This chapter describes how to upgrade your existing Oracle Access Manager 11g Release 1 (11.1.1.5.0) and 11g Release 1 (11.1.1.7.0) environments to Oracle Access Management Access Manager (Access Manager) 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.
Note:
This chapter refers to Oracle Access Manager 11g Release 1 (11.1.1.5.0) and 11g Release 1 (11.1.1.7.0) environments as 11.1.1.x.x.This chapter includes the following sections:
Creating Oracle Access Management Access Manager Schemas Using Repository Creation Utility
Starting the Administration Server and Access Manager Managed Servers
Redeploying Oracle Access Management Access Manager Servers and Shared Libraries
Stopping the Administration Server and Access Manager Managed Servers
Starting the Administration Server and Access Manager Managed Servers
Note:
If you do not follow the exact sequence provided in this task table, your Oracle Access Manager upgrade may not be successful.Table 9-1 lists the steps to upgrade Oracle Access Manager 11.1.1.x.x.
Task No. | Task | For More Information |
---|---|---|
1 |
Review system requirements and certifications. |
|
2 |
Shut down all servers. This includes both Administration Server and Managed Servers. |
See, Shutting Down Administration Server and Managed Servers |
3 |
Back up your environment. |
See, Backing Up Oracle Access Manager 11g Release 1 (11.1.1.x.x) |
4 |
Upgrade Oracle WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6. |
|
5 |
Run Oracle Fusion Middleware Repository Creation Utility (RCU) to create and load Access Manager schemas and OPSS schema. |
See, Creating Oracle Access Management Access Manager Schemas Using Repository Creation Utility |
6 |
Upgrade 11.1.1.x.x Oracle Home to 11.1.2.2.0. |
|
7 |
Extend your Oracle Access Manager 11.1.1.x.x domain with the OPSS template. |
|
8 |
Upgrade the Oracle Platform Security Services schema. |
|
9 |
Upgrade Oracle Platform Security Services. |
|
10 |
Run the |
See, Configuring Oracle Platform Security ServicesSecurity Store |
11 |
Export access data. |
|
12 |
Import access data. |
|
13 |
Copy infrastructure mbean jar and configuration files |
|
14 |
Start the Administration Server and Oracle Access Management Access Manager Managed Servers. |
See, Starting the Administration Server and Access Manager Managed Servers |
15 |
Redeploy Access Manager servers and shared libraries. |
See, Redeploying Oracle Access Management Access Manager Servers and Shared Libraries |
16 |
Stop the Administration Server and Oracle Access Management Access Manager Managed Server. |
See, Stopping the Administration Server and Access Manager Managed Servers |
17 |
Delete the |
See, Deleting Folders |
18 |
Upgrade the system configuration of Oracle Access Manager. |
|
19 |
Start the Administration Server and Oracle Access Management Access Manager Managed Servers. |
See, Starting the Administration Server and Access Manager Managed Servers |
20 |
Verify the Access Manager upgrade. |
Before you start the upgrade process, you must read the system requirements and certification document to ensure that your system meets the minimum requirements for the products you are installing or upgrading. For more information see Section 2.1, "Reviewing System Requirements and Certification".
The upgrade process involves changes to the binaries and to the schema. Therefore, before you begin the upgrade process, you must shut down the Administration Server and Managed Servers.
For information about stopping the servers, see "Stopping the Servers".
You must back up your Oracle Access Manager 11.1.1.x.x environment before you upgrade to Access Manager 11.1.2.
After stopping the servers, back up the following:
MW_HOME directory, including the Oracle Home directories inside Middleware Home
Domain Home directory
Oracle Access Manager schemas
MDS schemas
Audit and any other dependent schemas
You can upgrade WebLogic Server 10.3.5 to Oracle WebLogic Server 10.3.6 by using the WebLogic 10.3.6 Upgrade Installer. For information about upgrading Oracle WebLogic Server, see "Upgrading to Oracle WebLogic Server 10.3.6".
Upgrading Oracle Access Manager 11.1.1.x.x schema to Oracle Access Management Access Manager 11.1.2 is not supported. You cannot update Oracle Access Manager 11.1.1.x.x schemas to Access Manager 11.1.2, so, you must create new Access Manager 11.1.2 schemas.
Run Repository Creation utility (RCU) to create the Access Manager schema. Select all dependent schemas so that OPSS schema gets created too.
For more information, see "Creating Schemas" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
Note:
Even if you are creating new schemas, do not delete your Oracle Access Manager 11.1.1.x.x schemas and do not use the old schema name, as you will need the old schema credentials while "Exporting Access Data".To upgrade Oracle Access Manager, you must use the 11.1.2.2.0 installer. During the procedure, point the Middleware Home to your existing 11.1.1.x.x Oracle Access Manager Middleware Home. Your Oracle Home is upgraded from 11.1.1.x.x to 11.1.2.2.0.
Note:
Before upgrading the Oracle Access Manager binaries to 11g Release 2 (11.1.2.2.0), you must ensure that the OPatch version inORACLE_HOME
and MW_HOME
/oracle_common
is 11.1.0.9.9. Different OPatch version might cause patch application failure. If you have upgraded opatch to a newer version, you will have to roll back to version 11.1.0.9.9.For information about upgrading Oracle Access Manager 11g Release 1 (11.1.1.x.x) to Oracle Access Management Access Manager 11g Release 2 (11.1.2.2.0), see "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".
Oracle Access Management Access Manager 11.1.2.2.0 uses the database to store policies. This requires extending Oracle Access Manager 11.1.1.x.x domain to include the OPSS data source.
To extend your Oracle Access Manager 11.1.1.x.x component domain with the OPSS template, complete the following steps:
Run the following command:
On UNIX:
./config.sh
It is located in the <MW_HOME>/<Oracle_IDM1>/common/bin
directory.
On Windows:
config.cmd
It is located in the <MW_HOME>\<Oracle_IDM1>\common\bin
directory.
On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.
On the Select a WebLogic Domain Directory screen, browse to the directory that contains the WebLogic domain in which you configured Oracle Access Manager. Click Next. The Select Extension Source screen appears.
On the Select Extension Source screen, select the Oracle Platform Security Service - 11.1.1.0 [Oracle_IDM1] option. After selecting the domain configuration options, click Next. The Configure JDBC Component Schema screen appears.
On the Configure JDBC Component Schema screen, do the following:
Select OAM Infrastructure, and update the Oracle Access Manager 11.1.1.x.x schema information with the Access Manager 11.1.2.2.0 schema details.
Select OPSS Schema, and specify the values for Schema Owner, Schema Password, Database and Service, Host Noame, and Port.
Click Next.
The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.
On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines and Deployments and Services. Do not select anything as you have already configured your Oracle Access Manager 11.1.1.x.x environment. Click Next.
On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.
Your existing Oracle Access Manager domain is extended to support Oracle Platform Security Services (OPSS), and Oracle Access Manager is configured to use the newly created 11.1.2.2.0 OPSS policy schema.
You must upgrade the Oracle Platform Security Services schemas using Patch Set Assistant. To do this, complete the following steps:
Start the Patch Set Assistant from the location MW_HOME
/oracle_common/bin
using the following command:
./psa
Select opss.
Specify the Database connection details, and select the schema to be upgraded.
After you upgrade Oracle Platform Security Services schema, verify the upgrade by checking the log file at the location MW_HOME
/oracle_common/upgrade/logs/psa<
timestamp
>.log
.
The timestamp
refers to the actual date and time when Patch Set Assistant was run. If the upgrade fails, check the log files to rectify the errors and run the Patch Set Assistant again.
After you upgrade schemas, you must upgrade Oracle Platform Security Services (OPSS).
Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Access Manager to 11.1.2.2.0. It upgrades the jps-config.xml
file and policy stores.
For information about upgrading Oracle Platform Security Services, see Section 2.7, "Upgrading Oracle Platform Security Services"
You must configure the Database Security Store as it is the only security store type supported by Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0).
For more information on configuring Oracle Platform Security Services, see "Configuring Database Security Store for an Oracle Identity and Access Management Domain" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
Policy information from Oracle Access Manager 11.1.1.x.x schema needs to be extracted before importing it to the Access Manager 11.1.2.2.0 schema. The exportAccessData
WLST command exports the Access Manager policy and configuration information from the 11.1.1.x.x Oracle Access Manager domain. You must export Oracle Access Manager 11.1.1.x.x configuration details, policy stores, keys, and CSF Passwords.
Note:
Make sure to shutdown all WebLogic Server processes (administration server, Oracle Access Manager managed server, and node manager) before executing these export commands.Complete the following steps to export data:
Move from your present working directory to the <MW_HOME>/<Oracle_IDM1>/common/bin
directory by running the following command on the command line:
cd <MW_HOME>/<Oracle_IDM1>/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
At the WLST prompt, run the following script:
exportAccessData("<UPGRADE_PROPERTIES_FILE>")
For example:
exportAccessData("<ORACLE_HOME>/oam/server/wlst/scripts/sample_properties/oam_upgrade.properties")
See Table 9-3 for sample properties and description.
Exit the WLST console using the exit()
command.
Move from your present working directory to the <MW_HOME>\<Oracle_IDM1>\common\bin
directory by running the following command on the command line:
cd <MW_HOME>\<Oracle_IDM1>\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
At the WLST prompt, run the following script:
exportAccessData("<UPGRADE_PROPERTIES_FILE>")
For example:
exportAccessData("<ORACLE_HOME>\\oam\\server\\wlst\\scripts\\sample_properties\\oam_upgrade-windows.properties")
See Table 9-3 for sample properties and description.
Exit the WLST console using the exit()
command.
Table 9-2 describes the parameters you must specify on the command line:
Table 9-2 Parameters for Exporting Data
Parameter | Description |
---|---|
|
Specify the path to the On UNIX, it is located in the On Windows, it is located in the |
Table 9-3 lists the properties of oam_upgrade.properties
:
Table 9-3 Property Description
Properties | Description |
---|---|
|
Specify the complete path to the Middleware Home. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
This property refers to the location of the Oracle Identity and Access Management software. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
This property refers to the existing Oracle Access Manager 11.1.1.x.x domain home. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
This property refers to the common components home. The following example shows the complete path: On UNIX, it is located in the On Windows, it is located in the |
|
This property refers to the location where you want to place the upgrade artifacts, such as Oracle Access Manager 11.1.1.x.x configuration and policy files. Note: Make sure that the artifacts folder has read/write access. |
|
This is an |
|
This property is used to specify if you run the upgrade in an incremental mode. Incremental form of upgrade is not supported in Access Manager 11.1.2.2.0. Therefore, set the value as |
|
As a part of the Oracle Access Manager policy upgrade, the changes to the out of the box Access Manager policies are applied on top of the existing (11.1.1.x.x) out of the box policies. This process involves a three way merge of the Access Manager policies. This is a time consuming process (takes about 30 minutes). If you want to proceed with the merge, set the property to If you want to replace the Oracle Access Manager 11.1.1.x.x out of the box policies with the new ones, without the merge process, set this property to |
|
Use this property to connect to the 11.1.1.x.x policy store. Specify the Oracle Access Manager 11.1.1.x.x schema owner. |
|
Use this property to connect to the 11.1.1.x.x policy store. Specify the Oracle Access Manager 11.1.1.x.x schema credentials. |
|
Use this property to connect to the 11.1.1.x.x policy store. Specify the Oracle Access Manager 11.1.1.x.x Oracle Entitlements Server database credential alias as:
|
|
Use this property to connect to the 11.1.1.x.x policy store. Specify the JDBC connection string in the following format:
|
|
Use this property to connect to the 11.1.1.x.x policy store. Specify the JDBC driver class in the following format:
|
|
Use this property to connect to the 11.1.1.x.x policy store. Specify the properties as:
|
|
This property refers to the absolute path to the XML file where extracted 11.1.1.x.x policy needs to be saved. Specify the path where you want to save the extracted Oracle Access Manager 11.1.1.x.x policies. For example: On UNIX, specify the following path:
On Windows, specify the following path:
|
|
Upgrade frameworks loads version specific jars for Exporting and Importing data. This property refers to the Oracle Access Manager 11.1.1.x.x policy jars available at the following path: On UNIX, it is located in the On Windows, it is located in the |
|
This property refers to the Oracle Access Manager 11.1.1.x.x configuration files available in the following location: On UNIX, it is located in the On Windows, it is located in the |
|
This property refers to the absolute path to the temporary policy XML. This temporary XML will be used for policy transformation. Specify the temporary location of the XML file. For example: On UNIX, specify the following path:
On Windows, specify the following path:
|
|
Upgrade frameworks loads version specific jars for exporting and importing data. This property refers to the Access Manager 11.1.2.2.0 policy jars available at the following location: On UNIX, it is located in the On Windows, it is located in the |
|
This property refers to the Access Manager 11.1.2.2.0 configuration files available at the following location: On UNIX, it is located in the On Windows, it is located in the |
|
The Oracle Access Manager source version is 11.1.1.x.x. |
|
The Access Manager target version is 11.1.2.0.0. |
Note:
The variables listed in Table 9-3 are not environment variables. These variables must be defined in theoam_upgrade.properties
file.
When you specify paths to any files in the oam_upgrade.properties
file, make sure it is in the format specified in the following example:
On UNIX: /directory_1/directory_2/file
On Windows: \\directory_1\\directory_2\\file
Sample Output of exportAccessData
wls:/offline> exportAccessData("<ORACLE_HOME>/oam/server/wlst/scripts/sample_properties/oam_upgrade.properties") Jul 7, 2012 1:37:30 AM oracle.security.access.upgrade.WLSTExecutor executeCommand INFO: EXPORT_DATA_COMMAND Jul 7, 2012 1:37:30 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand INFO: OAAM PRODUCT Jul 7, 2012 1:37:30 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand INFO: OAM PRODUCT Jul 7, 2012 1:37:30 AM oracle.security.access.upgrade.util.WLSTExportDataUtil executeCommand INFO: oamPlugin.getName() = oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory Jul 7, 2012 1:37:30 AM oracle.security.am.upgrade.plugin.util.UpgradeUtil exportConfiguration INFO: Copying configuration file.... oracle.security.am.upgrade.plugin.upgradehelper.OAMVersionSpecificClassLoader@1e330f43 [EL Info]: 2012-07-07 01:37:32.849--ServerSession(503497062)--EclipseLink, version: Eclipse Persistence Services - 1.1.0.r3634 [EL Info]: 2012-07-07 01:37:35.212--ServerSession(503497062)--file:$ORACLE_HOME/oam/server/lib/upgrade/ps1-policy/oes-d8/jps-internal.jar-JpsDBDataManager login successful Jul 7, 2012 1:37:39 AM com.tangosol.coherence.component.util.logOutput.Jdk log INFO: 2012-07-07 01:37:39.026/135.466 Oracle Coherence 3.5.3/465p2 <Info> (thread=Main Thread, member=n/a): Loaded operational configuration from resource "jar:file:$ORACLE_HOME/oam/server/lib/upgrade/ps1-policy/coherence.jar!/tangosol-coherence.xml" Jul 7, 2012 1:37:39 AM com.tangosol.coherence.component.util.logOutput.Jdk log INFO: 2012-07-07 01:37:39.035/135.474 Oracle Coherence 3.5.3/465p2 <Info> (thread=Main Thread, member=n/a): Loaded operational overrides from resource "jar:file:$ORACLE_HOME/oam/server/lib/upgrade/ps1-policy/coherence.jar!/tangosol-coherence-override-dev.xml" ................... WARNING: Cannot load audit configuration. Jul 7, 2012 1:37:47 AM oracle.security.am.common.audit.AuditHandler getAuditor WARNING: Cannot load audit configuration. Jul 7, 2012 1:37:47 AM oracle.security.am.common.audit.AuditHandler getAuditor WARNING: Cannot load audit configuration. Jul 7, 2012 1:37:47 AM oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory exportData INFO: Extraction Done!! Jul 7, 2012 1:37:47 AM oracle.security.am.upgrade.plugin.util.UpgradeCommonUtil removeDirectory INFO: Deletion of Directory: true path: $OAM_ARTIFACTS_DIRECTORTY/temp.zip Jul 7, 2012 1:37:47 AM oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory exportData INFO: Export completed successfully!
It is necessary to import the extracted Oracle Access Manager 11.1.1.x.x data to the Access Manager 11.1.2 schema. The Oracle Access Manager 11.1.1.x.x domain configuration is also merged with the Access Manager 11.1.2 configuration.
Note:
Make sure to shutdown all WebLogic Server processes (administration server, Oracle Access Manager managed server, and node manager) before executing these import commands.To import Oracle Access Manager 11.1.1.x.x configuration data into Access Manager 11.1.2.2.0, complete the following steps:
Move from your present working directory to the <MW_HOME>/<Oracle_IDM1>/common/bin
directory by running the following command on the command line:
cd <MW_HOME>/<Oracle_IDM1>/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
At the WLST prompt, run the following script:
importAccessData("<UPGRADE_PROPERTIES_FILE>")
For example:
importAccessData("<ORACLE_HOME>/oam/server/wlst/scripts/sample_properties/oam_upgrade.properties")
See Table 9-3 for sample properties and description.
Exit the WLST console using the exit()
command.
Move from your present working directory to the <MW_HOME>\<Oracle_IDM1>\common\bin
directory by running the following command on the command line:
cd <MW_HOME>\<Oracle_IDM1>\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
At the WLST prompt, run the following script:
importAccessData("<UPGRADE_PROPERTIES_FILE>")
For example:
importAccessData("<ORACLE_HOME>\\oam\\server\\wlst\\scripts\\sample_properties\\oam_upgrade.properties")
See Table 9-3 for sample properties and description.
Exit the WLST console using the exit()
command.
Table 9-4 describes the parameters you need to specify on the command line:
Table 9-4 Parameters for Importing Data
Parameter | Description |
---|---|
|
Specify the path to the On UNIX, it is located in the On Windows, it is located in the |
Sample Output of importAccessData
wls:/offline> importAccessData("<ORACLE_HOME>/oam/server/wlst/scripts/sample_properties/oam_upgrade.properties") LOGGER intialised java.util.logging.Logger@1e26e4b1 Jul 7, 2012 1:38:25 AM oracle.security.access.upgrade.WLSTExecutor executeCommand INFO: IMPORT_DATA_COMMAND Jul 7, 2012 1:38:25 AM oracle.security.access.upgrade.util.WLSTImportDataUtil executeCommand INFO: OAAM PRODUCT IMPORT DATA Jul 7, 2012 1:38:25 AM oracle.security.access.upgrade.util.WLSTImportDataUtil executeCommand INFO: OAM PRODUCT Jul 7, 2012 1:38:25 AM oracle.security.access.upgrade.util.WLSTImportDataUtil executeCommand INFO: oamPlugin.getName() = oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory Jul 7, 2012 1:38:27 AM oracle.security.am.common.policy.admin.provider.xml.XMLStore <init> INFO: Loading policy store file: $OAM_ARTIFACTS_DIRECTORTY/oam-policy.xml. Jul 7, 2012 1:38:30 AM com.tangosol.coherence.component.util.logOutput.Jdk log INFO: 2012-07-07 01:38:30.069/17.816 Oracle Coherence 3.7.1.1 <Info> (thread=Main Thread, member=n/a): Loaded operational configuration from "jar:file:$MIDDLEWARE_HOMEoracle_common/modules/oracle.coherence/coherence.jar!/tangosol-coherence.xml" Jul 7, 2012 1:38:30 AM com.tangosol.coherence.component.util.logOutput.Jdk log INFO: 2012-07-07 01:38:30.103/17.850 Oracle Coherence 3.7.1.1 <Info> (thread=Main Thread, member=n/a): Loaded operational overrides from "jar:file:$MIDDLEWARE_HOMEoracle_common/modules/oracle.coherence/coherence.jar!/tangosol-coherence-override-dev.xml" Jul 7, 2012 1:38:30 AM com.tangosol.coherence.component.util.logOutput.Jdk log INFO: 2012-07-07 01:38:30.107/17.854 Oracle Coherence 3.7.1.1 <Info> (thread=Main Thread, member=n/a): Loaded operational overrides from "jar:file:$ORACLE_HOME/oam/server/lib/upgrade/ps2-policy/mapstore-coherence.jar!/tangosol-coherence-override.xml" ..... Jul 7, 2012 1:38:36 AM oracle.security.am.common.audit.AuditHandler getAuditor WARNING: Cannot load audit configuration. Jul 7, 2012 1:38:36 AM oracle.security.am.common.audit.AuditHandler getAuditor WARNING: Cannot load audit configuration. Jul 7, 2012 1:38:36 AM oracle.security.am.common.audit.AuditHandler getAuditor WARNING: Cannot load audit configuration. Jul 7, 2012 1:38:38 AM oracle.security.am.upgrade.plugin.upgradehelper.UpgradeFactory importData INFO: Import completed successfully!!
Note:
When you execute theimportAccessData()
command, the output might include additional text after the line INFO: Import completed successfully!!
. The additional text has no impact on the result and can be ignored.After updating the Access Manager binaries to 11.1.2.2.0 you must copy the modified system or domain mbean configurations from the OAM_ORACLE_HOME
to the DOMAIN_HOME
.
Move from your present working directory to the <MW_HOME>/common/bin
directory by running the following command on the command line:
cd <MW_HOME><Oracle_IDM1>/common/bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
./wlst.sh
At the WLST prompt, run the following script:
copyMbeanXmlFiles('
DOMAIN_HOME
','
OAM_ORACLE_HOME
')
For example:
copyMbeanXmlFiles('/Oracle/Middleware/user_projects/domains/base_domain','/Oracle/Middleware/Oracle_IDM1')
Exit the WLST console using the exit()
command.
Move from your present working directory to the <MW_HOME>\common\bin
directory by running the following command on the command line:
cd <MW_HOME>\<Oracle_IDM1>\common\bin
Run the following command to launch the WebLogic Scripting Tool (WLST):
wlst.cmd
At the WLST prompt, run the following script:
copyMbeanXmlFiles ('<domain_name>',' 'Oracle_IDM')
For example:
copyMbeanXmlFiles('C:\\Oracle\\Middleware\\user_projects\domains\\base_domain','C:\\Oracle\\Middleware\\Oracle_IDM1')
Exit the WLST console using the exit()
command.
Note:
When you start the Administration Server and the Managed Servers, the Access Manager Administration console application and the Access Manager Managed server application may start with a number of errors and exceptions. This is expected and can be ignored. These issues are resolved by the subsequent redeployment process.The redeploy
command is an online WLST command. Therefore, you must start the Oracle Access Management Access Manager Administration and Managed Servers before running the redeploy
command.
For information about starting the Administration Server and Access Manager Managed servers, see "Starting the Servers".
You must redeploy Oracle Access Management Access Manager for the following reasons:
To uptake new shared libraries that Access Manager servers are dependent on.
To uptake newer versions of Access Manager Administration and Managed Server applications.
To redeploy Access Manager server applications and shared Access Manager libraries, complete the following steps:
Run the following command to launch the WebLogic Scripting Tool (WLST) from the location $MW_HOME
/
ORACLE_HOME
/common/bin
:
On UNIX: ./wlst.sh
On Windows: wlst.cmd
Connect to the Administration Server using the following command:
connect('
<weblogic_username>
','
<weblogic_password>
','
<weblogic_host>
:
<port>
')
Run the following command to redeploy the applications and shared libraries:
redeployOAM("
ORACLE_HOME
","
ORACLE_COMMON_HOME
",adminTarget="
Admin_server_name
",serverTarget="
oam_server
")
Note:
If you are upgrading Oracle Access Manager high availability environments, speciy theoam_cluster
for the argument serverTarget
while running redeployOAM
command.Table 9-5 describes the parameters you need to specify on the command line:
Table 9-5 Parameters to be Specified When Running redeployOAM Command
Parameter | Description |
---|---|
|
Specify the absolute path to the Oracle Home. For example: On UNIX, it is located at On Windows, it is located at |
|
Specify the absolute path to the Oracle common home. For example: On UNIX, it is located in the On Windows, it is located in the |
|
Specify the Administration Server name you had specified while configuring Access Manager. |
|
Specify the name of the Access Manager Server you had specified while configuring Access Manager Server. |
For example:
redeployOAM("/scratch/Oracle/Middleware/Oracle_IDM1","/scratch/Oracle/Middleware/oracle_common",adminTarget="AdminServer",serverTarget="OAM_SERVER")
Note:
You might see the following exception after the Access Manager server deployment. This is because tmp
and stage
directories still exist. You can ignore the errors:
HTTP:101216]Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam". java.lang.ExceptionInInitializerError at java.lang.J9VMInternals.initialize(J9VMInternals.java:222) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:97) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:75) at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56 at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:200) at oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46 Caused by: oracle.security.am.common.utilities.exception.AmRuntimeException:OAM Server Key initialization failed Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
When you execute the redeployOAM
command, the following warning may be displayed:
"************************ Performing OAM Admin server deployment and Data Migration. This operation will take some time. Please wait until it completes.******"
Note that redeployment takes approximately 30 minutes to complete due to policy migration. In addition, note that the time for completion of redeployment also depends on the amount of data present in the Oracle Access Manager system that is being upgraded.
Exit the WLST console using the exit()
command.
The deployment may fail if the SDP library is already installed as a part of the SOA or OIM deployments. For recovery procedure, see Section 9.22.2, "Exception While Deploying Application".
Note:
.After redeploying Oracle Access Management Access Manager, you must verify that the following libraries and applications are deployed to Access Manager cluster (OAM_CLUSTER
):
Libraries
oracle.oaam.libs (11.1.2.0.0)
oracle.sdp.client (11.1.1)
coherence (3.7.1.1)
oracle.idm.ids.config.ui (11.1.2,11.1.2)
oracle.idm.ipf (11.1.2,11.1.2)
Applications
oamsso_logout (11.1.2.0.0)
oam_server (11.1.2.0.0)
To stop the servers, see Section 9.3, "Shutting Down Administration Server and Managed Servers".
This step is required to uptake new version of the Access Manager Managed Server. The redeploy
command does not delete the tmp
directories.
In order to deploy Oracle Access Manager 11.1.1.x.x server content and applications to Access Manager 11.1.2.2.0, you must delete all folders in the following location:
<MW_Home>/user_projects/domains/domain_home/servers/<OAM_MANAGED_SERVER_NAME>
<MW_Home>\user_projects\domains\domain_home\servers\<OAM_MANAGED_SERVER_NAME>
After you upgrade to Oracle Access Manager binaries to 11.1.2.2.0, you must run the upgradeConfig()
utility on the machine that hosts Administration Server, to upgrade the system configuration of Oracle Access Manager to 11.1.2.2.0. Before you run the upgradeConfig()
utility, make sure that the Administration Server and the Managed Servers are stopped.
To upgrade the system configuration of Oracle Access Manager, do the following:
Run the following command to launch the WebLogic Scripting Tool (WLST) from the location $ORACLE_HOME
/common/bin
:
On UNIX: ./wlst.sh
On Windows: wlst.cmd
Run the following command in offline mode:
upgradeConfig("
domain_home
", "
sysdbaUser
", "
sysdbaPwd
", "
oamSchemaOwner
", "
oamdbJdbcUrl
")
In this command,
domain_hom
e is the absolute path to the Access Manager WebLogic domain.
sysdbauser
is the database username having sysdba
privileges.
sysdbapwd
is the password of the database user having sysdba
privileges.
oamSchemaOwner
is the database username for OAM schema.
oamdbjdbcUrl
is the JDBC URL to connect to the Access Manager database. The JDBC URL must be in specified in the format "jdbc:oracle:thin:@<
server_host
>:<
server_port
>/<
service_name
>"
.
For example:
On UNIX:
upgradeConfig("/Oracle/Middleware/user_projects/domains/base_domain", "sys", "pwd", "PREFIX_OAM", "jdbc:oracle:thin:@localhost:1521/orcl")
On Windows:
upgradeConfig("C:\\Oracle\\Middleware\\user_projects\\domains\\base_domain", "sys", "pwd", "PREFIX_OAM", "jdbc:oracle:thin:@localhost:1521/orcl")
To start the servers, see Section 9.15, "Starting the Administration Server and Access Manager Managed Servers".
Use the following URL in a web browser to verify that Oracle Access Management Access Manager 11g Release 2 (11.1.2.2.0) is running:
http(s)://<oam_admin_server_host>:<oam_admin_server_port>/oamconsole
Note:
This note is applicable only to users who currently have Oracle Identity Manager and Oracle Access Manager components integrated in 11g R1 (11.1.1.5.1) or earlier versions, and are upgrading both Oracle Identity Manager and Access Manager to 11g R2 (11.1.2).After upgrading the components to 11g Release 2 (11.1.2.2.0), see "Using the idmConfigTool Command" in the Oracle Fusion Middleware Integration Guide for Oracle Identity Management Suite.
This sections describes some of the common issues that you might encounter during the upgrade process, and their workarounds.
Note:
For information about the issues that you might encounter during the upgrade process, and their workarounds, see Oracle Fusion Middleware Release Notes.This section contains the following topics:
If you get a class not found
exception, it is because you have not exited from the WLST console after running the exportAccessData
command.
Exit the WLST console using the exit()
command.
If you get the following exception when you deploy sdpclient.jar
application, then the SDP library is already installed.
<Month <Date>, <Year> <Time> <Time ZOne> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating deploy operation for application, oracle.sdp.client#11.1.1@11.1.1 [archive: <ORACLE_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar], to oam_server1 .> weblogic.management.ManagementException: [Deployer:149007]New source location, '<ORACLE_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar', cannot be deployed to configured application, 'oracle.sdp.client [LibSpecVersion=11.1.1,LibImplVersion=11.1.1]'. The application source is at '<ORACLE_SOA_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar'. Changing the source location is not allowed for a previously attempted deployment. Try deploying without specifying the source.Failed to deploy the application with status failed Current Status of your Deployment: Deployment command type: deploy Deployment State : failed Deployment Message : weblogic.management.ManagementException: [Deployer:149007]New source location, '<ORACLE_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar', cannot be deployed to configured application, 'oracle.sdp.client [LibSpecVersion=11.1.1,LibImplVersion=11.1.1]'. The application source is at '<ORACLE_SOA_HOME>/communications/modules/oracle.sdp.client_11.1.1/sdpclient.jar'. Changing the source location is not allowed for a previously attempted deployment. Try deploying without specifying the source. Error occured while performing deploy : Target exception thrown while deploying application: Error occured while performing deploy : Deployment Failed. : Error occured while performing deploy : Deployment Failed. Use dumpStack() to view the full stacktrace Deploying application from <ORACLE_HOME>/oam/server/apps/oam-admin.ear to targets AdminServer (upload=false) ...
Complete the following steps to recover:
Log into the WebLogic console.
Check for the following library:
oracle.sdp.client(11.1.1,11.1.1)
Target this library to oam_server1
Run the following command:
deployOAMServer("<ORACLE_HOME>",adminTarget="AdminServer",serverTarget="oam_server1")
If you get the following error after the Access Manager server deployment, it is because the tmp
and stage
directories still exist in your environment.
Ignore it:
[HTTP:101216]Servlet: "AMInitServlet" failed to preload on startup in Web application: "oam". java.lang.ExceptionInInitializerError at java.lang.J9VMInternals.initialize(J9VMInternals.java:222) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.checkAndInit(AbstractSessionAdapterImpl.java:97) at oracle.security.am.engines.sso.adapter.AbstractSessionAdapterImpl.<init>(AbstractSessionAdapterImpl.java:75) at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<init>(MultipleUserSessionAdapterImpl.java:56) at oracle.security.am.engines.sso.adapter.MultipleUserSessionAdapterImpl.<clinit>(MultipleUserSessionAdapterImpl.java:45) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:200) at oracle.security.am.engines.sso.adapter.SessionManagementAdapterFactory.getAdapter(SessionManagementAdapterFactory.java:46)
If you get the following error, the 11.1.2.2.0 Repository Creation Utility is not new and has data.
oracle.security.am.common.policy.admin.impl.PolicyValidationException: OAMSSA-06045: An object of this type named "HTTP" already exists. at oracle.security.am.common.policy.admin.impl.ResourceTypeManagerImpl.isValidWrite(ResourceTypeManagerImpl.java:482) at oracle.security.am.common.policy.admin.impl.ResourceTypeManagerImpl.createResourceType(ResourceTypeManagerImpl.java:165) at oracle.security.am.common.policy.tools.OAMPolicyStoreBootstrap.createResourceType(OAMPolicyStoreBootstrap.java:554) at oracle.security.am.common.policy.tools.OAMPolicyStoreBootstrap.addOAMObjs(OAMPolicyStoreBootstrap.java:328) at oracle.security.am.common.policy.tools.OAMPolicyStoreBootstrap.addPolicyObjects(OAMPolicyStoreBootstrap.java:280) at oracle.security.am.common.policy.tools.OAMPolicyStoreBootstrap.bootstrap(OAMPolicyStoreBootstrap.java:233) at oracle.security.am.install.OAMInstaller.bootstrapOES(OAMInstaller.java:1064) at oracle.security.am.install.OAMInstaller.bootstrapPolicy(OAMInstaller.java:1423) at oracle.security.am.install.OAMInstaller.upgradePolicy(OAMInstaller.java:1513)
Check if a new Repository Creation Utility schema is created for Access Manager. Also check if the domain has been updated to use the new 11.1.2.2.0 Repository Creation Utility.
If you get the following error, the tmp
and stage
folders still exists:
Caused by: com.bea.security.ParameterException: Invalid configuration: cannot locate class: com.bea.security.ssal.micro.MicroSecurityServiceManagerWrapper at com.bea.security.impl.SecurityRuntimeImpl.getNewInstance(SecurityRuntimeImpl.java:263) at com.bea.security.impl.SecurityRuntimeImpl.initialize(SecurityRuntimeImpl.java:313) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.bea.security.SecurityRuntime.initialize(SecurityRuntime.java:140) at com.bea.security.impl.MicroSMImpl.getInstance(MicroSMImpl.java:167)
This error is resolved once you remove the tmp
and stage
folders, as instructed in Section 9.18, "Deleting Folders".
If you upgraded Oracle Access Manager 11g Release 1 (11.1.1.5.0) to 11.1.2.2.0, the component versions of the packages oracle.dogwood.top
and oracle.oam.server
still show 11.1.1.5.0.
The resolve this, you must run the domain updater utility (com.oracle.cie.domain-update_1.0.0.0.jar
). This step updates the domain-info.xml
.
To upgrade the necessary Oracle Access Manager packages to 11.1.2.2.0, complete the following steps:
Go to the directory $ORACLE_HOME
/oaam/upgrade
. The domain updater utility com.oracle.cie.domain-update_1.0.0.0.jar
file is located in this directory.
Upgrade the package oracle.dogwood.top
11.1.1.5.0 to 11.1.2.2.0 by running the following command:
java -cp
$MW_HOME
/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater
<DOMAIN_HOME>
oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0
For example:
java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OAMDomain oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0
Upgrade the package oracle.oam.server
11.1.1.5.0 to 11.1.2.2.0 by running the following command:
java -cp
$MW_HOME
/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater
<DOMAIN_HOME>
oracle.oam.server:11.1.1.5.0,:11.1.2.2.0
For example:
java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OAMDomain oracle.oam.server:11.1.1.5.0,:11.1.2.2.0