Oracle® Access Manager Upgrade Guide 10g (10.1.4.0.1) Part Number B25354-01 |
|
|
View PDF |
Activities in this chapter should be completed only after upgrading the schema and data, all Identity System and Access System components, integration components and SDKs, and customizations. Topics include:
It is a good idea to quickly validate that you can perform tasks in the Identity System Console and applications. For additional information, see the Oracle Access Manager Identity and Common Administration Guide.
To validate your Identity System upgrade
Make sure your Identity Server service and WebPass Web server instance are running.
Navigate to the Identity System Console from your browser by specifying the appropriate URL. For example:
http://hostname:port/identity/oblix
where hostname refers to machine that hosts the Web server; port refers to the HTTP port number of the WebPass Web server instance; /identity/oblix connects to the Identity System Console.
The Oracle Access Manager landing page should appear.
Landing Page Does Not Appear: See Chapter F, "Troubleshooting the Upgrade Process".
Perform any of the tasks listed next to verify the operation:
View the directory server profile for this Identity Server by selecting Identity System Console, System Configuration, Directory Profiles, link_to_this_profile
Set up panels in the User Manager, Group Manager, Organization Manager.
Set up object-based searchbases in the User Manager.
Set up access controls in the User Manager, Group Manager, or Organization. Manager.
Create workflow definitions.
Configure options such as the mail server and session settings.
You can complete any of the next steps to validate that the Access System schema and data upgrade have been successful. For more information, see Oracle Access Manager Access Administration Guide.
To verify a successful Access System upgrade
Make sure your Policy Manager Web server and WebPass Web server instance are running.
Navigate to the Access System Console from your browser by specifying the appropriate URL. For example:
http://hostname:port/access/oblix
where hostname refers to machine that hosts the Web server; port refers to the HTTP port number of the WebPass Web server instance; /access/oblix connects to the Access System Console.
The Oracle Access Manager landing page should appear.
Landing Page Does Not Appear: See Chapter F, "Troubleshooting the Upgrade Process".
Log in to the Policy Manager/Access System Console as a Master Administrator.
Complete one or more of the following tasks, as described in the latest (10g (10.1.4.0.1)) Oracle Access Manager Access Administration Guide. For example:
Display configuration details for an authentication scheme by clicking the link that corresponds to the scheme.
Define or modify a policy domain.
Explore the Access System Console.
Access a protected resource to confirm that login is working.
Log out, as usual.
After upgrading the master Policy Manager (with the schema and data upgrade), an administrator created a temporary directory profile to grant the Access Server write access to policy data stored in the directory server. This temporary directory profile was required when the Access Server gathered configuration information stored in the WebGatestatic.lst file and updated the directory server during WebGate upgrades.
After upgrading all earlier WebGates and confirming proper operation of the upgraded WebGates, you may delete the temporary directory server profile.
Note: Do not perform this task until all earlier WebGates in your environment have been upgraded and verified to be working. |
To delete the temporary directory server profile
From the Access System Console, click the System Configuration tab.
Click Server Settings.
In the Configure LDAP Directory Server Profiles section, click the check box for the profile that you want to delete.
Click Delete.
When all earlier custom plug-ins and WebGates have been successfully upgraded and backward compatibility is no longer needed, proceed to "Reverting Backward Compatibility" next.
You may recall that backward compatibility with earlier custom plug-ins (and WebGates/AccessGates) was enabled during earlier Identity and Access Server upgrades. If 10g (10.1.4.0.1) Identity or Access Servers were installed in the upgraded environment, enabling backward compatibility was a manual task.
After upgrading all older plug-ins, WebGates and AccessGates, and confirming that the entire system upgrade has been successful, you may revert backward compatibility.
The steps you complete to revert backward compatibility are similar to those used to manually enable backward compatibility. For more information, see:
After extending your custom Identity plug-ins to support UTF-8, you perform the steps in the next procedure on every Identity Server in your environment whether backward compatibility was enabled automatically or manually.
To revert backward compatibility on Identity Servers
Upgrade all Identity System customizations as described in Chapter 12, "Upgrading Your Identity System Customizations".
Redeploy all upgraded Identity System customizations and verify that all are working as expected.
Locate and open the Identity Server oblixpppcatalog.lst file in IdentityServer_install_dir\identity\oblix\apps\common\bin\oblixpppcatalog.lst.
Set the encoding flag from Latin-1
to encoding
after the ApiVersion
flag (if there is one) to provide backward compatibility for Latin-1 data. For example:
From:
userservcenter_view_pre;lib;;..\..\..\unsupported\ppp\ppp_dll\
ppp_dll.dll;Publisher_USC_PreProcessingTest_PPP_Automation;;Latin-1
To:
userservcenter_view_pre;lib;;..\..\..\unsupported\ppp\ppp_dll\
ppp_dll.dll;Publisher_USC_PreProcessingTest_PPP_Automation;;encoding
Repeat as needed for entries in this file.
Save the file.
Restart the Identity Server service.
Repeat for each Identity Server in the upgraded environment to revert backward compatibility.
After verifying that your custom Access System plug-ins were redesigned to support UTF-8, and after upgrading all WebGates/AccessGates successfully, backward compatibility is no longer needed. In this case, Oracle recommends that you manually set "IsBackwardCompatible" Value="false"
in all Access Server globalparams.xml files.
Whether backward compatibility was enabled automatically or manually, you perform the steps in this procedure on every Access Server in your environment.
To revert backward compatibility on Access Servers
Upgrade all Access System customizations as described in Chapter 13, "Upgrading Your Access System Customizations".
Redeploy all upgraded Access System customizations and verify that all are working as expected.
Locate and open the Access Server globalparams.xml file in AccessServer_install_dir\access\oblix\apps\common\bin\globalparams.xml.
Set "IsBackwardCompatible" Value="false"
. For example:
<SimpleList <NameValPair ParamName="IsBackwardCompatible" Value="false"> </NameValPair> </SimpleList>
Save the file.
Restart the Access Server service.
Repeat for each Access Server in the upgraded environment.