This chapter describes how to upgrade your existing Oracle Adaptive Access Manager 11g Release 1 (11.1.1.5.0) and 11g Release 1 (11.1.1.7.0) environments to Oracle Adaptive Access Manager 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.
Note:
For information about upgrading Oracle Adaptive Access Manager on IBM WebSphere, see "Upgrading Oracle Adaptive Access Manager on IBM WebSphere" in the Oracle Fusion Middleware Third-Party Application Server Guide.Note:
This chapter refers to Oracle Adaptive Access Manager 11g Release 1 (11.1.1.5.0) and 11g Release 1 (11.1.1.7.0) environments as 11.1.1.x.x.This chapter includes the following sections:
Backing Up Oracle Adaptive Access Manager 11g Release 1 (11.1.1.x.x)
Upgrading Oracle Adaptive Access Manager 11g Release 2 (11.1.2.2.0)
Extending Oracle Adaptive Access Manager 11.1.1.x.x Component Domains with OPSS Template
Starting the Administration Server and Oracle Adaptive Access Manager Managed Servers
Note:
If you do not follow the exact sequence provided in this task table, your Oracle Adaptive Access Manager upgrade may not be successful.Table 10-1 lists the steps to upgrade Oracle Adaptive Access Manager.
Task | For More Information | |
---|---|---|
1 |
Review system requirements and certifications. |
|
2 |
Shut down all servers. This includes both Administration Server and Managed Servers. |
See, Shutting Down Administration Server and Managed Servers |
3 |
Back up your environment. |
See, Backing Up Oracle Adaptive Access Manager 11g Release 1 (11.1.1.x.x) |
4 |
Optional - Upgrade Oracle WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6. |
|
5 |
Upgrade 11.1.1.x.x Oracle Home to 11.1.2.2.0. |
See, Upgrading Oracle Adaptive Access Manager 11g Release 2 (11.1.2.2.0) |
6 |
Upgrade the OAAM, MDS, IAU, and OPSS Schemas using Patch Set Assistant. |
|
7 |
Extend your Oracle Adaptive Access Manager 11.1.1.x.x domain with the OPSS template. |
See, Extending Oracle Adaptive Access Manager 11.1.1.x.x Component Domains with OPSS Template |
8 |
Upgrade Oracle Platform Security Services, if required. |
|
9 |
Run the |
|
10 |
Start the Administration and Managed Servers. |
See, Starting the Administration Server and Oracle Adaptive Access Manager Managed Servers |
11 |
Redeploy the applications on Oracle Adaptive Access Manager 11.1.2.2.0 Servers. |
|
12 |
Delete the |
See, Deleting Folders |
13 |
Restart the servers. |
|
14 |
Verify the Oracle Adaptive Access Manager upgrade. |
Before you start the upgrade process, you must read the system requirements and certification document to ensure that your system meets the minimum requirements for the products you are installing or upgrading. For more information see Section 2.1, "Reviewing System Requirements and Certification".
The upgrade process involves changes to the binaries and to the schema. Therefore, before you begin the upgrade process, you must shut down the WebLogic Administration Server and the Oracle Adaptive Access Manager Managed Servers.
For more information about stopping the WebLogic Administration Server and the Managed Servers, see Section 2.8, "Stopping the Servers".
You must back up your Oracle Adaptive Access Manager 11.1.1.x.x environment before you upgrade to Oracle Adaptive Access Manager 11.1.2.2.0.
After stopping the servers, you must back up the following:
MW_HOME directory, including the Oracle Home directories inside Middleware Home
Domain Home directory
Oracle Adaptive Access Manager schemas
IAU schema, if it is part of any of your Oracle Adaptive Access Manager 11.1.1.x.x schemas
MDS schemas
Note:
Upgrading Oracle WebLogic Server is not mandatory. However, Oracle recommends that you upgrade Oracle WebLogic Server to 10.3.6.You can upgrade WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6 by using the WebLogic 10.3.6 Upgrade Installer. For information about upgrading Oracle WebLogic Server, see Section 2.3, "Upgrading to Oracle WebLogic Server 10.3.6".
To upgrade Oracle Adaptive Access Manager, you must use the Oracle Identity and Access Management 11.1.2.2.0 Installer. During the procedure, point the Middleware Home to your existing 11.1.1.x.x Middleware Home. Your Oracle Home is upgraded from 11.1.1.x.x to 11.1.2.2.0.
For information about upgrading Oracle Adaptive Access Manager 11g Release 1 (11.1.1.x.x), see Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".
You must upgrade the following schemas using Patch Set Assistant:
OAAM schema
MDS schema
OPSS schema
Note:
If OPSS schema is not part of the source, a new OPSS schema must first be created using 11.1.2.2.0 RCU and only then can it be upgraded. You must create Oracle Platform Security Services (OPSS) schema because Oracle Adaptive Access Manager upgrade process involves OPSS schema policy store changes. Keys, roles, permissions, and other artifacts used by the applications must migrate to the policy store.Run Repository Creation utility (RCU) to create the OPSS schema. For more information, see "Creating Schemas" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
IAU schema (You must upgrade Audit schema (IAU) only if it is part of your 11.1.1.x.x schemas.
Note:
When upgrading schemas using Patch Set Assistant, you must select OAAM or OAAM_PARTN as appropriate, and provide details on all screens to complete the upgrade.For information about upgrading schemas using Patch Set Assistant, see Section 2.6, "Upgrading Schemas Using Patch Set Assistant".
Oracle Adaptive Access Manager 11.1.2.2.0 uses the database to store policies. This requires extending the 11.1.1.x.x Oracle Adaptive Access Manager domain to include the OPSS data source.
To do so, complete the following steps:
Run the following command to launch the Oracle Fusion Middleware configuration wizard:
On UNIX:
./config.sh
It is located in the <MW_HOME>/<Oracle_IDM1>/common/bin
directory.
On Windows:
config.cmd
It is located in the <MW_HOME>\<Oracle_IDM1>\common\bin
directory.
On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.
On the Select a WebLogic Domain Directory screen, browse to the directory that contains the WebLogic domain in which you configured the components. Click Next. The Select Extension Source screen is displayed.
On the Select Extension Source screen, select the Oracle Platform Security Service - 11.1.1.0 [Oracle_IDM1] option. After selecting the domain configuration options, click Next.
The Configure JDBC Data Sources screen is displayed. Configure the opssDS data source, as required. After the test succeeds, the Configure JDBC Component Schema screen is displayed.
On the Configure JDBC Component Schema screen, select the Oracle Platform Security Services schema.
You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next.
The Test JDBC Component Schema screen is displayed. After the test succeeds, the Select Optional Configuration screen is displayed.
On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines and Deployments and Services. Do not select anything as you have already configured in your Oracle Identity and Access Management 11.1.1.x.x environment. Click Next.
On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.
Your existing Oracle Adaptive Access Manager domain is extended to support Oracle Platform Security Services (OPSS).
Note:
The upgrade steps need to be performed only if OPSS has already been configured.After you upgrade schemas, you must upgrade Oracle Platform Security Services (OPSS).
Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Adaptive Access Manager to 11.1.2.2.0. It upgrades the jps-config.xml
file and policy stores.
For information about upgrading Oracle Platform Security Services, see Section 2.7, "Upgrading Oracle Platform Security Services".
Note:
You need to configure OPSS Security Store only if it was not configured during the previous installation. If it has already been configured, perform the steps to upgrade OPSS. For more information, see Section 10.9, "Upgrading Oracle Platform Security Services".You must configure the database Security Store as it is the only security store type supported by Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0).
For more information on configuring Oracle Platform Security Services, see "Configuring Database Security Store for an Oracle Identity and Access Management Domain" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
Note:
When you start the Administration Server and the Managed Servers, the Adaptive Access Manager Administration console application and the Access Manager Managed server application may start with a number of errors and exceptions. This is expected and can be ignored. These issues are resolved by the subsequent redeployment process.The redeploy
command is an online WLST command. Therefore, you must start the Oracle Adaptive Access Manager Administration and Managed Servers before running the redeploy
command.
For information about starting the Administration Server and Oracle Adaptive Access Manager Managed servers, see "Starting the Servers".
You must redeploy changes to the applications in the domain after upgrading Oracle Adaptive Access Manager to 11.1.2.2.0. Redeploy your 11.1.1.x.x application on the Oracle Adaptive Access Manager 11.1.2.2.0 servers.
You can redeploy the application using command line or using the WebLogic Administration console. Complete the following steps described in one of the following sections to redeploy applications:
Redeploying Applications Using Command Line
To redeploy applications on Oracle Adaptive Access Manager 11.1.2.2.0 servers using command line, do the following:
Run the following command from the location IAM_HOME
/common/bin
to launch the WebLogic Scripting Tool (WLST):
On UNIX: ./wlst.sh
On Windows: wlst.cmd
Connect to the Administration Server using the following command:
connect('
weblogic-username
','
weblogic-password
','
weblogic-url
')
For example:
connect('wlsuser','wlspassword','localhost:7001')
Run the following command to undeploy OAAM:
undeploy('oaam_admin')
undeploy('oaam_server')
undeploy('oracle.oaam.extensions')
Note:
If you have Oracle Adaptive Access Manager Offline Server in your setup, run theundeploy()
command to undeploy 'oaam_offline'
too.For more information about using the undeploy
command, see "undeploy" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Deploy the oaam.extension
library application by running the following command:
deploy('oracle.oaam.extensions','
$IAM_HOME
/oaam/oaam_extensions/generic/oracle.oaam.extensions.war','oaam_admin_server1,oaam_server_server1','nostage',libraryModule='true')
Note:
If you have Oracle Adaptive Access Manager Offline Server in your setup, addoaam_offline_server1
to the list of targets while deploying oaam.extension
library.For more information about using the deploy
command, see "deploy" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Deploy the OAAM applications by running the following commands:
deploy('oaam_admin','
$IAM_HOME
/oaam/oaam_admin/ear/oaam_admin.ear','oaam_admin_server1','nostage')
deploy('oaam_server','
$IAM_HOME
/oaam/oaam_server/ear/oaam_server.ear','oaam_server_server1','nostage')
The target servers for each deployments are as follows:
oaam_admin
- Target: oaam_admin_server1
oaam_server
- Target: oaam_server_server1
Note:
If you have Oracle Adaptive Access Manager Offline Server in your setup, deploy'oaam_offline'
to the target 'oaam_offline_server1'
by running the deploy()
command.For more information about using the deploy
command, see "deploy" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Optional: If you had deployed the OAAM shared library, run the following command to redeploy it:
redeploy('oracle.oaam.libs')
Exit the WLST console using the exit()
command.
Redeploying Applications Using WebLogic Administration Console
To redeploy applications on Oracle Adaptive Access Manager 11.1.2.2.0 servers using WebLogic Administration console, do the following:
Log in to the WebLogic Administration console using the following URL:
http://
admin_host
:
admin_port
/console
:
Go to the Deployments tab.
Select oaam_admin
, oaam_server
and oracle.oaam.extensions
from Deployments and click Delete.
Click Install, and specify the path for:
oracle.oaam.extensions
and deploy it to oaam_server_server1
and other Oracle Adaptive Access Manager managed servers.
Note:
Ensure thatoracle.oaam.extensions
is redeployed before other applications.oaam_admin.ear
and deploy it to oaam_admin_server1
and other Oracle Adaptive Access Manager managed servers.
oaam_server.ear
and deploy it to oaam_server_server1
and other Oracle Adaptive Access Manager managed servers.
The target servers for each redeployment are as follows:
oracle.oaam.extensions
- Targets: oaam_server_server1
, oaam_admin_server1
oaam_admin
- Target: oaam_admin_server1
oaam_server
- Target: oaam_server_server1
To deploy Oracle Adaptive Access Manager 11.1.1.x.x server content and applications in Oracle Adaptive Access Manager 11.1.2.2.0, you must delete all content of folders in the following locations:
Deleting tmp:
<MW_Home>/user_projects/domains/domain_home/servers/<OAAM_ADMIN_SERVER_NAME>/tmp
<MW_Home>/user_projects/domains/domain_home/servers/<OAAM_MANAGED_SERVER_NAME>/tmp
<MW_Home>/user_projects/domains/domain_home/servers/<OAAM_OFFLINE_SERVER_NAME>/tmp
Deleting stage:
<MW_Home>/user_projects/domains/domain_home/servers/<OAAM_ADMIN_SERVER_NAME>/stage
<MW_Home>/user_projects/domains/domain_home/servers/<OAAM_MANAGED_SERVER_NAME>/stage
<MW_Home>/user_projects/domains/domain_home/servers/<OAAM_OFFLINE_SERVER_NAME>/stage
Deleting tmp:
<MW_Home>\user_projects\domains\domain_home\servers\<OAAM_ADMIN_SERVER_NAME>\tmp
<MW_Home>\user_projects\domains\domain_home\servers\<OAAM_MANAGED_SERVER_NAME>\tmp
<MW_Home>\user_projects\domains\domain_home\servers\<OAAM_OFFLINE_SERVER_NAME>\tmp
Deleting stage:
<MW_Home>\user_projects\domains\domain_home\servers\<OAAM_ADMIN_SERVER_NAME>\stage
<MW_Home>\user_projects\domains\domain_home\servers\<OAAM_MANAGED_SERVER_NAME>\stage
<MW_Home>\user_projects\domains\domain_home\servers\<OAAM_OFFLINE_SERVER_NAME>\stage
To restart the Administration Server or Managed Servers, you must stop the running Administration Server or Managed Servers first before starting them again.
To stop the servers, see Section 10.3, "Shutting Down Administration Server and Managed Servers".
To start the servers, see Section 10.11, "Starting the Administration Server and Oracle Adaptive Access Manager Managed Servers".
Note:
After all the upgrade steps are complete, check to make sure that the custom extensions (if any) are working correctly.Use the following URL in a web browser to verify that Oracle Adaptive Access Manager 11.1.2.2.0 is running:
http://<oaam_host>:<oaam_port>/oaam_admin
Assign the investigator role and verify to see the investigator UI.