Skip Headers
Oracle® Access Manager Upgrade Guide
10
g
(10.1.4.0.1)
Part Number B25354-01
Home
Book List
Index
Master Index
Contact Us
Next
View PDF
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Access Manager?
Product and Component Name Changes
Upgrade Planning, Methodology, and Deployment Scenarios
Planning Worksheets and Tracking Checklists
Upgrade Concepts and Methods
Automated Upgrade Processes and Manual Tasks
Support Changes
Globalization, System Behaviors, and Backward Compatibility
Upgrade Prerequisites and Preparation
Upgrading the Schema and Data
Component Upgrades
Customization Upgrades
Auditing and Reporting Changes
Combining Challenge and Response Attributes on a Panel
Validating Your Upgraded Installation
Troubleshooting
Part I Introduction
1
Upgrade Overview and Planning
1.1
Typical Deployment Scenarios
1.1.1
About Upgrading Identity System Only Deployments
1.1.2
About Upgrading Joint Identity System and Access System Deployments
1.2
Upgrade Task Overview
1.2.1
About the Planning Stage
1.2.2
About the Execution Stage
1.3
Upgrade Planning and Deliverables
1.3.1
Planning Considerations
1.3.2
Schema and Data Upgrade Planning
1.3.3
Customization Upgrade Planning
1.3.4
Planning Deliverables
1.4
Planning Considerations for System Downtime
1.4.1
Minimizing Downtime During the Upgrade
1.4.2
Downtime Assessments
1.4.3
Downtime Assessment Example
1.5
Planning Considerations for Extranet and Intranet Deployments
1.5.1
Extranet Deployments
1.5.2
Intranet Deployments
1.6
Upgrade Paths
1.6.1
Direct Upgrade Paths
1.6.1.1
From Release 6.1.1 to Oracle Access Manager 10
g
(10.1.4.0.1)
1.6.1.2
From Release 6.5 to Oracle Access Manager 10
g
(10.1.4.0.1)
1.6.1.3
From Release 7.x to Oracle Access Manager 10
g
(10.1.4.0.1)
1.6.2
Indirect Upgrade Paths
2
Upgrade Concepts and Methods
2.1
Upgrade Terms and Concepts
2.2
About Upgrading the Oracle Application Server
2.3
Backup and Recovery Strategies
2.3.1
Backup Strategies Before Upgrading
2.3.2
Backup Strategies After Upgrading
2.3.3
Recovery Strategies
2.4
Upgrade Start Methods
2.4.1
GUI Method
2.4.2
Console Method
2.5
Upgrade Event Modes
2.5.1
Automatic Mode
2.5.2
Confirmed Mode
2.6
Support Deprecated
2.7
Upgrade Strategies When Support is Changed or Deprecated
2.7.1
Upgrading When Third-Party Support Has Changed
2.7.2
Upgrading When Third-Party Support Has Been Deprecated
2.7.2.1
Upgrading with Manual Web Server Configuration When Support is Deprecated
2.7.2.2
Upgrading Oracle Access Manager Incrementally When Third-Party Support is Deprecated
3
About Automated Processes and Manual Tasks
3.1
Supported Components and Applications
3.2
About the Automated In-Place Component Upgrade Process and Events
3.3
Upgraded Items
3.4
Preserved Items
3.4.1
Directory Server Failover
3.4.1.1
Impact of the Upgrade on Directory Server Failover
3.4.2
Connection Pool Details
3.4.2.1
Impact of the Upgrade on Connection Pools
3.4.3
Encryption Schemes and the Shared Secret
3.5
Items that You Must Manually Upgrade
3.5.1
Auditing and Access Reporting
3.5.2
C++ Programs
3.5.3
Challenge and Response Attributes Must Appear on a Panel
3.5.4
Customized Styles
3.5.5
Plug-ins
4
System Behavior and Backward Compatibility
4.1
Platform Support
4.2
About Upgrading and Backward Compatibility
4.3
General Behavior Changes
4.3.1
Acquiring and Using Multiple Languages
4.3.2
Auditing and Access Reporting
4.3.3
Automatic Schema Update Support for ADAM
4.3.4
C++ Programs
4.3.5
Cache Flush
4.3.6
Certificate Store and Localized Certificates
4.3.7
Compilers for Plug-ins
4.3.8
Configuration Files
4.3.9
Connection Pool Details
4.3.10
Console-based Command-line Interfaces
4.3.11
Customized Styles, Images, and JavaScript
4.3.12
Database Input and Output
4.3.13
Date and Time Formats
4.3.14
Default Product Pages
4.3.15
Directory Profiles and Database Instance Profiles
4.3.16
Directory Server Connection Details
4.3.17
Directory Server Failover
4.3.18
Directory Server Interface
4.3.19
Directory Structure
4.3.20
Domain Names, URIs, and URLs
4.3.21
Encryption Schemes
4.3.22
Failover and Failback
4.3.23
File and Path Names
4.3.24
Graphical User Interface
4.3.25
HTML Pages
4.3.26
Message and Parameter Files
4.3.27
Names Assigned by Administrators and Product Names
4.3.28
Namespaces for Policy Data and User Data Stored Separately
4.3.29
Reconfiguring the Logging Framework without a Restart
4.3.30
Support Changes
4.3.31
Transport Security for the Directory Server
4.3.32
Web Components and Backward Compatibility
4.3.33
XML Catalogs and XSL Stylesheet Encoding
4.3.34
Web Server Configuration Files
4.4
Identity System Behavior Changes
4.4.1
Challenge and Response Attributes
4.4.2
Identity Server Backward Compatability
4.4.3
Identity System Event Plug-ins
4.4.3.1
Identity Event Plug-in Backward Compatibility
4.4.3.2
Common Uses of the Identity Event Plug-in API
4.4.3.3
Identity Event Plug-in Action Types
4.4.3.4
Identity Event Plug-in Event Types
4.4.4
IdentityXML and SOAP Requests
4.4.5
Java Applets
4.4.6
Mail Notification Enhancements
4.4.7
Minimum Number of Search Characters
4.4.8
Multi-Step Identity Workflow Engine
4.4.9
Oracle Identity Protocol (OIP)
4.4.10
Password Policies and Password Management Runtime Changes
4.4.11
Portal Inserts and the URI Query String
4.4.12
PresentationXML Directories
4.4.13
Sorting User Search Results
4.5
Access System Behavior Changes
4.5.1
Access Server Backward Compatibility
4.5.2
Access Manager SDK, Access Manager API, and Custom AccessGates
4.5.3
Authentication Scheme Updates
4.5.4
Authorization Rules and Access Policies
4.5.5
Custom Authentication and Authorization Plug-ins and Interfaces
4.5.5.1
Access Server Backward Compatibility
4.5.5.2
Authentication and Authorization Plug-ins Background
4.5.6
Directory Profiles
4.5.7
Forms-based Authentication
4.5.8
Maximum Elements in Session Token Cache
4.5.9
Oracle Access Protocol (OAP) Updates
4.5.10
Policy Manager
4.5.11
Policy Manager API
4.5.12
Preferred HTTP Host
4.5.13
Shared Secret
4.5.14
Triggering Authentication Actions After the ObSSOCookie Is Set
4.5.15
WebGates
Part II Upgrading the Schema and Data
5
Preparing for Schema and Data Upgrades
5.1
About Schema and Data Upgrades
5.1.1
Considerations for Workflows in Multiple Directories
5.1.2
About Preparing For and Performing the Schema and Data Upgrade
5.1.3
Error Logging for All Directory Servers
5.2
Strategies for Upgrading in a Replicated Environment
5.2.1
About User Data Replication
5.2.1.1
Failover Configuration
5.2.1.2
Load Balancing Configuration
5.2.1.3
Load Balancing and Failover Configuration
5.2.1.4
Operation-based Load Balancing Configuration
5.2.2
About Configuration Data Replication
5.3
Configuring the Challenge/Response Phrase at the Object Class Level
5.4
Configuring Unique Namespaces for Directory Connection Information
5.5
Preparing Your Directory Instances for the Schema and Data Upgrade
5.5.1
Preparing a Directory Server when Its Release is Deprecated
5.5.2
Changing the Directory Server Search Size Limit Parameter
5.5.3
Active Directory Considerations and Preparation
5.5.3.1
Changing the MaxPageSize Parameter
5.5.3.2
Confirming You Are Using a Schema Master
5.5.4
Active Directory Application Mode Considerations and Preparation
5.5.5
IBM Directory Server Considerations and Preparation
5.5.6
Oracle Internet Directory
5.5.7
Siemens DirX Directory Deprecation
5.5.8
Sun Directory Server Considerations and Preparation
5.6
Backing Up Existing Oracle Access Manager Data
5.6.1
Backing up the Earlier Oracle Access Manager Schema
5.6.2
Backing up Oracle Access Manager Configuration and Policy Data
5.6.3
Backing Up User and Group Data
5.6.4
Backing Up Workflow Data
5.6.5
Archiving Processed Workflow Instances
5.7
Backing Up Existing Directory Instances
5.8
Preparing Host Machines for Master Components
5.9
Adding An Earlier Identity System to Use as a Master
5.9.1
Defining Additional Instances in the Existing System Console
5.9.2
Installing the Master COREid Server Instance
5.9.3
Installing the Master WebPass
5.9.4
Setting Up the Master Identity System for the Schema and Data Upgrade
5.10
Adding an Earlier Access Manager to Use as a Master
5.10.1
Installing the Master Access Manager for the Schema and Data Upgrade
5.10.2
Setting Up the Master Access Manager
5.10.2.1
Specifying Directory Server Details and Data Locations
5.10.2.2
Configuring Authentication Schemes
5.10.2.3
Finishing the Master Access Manager Setup
5.11
Finishing Preparation
6
Upgrading Identity System Schema and Data
6.1
About Upgrading the Identity System Schema and Data
6.2
Upgrading the Schema and Data with the Master Identity Server
6.2.1
Master Identity System Schema and Data Upgrade Prerequisites
6.2.2
Starting the Master Identity Server Upgrade
6.2.3
Specifying the Target Directory and Languages
6.2.4
Updating the Identity System Schema and Data
6.2.5
Enabling Multi-Language Capability
6.2.6
Upgrading Identity Server Configuration Files
6.2.7
Upgrading the Software Developer Kit (SDK) Configuration
6.2.8
Finishing and Verifying the Master COREid Server Upgrade
6.3
Upgrading the Master WebPass
6.3.1
Master WebPass Upgrade Prerequisites
6.3.2
Starting the Master WebPass Upgrade, Specifying a Target Directory and Languages
6.3.3
Upgrading WebPass Configuration Files and Web Server Configuration
6.3.4
Finishing and Verifying the Master WebPass Upgrade
6.4
Verifying the Identity System Schema and Data Upgrade
6.5
Uploading Directory Server Index Files
6.5.1
Verifying and Uploading Oracle Internet Directory and Sun Directory Indexes
6.5.2
Verifying and Uploading Novell eDirectory Indexes
6.6
Backing Up Upgraded Identity Data
6.7
Recovering From an Identity System Schema or Data Upgrade Failure
6.8
Looking Ahead
7
Upgrading Access System Schema and Data
7.1
About Access System Schema and Data Upgrades
7.2
Upgrading the Schema and Data with the Master Access Manager Component
7.2.1
Access System Schema and Data Upgrade Prerequisites
7.2.2
Starting the Master Access Manager Upgrade
7.2.3
Specifying the Target Directory and Languages
7.2.4
Updating the Access System Schema and Policy Data
7.2.5
Upgrading the Access Manager and Web Server Configuration Files
7.2.6
Finishing and Verifying the Access System Schema and Data Upgrade
7.3
Uploading Directory Server Index Files
7.4
Verifying the Access Schema and Data Upgrade
7.5
Creating a Temporary Directory Profile For Access System Upgrades
7.6
Backing Up Upgraded Policy Data
7.7
Recovering From an Access System Schema or Data Upgrade Failure
7.8
Looking Ahead
Part III Upgrading Components
8
Preparing Components for the Upgrade
8.1
Checking Compatibility with Previous Releases
8.2
Copying Custom Identity Event Plug-ins
8.3
Preparing Earlier Customizations
8.4
Preparing the Default Logout in the Policy Manager
8.5
Preparing Host Machines
8.5.1
Changing Read Permissions on Password Files
8.5.2
Confirming Free Disk Space
8.6
Preparing Release 6.x Environments
8.6.1
Adding Packages for Release 6.1.1 on AIX
8.6.2
Adding Packages for Release 6.5.0.x
8.6.3
Adding Packages for Release 6.5.2.x Patch
8.7
Preparing Multi-Language Installations
8.7.1
Preparing to Upgrade Release 6.5 with Multi-language Functionality
8.7.2
Preserving 6.5 or 7.x Multi-language Functionality
8.8
Backing Up Directories, Web Server Configurations, and Registry Details
8.8.1
Backing Up the Existing Installed Directory
8.8.2
Backing Up the Existing Web Server Configuration File
8.8.3
Backing Up Windows Registry Data
8.9
Stopping Servers and Services
8.10
Logging in with Appropriate Administrative Rights
9
Upgrading Remaining Identity System Components
9.1
About Identity System Upgrades
9.2
Upgrading Remaining Identity Servers
9.2.1
Identity Server Upgrade Prerequisites
9.2.2
Starting the Identity Server Upgrade
9.2.3
Specifying the Target Directory and Languages
9.2.4
Upgrading Identity Server Configuration Files
9.2.5
Upgrading the Software Developer Kit Configuration
9.2.6
Finishing and Verifying the Identity Server Upgrade
9.3
Upgrading Remaining WebPass Instances
9.3.1
WebPass Upgrade Prerequisites
9.3.2
Starting the WebPass Upgrade, Specifying the Target Directory and Languages
9.3.3
Upgrading WebPass Configuration Files and Web Server Configuration File
9.3.4
Finishing and Verifying the WebPass Upgrade
9.4
Validating the Identity System Upgrade
9.5
Backing Up Upgraded Identity Component Information
9.6
Recovering From an Identity Component Upgrade Failure
9.7
Looking Ahead
10
Upgrading Access System Components
10.1
About Access System Component Upgrades
10.2
Upgrading Remaining Policy Managers
10.2.1
Policy Manager Upgrade Prerequisites
10.2.2
Starting the Policy Manager Upgrade, Specifying a Target Directory and Languages
10.2.3
Upgrading Policy Manager and Web Server Configuration Files
10.2.4
Finishing and Verifying the Policy Manager Upgrade
10.3
Upgrading Access Servers
10.3.1
Access Server Upgrade Prerequisites
10.3.2
Starting the Access Server Upgrade, Specifying a Directory and Languages
10.3.3
Upgrading Access Server Configuration Files
10.3.4
Finishing and Verifying the Access Server Upgrade
10.4
Upgrading WebGates
10.4.1
WebGate Upgrade Prerequisites
10.4.2
Starting the WebGate Upgrade, Specifying a Target Directory and Languages
10.4.3
Upgrading WebGate and Web Server Configuration Files
10.4.4
Finishing and Verifying the WebGate Upgrade
10.5
Backing Up Upgraded Access System Component Directories
10.6
Recovering From an Access System Upgrade Failure
10.7
Looking Ahead
11
Upgrading Integration Components and an Independently Installed SDK
11.1
Upgrading Third-Party Integration Connectors
11.1.1
Integration Upgrade Prerequisites
11.1.2
Starting the Integration Upgrade
11.1.3
Upgrading Security Provider for WebLogic SSPI
11.1.4
Finishing the Integration-Component Upgrade
11.2
Upgrading Independently Installed Software Developer Kits
11.2.1
SDK Upgrade Prerequisites
11.2.2
Starting the SDK Upgrade, Specifying a Target Directory and Languages
11.2.3
Upgrading the SDK Configuration and Verifying the Upgrade
11.3
Backing Up Upgraded Integration Connector or SDK Data
11.4
Recovering From an Integration Connector or SDK Upgrade Failure
11.5
Looking Ahead
Part IV Upgrading Your Customizations
12
Upgrading Your Identity System Customizations
12.1
Prerequisites and Guidelines
12.2
Upgrading Auditing and Access Reporting for the Identity System
12.2.1
Upgrading Auditing and Reporting with a Microsoft SQL Server
12.2.1.1
Database Record Sizing
12.2.2
Upgrading Auditing and Reporting with an Oracle Database
12.3
Combining Challenge and Response Attributes on a Panel
12.4
Confirming Identity System Failover and Load Balancing
12.5
Migrating Custom Identity Event Plug-Ins
12.6
Ensuring Compatibility with Earlier Portal Inserts
12.7
About Custom Items and Upgrades
12.8
Incorporating Customizations from Release 6.5 and 7.x
12.9
Incorporating Customizations from Releases Earlier than 6.5
12.9.1
Style Customization Prerequisites
12.9.2
Recreating Custom Style Directories in 10
g
(10.1.4.0.1)
12.9.3
Customizing New Stylesheets
12.9.4
Incorporating Custom Images
12.9.4.1
gifPathName and jsPathName Variables
12.9.5
Using New Customized Styles
12.9.6
Incorporating JavaScript Customizations
12.9.7
Handling Language-Specific Message Catalogs
12.9.7.1
Handling XSL Stylesheet Messages
12.9.7.2
Handling Messages for JavaScript
12.10
Validating Identity System Customization Upgrades
12.11
Backing Up Upgraded Identity System Customizations
12.12
Recovering from an Identity System Customization Upgrade Failure
12.13
Looking Ahead
13
Upgrading Your Access System Customizations
13.1
Prerequisites and Guidelines
13.2
Upgrading Auditing and Reporting for the Access Server
13.3
Confirming Access System Failover and Load Balancing
13.4
Upgrading Forms-based Authentication
13.5
Recompiling and Redesigning Custom Authentication and Authorization Plug-Ins
13.6
Associating Release 6.1.1 Authorization Rules with Access Policies
13.7
Assuring Proper Authorization Failure Re-directs After Upgrading from 6.1.1
13.8
Updating the ObAMMasterAuditRule_getEscapeCharacter in Custom C Code
13.9
Validating Access System Customization Upgrades
13.10
Backing Up Upgraded Access System Customizations
13.11
Recovering from an Access System Customization Upgrade Failure
13.12
Looking Ahead
Part V Validating the Upgrade
14
Validating the Entire System Upgrade
14.1
Validating the Identity System Upgrade
14.2
Validating Access System Upgrades
14.3
Deleting the Temporary Directory Server Profile
14.4
Reverting Backward Compatibility
14.4.1
Reverting Identity Server Backward Compatibility
14.4.2
Reverting Access Server Backward Compatibility
Part VI Appendixes
A
Oracle Access Manager Directory Structure Changes
A.1
About the 10
g
(10.1.4.0.1) Directory Structure
A.1.1
\lang Directory and \
langtag
Subdirectories
A.1.2
\logs Directory
A.1.3
\obsymbols Directory
A.1.4
\reports Directory
A.1.5
\scoreboard Directory
A.1.6
\WebServices Directory
A.2
Identity Server Directories
A.3
WebPass Directories
A.4
Directories for Access System Components
A.4.1
Subdirectories for the Policy Manager
A.4.2
Subdirectories for the Access Server
A.4.3
Subdirectories for WebGate
A.5
PresentationXML Directories
A.5.1
PresentationXML Directories with Oracle Access Manager Release 6.5 and Later
A.5.2
PresentationXML Directories Before Oracle Access Manager 6.5
A.5.3
Message Storage
B
Upgrade Process and Utilities
B.1
About Upgrade Events
B.2
Primary Utility: obmigratenp
B.3
File Upgrade: obmigratefiles
B.4
Message and Parameter Upgrade: obmigrateparamsg
B.5
Schema Upgrade: obmigrateds
B.6
Data Upgrade: obmigratedata
B.7
Web Server Upgrade: obmigratews
B.8
Component-Specific Upgrades
B.8.1
Identity Server: obMigrateNetPointOis
B.8.2
WebPass: obMigrateNetPointWP
B.8.3
Policy Manager: obMigrateNetPointAM
B.8.4
Access Server: obMigrateNetPointAAA
B.8.5
WebGate: obMigrateNetPointWG
B.8.6
Software Developer Kit (SDK): obMigrateNetPointASDK
C
Manual Schema and Data Upgrades
C.1
About Upgrading Schema and Data Manually
C.2
Upgrading the Schema Manually
C.3
About Upgrading Data Manually
C.4
Upgrading Data Manually
C.4.1
Suppressing Automatic Data Upgrades
C.4.2
Upgrading the Configuration Tree Manually
C.4.3
Removing Obsolete Schema Elements for Release 6.5 and 7.0
C.4.3.1
Cleaning Up Obsolete Elements During Identity Server Upgrades
C.4.3.2
Cleaning Up Obsolete Elements During Policy Manager Upgrades
C.4.4
Uploading the Generated LDIF
C.4.5
Upgrading User Data Manually
C.5
Sample Default obmigratenpparams.lst File
C.6
Sample data_520_to_600_xxx.lst
D
Upgrading Sun Web Server Version 4 to Version 6 on Windows 2000
D.1
Upgrading Sun Web Server version 4.x to version 6
D.2
Configuring the New Web Server Instance
D.2.1
Configuring magnus.conf
D.2.2
Configuring obj.conf
D.3
Troubleshooting
E
Planning Worksheets and Tracking Checklists
E.1
About Completing Planning Worksheets and Checklists
E.2
Worksheet for Your Overall Deployment
E.3
Worksheet for Directory Instances
E.4
Worksheet for DIT and Object Definition Details
E.5
Worksheet for Directory Server/RDBMS Profiles
E.6
Worksheet for Database Instance Profiles
E.7
Worksheet for Earlier Identity Servers
E.8
Worksheet for Earlier WebPass Instances
E.9
Worksheet for Earlier Policy Manager Instances
E.10
Worksheet for Earlier Access Servers
E.11
Worksheet for Earlier WebGates/AccessGates
E.12
Worksheet for Integration Components and Independently Installed SDKs
E.13
Worksheet for Customizations
E.14
Checklist for Schema and Data Preparation
E.15
Checklist for the Schema and Data Upgrade
E.16
Checklist for Component Preparation
E.17
Checklist for Component Upgrades
E.18
Checklist for Integration Connector/SDK Upgrades
E.19
Checklist for Customization Upgrades
E.20
Checklist for Validating the Entire Upgrade
F
Troubleshooting the Upgrade Process
F.1
Accessing Log Files
F.2
Access Server Not Processing Earlier WebGate Data Properly
F.3
Auditing and Access Reporting Issues
F.4
Authentication Failures
F.5
Authorization Failure Re-direct Problems After Upgrading from 6.1.1
F.6
Challenge and Response Phrase Issues
F.7
Challenge Response May Not Convert Properly
F.8
Compatibility of Earlier Plug-ins in the Upgraded Environment
F.9
Customized Styles, Images, and JavaScript
F.10
Deleting the vpd.properties File
F.11
Ensuring Compatibility with Earlier Portal Inserts
F.12
Failover and Load Balancing Issues in Upgraded Environments
F.13
Identity Server Not Processing Data from Earlier Plug-ins
F.14
IdentityXML Calls Fail After WebGate Install
F.15
LDAP Add Errors in a Replicated Environment
F.16
Manual Schema Upload Fails
F.17
Mime_types -related Customizations Not Retained
F.18
Searches Are Slow
F.19
Troubleshooting Sun Web Server Upgrades
F.20
Users Cannot Log In
F.21
WebSphere Application Server and Portal Server Upgrades
Index