8 Upgrading Oracle Identity Navigator 11g Release 2 (11.1.2.x.x) Environments

This chapter describes how to upgrade Oracle Identity Navigator 11g Release 2 (11.1.2.1.0) and 11g Release 2 (11.1.2) environments to Oracle Identity Navigator 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.

Note:

This chapter refers to Oracle Identity Navigator 11g Release 2 (11.1.2) and 11g Release 2 (11.1.2.1.0) environments as 11.1.2.x.x.

This chapter includes the following sections:

8.1 Upgrade Roadmap for Oracle Identity Navigator

Note:

If you do not follow the exact sequence provided in this task table, your Oracle Identity Navigator upgrade may not be successful.

Table 8-1 lists the steps to upgrade Oracle Identity Navigator 11.1.2.x.x to 11.1.2.2.0.

Table 8-1 Roadmap for Upgrading Oracle Identity Navigator 11.1.2.x.x to 11.1.2.2.0.

So. No. Task For More Information

1

Review system requirements and certifications.

See, Reviewing System Requirements and Certification

2

Export Oracle Identity Navigator data.

See, Exporting Oracle Identity Navigator 11.1.2.x.x Metadata

3

Shut down all servers. This includes both Administration Server and Managed Servers.

See, Shutting Down Administration Server and Managed Servers

4

Optional - Upgrade Oracle WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6.

See, Upgrading Oracle WebLogic Server to 10.3.6

5

Upgrade 11.1.2.x.x Oracle Home to 11.1.2.2.0.

See, Updating Oracle Identity Navigator Binaries to 11.1.2.2.0

6

Run Oracle Fusion Middleware Repository Creation Utility (RCU) to create and load OPSS schema for Oracle Identity and Access Management products.

See, Creating Oracle Platform Security Services Schema

7

Extend your Oracle Identity Navigator 11.1.2.x.x domain with the OPSS template.

See, Extending Oracle Identity Navigator 11.1.2.x.x Component Domains with Oracle Platform Security Services Template

8

Upgrade Oracle Platform Security Services.

See, Upgrading Oracle Platform Security Services

9

Run the configuresecuritystore.py script to configure policy stores.

See, Configuring Database Security Store

10

Start the Administration Server.

See, Starting the WebLogic Administration Server

11

Verify the deployments summary.

See, Verifying the Deployment Summary

12

Upgrade Oracle Identity Navigator.

See, Upgrading Oracle Identity Navigator Application

13

Import data.

See, Importing the Oracle Identity Navigator 11.1.2.2.0 Metadata

14

Verify the Oracle Identity Navigator upgrade.

See, Verifying the Upgrade

15

Optional - Configure Oracle Identity Manager on the Oracle Privileged Account Manager Managed Server from the Administration Server

See, Optional: Configuring Oracle Identity Manager on the Oracle Privileged Account Manager Managed Server from the Administration Server

8.2 Reviewing System Requirements and Certification

Before you start the upgrade process, you must read the system requirements and certification document to ensure that your system meets the minimum requirements for the products you are installing or upgrading to. For more information see Section 2.1, "Reviewing System Requirements and Certification".

8.3 Exporting Oracle Identity Navigator 11.1.2.x.x Metadata

Oracle Identity Navigator uses MDS as its metadata store. During upgrade, when you update the application, the metadata gets overwritten. Therefore, you need to export it and keep it in a temporary location so that it can be used to import original metadata after upgrade.

On the computer where Oracle Identity Navigator 11.1.2.x.x is installed, export the Oracle Identity Navigator metadata to an export directory using WLST as follows:

On UNIX:

  1. Move from your present working directory to the <IAM_HOME>/common/bin directory by running the following command on the command line:

    cd <IAM_HOME>/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following WLST (online) command:

    exportMetadata(application='oinav',server='AdminServer',toLocation='export_directory')

    where

    export_directory is the directory where you want to export Oracle Identity Navigator metadata to.

On Windows:

  1. Move from your present working directory to the <IAM_HOME>\common\bin directory by running the following command on the command line:

    cd <IAM_HOME>\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following WLST (online) command:

    exportMetadata(application='oinav',server='AdminServer',toLocation='export_directory')

    where

    export_directory is the directory where you want to export Oracle Identity Navigator metadata to.

8.4 Shutting Down Administration Server and Managed Servers

The upgrade process involves changes to the binaries and to the schema. So, before you begin the upgrade process, you must shut down the Oracle Identity Navigator Managed Server(s) and the WebLogic Administration Server.

For information about stopping the WebLogic Administration Server and the Managed Server(s), see Section 2.8, "Stopping the Servers".

8.5 Upgrading Oracle WebLogic Server to 10.3.6

Oracle Identity and Access Management 11.1.2.2.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Identity Navigator environment is using Oracle WebLogic Server 10.3.5 or the previous versions, you must upgrade Oracle WebLogic Server to 10.3.6.

For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 2.3, "Upgrading to Oracle WebLogic Server 10.3.6".

8.6 Updating Oracle Identity Navigator Binaries to 11.1.2.2.0

To upgrade Oracle Identity Navigator, you must use the Oracle Identity and Access Management 11.1.2.2.0 Installer. During the procedure, point the Middleware Home to your existing 11.1.2.x.x Oracle Identity Navigator Middleware Home. Your Oracle Home is upgraded from 11.1.2.x.x to 11.1.2.2.0.

For information about updating the Oracle Identity Navigator binaries to 11.1.2.2.0, see Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".

8.7 Creating Oracle Platform Security Services Schema

You must create Oracle Platform Security Services (OPSS) schema because Oracle Identity Navigator upgrade process involves OPSS schema policy store changes. The keys, roles, permissions, and other artifacts used by the applications must migrate to the policy store. To create schemas, you must use Repository Creation Utility.

For information about creating schemas using RCU, see Section 2.5, "Creating Database Schemas Using Repository Creation Utility".

Note:

In the Select Components screen, expand AS Common Schemas and select Oracle Platform Security Services. The Metadata Services schema is selected automatically.

8.8 Extending Oracle Identity Navigator 11.1.2.x.x Component Domains with Oracle Platform Security Services Template

Oracle Identity Navigator 11.1.2.2.0 uses the database to store policies. This requires extending the 11.1.2.x.x Oracle Identity Navigator domain to include the OPSS data source.

To do so, complete the following steps:

  1. Run the following command to launch the Oracle Fusion Middleware configuration wizard:

    On UNIX:

    ./config.sh

    It is located in the <MW_HOME>/Oracle_IDM1/common/bin directory.

    On Windows:

    config.cmd

    It is located in the <MW_HOME>\Oracle_IDM1\common\bin directory.

  2. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.

  3. On the Select a WebLogic Domain Directory screen, browse to the directory that contains the WebLogic domain in which you configured the components. Click Next. The Select Extension Source screen is displayed.

  4. On the Select Extension Source screen, select the Oracle Platform Security Service - 11.1.1.0 [Oracle_IDM1] option. After selecting the domain configuration options, click Next.

  5. The Configure JDBC Data Sources screen is displayed. Configure the opss-DBDS data source, as required. After the test succeeds, the Configure JDBC Component Schema screen is displayed.

  6. On the Configure JDBC Component Schema screen, select the Oracle Platform Security Services schema.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next.

    The Test JDBC Component Schema screen is displayed. After the test succeeds, the Select Optional Configuration screen is displayed.

  7. On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines and Deployments and Services. Do not select anything as you have already configured in your Oracle Identity Navigator 11.1.2.1.0 environment. Click Next.

  8. On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.

Your existing Oracle Identity Navigator domain is extended to support Oracle Platform Security Services (OPSS).

8.9 Upgrading Oracle Platform Security Services

After you upgrade schemas, you must upgrade Oracle Platform Security Services (OPSS).

Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Identity Navigator to 11.1.2.2.0. It upgrades the jps-config.xml file and policy stores.

For information about upgrading Oracle Platform Security Services, see Section 2.7, "Upgrading Oracle Platform Security Services".

8.10 Configuring Database Security Store

You must configure the Database Security Store as it is the only security store type supported by Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0).

For more information on configuring Oracle Platform Security Services, see "Configuring Database Security Store for an Oracle Identity and Access Management Domain" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.

8.11 Starting the WebLogic Administration Server

After the upgrade is complete, start the WebLogic Administration Server, the Administration Server that contains the Oracle Identity Navigator console.

For information about starting the WebLogic Administration Server, see Section 2.9.2, "Starting the WebLogic Administration Server".

8.12 Verifying the Deployment Summary

To verify the deployment summary, do the following:

  1. Log in to the WebLogic Administration console:

    http://<admin server host>:<admin server port>/console

  2. Under Domain Structure, click Deployments. The Summary of Deployments page is displayed.

  3. Check the summary details and verify that oinav (11.1.1.3.0) is present in the Name table.

8.13 Upgrading Oracle Identity Navigator Application

Note:

The Oracle Identity Navigator version number is 11.1.1.3.0 while the Oracle Identity Navigator version number is 11.1.2.2.0.

This is not an error. The discrepancy is caused by a difference between how Oracle Identity Navigator and Identity Access Management releases are tracked internally.

Upgrading Oracle Identity Navigator redeploys Oracle Identity Navigator using oinav.ear for Oracle Identity Navigator 11.1.2.2.0 release. There are two ways of redeploying the oinav.ear:

  • Upgrading oinav using the WebLogic Server Administration Console.

  • Upgrading oinav using the WebLogic Scripting Tool (WLST).

Using WebLogic Server Administration Console

Complete the following steps to upgrade Oracle Identity Navigator through the WebLogic Administration console:

  1. Log in to WebLogic Administration console:

    http://<admin server host>:<admin server port>/console

  2. Under Domain Structure, click Deployments.

  3. Select oinav (11.1.1.3.0) from the Name table.

  4. Click Update and click Finish in the Update Application Assistant screen after verifying the source path.

    Note:

    If WebLogic is running in production mode, click Lock & Edit before clicking Update.

Using WebLogic Scripting Tool (WLST)

Complete the following steps to upgrade Oracle Identity Navigator through the WLST console:

On UNIX

  1. Move from your present working directory to the <MW_HOME>/wlserver_10.3/common/bin directory by running the following command on the command line:

    cd <MW_HOME>/wlserver_10.3/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following command:

    redeploy('oinav#11.1.1.3.0')

  5. Exit the WLST console using the exit() command.

On Windows

  1. Move from your present working directory to the <MW_HOME>\wlserver_10.3\common\bin directory by running the following command on the command line:

    cd <MW_HOME>\wlserver_10.3\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following command:

    redeploy('oinav#11.1.1.3.0')

  5. Exit the WLST console using the exit() command.

8.14 Importing the Oracle Identity Navigator 11.1.2.2.0 Metadata

You must import the metadata which was exported earlier so that Oracle Identity Navigator gets back the metadata present before upgrade. Import Oracle Identity Navigator 11.1.2.2.0 metadata by running the following WLST command:

On UNIX:

  1. Move from your present working directory to the <IAM_HOME>/common/bin directory by running the following command on the command line:

    cd <IAM_HOME>/common/bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    ./wlst.sh

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following WLST (online) command:

    importMetadata(application='oinav',server='AdminServer',fromLocation='export_directory')

    where

    export_directory is the directory where you have exported the Oracle Identity Navigator metadata to.

On Windows:

  1. Move from your present working directory to the <IAM_HOME>\common\bin directory by running the following command on the command line:

    cd <IAM_HOME>\common\bin

  2. Run the following command to launch the WebLogic Scripting Tool (WLST):

    wlst.cmd

  3. Connect to the Administration Server using the following command:

    connect('weblogic-username','weblogic-password','weblogic-url')

  4. At the WLST prompt, run the following WLST (online) command:

    importMetadata(application='oinav',server='AdminServer',fromLocation='export_directory')

    where

    export_directory is the directory where you have exported Oracle Identity Navigator metadata to.

Note:

Oracle Business Intelligence Publisher 10g report format is not supported in Oracle Identity Navigator 11.1.2.2.0 release. It is not mandatory, but if you want to remove the reports, see "Configuring Oracle Business Intelligence Publisher" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Navigator.

8.15 Verifying the Upgrade

To verify the Oracle Identity Navigator upgrade, do the following:

  1. Log in to the Oracle Identity Navigator console:

    http://<admin server host>:<admin server port>/oinav

  2. In the Dashboard page, check for the version number in the bottom right corner.

    The version number should be 11.1.2.2.0.

8.16 Optional: Configuring Oracle Identity Manager on the Oracle Privileged Account Manager Managed Server from the Administration Server

To configure Oracle Identity Navigator on the Oracle Privileged Account Manager managed server from the administration server, do the following:

  1. Stop the servers.

  2. Move from your present working directory to the <IAM_HOME>/common/bin directory by running the following command on the command line:

    cd <IAM_HOME>/common/bin

  3. Run the following command to launch the Oracle Fusion Middleware configuration wizard:

    ./config.sh

    It is located in the <MW_HOME>/Oracle_IDM1/common/bin directory.

  4. Select Keep existing content whenever it detects a conflict in the wizard.

  5. Complete the configuration. Oracle Identity Navigator will run on the managed server after starting the servers.