installer, the Welcome screen appears.

  2. Click Next on the Welcome screen. The Install Software Updates screen appears. Select whether or not you want to search for updates. Click Next.The Prerequisite Checks screen appears. If all prerequisite checks pass inspection, click Next. The Specify Installation Location screen appears.

  3. On the Specify Installation Location screen, point the Middleware Home to your existing 11.1.1.5.0 Middleware Home installed on your system.

  4. In the Oracle Home Directory field, specify the path of the existing Oracle Identity and Access Management Home. This directory is also referred to as <IAM_HOME> in this book.

    Click Next. The Installation Summary screen appears.

  5. The Installation Summary screen displays a summary of the choices that you made. Review this summary and decide whether you want to proceed with the installation. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing Oracle Identity and Access Management, click Install. The Installation Progress screen appears. Click Next.

    Note:

    If you cancel or abort when the installation is in progress, you must manually delete the <IAM_HOME> directory before you can reinstall the Oracle Identity and Access Management software.

    To invoke online help at any stage of the installation process, click Help on the installation wizard screens.

  6. The Installation Complete screen appears. On the Installation Complete screen, click Finish.

    This installation process copies the 11.1.2 Oracle Identity and Access Management software to your system.

For more information, see "Installing and Configuring Oracle Identity and Access Management (11.1.2)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

7.1.6 Creating Oracle Platform Security Service Schema

Note:

You must preform the following task only if your policy store is database.

Oracle Entitlements Server 11.1.1.5.0 schema is bound with APM. From Oracle Entitlements Server 11.1.2 release onwards, Oracle Entitlements Server security store relies on Oracle Platform Security Services for database. In order to access the Oracle Platform Security Services database, you need to create OPSS schema.

Complete the following steps to create Oracle Platform Security Store (OPSS) schema:

  1. Run Repository Creation utility (RCU) 11.1.2 to create the schema.

    For more information, see "Creating Schemas" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.

    Note:

    In the Select Components screen, expand AS Common Schemas and select Oracle Platform Security Services. Metadata Services is selected automatically. Deselect it and ignore the following message:

    Following components require Metadata Services schema: Oracle Platform Security Services.

  2. Log in to the database as SYS.

  3. Go to the following path:

    On UNIX:

    <IAM_HOME>/oes/upgrade/sql

    ON Windows:

    <IAM_HOME>\oes\upgrade\sql

  4. Run the following sql script:

    R2_Upgrade.sql

    This sql script copies the user data from Oracle Entitlements Server 11.1.1.5.0 to Oracle Platform Security Services.

    Note:

    In order to execute the R2_Upgrade.sql command, you need to install a database client or execute the script in another computer that has a database client installed on it.

7.1.7 Creating New Oracle Entitlements Server Domain

Oracle Entitlements Server 11.1.2 Administration applications requires a JRF domain. But Oracle Entitlements Server 11.1.1.5.0 does not support JRF. Therefore, in order to deploy Oracle Entitlements Server 11.1.2 applications, you must create a new Oracle Entitlements Server domain.

For more information, see "Configuring Oracle Entitlements Server in a New WebLogic Domain" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

7.1.8 Exporting Encryption Key

Credential data are encrypted and stored in the database. The encryption key is domain specific. Since you are moving to Oracle Entitlements Server 11.1.2 domain from Oracle Entitlements Server 11.1.1.5.0 domain, you must export the key to a keyfile and then import the key to the Oracle Entitlements Server 11.1.2 domain.

You must run the exportEncryptionKey()command to extract the encryption key from Oracle Entitlements Server 11.1.1.5.0 domain's bootstrap wallet.

Run the following command:

On UNIX:

  1. Move from your present working directory to the <MW_HOME>/oracle_common/common/bin directory by running the following command on the command line:

    cd <MW_HOME>/oracle_common/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. At the WLST prompt, run the following command:

    exportEncryptionKey(jpsConfigFile="<domaindir>/config/fmwconfig/jps-config.xml",keyFilePath="/tmp/key",keyFilePassword="<password>")

    where

    <domaindir> is the complete path of the Oracle Entitlements Server 11.1.1.5.0 domain location.

    <password> is the key file password.

On Windows:

  1. Move from your present working directory to the <MW_HOME>\oracle_common\common\bin directory by running the following command on the command line:

    cd <MW_HOME>\orcle_common\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. At the WLST prompt, run the following command:

    exportEncryptionKey(jpsConfigFile="<domaindir>\\config\\fmwconfig\\jps-config.xml",keyFilePath="\\tmp\\key",keyFilePassword="<password>")

    Where

    <domaindir> is the complete path of the Oracle Entitlements Server 11.1.1.5.0 domain location.

    <password> is the key file password.

7.1.9 Re-Associating Policy Stores

You must re-associate policy stores to make the Oracle Entitlements Server 11.1.2 domain uptake the security store which is based on the Oracle Platform Security Services schema. Run the configuresecuritystore.py script to re-associate policy stores as follows:

On UNIX:

  1. Move from your present working directory to the <MW_HOME>/oracle_common/common/bin/ by running the following command on the command line:

    cd <MW_HOME>/oracle_common/common/bin/

  2. Run the following WLST command:

    ./wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <domaindir> -m join -j <dwps1 jpsroot> -f <dwps1 farmname> -p <OPSS schema password> -s <OPSS data source name> -k <keyFilePath> -w <keyFilePassword>

    For example:

    ./wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <MW_HOME>/user_projects/domains/<oes_domain> -m join -j cn=jpsroot -f <oes_domain> -p welcome1 -s opss-DBDS -k /tmp/key -w myKeyPwd

On Windows:

  1. Move from your present working directory to the location <MW_HOME>\oracle_common\common\bin by running the following command on the command line:

    cd <MW_HOME>\oracle_common\common\bin

  2. Run the following WLST command:

    wlst.cmd <IAM_HOME>\common\tools\configureSecurityStore.py -d <domaindir> -m join -j <OES 11.1.1.5.0 jpsroot> -f <OES 11.1.1.5.0 farmname> -p <OPSS schema password> -s <OPSS data source name> -k <keyFilePath> -w <keyFilePassword>

    For example:

    wlst.cmd <IAM_HOME>\common\tools\configureSecurityStore.py -d <MW_HOME>\user_projects\domains\<oes_domain> -m join -j cn=jpsroot -f oes_domain -p welcome1 -s opss-DBDS -k \tmp\key -w myKeyPwd

Note:

If you are using 11g Release 2 Bundle Patch 11.1.2.0.1, note the following while running the configureSecurityStore.py command:

  • Use the argument --create_diagnostic_data while running the configureSecurityStore.py command. This creates the diagnostic data if it is not already present in your existing security store.

    On UNIX:

    ./wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <domaindir> -m join --create_diagnostic_data -j <dwps1 jpsroot> -f <dwps1 farmname> -p <OPSS schema password> -s <OPSS data source name> -k <keyFilePath> -w <keyFilePassword>
    

    On Windows:

    wlst.cmd <IAM_HOME>\common\tools\configureSecurityStore.py -d <domaindir> -m join --create_diagnostic_data -j <OES 11.1.1.5.0 jpsroot> -f <OES 11.1.1.5.0 farmname> -p <OPSS schema password> -s <OPSS data source name> -k <keyFilePath> -w <keyFilePassword>
    
  • You must use the argument --create_diagnostic_data only if you are using -m join option in the command.

Note:

For help on the command, run the following:

On UNIX:

./wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <domaindir> -help

On Windows:

wlst.cmd <IAM_HOME>\common\tools\configureSecurityStore.py -d <domaindir> -help

Table 7-2 describes the parameters you need to specify on the command line.

Table 7-2 Parameters for Reassociating Policy Stores

Parameter Description

MW_HOME

Specify the path to the Oracle Identity and Access Manager's Middleware Home. The following example shows the complete path:On UNIX, it is located in the /oracle/Middleware directory.

On Windows, it is located in the \oracle\Middleware directory.

IAM_HOME

Specify the path to the Oracle Identity and Access Manager Home. The following example shows the complete path:On UNIX, it is located in the /oracle/Middleware/Oracle_IDM1 directory.

On Windows, it is located in the \oracle\Middleware\Oracle_IDM1 directory.

domaindir

Specify the path to the Identity and Access Manager's domain location. The following example shows the complete path:

On UNIX, it is located in the <MW_HOME>/user_projects/domains/base_domain directory.

On Windows, it is located in the <MW_HOME>\user_projects\domains\base_domain directory.

-m

The following are the two options available for the argument -m:

  • create

    -m create option creates a new security store. This option is applicable for fresh installation.

  • join

    -m join option uses an existing database security store for the domain. Since this is an upgrade, you must use -m join option while running the configureSecurityStore.py command.

OPSS_schema_ password

Specify the password of OPSS schema.

-k

Specify the path to the KeyFile. The following example shows the complete location:

On UNIX, it is located at /tmp/key

On Windows, it is located at \tmp\key

-w

Specify the KeyFile password.


7.1.10 Upgrading Oracle Platform Security Services

Upgrading Oracle Platform Security Services (OPSS) is required to upgrade the configuration and policy stores of Oracle Entitlements Server 11.1.1.5.0 to Oracle Entitlements Server 11.1.2. It upgrades the jps-config.xml file and policy stores.

For Database

To upgrade Oracle Platform Security Services (OPSS), do the following:

On UNIX:

  1. Move from your present working directory to the <MW_HOME>/oracle_common/common/bin directory by running the following command on the command line:

    cd <MW_HOME>/oracle_common/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. At the WLST prompt, run the following command:

    upgradeOpss(jpsConfig="existing_jps_config_file", jaznData="system_jazn_data_file")

    For example:

    upgradeOpss(jpsConfig="<MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml",jaznData="<MW_HOME>/oracle_common/modules/oracle.jps_11.1.1/domain_config/system-jazn-data.xml")

  4. Exit the WLST console using the exit()command.

On Windows:

  1. Move from your present working directory to the <MW_HOME>\oracle_common\common\bin directory by running the following command on the command line:

    cd <MW_HOME>\oracle_common\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. At the WLST prompt, run the following command:

    upgradeOpss(jpsConfig="existing_jps_config_file", jaznData="system_jazn_data_file")

    For example:

    upgradeOpss(jpsConfig="<MW_HOME>\\user_projects\\domains\\base_domain\\config\\fmwconfig\\jps-config.xml",jaznData="<MW_HOME>\\oracle_common\\modules\\oracle.jps_11.1.1\\domain_config\\system-jazn-data.xml")

  4. Exit the WLST console using the exit() command.

Table 7-3 describes the parameters you specify on the command line:

Table 7-3 Parameters for Upgrading OPSS

Parameter Description

jpsConfig

Specify the path to the jps-config.xml file in your 11.1.2 installation. The following example shows the complete path:

On UNIX, it is located in the <MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml directory.

On Windows, it is located in the <MW_HOME>\user_projects\domains\base_domain\config\fmwconfig\jps-config.xml directory.

jaznData

Specify the path to the system-jazn-data.xml file in your 11.1.2 installation. The following example shows the complete path:

On UNIX, it is located in the <MW_HOME>/oracle_common/modules/oracle.jps_11.1.1/domain_config/system-jazn-data.xml directory.

On Windows, it is located in the <MW_HOME>\oracle_common\modules\oracle.jps_11.1.1\domain_config\system-jazn-data.xml directory.


For LDAP

To upgrade Oracle Platform Security Services (OPSS), do the following:

On UNIX

  1. Move from your present working directory to the <MW_HOME>/oracle_common/common/bin directory by running the following command on the command line:

    cd <MW_HOME>/oracle_common/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. At the WLST prompt, run the following command:

    upgradeOpss(jpsConfig="existing_jps_config_file", jaznData="system_jazn_data_file")

    For example:

    upgradeOpss(jpsConfig="<MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml",jaznData="<MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/system-jazn-data.xml")

  4. Exit the WLST console using the exit() command.

On Windows:

  1. Move from your present working directory to the <MW_HOME>\oracle_common\common\bin directory by running the following command on the command line:

    cd <MW_HOME>\oracle_common\common\bin

  2. Run the following command:

    wlst.cmd

  3. Run the following script:

    upgradeOpss(jpsConfig="existing_jps_config_file", jaznData="system_jazn_data_file")

    For example:

    upgradeOpss(jpsConfig="<MW_HOME>\\user_projects\\domains\\base_domain\\config\\fmwconfig\\jps-config.xml",jaznData="<MW_HOME>\\user_projects\\domains\\base_domain\\config\\fmwconfig\\system-jazn-data.xml")

  4. Exit the WLST console using the exit() command.

Table 7-4 describes the parameters you specify on the command line:

Table 7-4 Parameters for upgrading OPSS

Parameter Description

jpsConfig

Specify the path to the jps-config.xml file in your 11.1.2 installation. The following example shows the complete path:

On UNIX, it is located in the <MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml directory.

On Windows, it is located in the <MW_HOME>\user_projects\domains\base_domain\config\fmwconfig\jps-config.xml directory.

jaznData

Specify the path to the jaznData file in your 11.1.2 installation. The following example shows the complete path:

On UNIX, it is located in the <MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/system-jazn-data.xml directory.

On Windows, it is located in the <MW_HOME>\user_projects\domains\base_domain\config\fmwconfig\system-jazn-data.xml directory.


7.1.11 Starting the Administration Server and Oracle Entitlements Server Managed Servers

After the upgrade is complete, start the WebLogic Administration Server, the Administration Server for the domain that contains Oracle Entitlements Server, and the Oracle Entitlements Server Managed Server by running the following commands on the command line:

Starting Administration Server

To start the Administration Server, do the following:

On UNIX:

Run the following command:

cd <MW_HOME>/user_projects/domains/<domain_name>/bin

./startWebLogic.sh

On Windows:

Run the following command:

cd <MW_HOME>\user_projects\domains\<domain_name>\bin

startWebLogic.cmd

Starting Managed Servers

To start the Managed Servers, do the following:

On UNIX:

  1. Move from your present working directory to the <MW_HOME>/user_projects/domains/<domain_name>/bin directory by running the following command on the command line:

    cd <MW_HOME>/user_projects/domains/<domain_name>/bin

  2. Run the following command to start the Managed Servers:

    ./startManagedWebLogic.sh <managed_server_name> <admin_url> <user_name> <password>

    where

    <managed_server_name> is the name of the Managed Server

    <admin_url> is URL of the administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.

    <user_name> is the username of the WebLogic Administration Server.

    <password> is the password of the WebLogic Administration Server.

On Windows:

  1. Move from your present working directory to the <MW_HOME>\user_projects\domains\<domain_name>\bin directory by running the following command on the command line:

    cd <MW_HOME>\user_projects\domains\<domain_name>\bin

  2. Run the following command to start the Managed Servers:

    startManagedWebLogic.cmd <managed_server_name> <admin_url> <user_name> <password>

    where

    <managed_server_name> is the name of the Managed Server.

    <admin_url> is URL of the administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.

    <user_name> is the username of the WebLogic Administration Server.

    <password> is the password of the WebLogic Administration Server.

For more information, see "Starting the Stack" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

7.1.12 Redeploying APM

To get the latest APM policies into the policy store, you must redeploy the APM applications.

Complete the following steps to redeploy APM:

On UNIX:

  1. Move from your present working directory to the <MW_HOME>/wlserver_10.3/common/bin directory by running the following command on the command line:

    cd <MW_HOME>/wlserver_10.3/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following command:

    redeploy(appName='oracle.security.apm')

  5. Exit the WLST console using the exit() command.

On Windows:

  1. Move from your present working directory to the <MW_HOME>\wlserver_10.3\common\bin by running the following command on the command line:

    cd <MW_HOME>\wlserver_10.3\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following command:

    <domaindir>\serverConfig\redeploy(appName='oracle.security.apm')

    where

    <domaindir> is the complete path to the Oracle Entitlements Server 11.1.2 domain.

    For example:

    <MW_HOME>\user_projects\domains\<oes_domain>\serverConfig\ redeploy(appName='oracle.security.apm')

  5. Exit the WLST console using the exit() command.

7.1.13 Verifying the Upgrade

To verify the Oracle Entitlements Server upgrade, do the following:

  • Log in to LDAP or database and verify the schema version in the PolicyStore. The version number should be 11.1.2.

  • The application MAPI works with both old and new functionalities.

    Create a new policy to see if CRUD operations on the policy store artifacts, using their entity managers, are working.

    For more information, see "Creating Fine Grained Elements for a Simple Policy" in the Oracle Fusion Middleware Developer's Guide for Oracle Entitlements Server.

  • The Application Runtime Authorization continues working.

    To verify, create an authorization, as mentioned in "Using the PEP API" in the Oracle Fusion Middleware Developer's Guide for Oracle Entitlements Server, and see if it works correctly.

7.2 Upgrading Oracle Entitlements Server Client Server

This section contains the following topics:

7.2.1 Upgrade Roadmap for Oracle Entitlements Server Administration Server

Note:

If you do not follow the exact sequence provided in this task table, your Oracle Entitlements Server Client Server upgrade may not be successful.

Table 7-5 lists the steps for upgrading Oracle Entitlements Server Client Server upgrade.

Table 7-5 Upgrade Flow

Sl. No. Task For More Information

1

Shut down all security modules. This includes shutting down the Administration Server and Managed Servers too.

See, Stopping all Security Module Instances

2

Upgrade 11.1.1.5.0 Oracle Home to 11.1.2.

See, Upgrading Oracle Entitlements Server Client 11g Release 2 (11.1.2)

3

Change the username and password.

See, Changing Username and Password for the New Schemas

4

Start the security modules.

See, Starting the Security Modules

5

Verify the Oracle Entitlements Server Client Server upgrade.

See, Verifying the Upgrade


7.2.2 Stopping all Security Module Instances

Bring down all security module instances, Administration Server, and Managed Servers.

The security module instances shuts down when the Administration Server and Managed Servers are shut down.

To stop the servers, see Section 7.1.2, "Shutting Down Administration Server and Managed Servers".

7.2.3 Upgrading Oracle Entitlements Server Client 11g Release 2 (11.1.2)

To upgrade Oracle Entitlements Server Client Server, you must use the 11.1.2 installer. During the procedure, point the Middleware Home to your existing 11.1.1.5.0 Oracle Entitlements Server Middleware Home. This upgrades your Middleware Home and Oracle Home from 11.1.1.5.0 to 11.1.2.

This section contains the following topics:

7.2.3.1 Prerequisites

You must install and configure Oracle Entitlements Server Administration Server, as described in Section 7.1.5, "Upgrading Oracle Entitlements Server Administration Server 11g Release 2 (11.1.2)".

7.2.3.2 Obtaining the Software

For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.

7.2.3.3 Installing Oracle Entitlements Server Client Server 11g Release 2 (11.1.2)

For more information on installing Oracle Entitlements Server Client Server 11.1.2, see "Installing Oracle Entitlements Server Client" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

7.2.3.4 Verifying the Installation

To verify that your Oracle Entitlements Server Client install was successful, go to your Oracle Home directory which you specified during installation and verify that the Oracle Entitlements Server Client installation files are created.

7.2.4 Changing Username and Password for the New Schemas

If Oracle Entitlements Server client is running in a controlled-pull mode or in an uncontrolled mode, the jps-config.xml of the Security Module instance must be changed to reflect the schema changes done during the Administration Server upgrade.

Before running the oessmconfig.sh command, you need to modify jps-config.xml of the controlled-pull or uncontrolled security module.

Controlled-Pull Security Module

For controlled-pull security module, add the following to the pdp.service instance:

<property name="oracle.security.jps.runtime.pd.client.SMinstanceType" value="<sm_type>"/>

Replace "<sm_type>" with the actual type.

For example:

"java"

Uncontrolled Security Module

For uncontrolled security module, add the following to the pdp.service instance:

<property name="oracle.security.jps.runtime.pd.client.policyDistributionMode" value="non-controlled"/>

<property name="oracle.security.jps.runtime.pd.client.sm_name" value="<sm_name>"/>

<property name="oracle.security.jps.runtime.pd.client.SMinstanceType" value="<sm_type>"/>

Replace "<sm_name>" "<sm_type>" with the actual values.

Do the following to change the username and password of the new schemas:

  1. Go to the following path:

    On UNIX, <CLIENT_HOME>/oesclient/oessm/enroll/bin

    On Windows, <CLIENT_HOME>\oesclient\oessm\enroll\bin

  2. Run the following command:

    On UNIX:

    ./oessmconfig.sh -jpsconfig <path to the jps-config.xml>

    On Windows:

    oessmconfig.cmd -jpsconfig <path to the jps-config.xml>

  3. A Graphic User Interface displays. See Figure 7-1.

  4. Click SM Configuration.

  5. Click the Policy Store sub-tab.

  6. Enter the new schema user name and password.

  7. Click Test Connection

  8. When you get the successful security module test message, click Save & Close.

Figure 7-1 Java Security Module

Description of Figure 7-1 follows
Description of "Figure 7-1 Java Security Module"

7.2.5 Starting the Security Modules

You must start the security modules by starting the Administration Server and Managed Servers.

To start the servers, see Section 7.1.11, "Starting the Administration Server and Oracle Entitlements Server Managed Servers".

7.2.6 Verifying the Upgrade

To verify, create an authorization, as mentioned in "Using the PEP API" in the Oracle Fusion Middleware Developer's Guide for Oracle Entitlements Server, and see if it works correctly.

The Application Runtime Authorization continues working.