This chapter describes issues associated with the upgrade and migration process of Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0). It includes the following sections:
This section describes issues related to upgrading the following components:
Oracle Identity Manager 11g Release 1 (11.1.1.5.0) to Oracle Identity Manager 11g Release 2 (11.1.2.1.0)
Oracle Access Manager 11g Release 1 (11.1.1.5.0) to Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0)
Oracle Adaptive Access Manager 11g Release 1 (11.1.1.5.0) to Oracle Adaptive Access Manager 11g Release 2 (11.1.2.1.0)
Oracle Identity Navigator 11g Release 1 (11.1.1.5.0) to Oracle Identity Navigator 11g Release 2 (11.1.2.1.0)
Oracle Entitlements Server 11g Release 1 (11.1.1.5.0) to Oracle Entitlements Server 11g Release 2 (11.1.2.1.0)
Oracle Identity Manager 9.x to Oracle Identity Manager 11g Release 2 (11.1.2.1.0)
For the list of upgrade issues reported in 11g Release 2 (11.1.2), see "Upgrade and Migration Issues for Oracle Identity and Access Management" in the Oracle Fusion Middleware Release Notes for 11g Release 2 (11.1.2).
This section describes general issues and workarounds related to the upgrade scenarios. It includes the following topic:
This issue occurs when you upgrade Oracle Identity Manager 9.x or Oracle Identity Manager 11g Release 1 (11.1.1.5.0) to Oracle Identity Manager 11g Release 2 (11.1.2.1.0). The LOV fields for User, Role, and Organization Forms on User Interface are not upgraded correctly.
You must apply the following workaround before you click on Upgrade User Form
or Upgrade Role Form
or Upgrade Organization Form
. This workaround should not be applied after Upgrade User Form
is completed.
The workaround is as follows:
Log in to the /sysadmin
console using the following URL:
http://
OIM_HOST
:
OIM_PORT
/sysadmin
Create and activate a sandbox.
Click Form Designer.
Search for User form, and open it.
For each LOV UDF, create the UDF with the name same as the UDF name in the User.xml
file. Make sure you select both Searchable and Searchable Picklist.
Repeat for all the searchable LOV fields of Role and Organization forms.
Publish the sandbox.
This section describes issues related to the following scenarios:
Migrating Oracle Access Manager 10g to Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0)
Migrating Oracle Adaptive Access Manager 10g to Oracle Adaptive Access Manager 11g Release 2 (11.1.2.1.0)
Migrating Oracle Single Sign-On 10g to Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0)
Migrating Sun OpenSSO Enterprise 8.0 to Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0)
Migrating Sun Java System Access Manager 7.1 to Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0)
Coexistence of Oracle Access Manager 10g with Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0)
Coexistence of Sun OpenSSO Enterprise 8.0 with Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0)
Coexistence of Sun Java System Access Manager 7.1 with Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0)
This section describes general issues and workarounds related to the migration scenarios. It includes the following topics:
This issue occurs when you upgrade Oracle Single Sign-On 10g to Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0). If errors occurs during the execution of the Upgrade Assistant which require you to re-run the process, there is a possibility that required osso.conf
files will not be generated, in the location specified in the Upgrade Assistant Summary screen, at the end of the process.
If this occurs, the osso.conf
files needed to complete the upgrade, can also be found in the following directory:
<MW_HOME>/user_projects/domains/<Domain_Home>/output/upgrade
Known issue.
The server logs and assessment report shows only English messages when you migrate the following components to Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0):
Oracle Access Manager 10g
Sun OpenSSO Enterprise 8.0
Sun Java System Access Manager 7.1
This issue occurs when you register Policy Agent 2.2 in Oracle Access Management 11.1.2.1.0 Server using Remote Registration tool (RREG), during migration. This is because of the unavailability of the agent template.
The workaround for this issue is as follows:
Copy the oam-admin.ear
from the following directory to a temporary location:
On Unix: MW_HOME
/oam/server/apps/
On Windows: MW_HOME
\oam\server\apps\
Unpack the oam-admin.ear
file in any desired location. The oam-admin.ear
contains ngam-ui.war
file.
Unpack the ngam-ui.war
file in any desired location. The ngam-ui.war
contains oam-migrate.jar
file.
Unpack the oam-migrate.jar
file in any desired location.
Go to the following directory from the location where you have unpacked the oam-migrate.jar
:
On UNIX: oracle/security/am/migrate/OpenSSO/resources/templates/
On Windows: oracle\security\am\migrate\OpenSSO\resources\templates\
Complete the following steps depending on the type of 2.2 Policy Agent:
For 2.2 J2EE Agent:
On UNIX: Copy the AMAgent.template
from the directory ../templates/j2eeagents
to the location MW_HOME
/
RReg_Home
/templates/opensso/j2eeagents
On Windows: Copy the AMAgent.template
from the directory ..\templates\j2eeagents
to the location MW_HOME
\
RReg_Home
\templates\opensso\j2eeagents
For 2.2 Web Agent:
On UNIX: Copy the AMAgent.template
from the directory ../templates/webagents
to the location MW_HOME
/
RReg_Home
/templates/opensso/webagents
On Windows: Copy the AMAgent.template
from the directory ..\templates\webagents
to the location MW_HOME
\
RReg_Home
\templates\opensso\webagents
Oracle Fusion Middleware Upgrade and Migration Guide for Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0) discusses how to upgrade or migrate various Single Sign-On and Access Management environments to Oracle Access Management 11g Release 2 (11.1.2.0.0). You should use this guide for information about upgrade, migration, and coexistence procedures.
If necessary, you can read the following support note for any late-breaking information and changes:
This section describes general issues and workarounds related to applying the Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0) patch to an existing Oracle Identity and Access Management 11g Release 2 (11.1.2.0.0) environment. It includes the following topics:
Section 3.3.4, "Harmless Error After Applying Interim Patch 14481477"
Section 3.3.6, "Classpath Issue While Patching Oracle Identity Manager Middle Tier"
Section 3.3.8, "Middle Tier Upgrade Fails When Patching OIM 11.1.2.0.0 to 11.1.2.1.0"
In Oracle Access Manager Release 2 (11.1.2.1.0), the System Mbean Configuration files have been modified to remove the dependency on domain home. The copyMbeanXmlFiles
command moves the domain Mbean jars out of the domain home to eliminate any future upgrade or patching issues.
After you have applied the 11.1.2.1.0 patch, you must run the following WLST commands to complete the patching process for OAM:
After applying the 11.1.2.1.0 patch set, use the Patch Set Assistant to update the Oracle Access Manager Components as described in "Updating Your Schemas with Patch Set Assistant".
Make sure that you select Oracle Access Manager on the Select Component screen.
After a successful run of the Patch Set Assistant, navigate to the following directory and execute the copyMbeanXmlFiles
command, as shown in the example below.
You must specify the directory paths for your Middleware and OAM Oracle homes. Directories below are shown as examples only.
On Unix operating systems:
cd $ORACLE_HOME/common/bin/wlst.sh copyMbeanXmlFiles ('/MW_HOME/user_projects/domains/my_domain',' '/MW_HOME/Oracle_IDM') where 2nd parameter <OAM_ORACLE_HOME> is optional.
On Windows operating systems:
cd $ORACLE_HOME/common/bin/wlst.sh copyMbeanXmlFiles('C:\\Oracle\\MW_HOME\\user_projects\domains\\my_domain','C:\\Oracle\\MW_HOME\\Oracle_IDM') where 2nd parameter <OAM_ORACLE_HOME> is optional.
After a successful run of the above command, verify that the 11.1.2.1.0 Mbean XML files are copied to the following locations:
<DOMAIN_HOME>/config/fmwconfig/mbeans
<DOMAIN_HOME>/config/fmwconfig
In an Oracle Identity Manager 11g Release 2 (11.1.2.1.0) deployment that has been upgraded from 11g Release 2 (11.1.2.1), SOA email notification does not work.
To workaround this issue:
Apply patch 16366204.
Start Admin and SOA Server.
Update the JpsContextName MBean. To do so:
Login to Oracle Enterprise Manager.
On the left pane, expand Weblogic Domain.
Right-click WLS_DOMAIN, and select System MBeans Browser.
Go to Application Defined MBeans, com.oracle.sdp.messaging, Server: soa_server1, Application:usermessagingserver, SDPMessagingServerConfig, ServerConfig, JpsContextName.
Enter oim as the value, and click Apply.
Restart the SOA Server.
After you have applied the Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0) patch, the AD User Management 11.1.1.5.0 reconciliation profile used for Oracle Identity Manager may be overwritten.
To correct this issue, open the "Active Directory Organization Recon" job and clear the last token listed (if it its has a specified value) and run the job.
If Interim Patch 14481477 was applied to the existing Oracle Identity and Access Management 11g Release 2 (11.1.2.0.0) environment before applying the 11.1.2.1.0 patch, you may see the following warning. You can safely ignore this error message.
Error Message:
OUI-10221:The install touches a component that is patched by interim patches'Interim Patch# 14481477'. The interim patches affect other components not included in the install. You may rollback the interim patches 'Interim Patch# 14481477'using OPatch for consistency before performing the upgrade. You may also choose to ignore this warning and continue with the upgrade. If you choose to continue, the conflicting patches will be removed from the inventory. However, some files that are not updated during the upgrade may be left behind. Contact Support to check applicability and availability of interim patches 'Interim Patch# 14481477' for this install. Do you want to ignore the patch conflicts and continue with the upgrade?.
After you have applied the Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0) patch, some of the transaction screens may not open properly. To correct this issue, delete the server-level temporary directories as described below.
Shut down all of the managed servers.
Navigate to the following directory:
cd $MIDDLEWAREHOME/user_projects/domains/$<DOMAINNAME>/servers/
For each of the servers located in the /servers
directory, delete the contents of the _WL_user
folder in the /tmp
directory.
For example, if you have an OIM Managed Server on a Unix operating system, you would remove the contents of the /_WL_user directory in the following location:
$MIDDLEWAREHOME/user_projects/domains/$<DOMAINNAME>/servers/$OIMMANAGEDSERVERNAME/tmp/_WL_user
Repeat the process for each server in the /servers
directory and restart the managed servers.
If you receive the following error message while updating your Oracle Identity Manager (OIM) Middle Tier from 11.1.2.0.0 to 11.1.2.1.0, you must update the ucp.jar
classpath in the OIMUpgrade.sh
script.
Error Message:
Exception in thread "main" java.lang.NoClassDefFoundError: oracle/ucp/jdbc/PoolDataSourceFactory
To correct this issue, update the OIMUpgrade.sh
script as described below:
Navigate to <MW_HOME>/Oracle_IDM1/server/bin
Open OIMUpgrade.sh
in edit mode.
Replace the path for $OIM_HOME/server/ext/ucp.jar
in MDSJARS classpath settings with the following:
$MW_HOME/oracle_common/modules/oracle.ucp_11.1.0.jar
Save the OIMUpgrade.sh
file and then run OIM Middle Tier upgrade as described in "Upgrading Oracle Identity Manager Middle Tier Using Property File".
When you are patching from OIM 11g Release 2 (11.1.2.0.0) to OIM 11g Release 2 (11.1.2.1.0), Metadata Services (MDS) patching fails if the Oracle Identity Manager Server is started before the Middle Tier upgrade.
The following exception is seen in the MDS report ORACLE_HOME
/server/logs/
MDS_REPORT_DIRECTORY
/MDSReport.html
, if you start the OIM Managed Server after the binary upgrade or schema upgrade, and before the middle tier upgrade:
java.lang.NullPointerException at oracle.iam.oimupgrade.mdstransferlisteners.util.CommonUtil.readmetadataMergeCl assMap(CommonUtil.java:369) at oracle.iam.oimupgrade.mdstransferlisteners.util.ListenerUtil.postOperation(Lis tenerUtil.java:148) at oracle.iam.oimupgrade.mdstransferlisteners.RequestTransferListener.postOperati on(RequestTransferListener.java:61) at oracle.mds.internal.transfer.InternalMDSTransfer$1.run(InternalMDSTransfer.jav a:2183)
Workaround:
The workaround for this issue is to apply MDS patching after you complete the Oracle Identity Manager upgrade process. To do this, complete the following steps:
Launch the WebLogic Scripting Tool (WLST) by running the following command from the location MW_HOME
/oracle_common/common/bin
:
On UNIX: ./wlst.sh
On Windows: wlst.cmd
Connect to the WebLogic Administration Server by running the following command:
connect('
wls_admin_username
','
wls_admin_password
','t3://
hostname
:port
')
In this command,
wls_admin_username
is the username of the WebLogic Administration Server.
wls_admin_password
is the password of the WebLogic Administration Server.
hostname
is the machine where WebLogic Administration Server ia running.
port
is the Administration Server port
Import the MAR with forced MDS Patching using the following command:
importMAR('OIMMetadata','
OIM_Managed_Server_Name
','true')
In this command, OIM_Managed_Server_Name
is the name of the OIM Managed Server.
For more information about using importMAR command, see "importMAR" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
This issue occurs when you patch Oracle Identity Manager 11g Release 2 (11.1.2.0.0) to Oracle Identity Manager 11g Release 2 (11.1.2.1.0). Middle tier upgrade fails with the following exception when you patch OIM 11.1.2.0.0 to 11.1.2.1.0:
Exception in thread "main" java.lang.NoClassDefFoundError: oracle/ucp/jdbc/PoolDataSourceFactory
The workaround for this issue is as follows:
Open the file OIMUpgrade.sh
from the location MW_HOME
/Oracle_IDM1/server/bin
in text editor.
In MDSJARS classpath settings, replace the path $OIM_HOME
/server/ext/ucp.jar
with $MW_HOME
/oracle_common/modules/oracle.ucp_11.1.0.jar
.
Save the file OIMUpgrade.sh
.
Run the middle tier upgrade again.