This chapter describes how to upgrade Oracle Identity Navigator 11g Release 2 (11.1.2.1.0) and 11g Release 2 (11.1.2) environments to Oracle Identity Navigator 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.
Note:
This chapter refers to Oracle Identity Navigator 11g Release 2 (11.1.2) and 11g Release 2 (11.1.2.1.0) environments as 11.1.2.x.x.This chapter includes the following sections:
Section 8.1, "Upgrade Roadmap for Oracle Identity Navigator"
Section 8.2, "Reviewing System Requirements and Certification"
Section 8.3, "Exporting Oracle Identity Navigator 11.1.2.x.x Metadata"
Section 8.4, "Shutting Down Administration Server and Managed Servers"
Section 8.6, "Updating Oracle Identity Navigator Binaries to 11.1.2.2.0"
Section 8.7, "Creating Oracle Platform Security Services Schema"
Section 8.13, "Upgrading Oracle Identity Navigator Application"
Section 8.14, "Importing the Oracle Identity Navigator 11.1.2.2.0 Metadata"
Note:
If you do not follow the exact sequence provided in this task table, your Oracle Identity Navigator upgrade may not be successful.Table 8-1 lists the steps to upgrade Oracle Identity Navigator 11.1.2.x.x to 11.1.2.2.0.
Table 8-1 Roadmap for Upgrading Oracle Identity Navigator 11.1.2.x.x to 11.1.2.2.0.
So. No. | Task | For More Information |
---|---|---|
1 |
Review system requirements and certifications. |
|
2 |
Export Oracle Identity Navigator data. |
See, Exporting Oracle Identity Navigator 11.1.2.x.x Metadata |
3 |
Shut down all servers. This includes both Administration Server and Managed Servers. |
See, Shutting Down Administration Server and Managed Servers |
4 |
Optional - Upgrade Oracle WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6. |
|
5 |
Upgrade 11.1.2.x.x Oracle Home to 11.1.2.2.0. |
See, Updating Oracle Identity Navigator Binaries to 11.1.2.2.0 |
6 |
Run Oracle Fusion Middleware Repository Creation Utility (RCU) to create and load OPSS schema for Oracle Identity and Access Management products. |
|
7 |
Extend your Oracle Identity Navigator 11.1.2.x.x domain with the OPSS template. |
|
8 |
Upgrade Oracle Platform Security Services. |
|
9 |
Run the |
|
10 |
Start the Administration Server. |
|
11 |
Verify the deployments summary. |
|
12 |
Upgrade Oracle Identity Navigator. |
|
13 |
Import data. |
See, Importing the Oracle Identity Navigator 11.1.2.2.0 Metadata |
14 |
Verify the Oracle Identity Navigator upgrade. |
|
15 |
Optional - Configure Oracle Identity Manager on the Oracle Privileged Account Manager Managed Server from the Administration Server |
Before you start the upgrade process, you must read the system requirements and certification document to ensure that your system meets the minimum requirements for the products you are installing or upgrading to. For more information see Section 2.1, "Reviewing System Requirements and Certification".
Oracle Identity Navigator uses MDS as its metadata store. During upgrade, when you update the application, the metadata gets overwritten. Therefore, you need to export it and keep it in a temporary location so that it can be used to import original metadata after upgrade.
On the computer where Oracle Identity Navigator 11.1.2.x.x is installed, export the Oracle Identity Navigator metadata to an export directory using WLST as follows:
Move from your present working directory to the <IAM_HOME>/common/bin
directory by running the following command on the command line:
cd <IAM_HOME>/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
Connect to the Administration Server using the following command:
connect('weblogic-username','weblogic-password','weblogic-url')
At the WLST prompt, run the following WLST (online) command:
exportMetadata(application='oinav',server='AdminServer',toLocation='export_directory')
where
export_directory
is the directory where you want to export Oracle Identity Navigator metadata to.
Move from your present working directory to the <IAM_HOME>\common\bin
directory by running the following command on the command line:
cd <IAM_HOME>\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
Connect to the Administration Server using the following command:
connect('weblogic-username','weblogic-password','weblogic-url')
At the WLST prompt, run the following WLST (online) command:
exportMetadata(application='oinav',server='AdminServer',toLocation='export_directory')
where
export_directory
is the directory where you want to export Oracle Identity Navigator metadata to.
The upgrade process involves changes to the binaries and to the schema. So, before you begin the upgrade process, you must shut down the Oracle Identity Navigator Managed Server(s) and the WebLogic Administration Server.
For information about stopping the WebLogic Administration Server and the Managed Server(s), see Section 2.8, "Stopping the Servers".
Oracle Identity and Access Management 11.1.2.2.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Identity Navigator environment is using Oracle WebLogic Server 10.3.5 or the previous versions, you must upgrade Oracle WebLogic Server to 10.3.6.
For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 2.3, "Upgrading to Oracle WebLogic Server 10.3.6".
To upgrade Oracle Identity Navigator, you must use the Oracle Identity and Access Management 11.1.2.2.0 Installer. During the procedure, point the Middleware Home to your existing 11.1.2.x.x Oracle Identity Navigator Middleware Home. Your Oracle Home is upgraded from 11.1.2.x.x to 11.1.2.2.0.
For information about updating the Oracle Identity Navigator binaries to 11.1.2.2.0, see Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".
You must create Oracle Platform Security Services (OPSS) schema because Oracle Identity Navigator upgrade process involves OPSS schema policy store changes. The keys, roles, permissions, and other artifacts used by the applications must migrate to the policy store. To create schemas, you must use Repository Creation Utility.
For information about creating schemas using RCU, see Section 2.5, "Creating Database Schemas Using Repository Creation Utility".
Note:
In the Select Components screen, expand AS Common Schemas and select Oracle Platform Security Services. The Metadata Services schema is selected automatically.Oracle Identity Navigator 11.1.2.2.0 uses the database to store policies. This requires extending the 11.1.2.x.x Oracle Identity Navigator domain to include the OPSS data source.
To do so, complete the following steps:
Run the following command to launch the Oracle Fusion Middleware configuration wizard:
On UNIX:
./config.sh
It is located in the <MW_HOME>/Oracle_IDM1/common/bin
directory.
On Windows:
config.cmd
It is located in the <MW_HOME>\Oracle_IDM1\common\bin
directory.
On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.
On the Select a WebLogic Domain Directory screen, browse to the directory that contains the WebLogic domain in which you configured the components. Click Next. The Select Extension Source screen is displayed.
On the Select Extension Source screen, select the Oracle Platform Security Service - 11.1.1.0 [Oracle_IDM1] option. After selecting the domain configuration options, click Next.
The Configure JDBC Data Sources screen is displayed. Configure the opss-DBDS data source, as required. After the test succeeds, the Configure JDBC Component Schema screen is displayed.
On the Configure JDBC Component Schema screen, select the Oracle Platform Security Services schema.
You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next.
The Test JDBC Component Schema screen is displayed. After the test succeeds, the Select Optional Configuration screen is displayed.
On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines and Deployments and Services. Do not select anything as you have already configured in your Oracle Identity Navigator 11.1.2.1.0 environment. Click Next.
On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.
Your existing Oracle Identity Navigator domain is extended to support Oracle Platform Security Services (OPSS).
After you upgrade schemas, you must upgrade Oracle Platform Security Services (OPSS).
Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Identity Navigator to 11.1.2.2.0. It upgrades the jps-config.xml
file and policy stores.
For information about upgrading Oracle Platform Security Services, see Section 2.7, "Upgrading Oracle Platform Security Services".
You must configure the Database Security Store as it is the only security store type supported by Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0).
For more information on configuring Oracle Platform Security Services, see "Configuring Database Security Store for an Oracle Identity and Access Management Domain" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
After the upgrade is complete, start the WebLogic Administration Server, the Administration Server that contains the Oracle Identity Navigator console.
For information about starting the WebLogic Administration Server, see Section 2.9.2, "Starting the WebLogic Administration Server".
To verify the deployment summary, do the following:
Log in to the WebLogic Administration console:
http://<admin server host>:<admin server port>/console
Under Domain Structure, click Deployments. The Summary of Deployments page is displayed.
Check the summary details and verify that oinav (11.1.1.3.0) is present in the Name table.
Note:
The Oracle Identity Navigator version number is 11.1.1.3.0 while the Oracle Identity Navigator version number is 11.1.2.2.0.This is not an error. The discrepancy is caused by a difference between how Oracle Identity Navigator and Identity Access Management releases are tracked internally.
Upgrading Oracle Identity Navigator redeploys Oracle Identity Navigator using oinav.ear
for Oracle Identity Navigator 11.1.2.2.0 release. There are two ways of redeploying the oinav.ear
:
Upgrading oinav
using the WebLogic Server Administration Console.
Upgrading oinav
using the WebLogic Scripting Tool (WLST).
Using WebLogic Server Administration Console
Complete the following steps to upgrade Oracle Identity Navigator through the WebLogic Administration console:
Log in to WebLogic Administration console:
http://<admin server host>:<admin server port>/console
Under Domain Structure, click Deployments.
Select oinav (11.1.1.3.0) from the Name table.
Click Update and click Finish in the Update Application Assistant screen after verifying the source path.
Note:
If WebLogic is running in production mode, click Lock & Edit before clicking Update.Using WebLogic Scripting Tool (WLST)
Complete the following steps to upgrade Oracle Identity Navigator through the WLST console:
Move from your present working directory to the <MW_HOME>/wlserver_10.3/common/bin
directory by running the following command on the command line:
cd <MW_HOME>/wlserver_10.3/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
Connect to the Administration Server using the following command:
connect('weblogic-username','weblogic-password','weblogic-url')
At the WLST prompt, run the following command:
redeploy('oinav#11.1.1.3.0')
Exit the WLST console using the exit()
command.
Move from your present working directory to the <MW_HOME>\wlserver_10.3\common\bin
directory by running the following command on the command line:
cd <MW_HOME>\wlserver_10.3\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
Connect to the Administration Server using the following command:
connect('weblogic-username','weblogic-password','weblogic-url')
At the WLST prompt, run the following command:
redeploy('oinav#11.1.1.3.0')
Exit the WLST console using the exit()
command.
You must import the metadata which was exported earlier so that Oracle Identity Navigator gets back the metadata present before upgrade. Import Oracle Identity Navigator 11.1.2.2.0 metadata by running the following WLST command:
Move from your present working directory to the <IAM_HOME>/common/bin
directory by running the following command on the command line:
cd <IAM_HOME>/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
Connect to the Administration Server using the following command:
connect('weblogic-username','weblogic-password','weblogic-url')
At the WLST prompt, run the following WLST (online) command:
importMetadata(application='oinav',server='AdminServer',fromLocation='export_directory')
where
export_directory
is the directory where you have exported the Oracle Identity Navigator metadata to.
Move from your present working directory to the <IAM_HOME>\common\bin
directory by running the following command on the command line:
cd <IAM_HOME>\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
Connect to the Administration Server using the following command:
connect('weblogic-username','weblogic-password','weblogic-url')
At the WLST prompt, run the following WLST (online) command:
importMetadata(application='oinav',server='AdminServer',fromLocation='export_directory')
where
export_directory
is the directory where you have exported Oracle Identity Navigator metadata to.
Note:
Oracle Business Intelligence Publisher 10g report format is not supported in Oracle Identity Navigator 11.1.2.2.0 release. It is not mandatory, but if you want to remove the reports, see "Configuring Oracle Business Intelligence Publisher" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Navigator.To verify the Oracle Identity Navigator upgrade, do the following:
Log in to the Oracle Identity Navigator console:
http://<admin server host>:<admin server port>/oinav
In the Dashboard page, check for the version number in the bottom right corner.
The version number should be 11.1.2.2.0.
To configure Oracle Identity Navigator on the Oracle Privileged Account Manager managed server from the administration server, do the following:
Stop the servers.
Move from your present working directory to the <IAM_HOME>/common/bin
directory by running the following command on the command line:
cd <IAM_HOME>/common/bin
Run the following command to launch the Oracle Fusion Middleware configuration wizard:
./config.sh
It is located in the <MW_HOME>/Oracle_IDM1/common/bin
directory.
Select Keep existing content whenever it detects a conflict in the wizard.
Complete the configuration. Oracle Identity Navigator will run on the managed server after starting the servers.