B Upgrading from 10.1.4.3 to 10.1.4.5

This appendix contains information about upgrading the Oracle Adaptive Access Manager application and database repository from 10.1.4.3 to 10.1.4.5.

Note:

To configuring encryption, please contact Oracle Support.

If you are upgrading the Oracle Adaptive Access Manager application and database repository from 3.5 to 10.1.4.5, there are two steps involved:

Upgrade from 3.5 to 10.1.4.3.
Upgrade from 10.1.4.3 to 10.1.4.5

This appendix covers information to upgrade from 10.1.4.3 to 10.1.4.5. For information on upgrading from 3.5 to 10.1.4.3, please refer to Appendix C, "Upgrading from 3.5 to 10.1.4.3."

B.1 Upgrading the Oracle Adaptive Access Manager Application Layer

To upgrade the Oracle Adaptive Access Manager application, please perform the procedures documented below.

This section contains the following topics:

Export Existing Models
Shut Down and Clean Up Logs
Back Up the Existing Web Applications
Deploy and Configure the Web Applications

B.1.1 Export Existing Models

Before performing the upgrade process, export your existing models. Refer to "Rules and Models" in the Oracle Adaptive Access Manager Administrator's Guide for information.

B.1.2 Shut Down and Clean Up Logs

Shut down Oracle Adaptive Access Manager-related web applications.
Clean up all the old logs.

B.1.3 Back Up the Existing Web Applications

For both Adaptive Strong Authenticator and Adaptive Risk Manager, back up all the properties files under the <WEBAPPS_INSTALLED_DIR>/<WEBAPPS_NAME>/WEB-INF/classes directory to an <UPGRADE_TEMP_DIR> directory.

The properties files will be used later in the upgrade process. An example of backing up the files is shown below.
```
Mkdir c:\upgrade_10g_temp
Copy  c:\tomcat\webapp\oarm\WEB-INF\classes c:\upgrade_10g_temp\oarm\classes
Mkdir c:\upgrade_10g_temp\oarm
Mkdir c:\upgrade_10g_temp\oarm\classes
```
Note:
Ensure that this step is performed because certain property files must be copied back into their respective directories once the new war files have been exploded or unjarred.
Back up Oracle Adaptive Access Manager (the deployed application) if you want to upgrade the Oracle Adaptive Access Manager components listed below.
- Adaptive Strong Authenticator (Authenticator)
- Adaptive Risk Manager (Tracker)
You could back up Oracle Adaptive Access Manager applications by moving the files to a different directory.

Note:
This is an important step if you should need to restore an old application or any customer specific customizations.

B.1.4 Deploy and Configure the Web Applications

To deploy and configure the web applications:

Copy and explode or unjar the new 10.1.4.5 war files (oasa.war and oarm.war) in the webapps directory. These war files are provided with the upgrade patch.
Deploy the web applications.

Please follow your platform-specific vendor-supplied deployment guide for instructions on how to install web applications.
Once your web application is deployed, copy the properties files you saved (during Step 0 of the "Back Up the Existing Web Applications" section) into their respective WEB-INF\classes directories.

For the OASA directory (For example, <ASA_HOME>\WEB-INF\classes)
- bharosa_client.properties
- bharosa_app.properties
- log4j.xml
For the OARM directory (For example, <ARM_HOME>\WEB-INF\classes)
- bharosa_server.properties
- bharosa_app.properties
- log4j.xml
- sessions.xml

B.2 Upgrading the Oracle Adaptive Access Manager Database Repository

The Oracle Adaptive Access Manager database repository needs to be upgraded as part of the Oracle Adaptive Access Manager upgrade process; the Oracle Adaptive Access Manager database is not backwards-compatible. Ensure that you upgrade the Oracle Adaptive Access Manager repository before starting the newly deployed application; otherwise, there will be exceptions in the log files.

If you are using an Oracle database, perform all the steps in "Part A - Upgrading the Oracle Database Repository".

If you are using a SQL Server database, skip "Part A - Upgrading the Oracle Database Repository", and perform all the steps in "Part B - Upgrading the SQL Server Database Repository".

B.2.1 Part A - Upgrading the Oracle Database Repository

B.2.1.1 Step 1 Stop the Application Servers

Please make sure to stop all the application servers connected to the Oracle Adaptive Access Manager database.

B.2.1.2 Step 2 Back Up Database Repository

Please make sure to take a full backup of the Oracle Adaptive Access Manager database repository before starting any migration step.

B.2.1.3 Step 3 Run the Setup Scripts

The scripts, which are listed below, are required to upgrade the Oracle Adaptive Access Manager database to the 10.1.4.5 database.

db_update.sql
upd_oaam_obj_10145.sql
oracle_default_locales.sql
update_locale.sql

db_upgrade.sql

When you run the db_upgrade.sql script, it will automatically run all the other scripts. There is no need to run the scripts manually unless you encounter a problem.

Run this script using the Oracle Adaptive Access Manager repository user.

For example, BRSAADMIN.

The db_upgrade.sql script calls the following scripts

upd_oaam_obj_10145.sql
oracle_default_locales.sql
update_locale.sql

upd_oaam_obj_10145.sql

The upd_oaam_obj_10145.sql script will create or alter objects to support Oracle Adaptive Access Manager 10.1.4.5.

Please check the upd_oaam_obj_10145.log for any error.

Please ignore following errors:

ORA-01418
ORA-02260

oracle_default_locales.sql

The oracle_default_locales.sql script will populate the locale table with seed data.

update_locale.sql

The update_locale.sql script will update the V_USER_QUESTION table with locale information.

B.2.1.4 Step 4 Migrate Character Set (Optional)

If you want to convert the database character set from non-unicode characters to unicode, please use the Oracle-provided CSSCAN and CSALTER (Metalink Doc Id: 260192.1).

Basic Steps

The basic steps involved in the character set conversion are listed below.

BACKUP
CLUSTER_DATABASE=FALSE (*RAC Only*)
SHUTDOWN IMMEDIATE
STARTUP
CSSCAN
SHUTDOWN IMMEDIATE
STARTUP RESTRICT
CSALTER
CLUSTER_DATABASE=TRUE (*RAC Only*)
SHUTDOWN IMMEDIATE
STARTUP

Conversion Time

The runtime of the character set migration depends on the database size.

Validation

To find the current database character set, run the following SQL statement with DBA credentials. For example, SYS or SYSTEM. (Metalink Doc Note:225938.1)

select value from NLS_DATABASE_PARAMETERS where parameter='NLS_CHARACTERSET' and value like '%UTF8%'

The above query should return at least 1 row if the database character set is set to UTF8.

B.2.2 Part B - Upgrading the SQL Server Database Repository

B.2.2.1 Step 1 Stop Servers

Please make sure to stop all the application servers connected to the Oracle Adaptive Access Manager database.

B.2.2.2 Step 2 Back Up Database Repository

Please make sure to take a full backup of the Oracle Adaptive Access Manager database repository before starting any migration step.

B.2.2.3 Step 3 Run the Setup Scripts

The scripts, which are listed below, are required to upgrade the Oracle Adaptive Access Manager database to the 10.1.4.5 database.

001_upgrade_10145_sqlserver.sql
055_mssql_default_locales.sql
003_update_default_locale.sql

Refer to the following paragraphs for more information on the scripts.

001_upgrade_10145_sqlserver.sql

The 001_upgrade_10145_sqlserver.sql script will create or alter objects to support Oracle Adaptive Access Manager 10.1.4.5.

Run this script on the Oracle Adaptive Access Manager database using the SQL Server Manager console.

Please ignore following warning message:

Warning! The maximum key length is 900 bytes.

055_mssql_default_locales.sql

The 055_mssql_default_locales.sql script will populate the locale table with seed data.

Run this script on the Oracle Adaptive Access Manager database using the SQL Server Manager console.

003_update_default_locale.sql

The 003_update_default_locale.sql script will update the V_USER_QUESTION table with locale information.

Run this script on the Oracle Adaptive Access Manager database using the SQL Server Manager console.

B.3 Validating the Upgrade Process

To ensure upgrade process is successfully completed, please perform the following steps.

Log in to the Oracle Adaptive Access Manager repository.
Check the number of tables in the database. There should be 234 tables.
Check the entries in vcrypt_db_patches. The database should show entries inserted for 10.1.4.5
```
Select * from vcrypt_db_patches 
```
Check the application logs for any error.
Log in to Adaptive Risk Manager URL (for example: http://test.upgrade.com:9090/oarm) and go to HELP > ONLINE HELP >ABOUT.

It should say, "Welcome to Oracle Adaptive Access Manager version - 10.1.4.5.xxxxxxx"

B.4 Upgrading Rule Templates and Pre-Existing Models

Import the full package of rule conditions (oaam_rule_conditions/oaam_rule_conditions.zip) into Adaptive Risk Manager.
Import the saved models into Adaptive Risk Manager.

B.5 Backing Out or Rolling Back the Upgrade Process

In case a failure in the upgrade process occurred or if you have any other reason, you can back out or roll back the upgrade process by following the steps documented below.

Stop the Oracle Adaptive Access Manager web applications.
Restore the old database backup.
Undeploy the newly deployed web applications.
Copy and deploy the old backed up web applications.
Restart the web applications.
Import the rule conditions and saved models.
Validate the applications using the Adaptive Risk Manager and Adaptive Strong Authenticator URLs.