7 Patching Oracle Identity and Access Management

This chapter describes additional patching procedures for Oracle Identity and Access Management components.


If you have a version of Oracle Identity Management that is earlier than 11g, you must upgrade your software and the patching instructions in this chapter are not applicable. For upgrade instructions, see the Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management.

This chapter contains the following sections:

7.2 Patching Oracle Identity and Access Management Components

To apply the latest patch set to Oracle Identity Manager, Oracle Access Manager or Oracle Adaptive Access Manager, you must first patch to

For information on how to patch your existing components to, refer to the following sections in the Oracle Fusion Middleware Patching Guide in the Oracle Fusion Middleware 11g Release 1 ( documentation library:


Be sure to review the Oracle Fusion Middleware Interoperability and Compatibility Guide for interoperability issues between Oracle Identity Management and Oracle Fusion Middleware Identity and Access Management components.

Once the components have been upgraded to, you can apply the patch by following the steps in Section 3.6, "Patching Oracle Fusion Middleware".

7.3 Updating Oracle Identity Manager to

This section describes the steps needed to update your existing Oracle Identity Manager environment to


The following steps are optional and are not required to complete the patching of Oracle Identity Manager.

  1. Shut down the following servers running in the domain:

    • Administration Server for Oracle Identity Manager

    • Managed Servers for Oracle Identity Manager


    The SOA server must be running while applying the patch set. If the SOA server is not running, you will receive an error message and the patch set will not be applied.

  2. After stopping the servers, you must back up your old Oracle Identity Manager environment before you upgrade to Oracle Identity Manager Be sure that you have backed up the following:

    • MW_HOME directory, including the Oracle Home directories inside Middleware Home

    • Domain Home directory

    • Oracle Identity Manager schemas

    • MDS schema

    • ORASDPM schema

    • SOAINFRA schemas

  3. Make sure you have patched your Oracle SOA Suite software to the latest supported version.

  4. Run the Oracle Identity and Access Management 11g Release 1 ( Patch Set Installer to patch your existing Oracle Identity and Access Management deployment as described in Applying the Patch Set.

  5. Run Patch Set Assistant (located in the bin directory inside the ORACLE_HOME).

    Chapter 4, "Updating Your Schemas with Patch Set Assistant" contains information about using the Patch Set Assistant.

  6. Select Oracle Identity Manager from the Select Component screen. The following schemas are automatically selected for upgrade:

    • Oracle Identity Manager schema _OIM

    • Oracle Metadata Services schema _MDS

      There will be two Oracle Metadata Services schemas selected:

      • Oracle Metadata Services schema used for OIM

      • Oracle Metadata Services schema used for SOA

    • Oracle SOA Infrastructure schema _SOAINFRA

    • User Messaging schema _ORASDPM

    Chapter 4, "Updating Your Schemas with Patch Set Assistant" contains information about using the Patch Set Assistant.

  7. Oracle Identity Manager provides an optional standalone patching utility that is used to automate some configuration tasks and optional features. After you have applied the patch set, run this utility to:

    • Drop unused database objects

    • Deploy SOA-composites that were changed or introduced with this release

    • Seed new tasks, jobs and notifications

    • Change system properties that cannot be changed with MDS listeners (MBeans)

    • Apply domain specific changes like deployment of new ears, shared libraries to respective target servers

  8. From your present working directory, navigate to the ORACLE_Home/server/bin directory on UNIX systems or ORACLE_Home\server\bin on Windows operating systems.

  9. Navigate to ORACLE_HOME/server/bin and edit the oimPS1PS2upgrade.properties file with the following environment variables:

    Variable Description Sample Value


    Where JAVA_HOME is the location of the JDK included in the installer.

    On UNIX operating systems:


    On Windows operating systems:

    C:\Program Files\Java\jdk1.6.0_02


    Where WEBLOGIC_USER is the name of the WebLogic server administrator.



    Where WEBLOGIC_HOST is the location of the machine hosting the server.



    Where WEBLOGIC_PORT is the listening port of the server.

    Where WEBLOGIC_PORT= 1521


    Where WEBLOGIC.SERVER.DIR is the location of the Oracle WebLogic server installation.

    On UNIX operating systems:


    On Windows operating systems:


    For Windows operating systems, the following parameters must be set as environment variables. These variables are not read from the oimPS1PS2upgrade.properties file. Any variables set within the properties file will be ignored.

    Variable Description


    Set OIM_ORACLE_HOME to the IAM Oracle Home, where Oracle Identity Manager is installed.



    Where ANT_HOME is the location of the Ant Java library



    Where MW_HOME is the Middleware home that contains the existing Oracle Identity Manager .


  10. Depending on your environment configuration, you may also need to set the following environment variables to TRUE:

    Variable Description Sample Value (UNIX operating systems)


    Set to TRUE to Enable LDAP sync.



    Set to TRUE if your environment is FA. For non-FA environments set to FALSE.



    Set to TRUE if your environment is FA-SOD. For non-FA environments, set to FALSE.



    Set to TRUE if you have a multi-tenant environment. For non-multi-tenant environment, set to FALSE.


  11. Note:

    Environment details must be provided for each flag set to TRUE. For example, if SODEnabled=true, you must provide the following:

    • Location of the SOA_HOME

    • Name of the SOA Managed Server

    • Name of the database that hosts the server

    • Server port number

    Verify that you have provided all environment-related information for each variable enabled to TRUE before performing the upgrade.

  12. Run oimPS1PS2upgrade.sh (on UNIX) or oimPS1PS2upgrade.bat (on Windows).

  13. Restart the Administration Server and Managed Server for Oracle Identity Manager.

  14. Verify that the Upgrade utility completed successfully.

    • Review the oimPS1PS2upgrade.log file created in the ORACLE_HOME/server/upgrade/log directory.

      End of file should state BUILD SUCCESSFUL.

    • Verify all the required schema s are upgraded properly by running the following query:

      select comp_name,version,status,upgraded from schema_version_registry;
      SDP Messaging VALID Y
      SOA Infrastructure Services VALID Y
      Metadata Services VALID Y
      Oracle Identity Manager VALID Y

7.3.1 Upgrading Oracle Identity Manager Remote Manager

After you have updated your Oracle Identity Manager to, you must reinstall the Remote Manager, if you will be using Remote Manger features.

  1. Back up configuration files

    Before starting the Remote Manager upgrade, back up the following Remote Manager configuration files:

    • On UNIX, $<XLREMOTE_HOME>/remotemanager.sh

    • $<XLREMOTE_HOME>/xlremote/config/xlconfig.xml file.

    • On Windows, <XLREMOTE_HOME>\remotemanager.bat

    • <XLREMOTE_HOME>\xlremote\config\xlconfig.xml file.

  2. Run the Oracle Identity and Access Management Installer to upgrade the Remote Manager home.

  3. Restore configuration files.

    Restore the backed up configuration files in the upgraded Remote Manager home.

7.3.2 Upgrading Oracle Identity Manager Design Console

The Oracle Identity Manager Design Console is used to configure system settings that control the system-wide behavior of Oracle Identity Manager and affect its users. The Design Console allows you to perform user management, resource management, process management, and other administration and development tasks. For more information about the Design Console, see "Design Console Overview" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.


Oracle recommends that you install Oracle Identity Manager and the Design Console in different directory paths, regardless of whether the Design Console is on the same system as the Oracle Identity Management server.

To upgrade Design Console, complete the following steps:

  1. Back up the following files:

    • On UNIX operating systems:



    • On Windows operating systems:



  2. Run the Oracle Identity and Access Management Installer to upgrade the Design Console home <XLDC_HOME>.

  3. Restore the backed up files in the upgraded Design Console home.

  4. Build and copy the wlfullclient.jar file as follows:

    1. Go to WebLogic_Home/server/lib directory on UNIX and WebLogic_Home\server\lib directory on Windows.

    2. Set the JAVA_HOME environment variable and add the JAVA_HOME variable to the PATH environment variable.

      For example, you can set the JAVA_HOME to the jdk160_21 directory inside the Middleware home.

    3. Run the following command to build the wlfullclient.jar file:

      java -jar <MW_HOME>/modules/com.bea.core.jarbuilder_1.7.0.0.jar

    4. Copy the wlfullclient.jar file to the <IAM_HOME> where you installed the Design Console. For example:

      On UNIX operating systems:

      cp wlfullclient.jar <Oracle_IDM2>/designconsole/ext

      On Windows operating systems:

      copy wlfullclient.jar <Oracle_IDM2>\designconsole\ext