| Oracle® Access Manager Upgrade Guide 10g (10.1.4.0.1) Part Number B25354-01 |
|
|
View PDF |
| Oracle® Access Manager Upgrade Guide 10g (10.1.4.0.1) Part Number B25354-01 |
|
|
View PDF |
Activities in this chapter are intended for administrators responsible to upgrade earlier Identity System components (Identity Servers (formerly known as COREid Servers) and WebPass instances. Topics include:
|
Note: Ensure that the schema and data have been upgraded, as described in Part II, "Upgrading the Schema and Data". If your starting Oracle Access Manager release is earlier than 6.1.1, contact Oracle Support before upgrading:http://www.oracle.com/support/contact.html. |
Activities in this chapter must be completed in the sequence described herein:
After upgrading the Identity System schema and data as described in Part II, "Upgrading the Schema and Data" (and if you have an existing Access System, after upgrading the Access System schema and data as described in Chapter 7, "Upgrading Access System Schema and Data")
After preparing Identity system components as described in Chapter 8, "Preparing Components for the Upgrade", which may be performed just before upgrading each specific component instance
To upgrade remaining Identity System components, you use corresponding 10g (10.1.4.0.1) component installers and specify the same target directory as the existing component.
When your starting 6.5 or 7.x release includes multiple languages, you should upgrade these to retain your existing multiple language functionality.
|
Note: If you experience problems during any component upgrade, see "Accessing Log Files" and other topics in Appendix F, "Troubleshooting the Upgrade Process". |
Figure 9-1 provides an overview of Identity System upgrade tasks. Additional details follow the graphic.
Figure 9-1 Identity System Upgrade Task Overview
Task overview: Upgrading Identity System components
Upgrade remaining Identity Servers, one by one, as described in "Upgrading Remaining Identity Servers".
Audit to Database: If you have auditing to a database configured in your earlier installation, before restarting the upgraded Identity Server service you must perform certain tasks manually to ensure proper auditing in 10g (10.1.4.0.1). See "Upgrading Auditing and Access Reporting for the Identity System".
Upgrade remaining WebPass components, one by one, as described in"Upgrading Remaining WebPass Instances".
Perform activities in "Validating the Identity System Upgrade" to ensure that the upgrade is successful.
Component Upgrade Successful: Proceed to "Backing Up Upgraded Identity Component Information".
Component Upgrade Not Successful: Proceed to "Recovering From an Identity Component Upgrade Failure".
|
Note: If you experience problems during any component upgrade, see "Accessing Log Files" and other topics in Appendix F, "Troubleshooting the Upgrade Process". |
Figure 9-2 illustrates the sequence of events during the program-driven upgrade process for remaining Identity Servers (and the decision points where you are asked to provide specific responses or input). These are a subset of the processes that occur during the schema and data upgrade, because the program automatically detects those changes and suppresses messages related to those events during subsequent Identity Server upgrades.
Figure 9-2 Remaining Identity Server Upgrade Process
Task overview: Upgrading remaining Identity Servers includes
Specifying the Target Directory and Languages
When upgrading remaining Identity Servers, you won't be asked about schema and data upgrades, because those upgrades are detected automatically.
Upgrading the Software Developer Kit Configuration
Oracle recommends that you accept the Software Developer kit (SDK) configuration upgrade for each Identity Server during the component upgrade. Certain Identity server functions depend on the SDK configuration.
Before you begin upgrading remaining Identity Servers, check the tasks in Table 9-1 and be sure to perform all tasks for each component instance before the upgrade. Failure to complete the prerequisites may adversely affect your upgrade.
Table 9-1 Identity Server Upgrade Prerequisites Checklist
| Checklist | Identity Server Upgrade Prerequisites |
|---|---|
|
Review Part I, "Introduction" |
|
|
Complete activities in Part II, "Upgrading the Schema and Data" |
|
|
Complete activities in Chapter 8, "Preparing Components for the Upgrade" for this Identity Server instance, and:
|
You complete the upgrade using the appropriate 10g (10.1.4.0.1) installer. This manual describes the process using GUI method and Automatic mode.
The process is similar regardless of the method and mode you choose, or your operating system. Differences are noted as needed and you may skip items that do not apply). For example, if you have a Unix environment you may skip steps related to Windows and vice versa:
To start an Identity Server upgrade
Complete all prerequisites for this instance as described in "Identity Server Upgrade Prerequisites".
Turn off the Identity Server service for this instance and log in as a user with the appropriate administrator privileges to update the Oracle Access Manager files.
Locate the component installer and launch the program:
GUI Method, Windows:
Oracle_Access_Manager10_1_4_0_1_win32_Identity_Server.exe
Console Method, Solaris:
./Oracle_Access_Manager10_1_4_0_1_sparc-s2_Identity_Server
The Welcome screen appears.
Dismiss the Welcome screen by clicking Next.
Respond to the administrator question based upon your platform. For example:
Windows: If you are logged in with administrator rights, click Next (otherwise click Cancel, log in as a user with administrator privileges, then restart the installation).
Unix: Specify the username and group that the Identity Server will use, then click Next. Typically, the defaults are "nobody."
During this sequence you must specify the same target directory as the existing Identity Server instance. When the earlier component is detected, you are asked if you want to upgrade. When you accept the upgrade, the target directory is created and 10g (10.1.4.0.1) files are extracted into it.
Even when your earlier environment is English only, you are asked to confirm the language to use as the default locale (default Administrator language). You are also asked to specify any languages to upgrade. You may install additional Language Packs after upgrading, as described in the Oracle Access Manager Installation Guide.
Unless indicated in the next steps the questions that you must respond to are the same regardless of your chosen installation method and mode.
To specify the target directory and languages
Choose the same installation directory as the earlier Identity Server, then click Next.
Accept the upgrade by clicking Yes, then click Next.
Ensure that a check mark appears beside English and any other languages you want to upgrade, then click Next.
You may be presented with a list of languages that will be upgraded.
Confirm the languages listed by clicking Next.
The next screen tells you that the existing installation has been saved and provides the time-stamped directory name containing all files from the previous installation.
Continue the upgrade by clicking Next.
A new screen confirms the installation directory for 10g (10.1.4.0.1) and tells you how much space is needed for the installation.
Start the file extraction into the target directory by clicking Next.
A status bar indicates the progress of the file extraction.
Press Enter to continue.
Enter
You are asked to specify a mode for the upgrade process: Automatic or Confirmed.
|
Note: If you are installing in using the Console method, you are asked to run the command displayed in the transcript. On Unix, the command is printed to a file (start_migration), and a message is printed to run this file. |
-------------------------------------
Please specify the mode for migration:
'1' - Automatic (recommended)
Each step is performed automatically.
No interaction from the user is required.
'2' - Confirmed
Each step needs confirmation from the user.
Enter choice ( '1' or '2' ) : 1
--------------------------------------------
Enter the number that corresponds to the upgrade mode you prefer: For example:
Automatic (recommended): Enter the number 1 to observe as the process completes automatically and respond to a few specific questions when needed.
Confirmed: Enter the number 2 to receive a prompt that you must respond to before each and every event during the entire Identity Server upgrade process.
The declarative messages in this guide are based on the Automatic mode. In this case, you are informed as folders are created, files are copied, and catalogs are upgraded. For example:
Creating original folders ... ---------------------------------------------------- Copying general configuration files OK. ---------------------------------------------------- Updating parameter catalogs ... OK. ----------------------------------------------------
When the upgrade program connects with the directory server, a transcript appears as shown next.
Starting migration (6.1.1 -> 6.5.0) ----------------------------------------------------
Regardless of the mode you have chosen, continue with "Upgrading Identity Server Configuration Files", next.
Component-specific configuration files are upgraded during this sequence. Depending on your starting release, aspects of the sequence may be repeated to bring your starting release up to 10g (10.1.4.0.1) incrementally. For example if your starting release is 6.1.1, component configuration files are incrementally upgraded to release 6.5, then again to release 7.0, then again to 10g (10.1.4.0.1).
During this sequence, you must type the full word "yes" or press the Enter key when asked to continue the upgrade through each sequence. In the example here, however, not all messages are shown.
To accept Identity Server-specific changes
Review messages for the migration to 10g (10.1.4.0.1).
Continue as directed, and review the final message. For example:
Enter
Updating component-specific configuration files...
OK.
Migration has completed successfully!
Press <ENTER> to continue :
-----------------------+++++++++++++--------------
Proceed with "Upgrading the Software Developer Kit Configuration" next.
The following functions in the Identity System require the Software Developer Kit (SDK, formerly known as the Access Server SDK (or Access SDK)):
Automatic cache flush between the Identity System and Access System
Automatic login to the Access System after self-registration
The SDK may have been manually configured to enable required functions, as described in your earlier version of the Oblix NetPoint or Oracle COREid Administration Guide (Volume 1 if you have a two volume set).By default, the SDK is installed in \IdentityServer_install_dir\identity.
If your environment was configured to perform these functions, Oracle recommends that you upgrade the SDK during each Identity Server upgrade to preserve current configuration settings. When you accept the SDK upgrade, the process is launched automatically.
|
Note: If you do not accept the automatic SDK configuration upgrade now, current SDK configuration settings are not preserved and you must reconfigure the SDK later using the configureAccessGate tool. For details, see the Oracle Access Manager Identity and Common Administration Guide. If the SDK was not configured for this specific Identity Server, you may skip this event when asked. |
To upgrade the SDK configuration during the Identity Server upgrade
Review the SDK statements.
This component has the Access Server SDK installed
Would you like to automatically migrate the SDK at this time?
Note: If you do not want to migrate the SDK at this time, you will
need to reconfigure the SDK after migration has finished
by running the 'configureAccessGate' program
'1' - Yes
'2' - No
Enter choice ( '1' or '2' ) :
Respond to the question about migrating the SDK based on your environment.
1
Continue as directed, then specify a mode for the SDK upgrade process: Automatic or Confirmed.
-------------------------------------
Please specify the mode for migration:
'1' - Automatic (recommended)
Each step is performed automatically.
No interaction from the user is required.
'2' - Confirmed
Each step needs confirmation from the user.
Enter choice ( '1' or '2' ) : 1
--------------------------------------------
1
Continue as directed, then go to "Finishing and Verifying the Identity Server Upgrade" next.
You complete this procedure to finish the upgrade for this Identity Server.
|
Caution: When your earlier environment includes auditing to a database, do not start the Identity Server service until you finish tasks in "Upgrading Auditing and Access Reporting for the Identity System". |
To finish and verify the Identity Server upgrade
Auditing and Access Reporting: If your earlier installation included auditing and access reporting, go immediately to "Upgrading Auditing and Access Reporting for the Identity System" before performing step 2.
Start the Identity Server service to confirm that it will start (notice that the name has not changed from the one originally assigned).
Identity Server Service Does Not Start: See Appendix F, "Troubleshooting the Upgrade Process".
Check the migration log files for any errors reported during the upgrade, as described in "Accessing Log Files".
Upgrade Not Successful: Proceed to "Recovering From an Identity Component Upgrade Failure".
Upgrade Successful: Upgrade every earlier Identity Server instance in your environment.
After upgrading all earlier Identity Server instances, proceed to "Upgrading Remaining WebPass Instances" next.
After all Identity Servers are upgraded, you can begin upgrading WebPass instances.
With WebPass, there is no connection to a directory server and, therefore, no schema or data upgrades. The component-specific upgrade includes both WebPass configuration files and Web server configuration updates. There are no differences between upgrading the master WebPass (accomplished earlier for the schema and data upgrade) and upgrading remaining WebPass instances.
Again, unless you are upgrading from release 7, the process repeats for each major release until you reach 10g (10.1.4.0.1).
Figure 9-3 illustrates events in the program-driven WebPass upgrade process as well and the points at which you must provide input.
Task overview: Upgrading remaining WebPass instances includes
Starting the WebPass Upgrade, Specifying the Target Directory and Languages
Upgrading WebPass Configuration Files and Web Server Configuration File
Before you begin upgrading any WebPass instance, check Table 9-2 to ensure you have completed all tasks. Failure to complete prerequisites may adversely affect your upgrade.
Table 9-2 WebPass Upgrade Prerequisites Checklist
| Checklist | WebPass Upgrade Prerequisites |
|---|---|
|
Upgrade all Identity Servers as described in "Upgrading Remaining Identity Servers". |
|
|
Complete activities in Chapter 8, "Preparing Components for the Upgrade" for this WebPass instance, and:
|
The sample WebPass upgrade described here starts from release 6.1.1. The sequence of events and messages is directed by the program with very little input from you.
Complete all prerequisites for this instance as described in "WebPass Upgrade Prerequisites".
Turn off this WebPass Web server.
Log in as a user with the administrator privileges to update the Web server configuration and Oracle Access Manager files.
Locate and launch the appropriate 10g (10.1.4.0.1) WebPass installer for this instance. For example:
GUI Method Windows: Oracle_Access_Manager10_1_4_0_1_win32_NSAPI_WebPass.exe
Console Method, Solaris: ./Oracle_Access_Manager10_1_4_0_1_sparc-s2_NSAPI_WebPass
The Welcome screen appears.
Dismiss the Welcome screen, then r.espond when asked about your administrator rights.
Specify the directory that contains the earlier WebPass instance.
Accept the upgrade when asked.
Ensure that a check mark appears beside English and any other languages you have or want installed, then continue.
You may be presented with a list of languages that will be upgraded or added.
Confirm the languages listed by clicking Next.
Record the name of the time-stamped directory, then continue.
Start the file extraction.
A status bar indicates the progress of the file extraction.
Using the GUI method a new window appears asking you to specify either Automatic or Confirmed mode for the upgrade. Using the Console method, you are asked to run the command displayed in the transcript, then continue as instructed.
For brevity, steps are provided with little explanatory text. The command provided in the Console method transcript is referenced but not shown.
To upgrade the WebPass and Web server configuration
Enter the number that corresponds to the mode you prefer and follow the dialog on screen. For example:
-------------------------------------
Please specify the mode for migration:
'1' - Automatic (recommended)
Each step is performed automatically.
No interaction from the user is required.
'2' - Confirmed
Each step needs confirmation from the user.
Enter choice ( '1' or '2' ) : 1
--------------------------------------------
1
Creating orig folders ... ---------------------------------------------------- Copying general configuration files ... OK. ---------------------------------------------------- Updating parameter catalogs ... OK. ---------------------------------------------------- Starting migration (6.1.1 -> 6.5.0) ------------------------------------- Updating component-specific configuration files... OK. ------------------------------------- Starting migration ( 6.5.0 -> 7.0.0 )... ------------------------------------- Updating web server configuration files... OK. ------------------------------------- Updating component-specific configuration files... OK. ------------------------------------- Starting migration (7.0.0 -> 10.1.4) ------------------------------------- Updating web server configuration files... OK. ------------------------------------- Updating component-specific configuration files... OK. ------------------------------------- Migration has completed successfully! Press <ENTER> to continue :
Continue as requested.
Enter If the Access System is also configured, you need to create a DB Profile manually after first WebPass component upgrade is completed and before upgrading the first Policy Manager. The profile gives the Access Server write permission to Policy data in the directory server and will be used while upgrading the WebGate component. The profile can be deleted after all the WebGates are successfully upgraded. Changing ownership of directory ... (C:\NetPoint\webcomponent-iis\identity_20060426_163742\oblix ) -> (C:\NetPoint\webcomponent-iis\identity\oblix ) -------------------------------------
Conclude the WebPass upgrade and proceed to the next discussion, "Finishing and Verifying the WebPass Upgrade".
|
Note: Ignore the message about creating a temporary directory profile. This was performed after the schema and data upgrade. |
You finish this WebPass upgrade as described in the following steps.
Apply Web server changes, if needed.
Stop, then restart the associated Identity Server service.
Start the WebPass Web server instance.
Web Server Does Not Start: See Appendix F, "Troubleshooting the Upgrade Process".
Check the migration log files for any errors reported during the upgrade, as described in "Accessing Log Files".
Upgrade Not Successful: Proceed to "Recovering From an Identity Component Upgrade Failure".
Upgrade Successful: Upgrade every WebPass instance in your environment.
After upgrading all WebPass instances, proceed to "Validating the Identity System Upgrade" next.
It is a good idea to quickly validate the following items to ensure that the overall Identity System upgrade was successful.
To confirm your Identity System upgrade
Make sure your Identity Server service and WebPass Web server instance are running.
Check that your message and parameter catalog customizations have been preserved. For example, if you have changed any message in a particular message catalog file, then it needs to be retained.
Proceed to "Backing Up Upgraded Identity Component Information" next.
As mentioned earlier, Oracle recommends that you finish each component upgrade by backing up the upgraded 10g (10.1.4.0.1) component directory. This will enable you to easily restore your environment to the newly upgraded state should that be needed.
To back up critical information after the upgrade
Back up the 10g (10.1.4.0.1) component directory and store it in a new location.
WebPass Web Server: Back up the upgraded Web server configuration file, if required, using instructions from your vendor.
Windows: Back up the upgraded registry for the component as described in "Backing Up Windows Registry Data".
Proceed to "Looking Ahead".
If a component upgrade was not successful, you may perform the following steps to rollback this upgrade, then try again.
To recover from an unsuccessful Identity component upgrade
Restore the earlier component installation directory that you backed up before the upgrade (to recover the earlier environment), then back it up again. You will retain one of the earlier directories as a backup copy and use one to restart the upgrade.
WebPass Web Server: Restore the upgraded Web server configuration file, if required.
Windows: Restore the backed up registry for the component.
Using a backup copy of your earlier component installation directory (and Web server configuration, if needed), restart the upgrade as described in this chapter.
Upgraded Identity System components send and receive information sent in UTF-8 encoding. Earlier components send and receive data in Latin-1 encoding. As a result, the 10g (10.1.4.0.1) Identity System does not work with earlier Access System components.
When all earlier Identity System components are successfully upgraded, proceed as appropriate for your earlier installation. For example:
Identity System Only: When your earlier installation does not include the Access System, you may complete activities in the following sequence using information in:
Chapter 11, "Upgrading Integration Components and an Independently Installed SDK"
Chapter 12, "Upgrading Your Identity System Customizations" after upgrading all Identity System components.
Joint Identity and Access System: In this case, you must complete activities in the sequence listed next using information in:
Chapter 11, "Upgrading Integration Components and an Independently Installed SDK"
Chapter 12, "Upgrading Your Identity System Customizations" after upgrading all Identity System components.
For more information about expected system behaviors, see Chapter 4, "System Behavior and Backward Compatibility".
