15 Upgrading Oracle Access Manager High Availability Environments

This chapter describes how to upgrade Access Manager (Access Manager) high availability environments to Oracle Access Management Access Manager 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.

Note:

Before proceeding, check if your existing Access Manager version is supported for high availability upgrade. For more information on supported starting points for high availability upgrade, see Section 1.5, "Supported Starting Points for Upgrading High Availability Environments".

This chapter includes the following sections:

• Section 15.1, "Understanding Access Manager High Availability Upgrade Topology"

• Section 15.2, "Upgrade Roadmap"

• Section 15.3, "Shutting Down Administration Server and Managed Servers on OAMHOST1 and OAMHOST2"

• Section 15.4, "Backing Up the Existing Environment"

• Section 15.5, "Upgrading OAMHOST1 to 11.1.2.2.0"

• Section 15.6, "Updating Component Versions on OAMHOST1"

• Section 15.7, "Redeploying Access Manager Server Applications and Shared Libraries on OAMHOST1"

• Section 15.8, "Updating Binaries of WebLogic Server and Access Manager on OAMHOST2"

• Section 15.9, "Starting Administration Server and Managed Servers on OAMHOST1 and OAMHOST2"

• Section 15.10, "Troubleshooting"

15.1 Understanding Access Manager High Availability Upgrade Topology

Figure 15-1 shows the Access Manager cluster set up that can be upgraded to 11.1.2.2.0 by following the procedure described in this chapter.

Figure 15-1 Access Manager High Availability Upgrade Topology

Description of "Figure 15-1 Access Manager High Availability Upgrade Topology"

On OAMHOST1, the following installations have been performed:

• An Access Manager instance has been installed in the WLS_OAM1 Managed Server.

• A WebLogic Server Administration Server has been installed. Under normal operations, this is the active Administration Server.

On OAMHOST2, the following installations have been performed:

• An Access Manager instance has been installed in the WLS_OAM2 Managed Server.

• A WebLogic Server Administration Server has been installed. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OAMHOST1 becomes unavailable.

The instances in the WLS_OAM1 and WLS_OAM2 Managed Servers on OAMHOST1 and OAMHOST2 are configured in a cluster named OAM_CLUSTER.

15.2 Upgrade Roadmap

Table 15-1 lists the steps to upgrade Access Manager high availability environment illustrated in Figure 15-1 to 11.1.2.2.0.

Table 15-1 Access Manager High Availability Upgrade Roadmap

Task No	Task	For More Information
1	Review the Access Manager high availability upgrade topology, and identify OAMHOST1 and OAMHOST2 on your setup.	See, Understanding Access Manager High Availability Upgrade Topology
2	Shut down the Administration Server and all the Managed Servers on OAMHOST1 and OAMHOST2.	See, Shutting Down Administration Server and Managed Servers on OAMHOST1 and OAMHOST2
3	Back up the existing environment.	See, Backing Up the Existing Environment
4	Upgrade OAMHOST1 to 11.1.2.2.0. This is the host with active Administration Server running on it.	See, Upgrading OAMHOST1 to 11.1.2.2.0
5	If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0), you must upgrade the packages oracle.dogwood.top and oracle.oam.server to 11.1.2.2.0 on OAMHOST1.	See, Updating Component Versions on OAMHOST1
6	If you are upgrading Oracle Access Manager 11.1.1.5.0 environments, redeploy Access Manager Server applications and shared libraries on OAMHOST1 to target them to OAM_CLUSTER.	See, Redeploying Access Manager Server Applications and Shared Libraries on OAMHOST1
7	Update the binaries of Oracle WebLogic Server and Access Manager on OAMHOST2.	See, Updating Binaries of WebLogic Server and Access Manager on OAMHOST2
8	Start the WebLogic Administration Server and the Managed Servers on OAMHOST1 and OAMHOST2.	See, Starting Administration Server and Managed Servers on OAMHOST1 and OAMHOST2

15.3 Shutting Down Administration Server and Managed Servers on OAMHOST1 and OAMHOST2

Before you begin the upgrade process, you must stop the WebLogic Administration Server and all of the Access Manager Managed Servers on OAMHOST1 and OAMHOST2 in the following order:

1. Stop the Access Manager Managed Servers on both OAMHOST1 and OAMHOST2.

2. Stop the WebLogic Administration Server on OAMHOST1.

For information about stopping the Managed Server, see Section 2.8.1, "Stopping the Managed Server(s)".

For information about stopping the Administration Server, see Section 2.8.2, "Stopping the WebLogic Administration Server".

15.4 Backing Up the Existing Environment

After stopping all the servers, you must back up the following before proceeding with the upgrade process:

• MW_HOME directory (Middleware home directory), including the Oracle Home directories inside Middleware home on both OAMHOST1 and OAMHOST2.

• Access Manager Domain Home directory on both OAMHOST1 and OAMHOST2.

• Following Database schemas:

  • Oracle Access Manager schema

  • MDS schema

  • Audit and any other dependent schema

  For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.

15.5 Upgrading OAMHOST1 to 11.1.2.2.0

In order to upgrade the Access Manager high availability environment to 11.1.2.2.0, you must first upgrade OAMHOST1 which has the active Administration Server. The following are some of the important tasks involved in upgrading OAMHOST1 to 11.1.2.2.0:

• Upgrading Oracle WebLogic Server to 10.3.6.

• Upgrading the Access Manager binaries to 11.1.2.2.0.

• Upgrading the database schemas.

• Copying the modified domain mbean configurations.

• Upgrading the system configuration.

The procedure to upgrade OAMHOST1 depends on your starting point.

• If your starting point is Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0), follow the instructions described in Chapter 3, "Upgrading Oracle Access Manager 11g Release 2 (11.1.2.x.x) Environments" to upgrade OAMHOST1 to 11.1.2.2.0.

• If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0), follow the instructions described in Chapter 9, "Upgrading Oracle Access Manager 11g Release 1 (11.1.1.x.x) Environments" to upgrade OAMHOST1 to 11.1.2.2.0.

15.6 Updating Component Versions on OAMHOST1

If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0), you must upgrade the packages oracle.dogwood.top and oracle.oam.server from 11g Release 1 (11.1.1.5.0) to 11g Release 2 (11.1.2.2.0) by running the domain updater utility (com.oracle.cie.domain-update_1.0.0.0.jar) on OAMHOST1. OAMHOST1 is the host on which Administration Server is running. This step updates the domain-info.xml.

Note:

If your starting point is Access Manager 11g Release 2 (11.1.2.1.0) or 11g Release 2 (11.1.2), skip this task.

To upgrade the necessary Oracle Access Manager packages to 11.1.2.2.0, complete the following steps on OAMHOST1:

1. Go to the directory $ORACLE_HOME/oaam/upgrade. The domain updater utility com.oracle.cie.domain-update_1.0.0.0.jar file is located in this directory.

2. Upgrade the package oracle.dogwood.top 11.1.1.5.0 to 11.1.2.2.0 by running the following command:

   java -cp $MW_HOME/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater <DOMAIN_HOME> oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0

   For example:

   java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OAMDomain oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0

3. Upgrade the package oracle.oam.server 11.1.1.5.0 to 11.1.2.2.0 by running the following command:

   java -cp $MW_HOME/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater <DOMAIN_HOME> oracle.oam.server:11.1.1.5.0,:11.1.2.2.0

   For example:

   java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OAMDomain oracle.oam.server:11.1.1.5.0,:11.1.2.2.0

15.7 Redeploying Access Manager Server Applications and Shared Libraries on OAMHOST1

On OAMHOST1, you must redeploy Access Manager server applications and shared libraries, and target the applications and shared libraries to OAM_CLUSTER, for the following reasons:

• To uptake new shared libraries that Access Manager server applications are dependent on.

• To uptake newer versions of Access Manager Administration and Managed Server applications.

For information about redeploying Access Manager server applications and shared libraries, see Section 9.16, "Redeploying Oracle Access Management Access Manager Servers and Shared Libraries".

Note:

If you have already performed this task as part of Section 15.5, "Upgrading OAMHOST1 to 11.1.2.2.0", skip this section.

15.8 Updating Binaries of WebLogic Server and Access Manager on OAMHOST2

After you upgrade the Access Manager environment on OAMHOST1, you must update the binaries of Oracle WebLogic Server and Access Manager to 10.3.6 and 11.1.2.2.0 versions respectively on OAMHOST2 by completing the following tasks:

1. Updating Oracle WebLogic Server Binaries to 10.3.6

2. Updating Access Manager Binaries to 11.1.2.2.0

15.8.1 Updating Oracle WebLogic Server Binaries to 10.3.6

Oracle Identity and Access Management 11.1.2.2.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Identity Manager environment is using Oracle WebLogic Server 10.3.5 or the previous versions, you must update the Oracle WebLogic Server binaries to 10.3.6 by completing the following steps:

1. Download the WebLogic 10.3.6 Upgrade Installer from Oracle Technology Network.

   For more information, see "Downloading an Upgrade Installer From My Oracle Support" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

2. Run the Upgrade Installer in graphical mode to upgrade your WebLogic Server.

   For more information, see "Running the Upgrade Installer in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

15.8.2 Updating Access Manager Binaries to 11.1.2.2.0

To update the existing Access Manager binaries to Access Manager 11.1.2.2.0, you must use the Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) Installer. During the procedure, specify the location of your existing Middleware Home. This upgrades the Access Manager binaries 11.1.2.2.0.

For information about updating Access Manager binaries to 11.1.2.2.0, see Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".

15.9 Starting Administration Server and Managed Servers on OAMHOST1 and OAMHOST2

Start the WebLogic Administration Server and the Access Manager Managed Servers on OAMHOST1 and OAMHOST2 in the following order:

1. Start the WebLogic Administration Server on OAMHOST1.

2. Start the Access Manager Managed Servers on OAMHOST1 and OAMHOST2.

For more information about starting the WebLogic Administration Server, see Section 2.9.2, "Starting the WebLogic Administration Server".

For more information about starting the Managed Servers, see Section 2.9.3, "Starting the Managed Server(s)".

15.10 Troubleshooting

This section describes troubleshooting methods for some of the common problems that might occur during the upgrade process.

Note:

For information about the issues that you might encounter during the upgrade process, and their workarounds, see Oracle Fusion Middleware Release Notes.

This section contains the following topics:

• Multi-Data Centre Feature Not Working After Upgrade

15.10.1 Multi-Data Centre Feature Not Working After Upgrade

If you had enabled Multi-Data Centre (MDC) feature in your 11.1.2.x.x setup, you must re-register the MDC partners and enable the MDC functionality that is added in 11.1.2.2.0. To do this, complete the following steps post-upgrade:

1. In each Data Centre (DC), remove the MDC partners by running the following WebLogic Scripting Tool (WLST) command:

   removePartnerForMultiDataCentre=("<cluster_ID>")

   For example:

   removePartnerForMultiDataCentre("cluster1")

   You must run this command for each of the MDC partners. For more information about using the removePartnerForMultiDataCentre() command, see "removePartnerForMultiDataCentre" in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.

2. In 11.1.2.2.0, fail over for the MDC partners are supported. Therefore, you must specify the primary and secondary servers for each of the MDC partners using the Access Manager console. To do this, complete the following steps:

   1. Log in to the Access Manager 11.1.2.2.0 console using the following URL:

      http://oam_admin_server_host:oam_admin_server_port/oamconsole

   2. Navigate to SSO Agents.

   3. Modify the Primary Server and Secondary Server for each of the MDC partners.

3. Add the modified MDC partners to the respective Data Centres using the following command:

   addPartnerForMultiDataCentre(propfile="../MDC_properties/partnerInfo.properties")

   While running this command, make sure you use the updated partnerInfo.properties file. You must run this command for each of the MDC partners. For more information about using the addPartnerForMultiDataCentre() command, see "addPartnerForMultiDataCentre" in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.

4. Verify that the MultiDataCenterPartners section in each of the MDC partner profile contains the following settings instead of the Hostname and Port:

   <Setting Name="PrimaryHostPort" Type="xsd:string">
   <Setting Name="SecondaryHostPort" Type="xsd:string">