17 Upgrading Oracle Identity Manager High Availability Environments

This chapter describes how to upgrade Oracle Identity Manager high availability environments to 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.

Note:

Before proceeding, check if your existing Oracle Identity Manager version is supported for high availability upgrade. For more information on supported starting points for high availability upgrade, see Section 1.5, "Supported Starting Points for Upgrading High Availability Environments".

This chapter includes the following sections:

17.1 Understanding Oracle Identity Manager High Availability Upgrade Topology

Figure 17-1 shows the Oracle Identity Manager cluster set up that can be upgraded to 11.1.2.2.0 by following the procedure described in this chapter.

Figure 17-1 Oracle Identity Manager High Availability Upgrade Topology

Description of Figure 17-1 follows
Description of "Figure 17-1 Oracle Identity Manager High Availability Upgrade Topology"

On OIMHOST1, the following installations have been performed:

  • An Oracle Identity Manager instance has been installed in the WLS_OIM1 Managed Server and a SOA instance has been installed in the WLS_SOA1 Managed Server.

  • A WebLogic Server Administration Server has been installed. Under normal operations, this is the active Administration Server.

On OIMHOST2, the following installations have been performed:

  • An Oracle Identity Manager instance has been installed in the WLS_OIM2 Managed Server and a SOA instance has been installed in the WLS_SOA2 Managed Server.

  • A WebLogic Server Administration Server has been installed. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OIMHOST1 becomes unavailable.

The instances in the WLS_OIM1 and WLS_OIM2 Managed Servers on OIMHOST1 and OIMHOST2 are configured as the OIM_CLUSTER cluster.

The instances in the WLS_SOA1 and WLS_SOA2 Managed Servers on OIMHOST1 and OIMHOST2 are configured as the SOA_CLUSTER cluster.

17.2 Upgrade Roadmap

Table 17-1 lists the steps to upgrade Oracle Identity Manager high availability environment illustrated in Figure 17-1 to 11.1.2.2.0.

Table 17-1 Oracle Identity Manager High Availability Upgrade Roadmap

Task No Task For More Information

1

Review the Oracle Identity Manager high availability upgrade topology, and identify OIMHOST1 and OIMHOST2 on your setup.

See, Understanding Oracle Identity Manager High Availability Upgrade Topology

2

Shut down the Administration Server, all the Managed Servers, and the Node Manager on OIMHOST1 and OIMHOST2.

See, Shutting Down Node Manager, Administration Server, and Managed Servers on OIMHOST1 and OIMHOST2

3

Back up the existing environment.

See, Backing Up the Existing Environment

4

Upgrade OIMHOST1 to 11.1.2.2.0. This is the host with active Administration Server running on it.

See, Upgrading OIMHOST1 to 11.1.2.2.0

5

If your starting point is Oracle Identity Manager 11g Release 1 (11.1.1.5.0), you must upgrade the packages oracle.dogwood.top and oracle.oim.suite to 11.1.2.2.0 on OIMHOST1.

See, Updating Component Versions on OIMHOST1

6

Update the binaries of Oracle WebLogic Server, Oracle SOA Suite, and Oracle Identity Manager on OIMHOST2.

See, Updating Binaries of WebLogic Server, Oracle Identity Manager, and Oracle SOA Suite on OIMHOST2

7

Replicate the domain configuration of OIMHOST1 on OIMHOST2.

To do this, you must pack the domain on OIMHOST1, and unpack it on OIMHOST2.

See, Replicating Domain Configuration on OIMHOST2

8

On OIMHOST2, remove the file setOIMDomainEnv.sh, and upgrade the Oracle Identity Manager middle tier.

See, Upgrading Oracle Identity Manager Middle Tier on OIMHOST2

9

Start the Administration Server and the Managed Servers on OIMHOST1 and OIMHOST2.

See, Starting Node Manager, Administration Server and Managed Servers on OIMHOST1 and OIMHOST2

10

Perform the necessary post-upgrade tasks.

See, Performing Post-Upgrade Tasks

17.3 Shutting Down Node Manager, Administration Server, and Managed Servers on OIMHOST1 and OIMHOST2

Before you begin the upgrade process, you must stop the WebLogic Administration Server, Node Manager, and all the Oracle Identity Manager and SOA Managed Servers on OIMHOST1 and OIMHOST2 in the following order:

  1. Stop the Oracle Identity Manager Managed Server on both OIMHOST1 and OIMHOST2.

  2. Stop the SOA Managed Server on both OIMHOST1 and OIMHOST2.

  3. Stop the WebLogic Administration Server on OIMHOST1.

  4. Stop the Node Manager on OIMHOST1 and OIMHOST2.

For information about stopping the Managed Server, see Section 2.8.1, "Stopping the Managed Server(s)".

For information about stopping the Administration Server, see Section 2.8.2, "Stopping the WebLogic Administration Server".

For information about stopping Node Manager, see Section 2.8.3, "Stopping the Node Manager".

17.4 Backing Up the Existing Environment

After stopping all the servers, you must back up the following before proceeding with the upgrade process:

  • MW_HOME directory (Middleware home directory), including the Oracle Home directories inside Middleware home on both OIMHOST1 and OIMHOST2.

  • Domain Home directory on both OIMHOST1 and OIMHOST2.

  • Following Database schemas:

    • Oracle Identity Manager schema

    • MDS schema

    • ORASDPM schema

    • SOAINFRA schemas

    • OPSS schema (only if you are upgrading 11.1.2.1.0 or 11.1.2 environments)

    For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.

17.5 Upgrading OIMHOST1 to 11.1.2.2.0

In order to upgrade the Oracle Identity Manager high availability environment to 11.1.2.2.0, you must first upgrade OIMHOST1 which has the active Administration Server. The following are some of the important tasks involved in upgrading OIMHOST1 to 11.1.2.2.0:

  • Performing pre-upgrade tasks like reviewing the changes in features of Oracle Identity Manager 11.1.2.2.0, reviewing system requirements and certifications, generating and analyzing the pre-upgrade report, performing necessary pre-upgrade tasks described in the report and so on.

  • Upgrading Oracle Home and Database schemas which includes tasks like upgrading Oracle WebLogic Server, upgrading Oracle SOA Suite, updating Oracle Identity Manager binaries, upgrading Oracle Platform Security Services, upgrading Oracle Identity Manager schemas and so on.

  • Upgrading the Oracle Identity Manager middle tier.

  • Upgrading other Oracle Identity Manager installed components like Oracle Identity Manager Design Console and Oracle Identity Manager Remote manager.

  • Performing any mandatory post-upgrade tasks.

The procedure to upgrade OIMHOST1 depends on your starting point.

17.6 Updating Component Versions on OIMHOST1

If your starting point is Oracle Identity Manager 11g Release 1 (11.1.1.5.0), you must upgrade the packages oracle.dogwood.top and oracle.oim.suite from 11g Release 1 (11.1.1.5.0) to 11g Release 2 (11.1.2.2.0) by running the domain updater utility (com.oracle.cie.domain-update_1.0.0.0.jar) on OIMHOST1. OIMHOST1 is the host on which Administration Server is running. This step updates the domain-info.xml.

Note:

If your starting point is Oracle Identity Manager 11g Release 2 (11.1.2.1.0) or 11g Release 2 (11.1.2), skip this task.

To upgrade the necessary Oracle Identity Manager packages to 11.1.2.2.0, complete the following steps on OIMHOST1:

  1. Go to the directory $ORACLE_HOME/oaam/upgrade. The domain updater utility com.oracle.cie.domain-update_1.0.0.0.jar file is located in this directory.

  2. Upgrade the package oracle.dogwood.top 11.1.1.5.0 to 11.1.2.2.0 by running the following command:

    java -cp $MW_HOME/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater <DOMAIN_HOME> oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0

    For example:

    java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OIMDomain oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0

  3. Upgrade the package oracle.oim.suite 11.1.1.5.0 to 11.1.2.2.0 by running the following command:

    java -cp $MW_HOME/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater <DOMAIN_HOME> oracle.oim.suite:11.1.1.5.0,:11.1.2.2.0

    For example:

    java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OIMDomain oracle.oim.suite:11.1.1.5.0,:11.1.2.2.0

17.7 Updating Binaries of WebLogic Server, Oracle Identity Manager, and Oracle SOA Suite on OIMHOST2

After you upgrade the Oracle Identity Manager environment on OIMHOST1, you must update the binaries of Oracle WebLogic Server, Oracle SOA Suite, and Oracle Identity Manager to 10.3.6, 11.1.1.7.0, and 11.1.2.2.0 versions respectively on OIMHOST2 by doing the following:

  1. Updating Oracle WebLogic Server Binaries to 10.3.6

  2. Updating Oracle SOA Suite Binaries to 11.1.1.7.0

  3. Updating Oracle Identity Manager Binaries to 11.1.2.2.0

17.7.1 Updating Oracle WebLogic Server Binaries to 10.3.6

Oracle Identity and Access Management 11.1.2.2.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Identity Manager environment is using Oracle WebLogic Server 10.3.5 or the previous versions, you must update the Oracle WebLogic Server binaries to 10.3.6 by completing the following steps:

  1. Download the WebLogic 10.3.6 Upgrade Installer from Oracle Technology Network.

    For more information, see "Downloading an Upgrade Installer From My Oracle Support" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

  2. Run the Upgrade Installer in graphical mode to upgrade your WebLogic Server.

    For more information, see "Running the Upgrade Installer in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

17.7.2 Updating Oracle SOA Suite Binaries to 11.1.1.7.0

Oracle Identity Manager 11.1.2.2.0 is certified with Oracle SOA Suite 11g Release 1 (11.1.1.7.0). If you are not using Oracle SOA Suite 11.1.1.7.0, you must update your existing Oracle SOA Suite binaries to 11.1.1.7.0 by completing the steps:

  1. Obtain the Oracle SOA Suite installer 11.1.1.7.0 installer from the location specified in the Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.

  2. Start the Oracle SOA Suite 11.1.1.7.0 installer. For more information, see "Start the Installer" in the Oracle Fusion Middleware Patching Guide.

  3. Update the Oracle SOA Suite binaries to 11.1.1.7.0 using the installer. For more information, see "Applying the Patch Set" in the Oracle Fusion Middleware Patching Guide.

  4. Apply the mandatory Oracle SOA Suite patches required for Oracle Identity Manager 11.1.2.2.0. For more information, see "Mandatory Patches Required for Installing Oracle Identity Manager" in the Oracle Fusion Middleware Release Notes.

17.7.3 Updating Oracle Identity Manager Binaries to 11.1.2.2.0

To update the existing Oracle Identity Manager binaries to Oracle Identity Manager 11.1.2.2.0, you must use the Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) Installer. During the procedure, specify the location of your existing Middleware Home. This upgrades the Oracle Identity Manager binaries 11.1.2.2.0.

For information about updating Oracle Identity Manager binaries to 11.1.2.2.0, see Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".

17.8 Replicating Domain Configuration on OIMHOST2

You must replicate the domain configuration on OIMHOST2. This task involves packing the upgraded domain on OIMHOST1 and unpacking it on OIMHOST2. To do this, complete the following steps:

  1. On OIMHOST1, run the following command from the location $MW_HOME/oracle_common/common/bin to pack the upgraded domain:

    On UNIX:

    sh pack.sh -domain=<Location_of_OIM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -template_name="OIM Domain" -managed=true

    On Windows:

    pack -domain=<Location_of_OIM_domain> -template=<Location_where_domain_configuration_jar_needs_to_be_created> -template_name="OIM Domain" -managed=true

  2. Copy the domain configuration jar file created by the pack command on OIMHOST1 to any accessible location on OIMHOST2.

  3. On OIMHOST2, run the following command from the location $MW_HOME/oracle_common/common/bin to unpack the domain:

    On UNIX:

    sh unpack.sh -domain=<Location_of_OIM_domain> -template=<Location_on_OIMHOST2_where _you_copied_jar_file_created_by_pack_command> -overwrite_domain=true

    On Windows:

    unpack -domain=<Location_of_OIM_domain> -template=<Location_on_OIMHOST2_where _you_copied_jar_file_created_by_pack_command> -overwrite_domain=true

17.9 Upgrading Oracle Identity Manager Middle Tier on OIMHOST2

After you pack the domain on OIMHOST1 and unpack it on OIMHOST2, you must remove the file setOIMDomainEnv.sh (on UNIX) or setOIMDomainEnv.cmd (on Windows) on OIMHOST2, and upgrade the Oracle Identity Manager middle tier on OIMHOST2. To do this, complete the following steps:

  1. Go to the location $DOMAIN_HOME/bin on OIMHOST2.

  2. Remove the file setOIMDomainEnv.sh (on UNIX) or setOIMDomainEnv.cmd (on Windows) by running the following command:

    On UNIX: rm -rf setOIMDomainEnv.sh

    On Windows: del setOIMDomainEnv.cmd

  3. Upgrade the Oracle Identity Manager middle tier to 11.1.2.2.0 on OIMHOST2 The procedure to upgrade Oracle Identity Manager middle tier depends on your starting point:

17.10 Starting Node Manager, Administration Server and Managed Servers on OIMHOST1 and OIMHOST2

Start the Node Manager, WebLogic Administration Server, Oracle SOA Suite Managed Servers, and Oracle Identity Manager Managed Servers on OIMHOST1 and OIMHOST2 in the following order:

  1. On OIMHOST1 and OIMHOST2, start the Node Manager.

  2. On OIMHOST1, start the WebLogic Administration Server.

  3. On OIMHOST1 and OIMHOST2, start the SOA Managed Servers.

  4. On OIMHOST1 and OIMHOST2, start the OIM Managed Servers.

For more information about starting the Node Manager, see Section 2.9.1, "Starting the Node Manager".

For more information about starting the WebLogic Administration Server, see Section 2.9.2, "Starting the WebLogic Administration Server".

For more information about starting the Managed Servers, see Section 2.9.3, "Starting the Managed Server(s)".

17.11 Performing Post-Upgrade Tasks

This section describes the post-upgrade tasks that you must perform after you upgrade Oracle Identity Manager high availability environments to 11.1.2.2.0. This section includes the following topics:

17.11.1 Updating SOA Composites with OHS Attributes

After you upgrade Oracle Identity Manager 11g Release 2 (11.1.2) high availability environment to 11.1.2.2.0, the new SOA composites DefaultOperationalApproval [3.0] and DefaultRequestApproval [3.0] will be configured with the information of OIMHOST2. This can cause request approval malfunction. Therefore, you must update the SOA composites with the attributes of Oracle HTTP Server (OHS).

Note:

This task is required only if you are upgrading Oracle Identity Manager 11g Release 2 (11.1.2) to 11.1.2.2.0.

To update the SOA composites with the attributes of OHS, complete the following steps:

  1. Log in to the Oracle Enterprise Manager Fusion Middleware Control Console using the following URL:

    http://host:port/em

  2. Expand SOA on the left pane, select soa-infra (WLS_SOA1), and then click default.

  3. For the SOA composites DefaultOperationalApproval [3.0] and DefaultRequestApproval [3.0], do the following:

    1. Click the composite name.

    2. In the Component Metrics, click the composite type. For example, click ApprovalTask or ChallengeTask.

    3. Go to the Administration tab, and update the following fields:

      Host Name: Specify the host name of OHS.

      HTTP Port: Is SSL mode, leave this field blank. If non-SSL mode, specify the OHS HTTP port.

      HTTPS Port: If SSL mode, specify the OHS HTTPS port. If non-SSL mode, leave this field blank.

    4. Click Apply.

17.11.2 Updating SOA Config RMI URL for Oracle Identity Manager

After you upgrade to Oracle Identity Manager 11g Release 1 (11.1.1.x.x) high availability environments to Oracle Identity Manager 11.1.2.2.0, you must check the SOA Config RMI URL. If it is empty, or if it is pointing to single Oracle SOA Suite server, then update the SOA Config RMI URL to point to the Oracle SOA Suite cluster (SOA_CLUSTER).

To do this, complete the following steps:

  1. Log in to Oracle Enterprise Manager using the following URL:

    http://host:port/em

  2. Select Farm_IDMDomain –> Identity and Access –> OIM –> oim(version).

  3. Select MBean Browser from the menu or right click to select it.

  4. Select Application defined Mbeans –> oracle.iam –> Server: wls_oim1 –> Application: oim –> XML Config –> Config –> XMLConfig.SOAConfig –> SOAConfig.

  5. Change SOA Config RMI URL to cluster:t3s://SOA_CLUSTER.

  6. Click Apply.

17.12 Troubleshooting

This section describes solutions to the common problems that you might encounter when upgrading Oracle Identity Manager high availability environments to 11.1.2.2.0.

Note:

For information about the issues that you might encounter during the upgrade process, and their workarounds, see Oracle Fusion Middleware Release Notes.

This section contains the following topic:

17.12.1 Exception in Log When Creating Users

After you upgrade Oracle Identity Manager 11.1.1.5.0 high availability environment to Oracle Identity Manager 11.1.2.2.0, you might see the following exception in the logs when you create users:

[2013-11-19T23:41:51.507-08:00] [oim_server1] [ERROR] [] 
[oracle.ods.virtualization.exception] [tid: UCP-worker-thread-19] [userId: 
oiminternal] [ecid: 004utMMAEYz1VcP5Ifp2if00023p000Tdf,0] [APP: 
oim#11.1.1.3.0] Could not initialize default mapping config[[ 
javax.xml.bind.UnmarshalException 
 - with linked exception: 
[java.io.FileNotFoundException: 
/scratch/Oracle/Middleware/user_projects/domains/IDMDomain/config/fmwconfig/ovd/oim/mappings.os_xml
(No such file or directory)

This does not cause the user creation task to fail. However, to eliminate this exception, you must manually copy the file mappings.os_xml from the location $MW_HOME/oracle_common/modules/oracle.ovd_11.1.1/templates/mappings.os_xml to the directory $DOMAIN_HOME/config/fmwconfig/ovd/oim.