1/24
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Part I Understanding Oracle Identity and Access Management
1
Introduction
1.1
Oracle Identity and Access Management Overview
1.2
Upgrade Scenarios
1.3
Migration and Coexistence Scenarios
2
Documentation Roadmap
Part II Upgrading Oracle Identity and Access Management 11.1.1.5.0 and 9.x Environments
3
Upgrade Starting Points
3.1
Supported Starting Points for Oracle Access Manager 11.1.1.5.0 Upgrade
3.2
Supported Starting Points for Oracle Adaptive Access Manager 11.1.1.5.0 Upgrade
3.3
Supported Starting Points for Oracle Identity Manager 11.1.1.5.0 Upgrade
3.4
Supported Starting Points for Oracle Entitlements Server 11.1.1.5.0 Upgrade
3.5
Supported Starting Points for Oracle Identity Manager 9.x Upgrade
4
Upgrading Oracle Access Manager 11
g
Release 1 (11.1.1.5.0) Environments
4.1
Upgrade Roadmap for Oracle Access Manager
4.2
Upgrading Oracle Access Manager 11.1.1.5.0 to Oracle Access Management Access Manager 11.1.2
4.3
Updating Oracle Access Management Access Manager 11.1.2 to 11.1.2.1.0
5
Upgrading Oracle Adaptive Access Manager 11
g
Release 1 (11.1.1.5.0) Environments
5.1
Upgrade Roadmap for Oracle Adaptive Access Manager
5.2
Upgrading Oracle Adaptive Access Manager to Oracle Adaptive Access Manager 11.1.2
5.3
Updating Oracle Adaptive Access Manager 11.1.2 to 11.1.2.1.0
6
Upgrading Oracle Identity Manager 11
g
Release 1 (11.1.1.5.0) Environments
6.1
Upgrade Roadmap for Oracle Identity Manager
6.2
Upgrading Oracle Identity Manager 11.1.1.5.0 to Oracle Identity Manager 11.1.2.0.0
6.3
Updating Oracle Identity Manager 11.1.2.0.0 to 11.1.2.1.0
6.4
Performing Post-Upgrade Tasks
7
Upgrading Oracle Entitlements Server 11
g
Release 1 (11.1.1.5.0) Environments
7.1
Upgrade Roadmap for Oracle Entitlements Server
7.2
Upgrading Oracle Entitlements Server 11.1.1.5.0 to Oracle Entitlements Server 11.1.2
7.3
Updating Oracle Entitlements Server 11.1.2 to 11.1.2.1.0
8
Upgrading Oracle Identity Navigator 11
g
Release 1 (11.1.1.5.0) Environments
8.1
Upgrade Roadmap for Oracle Identity Navigator
8.2
Exporting Oracle Identity Navigator 11.1.1.5.0 Metadata
8.3
Shutting Down Administration Server and Managed Servers
8.4
Optional: Upgrading Oracle WebLogic Server
8.5
Upgrading Oracle Identity Navigator 11
g
Release 2 (11.1.2.1.0)
8.5.1
Obtaining the Software
8.5.2
Starting the Oracle Identity and Access Management Installer
8.5.3
Installing Oracle Identity and Access Management 11
g
Release 2 (11.1.2.1.0)
8.6
Creating Oracle Platform Security Services Schema
8.7
Extending Oracle Identity Navigator 11.1.1.5.0 Component Domains with Oracle Platform Security Services Template
8.8
Upgrading Oracle Platform Security Services
8.9
Configuring Oracle Platform Security Services Security Store
8.10
Starting the Administration Server
8.11
Verifying the Deployment Summary
8.12
Upgrading Oracle Identity Navigator Application
8.13
Importing the Oracle Identity Navigator 11.1.2.1.0 Metadata
8.14
Verifying the Upgrade
9
Upgrading Oracle Identity Manager 9.x Environments
9.1
Overview
9.2
Upgrade Roadmap
9.3
Upgrading Oracle Identity Manager 9.x to Oracle Identity Manager 11.1.1.5.0
9.4
Upgrading Oracle Identity Manager 11.1.1.5.0 to Oracle Identity Manager 11.1.2.0.0
9.5
Updating Oracle Identity Manager 11.1.2.0.0 to Oracle Identity Manager 11.1.2.1.0
9.6
Performing Post-Upgrade Tasks
Part III Migrating Various Oracle 10
g
and OpenSSO Environments
10
Migration and Coexistence Starting Points
10.1
Supported Starting Points for Oracle Access Manager 10
g
Migration
10.2
Supported Starting Points for Oracle Adaptive Access Manager 10
g
Migration
10.3
Supported Starting Points for Oracle Single Sign-On 10
g
Migration
10.4
Supported Starting Points for Sun OpenSSO Enterprise Migration
10.5
Supported Starting Points for Sun Java System Access Manager Migration
10.6
Supported Starting Points for Coexistence of Oracle Access Manager 10
g
With Oracle Access Management Access Manager 11.1.2.1.0
10.7
Supported Starting Points for Coexistence of Sun OpenSSO Enterprise With Oracle Access Management Access Manager 11.1.2.1.0
10.8
Supported Starting Points for Coexistence of Sun Java System Access Manager With Oracle Access Management Access Manager 11.1.2.1.0
11
Migrating Oracle Access Manager 10
g
Environments
11.1
Migration Overview
11.1.1
Modes of Migration
11.1.1.1
Complete Migration
11.1.1.2
Incremental Migration
11.1.1.3
Delta Migration
11.1.2
Migration Summary
11.2
Topology Comparison
11.3
Migration Roadmap
11.4
Prerequisites for Migration
11.5
Installing Oracle Identity and Access Management 11.1.2.1.0
11.6
Configuring Oracle Access Management Access Manager 11.1.2.1.0
11.7
Configuring Transport Security Mode for Access Manager 11.1.2.1.0 Server
11.7.1
Deciding the Security Mode of Access Manager 11.1.2.1.0 Server
11.7.2
Configuring Cert Mode Communication for Access Manager 11.1.2.1.0 Server
11.7.3
Configuring Simple Mode Communication for Access Manager 11.1.2.1.0 Server
11.8
Starting Administration Server and Access Manager 11.1.2.1.0 Managed Servers
11.9
Creating the Properties File
11.10
Generating the Assessment Report
11.11
Restarting the Administration Server
11.12
Additional Steps for Incremental Migration
11.13
Migrating the Artifacts of Oracle Access Manager 10
g
to Access Manager 11.1.2.1.0
11.14
Configuring Centralized Logout for 10
g
WebGates with Access Manager 11.1.2.1.0
11.15
Associating the WebGates with Access Manager 11.1.2.1.0 Server
11.16
Verifying the Migration
11.17
Troubleshooting
11.17.1
Increasing the Size of the Log File to Avoid the Loss of Migration Data
11.17.2
Increasing the Heap Size of the WebLogic Server
12
Migrating Oracle Adaptive Access Manager 10
g
Environments
12.1
Migration Overview
12.2
Topology Comparison
12.3
Migration Roadmap
12.4
Upgrading Oracle Adaptive Access Manager 10
g
to 11.1.2
12.5
Updating Oracle Access Management Access Manager 11.1.2 to 11.1.2.1.0
13
Migrating Oracle Single Sign-On 10
g
Environments
13.1
Migration Overview
13.2
Migration Summary
13.3
Topology Comparison
13.4
Migration Scenarios
13.4.1
Oracle Delegated Administration Services Required After Migrating Oracle Single Sign-On 10
g
to Access Manager 11.1.2.1.0
13.4.2
Oracle Delegated Administration Services Required, but Oracle Single Sign-On Admin Not Required After Migrating Oracle Single Sign-On to Access Manager 11.1.2.1.0
13.4.3
Oracle Delegated Administration Services Not Required After Migrating Oracle Single Sign-On to Access Manager 11.1.2.1.0
13.5
Migration Roadmap
13.6
Prerequisites for Migration
13.7
Understanding the Access Manager 11.1.2.1.0 Topology
13.8
Optional: Upgrading the Oracle Database
13.9
Creating Schemas Using Repository Creation Utility
13.10
Installing and Configuring the Access Manager 11.1.2.1.0 Middle Tier
13.10.1
Installing and Configuring Access Manager 11.1.2.1.0 Using Oracle Single Sign-On 10
g
Host Name and Port Number
13.10.2
Installing and Configuring Access Manager 11.1.2.1.0 Using New Host Name or New Port Number
13.11
Upgrading Access Manager 11.1.2.1.0 Middle Tier Using Upgrade Assistant
13.12
Performing Post-Migration Tasks
13.12.1
Configuring Oracle Portal 10
g
with Access Manager 11.1.2.1.0 Server if the Oracle HTTP Server Port is Changed
13.12.2
Configuring Oracle Access Management 11.1.2.1.0 Administration Console to Align Roles
13.12.3
Copying the osso.conf File
13.12.4
Configuring Oracle Business Intelligence Discoverer 11
g
with Access Manager 11.1.2.1.0
13.12.5
Setting the Headers in the Authentication Policy for the Protected DAS Resources
13.12.6
Setting the Default Authentication Scheme
13.12.7
Setting the Migrated Identity Store as Default Store and System Store for Access Manager 11.1.2.1.0
13.12.8
Additional Step for Oracle Internet Directory Configured in SSL Server Authentication Mode
13.12.9
Additional Access Manager Post-Migration Tasks
13.12.10
Decommissioning Oracle Single Sign-On 10
g
13.13
Verifying the Migration
14
Migrating Sun OpenSSO Enterprise 8.0 Environments
14.1
Migration Overview
14.2
Modes of Migration
14.2.1
Complete Migration
14.2.2
Incremental Migration
14.2.3
Delta Migration
14.3
Migration Summary
14.3.1
Summary of Migration of Agents
14.3.2
Summary of Migration of Policies
14.3.3
Summary of Migration of User Stores
14.3.4
Summary of Migration of Authentication Stores
14.4
Topology Comparison
14.5
Migration Roadmap
14.6
Prerequisites for Migration
14.7
Installing Oracle Identity and Access Management 11.1.2.1.0
14.8
Configuring Oracle Access Management Access Manager 11.1.2.1.0
14.9
Generating the Assessment Report
14.9.1
Obtaining the Assessment Tool
14.9.2
Specifying LDAP Connection Details
14.9.3
Running the OpenSSO Agent Assessment Tool
14.9.4
Analyzing the Assessment Report
14.10
Starting the WebLogic Administration Server
14.11
Additional Steps for Incremental Migration
14.12
Creating the Properties File
14.13
Migrating the Artifacts of OpenSSO Enterprise 8.0 to Access Manager 11.1.2.1.0
14.14
Performing Post-Migration Tasks
14.15
Verifying the Migration
15
Migrating Sun Java System Access Manager 7.1 Environments
15.1
Migration Overview
15.2
Modes of Migration
15.2.1
Complete Migration
15.2.2
Incremental Migration
15.2.3
Delta Migration
15.3
Migration Summary
15.3.1
Summary of Migration of Agents
15.3.2
Summary of Migration of Policies
15.3.3
Summary of Migration of User Stores
15.3.4
Summary of Migration of Authentication Stores
15.4
Topology Comparison
15.5
Migration Roadmap
15.6
Prerequisites for Migration
15.7
Installing Oracle Identity and Access Management 11.1.2.1.0
15.8
Configuring Oracle Access Manager 11.1.2.1.0
15.9
Generating the Assessment Report
15.9.1
Obtaining the Tool
15.9.2
Specifying LDAP Connection Details
15.9.3
Updating the Agent Profile of 2.2 Agents
15.9.4
Running the OpenSSO Agent Assessment Tool
15.9.5
Analyzing the Assessment Report
15.10
Starting the WebLogic Administration Server
15.11
Additional Steps for Incremental Migration
15.12
Creating the Properties File
15.13
Migrating the Artifacts of Sun Java System Access Manager 7.1 to OAM 11.1.2.1.0
15.14
Performing Post-Migration Tasks
15.15
Verifying the Migration
16
Coexistence of Oracle Access Manager 10
g
with Oracle Access Management Access Manager 11.1.2.1.0
16.1
Coexistence Overview
16.2
Coexistence Topology
16.3
Task Roadmap
16.4
Prerequisites for Coexistence
16.5
Optional: Installing and Configuring Oracle HTTP Server 11
g
(OHS-1 and OHS-2)
16.6
Configuring OHS-2 as a Reverse Proxy for Access Manager 11.1.2.1.0 Managed Server
16.7
Updating LDAPNoPasswordAuthModule in Access Manager 11.1.2.1.0
16.8
Optional: Installing and Configuring WebGate 10
g
-1 and WebGate 10
g
-2
16.9
Configuring Primary Cookie Domains for WebGates
16.9.1
Separating Cookie Domain of All the WebGates
16.9.2
Separating Cookie Domain of the Authentication WebGate
16.9.2.1
Separating the Primary Cookie Domain of WebGate 10
g
-2
16.9.2.2
Changing the Authentication Scheme in 10
g
Deployment
16.10
Protecting Resources at Access Manager 11.1.2.1.0
16.11
Protecting the Authentication End Point URL of Access Manager 11.1.2.1.0 in Oracle Access Manager 10
g
16.12
Configuring Logout Settings
16.13
Configuring Session Management Settings
16.14
Verifying the Configuration
17
Coexistence of Sun OpenSSO Enterprise 8.0 with Oracle Access Management Access Manager 11.1.2.1.0
17.1
Coexistence Overview
17.2
Coexistence Topology
17.3
Task Roadmap
17.4
Prerequisites for Coexistence
17.5
Protecting the End-Point URL of Access Manager 11.1.2.1.0 Server Using Agent-2
17.5.1
Creating Agent-2 Profile for Access Manager 11.1.2.1.0 on OpenSSO Enterprise 8.0 Server
17.5.2
Installing Agent-2 (Policy Agent 3.0)
17.5.3
Updating Web Applications to Include Agent Filter Configurations
17.5.4
Creating Authentication Policy on OpenSSO Enterprise 8.0 Server for Access Manager 11.1.2.1.0
17.6
Configuring Data Source for Access Manager 11.1.2.1.0
17.7
Updating LDAPNoPasswordAuthModule in Access Manager 11.1.2.1.0
17.8
Creating the Profile of Agent-1 in Access Manager 11.1.2.1.0
17.9
Creating an Authentication Policy in Access Manager 11.1.2.1.0 to Protect Resource-1
17.10
Modifying the OpenSSO Cookie Name in Access Manager 11.1.2.1.0
17.11
Updating the Profile of Agent-2 in OpenSSO Enterprise 8.0 Server
17.12
Configuring Logout Settings
17.12.1
Settings to Initiate Logout from OpenSSO Enterprise 8.0 Server
17.12.2
Settings to Initiate Logout from Access Manager 11.1.2.1.0 Server
17.13
Verifying the Configuration
18
Coexistence of Sun Java System Access Manager 7.1 with Oracle Access Management Access Manager 11.1.2.1.0
18.1
Coexistence Overview
18.2
Coexistence Topology
18.3
Task Roadmap
18.4
Completing the Prerequisites
18.5
Protecting Access Manager 11
g
Server's End Point URL by Agent-2
18.5.1
Creating the Profile of Agent-2 for Access Manager on Sun Java System Access Manager 7.1 Server
18.5.2
Installing Agent-2 (Policy Agent 2.2)
18.5.3
Updating Web Applications to Include Agent Filter Configurations
18.5.4
Creating Policy on Sun Java System Access Manager 7.1 Server for Access Manager
18.6
Configuring Data Source for Access Manager 11.1.2.1.0
18.7
Updating LDAPNoPasswordAuthModule in Access Manager 11
g
18.8
Creating the Profile of Agent-1 in Access Manager 11.1.2.1.0
18.9
Creating an Authentication Policy in Access Manager 11.1.2.1.0 to Protect Resource-1
18.10
Modifying the OpenSSO Cookie Name in Access Manager 11.1.2.1.0
18.11
Updating the Profile of Agent-2 in Sun Java System Access Manager 7.1 Server
18.12
Configuring Logout Settings
18.12.1
Settings to Initiate Logout from Sun Java System Access Manager 7.1 Server
18.12.2
Settings to Initiate Logout from Access Manager 11
g
Server
18.13
Verifying the Configuration
Scripting on this page enhances content navigation, but does not change the content in any way.