14 Validating the Entire System Upgrade

Activities in this chapter should be completed only after upgrading the schema and data, all Identity System and Access System components, integration components and SDKs, and customizations. Topics include:

• Validating the Identity System Upgrade

• Validating Access System Upgrades

• Deleting the Temporary Directory Server Profile

• Reverting Backward Compatibility

14.1 Validating the Identity System Upgrade

It is a good idea to quickly validate that you can perform tasks in the Identity System Console and applications. For additional information, see the Oracle Access Manager Identity and Common Administration Guide.

To validate your Identity System upgrade

1. Delete all Web browser caches once the upgrade is complete.

2. Make sure your Identity Server service and WebPass Web server instance are running.

3. Navigate to the Identity System Console from your browser by specifying the appropriate URL. For example:

   http://hostname:port/identity/oblix
   
   

   where hostname refers to machine that hosts the Web server; port refers to the HTTP port number of the WebPass Web server instance; /identity/oblix connects to the Identity System Console.

   The Oracle Access Manager landing page should appear.

4. Landing Page Does Not Appear: See Chapter F, "Troubleshooting the Upgrade Process".

5. Perform any of the tasks listed next to verify the operation:

   • View the directory server profile for this Identity Server by selecting Identity System Console, System Configuration, Directory Profiles, link_to_this_profile

   • Set up panels in the User Manager, Group Manager, Organization Manager.

   • Set up object-based searchbases in the User Manager.

   • Set up access controls in the User Manager, Group Manager, or Organization. Manager.

   • Create workflow definitions.

   • Configure options such as the mail server and session settings.

14.2 Validating Access System Upgrades

You can complete any of the next steps to validate that the Access System schema and data upgrade have been successful. For more information, see Oracle Access Manager Access Administration Guide.

To verify a successful Access System upgrade

1. Make sure your Policy Manager Web server and WebPass Web server instance are running.

2. Delete all Web browser caches once the upgrade is complete

3. Navigate to the Access System Console from your browser by specifying the appropriate URL. For example:

   http://hostname:port/access/oblix
   
   

   where hostname refers to machine that hosts the Web server; port refers to the HTTP port number of the WebPass Web server instance; /access/oblix connects to the Access System Console.

   The Oracle Access Manager landing page should appear.

4. Landing Page Does Not Appear: See Chapter F, "Troubleshooting the Upgrade Process".

5. Log in to the Policy Manager/Access System Console as a Master Administrator.

6. Complete one or more of the following tasks, as described in the latest (10g (10.1.4.0.1)) Oracle Access Manager Access Administration Guide. For example:

   • Display configuration details for an authentication scheme by clicking the link that corresponds to the scheme.

   • Define or modify a policy domain.

   • Explore the Access System Console.

   • Access a protected resource to confirm that login is working.

7. Log out, as usual.

14.3 Deleting the Temporary Directory Server Profile

After upgrading the master Policy Manager (with the schema and data upgrade), an administrator created a temporary directory profile to grant the Access Server write access to policy data stored in the directory server. This temporary directory profile was required when the Access Server gathered configuration information stored in the WebGatestatic.lst file and updated the directory server during WebGate upgrades.

After upgrading all earlier WebGates and confirming proper operation of the upgraded WebGates, you may delete the temporary directory server profile.

Note: Do not perform this task until all earlier WebGates in your environment have been upgraded and verified to be working.

To delete the temporary directory server profile

1. From the Access System Console, click the System Configuration tab.

2. Click Server Settings.

3. In the Configure LDAP Directory Server Profiles section, click the check box for the profile that you want to delete.

4. Click Delete.

5. When all earlier custom plug-ins and WebGates have been successfully upgraded and backward compatibility is no longer needed, proceed to "Reverting Backward Compatibility" next.

14.4 Reverting Backward Compatibility

You may recall that backward compatibility with earlier custom plug-ins (and WebGates/AccessGates) was enabled during earlier Identity and Access Server upgrades. If 10g (10.1.4.0.1) Identity or Access Servers were installed in the upgraded environment, enabling backward compatibility was a manual task.

After upgrading all older plug-ins, WebGates and AccessGates, and confirming that the entire system upgrade has been successful, you may revert backward compatibility.

The steps you complete to revert backward compatibility are similar to those used to manually enable backward compatibility. For more information, see:

• Reverting Identity Server Backward Compatibility

• Reverting Access Server Backward Compatibility

14.4.1 Reverting Identity Server Backward Compatibility

After extending your custom Identity plug-ins to support UTF-8, you perform the steps in the next procedure on every Identity Server in your environment whether backward compatibility was enabled automatically or manually.

To revert backward compatibility on Identity Servers

1. Upgrade all Identity System customizations as described in Chapter 12, "Upgrading Your Identity System Customizations".

2. Redeploy all upgraded Identity System customizations and verify that all are working as expected.

3. Locate and open the Identity Server oblixpppcatalog.lst file in IdentityServer_install_dir\identity\oblix\apps\common\bin\oblixpppcatalog.lst.

4. Set the encoding flag from Latin-1 to encoding after the ApiVersion flag (if there is one) to provide backward compatibility for Latin-1 data. For example:

   From:

   userservcenter_view_pre;lib;;..\..\..\unsupported\ppp\ppp_dll\
        ppp_dll.dll;Publisher_USC_PreProcessingTest_PPP_Automation;;Latin-1
   
   

   To:

   userservcenter_view_pre;lib;;..\..\..\unsupported\ppp\ppp_dll\
        ppp_dll.dll;Publisher_USC_PreProcessingTest_PPP_Automation;;encoding
   
   

5. Repeat as needed for entries in this file.

6. Save the file.

7. Restart the Identity Server service.

8. Repeat for each Identity Server in the upgraded environment to revert backward compatibility.

14.4.2 Reverting Access Server Backward Compatibility

After verifying that your custom Access System plug-ins were redesigned to support UTF-8, and after upgrading all WebGates/AccessGates successfully, backward compatibility is no longer needed. In this case, Oracle recommends that you manually set "IsBackwardCompatible" Value="false" in all Access Server globalparams.xml files.

Whether backward compatibility was enabled automatically or manually, you perform the steps in this procedure on every Access Server in your environment.

To revert backward compatibility on Access Servers

1. Upgrade all Access System customizations as described in Chapter 13, "Upgrading Your Access System Customizations".

2. Redeploy all upgraded Access System customizations and verify that all are working as expected.

3. Locate and open the Access Server globalparams.xml file in AccessServer_install_dir\access\oblix\apps\common\bin\globalparams.xml.

4. Set "IsBackwardCompatible" Value="false". For example:

   <SimpleList
        <NameValPair
              ParamName="IsBackwardCompatible"
               Value="false">
        </NameValPair>
   </SimpleList>
   
   

5. Save the file.

6. Restart the Access Server service.

7. Repeat for each Access Server in the upgraded environment.