This chapter describes additional patching procedures for Oracle Identity and Access Management components.
Note:
If you have a version of Oracle Identity Management that is earlier than 11g, you must upgrade your software and the patching instructions in this chapter are not applicable. For upgrade instructions, see the Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management.This chapter contains the following sections:
The procedures in this chapter should be used in conjunction with the procedures described in Chapter 3, "Applying the Latest Oracle Fusion Middleware Patch Set". Specifically, be sure that you have reviewed the following before you begin the patching procedures described in this chapter:
To apply the latest patch set to Oracle Identity Manager, Oracle Access Manager or Oracle Adaptive Access Manager 11.1.1.3.0, you must first patch to 11.1.1.5.0.
For information on how to patch your existing 11.1.1.3.0 components to 11.1.1.5.0, refer to the following sections in the Oracle Fusion Middleware Patching Guide in the Oracle Fusion Middleware 11g Release 1 (11.1.1.5.0) documentation library:
Note:
Be sure to review the Oracle Fusion Middleware Interoperability and Compatibility Guide for interoperability issues between Oracle Identity Management and Oracle Fusion Middleware Identity and Access Management components.Once the components have been upgraded to 11.1.1.5.0, you can apply the 11.1.1.7.0 patch by following the steps in Section 3.6, "Patching Oracle Fusion Middleware".
This section describes the steps needed to update your existing Oracle Identity Manager 11.1.1.5.0 environment to 11.1.1.7.0.
Note:
The following steps are optional and are not required to complete the patching of Oracle Identity Manager.Shut down the following servers running in the domain:
Administration Server for Oracle Identity Manager
Managed Servers for Oracle Identity Manager
Note:
The SOA server must be running while applying the patch set. If the SOA server is not running, you will receive an error message and the patch set will not be applied.After stopping the servers, you must back up your old Oracle Identity Manager 11.1.1.5.0 environment before you upgrade to Oracle Identity Manager 11.1.1.7.0. Be sure that you have backed up the following:
MW_HOME directory, including the Oracle Home directories inside Middleware Home
Domain Home directory
Oracle Identity Manager schemas
MDS schema
ORASDPM schema
SOAINFRA schemas
Make sure you have patched your Oracle SOA Suite software to the latest supported version.
Run the Oracle Identity and Access Management 11g Release 1 (11.1.1.7.0) Patch Set Installer to patch your existing Oracle Identity and Access Management deployment as described in Applying the Patch Set.
Run Patch Set Assistant (located in the bin directory inside the ORACLE_HOME).
Chapter 4, "Updating Your Schemas with Patch Set Assistant" contains information about using the Patch Set Assistant.
Select Oracle Identity Manager from the Select Component screen. The following schemas are automatically selected for upgrade:
Oracle Identity Manager schema _OIM
Oracle Metadata Services schema _MDS
There will be two Oracle Metadata Services schemas selected:
Oracle Metadata Services schema used for OIM
Oracle Metadata Services schema used for SOA
Oracle SOA Infrastructure schema _SOAINFRA
User Messaging schema _ORASDPM
Chapter 4, "Updating Your Schemas with Patch Set Assistant" contains information about using the Patch Set Assistant.
Oracle Identity Manager 11.1.1.7.0 provides an optional standalone patching utility that is used to automate some configuration tasks and optional features. After you have applied the 11.1.1.7.0 patch set, run this utility to:
Drop unused database objects
Deploy SOA-composites that were changed or introduced with this release
Seed new tasks, jobs and notifications
Change system properties that cannot be changed with MDS listeners (MBeans)
Apply domain specific changes like deployment of new ears, shared libraries to respective target servers
From your present working directory, navigate to the ORACLE_Home/server/bin directory on UNIX systems or ORACLE_Home\server\bin on Windows operating systems.
Navigate to ORACLE_HOME/server/bin and edit the oimPS1PS2upgrade.properties file with the following environment variables:
| Variable | Description | Sample Value |
|---|---|---|
| JAVA_HOME | Where JAVA_HOME is the location of the JDK included in the installer. |
On UNIX operating systems:
On Windows operating systems:
|
| WEBLOGIC_USER | Where WEBLOGIC_USER is the name of the WebLogic server administrator. |
WEBLOGIC_USER=weblogic |
| WEBLOGIC_HOST | Where WEBLOGIC_HOST is the location of the machine hosting the server. |
WEBLOGIC_HOST=examplehost/exampleservice |
| WEBLOGIC_PORT | Where WEBLOGIC_PORT is the listening port of the server. |
Where WEBLOGIC_PORT= 1521 |
| WEBLOGIC.SERVER.DIR | Where WEBLOGIC.SERVER.DIR is the location of the Oracle WebLogic server installation. |
On UNIX operating systems:
On Windows operating systems:
|
For Windows operating systems, the following parameters must be set as environment variables. These variables are not read from the oimPS1PS2upgrade.properties file. Any variables set within the properties file will be ignored.
| Variable | Description |
|---|---|
| OIM_ORACLE_HOME | Set OIM_ORACLE_HOME to the IAM Oracle Home, where Oracle Identity Manager is installed.
OIM_ORACLE_HOME= |
| ANT_HOME | Where ANT_HOME is the location of the Ant Java library
|
| WL_HOME | Where MW_HOME is the Middleware home that contains the existing Oracle Identity Manager .
Drive:\Oracle\Middleware |
Depending on your environment configuration, you may also need to set the following environment variables to TRUE:
| Variable | Description | Sample Value (UNIX operating systems) |
|---|---|---|
| LDAPSYNCEnabled | Set to TRUE to Enable LDAP sync. | LDAPSYNCEnabled=true |
| FAEnabled | Set to TRUE if your environment is FA. For non-FA environments set to FALSE. | FAEnabled=true |
| SODEnabled | Set to TRUE if your environment is FA-SOD. For non-FA environments, set to FALSE. | SODEnabled=true |
| MTEnabled | Set to TRUE if you have a multi-tenant environment. For non-multi-tenant environment, set to FALSE. | MTEnabled=true |
Note:
Environment details must be provided for each flag set toTRUE. For example, if SODEnabled=true, you must provide the following:
Location of the SOA_HOME
Name of the SOA Managed Server
Name of the database that hosts the server
Server port number
Verify that you have provided all environment-related information for each variable enabled to TRUE before performing the upgrade.
Run oimPS1PS2upgrade.sh (on UNIX) or oimPS1PS2upgrade.bat (on Windows).
Restart the Administration Server and Managed Server for Oracle Identity Manager.
Verify that the Upgrade utility completed successfully.
Review the oimPS1PS2upgrade.log file created in the ORACLE_HOME/server/upgrade/log directory.
End of file should state BUILD SUCCESSFUL.
Verify all the required schema s are upgraded properly by running the following query:
select comp_name,version,status,upgraded from schema_version_registry; SDP Messaging 11.1.1.7.0 VALID Y SOA Infrastructure Services 11.1.1.7.0 VALID Y Metadata Services 11.1.1.7.0 VALID Y Oracle Identity Manager 11.1.1.7.0 VALID Y
After you have updated your Oracle Identity Manager 11.1.1.5.0 to 11.1.1.7.0, you must reinstall the Remote Manager, if you will be using Remote Manger features.
Back up configuration files
Before starting the Remote Manager upgrade, back up the following Remote Manager configuration files:
On UNIX, $<XLREMOTE_HOME>/remotemanager.sh
$<XLREMOTE_HOME>/xlremote/config/xlconfig.xml file.
On Windows, <XLREMOTE_HOME>\remotemanager.bat
<XLREMOTE_HOME>\xlremote\config\xlconfig.xml file.
Run the Oracle Identity and Access Management Installer to upgrade the Remote Manager home.
Restore configuration files.
Restore the backed up configuration files in the upgraded Remote Manager home.
The Oracle Identity Manager Design Console is used to configure system settings that control the system-wide behavior of Oracle Identity Manager and affect its users. The Design Console allows you to perform user management, resource management, process management, and other administration and development tasks. For more information about the Design Console, see "Design Console Overview" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
Note:
Oracle recommends that you install Oracle Identity Manager and the Design Console in different directory paths, regardless of whether the Design Console is on the same system as the Oracle Identity Management server.To upgrade Design Console, complete the following steps:
Back up the following files:
On UNIX operating systems:
$<XLDC_HOME>/xlclient.sh
<XLDC_HOME>/config/xlconfig.xml
On Windows operating systems:
<XLDC_HOME>\xlclient.cmd
<XLDC_HOME>\config\xlconfig.xml
Run the Oracle Identity and Access Management Installer to upgrade the Design Console home <XLDC_HOME>.
Restore the backed up files in the upgraded Design Console home.
Build and copy the wlfullclient.jar file as follows:
Go to WebLogic_Home/server/lib directory on UNIX and WebLogic_Home\server\lib directory on Windows.
Set the JAVA_HOME environment variable and add the JAVA_HOME variable to the PATH environment variable.
For example, you can set the JAVA_HOME to the jdk160_21 directory inside the Middleware home.
Run the following command to build the wlfullclient.jar file:
java -jar <MW_HOME>/modules/com.bea.core.jarbuilder_1.7.0.0.jar
Copy the wlfullclient.jar file to the <IAM_HOME> where you installed the Design Console. For example:
On UNIX operating systems:
cp wlfullclient.jar <Oracle_IDM2>/designconsole/ext
On Windows operating systems:
copy wlfullclient.jar <Oracle_IDM2>\designconsole\ext