This chapter describes how to upgrade Oracle Identity Manager high availability environments to 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.
Note:
Before proceeding, check if your existing Oracle Identity Manager version is supported for high availability upgrade. For more information on supported starting points for high availability upgrade, see Section 1.5, "Supported Starting Points for Upgrading High Availability Environments".This chapter includes the following sections:
Section 17.1, "Understanding Oracle Identity Manager High Availability Upgrade Topology"
Section 17.8, "Replicating Domain Configuration on OIMHOST2"
Section 17.9, "Upgrading Oracle Identity Manager Middle Tier on OIMHOST2"
Figure 17-1 shows the Oracle Identity Manager cluster set up that can be upgraded to 11.1.2.2.0 by following the procedure described in this chapter.
Figure 17-1 Oracle Identity Manager High Availability Upgrade Topology
On OIMHOST1
, the following installations have been performed:
An Oracle Identity Manager instance has been installed in the WLS_OIM1
Managed Server and a SOA instance has been installed in the WLS_SOA1
Managed Server.
A WebLogic Server Administration Server has been installed. Under normal operations, this is the active Administration Server.
On OIMHOST2
, the following installations have been performed:
An Oracle Identity Manager instance has been installed in the WLS_OIM2
Managed Server and a SOA instance has been installed in the WLS_SOA2
Managed Server.
A WebLogic Server Administration Server has been installed. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OIMHOST1
becomes unavailable.
The instances in the WLS_OIM1
and WLS_OIM2
Managed Servers on OIMHOST1
and OIMHOST2
are configured as the OIM_CLUSTER
cluster.
The instances in the WLS_SOA1
and WLS_SOA2
Managed Servers on OIMHOST1
and OIMHOST2
are configured as the SOA_CLUSTER
cluster.
Table 17-1 lists the steps to upgrade Oracle Identity Manager high availability environment illustrated in Figure 17-1 to 11.1.2.2.0.
Table 17-1 Oracle Identity Manager High Availability Upgrade Roadmap
Task No | Task | For More Information |
---|---|---|
1 |
Review the Oracle Identity Manager high availability upgrade topology, and identify |
See, Understanding Oracle Identity Manager High Availability Upgrade Topology |
2 |
Shut down the Administration Server, all the Managed Servers, and the Node Manager on |
See, Shutting Down Node Manager, Administration Server, and Managed Servers on OIMHOST1 and OIMHOST2 |
3 |
Back up the existing environment. |
|
4 |
Upgrade |
|
5 |
If your starting point is Oracle Identity Manager 11g Release 1 (11.1.1.5.0), you must upgrade the packages |
|
6 |
Update the binaries of Oracle WebLogic Server, Oracle SOA Suite, and Oracle Identity Manager on |
See, Updating Binaries of WebLogic Server, Oracle Identity Manager, and Oracle SOA Suite on OIMHOST2 |
7 |
Replicate the domain configuration of To do this, you must pack the domain on |
|
8 |
On |
See, Upgrading Oracle Identity Manager Middle Tier on OIMHOST2 |
9 |
Start the Administration Server and the Managed Servers on |
See, Starting Node Manager, Administration Server and Managed Servers on OIMHOST1 and OIMHOST2 |
10 |
Perform the necessary post-upgrade tasks. |
Before you begin the upgrade process, you must stop the WebLogic Administration Server, Node Manager, and all the Oracle Identity Manager and SOA Managed Servers on OIMHOST1
and OIMHOST2
in the following order:
Stop the Oracle Identity Manager Managed Server on both OIMHOST1
and OIMHOST2
.
Stop the SOA Managed Server on both OIMHOST1
and OIMHOST2
.
Stop the WebLogic Administration Server on OIMHOST1
.
Stop the Node Manager on OIMHOST1
and OIMHOST2
.
For information about stopping the Managed Server, see Section 2.8.1, "Stopping the Managed Server(s)".
For information about stopping the Administration Server, see Section 2.8.2, "Stopping the WebLogic Administration Server".
For information about stopping Node Manager, see Section 2.8.3, "Stopping the Node Manager".
After stopping all the servers, you must back up the following before proceeding with the upgrade process:
MW_HOME
directory (Middleware home directory), including the Oracle Home directories inside Middleware home on both OIMHOST1
and OIMHOST2
.
Domain Home directory on both OIMHOST1
and OIMHOST2
.
Following Database schemas:
Oracle Identity Manager schema
MDS schema
ORASDPM schema
SOAINFRA schemas
OPSS schema (only if you are upgrading 11.1.2.1.0 or 11.1.2 environments)
For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.
In order to upgrade the Oracle Identity Manager high availability environment to 11.1.2.2.0, you must first upgrade OIMHOST1
which has the active Administration Server. The following are some of the important tasks involved in upgrading OIMHOST1
to 11.1.2.2.0:
Performing pre-upgrade tasks like reviewing the changes in features of Oracle Identity Manager 11.1.2.2.0, reviewing system requirements and certifications, generating and analyzing the pre-upgrade report, performing necessary pre-upgrade tasks described in the report and so on.
Upgrading Oracle Home and Database schemas which includes tasks like upgrading Oracle WebLogic Server, upgrading Oracle SOA Suite, updating Oracle Identity Manager binaries, upgrading Oracle Platform Security Services, upgrading Oracle Identity Manager schemas and so on.
Upgrading the Oracle Identity Manager middle tier.
Upgrading other Oracle Identity Manager installed components like Oracle Identity Manager Design Console and Oracle Identity Manager Remote manager.
Performing any mandatory post-upgrade tasks.
The procedure to upgrade OIMHOST1
depends on your starting point.
If your starting point is Oracle Identity Manager 11g Release 2 (11.1.2.1.0) or 11g Release 2 (11.1.2), follow the instructions described in Chapter 5, "Upgrading Oracle Identity Manager 11g Release 2 (11.1.2.x.x) Environments" to upgrade OIMHOST1
to 11.1.2.2.0.
If your starting point is Oracle Identity Manager 11g Release 1 (11.1.1.5.0), follow the instructions described in Chapter 11, "Upgrading Oracle Identity Manager 11g Release 1 (11.1.1.x.x) Environments" to upgrade OIMHOST1
to 11.1.2.2.0.
If your starting point is Oracle Identity Manager 11g Release 1 (11.1.1.5.0), you must upgrade the packages oracle.dogwood.top
and oracle.oim.suite
from 11g Release 1 (11.1.1.5.0) to 11g Release 2 (11.1.2.2.0) by running the domain updater utility (com.oracle.cie.domain-update_1.0.0.0.jar
) on OIMHOST1
. OIMHOST1
is the host on which Administration Server is running. This step updates the domain-info.xml
.
Note:
If your starting point is Oracle Identity Manager 11g Release 2 (11.1.2.1.0) or 11g Release 2 (11.1.2), skip this task.To upgrade the necessary Oracle Identity Manager packages to 11.1.2.2.0, complete the following steps on OIMHOST1
:
Go to the directory $ORACLE_HOME
/oaam/upgrade
. The domain updater utility com.oracle.cie.domain-update_1.0.0.0.jar
file is located in this directory.
Upgrade the package oracle.dogwood.top
11.1.1.5.0 to 11.1.2.2.0 by running the following command:
java -cp
$MW_HOME
/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater
<DOMAIN_HOME>
oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0
For example:
java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OIMDomain oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0
Upgrade the package oracle.oim.suite
11.1.1.5.0 to 11.1.2.2.0 by running the following command:
java -cp
$MW_HOME
/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater
<DOMAIN_HOME>
oracle.oim.suite:11.1.1.5.0,:11.1.2.2.0
For example:
java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OIMDomain oracle.oim.suite:11.1.1.5.0,:11.1.2.2.0
After you upgrade the Oracle Identity Manager environment on OIMHOST1
, you must update the binaries of Oracle WebLogic Server, Oracle SOA Suite, and Oracle Identity Manager to 10.3.6, 11.1.1.7.0, and 11.1.2.2.0 versions respectively on OIMHOST2
by doing the following:
Oracle Identity and Access Management 11.1.2.2.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Identity Manager environment is using Oracle WebLogic Server 10.3.5 or the previous versions, you must update the Oracle WebLogic Server binaries to 10.3.6 by completing the following steps:
Download the WebLogic 10.3.6 Upgrade Installer from Oracle Technology Network.
For more information, see "Downloading an Upgrade Installer From My Oracle Support" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
Run the Upgrade Installer in graphical mode to upgrade your WebLogic Server.
For more information, see "Running the Upgrade Installer in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
Oracle Identity Manager 11.1.2.2.0 is certified with Oracle SOA Suite 11g Release 1 (11.1.1.7.0). If you are not using Oracle SOA Suite 11.1.1.7.0, you must update your existing Oracle SOA Suite binaries to 11.1.1.7.0 by completing the steps:
Obtain the Oracle SOA Suite installer 11.1.1.7.0 installer from the location specified in the Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
Start the Oracle SOA Suite 11.1.1.7.0 installer. For more information, see "Start the Installer" in the Oracle Fusion Middleware Patching Guide.
Update the Oracle SOA Suite binaries to 11.1.1.7.0 using the installer. For more information, see "Applying the Patch Set" in the Oracle Fusion Middleware Patching Guide.
Apply the mandatory Oracle SOA Suite patches required for Oracle Identity Manager 11.1.2.2.0. For more information, see "Mandatory Patches Required for Installing Oracle Identity Manager" in the Oracle Fusion Middleware Release Notes.
To update the existing Oracle Identity Manager binaries to Oracle Identity Manager 11.1.2.2.0, you must use the Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) Installer. During the procedure, specify the location of your existing Middleware Home. This upgrades the Oracle Identity Manager binaries 11.1.2.2.0.
For information about updating Oracle Identity Manager binaries to 11.1.2.2.0, see Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".
You must replicate the domain configuration on OIMHOST2
. This task involves packing the upgraded domain on OIMHOST1
and unpacking it on OIMHOST2
. To do this, complete the following steps:
On OIMHOST1
, run the following command from the location $MW_HOME
/oracle_common/common/bin
to pack the upgraded domain:
On UNIX:
sh pack.sh -domain=
<Location_of_OIM_domain>
-template=
<Location_where_domain_configuration_jar_to_be_created>
-template_name="OIM Domain" -managed=true
On Windows:
pack -domain=
<Location_of_OIM_domain>
-template=
<Location_where_domain_configuration_jar_needs_to_be_created>
-template_name="OIM Domain" -managed=true
Copy the domain configuration jar file created by the pack
command on OIMHOST1
to any accessible location on OIMHOST2
.
On OIMHOST2
, run the following command from the location $MW_HOME
/oracle_common/common/bin
to unpack the domain:
On UNIX:
sh unpack.sh -domain=
<Location_of_OIM_domain>
-template=
<Location_on_OIMHOST2_where _you_copied_jar_file_created_by_pack_command>
-overwrite_domain=true
On Windows:
unpack -domain=
<Location_of_OIM_domain>
-template=
<Location_on_OIMHOST2_where _you_copied_jar_file_created_by_pack_command>
-overwrite_domain=true
After you pack the domain on OIMHOST1
and unpack it on OIMHOST2
, you must remove the file setOIMDomainEnv.sh
(on UNIX) or setOIMDomainEnv.cmd
(on Windows) on OIMHOST2
, and upgrade the Oracle Identity Manager middle tier on OIMHOST2
. To do this, complete the following steps:
Go to the location $DOMAIN_HOME
/bin
on OIMHOST2
.
Remove the file setOIMDomainEnv.sh
(on UNIX) or setOIMDomainEnv.cmd
(on Windows) by running the following command:
On UNIX: rm -rf setOIMDomainEnv.sh
On Windows: del setOIMDomainEnv.cmd
Upgrade the Oracle Identity Manager middle tier to 11.1.2.2.0 on OIMHOST2
The procedure to upgrade Oracle Identity Manager middle tier depends on your starting point:
If your starting point is Oracle Identity Manager 11g Release 2 (11.1.2.1.0) or 11g Release 2 (11.1.2), follow the instructions described in Section 5.4, "Upgrading the Oracle Identity Manager Middle Tier" to upgrade Oracle Identity Manager middle tier to 11.1.2.2.0.
If your starting point is Oracle Identity Manager 11g Release 1 (11.1.1.5.0), follow the instructions described in Section 11.3.11, "Upgrading Oracle Identity Manager Middle Tier" to upgrade Oracle Identity Manager middle tier.
Start the Node Manager, WebLogic Administration Server, Oracle SOA Suite Managed Servers, and Oracle Identity Manager Managed Servers on OIMHOST1
and OIMHOST2
in the following order:
On OIMHOST1
and OIMHOST2
, start the Node Manager.
On OIMHOST1
, start the WebLogic Administration Server.
On OIMHOST1
and OIMHOST2
, start the SOA Managed Servers.
On OIMHOST1
and OIMHOST2
, start the OIM Managed Servers.
For more information about starting the Node Manager, see Section 2.9.1, "Starting the Node Manager".
For more information about starting the WebLogic Administration Server, see Section 2.9.2, "Starting the WebLogic Administration Server".
For more information about starting the Managed Servers, see Section 2.9.3, "Starting the Managed Server(s)".
This section describes the post-upgrade tasks that you must perform after you upgrade Oracle Identity Manager high availability environments to 11.1.2.2.0. This section includes the following topics:
After you upgrade Oracle Identity Manager 11g Release 2 (11.1.2) high availability environment to 11.1.2.2.0, the new SOA composites DefaultOperationalApproval [3.0]
and DefaultRequestApproval [3.0]
will be configured with the information of OIMHOST2
. This can cause request approval malfunction. Therefore, you must update the SOA composites with the attributes of Oracle HTTP Server (OHS).
Note:
This task is required only if you are upgrading Oracle Identity Manager 11g Release 2 (11.1.2) to 11.1.2.2.0.To update the SOA composites with the attributes of OHS, complete the following steps:
Log in to the Oracle Enterprise Manager Fusion Middleware Control Console using the following URL:
http://
host
:
port
/em
Expand SOA on the left pane, select soa-infra (WLS_SOA1), and then click default.
For the SOA composites DefaultOperationalApproval [3.0] and DefaultRequestApproval [3.0], do the following:
Click the composite name.
In the Component Metrics, click the composite type. For example, click ApprovalTask or ChallengeTask.
Go to the Administration tab, and update the following fields:
Host Name: Specify the host name of OHS.
HTTP Port: Is SSL mode, leave this field blank. If non-SSL mode, specify the OHS HTTP port.
HTTPS Port: If SSL mode, specify the OHS HTTPS port. If non-SSL mode, leave this field blank.
Click Apply.
After you upgrade to Oracle Identity Manager 11g Release 1 (11.1.1.x.x) high availability environments to Oracle Identity Manager 11.1.2.2.0, you must check the SOA Config RMI URL. If it is empty, or if it is pointing to single Oracle SOA Suite server, then update the SOA Config RMI URL to point to the Oracle SOA Suite cluster (SOA_CLUSTER).
To do this, complete the following steps:
Log in to Oracle Enterprise Manager using the following URL:
http://
host
:
port
/em
Select Farm_IDMDomain –> Identity and Access –> OIM –> oim(version).
Select MBean Browser from the menu or right click to select it.
Select Application defined Mbeans –> oracle.iam –> Server: wls_oim1 –> Application: oim –> XML Config –> Config –> XMLConfig.SOAConfig –> SOAConfig.
Change SOA Config RMI URL to cluster:t3s://
SOA_CLUSTER
.
Click Apply.
This section describes solutions to the common problems that you might encounter when upgrading Oracle Identity Manager high availability environments to 11.1.2.2.0.
Note:
For information about the issues that you might encounter during the upgrade process, and their workarounds, see Oracle Fusion Middleware Release Notes.This section contains the following topic:
After you upgrade Oracle Identity Manager 11.1.1.5.0 high availability environment to Oracle Identity Manager 11.1.2.2.0, you might see the following exception in the logs when you create users:
[2013-11-19T23:41:51.507-08:00] [oim_server1] [ERROR] [] [oracle.ods.virtualization.exception] [tid: UCP-worker-thread-19] [userId: oiminternal] [ecid: 004utMMAEYz1VcP5Ifp2if00023p000Tdf,0] [APP: oim#11.1.1.3.0] Could not initialize default mapping config[[ javax.xml.bind.UnmarshalException - with linked exception: [java.io.FileNotFoundException: /scratch/Oracle/Middleware/user_projects/domains/IDMDomain/config/fmwconfig/ovd/oim/mappings.os_xml (No such file or directory)
This does not cause the user creation task to fail. However, to eliminate this exception, you must manually copy the file mappings.os_xml
from the location $MW_HOME
/oracle_common/modules/oracle.ovd_11.1.1/templates/mappings.os_xml
to the directory $DOMAIN_HOME
/config/fmwconfig/ovd/oim
.