3 Upgrading Oracle Access Manager 11g Release 2 (11.1.2.x.x) Environments

This chapter describes how to upgrade your existing Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0) and 11g Release 2 (11.1.2) environments to Oracle Access Management Access Manager (Access Manager) 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.

Note:

For information about upgrading Oracle Access Management Access Manager on IBM WebSphere, see "Upgrading Access Manager 11g Release 2 (11.1.2.x.x) WebSphere Environments" in the Oracle Fusion Middleware Third-Party Application Server Guide.

Note:

This chapter refers to Oracle Access Management Access Manager 11g Release 2 (11.1.2) and 11g Release 2 (11.1.2.1.0) environments as 11.1.2.x.x.

This chapter contains the following sections:

3.1 Upgrade Roadmap for Oracle Access Manager

Note:

If you do not follow the exact sequence provided in this task table, your Oracle Access Manager upgrade may not be successful.

Table 3-1 lists the steps to upgrade Oracle Access Manager 11.1.2.x.x to 11.1.2.2.0.

Table 3-1 Roadmap for Upgrading Access Manager 11.1.2.x.x to 11.1.2.2.0.

Task No. Task For More Information

1

Review system requirements and certifications.

See, Reviewing System Requirements and Certification

2

Stop the WebLogic Administration Server and the Access Manager Managed Servers.

See, Shutting Down Administration Server and Access Manager Managed Server(s)

3

Back up the existing Access Manager 11.1.2.x.x environment.

See, Backing Up Oracle Access Manager 11g Release 2 (11.1.2.x.x) Environment

4

Upgrade Oracle WebLogic Server to 10.3.6

See, Upgrading to Oracle WebLogic Server 10.3.6

5

Update the binaries of Access Manager 11.1.2.x.x to 11.1.2.2.0.

See, Upgrading Access Manager Binaries to 11.1.2.2.0

6

Upgrade the Access Manager (OAM) and Oracle Platform Security Services (OPSS) schemas using the Patch Set Assistant.

See, Upgrading OAM and OPSS Schemas

7

Upgrade Oracle Platform Security Services (OPSS). It is highly recommended that you perform this step.

See, Upgrading Oracle Platform Security Services

8

If you are upgrading Access Manager 11.1.2 to 11.1.2.2.0, you must copy the modified system or domain mbean configurations.

If you are upgrading Access Manager 11.1.2.1.0 to 11.1.2.2.0, skip this task.

See, Copying Modified System mbean Configurations

9

Stop the Access Manager Managed Server(s) and the WebLogic Administration Server.

See, Shutting Down Administration Server and Access Manager Managed Server(s)

10

Upgrade the system configuration of Access Manager.

See, Upgrading System Configuration

11

Start the WebLogic Administration Server and the Access Manager Managed Server(s).

See, Starting Administration Server and Access Manager Managed Server(s)

12

If you are using the Social Identity feature in Oracle Access Management Mobile and Service, update the Social Identity configuration.

See, Upgrading Oracle Access Management Mobile and Service

13

Verify the Access Manager upgrade.

See, Verifying the Upgrade

3.2 Reviewing System Requirements and Certification

Before you start the upgrade process, you must read the system requirements and certification document to ensure that your system meets the minimum requirements for the products you are installing or upgrading to. For more information see Section 2.1, "Reviewing System Requirements and Certification".

3.3 Shutting Down Administration Server and Access Manager Managed Server(s)

The upgrade process involves changes to the binaries and to the schema. Therefore, before you begin the upgrade process, you must shut down the Access Manager Managed Server(s) and the WebLogic Administration Server.

For more information about stopping the servers, see Section 2.8, "Stopping the Servers".

3.4 Backing Up Oracle Access Manager 11g Release 2 (11.1.2.x.x) Environment

You must back up your Oracle Access Manager 11.1.2.x.x environment before you upgrade to Access Manager 11.1.2.2.0.

After stopping the servers, back up the following:

  • MW_HOME directory, including the Oracle Home directories inside Middleware Home

  • Access Manager Domain Home directory

  • Oracle Access Manager schemas

  • MDS schemas

  • Audit and any other dependent schemas

For information about backing up the Middleware Home and schemas, see Section 2.2, "Backing up the Existing Environment".

3.5 Upgrading to Oracle WebLogic Server 10.3.6

If you are not using Oracle WebLogic Server 10.3.6, and you must upgrade your existing Oracle WebLogic Server to 10.3.6 by running the WebLogic Server upgrade installer.

For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 2.3, "Upgrading to Oracle WebLogic Server 10.3.6".

3.6 Upgrading Access Manager Binaries to 11.1.2.2.0

To update Access Manager 11.1.2.x.x binaries to Access Manager 11.1.2.2.0, you must use the Oracle Identity and Access Management 11.1.2.2.0 installer. During the procedure, point the Middleware Home to your existing 11.1.2.x.x Oracle Access Manager Middleware Home.

Note:

Before upgrading the Access Manager binaries to 11g Release 2 (11.1.2.2.0), you must ensure that the OPatch version in ORACLE_HOME and MW_HOME/oracle_common is 11.1.0.9.9. Different OPatch version might cause patch application failure. If you have upgraded opatch to a newer version, you will have to roll back to version 11.1.0.9.9.

For information about updating the Oracle Identity and Access Management binaries, see Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".

3.7 Upgrading OAM and OPSS Schemas

After you upgrade Access Manager binaries to 11.1.2.2.0, you must upgrade the OAM and OPSS (Oracle Platform Security Services) schemas by running the Patch Set Assistant. For information about upgrading schemas using Patch Set Assistant, see Section 2.6, "Upgrading Schemas Using Patch Set Assistant".

3.8 Upgrading Oracle Platform Security Services

After you upgrade schemas, it is highly recommended that you upgrade Oracle Platform Security Services (OPSS).

Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Access Manager to 11.1.2.2.0. It upgrades the jps-config.xml file and policy stores.

For information about upgrading Oracle Platform Security Services, see Section 2.7, "Upgrading Oracle Platform Security Services"

3.9 Copying Modified System mbean Configurations

If you are upgrading Oracle Access Management Access Manager 11.1.2 to Oracle Access Management Access Manager 11.1.2.2.0, you must copy the modified system or domain mbean configurations from the OAM_ORACLE_HOME to the DOMAIN_HOME, after you update the Access Manager binaries to 11.1.2.2.0.

Note:

If you are upgrading Oracle Access Management Access Manager 11.1.2.1.0 to 11.1.2.2.0, skip this section.

To do this, complete the following steps:

  1. Run the following command to launch the WebLogic Scripting Tool (WLST) from the location $ORACLE_HOME/common/bin:

    On UNIX: wlst.sh

    On Windows: wlst.cmd

  2. Run the following command:

    copyMbeanXmlFiles('DOMAIN_HOME','OAM_ORACLE_HOME')

    In this command, DOMAIN_HOME is the absolute path to the Access Manager WebLogic domain, and OAM_ORACLE_HOME is the absolute path to the OAM Oracle home. The second parameter OAM_ORACLE_HOME is optional.

    For example:

    On UNIX:

    copyMbeanXmlFiles('/Oracle/Middleware/user_projects/domains/base_domain','/Oracle/Middleware/Oracle_IDM1')

    On Windows:

    copyMbeanXmlFiles('C:\\Oracle\\Middleware\\user_projects\domains\\base_domain','C:\\Oracle\\Middleware\\Oracle_IDM1')

  3. If the modified system or domain mbean configurations are copied successfully, the following status is displayed on the command line:

    STATUS: SUCCESS 
The mbean xml files have been upgraded to new version. 
The original mbean xml is saved in "<domain_directory>/output/upgrade". 
Please restart the admin and oam servers.

    If the STATUS shows SUCCESS, restart the WebLogic Administration Server and the Access Manager Managed Server(s) by stopping and starting the servers in the following order:

    1. Stop the Access Manager Managed Server(s).

      For information about stopping Managed Server, see Section 2.8.1, "Stopping the Managed Server(s)".

    2. Stop the WebLogic Administration Server.

      For information about stopping the WebLogic Administration Server, Section 2.8.2, "Stopping the WebLogic Administration Server".

    3. Start the WebLogic Administration Server.

      For information about starting the WebLogic Administration Server, see Section 2.9.2, "Starting the WebLogic Administration Server".

    4. Start the Access Manager Managed Server(s).

      For information about starting Managed Server, see Section 2.9.3, "Starting the Managed Server(s)".

3.10 Shutting Down Administration Server and Access Manager Managed Server(s)

You must shut down the Access Manager Managed Server(s) and the WebLogic Administration Server in order to upgrade system configuration.

For more information about stopping the servers, see Section 2.8, "Stopping the Servers".

3.11 Upgrading System Configuration

After you upgrade to Access Manager binaries to 11.1.2.2.0, you must run the upgradeConfig() utility on the machine that hosts Administration Server, to upgrade the system configuration of Access Manager to 11.1.2.2.0. Before you run the upgradeConfig() utility, make sure that the Administration Server and the Managed Servers are stopped.

Note:

If you are upgrading Access Manager 11.1.2.1.0 to 11.1.2.2.0, then you must do the following before running the upgradeConfig.sh command:

  1. Go to the directory ORACLE_HOME/common/script_handlers.

  2. Remove all the .class files by running the following command:

    rm *.class

To upgrade the system configuration of Access Manager, do the following:

  1. Run the following command to launch the WebLogic Scripting Tool (WLST) from the location $ORACLE_HOME/common/bin:

    On UNIX: ./wlst.sh

    On Windows: wlst.cmd

  2. Run the following command in offline mode:

    upgradeConfig("domain_home", "sysdbaUser", "sysdbaPwd", "oamSchemaOwner", "oamdbJdbcUrl")

    In this command,

    • domain_home is the absolute path to the Access Manager WebLogic domain.

    • sysdbauser is the database username having sysdba privileges.

    • sysdbapwd is the password of the database user having sysdba privileges.

    • oamSchemaOwner is the database username for OAM schema.

    • oamdbjdbcUrl is the JDBC URL to connect to the Access Manager database. The JDBC URL must be in specified in the format "jdbc:oracle:thin:@<server_host>:<server_port>/<service_name>".

    For example:

    On UNIX:

    upgradeConfig("/Oracle/Middleware/user_projects/domains/base_domain", "sys", "pwd", "PREFIX_OAM", "jdbc:oracle:thin:@localhost:1521/orcl")

    On Windows:

    upgradeConfig("C:\\Oracle\\Middleware\\user_projects\\domains\\base_domain", "sys", "pwd", "PREFIX_OAM", "jdbc:oracle:thin:@localhost:1521/orcl")

3.12 Starting Administration Server and Access Manager Managed Server(s)

Start the WebLogic Administration Server and Access Manager Managed Server(s).

For more information about starting the servers, see Section 2.9, "Starting the Servers".

3.13 Upgrading Oracle Access Management Mobile and Service

If you are using the Social Identity feature in Oracle Access Management Mobile and Service, you must update the Social Identity configuration by running the msUpgrade() command. To do this, complete the following steps:

  1. Run the following command to launch the WebLogic Scripting Tool (WLST) from the location $ORACLE_HOME/common/bin:

    On UNIX: ./wlst.sh

    On Windows: wlst.cmd

  2. Run the following command to update the Social Identity configuration:

    msUpgrade()

3.14 Verifying the Upgrade

Use the following URL in a web browser to verify that Oracle Access Management Access Manager 11g Release 2 (11.1.2.2.0) is running:

http://<oam_admin_server_host>:<oam_admin_server_port>/oamconsole

3.15 Troubleshooting

This sections describes some of the common issues that you might encounter during the upgrade process, and their workarounds.

Note:

For information about the issues that you might encounter during the upgrade process, and their workarounds, see Oracle Fusion Middleware Release Notes.

This section contains the following topic:

3.15.1 Component Version Shows 11.1.1.5.0 After Upgrade

If you upgraded Oracle Access Manager 11g Release 1 (11.1.1.5.0) to 11g Release 2 (11.1.2) first, and then to Access Manager 11.1.2.2.0, the component versions of the packages oracle.dogwood.top and oracle.oam.server still show 11.1.1.5.0.

The resolve this, you must run the domain updater utility (com.oracle.cie.domain-update_1.0.0.0.jar). This step updates the domain-info.xml.

To upgrade the necessary Oracle Access Manager packages to 11.1.2.2.0, complete the following steps:

  1. Go to the directory $ORACLE_HOME/oaam/upgrade. The domain updater utility com.oracle.cie.domain-update_1.0.0.0.jar file is located in this directory.

  2. Upgrade the package oracle.dogwood.top 11.1.1.5.0 to 11.1.2.2.0 by running the following command:

    java -cp $MW_HOME/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater <DOMAIN_HOME> oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0

    For example:

    java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OAMDomain oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0

  3. Upgrade the package oracle.oam.server 11.1.1.5.0 to 11.1.2.2.0 by running the following command:

    java -cp $MW_HOME/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater <DOMAIN_HOME> oracle.oam.server:11.1.1.5.0,:11.1.2.2.0

    For example:

    java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OAMDomain oracle.oam.server:11.1.1.5.0,:11.1.2.2.0