This chapter describes how to migrate Sun OpenSSO Enterprise (OpenSSO Enterprise) 8.0 to Oracle Access Management Access Manager (Access Manager) 11g Release 2 (11.1.2).
The chapter contains the following sections:
This section introduces two tools that are used in the process of migrating Sun OpenSSO Enterprise 8.0 to Oracle Access Manager 11.1.2.
The OpenSSO Agent Assessment Tool reads the agents and policies from the OpenSSO Enterprise server, analyzes which policy elements can be migrated to Access Manager 11.1.2, and generates an assessment report. The generated report provides information on whether the agents can be migrated or not, and whether the policies can be manually migrated, auto-migrated, or semi-migrated based on the Access Manager 11.1.2 policy model.
The assessment tool reads and shows information about OpenSSO Enterprise agent profile, policies, user stores, and authentication stores. It assesses what data can be migrated, and what cannot be migrated to Access Manager 11.1.2, based on the understanding of the artifacts supported in Access Manager 11.1.2.
You can generate the assessment report more than once before you can migrate the OpenSSO Enterprise 8.0 to Access Manager 11.1.2.
The Migration tool migrates the following artifacts of OpenSSO Enterprise 8.0 to Access Manager 11.1.2:
Agents configuration
Policies
User store configuration
Authentication store configuration
Note:
The migration tool and assessment tool do not support connection with the configuration store over the SSL port.
For more information about other migration scenarios, see Section 1.3, "Migration and Coexistence Scenarios".
This section describes the two modes of migration that you can perform using the procedure described in this chapter. The following are the two modes of migration:
Complete Migration migrates all compatible agents, policies, user stores, and authentication stores of OpenSSO Enterprise 8.0 to Access Manager 11.1.2. The migration that you perform for the first time is a complete migration. After the first migration, each next run will be considered as delta migration. Complete migration can be performed only once, and only for the first time.
The fresh migration sets the migration version in the Access Manager 11.1.2 configuration store.
To perform complete migration, follow the procedure described in Migration Roadmap.
Note:
If the complete migration fails, you must manually clean up the partially migrated data, before you start performing the complete migration again.
Delta Migration is a mode of migration where you can migrate the newly added artifacts (agents, policies, user stores, and authentication stores) of OpenSSO Enterprise 8.0 to Access Manager 11.1.2. Delta migration is supported only for creation operations.
After the first round of migration (that is, complete migration), every migration that you perform is delta migration.
Each time you perform delta migration, the information about the migration version set by complete migration in the Access Manager 11.1.2 configuration store is retrieved, is incremented by one, and is saved back to the Access Manager 11.1.2 configuration store.
The procedure to perform a delta migration is same as that of a complete migration, and is described in Migration Roadmap.
This sections summarizes the artifacts of OpenSSO Enterprise 8.0 that are compatible with Access Manager 11.1.2. This section contains the following topics:
This section summarizes the migration of agents from OpenSSO Enterprise 8.0 to Access Manager 11.1.2.
This migration tool migrates the agent configuration and not the agent itself. The following agents are supported for migration:
Java EE Agents 3.0: WebLogic 10.3
Web Agents 3.0: Internet Information Services (IIS) 7.5
Centralized Agents are migrated to Access Manager 11.1.2. These are the agents that work in centralized configuration mode. They store all their configuration details in OpenSSO Enterprise 8.0 server, and read the configuration during agent bootstrap from the OpenSSO Enterprise server over REST call. These agents do not honor local configuration file. After migration, the configuration details of these agents are stored in Access Manager 11.1.2.
Local agents are migrated with minimal configuration. Local agents are the agents that work in local configuration mode. These agents honor the local configuration file only for their own configuration. Only the basic configuration properties like agent ID, agent password, agent base URL of the local agents are stored in the OpenSSO Enterprise 8.0 Server. After migration, these configuration details are stored in the Access Manager 11.1.2 Server.
Agent migration has the backward compatibility.
If two or more agents exist with the same name under different realms, the agents are migrated with the name preceded by the realm name.
For example: If the agent named j2eeAgent
exists in both TopRealm
(/
) and SubRealm
(/>SubRealm
), then these agents are migrated with the name TopRealm_j2eeAgent
and SubRealm_j2eeAgent
.
This section summarizes the migration of policies from OpenSSO Enterprise 8.0 to Access Manager 11.1.2.
OpenSSO Enterprise 8.0 policies consist of the following four artifacts:
Rules (resources + actions)
Subjects
Conditions
Response Providers
The policies in the assessment report (PolicyInfo.txt
), which is generated when you run the OpenSSO Agent assessment tool, are classified into Auto Policies, Semi Policies, and Manual Policies based on the compatibility of the artifacts in Access Manager 11.1.2:
Auto Policies: A policy is regarded as auto policy if all the artifacts of that policy can be mapped to the policy artifacts in Access Manager 11.1.2. All the auto policies can be migrated to Access Manager 11.1.2.
Semi Policies: A policy is regarded as semi policy if some of the artifacts of that policy can be mapped to the policy artifacts in Access Manager 11.1.2. Semi policies are not migrated to Access Manager 11.1.2.
Manual Policies: A policy is regarded as manual policy if none of the artifacts of that policy can be mapped to the policy artifacts of Access Manager 11.1.2. Manual policies are not migrated to Access Manager 11.1.2.
OpenSSO Enterprise 8.0 has two types of policies:
Referral Policies: These policies do not apply to migration.
Non-Referral Policies: These policies are migrated.
An OpenSSO Enterprise policy without a rule is not supported for migration. Such policy is considered invalid.
Rules that have the actions GET
and POST
are only applicable for migration. These rules have the service type as URL Policy Agent
.
Rules with other service types such as Discovery Service
that has the actions LOOKUP
and UPDATE
, and service type Liberty Personal Profile Service
that has the actions QUERY
and MODIFY
are not applicable for migration because these actions (which are known as resource operations in Access Manager 11.1.2) are not supported in Access Manager 11.1.2.
Only the subject type OpenSSO Identity Subject
(user and group) and Authenticated Users
are supported for migration. These subjects are migrated as part of Identity Condition
in Access Manager 11.1.2.
Active Session Time
This condition of OpenSSO Enterprise policy is mapped to the attribute Session Expiry Time
of the AttributeCondition in Access Manager 11.1.2.
The attribute Terminate session
of this condition is ignored during migration as the appropriate mapping of this attribute does not exist in Access Manager 11.1.2.
Authentication by Module Instance
This condition of OpenSSO Enterprise policy is migrated to Access Manager 11.1.2 as AuthN
scheme, and not as a condition.
Table 15-1 lists the authentication modules of OpenSSO Enterprise 8.0 that are migrated and mapped with AuthN
scheme into Access Manager 11.1.2.
Authentication Level (less than or equal to) and Authentication Level (greater than or equal to)
Both the conditions of OpenSSO Enterprise policy are mapped to the session attributes of the AttributeCondition
with namespace SESSION
and attribute name Authentication Level
.
Both the conditions are mapped to the AttributeOperator EQUALS
, as Access Manager 11.1.2 does not have corresponding mapping for greater then or equal to
and less than or equal to
. This mapping is done because of the equals
factor in the policy condition in OpenSSO Enterprise 8.0. Therefore, both the conditions greater then or equal to
and less than or equal to
are similar in Access Manager 11.1.2.
For example, if you migrate an OpenSSO Enterprise 8.0 policy with a condition of authentication level less than or equal to 5
, the migrated policy in Access Manager 11.1.2 will have the authentication level equal to 5
.
Current Session Properties
This condition is mapped to the session attributes of the AttributeCondition with namespace SESSION
and attribute name Other
, where the key/value will be added as attributes of this condition. This condition in OpenSSO Enterprise 8.0 is multi-valued. Therefore, this condition in Access Manager 11.1.2 has multiple attributes with same name but different values.
Identity Membership
This condition in OpenSSO Enterprise policy is mapped to Identity condition
in Access Manager 11.1.2.
All the unique users or groups from all the subjects, and all the unique users or groups from all the identity membership conditions in OpenSSO Enterprise 8.0 are created as a set of users or groups in one Identity condition in Access Manager 11.1.2.
During run-time verification, the ORing is performed between this set of users or groups
IP Address/DNS Name
The condition IP Address
in OpenSSO Enterprise 8.0 policy is mapped to IP condition
in Access Manager 11.1.2.
The condition DNS name
is not supported in Access Manager 11.1.2.
LDAP Filter Condition
This condition in OpenSSO Enterprise policy is mapped to Identity condition
in Access Manager 11.1.2.
All the unique LDAP filters from all the LDAP filter conditions in OpenSSO Enterprise 8.0 are created as a set of LDAP filters in one Identity condition in Access Manager 11.1.2.
Time (day, date, time, and time zone)
This condition in OpenSSO Enterprise 8.0 policy is mapped to Time condition
in Access Manager 11.1.2.
The Time
condition in OpenSSO Enterprise 8.0 contains one of the following values: date, time, day, or time zone; whereas the Time
condition in Access Manager 11.1.2 contains either time or day. Therefore, the Time
condition in OpenSSO Enterprise 8.0 containing only the time (start and end time) and day can be mapped to the Time
condition in Access Manager 11.1.2. All the other cases are ignored.
OpenSSO Enterprise Server or Policy Server sends Identity or User repository attributes (that is, user attributes from any user store) to the agent as response providers. The OpenSSO agent sends these attributes back to the resource or application via Http header, request attribute, or Http cookie according to the configuration of the agent.
All of the response providers (static as well as dynamic) are migrated from OpenSSO Enterprise 8.0 to Access Manager 11.1.2 with the type Http header.
This section summarizes the migration of user stores from OpenSSO Enterprise 8.0 to Access Manager 11.1.2.
OpenSSO Enterprise has three types of user stores:
Active Directory: This user store can be migrated to Access Manager 11.1.2.
Generic LDAPv3: This user store can be migrated to Access Manager 11.1.2.
Sun DS with OpenSSO schema: This user store cannot be migrated to Access Manager 11.1.2, as no supported data store type is available in 11.1.2.
This section summarizes the migration of authentication stores from OpenSSO Enterprise 8.0 to Access Manager 11.1.2.
The following are the authentication stores in OpenSSO Enterprise 8.0 that can be migrated and mapped to the corresponding authentication modules in Access Manager 11.1.2:
LDAP in OpenSSO Enterprise 8.0 is mapped to OAM LDAP in Access Manager 11.1.2.
Certificate in OpenSSO Enterprise 8.0 is mapped to X509 in Access Manager 11.1.2.
Windows Desktop SSO in OpenSSO Enterprise 8.0 is mapped to Kerberos Access Manager 11.1.2.
All authentication stores with type LDAP are migrated to Access Manager 11.1.2 with name AS_
RealmName
_
Modulename
. The authentication stores with type other than LDAP are not migrated.
Figure 15-1 compares the topologies of Sun OpenSSO Enterprise 8.0 and Access Manager 11.1.2.
Figure 15-1 OpenSSO Enterprise 8.0 and Access Manager 11.1.2 Topologies
Table 15-2 lists the steps to migrate Sun OpenSSO Enterprise 8.0 to Access Manager 11.1.2.
Task No | Task | For More Information |
---|---|---|
1 |
Complete the prerequisites. |
|
2 |
Install Oracle Identity and Access Management 11.1.2. |
See, Installing Oracle Identity and Access Management 11.1.2 |
3 |
Configure Oracle Access Management Access Manager 11.1.2. |
See, Configuring Oracle Access Management Access Manager 11.1.2 |
4 |
Generate the assessment report, and analyze what artifacts can be migrated to Access Manager 11.1.2. You can perform this task multiple times. |
|
5 |
Start the WebLogic Administration Server. |
|
6 |
Migrate OpenSSO Enterprise 8.0 to Access Manager 11.1.2 by running the migration tool. |
See, Migrating the Artifacts of OpenSSO Enterprise 8.0 to Access Manager 11.1.2 |
7 |
Complete the post-migration steps. |
See, Post-Migration Tasks |
8 |
Verify the migration. |
You must complete the following prerequisites for migrating OpenSSO Enterprise 8.0 to Access Manager 11.1.2:
Read the Oracle Fusion Middleware System Requirements and Specifications document to ensure that your environment meets the minimum requirements for the products you are installing, upgrading, and migrating.
Note:
For information about Oracle Fusion Middleware concepts and directory structure, see "Understanding Oracle Fusion Middleware Concepts and Directory Structure" in the Oracle Fusion Middleware Installation Planning Guide for Oracle Identity and Access Management.
Verify that the OpenSSO Enterprise version that you are using is supported for migration. For information about supported starting points for OpenSSO Enterprise 8.0 migration, see Section 11.5, "Supported Starting Points for Sun OpenSSO Enterprise Migration".
As part of migration process, you must freshly install Oracle Identity and Access Management 11.1.2. This 11.1.2 installation can be on the same machine where Sun OpenSSO Enterprise 8.0 is installed, or on a different machine.
For more information about installing Oracle Identity and Access Management 11.1.2, see "Installing Oracle Identity and Access Management (11.1.2)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
Configure Access Manager 11.1.2, and create a domain.
For information about configuring Access Manager 11.1.2, see "Configuring Oracle Access Management" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
This section describes how to generate an assessment report using the OpenSSO Agent assessment tool. This assessment report provides a preview of agents, policies, user stores, and authentication stores that are available in the OpenSSO Enterprise 8.0 Server, and indicates which artifacts can be migrated to Access Manager 11.1.2.
You can generate an assessment report multiple times before you can start the migration process.
This section includes the following topics:
Note:
Before you run the OpenSSO Agent assessment tool, you must complete the following prerequisites:
Start the container on which OpenSSO Enterprise 8.0 is deployed.
Make sure that you use 1.6 or higher version of JDK.
Set the variable JAVA_HOME
to the appropriate location where JDK 1.6 is installed.
Move from your present working directory to the IAM_HOME
/oam/server/tools/opensso_assessment
directory using the following command:
On UNIX:
cd IAM_HOME/oam/server/tools/opensso_assessment/
On Windows:
cd IAM_HOME\oam\server\tools\opensso_assessment\
Extract the contents of the OpenssoAgentdiscTool.zip
folder to a directory of your choice. It is recommended that you use the name OpenssoAgentdiscTool
to the unzipped folder.
You must specify LDAP connection details in the properties file before you run the OpenSSO Agent assessment tool by doing the following:
Open the OpenSSOAgentDiscTool.properties
file from the following location:
On UNIX: unzipped_folder
/resources/
On Windows: unzipped_folder
\resources\
Set the appropriate values for the following properties:
openSSOLDAPServerURL=
host
:
port
In this property, host
and port
refer to the LDAP host and the port of the configuration store used in OpenSSO Enterprise 8.0.
openSSOLDAPBindDN=
login_id
where login_id
is the bind DN of the LDAP server. You must have the administrative or root permissions to the configuration directory server of OpenSSO Enterprise 8.0.
openSSOLDAPSearchBase=
LDAP_search_base
where LDAP_search_base
is LDAP search base for the configuration store.
Save the file, and close.
Note:
if you do not specify the LDAP connection details, a message will be displayed in the UserStoresInfo.txt
and AuthnStoreInfo.txt
files. This message indicates that the information is not available. The same message will be displayed in the user stores and authentication stores sections in DashBoardInfo.txt
file. You must then specify the right LDAP connection details in the OpenSSOAgentDiscTool.properties
file, save the file, and run the assessment tool again.
If you specify any incorrect value for any of these parameters, you cannot run the assessment tool, and error is displayed accordingly.
To run the OpenSSO Agent assessment tool, do the following:
Change your directory to the folder where you extracted the contents to, as described in Section 15.9.1, "Obtaining the Assessment Tool", using the following command:
cd <path to the unzipped folder>
Run the following command:
java -jar openssoagentdisc.jar OpenSSO_server_URL username debugLevel
In this command,
OpenSSO_server_URL
is the URL of the OpenSSO Enterprise 8.0 Server. You must specify it in the format: http://
host
:
port
/opensso
, where host
and port
refer to hostname and the port of the machine where OpenSSO Enterprise 8.0 Server is running.
username
is the username of the OpenSSO Enterprise 8.0 Server.
debugLevel
parameter is optional. The value of this parameter should be either error
or message
. If you do not specify this parameter in the command, it takes the default value error
.
You are prompted to enter the following:
Enter server login password:
Enter the password of the OpenSSO Enterprise 8.0 server admin user.
Enter LDAP login password:
Enter the login password of the LDAP server.
Note:
For more information about the arguments used in this command, run the following command in the unzipped directory:
java -jar openssoagentdisc.jar -help
The OpenSSO Agent assessment tool generates five report files in the following location:
unzipped_folder
/consoleOutput/
These reports contain information about agents, policies, user stores, and authentication stores of OpenSSO Enterprise 8.0 that are supported in Access Manager 11.1.2.
Table 15-3 lists the report files that are generated when you run the OpenSSO Agent assessment tool.
Table 15-3 Report Files Generated
File | Description |
---|---|
|
Contains information about J2EE and web agents, and the list of supported agents in Access Manager 11.1.2. |
|
Contains information about authentication stores. |
|
Contains brief information about agents, policies, user stores, and authentication stores. |
|
Contains information about policies. |
|
Contains information about user stores. |
You must start the WebLogic Administration Server before you can run the migration tool.
To start the WebLogic Administration Server, do the following:
On UNIX:
Move from your present working directory to the MW_HOME
/user_projects/domains/
domain_name
/bin
directory using the command:
cd MW_HOME/user_projects/domains/domain_name/bin/
Run the following command:
./startWebLogic.sh
When prompted, enter the username and password of the WebLogic Administration Server.
On Windows:
Move from your present working directory to the MW_HOME
\user_projects\domains\
domain_name
\bin
directory using the following command on the command line:
cd MW_HOME\user_projects\domains\domain_name\bin\
Run the following command:
startWebLogic.cmd
When prompted, enter the username and password WebLogic Administration Server.
Before you start the actual migration of the artifacts from OpenSSO Enterprise 8.0 to Access Manager 11.1.2, make sure that you have generated the assessment report (as described in Section 15.9, "Generating the Assessment Report"), and analyzed what artifacts can be migrated to Access Manager 11g.
To migrate Sun OpenSSO Enterprise 8.0 to Access Manager 11.1.2, do the following:
Create a properties file at any accessible location. For example, create a properties by name oam_migration.properties
.
Enter values for the following properties in the properties file:
openSSOServerURL=
OpenSSO_server_URL
openSSOAdminUser=
OpenSSO_admin_username
openSSOAdminPassword=
openSSOServerDebugLevel=error
/message
openSSOLDAPServerURL=
LDAP host:port
openSSOLDAPBindDN=
LDAP_bind_DN
openSSOLDAPBindPwd=
openSSOLDAPSearchBase=
LDAP_searchBase
Table 15-4 describes the values you must specify for each of the properties in the properties file.
Table 15-4 Property File Values
Property | Description |
---|---|
|
Specify the URL of the OpenSSO Enterprise 8.0 Administration Server. It must be specified in the format:
where
|
|
Specify the username of the OpenSSO Enterprise Administration Server. |
|
Do not specify any value for this property. The migration tool prompts you for the OpenSSO Enterprise admin password when you run the migration command, as described in step-4. |
|
Specify one of the following values:
This value represents the debug level. |
|
Specify the URL of the LDAP server. This must be specified in the format:
where
The |
|
Specify the bind DN of the LDAP server. This user must have the admin or root permissions to the configuration directory server of OpenSSO Enterprise. |
|
Do not specify any value for this property. The migration tool prompts you for the LDAP bind password when you run the migration command as described in step-4. |
|
Specify the LDAP search base for the configuration store. |
Note:
Do not specify any value for openSSOAdminPassword
and openSSOLDAPBindPwd
properties.
Run the following command to launch the WebLogic Scripting Tool (WLST):
On UNIX:
Move from your present working directory to the IAM_HOME
/common/bin
directory by running the following command on the command line:
cd
IAM_HOME
/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
On Windows:
Move from your present working directory to the IAM_HOME
\common\bin
directory by running the following command on the command line:
cd
IAM_HOME
\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
Run the following command to connect WLST to the WebLogic Server instance:
connect('wls_admin_username','wls_admin_password','t3://hostname:port');
In this command,
wls_admin_username
is the username of the WebLogic Administration Server.
wls_admin_password
is the password of the WebLogic Administration Server.
hostname
is the machine where WebLogic Administration Server ia running.
port
is the port of the Administration Server.
Run the following command to migrate the artifacts of OpenSSO Enterprise 8.0 to Access Manager 11.1.2:
oamMigrate(oamMigrateType="OpenSSO",pathMigrationPropertiesFile="absolute_path_of_properties_file");
In this command,
absolute_path_of_properties_file
is the absolute path to the properties file that you created in step-1. For example:
On UNIX: oamMigrate(oamMigrateType="OpenSSO",pathMigrationPropertiesFile="
abc
/
def
/oam_migration.properties
"
On Windows: oamMigrate(oamMigrateType="OpenSSO",pathMigrationPropertiesFile="
abc
\\
def
\\oam_migration.properties
You are prompted to enter the following:
Enter value for property : openSSOAdminPassword :
Enter the password of the OpenSSO Enterprise 8.0 Administration Server.
Enter value for property : openSSOLDAPBindPwd :
Enter the bind password of the LDAP server.
Note:
Complete migration is performed when you run the oamMigrate()
command for the first time.
After an initial migration (complete migration), you can re-execute this command to perform delta migration.
For more information about complete and delta migration, see Section 15.2, "Modes of Migration".
When the migration is complete, the WLST console displays a message stating the result of the migration.
After you migrate OpenSSO Enterprise 8.0 to Access Manager 11.1.2, you must complete the following post-migration tasks:
The agent artifacts (properties files) are generated when you perform a migration. The following two properties files are generated in the location domain_home
/output/OpenSSOMigration/OpenSSO8.0/
Realm_Name
/Agent_Name
/
*.properties
:
OpenSSOAgentBootstrap.properties
OpenSSOAgentConfiguration.properties
You must copy these property files to the agents' configuration location. For each agent, complete the following steps:
Stop the agent.
Back up the existing properties file (that is, the properties file which existed on the agent host before you started the migration process).
Copy the agent's artifacts (properties files) to the agent deployment location:
/
agent_install_dir
/weblogic_v10_agent/Agent_001/config
Modify the container specific property in the OpenSSOAgentBootstrap.properties
file as follows:
For Glassfish agent, set the following property:
com.sun.identity.agents.config.service.resolver=com.sun.identity.agents.appserver.v81.AmASAgentServiceResolver
For WebLogic agent, set the following property:
com.sun.identity.agents.config.service.resolver=com.sun.identity.agents.weblogic.v10.AmWLAgentServiceResolver
Restart the agent.
Clean up the cookies and cache of the browser.
The migration tool does not retrieve the passwords of the user stores that are migrated from OpenSSO Enterprise 8.0 to Access Manager 11.1.2. Therefore, after migration, you must manually update the passwords for all the user stores that are migrated. To do this, complete the following steps:
Log in to the Oracle Access Management 11.1.2 console using the following URL:
http://host:port/oamconsole
In this URL, host
refers to the fully qualified domain name of the machine hosting the Oracle Access Management Server, and port
refers to the designated bind port for the Oracle Access Management Console, which is the same as the bind port for the Administration Server.
Go to the System Configuration tab.
Under Common Configuration, expand Data Sources on the left navigation pane.
Expand User Identity Stores, manually update the password for all the migrated LDAP user stores that exist.
After migration, the minimum and maximum pool size for the migrated authentication stores will be set to 0, by default. Hence, you must manually set the appropriate values for Minimum Pool Size and Maximum Pool Size for the authentication stores in the Oracle Access Management 11.1.2 console. To do this, complete the following steps:
Log in to the Oracle Access Management 11.1.2 console using the URL:
http://host:port/oamconsole
Go to the System Configuration tab.
Expand Common Configuration on the left navigation pane.
Expand Data Sources, and then expand User Identity Stores.
Select the authentication store to be edited.
Scroll down to Connection Details, and set the values Minimum Pool Size and Maximum Pool Size. For example, Minimum Pool Size=10 and Maximum Pool Size=50.
Click Apply.
To verify the migration, do the following:
Log in to the Oracle Access Management 11.1.2 console using the following URL:
http://host:port/oamconsole
In this URL,
host
refers to the fully qualified domain name of the machine hosting the Oracle Access Management 11.1.2 console.
port
refers to the designated bind port for the Oracle Access Management 11.1.2 console, which is the same as the bind port for the Administration Server.
Verify that the OpenSSO Enterprise agents, user stores, authentication stores, authentication modules, host identifiers, resources, policies with correct authentication scheme having correct authentication module are migrated to Access Manager 11.1.2.
Access any protected page using the URL. The URL now redirects you to the Oracle Access Management Server login page. Upon successful authentication, it should perform a successful authorization and you should be able to access the resource successfully.