8 Upgrading Oracle Identity Navigator 11g Release 1 (11.1.1.5.0) Environments

This chapter describes how to upgrade your existing Oracle Identity Navigator 11g Release 1 (11.1.1.5.0) to Oracle Identity Navigator 11g Release 2 (11.1.2.1.0).

This chapter includes the following sections:

Before you upgrade, read the Oracle Fusion Middleware System Requirements and Specifications document to ensure that your environment meets the minimum requirements for the products you are installing or upgrading.

8.1 Upgrade Roadmap for Oracle Identity Navigator

Note:

If you do not follow the exact sequence provided in this task table, your Oracle Identity Navigator upgrade may not be successful.

Table 8-1 lists the steps to upgrade Oracle Identity Navigator.

Table 8-1 Upgrade Flow

So. No. Task For More Information

1

Export Oracle Identity Navigator data.

See, Exporting Oracle Identity Navigator 11.1.1.5.0 Metadata

2

Shut down all servers. This includes both Administration Server and Managed Servers.

See, Shutting Down Administration Server and Managed Servers

3

Optional - Upgrade Oracle WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6.

See, Optional: Upgrading Oracle WebLogic Server

4

Upgrade 11.1.1.5.0 Oracle Home to 11.1.2.1.0.

See, Upgrading Oracle Identity Navigator 11g Release 2 (11.1.2.1.0)

5

Run Oracle Fusion Middleware Repository Creation Utility (RCU) to create and load OPSS schema for Oracle Identity and Access Management products.

See, Creating Oracle Platform Security Services Schema

6

Extend your Oracle Identity Navigator 11.1.1.5.0 domain with the OPSS template.

See, Extending Oracle Identity Navigator 11.1.1.5.0 Component Domains with Oracle Platform Security Services Template

7

Upgrade Oracle Platform Security Services.

See, Upgrading Oracle Platform Security Services

8

Run the configuresecuritystore.py script to configure policy stores.

See, Configuring Oracle Platform Security Services Security Store

9

Start the Administration Server.

See, Starting the Administration Server

10

Verify the deployments summary.

See, Verifying the Deployment Summary

11

Upgrade Oracle Identity Navigator.

See, Upgrading Oracle Identity Navigator Application

12

Import data.

See, Importing the Oracle Identity Navigator 11.1.2.1.0 Metadata

13

Verify the Oracle Identity Navigator upgrade.

See, Verifying the Upgrade

8.2 Exporting Oracle Identity Navigator 11.1.1.5.0 Metadata

OINAV uses MDS as its metadata store. During upgrade, when you update the application, the metadata gets overwritten. Therefore, you need to export it and keep it in a temporary location so that it can be used to import original metadata after upgrade.

On the computer where Oracle Identity Navigator 11.1.1.5.0 is installed, export the Oracle Identity Navigator metadata to an export directory using WLST as follows:

On UNIX:

  1. Move from your present working directory to the <IAM_HOME>/common/bin directory by running the following command on the command line:

    cd <IAM_HOME>/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following WLST (online) command:

    exportMetadata(application='oinav',server='AdminServer',toLocation='export_directory')

    where

    export_directory is the directory where you want to export Oracle Identity Navigator metadata to.

On Windows:

  1. Move from your present working directory to the <IAM_HOME>\common\bin directory by running the following command on the command line:

    cd <IAM_HOME>\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following WLST (online) command:

    exportMetadata(application='oinav',server='AdminServer',toLocation='export_directory')

    where

    export_directory is the directory where you want to export Oracle Identity Navigator metadata to.

8.3 Shutting Down Administration Server and Managed Servers

The upgrade process involves changes to the binaries and to the schema. So, before you begin the upgrade process, you must shut down the Administration Server and Managed Servers.

To shut down the Servers, do the following:

Stopping the Administration Server

To stop the Administration Server, do the following:

On UNIX:

Run the following command:

cd <MW_HOME>/user_projects/domains/<domain_name>/bin

./stopWebLogic.sh

On Windows:

Run the following command:

cd <MW_HOME>\user_projects\domains\<domain_name>\bin

stopWebLogic.cmd

Stopping Managed Servers

To stop the Managed Servers, do the following:

On UNIX:

  1. Move from your present working directory to the <MW_HOME>/user_projects/domains/<domain_name>/bin directory by running the following command on the command line:

    cd <MW_HOME>/user_projects/domains/<domain_name>/bin

  2. Run the following command to stop the Managed Servers:

    ./stopManagedWebLogic.sh <server_name> <admin_url> <user_name> <password>

    where

    <server_name> is the name of the Managed Server.

    <admin_url> is URL of the WebLogic administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.

    <user_name> is the username of the WebLogic Administration Server.

    <password> is the password of the WebLogic Administration Server.

On Windows:

  1. Move from your present working directory to the <MW_HOME>\user_projects\domains\<domain_name>\bin directory by running the following command on the command line:

    cd <MW_HOME>\user_projects\domains\<domain_name>\bin

  2. Run the following command to stop the Managed Servers:

    stopManagedWebLogic.cmd <server_name> <admin_url> <username> <password>

    where

    <server_name> is the name of the Managed Server.

    <admin_url> is URL of the Weblogic administration console. Specify it in the format http://<host>:<port>/console. Specify only if the WebLogic Administration Server is on a different computer.

    <username> is the username of the WebLogic Administration Server.

    <password> is the password of the WebLogic Administration Server.

8.4 Optional: Upgrading Oracle WebLogic Server

Note:

Upgrading Oracle WebLogic Server is not mandatory. However, Oracle recommends that you upgrade Oracle WebLogic Server to 10.3.6.

You can upgrade WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6 by using the WebLogic 10.3.6 Upgrade Installer. Complete the following steps:

  1. Download the WebLogic 10.3.6 Upgrade Installer from Oracle Technology Network.

    For more information, see "Downloading the Installer From Oracle Technology Network" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

  2. Run the Upgrade Installer in graphical mode to upgrade your WebLogic Server.

    For more information, see "Running the Upgrade Installer in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

8.5 Upgrading Oracle Identity Navigator 11g Release 2 (11.1.2.1.0)

To upgrade Oracle Identity Navigator, you must use the Oracle Identity and Access Management 11.1.2.1.0 Installer. During the procedure, point the Middleware Home to your existing 11.1.1.5.0 Oracle Identity Navigator Middleware Home. Your Oracle Home is upgraded from 11.1.1.5.0 to 11.1.2.1.0.

This section contains the following topics:

8.5.1 Obtaining the Software

For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.

8.5.2 Starting the Oracle Identity and Access Management Installer

This topic explains how to start the Oracle Identity and Access Management Installer.

Notes:

  • If you are installing on an IBM AIX operating system, you must run the rootpre.sh script from the Disk1 directory before you start the Installer.

  • Starting the Installer as the root user is not supported.

Start the Installer by doing the following:

On UNIX:

  1. Move from your present working directory to the directory where you extracted the contents of the Installer to.

  2. Move to the following location:

    cd Disk1

  3. Run the following command:

    ./runInstaller -jreLoc <complete path to the JRE directory>

    For example:

    ./runInstaller -jreLoc <MW_HOME>/jdk160_29/jre

On Windows:

  1. Move from your present working directory to the directory where you extracted the contents of the Installer to.

  2. Move to the following location:

    cd Disk1

  3. Run the following command:

    setup.exe -jreLoc <complete path to the JRE directory>

    For example:

    setup.exe -jreLoc <MW_HOME>\jdk160_29\jre

Note:

If you do not specify the -jreLoc option on the command line when using the Oracle JRockit JDK, the following warning message is displayed:

-XX:MaxPermSize=512m is not a valid VM option. Ignoring

This warning message does not affect the installation. You can continue with the installation.

On 64-bit platforms, when you install Oracle WebLogic Server using the generic jar file, the jrockit_1.6.0_29 directory is not created in your Middleware Home. You must enter the absolute path to the JRE folder from where your JDK is located.

8.5.3 Installing Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0)

Use Oracle Identity and Access Management 11.1.2.1.0 Installer to upgrade Oracle Identity Navigator 11.1.1.5.0 to Oracle Identity Navigator 11.1.2.1.0:

  1. After you start the Installer, the Welcome screen appears.

  2. Click Next on the Welcome screen. The Install Software Updates screen appears. Select whether or not you want to search for updates. Click Next.The Prerequisite Checks screen appears. If all prerequisite checks pass inspection, click Next. The Specify Installation Location screen appears.

  3. On the Specify Installation Location screen, point the Middleware Home to your existing 11.1.1.5.0 Middleware Home installed on your system.

  4. In the Oracle Home Directory field, specify the path of the existing Oracle Identity and Access Management Home. This directory is also referred to as <IAM_HOME> in this book.

    Click Next. The Installation Summary screen appears.

  5. The Installation Summary screen displays a summary of the choices that you made. Review this summary and decide whether you want to proceed with the installation. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing Oracle Identity and Access Management, click Install. The Installation Progress screen appears. Click Next.

    Note:

    If you cancel or abort when the installation is in progress, you must manually delete the <IAM_HOME> directory before you can reinstall the Oracle Identity and Access Management software.

    To invoke online help at any stage of the installation process, click Help on the installation wizard screens.

  6. The Installation Complete screen appears. On the Installation Complete screen, click Finish.

    This installation process copies the 11.1.2.1.0 Oracle Identity and Access Management software to your system.

For more information, see "Installing and Configuring Oracle Identity and Access Management (11.1.2.1.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

8.6 Creating Oracle Platform Security Services Schema

You must create Oracle Platform Security Services (OPSS) schema because Oracle Identity Navigator upgrade process involves OPSS schema policy store changes. The keys, roles, permissions, and other artifacts used by the applications must migrate to the policy store.

Run Repository Creation utility (RCU) to create OPSS schema.

For more information, see "Creating Schemas" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.

Note:

In the Select Components screen, expand AS Common Schemas and select Oracle Platform Security Services. The Metadata Services schema is selected automatically.

8.7 Extending Oracle Identity Navigator 11.1.1.5.0 Component Domains with Oracle Platform Security Services Template

Oracle Identity Navigator 11.1.2.1.0 uses the database to store policies. This requires extending the 11.1.1.5.0 Oracle Identity Navigator domain to include the OPSS data source.

To do so, complete the following steps:

  1. Run the following command to launch the Oracle Fusion Middleware configuration wizard:

    On UNIX:

    ./config.sh

    It is located in the <MW_HOME>/Oracle_IDM1/common/bin directory.

    On Windows:

    config.cmd

    It is located in the <MW_HOME>\Oracle_IDM1\common\bin directory.

  2. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.

  3. On the Select a WebLogic Domain Directory screen, browse to the directory that contains the WebLogic domain in which you configured the components. Click Next. The Select Extension Source screen is displayed.

  4. On the Select Extension Source screen, select the Oracle Platform Security Service - 11.1.1.0 [Oracle_IDM1] option. After selecting the domain configuration options, click Next.

  5. The Configure JDBC Data Sources screen is displayed. Configure the opss-DBDS data source, as required. After the test succeeds, the Configure JDBC Component Schema screen is displayed.

  6. On the Configure JDBC Component Schema screen, select the Oracle Platform Security Services schema.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next.

    The Test JDBC Component Schema screen is displayed. After the test succeeds, the Select Optional Configuration screen is displayed.

  7. On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines and Deployments and Services. Do not select anything as you have already configured in your Oracle Identity Navigator 11.1.1.5.0 environment. Click Next.

  8. On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.

Your existing Oracle Identity Navigator domain is extended to support Oracle Platform Security Services (OPSS).

8.8 Upgrading Oracle Platform Security Services

To upgrade Oracle Platform Security Services (OPSS) schema, do the following:

On UNIX:

  1. Move from your present working directory to the <MW_HOME>/oracle_common/common/bin/ directory by running the following command on the command line:

    cd <MW_HOME>/oracle_common/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. At the WLST prompt, run the following command:

    upgradeOpss(jpsConfig="existing_jps_config_file", jaznData="system_jazn_data_file")

    For example:

    upgradeOpss(jpsConfig="<MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml",jaznData="<MW_HOME>/oracle_common/modules/oracle.jps_11.1.1/domain_config/system-jazn-data.xml")

  4. Exit the WLST console using the exit()command.

On Windows:

  1. Move from your present working directory to the <MW_HOME>\oracle_common\common\bin directory by running the following command on the command line:

    cd <MW_HOME>\oracle_common\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. At the WLST prompt, run the following command:

    upgradeOpss(jpsConfig="existing_jps_config_file", jaznData="system_jazn_data_file")

    For example:

    upgradeOpss(jpsConfig="<MW_HOME>\\user_projects\\domains\\base_domain\\config\\fmwconfig\\jps-config.xml",jaznData="<MW_HOME>\\oracle_common\\modules\\oracle.jps_11.1.1\\domain_config\\system-jazn-data.xml")

  4. Exit the WLST console using the exit() command.

Table 8-2 describes the parameters you need to specify on the command line:

Table 8-2 Parameters for Upgrading OPSS

Parameter Description

jpsConfig

Specify the path to the jps-config.xml file in your 11.1.2.1.0 installation. The following example shows the complete path:

On UNIX, it is located in the <MW_HOME>/user_projects/domains/base_domain/config/fmwconfig/jps-config.xml directory.

On Windows, it is located in the <MW_HOME>\user_projects\domains\base_domain\config\fmwconfig\jps-config.xml directory.

jaznData

Specify the path to the system-jazn-data.xml file in your 11.1.2.1.0 installation. The following example shows the complete path:

On UNIX, it is located in the <MW_HOME>/oracle_common/modules/oracle.jps_11.1.1/domain_config/system-jazn-data.xml directory.

On Windows, it is located in the <MW_HOME>\oracle_common\modules\oracle.jps_11.1.1\domain_config\system-jazn-data.xml directory.

8.9 Configuring Oracle Platform Security Services Security Store

You must configure the Database Security Store as it is the only security store type supported by Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0).

For more information on configuring Oracle Platform Security Services, see "Configuring Database Security Store for an Oracle Identity and Access Management Domain" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

8.10 Starting the Administration Server

After the upgrade is complete, start the WebLogic Administration Server, the Administration Server that contains the Oracle Identity Navigator console, by running the following command on the command line:

On UNIX:

cd <MW_HOME>/user_projects/domains/<domain_name>/bin

./startWebLogic.sh

On Windows:

cd <MW_HOME>\user_projects\domains\<domain_name>\bin

startWebLogic.cmd

8.11 Verifying the Deployment Summary

To verify the deployment summary, do the following:

  1. Log in to the WebLogic Administration console:

    http://<admin server host>:<admin server port>/console

  2. Under Domain Structure, click Deployments. The Summary of Deployments page is displayed.

  3. Check the summary details and verify that oinav (11.1.1.3.0) is present in the Name table.

8.12 Upgrading Oracle Identity Navigator Application

Note:

The OINAV version number is 11.1.1.3.0 while the Oracle Identity Navigator version number is 11.1.2.1.0.

This is not an error. The discrepancy is caused by a difference between how OINAV and Identity Access Management releases are tracked internally.

Upgrading Oracle Identity Navigator redeploys Oracle Identity Navigator using oinav.ear for Oracle Identity Navigator 11.1.2.1.0 release. There are two ways of redeploying the oinav.ear:

  • Upgrading oinav using the WebLogic Server Administration Console.

  • Upgrading oinav using the WebLogic Scripting Tool (WLST).

Using WebLogic Server Administration Console

Complete the following steps to upgrade Oracle Identity Navigator through the WebLogic Administration console:

  1. Log in to WebLogic Administration console:

    http://<admin server host>:<admin server port>/console

  2. Under Domain Structure, click Deployments.

  3. Select oinav (11.1.1.3.0) from the Name table.

  4. Click Update and click Finish in the Update Application Assistant screen after verifying the source path.

    Note:

    If WebLogic is running in production mode, click Lock & Edit before clicking Update.

Using WebLogic Scripting Tool (WLST)

Complete the following steps to upgrade Oracle Identity Navigator through the WLST console:

On UNIX

  1. Move from your present working directory to the <MW_HOME>/wlserver_10.3/common/bin directory by running the following command on the command line:

    cd <MW_HOME>/wlserver_10.3/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following command:

    redeploy('oinav#11.1.1.3.0')

  5. Exit the WLST console using the exit() command.

On Windows

  1. Move from your present working directory to the <MW_HOME>\wlserver_10.3\common\bin directory by running the following command on the command line:

    cd <MW_HOME>\wlserver_10.3\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following command:

    redeploy('oinav#11.1.1.3.0')

  5. Exit the WLST console using the exit() command.

8.13 Importing the Oracle Identity Navigator 11.1.2.1.0 Metadata

You must import the metadata which was exported earlier so that Oracle Identity Navigator gets back the metadata present before upgrade. Import Oracle Identity Navigator 11.1.2.1.0 metadata by running the following WLST command:

On UNIX:

  1. Move from your present working directory to the <IAM_HOME>/common/bin directory by running the following command on the command line:

    cd <IAM_HOME>/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following WLST (online) command:

    importMetadata(application='oinav',server='AdminServer',fromLocation='export_directory')

    where

    export_directory is the directory where you have exported the Oracle Identity Navigator metadata to.

On Windows:

  1. Move from your present working directory to the <IAM_HOME>\common\bin directory by running the following command on the command line:

    cd <IAM_HOME>\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following WLST (online) command:

    importMetadata(application='oinav',server='AdminServer',fromLocation='export_directory')

    where

    export_directory is the directory where you have exported Oracle Identity Navigator metadata to.

Note:

Oracle Business Intelligence Publisher 10g report format is not supported in Oracle Identity Navigator 11.1.2.1.0 release. It is not mandatory, but if you want to remove the reports, see "Configuring Oracle Business Intelligence Publisher" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Navigator.

8.14 Verifying the Upgrade

To verify the Oracle Identity Navigator upgrade, do the following:

  1. Log in to the OINAV console:

    http://<admin server host>:<admin server port>/oinav

  2. In the Dashboard page, check for the version number in the bottom right corner.

    The version number should be 11.1.2.1.0.