This chapter describes how to upgrade Oracle Identity Manager 11g Release 2 (11.1.2.1.0) and 11g Release 2 (11.1.2) environments to Oracle Identity Manager 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.
Note:
For information about upgrading Oracle Identity Manager on IBM WebSphere, see "Upgrading Oracle Identity Manager on IBM WebSphere" in the Oracle Fusion Middleware Third-Party Application Server Guide.Note:
This chapter refers to Oracle Identity Manager 11g Release 2 (11.1.2) and 11g Release 2 (11.1.2.1.0) environments as 11.1.2.x.x.This chapter includes the following sections:
The procedure for upgrading Oracle Identity Manager 11.1.2.x.x to 11.1.2.2.0 involves the following high-level steps
Pre-Upgrade Steps: This step involves the necessary pre-upgrade tasks like reviewing system requirements and certification, generating the pre-upgrade report, analyzing the report and performing the necessary pre-upgrade tasks described in the report, backing up the existing 11.1.2.x.x environment.
Upgrading the Oracle Home and Database Schemas: This step involves tasks like upgrading Oracle WebLogic Server, upgrading Oracle SOA Suite, upgrading Oracle Identity Manager binaries, upgrading Oracle Platform Security Services, upgrading JRF, upgrading Oracle Identity Manager schema.
Upgrading the Oracle Identity Manager Middle Tier: This step involves upgrading Oracle Identity Manager middle tier.
Upgrading Other Oracle Identity Manager Installed Components: This step involves tasks like upgrading Oracle Identity Manager Design Console and Oracle Identity Manager Remote Manger to 11.1.2.2.0.
Post-Upgrade Steps: This step involves any post-upgrade tasks, and the steps to verify the upgrade.
Table 5-1 lists the steps to upgrade Oracle Identity Manager 11.1.2.x.x to 11.1.2.2.0.
Table 5-1 Roadmap for Upgrading Oracle Identity Manager 11.1.2.x.x to 11.1.2.2.0
| Sl No | Task | For More Information |
|---|---|---|
|
Pre-Upgrade Steps |
||
|
1 |
Review the changes in the features of Oracle Identity Manager 11.1.2.2.0. |
See, Feature Comparison |
|
2 |
Review system requirements and certifications. |
|
|
3 |
Generate the pre-upgrade report, analyze the information provided in the report, and perform the necessary tasks described in the report before you proceed with the upgrade process. |
|
|
4 |
Back up the existing Oracle Identity Manager 11.1.2.x.x environment. |
See, Backing Up Oracle Identity Manager 11.1.2.x.x Environment |
|
5 |
Set the JVM properties for the Oracle Identity Manager Server(s) using the WebLogic Administration console. |
See, Setting JVM Properties for Oracle Identity Manager Server(s) |
|
6 |
Stop the Node Manager, WebLogic Administration Server, Oracle SOA Suite Managed Server(s), and the Oracle Identity Manager Managed Server(s). |
See, Shutting Down Node Manager, Administration Server and Managed Server(s) |
|
Upgrading the Oracle Home and Database Schemas |
||
|
7 |
If you are not using Oracle WebLogic Server 10.3.6, and you must upgrade Oracle WebLogic Server to 10.3.6. |
|
|
8 |
Upgrade your existing Oracle SOA Suite to Oracle SOA Suite 11g Release 1 (11.1.1.7.0). |
|
|
9 |
Update the Oracle Identity Manager 11.1.2.x.x binaries to 11.1.2.2.0. |
See, Upgrading Oracle Identity Manager Binaries to 11.1.2.2.0 |
|
10 |
Upgrade the OPSS, MDS, OIM, ORASDPM, and SOAINFRA schemas using the Patch Set Assistant. |
See, Upgrading Schemas |
|
11 |
Upgrade the Oracle Platform Security Services (OPSS) by running the WLST command |
|
|
12 |
Upgrade the Java Required Files (JRF). |
|
|
Upgrading the Oracle Identity Manager Middle Tier |
||
|
13 |
Start the WebLogic Administration Server, and the SOA Managed Server(s), if not already started. |
See, Starting Administration Server and SOA Managed Server(s) |
|
14 |
Upgrade the existing Oracle Identity Manager middle tier. |
|
|
15 |
Restart the WebLogic Administration Server, Oracle Identity Manager Managed Server(s), and the SOA Managed Server(s). |
|
|
Upgrading Other Oracle Identity Manager Installed Components |
||
|
16 |
Upgrade the Oracle Identity Manager Design Console to 11.1.2.2.0. |
|
|
17 |
Upgrade the Oracle Identity Manager Remote Manager to 11.1.2.2.0. |
|
|
Post-Upgrade Steps |
||
|
18 |
Perform all mandatory post-upgrade steps. |
|
|
19 |
Verify the Oracle Identity Manager upgrade. |
This section describes all the pre-upgrade steps that you must complete before you start upgrading the Oracle Identity Manager 11.1.2.x.x environment. This section includes the following topics:
Setting JVM Properties for Oracle Identity Manager Server(s)
Shutting Down Node Manager, Administration Server and Managed Server(s)
Table 5-2 lists the key differences in functionality between Oracle Identity Manager 11g Release 2 (11.1.2), 11g Release 2 (11.1.2.1.0), and 11g Release 2 (11.1.2.2.0).
| Oracle Identity Manager 11.1.2 and/or 11.1.2.1.0 | Oracle Identity Manager 11.1.2.2.0 |
|---|---|
|
Oracle Identity Manager 11.1.2 provided Identity Attestation to periodically review users access. For advanced access review capabilities such as role or data owner certification, OIM 11.1.2 had to be integrated with Oracle Identity Analytics (OIA) to leverage the advanced access review capabilities that OIA provided. |
In Oracle Identity Manager 11.1.2.1.0 and 11.1.2.2.0, the advanced access review capabilities of OIA are converged into OIM to provide a complete identity governance platform that enables an enterprise to do enterprise grade access request, provisioning, and access review from a single product. After upgrading to Oracle Identity Manager 11.1.2.2.0, you can use the new access review capabilities. This feature is disabled by default. Therefore, you must ensure that you have relevant licenses before enabling this new feature. |
|
In Oracle Identity Manager 11.1.2.1.0, certification was introduced and the workflow supported one level of access review in each phase. |
Certification workflow in 11.1.2.2.0 enables business to define more robust processes for compliance, enabling more granular oversight of "who has access to what". Certification reviews can mirror access request workflow, where they can be reviewed or approved by multiple sets of business and IT owners before they are deemed complete in each phase. This ensures improved visibility of user access privileges, and all review decisions are captured in a comprehensive audit trail that is recorded live during the certification as well as in reports. |
|
In Oracle Identity Manager 11.1.2 and 11.1.2.1.0, users are assigned to organizations by specifying an organization name in the |
In Oracle Identity Manager 11.1.2.2.0, in addition to the existing feature, you can dynamically assign users to organizations based on user-membership rules, which you can define in the Members tab of the organization details page. All users who satisfy the user-membership rule are dynamically associated with the organization, irrespective of the organization hierarchy the users statically belong to. With this new capability, a user can gain membership of one home organization via static membership and multiple secondary organizations via user-membership rules that are dynamically evaluated. |
|
Oracle Identity Manager 11.1.2 and 11.1.2.1.0 uses the Fusion Fx skin which provides a rich look and feel. |
Oracle Identity Manager 11.1.2.2.0 uses Skyros skin. This is a light-weight skin that uses fewer background images and does not need gradients. This ensures that the UI renders allot faster and UI skinning becomes easier. After you upgrade to OIM 11.1.2.2.0, the Skyros skin will be enabled by default. There is also an option to revert back to the Fusion Fx skin post upgrade. |
|
In Oracle Identity Manager 11.1.2 and 11.1.2.1.0, you had to explicitly request for an account and ensure it was provisioned before you could request for an entitlement in that account. If you requested for an entitlement and did not have the corresponding account, the request fails. |
In Oracle Identity Manager 11.1.2.2.0, entitlement and account dependency are introduced in the OIM catalog. After you upgrade to Oracle Identity Manager 11.1.2.2.0, this new feature allows you to request for the following:
|
|
In Oracle Identity Manager 11.1.2, catalog was introduced to provide meaningful and contextual information to end users during the request and access review. The catalog allows you to associate meaningful metadata against any request able entity. |
In Oracle Identity Manager 11.1.2.2.0, in addition to the catalog metadata, you can enable the display of hierarchical attributes of entitlements to requesters, approvers, and certifiers to view additional details of entitlements (hierarchical attributes) in the catalog detail screen. The additional details of entitlements is called technical glossary. The technical glossary is displayed in a tree structure. |
|
The catalog in Oracle Identity Manager 11.1.2 and 11.1.2.1.0 supports simple entitlements when you request for an entitlement. A simple entitlement has a single attribute. |
The catalog in Oracle Identity Manager 11.1.2.2.0 supports request for complex entitlements. A complex entitlement is an entitlement with more than one attribute. These attributes will be presented in an Entitlement Form on the request check out page. |
|
In Oracle Identity Manager 11.1.2 and 11.1.2.1.0, you cannot save a request in draft mode. If you cannot complete the access request, you must start the entire request process from the beginning when you resume. |
In Oracle Identity Manager 11.1.2.2.0, you can use the draft request feature and save any request as a draft at any point of time. Once a request is saved as a draft, you can return to the self service console whenever required and continue with the data that you provided earlier. |
|
The data rich and stateful nature of the Oracle Identity Manager causes state-related data to accumulate which in turn slows down the deployment. OIM customers are encouraged to run the archive and purge scripts frequently. The archive and purge utilities in Oracle Identity Manager 11.1.2 and 11.1.2.1.0 are command line based, and requires you to navigate through an interactive wizard. This requires manual intervention each time archive and purge is run. |
In Oracle Identity Manager 11.1.2.2.0, real time continuous archive and purge utilities are available. You can define the archive and purge thresholds and parameters, and schedule the utilities to run automatically in periodic intervals. |
|
In Oracle Identity Manager 11.1.2 and 11.1.2.1.0, Diagnostic Dashboard is used to validate pre installation and post installation requirements. Diagnostic Dashboard is a standalone web application that runs on the application server. It also provides very rudimentary mechanisms to trace and diagnose orchestration errors. |
In Oracle Identity Manager 11.1.2.2.0, you can use the Fusion Middleware Enterprise Manager console to view the configuration and state of operations in Oracle Identity Manager. |
Before you start the upgrade process, you must read the system requirements and certification document to ensure that your system meets the minimum requirements for the products you are installing or upgrading to. For more information see Section 2.1, "Reviewing System Requirements and Certification".
You must run the pre-upgrade report utility before you begin the upgrade process, and address all the issues listed as part of this report with the solution provided in the report. The pre-upgrade report utility analyzes your existing Oracle Identity Manager 11.1.2.x.x environment, and provides information about the mandatory prerequisites that you must complete before you upgrade the existing Oracle Identity Manager environment.
The information in the pre-upgrade report for 11.1.2 starting point is related to challenge questions localization, authorization feature data upgrade, event handlers that are affected by upgrade, and mandatory database components or settings.
The information in the pre-upgrade report for 11.1.2.1.0 starting point is related to challenge questions localization, authorization feature upgrade, mandatory database components or settings, cyclic groups in LDAP that need to be removed, certification records processed during the upgrade, and the potential application instance creation issues.
Note:
Run this report until no pending issues are listed in the report.It is important to address all the issues listed in the pre-upgrade report, before you can proceed with the upgrade, as upgrade might fail if the issues are not fixed.
To generate and analyze the pre-upgrade report, complete the tasks described in the following sections:
You must download the pre-upgrade utility from Oracle Technology Network (OTN). The utility is available in two zip files named PreUpgradeReport.zip.001 and PreUpgradeReport.zip.002, along with ReadMe.doc at the following location on My Oracle Support:
My Oracle Support document ID 1599043.1
The ReadMe.doc contains information about how to generate and analyze the pre-upgrade reports.
To generate the pre-upgrade report for Oracle Identity Manager 11.1.2.x.x upgrade, do the following:
Create a directory at any location and extract the contents of PreUpgradeReport.zip.001 and PreUpgradeReport.zip.002 in the newly created directory.
Create a directory where pre-upgrade reports need to be generated. For example, name the directory OIM_preupgrade_reports.
Go to the directory where you extracted PreUpgradeReport.zip.001 and PreUpgradeReport.zip.002, and open the preupgrade_report_input.properties file in a text editor. Update the properties file by specifying the appropriate values for the parameters listed in Table 5-3:
Table 5-3 Parameters to be Specified in the preupgrade_report_input.properties File
| Parameter | Description |
|---|---|
|
|
Specify |
|
|
Specify the JDBC URL for Oracle Identity Manager in the following format:
|
|
|
Specify the name of the OIM schema owner. |
|
|
Specify the MDS JDBC URL in the following format:
|
|
|
Specify the name of the MDS schema owner. |
|
|
Specify the user with DBA privilege. For example, |
|
|
Specify the absolute path to the directory that you created in step-2 (directory with name Make sure that the output report folder has read and write permissions. |
|
|
Specify the absolute path to the OIM Home. |
|
|
Specify the absolute path to the Oracle Identity Manager domain home. For example:
|
|
|
Specify the absolute path to the WebLogic Server home. For example:
|
Set the environment variables JAVA_HOME, MW_HOME, WL_HOME, and OIM_HOME by running the following commands:
On UNIX:
export JAVA_HOME=<absolute_path_to_jdk_location>
export MW_HOME=<absolute_path_to_middleware_home>
export OIM_HOME=<absolute_path_to_middleware_home>/Oracle_IDM1/
On Windows:
set JAVA_HOME="<absolute_path_to_jdk_location>"
set MW_HOME="<absolute_path_to_middleware_home>"
set OIM_HOME="<absolute_path_to_middleware_home>\Oracle_IDM1\"
Run the following command from the location where you extracted the contents of PreUpgradeReport.zip.001 and PreUpgradeReport.zip.002.
On UNIX:
sh generatePreUpgradeReport.sh
On Windows:
generatePreUpgradeReport.bat
Provide the details when the following is prompted:
OIM Schema Password
You must enter the password of the OIM schema.
DBA Password
You must enter the password of the Database Administrator.
The reports are generated as HTML pages at the location you specified for the parameter oim.outputreportfolder in the preupgrade_report_input.properties file. The logs are stored in the log file preUpgradeReport<time>.log in the folder logs at the same location.
The following are the reports generated by the pre-upgrade report utility:
Pre-Upgrade Reports Generated for 11.1.2 Starting Point
index.html
ChallengeQuesPreUpgradeReport.html
DomainReassocAuthorization.html
EVENT_HANDLERPreUpgradeReport.html
ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReport.html
ORACLE_ONLINE_PURGEPreUpgradeReport.html
PasswordPolicyPreUpgradeReport.html
UDFPreUpgradeReport.html
WLSMBEANPreUpgradeReport.html
Pre-Upgrade Reports Generated for 11.1.2.1.0 Starting Point
index.html
CertificationUpgradeReport.html
ChallengeQuesPreUpgradeReport.html
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport.html
DomainReassocAuthorization.html
ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReport.html
ORACLE_ONLINE_PURGEPreUpgradeReport.html
PasswordPolicyPreUpgradeReport.html
PROVISIONINGPreUpgradeReport.html
UDFPreUpgradeReport.html
WLSMBEANPreUpgradeReport.html
After you generate the pre-upgrade report, you must review each of the reports, and perform all the tasks described in them. If you do not perform the mandatory tasks described in the report before you upgrade, the upgrade might fail.
Table 5-4 lists all the pre-upgrade reports, describes what information each report contains, and provides links to the detailed description of each report.
Table 5-4 Description of Pre-Upgrade Reports
| Sl No | HTML Report Name | Generated for the Starting Points | Description | For Detailed Description |
|---|---|---|---|---|
|
1 |
|
11.1.2 11.1.2.1.0 |
This report provides links to all the other reports generated by the pre-upgrade report utility. It also states that you must run the pre-upgrade report utility till no pending issues are listed in this report. |
|
|
2 |
|
11.1.2.1.0 |
This report lists the certification records processed during the upgrade of snapshot data. You must review the information provided in this report. |
|
|
3 |
|
11.1.2 11.1.2.1.0 |
This report provides information about upgrading localized challenge questions data. This report is generated for Oracle Identity Manager upgrade on WebLogic Server only. When you upgrade Oracle Identity Manager 11.1.2.x.x to 11.1.2.2.0, the existing localization data for challenge questions is lost. Therefore, before proceeding with the upgrade process, you must backup the existing localized challenge questions data. After you upgrade to Oracle Identity Manager 11.1.2.2.0, you must perform the tasks described in this report. If you have already migrated the localized challenge questions data per new localization model provided in Oracle Identity Manager 11g Release 2 (11.1.2.0.11) or (11.1.2.1.3), then skip the tasks described in this report. |
See, Description of ChallengeQuesPreUpgradeReport.html Report |
|
4 |
|
11.1.2.1.0 |
This report detects and displays the list of cyclic groups in LDAP. Cyclic groups in LDAP directory are not supported in 11.1.2.2.0. Therefore, you must remove the cyclic dependency from existing Oracle Identity Manager setup and reconcile data from LDAP to Oracle Identity Manager Database. The procedure for doing this is described in the report. |
See, Description of CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport.html Report |
|
5 |
|
11.1.2 11.1.2.1.0 |
This report lists the checks executed for authorization feature data upgrade. It checks if the Oracle Identity Manager is reassociated with the DB-based policy store. Review the table that lists the checks executed and the status of the checks. |
|
|
6 |
|
11.1.2 |
This report lists the event handlers that are affected by the upgrade. Review the details in the report, and perform any necessary resolution tasks specified in the report. |
See, Description of EVENT_HANDLERPreUpgradeReport.html Report |
|
7 |
|
11.1.2 11.1.2.1.0 |
This report provides the status of the mandatory database components or settings for Oracle Identity Manager upgrade. Verify the installation or setup status for each of the mandatory component or setting. If any of the component or setting is not setup correctly, follow the recommendations provided in the report to fix them. |
See, Description of ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReport.html Report |
|
8 |
|
11.1.2 11.1.2.1.0 |
This report lists the pre-requisites for Online Purge that needs to be addressed before you proceed with the upgrade. This report will not be generated if there is no action item related to purge. |
See, Description of ORACLE_ONLINE_PURGEPreUpgradeReport.html Report |
|
9 |
|
11.1.2 |
This report lists the potential upgrade issues for password policies. If you are relying on 9.1.x.x password policy model, you must update to new password policies, as 9.1.x.x password policy model is not supported in 11.1.2.2.0. Review the report and assign the password policies listed in the report to appropriate organization(s). |
See, Description of PasswordPolicyPreUpgradeReport.html Report |
|
10 |
|
11.1.2.1.0 |
This report lists the potential application instance creation issues. It provides information about the following:
Review all the sections in the report and perform necessary tasks. |
See, Description of PROVISIONINGPreUpgradeReport.html Report |
|
11 |
|
11.1.2 11.1.2.1.0 |
This report lists the tasks that you must perform prior to upgrade to ensure that the User Defined Fields (UDFs) are upgraded seamlessly. Perform all the necessary tasks described in this report. |
|
|
12 |
|
11.1.2 11.1.2.1.0 |
This report lists the |
The report index.html is generated for both 11.1.2 and 11.1.2.1.0 starting points. This is the index page that contains links to the other reports.
Table 5-5 lists the reports displayed in index.html for the starting point 11.1.2, and their corresponding HTML report names.
Table 5-5 Reports Listed in index.html for Starting Point 11.1.2
| Report Name in index.html | Corresponding HTML Report |
|---|---|
|
Installation Status of Mandatory Database Components |
|
|
Installation Status of UDF |
|
|
Status of Mandatory deletion of OIM Authenticator Jar(s) |
|
|
Event Handlers affected during upgrade |
|
|
Domain Reassociation report |
|
|
Challenge Questions report |
|
|
Potential upgrade issues for Password Policies |
|
|
Prerequisites for Online Purge |
|
Table 5-6 lists the reports displayed in index.html for the starting point 11.1.2.1.0, and their corresponding HTML report names.
Table 5-6 Reports Listed in index.html for Starting Point 11.1.2.1.0
| Report Name in index.html | Corresponding HTML Report |
|---|---|
|
Installation Status of Mandatory Database Components |
|
|
Installation Status of UDF |
|
|
Status of Mandatory deletion of OIM Authenticator Jar(s) |
|
|
Certification Report |
|
|
Domain Reassociation report |
|
|
Challenge Questions report |
|
|
List of cyclic groups in LDAP directory |
|
|
List of potential app instance creation issues |
|
|
Potential upgrade issues for Password Policies |
|
|
Prerequisites for Online Purge |
|
The report CertificationUpgradeReport.html lists the certification records processed during the upgrade of snapshot data. This report displays a table that contains the certification record ID, column name, current value, and the new value. Review the information provided in the table.
The report ChallengeQuesPreUpgradeReport.html is generated for both 11.1.2 and 11.1.2.1.0 starting points.
When you upgrade Oracle Identity Manager 11.1.2.x.x to 11.1.2.2.0, the existing localization data for challenge questions is lost as it is not upgrade-safe. Therefore, before you upgrade to Oracle Identity Manager 11.1.2.2.0, you must backup the existing localized challenge questions data.
After you upgrade to 11.1.2.2.0, perform the tasks described in this report to localize challenge questions. Follow the instructions in the section applicable for your starting point.
Note:
If you have already migrated the localized challenge questions data per localization model provided in Oracle Identity Manager 11g Release 2 (11.1.2.0.11) or (11.1.2.1.3), ignore the tasks described in this report.The report CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport.html provides information about the Cyclic groups in LDAP directory.
Oracle Identity Manager 11.1.2.2.0 does not support cyclic groups in the LDAP directory. Therefore, you must remove any cyclic dependency from your existing setup and reconcile data from LDAP to Oracle Identity Manager Database, before you proceed with the upgrade.
For more information about removing the cyclic groups dependent on LDAP, see Removing Cyclical Groups Dependent on LDAP and Reconciling Data From LDAP to OIM Database. The procedure for removing cyclic groups is also described in this report.
Removing Cyclical Groups Dependent on LDAP and Reconciling Data From LDAP to OIM Database
If the LDAP in your existing Oracle Identity Manager environment has cyclic groups loaded, you must remove the cyclic groups by doing the following:.
Use JEXplorer or Softerra LDAP Administrator and navigate to the cyclic groups.
Look for uniquemember attribute.
Remove all values from the attribute.
Save the group.
Reconcile the data from LDAP to Oracle Identity Manager Database by running the following command:
On UNIX: LDAPConfigPostSetup.sh
On Windows: LDAPConfigPostSetup.bat
If you have cyclic group dependency between two groups: Group1 and Group2, do the following to remove cyclic dependency:
Connect to LDAP using JEXplorer or Softerra LDAP.
Go to the group container of Group1.
Go to the uniquemember attribute under Group1.
Remove the value of Group2, from unique members, and save the change made.
Run LDAPConfigPostSetup.sh (on UNIX) or LDAPConfigPostSetup.bat (on Windows) to reconcile data from LDAP to Oracle Identity Manager database.
The report DomainReassocAuthorization.html is generated for both 11.1.2 and 11.1.2.1.0 starting points.
It checks if the Oracle Identity Manager domain is reassociated to Database based policy store and displays the result in the Result column. Review the checks executed and the result of the checks.
The report EVENT_HANDLERPreUpgradeReport.html is generated only for the 11.1.2 starting point.
This report lists all the event handlers that are affected during upgrade. It displays a table with information related to the event handler XML, event handler name, entity type, operation, and stage. The table also contains a Resolution/Information column which provides any resolution tasks that need to be completed. Review the information in the table.
The report ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReport.html is generated for both 11.1.2 and 11.1.2.1.0 starting points.
This report lists all the mandatory database components or settings for Oracle Identity Manager 11.1.2.x.x upgrade. This report contains a table which lists the component or setting, it's installation or setup status, and recommendations if any. You must review the installation or setup status for each of the mandatory component or setting listed in the table. If the component or setting is not setup correctly, follow the recommendations specified in the Note column of the table in the report to fix them.
Before you upgrade Oracle Identity Manager 11.1.2.x.x to 11.1.2.2.0, you must complete the pre-requisites for online purge.
The table in this report lists the database tables on which the mentioned pre-upgrade steps need to be performed before you upgrade. The table also shows the status of the database tables in OIM schema and Note section. Review the table, and perform the actions required.
The report PasswordPolicyPreUpgradeReport.html lists the potential upgrade issues for password policies. If you are using 9.1.x.x password policy model, you must update them to new password policies. The 9.1.x.x password policy model is no longer supported for Users, and any such customizations done are not migrated to the new password policy model. A default password policy is seeded at TOP organization that needs to be revisited.
This report contains a table that lists the password policies that are attached to the Xellerate User resource object according to the 9.1.x.x password policy model. You must assign those password policies to appropriate organization(s).
The report PROVISIONINGPreUpgradeReport.html is generated only for 11.1.2.1.0 starting point.
This report lists the potential application instances creation issues. The report contains the following sections:
Provisioning, Entitlement, and Access Policy Configuration Details
List of Resource Objects without ITResource field Type in Process Form
List of Resource Objects with multiple ITResource Lookup fields in Process Form
List of Access Policies without ITResource value set in default policy data
List of Access Policies with Revoke If No Longer Applies flag unchecked
Provisioning, Entitlement, and Access Policy Configuration Details
This section describes the steps you must complete before you upgrade Oracle Identity Manager 11.1.2.1.0 to 11.1.2.2.0. These steps are related to provisioning, entitlement, and access policy configuration. Complete all the steps described in this section of the report.
List of Resource Objects without Process Form
This section provides information about the resource objects in Oracle Identity Manager 11.1.2.1.0 that do not have process form. Each resource object must have a process form associated with it. Therefore, if a resource object is not associated with a process form, you must associate the resource object with a process form before you start the upgrade process. Review the table in this section of the report, that lists the details of the resource objects without process form.
List of Resource Objects without ITResource field Type in Process Form
This section provides information about the resource objects without ITResource field type in their respective process forms. Review the table in this section of the report, which contains more details. If your Oracle Identity Manager 11.1.2.1.0 has resource objects without ITResource field in their process forms, do the following:
Create appropriate IT resource definition.
Create IT resource instance for the same corresponding to the target that is being provisioned.
Edit the process form and add a field of type "ITResource" to the process form. Set the following properties:
Type=IT Resource definition created in step-1
ITResource=true
Activate the form.
Update the IT resource field on existing provisioned accounts using FVC Utility.
Once the above steps are completed, you can create application instances corresponding to the Resource Object+ITResource combination.
List of Resource Objects with multiple ITResource Lookup fields in Process Form
This section provides information about the resource objects that have multiple lookup fields in their process form. In the Oracle Identity Manager 11.1.2.1.0 environment, if you have resource objects with multiple ITResource set in the process form, you must set the value of the property ITResource Type to true for at least one of the attributes.
List of Access Policies without ITResource value set in default policy data
This section lists the access policies for which the ITResource values of the resource objects should be set in the default policy data. The table in this section lists the access policies in Oracle Identity Manager 11.1.2.1.0 for which ITResource field is missing. You must set the values of ITResurce field for each of the access policy listed in the table.
List of Access Policies with Revoke If No Longer Applies flag unchecked
This section lists the access policies that have Revoke If No Longer Applies flag unchecked. The table in this section contains the list of access policies that will be updated to Disable If No Longer Applies, during upgrade. The table also indicates if tasks for enable, disable, revoke actions are not defined for these policies. You must add the missing tasks before you proceed with the upgrade. Also, if you want the behavior of the policy to change to RNLA checked, you must check the RNLA flag for the respective policy.
List of Entitlements stored in Lookup definitions that do not have IT Resource Key in the lookup encode value
This section lists entitlements stored in lookup definitions that do not have IT Resource Key pretended to their encoding values using "~". Entitlements stored in lookup definitions need IT Resource Key prepended to the encoded values using "~". Review the table in this section of the pre-upgrade report, which contains more details.
The report UDFPreUpgradeReport.html lists the steps that you must complete before you proceed with the upgrade process, to ensure that the User Defined Fields/Attributes (UDFs) are upgraded seamlessly.
Note that you may have to edit the entity xml file manually. To edit a file in MetaData Services (MDS), you must export the file from MDS repository. After making the required changes, you must import the file back to MDS.
This report contains the following tables:
Table that lists the path to the entity XML file in MDS corresponding to a particular entity type
Table that lists the UDFs with inconsistent max-size. You must edit the entity xml file per the list provided in the table, to change the max-size of the attributes to expected values, and re-import the file back into MDS.
Table that lists the UDFs with inconsistent default values. You must edit the corresponding entity xml file manually to change the default value to one of the allowed values.
The report WLSMBEANPreUpgradeReport.html lists the .jar files in WebLogic mbeans path that need to be deleted prior to middle tier upgrade. The report contains a table that lists the .jar files, their status whether they are present in the WebLogic mbean path, and the action required. Review the information provided in the table, and perform necessary action.
You must back up your existing Oracle Identity Manager 11.1.2.x.x environment before you upgrade to Oracle Identity Manager 11.1.2.2.0.
After stopping the servers, back up the following:
MW_HOME directory, including the Oracle Home directories inside Middleware Home
Domain Home directory
Oracle Identity Manager schema
MDS schema
ORASDPM schema
SOAINFRA schemas
OPSS schema
For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.
This task is required for optimizing UI performance. Therefore, it is recommended that you set additional JVM properties for the Oracle Identity Manager Server(s) using the WebLogic Administration console. To do this, complete the following steps:
Log in to the WebLogic Administration console using the following URL:
http://admin_host:admin_port/console
Click Servers.
Select the Oracle Identity Manager server.
Click Server Start, and then click Arguments.
Add the following application module settings for the Oracle Identity Manager Server(s):
-Djbo.ampool.doampooling=true
-Djbo.ampool.minavailablesize=1
-Djbo.ampool.maxavailablesize=120
-Djbo.recyclethreshold=60
-Djbo.ampool.timetolive=-1
-Djbo.load.components.lazily=true
-Djbo.doconnectionpooling=true
-Djbo.txn.disconnect_level=1
-Djbo.connectfailover=false
-Djbo.max.cursors=5
-Doracle.jdbc.implicitStatementCacheSize=5
-Doracle.jdbc.maxCachedBufferSize=19
-XX:ReservedCodeCacheSize=128m
Note:
The recommended values for the argumented specified assume 100 concurrent users per node. Therefore, the value specified for the argument-Djbo.ampool.maxavailablesize is 120 (that is, 100 * 1.20). If the number of concurrent users per node is different, use the following formula to calculate the value that you must specify for the argument -Djbo.ampool.maxavailablesize:
-Djbo.ampool.maxavailablesize = <Number_of_concurrent_users> * 1.20
Restart the Oracle Identity Manager Server(s). To restart Managed Server(s), stop the server(s) first and start them again.
For more information about stopping a Managed Server, see Section 2.8.1, "Stopping the Managed Server(s)".
For more information about starting a Managed Server, see Section 2.9.3, "Starting the Managed Server(s)".
The upgrade process involves changes to the binaries and to the schema. Therefore, before you begin the upgrade process, you must shut down the Oracle Identity Manager Managed Server(s), SOA Managed Server(s), WebLogic Administration Server, and the Node Manager.
For information about stopping the WebLogic Administration Server, Managed Server(s), and the Node Manager, see Section 2.8, "Stopping the Servers".
This section describes the tasks to be completed to upgrade the existing Oracle home and Database schemas.
This section includes the following topics:
Oracle Identity and Access Management 11.1.2.2.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Identity Manager environment is using Oracle WebLogic Server 10.3.5 or the previous versions, you must upgrade Oracle WebLogic Server to 10.3.6.
For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 2.3, "Upgrading to Oracle WebLogic Server 10.3.6".
Oracle Identity Manager 11.1.2.2.0 is certified with Oracle SOA Suite 11g Release 1 (11.1.1.7.0). If you are not using Oracle SOA Suite 11.1.1.7.0, you must upgrade your existing Oracle SOA Suite to 11.1.1.7.0 by completing the tasks listed in Table 5-7.
Table 5-7 Tasks to Upgrade SOA to 11.1.1.7.0
| Sl No | Task | For More Information |
|---|---|---|
|
1 |
Review the system requirements and specifications before you start upgrading Oracle SOA Suite to 11.1.1.7.0. |
See, Oracle Fusion Middleware System Requirements and Specifications |
|
2 |
Obtain the Oracle SOA Suite 11.1.1.7.0 installer. |
See, Oracle Fusion Middleware Download, Installation, and Configuration ReadMe |
|
3 |
Start the Oracle SOA Suite 11.1.1.7.0 installer. |
See, "Start the Installer" in the Oracle Fusion Middleware Patching Guide |
|
4 |
Update the Oracle SOA Suite binaries to 11.1.1.7.0. |
See, "Applying the Patch Set" in the Oracle Fusion Middleware Patching Guide |
|
5 |
Apply the mandatory Oracle SOA Suite patches. |
See, "Mandatory Patches Required for Installing Oracle Identity Manager" in the Oracle Fusion Middleware Release Notes. |
|
6 |
Perform the following post-patching tasks for Oracle SOA Suite:
Make sure you have started the WebLogic Administration Server and the SOA Managed Servers before you perform the post-patching tasks. |
See the following sections in the Oracle Fusion Middleware Patching Guide for 11g Release 1 (11.1.1.7.0):
Post-patching tasks for SOA are not required out-of-the-box. However, you must review them and apply per your functional requirements. |
You must upgrade the Oracle Identity Manager 11.1.2.x.x binaries Oracle Identity Manager 11.1.2.2.0 using the Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) Installer. During the procedure, point the Middleware Home to your existing 11.1.2.x.x Middleware Home. This upgrades the Oracle Identity Manager binaries 11.1.2.2.0.
Note:
Before upgrading the Oracle Identity Manager binaries to 11g Release 2 (11.1.2.2.0), you must ensure that the OPatch version inORACLE_HOME and MW_HOME/oracle_common is 11.1.0.9.9. Different OPatch version might cause patch application failure. If you have upgraded opatch to a newer version, you will have to roll back to version 11.1.0.9.9.For information about updating Oracle Identity Manager binaries to 11.1.2.2.0, see Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0).
After the binary upgrade, check the installer logs at the following location:
On UNIX: ORACLE_INVENTORY_LOCATION/logs
To find the location of the Oracle Inventory directory on UNIX, check the file ORACLE_HOME/oraInst.loc.
On Windows: ORACLE_INVENTORY_LOCATION\logs
The default location of the Oracle Inventory Directory on Windows is C:\Program Files\Oracle\Inventory\logs.
The following install log files are written to the log directory:
installDATE-TIME_STAMP.log
installDATE-TIME_STAMP.out
installActionsDATE-TIME_STAMP.log
installProfileDATE-TIME_STAMP.log
oraInstallDATE-TIME_STAMP.err
oraInstallDATE-TIME_STAMP.log
After you update Oracle Identity Manager binaries to 11.1.2.2.0, you must upgrade the following schemas using Patch Set Assistant (PSA):
OPSS schema
MDS schema
OIM schema
ORASDPM schema
SOAINFRA schema
When you select the Oracle Identity Manager Schema, it automatically selects all dependent schemas and upgrades them too.
For information about upgrading schemas using the Patch Set Assistant, see Upgrading Schemas Using Patch Set Assistant.
After you upgrade schemas, verify the upgrade by checking the version numbers of the schemas as described in Version Numbers After Upgrading Schemas.
Version Numbers After Upgrading Schemas
Connect to oim schema as oim_schema_user, and run the following query:
select version,status,upgraded from schema_version_registry where owner=<SCHEMA_NAME>;
Ensure that the version numbers are upgraded, as listed in Table 5-8:
After you upgrade schemas, you must upgrade Oracle Platform Security Services (OPSS).
Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Identity Manager to 11.1.2.2.0. It upgrades the jps-config.xml file and policy stores.
For information about upgrading Oracle Platform Security Services, see Section 2.7, "Upgrading Oracle Platform Security Services".
For each WebLogic Server domain, you must run the upgradeJRF() WLST command to update the shared libraries in your domain. To do this, complete the following steps:
Stop all running instances, Managed Servers, Administration Server, and Node Manager in the domain. For information about stopping the servers, see Section 2.8, "Stopping the Servers".
Launch WebLogic Scripting Tool (WLST) by running the following commands:
On UNIX:
cd MW_HOME/oracle_common/common/bin
./wlst.sh
On Windows:
cd MW_HOME\oracle_common\common\bin
wlst.cmd
Run the upgradeJRF() command on the node or system where the Administration Server is located for each domain you want to update. Your domain location is passed as a parameter:
wlst> upgradeJRF('DOMAIN_HOME')
In this command, DOMAIN_HOME refers to the absolute path to the domain.
Note:
After you run this command, any custom changes that you have made to yoursetDomainEnv script will be lost. Oracle recommends that you keep your custom modifications in a separate script that is called by setDomainEnv in order to minimize the disruption that is caused when other domain templates are applied and the setDomainEnv script is regenerated.
If you have set IPv6 to false in your setDomainEnv script, this change will be overwritten when you run the upgradeJRF() command. Make sure you reset IPv6 to false in the setDomainEnv script after you run the upgradeJRF() command.
This section describes the tasks to be completed to upgrade the Oracle Identity Manager middle tier.
This section includes the following topics:
After the binary and schema upgrade are completed, start the WebLogic Administration Server, and SOA Managed Server.
Note:
If you are upgrading Oracle Identity Manager high availability environments and if you are using Oracle Automatic Storage Management Cluster File System (Oracle ACFS), you must start only one SOA Managed Server before running the middle tier upgrade utility.For information about starting the WebLogic Administration Server and the Managed Server(s), see Section 2.9, "Starting the Servers".
This section contains the following topics:
If you are running the upgrade in a 64-bit Windows platform, complete the following task to run Middle Tier upgrade successfully:
Add a JAVA_HOME entry to the environment variable pointing to a JDK installation, not to a JRE installation.
Note:
This path should be without spaces or likeC:\Progra~1\Java\jdk1.6.0_29.Hard code the value of JAVA_HOME in <WL_HOME>\server\bin\setWLSEnv.cmd file to avoid any Middle Tier upgrade failures.
To upgrade the Oracle Identity Manager middle tier, you must update the properties file with the necessary parameters, and then run the command as described in this section.
Note:
Before you upgrade the Oracle Identity Manager middle tier, make sure that the WebLogic Administration Server and the SOA Managed Server(s) are running. It is recommended that the Oracle Identity Manager Managed Server is not running at this point.Note:
The execution is re-entrant and will resume with correct execution even if there is any interruption in between.To upgrade Oracle Identity Manager Middle Tier to 11.1.2.2.0, do the following:
Move from your present working directory to the OIM_ORACLE_HOME/server/bin directory by running the following command on the command line:
cd OIM_ORACLE_HOME/server/bin
Edit the following upgrade properties file in a text editor:
oim_upgrade_input.properties
Provide the values of parameters as listed in Table 5-9.
Run the following command:
./OIMUpgrade.sh
Note:
The following warning is displayed:[WARN ][jrockit] PermSize=128M ignored: Not a valid option for JRockit
[WARN ][jrockit] MaxPermSize=256M ignored: Not a valid option for JRockit
You can ignore this message.
Move from your present working directory to the OIM_ORACLE_HOME\server\bin directory by running the following command on the command line:
cd OIM_ORACLE_HOME\server\bin
Edit the following upgrade properties file in a text editor:
oim_upgrade_input.properties
Provide the values of parameters as listed in Table 5-9.
Run the following command:
OIMUpgrade.bat
Note:
The following warning is displayed:[WARN ][jrockit] PermSize=128M ignored: Not a valid option for JRockit
[WARN ][jrockit] MaxPermSize=256M ignored: Not a valid option for JRockit
You can ignore this message.
Table 5-9 Parameters to be specified in the Properties File
| Parameter | Description |
|---|---|
|
|
Specify the JAVA HOME location. |
|
|
Specify the Application Server that you are using. For example, if you are using Oracle WebLogic Server, specify As this document describes the procedure to upgrade Oracle Identity Manager on WebLogic, you must specify |
|
|
Specify the Oracle Identity Manager JDBC URL. |
|
|
Specify the Oracle Identity Manager schema owner. |
|
|
Specify the MDS JDBC URL. |
|
|
Specify the MDS schema owner name. |
|
|
Specify the Oracle WebLogic Server Administration host name. |
|
|
Specify the Oracle WebLogic Server Administration port. |
|
|
Specify the username that is used to log in to the Oracle WebLogic Server Administration Console. |
|
|
Specify the SOA host name where SOA Server is running. |
|
|
Specify the SOA Server port. |
|
|
Specify the SOA Managed Server username. |
|
|
Specify the Oracle Identity Manager domain location. |
|
|
Specify the Oracle OIM Home location. |
|
|
Specify the Oracle Middleware Home location. |
|
|
Specify the Oracle SOA Home location. |
|
|
Specify the WebLogic Home location. |
Example Parameters:
java.home=/scratch/jdk1.7.0_11 server.type=wls oim.jdbcurl=db.example.com:1522:oimdb oim.oimschemaowner=dev_oim oim.oimmdsjdbcurl=db.example.com:1521:oimdb oim.mdsschemaowner=dev_mds oim.adminhostname=oimhost.example.com oim.adminport=7001 oim.adminUserName=weblogic oim.soahostmachine=soahost.example.com oim.soaportnumber=8001 oim.soausername=weblogic oim.domain=/scratch/Oracle/Middleware/user_projects/domains/base_domain oim.home=/scratch/Oracle/Middleware/Oracle_IDM1 oim.mw.home=/scratch/Oracle/Middleware soa.home=/scratch/Oracle/Middleware/Oracle_SOA1 wl.home=/scratch/Oracle/Middleware/wlserver_10.3
Middle tier upgrade utility creates log file and HTML reports with upgrade details for feature. To verify that the Oracle Identity Manager middle tier upgrade was successful, do the following:
After the Oracle Identity Manager middle tier upgrade, verify the log file ant_grantPermissionsUpgrade.log generated at the location OIM_HOME/server/upgrade/logs/MT to ensure that the middle tier upgrade was successful.
Verify the log file ant_grantPermissionsUpgrade.log generated at the location OIM_HOME/server/upgrade/logs/MT to ensure that the middle tier upgrade was successful.
Review the HTML upgrade reports generated at the location MW_HOME/OIM_HOME/server/upgrade/logs/MT/oimUpgradeReportDir. The index.html report in this directory lists all the features upgraded during the middle tier upgrade.
After you upgrade the Oracle Identity Manager middle tier, you must restart the WebLogic Administration Server, Oracle Identity Manager Managed Server, and the SOA Managed Server.
To restart the servers, you must stop the servers first and start them again in the following order:
Stop the SOA Managed Server.
Stop the WebLogic Administration Server.
Start the WebLogic Administration Server.
Start the SOA Managed Server.
Start the Oracle Identity Manager Managed Server.
For more information about stopping the servers, see Section 2.8, "Stopping the Servers".
For more information about starting the servers, see Section 2.9, "Starting the Servers".
This section describes how to upgrade other Oracle Identity Manager installed components such as Oracle Identity Manager Design Console and Remote Manager to 11.1.2.2.0.
This section includes the following sections:
The Oracle Identity Manager Design Console is used to configure system settings that control the system-wide behavior of Oracle Identity Manager and affect its users. The Design Console allows you to perform user management, resource management, process management, and other administration and development tasks.
Oracle recommends that Oracle Identity Manager and Design Console are installed in different directory paths, if the Design console is on the same system as the Oracle Identity Manager server.
To upgrade Design Console, complete the following steps:
Back up the following files:
On UNIX, $<XLDC_HOME>/xlclient.sh
$<XLDC_HOME>/config/xlconfig.xml
On Windows, <XLDC_HOME>\xlclient.cmd
<XLDC_HOME>\config\xlconfig.xml
Run the Oracle Identity and Access Management 11.1.2.2.0 Installer to upgrade the Design Console home <XLDC_HOME>.
For more information, see "Installing and Configuring Oracle Identity and Access Management (11.1.2.2.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
Restore the following backed up files in the upgraded Design Console home:
On UNIX:
xlclient.sh
xlconfig.xml
On Windows:
xlclient.cmd
xlconfig.xml
Build and copy the wlfullclient.jar file as follows:
Go to WebLogic_Home/server/lib directory on UNIX and WebLogic_Home\server\lib directory on Windows.
Set the JAVA_HOME environment variable and add the JAVA_HOME variable to the PATH environment variable. You can set the JAVA_HOME to the jdk160_21 directory inside the Middleware home.
For example:
On UNIX: setenv JAVA_HOME $MW_HOME/jdk160_29
On Windows: SET JAVA_HOME="MW_HOME\jdk160_29"
Run the following command to build the wlfullclient.jar file:
java -jar <MW_HOME>/modules/com.bea.core.jarbuilder_1.7.0.0.jar
Copy the wlfullclient.jar file to the <IAM_HOME> where you installed the Design Console. For example:
On UNIX:
cp wlfullclient.jar <Oracle_IDM2>/designconsole/ext
On Windows:
copy wlfullclient.jar <Oracle_IDM2>\designconsole\ext
Complete the following steps to upgrade Remote Manager:
Back up configuration files
Before starting the Remote Manager upgrade, back up the following Remote Manager configuration files:
On UNIX, $<XLREMOTE_HOME>/remotemanager.sh
$<XLREMOTE_HOME>/xlremote/config/xlconfig.xml file.
On Windows, <XLREMOTE_HOME>\remotemanager.bat
<XLREMOTE_HOME>\xlremote\config\xlconfig.xml file.
Run the Oracle Identity and Access Management Installer to upgrade the Remote Manager home.
For more information, see "Installing and Configuring Oracle Identity and Access Management (11.1.2.2.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
Restore the following backed up configuration files in the upgraded Remote Manager home.
On UNIX:
remotemanager.sh
xlconfig.xml
On Windows:
remotemanager.bat
xlconfig.xml
This section describes the post-upgrade tasks that you must perform after you upgrade Oracle Identity Manager 11.1.2.x.x to Oracle Identity Manager 11.1.2.2.0.
This section includes the following topics:
After you upgrade Oracle Identity Manager 11.1.2.x.x to 11.1.2.2.0, you must perform the following mandatory post-upgrade tasks
After you upgrade to Oracle Identity Manager 11.1.2.2.0, you must review the Oracle Identity Manager specific performance tuning recommendations described in "Oracle Identity Manager Performance Tuning" in the Oracle Fusion Middleware Performance and Tuning Guide.
You must upgrade the request data by running the request data upgrade utility. This utility updates Metadata Services (MDS) and the request tables. To upgrade the request data, do the following:
Set the environment variables MW_HOME, ORACLE_HOME, ANT_HOME, and JAVA_HOME by running the following commands:
On UNIX:
export ORACLE_HOME=<absolute_path_to_OIM_home>
export MW_HOME=<absolute_path_to_Middleware_home>
export ANT_HOME=<absolute_path_to_directory_where_you_uncompressed_Ant>
export JAVA_HOME=<absolute_path_to_jdk_location>
On Windows:
set OIM_HOME="<absolute_path_to_OIM_home>"
set MW_HOME="<absolute_path_to_Middleware_home>"
set ANT_HOME="<absolute_path_to_directory_where_you_uncompressed_Ant>
set JAVA_HOME="<absolute_path_to_jdk_location>"
Edit the file run-request-automation.xml at the location ORACLE_HOME/server/bin, and provide the Database details for OIM and MDS schemas in the arguments tag by replacing the existing values.
For example:
<arg value="dev_oim"/>
<arg value="${dbpassword}"/>
<arg value="dev_mds"/>
<arg value="${mdspassword}"/>
<arg value="oim.db.example.com"/>
<arg value="1521"/>
<arg value="oim.db.servicename.example.com"/>
<arg value="mds.db.example.com"/>
<arg value="1521"/>
<arg value="mds.db. servicename.example.com "/>
Note:
Leave the OIM and MDS passwords as is. The utility will prompt for passwords.Run the run-request-automation.xml file using the following command:
ant –f run-request-automation.xml
Verify the logs at the location $ORACLE_HOME/server/patching/logs to ensure that the request data upgrade was successful.
Run the PurgeCache utility from the location OIM_HOME/server/bin with category MetaData using the following command:
On UNIX: PurgeCache.sh Metadata
On Windows: PurgeCache.bat Metadata
Complete the following steps to configure the BI Publisher Reports:
Obtain the reports bundle oim_product_BIP11gReports_11_1_2_1_0.zip from the following location:
OIM_HOME/server/reports/oim_product_BIP11gReports_11_1_2_1_0.zip
Unzip oim_product_BIP11gReports_11_1_2_1_0.zip at the following location:
MW_HOME/user_projects/domains/domain_name/config/bipublisher/repository/Reports/
Configure reports by following the instructions in "Configuring Oracle Identity Manager Reports" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
If you wish to use async webservices for SoD integration, you must target the JRFWSAsyncJmsModule to the Oracle Identity Manager Server.
Perform this task in the following cases:
If you are upgrading Oracle Identity Manager 11.1.2 to 11.1.2.2.0
If you upgraded Oracle Identity Manager 11.1.2 to 11.1.2.1.0 first and then to 11.1.2.2.0; and if you did not target JRFWSAsyncJmsModule to Oracle Identity Manager Server when upgrading Oracle Identity Manager 11.1.2 to 11.1.2.1.0.
To target JRFWSAsyncJmsModule to the Oracle Identity Manager server, do the following:
Log in to the WebLogic Administration console using the following URL:
http://admin_host:admin_port/console
Click Services and then click Messaging.
Select JMS Modules.
Select JRFWSAsyncJmsModule.
Select Targets, and add the OIM Server.
Save and Activate the changes.
Restart the WebLogic Administration Server, the SOA Managed Server(s), and the Oracle Identity Manager Managed Server(s) by completing the following steps in the order specified:
Stop the SOA Managed Server(s).
Stop the WebLogic Administration Server.
Start the WebLogic Administration Server.
Start the SOA Managed Server(s).
Start the Oracle Identity Manager Managed Server(s).
For more information about stopping the servers, see Section 2.8, "Stopping the Servers".
For more information about starting the servers, see Section 2.9, "Starting the Servers".
If you are upgrading Oracle Identity Manager 11.1.2 with PeopleSoft connector to Oracle Identity Manager 11.1.2.2.0, you must create PeopleSoft HRMS reconciliation profile after you upgrade to 11.1.2.2.0. For information about creating reconciliation profile, see "Updating Reconciliation Profiles Manually" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
This post-upgrade task is optional.
While upgrading Oracle Identity Manager to 11.1.2.2.0, the OIM Data Purge Job will be seeded in enabled state. By default, it will purge platform data with a retention period of 1 day for completed orchestration. To enable purge of request, reconciliation, and provisioning task, you must revisit the OIM Data Purge Job parameters.
For information about the user-configurable attributes, see "Configuring Real-Time Purge and Archival" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.
If you had User Defined Fields (UDF) of type lookup or dropdown as outputText field in your 11.1.2.x.x environment, you will see backend value for that UDF on the View User Details page. Therefore, you must complete the following steps to set the right customizations:
Log in to the Identity console using the following URL:
http://host:port/identity
Click Sandboxes on the top naviagtion pane, and then click Create Sandbox.
Enter the Sandbox Name and the Sandbox Description. Select the check box Activate Sandbox, and then click Save and Close. Click OK to confirm.
Click Customize on the top navigation pane.
Click Users on the left navigation pane, and select the user to open the User Details page.
Click View on the top left cornor of the console, and select Source.
Select the existing outputText field. Click Delete to delete this field.
Close the customize mode, and publish the sandbox by clicking Publish Sandbox.
Export the metadata file userDetailsPageDef.xml to MDS. The following is the full path to the file to be exported:
/oracle/iam/ui/manageusers/pages/mdssys/cust/site/site/userDetailsPageDef.xml
For information about exporting metadata files to MDS, see "Exporting Metadata Files to MDS" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
Open the exported file in a text editor.
Search for the dropdown or lookup attribute that was added as outputText. For example, if the attribute name is lovattr, search for a snippet similar to the following:
<mds:insert parent="..." position="..."> <attributeValues IterBinding="..." id="lovattr__c" xmlns="..."> <AttrNames> <Item Value="lovattr__c"/> </AttrNames> </attributeValues> </mds:insert>
Delete the snippet, that is, delete the lines starting from the <mds:insert .... > tag till the </mds:insert> tag.
Repeat this step for all dropdown or lookup attributes.
Save the file.
Import the userDetailsPageDef.xml back into the MDS. For information about importing metadata file, see "Importing Metadata Files from MDS" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
Log in to the Identity console again.
Create another sandbox by clicking Create Sandbox. Enter the Sandbox Name and the Sandbox Description. Select the check box Activate Sandbox, and then click Save and Close. Click OK to confirm.
Click Customize on the top navigation pane.
Click Users on the left navigation pane, and select the user to open the User Details page.
Click View on the top left corner of the console, and select Source.
Add the LOV dropdown field as ADF Select one choice (if NON searchable) ' , 'Input list of values (If Searchable picklist)' to the required section.
Select readonly on the Component Properties dialog box.
Close the customize mode, and publish the sandbox by clicking Publish Sandbox.
Before you upgrade your existing Oracle Identity Manager environments, you must verify if the version of the existing connector is supported for Oracle Identity Manager 11.1.2.2.0. For information about the supported connector versions for Oracle Identity Manager 11.1.2.2.0, refer to the sections "Certified Components" and "Usage Recommendation" in the respective Connector Guide in Oracle Identity Manager Identity Connectors Documentation Library.
If you are using 9.x connector or GTC connector, do the following:
If the 9.x connector that you are using is supported, you can continue to use the existing connector.
If the 9.x connector is not supported, you must upgrade the existing 9.x connector to the latest 11.x connector after you upgrade the Oracle Identity Manager server to 11.1.2.2.0.
Verify the data in the Lookup populated through lookup reconciliation that the IT Resource Key & IT Resource name is pre-fixed for code & decode respectively. If not, you must upgrade the existing connector to the latest available connector after you upgrade Oracle Identity Manager server.
If you are using 11g connector, the connector upgrade is not required.
After you upgrade Oracle Identity Manager to 11.1.2.2.0, complete the following steps to verify the functionality of connectors:
Verify if Account and Entitlement Tagging are available on the process form. For the connectors to work with Oracle Identity Manager 11.1.2.2.0, you must complete the steps described in the section "Configuring Oracle Identity Manager 11.1.2 or Later" in the respective Connector Guide.
Verify if the customizations made to the connectors are intact.
Verify if the 11.1.2.2.0 related artifacts like UI Forms and Application Instances are generated.
Ensure that all the operations of the connectors are working fine.
If there are two or more IT Resource field in the process form, complete the steps described in the following My Oracle Support note:
If there are any lookup query fields in the process form of the related connector, then you must customize the UI need to display the same. For more information, see 'Lookup Query' section in "General Customization Concepts" in the Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager.
To verify your Oracle Identity Manager upgrade, perform the following steps:
Use the following URL in a web browser to verify that Oracle Identity Manager 11.1.2.2.0 is running:
http://<oim_host>:<oim_port>/sysadmin
http://<oim_host>:<oim_port>/identity
where
<oim_host> is the domain name.
<oim_port> is the port number.
Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment.
Note:
SOA compositesDefautlRequestApproval and DefaultOperationApproval are available twice with versions 1.0 and 3.0 on Oracle Enterprise Manager, after you upgrade Oracle Identity Manager 11.1.2 or 11.1.2.1.0 to Oracle Identity Manager 11.1.2.2.0. The 1.0 composites are required for processing requests generated before upgrade, or any other functionality.