7 Upgrade Oracle Identity Management to Release 12

This chapter describes how to upgrade your existing Oracle Identity Manager (IDM) environment for Oracle Fusion Applications to Release 12 (11.12.x.0.0). Perform the steps in this chapter after you have completed Resume Upgrade Orchestrator (Oracle VM Only).

This chapter contains the following sections:

7.1 Pre-Upgrade Requirements

Before you begin the upgrade of your IDM environment for Oracle Fusion Applications (FA) to Release 12, ensure you have completed the tasks as listed in:

7.2 IDM for FA Upgrade Roadmap

Review the following flowchart and roadmap for an overview of the upgrade process for IDM for FA to Release 12.

Figure 7-1 Upgrade Process Flowchart for IDM for FA

Upgrade Process Flowchart for IDM for FA Release 11.12.x.0.0

The following table lists the high-level steps that you need to perform to upgrade to Oracle Fusion Applications Release 11.12.x.0.0:

Table 7-1 Tasks for Upgrading IDM for FA to Release 12

Task Required Description

Review pre-upgrade requirements

Required

The pre-upgrade requirements include having your Oracle Fusion Applications IDM on Release 8 or 9 and backing up the IDM middle tier and database. See Pre-Upgrade Requirements.

Identify your IDM topology

Required

Identify your IDM topology to choose the right upgrade procedure for your system. See Identify your IDM Topology.

Disconnect Enterprise IDM integrations

Required only if your IDM for FA is integrated with Enterprise IDM

If your IDM for FA is integrated with Enterprise IDM, you must disconnect integrations. See Disconnect Enterprise IDM Integrations.

Upgrade your type I IDM for FA

Required only if your IDM environment was set up using IDM provisioning scripts

After reviewing the requirements and confirming that you have the Type I IDM topology, run the upgrade steps. For the complete procedure, see Upgrade Type I IDM Environments.

Upgrade your type II IDM for FA

Required only if your IDM environment was not set up using IDM provisioning scripts

After reviewing the requirements and confirming that you have the Type II IDM topology, run the upgrade steps. For the complete procedure, see Upgrade Type II IDM Environments.

Reconnect Enterprise IDM integrations

Required only if your IDM for FA is integrated with Enterprise IDM

If your IDM for FA is integrated with Enterprise IDM and you disconnected integrations, you can now reconnect them. See Reconnect Enterprise IDM Integrations.

Update Status to Success

Required

After successfully upgrading your IDM, update the task status to “success” on the IDM host. See Update Status to Success.

Resume Upgrade Orchestrator to Upgrade Oracle Fusion Applications

Required

The IDM for FA upgrade process to Release 12 is complete. You can now resume Upgrade Orchestrator and continue with Pause Point 3. See Resume Upgrade Orchestrator to Upgrade Oracle Fusion Applications.

7.3 Identify your IDM Topology

The upgrade steps will vary according to the type of IDM installation you have.

Your topology will be one of the following:

  • Type I: IDM installation that was performed using IDM provisioning scripts without any subsequent manual scale out steps

  • Type II: IDM installation that was not performed using IDM provisioning scripts. This type also includes cases where a single node or EDG option was selected during your IDM provisioning and manual scale out was performed for second instances

If you are not sure about which type of IDM installation you have, verify if the lcmconfig folder exists under the shared configuration folder. For example: 
<SHARED_CONFIG>/lcmconfig/topology/topology.xml
Where

  • <SHARED_CONFIG>: /u01/IDMTOP/config

This folder is specific to the type I environment or provisioned using IDM provisioning scripts without any subsequent manual IDM scale out steps.

7.4 Disconnect Enterprise IDM Integrations

Perform this steps only if your IDM for FA is integrated with Enterprise IDM. You must disconnect integrations by cloning your IDM environment. The cloning process involves the following high-level steps:

Note that in this section, the original environment is called IDM1, and the cloned environment is called IDM2.

  1. Clone the IDM1 environment using the clone tool.

  2. Perform sanity testing to ensure IDM2 is working correctly.

  3. Rewire FA to point to IDM2.

  4. Perform sanity testing to ensure FA is working correctly.

  5. Upgrade IDM1 to a supported version.

To set up your cloned environment, perform the following steps:

  1. Clone your IDM environment by following the steps as listed in Cloning Procedure in the Oracle Fusion Applications Cloning and Content Movement Administrator's Guide.

  2. Perform sanity tests on IDM2 to ensure it is working correctly by following the steps as listed in Perform Validation Steps in the Oracle Fusion Applications Cloning and Content Movement Administrator's Guide.

  3. Rewire FA to point to IDM2 as follows:
    1. To have FA point to the IDM2, IDM specific entries in the /etc/hosts should now point to IDM2. FA interactions with IDM is controlled by entries in the /etc/hosts file of the FA machines. The following is an example file: 
      192.0.2.1 hostname.example.com hostname
192.0.2.1 idmhost1.osc.uk.example.com idmhost1 
192.0.2.1 fahost1.osc.uk.example.com fahost1
192.0.2.1 scmhost1.osc.uk.example.com scmhost1
192.0.2.1 policystore.osc.uk.example.com policystore
192.0.2.1 idstore.osc.uk.example.com idstore

    2. Update your FA OHS configuration. OHS configuration contains information about URL redirects, for example, sso.example.com. This configuration needs to be updated to point to the new IP addresses of IDM2 instead of the existing IP of IDM1.

  4. Perform sanity tests to ensure FA is working correctly.

7.5 Upgrade Type I IDM Environments

This section describes how to upgrade type I IDM environments.

This section contains the following topics: Note the following:

  • All of the perl files mentioned in the following sections are present under SHARED_LOCATION/idmUpgrade.

  • All of the steps must be executed serially.

7.5.1 Prerequisites for Upgrading Type I IDM Environments

Before the upgrade of your type I IDM environment, perform the following tasks:

  • Obtain SHARED_LOCATION/11.12.x.0.0/idmUpgrade as follows:

    1. Unzip the patch 25734394 that you downloaded in Copy and Unzip idmUpgrade.zip into the machine that contains the IDM nodes.

    2. Update the upgradeOnPremise.properties file in the unzipped location, then modify the default values as applicable and provide values for all properties listed in the file. For more information about these properties, see IDM for FA Upgrade Properties Files.

      Note:

      Use the updated upgradeOnPremise.properties for all type I upgrade commands.
  • Create the RCU folder as follows:

    1. Create the rcu folder under FA_REPOSITORY/installers.

    2. Unzip the contents of <FA_REPOSITORY>/installers/fmw_rcu/linux/rcuHome.zip into the rcu folder.

    3. Give 755 permissions to the rcu folder recursively: 
      chmod -R 755 rcu
Note that in the following sections, operations will be executed on all the IDM nodes. You must perform the operations in the following order, except when stopping all IDM services:

  • OID and OID scaled out (if present)

  • OIM and OIM scaled out (if present)

  • OHS and OHS scaled out (if present)

7.5.2 Run preValidate Script

The following preValidateOnPremise.pl script must be executed serially on each IDM node, including the scaled out nodes:

perl preValidateOnPremise.pl <node type> REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
Where

  • REPOSITORY_LOCATION: Fusion Applications Release 12 repository.

Run the preValidateOnPremise command in the following order:

  • OID

    perl preValidateOnPremise.pl OID REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl preValidateOnPremise.pl OID-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties

  • OIM

    perl preValidateOnPremise.pl OIM REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl preValidateOnPremise.pl OIM-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties

  • OHS

    perl preValidateOnPremise.pl OHS REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl preValidateOnPremise.pl OHS-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties

Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue. Rerun preValidate and ensure it is successful.

7.5.3 Manually Download OIM Email Template

After running the preValidate script on your type I environment, manually download the OIM email template as follows:

  1. Log in to the OIM host.

  2. Go to the idmUpgrade unzip location.

  3. Execute exportOIMDataOnPremise.pl as follows: 
    perl exportOIMDataOnPremise.pl upgradeOnPremise.properties <SHARED_UPGRADE_LOCATION>/<podName>/emailTemplateDir/emailtemplate.xml
    Where

    • SHARED_UPGRADE_LOCATION: It is located in pod.properties, and its default value is /u01/sharedupgradelocation.

  4. Confirm that the status message at the end of the run is successful. If the script gives an error, check the error message and resolve the issue. Then, rerun exportOIMDataOnPremise.pl and ensure it is successful.

7.5.4 Stop All IDM Services

Stop all IDM services by running the following command on all IDM nodes:

perl stopIDMOnPremise.pl <node type> upgradeOnPremise.properties
Run the stopIDMOnPremise.pl command in the following order:

  • OHS

    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl stopIDMOnPremise.pl OHS-SO upgradeOnPremise.properties
    If the environment is not scaled out, run the following command on the OHS node: 
    perl stopIDMOnPremise.pl OHS upgradeOnPremise.properties

  • OIM

    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl stopIDMOnPremise.pl OIM-SO upgradeOnPremise.properties
    If the environment is not scaled out, run the following command on the OIM node: 
    perl stopIDMOnPremise.pl OIM upgradeOnPremise.properties

  • OID

    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl stopIDMOnPremise.pl OID-SO upgradeOnPremise.properties
    If the environment is not scaled out, run the following command on the OID node: 
    perl stopIDMOnPremise.pl OID upgradeOnPremise.properties

7.5.5 Upgrade Binaries

Upgrade the binary files used by IDM components by running the following command on all IDM nodes:

perl idmUpgradeOnPremise.pl -node=<node type> -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary

Where

  • REPOSITORY_LOCATION:  Fusion Applications Release 12 repository.

Run the idmUpgradeOnPremise.pl command in the following order:

  • OID

    perl idmUpgradeOnPremise.pl -node=OID -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OID-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary

  • OIM

    perl idmUpgradeOnPremise.pl -node=OIM -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OIM-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary

  • OHS

    perl idmUpgradeOnPremise.pl -node=OHS -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OHS-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary

7.5.6 Update IDM Configuration

 Update the IDM configuration to Release 12 level by running the following config upgrade commands on all IDM nodes:

perl idmUpgradeOnPremise.pl -node=<node type> -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
Where:

  • REPOSITORY_LOCATION: Fusion Applications Release 12 repository.

Run the idmUpgradeOnPremise.pl command in the following order:

  • OID

    perl idmUpgradeOnPremise.pl -node=OID -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OID-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config

  • OIM

    perl idmUpgradeOnPremise.pl -node=OIM -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OIM-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
    If you are on a Solaris platform, after running this command on OIM perform the steps listed in Re-create IDM Schemas Manually (Solaris Only).

  • OHS

    perl idmUpgradeOnPremise.pl -node=OHS -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OHS-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config

7.5.6.1 Re-create IDM Schemas Manually (Solaris Only)

During IDM upgrade on Solaris platforms, the OIM Config step displays the following message in the IDM upgrade console:

On non-Linux platforms, run the rcu from a Linux machine.
Please follow the manual steps documented in the IDM Upgrade Guide to load the required schemas and resume Upgrade.
Re-create the schemas and resume the upgrade as follows:
  1. Unzip the following Oracle Fusion Middleware RCU zip file to REPOSITORY_LOCATION/installers/rcu:
    • Linux: 
      REPOSITORY_LOCATION/installers/fmw_rcu/linux/rcuHome.zip
    • Windows: 
      REPOSITORY_LOCATION/installers/fmw_rcu/windows/rcuHome.zip
    Where:

    • REPOSITORY_LOCATION: The Oracle Fusion Applications provisioning repository.

    Use the Oracle Identity Management version of RCU, which now exists in that directory.
  2. Drop the FA_OAM schema, and then manually create the FA_OAM, FA_OPSS, and FA_BIPLATFORM schemas in the Oracle Identity Management database by using the Fusion Applications Repository Creation Utility (RCU) REPOSITORY_LOCATION/installers/rcu, for example, IDMDB. Note that the schema prefix may vary from “FA_
  3. Export the following Solaris specific environment variables:
    • LD_LIBRARY_PATH
    • PERL5LIB
    • PATH
    For more information about exporting these Solaris variables, see Environment Variables Required for Solaris.
  4. Add a checkpoint for schema creation by running the IDM_UPGRADE_HOME/addSchemaCheckPoint.pl script as shown in the following example: 
    perl addSchemaCheckPoint.pl -node=OIM -repoLocs=REPOSITORY_LOCATION/installers -props= ./upgradeOnPremise.properties

    Where:

    • node: Node

    • repoLocs: Comma separated paths of repo

    • props: Properties files

  5. Rerun OIM config upgrade mode.

7.5.7 Run postValidate Script

To confirm that the upgrade was successful, run the following post-upgrade validation command on all IDM nodes:

perl postvalidateOnPremise.pl <node type> upgradeOnPremise.properties
Run the idmUpgradeOnPremise.pl command in the following order:

  • OID

    perl postvalidateOnPremise.pl OID upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl postvalidateOnPremise.pl OID-SO upgradeOnPremise.properties

  • OIM

    perl postvalidateOnPremise.pl OIM upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl postvalidateOnPremise.pl OIM-SO upgradeOnPremise.properties

  • OHS

    perl postvalidateOnPremise.pl OHS upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl postvalidateOnPremise.pl OHS-SO upgradeOnPremise.properties

Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue.

After upgrade, you can start/stop the IDM components on a given node using the IDM provisioning start/stop scripts as described in Start and Stop All IDM Components on a Host.

7.6 Upgrade Type II IDM Environments

This section describes the upgrade process for the type II IDM environments that have been installed using Oracle's A-team's one click installation scripts or by following the instructions in Fusion Middleware Enterprise Deployment Guide for Oracle Identity and Access Management.

This upgrade process reuses the database from the old environment and creates an entirely new parallel IDM environment, and involves the following high-level steps:

  1. Run the Discovery Tool to discover your environment topology and configuration.

  2. Set up a parallel True-up IDM environment matching the release of the current environment.

  3. Migrate the configuration and artifacts from the existing environment.

  4. Upgrade the true-up environment.

Note:

Do not clean the source environment until after the entire upgrade of the true-up environment is completed.
This section contains the following topics:
Note the following:

  • All of the perl files mentioned in the following sections are present under SHARED_LOCATION/idmUpgrade.

  • All of the steps must be executed serially.

7.6.1 Prerequisites for Upgrading Type II IDM Environments

Before the upgrade of your type II IDM environment, perform the following tasks:

  • Ensure that the user running the upgrade is the same user used for the installation of the IDM home. This user must have read/write access to the staging directories throughout the upgrade cycle.

  • Create stagedir folder under SHARED_LOCATION. stagedir is the directory in the SHARED_LOCATION that contains the artifacts generated by the Discovery tool.

  • Confirm that you have permission on stagedir and that it is shared across all IDM hosts.

  • Verify that Webgate is configured on the OHS SO Node. If it is not configured, follow the steps as listed in Webgate Is Not configured on the OHS SO Node.

  • Choose the patch applicable to your starting release and environment. The following table shows the patch number for each release/environment:

    Table 7-2 FA IDM Patches for Type II Upgrades

    Release Environment Patch Number

    Release 8

    Linux non-provisioned environment 

    26504255

    Release 8

    Sparc non-provisioned environment 

    26504255

    Release 9

    Linux non-provisioned environment 

    26639496

    Release 9

    Sparc non-provisioned environment 

    26639496

  • Obtain the SHARED_LOCATION/11.12.x.0.0/idmUpgrade file as follows:

    1. Unzip the patch 25734394 that you downloaded in Copy and Unzip idmUpgrade.zip into a location under SHARED_LOCATION//11.12.x.0.0.

  • Ensure that an empty staging directory is available for the upgrade process and that it meets the following requirements:

    • The directory must be writable and have at least 100MB empty space.

    • If the environment is spread across multiple machines, then the staging directory needs to be on a network shared and write-accessible from all IDM nodes.

  • Unzip the idmUpgrade.zip file parallel to stagedir in the SHARED_DIR directory.

  •  Ensure that the following directories are created and empty on all IDM nodes:

    • /u01/IDMTOP: Both IDMTOP and stagedir must be shared across the OID and the OIM hosts, including SO hosts. The only exception is for the OHS hosts when they are in DMZ.

    • /u02/local/IDMTOP: Local folder on each of the IDM hosts.

  • Ensure the u01 and u02 folders are created under root ("/") with the same user and group that the existing IDM environment has.

  • Create the RCU folder as follows:

    1. Create the rcu folder under FA_REPOSITORY/installers.

    2. Unzip the contents of <FA_REPOSITORY>/installers/fmw_rcu/linux/rcuHome.zip into the rcu folder.

    3. Give 755 permissions to the rcu folder recursively: 
      chmod -R 755 rcu
Note that in the following sections, operations will be executed on all the IDM nodes. You must perform the operations in the following order, except when running discovery and stopping all IDM services:

  • OID and OID scaled out (if present)

  • OIM and OIM scaled out (if present)

  • OHS and OHS scaled out (if present)

7.6.2 Discover Topology

The topology discovery tool introspects the existing IDM environment to discover information that will be needed for setting up a parallel true-up environment. 

Discovery also generates the following artifacts based on the existing environment to stage directory (stagedir). These artifacts are used during the migration and upgrade processes. No additional input is necessary:

  • credconfig: Folder that contains the discovery wallet

  • upgradeProps: Folder that contains the upgrade wallet

  • idmMigration: Folder that contains the migration wallet

  • discoverycache: Folder that contains a list of the files required for migration

  • upgradeOnPremise.properties: File that contains auto-generated properties required for the On-Premise upgrade. There are 2 properties that you can customize, OPSS_DB_PASSWORD and OIF_11GR2_SINGNING_KEY_PWD as they are new passwords. For more information about this file, see IDM for FA Upgrade Properties Files.

  • topology.xml: File that contains information about the IDM topology such as server hosts, ports, mw_homes, oracle_homes, etc. related to source environment.

  • dest-topology.xml: File that contains information about the IDM topology such as server hosts, ports, mw_homes, oracle_homes etc. related to destination true-up tar.

  • logs: Folder that contains logs of the discovery tool. By default, the migration and the upgrade logs are pointed to the same location.

  • idmMigration.properties: File that contains the properties required for the On-Premise migration. There are certain optional parameters that you can customize in this auto-generated file, such as LOG_DIR.

This section contains the following topics:

7.6.2.1 Prerequisites

Before running the discovery tool, perform the following steps. Note that if your environment has OIF and it is not up during discovery, then OIF will not be part of the upgrade process.

  1. Set the following environment variables:

    • JAVA_HOME to a valid JDK6 install in all IDM hosts.

    • MW_HOME on the Admin Server machine to a Middleware Home location, for example, /u01/oracle/products/app.

  2. Ensure all IDM servers are up and running. If any of the servers is not running, the discovery fails and the next step of migration cannot be run.

Discovery must be executed in the following order:

  1. On the IDM host where adminserver is present, and then on other hosts.

  2. If OID and OIM are on separate nodes, first run discovery on the OIM host where adminserver is present, then on the OIM scaled-out node, and then on the OID nodes.

7.6.2.2 Run the Discovery Tool

If your set up has IDM nodes on different machines (including scaled out support), the discovery tool will have to be run serially on each IDM node.

Review the following diagram that shows a typical discovery flow including OHS in Demilitarized Zone (DMZ) scenario:

Figure 7-2 Discovery Flow

Discovery flow chart including OHS in DMZ
To run the discovery tool, perform the following steps:

  1. Ensure stagedir is shared between IDM hosts.

  2. Run Discovery on IDM hosts as follows:

    SHARED_LOCATION/idmUpgrade/discovery/bin
./idmdisc.sh -stagedir <location of the staging directory>

    Note:

    SHARED_LOCATION should be shared across all nodes. Since idmUpgrade and stagedir are under SHARED_LOCATION, they are automatically shared across machines.

    -topology: The discovery tool updates the topology.xml file, which contains information about all IDM nodes. For more information about this file, see Discover Topology.

    -credconfig: During the discovery process, the tool will prompt you for passwords to connect to IDM servers and services. These passwords will be stored in the credconfig file to be used during later stages of upgrade. Both the topology.xml file and credconfig will be created inside stagedir.

    -logDir: The location of the file where all discovery logs will be placed.

  3. Verify whether stagedir is shared between IDM and OHS hosts:

    • If it is shared, perform the following steps:

      1. Run Discovery on OHS1.

      2. Run Discovery on OHS2.

    • If it is not shared, perform the following steps:

      1. Copy the contents of the stagedir from the IDM hosts to the stagedir of OHS1.

      2. Verify whether stagedir is shared between OHS1 and OHS2.
        • If it is shared, perform the following steps:

          1. Run Discovery on OHS1.

          2. Run Discovery on OHS2.

          3. Copy the topology.xml and dest-topology.xml from the stagedir of OHS2 to the stagedir of the IDM hosts.

        • Otherwise, perform the following steps:

          1. Run Discovery on OHS1.

          2. Copy the contents of the stagedir from the OHS1 to the stagedir of OHS2.

          3. Run Discovery on OHS2.

          4. Copy the topology.xml and dest-topology.xml from the stagedir of OHS2 to the stagedir of the IDM hosts.

          After running Discovery successfully, you see the following message: 
          Oracle IDM Discovery Utility succeeded.

Discovery Questionnaire

The Discovery tool formulates some questions while being run. During the questionnaire, certain user names are set as defaults. Based on the relevance of values in your environment, you can either choose to use the same default user names as such by pressing enter or change them accordingly.

The following table shows the questions formulated by the discovery tool. The table also shows the answers you must provide and a brief description of each question if applicable:

Note:

The words in parenthesis are defaulted values. You must change them accordingly.

Table 7-3 Questions Formulated by the Discovery Tool

Question Answer Description

Is stagedir directory: $STAGE_DIR shared across all nodes of IDM (OID/OIM/OHS), including Scale-Out nodes (if any).

Note that if the OHS host(s) is in DMZ and stagedir cannot be shared, you need to manually copy contents of stagedir of OID/OIM node to stagedir of OHS host(s) before running discovery on OHS node(s) and then after discovery completes on OHS node(s), copy back the topology.xml and dest-topology.xml from stagedir of OHS host(s) to stagedir of the OID/OIM node. [Y/N]:

Y

Verify if the stagedir directory is shared across all IDM nodes, including scale out nodes (if any) and if it is, then enter Y. If you enter N, the discovery tool exits.

Are all IDM servers up and running, please confirm? [Y/N]:

Y

Verify that the servers are up and running. If they are, then enter Y. If you enter N, the discovery tool exits.

Enter Weblogic Server (WLS) admin user name for domain IDMDomain (weblogic_idm):

Your username

If the IDM Domain administrator is weblogic_idm, you do not need to enter a value, it will be completed by default. Otherwise, you must enter the value.

Enter password:

Your password

The IDM domain administrator password.

Enter Oracle Identity Manager (OIM) admin user (xelsysadm) password:

Your password

The OIM admin user’s (usually xelsysadm) password.

Enter IDStore policy RW user, under user search DN (PolicyRWUser):

Your username

The PolicyRWUSer name, usually present under user search DN in LDAP.

Enter IDStore policy RW user password:

Your password

The PolicyRWUSer password.

Enter Oracle Access Manager (OAM) admin user name (oamadmin):

Your username

The OAM admin user, also used to login to the OAM console. Here since it is different to the default, the value provided is oamAdminUser.

Enter password for admin user DN cn=oamadmin,cn=Users,dc=us,dc=oracle,dc=com:

Your password

The OAM admin user password.

Enter OIM DB sys password: 

Your password

The OIM DB sys user password.

Enter Oracle Internet Directory(OID) admin user name (cn=orcladmin):

Your username

The OID admin user.

Enter Oracle Internet Directory(OID) admin password for cn=orcladmin:

Your password

The OID admin user password.

Enter OID DB sys password: (OID DB sys user password)

Your password

The OID DB sys user password.

Enter Oracle Virtual Directory (OVD) admin user name (cn=orcladmin):

Your username

The OVD admin user.

Enter Oracle Virtual Directory(OVD) admin password for cn=orcladmin:

Your password

The OVD admin user password.

7.6.3 Set Up True-Up Environment

A true-up environment is an entirely new IDM environment, which behaves exactly like the current IDM installation. Your true-up environment will conform to the layout and structure of an environment that has been provisioned using the IDM provisioning scripts provided by Oracle.

This section contains the following topics:

7.6.3.1 Prerequisites for Setting Up True-Up Environment

Before setting up your true-up environment, ensure you meet the following prerequisites:

  • The true-up environment must be set up on the /u01/IDMTOP and /u02/local/IDMTOP directories.

  • Ensure that the directories are owned by the same user who owns the current IDM installation.

7.6.3.2 Set Up Binaries

To set up the binary files, you need the True-up tars.

To obtain these tars, use the patch 26504255 you downloaded in Copy and Unzip idmUpgrade.zip. The tars must be unzipped accordingly under root.

The patch contains the following zip files:

For Linux:

  • p26504255_111230_Linux-x86-64_1of5.zip

  • p26504255_111230_Linux-x86-64_2of5.zip

  • p26504255_111230_Linux-x86-64_3of5.zip

  • p26504255_111230_Linux-x86-64_4of5.zip

  • p26504255_111230_Linux-x86-64_5of5.zip

For Solaris:

  • p26504255_111230_SOLARIS64_1of6.zip

  • p26504255_111230_SOLARIS64_2of6.zip

  • p26504255_111230_SOLARIS64_3of6.zip

  • p26504255_111230_SOLARIS64_4of6.zip

  • p26504255_111230_SOLARIS64_5of6.zip

  • p26504255_111230_SOLARIS64_6of6.zip

To ensure that the files are not corrupted, you can compare the checksum of the files listed above against the digests after downloading them.

This patch also contains the following true-up tars:

  • ohs.tar.gz

  • oid.tar.gz

  • oimX.tar.gz

    Where

    • X: is a digit.

Depending on the topology setup, choose the tar corresponding to the node type viz OID, OIM, OHS and unzip them in the machines hosting those nodes, including the scaled out nodes. For example:
  • On the OID and OID-SO (if it exists) node, run the following command: 
    cd /
tar -zxvf <stagedir>/oid.tar.gz --keep-old-files

  • On the OIM node, run the following command:

    If the OIM node is scaled out, extract the OIM tar on the scaled out OIM. 
    cd /
tar -zxvf <stagedir>/oim.tar.gz --keep-old-files
  • On the OHS and OHS-SO (if it exists) node, run the following command: 
    cd /
tar -zxvf <stagedir>/ohs.tar.gz --keep-old-files

Note:

Do not use the option '--keep-old-files' with the tar command on Solaris platforms.

The tars will set up oracle homes and instance homes for IDM components inside the /u01 and /u02 directories.

7.6.4 Perform Migration Tasks

This section describes how to migrate the configuration to the true-up environment. This section contains the following sections:

7.6.4.1 Prerequisites for Running Migration

Before running migration, ensure the following prerequisites are met:

  • Stop only the IDM source environment. To minimize downtime, you can keep the services running when the binaries are set up and only shut down before the migration.

  • Ensure that your administrator passwords or schema passwords do not expire in the next 7 days.

  • Ensure that stagedir is shared and mounted on same path on all hosts. This way when the stagedir is passed during the invocation of migration on each host, the same directory path is passed.

7.6.4.2 Migrate Configuration to True-Up Environment

Migrating the configuration from the introspected environment to the newly setup true-up environment uses the artifacts generated by the discovery tool. Before migrating, change to the following directory: 
cd SHARED_LOCATION/idmUpgrade
Migrate the configuration to the true-up environment by running the following command on all IDM nodes: 
perl idmMigrateOnPremise.pl -node=<node type> -stagedir=<stage dir>
Run the idmMigrateOnPremise.pl command on each node in the following order:

  • OID

    perl idmMigrateOnPremise.pl -node=OID -stagedir=<location of staging directory>

    If the environment is scaled out, run the following commands on the OID scaled out node:

    perl idmMigrateOnPremise.pl -node=OID-SO -stagedir=<location of staging directory>

  • OIM

    perl idmMigrateOnPremise.pl -node=OIM -stagedir=<location of staging directory>
    If the environment is scaled out, run the following commands on the OIM scaled out node: 
    perl idmMigrateOnPremise.pl -node=OIM-SO -stagedir=<location of staging directory>

  • OHS

    perl idmMigrateOnPremise.pl -node=OHS -stagedir=<location of staging directory>
    If the environment is scaled out, run the following commands on the OHS scaled out node: 
    perl idmMigrateOnPremise.pl -node=OHS-SO -stagedir=<location of staging directory>
Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue. Rerun idmMigrateOnPremise.pl and ensure it is successful.

7.6.4.3 Post-Migration Tasks

After running migration, you must perform the following task:

After migration, you can start/stop the IDM components on a given node using the IDM provisioning start/stop scripts as described in Start and Stop All IDM Components on a Host.

7.6.4.3.1 Manually Register OID Instances

After completing migration, you must manually register OID instances to enable the OID and OVD status to be shown in EM console.

  • Run the following command: 
    $OID_INST_HOME/bin/opmnctl registerinstance -adminHost ADMINSERVER_HOST -adminPort ADMINSERVER_PORT -adminUsername ADMIN_USER
    After running this command, you are prompted for the admin user password.

    Note:

    You must perform this on each of the OID instances involved in the IDM setup.

7.6.5 Verify True-Up Environment Is Up

To verify if your true-up environment is up and running, perform the following tests:
  • WLS Tests
    1. Log in to the OIM Domain Admin Server console and perform the following steps:

      1. Check the server status.

      2. Check the cluster status.

      3. Check the data sources.

      4. Ensure that all the deployments are either in "Running" or "Installed" state.

    2. Log in to the EM console.

  • OIM Tests

    1. Log in to the Oracle Identity Manager Administration Console, with xelsysadm and perform the following steps:

      1. Verify requests as follows:

        1. Create a Request, such as updating the phone number information for xelsysadm.

        2. Go to your inbox and verify whether the request has come for approval.

        3. Click the task, and click Approve in the Actions tab.

        4. Click the refresh icon. The request comes back. Approve it again.

        5. Ensure that the request’s details page shows the correct information.

        6. Click users, and then search xelsysadm.

        7. Ensure that the phone number for xelsysadm is modified.

      2. Verify new users as follows:

        1. Create a new user.

        2. Log in using the newly created user.

        3. Change the password for the user.

        4. Log out and log in again with the same user using the new password.

    2. Log in to the sysadmin console and perform the following steps:

      1. In the left pane, under Event Management, click Reconciliation.

      2. In the left pane, under System Management, click Scheduler.

      3. Search for "LDAP*" and proceed as follows:

        1. Run any full reconciliation job, for example, LDAP User Create and Update Full Reconciliation.

        2. Run any incremental reconciliation job, for example, LDAP User Create and Update Reconciliation.

  • OAM Tests

    • Log in to the OAM console.

7.6.6 Run preValidate Script

The following preValidateOnPremise.pl script must be executed serially on each IDM node, including the scaled out nodes:

perl preValidateOnPremise.pl <node type> REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
Where

  • REPOSITORY_LOCATION: Fusion Applications Release 12 repository.

  • STAGE_DIR: Location of stagedir.

Run the preValidateOnPremise command in the following order:

  • OID

    perl preValidateOnPremise.pl OID REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl preValidateOnPremise.pl OID-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties

  • OIM

    perl preValidateOnPremise.pl OIM REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl preValidateOnPremise.pl OIM-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties

  • OHS

    perl preValidateOnPremise.pl OHS REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl preValidateOnPremise.pl OHS-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties

Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue. Rerun preValidate and ensure it is successful.

7.6.7 Manually Download OIM Email Template

After running the preValidate script on your type II environment, manually download the OIM email template as follows:

  1. Log in to the OIM host.

  2. Go to the idmUpgrade unzip location.

  3. Execute exportOIMDataOnPremise.pl as follows: 
    perl exportOIMDataOnPremise.pl STAGE_DIR/upgradeOnPremise.properties <SHARED_UPGRADE_LOCATION>/<podName>/emailTemplateDir/emailtemplate.xml
    Where

    • SHARED_UPGRADE_LOCATION: It is located in pod.properties, and its default value is /u01/sharedupgradelocation.

  4. Confirm that the status message at the end of the run is successful. If the script gives an error, check the error message and resolve the issue. Then, rerun exportOIMDataOnPremise.pl and ensure it is successful.

7.6.8 Stop All IDM Services

Stop all IDM services by running the following command on all IDM nodes:

perl stopIDMOnPremise.pl <node type> STAGE_DIR/upgradeOnPremise.properties

Where

  • STAGE_DIR: Location of stagedir.

Run the stopIDMOnPremise.pl command in the following order:

  • OHS

    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl stopIDMOnPremise.pl OHS-SO STAGE_DIR/upgradeOnPremise.properties
    If the environment is not scaled out, run the following command on the OHS node: 
    perl stopIDMOnPremise.pl OHS STAGE_DIR/upgradeOnPremise.properties

  • OIM

    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl stopIDMOnPremise.pl OIM-SO STAGE_DIR/upgradeOnPremise.properties
    If the environment is not scaled out, run the following command on the OIM node: 
    perl stopIDMOnPremise.pl OIM STAGE_DIR/upgradeOnPremise.properties

  • OID

    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl stopIDMOnPremise.pl OID-SO STAGE_DIR/upgradeOnPremise.properties
    If the environment is not scaled out, run the following command on the OID node: 
    perl stopIDMOnPremise.pl OID STAGE_DIR/upgradeOnPremise.properties

7.6.9 Upgrade Binaries

Upgrade the binary files used by IDM components by running the following command on all IDM nodes:

perl idmUpgradeOnPremise.pl -node=<node type> REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary

Where

  • REPOSITORY_LOCATION: Fusion Applications Release 12 repository.

  • STAGE_DIR: Location of stagedir.

Run the idmUpgradeOnPremise.pl command in the following order:

  • OID

    perl idmUpgradeOnPremise.pl -node=OID REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OID-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary

  • OIM

    perl idmUpgradeOnPremise.pl -node=OIM REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OIM-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary

  • OHS

    perl idmUpgradeOnPremise.pl -node=OHS REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OHS-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary

7.6.10 Update IDM Configuration

 Update the IDM configuration to Release 12 level by running the following config upgrade commands on all IDM nodes:

perl idmUpgradeOnPremise.pl -node=<node type> REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config

Where

  • REPOSITORY_LOCATION: Fusion Applications Release 12 repository.

  • STAGE_DIR: Location of stagedir.

Run the idmUpgradeOnPremise.pl command in the following order:

  • OID

    perl idmUpgradeOnPremise.pl -node=OID REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OID-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config

  • OIM

    perl idmUpgradeOnPremise.pl -node=OIM REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OIM-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
    If you are on a Solaris platform, after running this command on OIM perform the steps as listed in Re-create IDM Schemas Manually (Solaris Only).

  • OHS

    perl idmUpgradeOnPremise.pl -node=OHS REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl idmUpgradeOnPremise.pl -node=OHS-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config

7.6.11 Run postValidate Script

To confirm that the upgrade was successful, run the following post-upgrade validation command on all IDM nodes:

perl postvalidateOnPremise.pl <node type> STAGE_DIR/upgradeOnPremise.properties

Where

  • STAGE_DIR: Location of stagedir.

Run the idmUpgradeOnPremise.pl command in the following order:

  • OID

    perl postvalidateOnPremise.pl OID STAGE_DIR/upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OID scaled out node: 
    perl postvalidateOnPremise.pl OID-SO STAGE_DIR/upgradeOnPremise.properties

  • OIM

    perl postvalidateOnPremise.pl OIM STAGE_DIR/upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OIM scaled out node: 
    perl postvalidateOnPremise.pl OIM-SO STAGE_DIR/upgradeOnPremise.properties

  • OHS

    perl postvalidateOnPremise.pl OHS STAGE_DIR/upgradeOnPremise.properties
    If the environment is scaled out, run the following command on the OHS scaled out node: 
    perl postvalidateOnPremise.pl OHS-SO STAGE_DIR/upgradeOnPremise.properties

Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue.

After upgrade, you can start/stop the IDM components on a given node using the IDM provisioning start/stop scripts as described in Start and Stop All IDM Components on a Host.

7.7 Reconnect Enterprise IDM Integrations

If your IDM for FA is integrated with Enterprise IDM and you disconnected integrations as listed in Disconnect Enterprise IDM Integrations, then you must reconnect them by following the steps listed in Getting Started with Oracle Fusion Applications Bridge for Active Directory (Doc ID 2309139.1) available on My Oracle Support.

7.8 Update Status to Success

After successfully upgrading Oracle Identity Management, update the task status to success on the IDM host as follows: 
(Unix) 
cd ORCH_LOCATION/bin 
./orchestration.sh updateStatus -pod POD_NAME -hosttype IDM -hostname host_name -release 11.12.x.0.0 -phase DowntimePreFA -taskid UpgradeIDMPausePointPlugin  -taskstatus success

7.9 Resume Upgrade Orchestrator to Upgrade Oracle Fusion Applications

Resume orchestration on each IDM host that is listed in the following properties in the pod.properties file, using the command in Run Upgrade Orchestrator During Downtime, Step 4:

  • HOSTNAME_IDMOID

  • HOSTNAME_IDMOIM

  • HOSTNAME_IDMOHS

Upgrade Orchestrator runs the tasks in the following table to upgrade Oracle Fusion Applications.

Table 7-4 Tasks Run During Various Downtime Phases

Task Name Phase Name Task ID Host Types

Run Upgrade Readiness (During Downtime) Checks

DowntimePreFA

DuringDowntimeChecks

Primordial, OHS, Midtier

Remove Conflicting Patches for Oracle Fusion Middleware Component Oracle Homes

DowntimePreFA

RemoveConflictingPatches

Primordial

Upgrade JDK

DowntimePreFA

UpgradeJDK

Primordial

Run RUP Lite for OVM in Offline Mode as Application User

DowntimePreFA

RupLiteOvmOffline

Primordial, OHS, Midtier, IDM

Run Oracle Fusion Applications RUP Installation Part 1 of 2

DowntimeDuringFA Phase

RunFirstRUPInstaller

Primordial
Once you have successfully resumed Upgrade Orchestrator to upgrade Oracle Fusion Applications, proceed to Pause Point 3 - Reload Orchestration.

7.10 IDM for FA Upgrade Properties Files

This section describes some properties files used in the IDM for FA Upgrade to Release 12 (11.12.x.0.0).

upgradeOnPremise.properties

The following tables provides a description of the upgradeOnPremise.properties:

Note:

The optional parameters are usually defaulted or introspected. You can change them if the property values differ in your environment.
Property Name Mandatory Default Value Description

DB_OIM_SYS_PASSWORD

Yes

Blank

Password for the IDM sys DB

DB_IDSTORE_SYS_PASSWORD

Yes

Blank

Password for the OID sys DB

NODE_MANAGER_PWD

Yes

Blank

Password for the Node manager

OID_IDSTORE_ORCLADMIN_PASSWORD

Yes

Blank

Password for the OID admin user

OVD_IDSTORE_ORCLADMIN_PASSWORD

Yes

Blank

OVD admin user password

OAM_ADMINUSER_PASSWORD

Yes

Blank

Password for the OAM Admin user

OIM_XELSYADM_PASSWORD

Yes

Blank

Password for the OIM user xelsysadm

IDM_DOMAIN_ADMIN_PASSWORD

Yes

Blank

Password for the WLS Domain administrator user

OAM_SW_USER_PWD

Yes

Blank

Password for the OAM Software User account

IDSTORE_USERSEARCHBASE

Yes

cn=Users,dc=us,dc=oracle,dc=com

User search base

IDSTORE_GROUPSEARCHBASE

Yes

cn=Groups,dc=us,dc=oracle,dc=com

Group search base

ID_STORE_SEARCH_BASE

Yes

dc=us,dc=oracle,dc=com

Search base for all

TOPOLOGY_XML_FILE_LOC

Yes

/u01/IDMTOP/config/lcmconfig/topology/topology.xml

Location of the topology.xml file

START_STOP_SCRIPT_WORKING_DIR

Yes

/u01/IDMTOP/config/scripts

Location of IDM Provisioning Start/Stop scripts

IDMLCM_HOME

Yes

/u01/IDMTOP/idmlcm

Location of IDMLCM home

IDMUTILS_HOME

Yes

/u01/IDMTOP/products/app/Oracle_IDMUTILS1

Location of Oracle IDMUTILS

OID_JAVA_HOME

Yes

/u01/IDMTOP/products/dir/jdk6

Location of OID MW JAVA HOME

OIM_JAVA_HOME

Yes

/u01/IDMTOP/products/app/jdk6

Location of OIM MW JAVA HOME

OHS_JAVA_HOME

Yes

/u01/IDMTOP/products/ohs/jdk6

Location of OHS MW JAVA HOME

NODE_MANAGER_USER=admin

No

admin

Node manager username

OID_USER=cn=orcladmin

No

orcladmin

OID admin username

OVD_USER=cn=orcladmin

No

orcladmin

OVD admin username

IDSTORE_OAMADMINUSER=oamAdminUser

No

oamAdminUser

OAM Admin user used to login to oamconsole

IDM_DOMAIN_ADMIN=weblogic_idm

No

weblogic_idm

IDM weblogic domain administrator username

IDSTORE_OAMSOFTWAREUSER=oamSoftwareUser

No

oamSoftwareUser

OamSoftwareUser present in OAM configuration

FA_POLICYSTORE_NAME=cn=FAPolicies

No

cn=FAPolicies

FA Policy store name

AGENT_ID=Webgate_IDM

No

Webgate_IDM

Webgate Agent ID

APP_DOMAIN=IAMSuite

No

IAMSuite

Application Domain Name

HOST_IDENTIFIER=IAMSuiteAgent

No

IAMSuiteAgent

Host identifier related to application domain

ACCESS_CLIENT_PASSPHRASE_USER=user

No

user

Access client passphrase user

ACCESS_CLIENT_PASSPHRASE_PWD=

No

If not provided, the password is introspected

Access client passphrase password

NAP_GLOBAL_PASSPHRASE_USER=user

No

user

NAP global passphrase user

OPSS_DB_PASSWORD=

No

If not provided, it is defaulted to the OAM schema password

New password for OPSS DB schema

OIF_11GR2_SINGNING_KEY_PWD=

No

If not provided, it is defaulted to the OAM schema password

New password required by OIF keystore for signing

IS_OVD_SPLIT_CONFIGURE=false

No

If configured, set it to true

Flag to identify if OVD Split Profile is configured or not

SHADOW_ENTRIES_USER_CONTAINER_DN=cn=shadowentries

No

cn=shadowentries

Container in Oracle Internet Directory when OVD split profile is configured

7.11 IDM Upgrade and Migration Log Files Location

The following table shows the location of the IDM Upgrade and migration log files:

Note:

 These values may change based on the customization you perform to the LOG_DIR property in the upgrade and migration properties file.

Table 7-5 Log Files Location

Log Location

Type I Upgrade

/u01/logs

Type II Migration

stagedir/logs

Type II Upgrade

stagedir/logs