4 Upgrading Oracle Identity and Access Management Environments Deployed Using Life Cycle Management (LCM) Tools on a Single Node

This chapter describes how to upgrade Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) environments that are deployed using the Life Cycle Management (LCM) Tools on a single node, to 11g Release 2 (11.1.2.3.0) using the automated upgrade procedure.

If you wish to upgrade Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) highly available (HA) environments that are deployed using the Life Cycle Management (LCM) Tools, see Chapter 5, "Upgrading Oracle Identity and Access Management Highly Available Environments Deployed Using Life Cycle Management (LCM) Tools".

Note:

The upgrade procedure described in this chapter cannot be used to upgrade the Oracle Identity and Access Management environments that are configured manually, using the Oracle Universal Installer and Fusion Middleware Configuration wizard.

For information about upgrading Oracle Identity and Access Management environments that configured manually, see Chapter 1, "Introduction to Oracle Identity and Access Management Upgrade".

Before you proceed, review the automated upgrade overview, deployment topologies supported for automated upgrade, and the supported starting points described in Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".

Note:

For information about any latest patches, see "Downloading and Applying Required Patches" in the Oracle Fusion Middleware Release Notes for Identity Management.

This chapter includes the following sections:

• Section 4.1, "Variables Used in This Chapter"

• Section 4.2, "Upgrade Scenarios Covered in this Chapter"

• Section 4.3, "Upgrading Oracle Identity Manager (OIM) Only Topology on a Single Node"

• Section 4.4, "Upgrading Oracle Access Manager (OAM) Suite Only Topology on a Single Node"

• Section 4.5, "Upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node"

• Section 4.6, "Performing Isolated Upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node"

• Section 4.7, "Troubleshooting"

4.1 Variables Used in This Chapter

Table 4-1 lists the variables used in this chapter.

Table 4-1 Variables Used in This Chapter and Their Descriptions

Variable	Description
SCRIPT_FILE_LOCATION	This is the location where you copied the upgrade tool idmUpgrade.zip, and extracted the files.
OIMHOST	This is the host on which Oracle Identity Manager (OIM) Suite Only topology is deployed. The following components are installed on this host: Oracle Identity Manager Oracle HTTP Server
OAMHOST	This is the host on which Oracle Access Manager (OAM) Suite Only topology is deployed. The following components are installed on this host: Oracle Access Manager Oracle HTTP Server
IDMHOST	The is the host on which OIM-OAM Integrated with Oracle Unified Directory (OUD) topology is deployed. The following components are installed on this host: Oracle Identity Manager Oracle Access Manager Oracle Unified Directory Oracle HTTP Server

4.2 Upgrade Scenarios Covered in this Chapter

This chapter describes how to upgrade the following Oracle Identity and Access Management topologies deployed using the Life Cycle Management (LCM) Tools:

• Oracle Identity Manager (OIM) Only Topology on a Single Node

  For information about upgrading Oracle Identity Manager (OIM) Only topology on a single node, see Section 4.3, "Upgrading Oracle Identity Manager (OIM) Only Topology on a Single Node".

• Oracle Access Manager (OAM) Suite Only Topology on a Single Node

  For information about upgrading Oracle Access Manager (OAM) Suite Only topology on a single node, see Section 4.4, "Upgrading Oracle Access Manager (OAM) Suite Only Topology on a Single Node".

• OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node

  For information about upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node, see Section 4.5, "Upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node".

• Isolated Upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node

  For information about performing isolated upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node, see Section 4.6, "Performing Isolated Upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node".

Note:

For more information about isolated upgrade, see Section 2.3, "Isolated Upgrade Overview".

For the list of scenarios supported for automated upgrade, see Section 2.2, "Deployment Topologies Supported for Automated Upgrade".

4.3 Upgrading Oracle Identity Manager (OIM) Only Topology on a Single Node

This section describes how to upgrade Oracle Identity Manager (OIM) Only topology on a single node deployed using LCM tool, from 11g Release 2 (11.1.2.2.0) to 11g Release 2 (11.1.2.3.0).

This topology contains OIMHOST that hosts Oracle Identity Manager and Oracle HTTP Server (OHS).

As part of the Oracle Identity Manager upgrade, the embedded Oracle BI Publisher (BIP) will be installed and configured with Oracle Identity Manager. Therefore, after upgrading to Oracle Identity Manager 11.1.2.3.0, you can choose to either use the embedded BI Publisher or continue to use the standalone Oracle BI Publisher. If you choose to use the embedded BI Publisher and discontinue using the standalone BIP, then you must migrate the existing BIP reports to embedded BIP.

To upgrade Oracle Identity Manager (OIM) Only topology on a single node, perform the following tasks:

1. Completing the Prerequisites

2. Obtaining the Software

3. Setting the Environment Variables

4. Updating the Properties File

5. Performing Pre-Validation Checks on OIMHOST

6. Creating BIP Schema for OIM Upgrade (Only on Solaris, IBM AIX, and HP Itanium Platforms)

7. Stopping All Servers on OIMHOST

8. Backing Up Database and WebLogic Domain

9. Upgrading Binaries and Configuration on OIMHOST

10. Performing Post-Validation Checks on OIMHOST

11. Verifying the Upgrade

4.3.1 Completing the Prerequisites

Before you start with the upgrade process, you must complete the following prerequisites:

1. Review the system requirements and certification document and make sure that your existing environment meets all hardware and software requirements necessary for 11g Release 2 (11.1.2.3.0) software. For more information, see Section 6.2, "Reviewing System Requirements and Certifications".

2. On OIMHOST, ensure that the /etc/hosts file contains both canonical hostnames (fully qualified host names) along with the hostname entry. For more information, see "Section 6.5, "Verifying Hostnames in the Hosts File".

4.3.2 Obtaining the Software

Obtain the file idmUpgrade.zip that contains the upgrade scripts. Copy the zip file to any accessible location on OIMHOST and extract the contents of the zip file. For more information about obtaining the zip file, and extracting the contents, see Section 6.6, "Obtaining the Automated Upgrade Tool".

Note:

The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:

https://updates.oracle.com/download/21419345.html

4.3.3 Setting the Environment Variables

Before you start with the upgrade process, you must set the required environment variables on OIMHOST depending on the platform on which you are upgrading Oracle Identity and Access Management. For more information, see Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade".

4.3.4 Updating the Properties File

You must update the upgrade.properties file located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties on OIMHOST with the values for the required properties.

For information about the properties that you must update for upgrading Oracle Identity Manager (OIM) Only topology, see Section 6.7, "Updating the upgrade.properties File".

4.3.5 Performing Pre-Validation Checks on OIMHOST

After you update the properties file, you must perform pre-validation checks on OIMHOST for both Oracle Identity Manager and Oracle HTTP Server. To do this, complete the following steps:

1. Run the preValidate.pl script for Oracle Identity Manager by specifying OIM for the argument -node.

2. Run the preValidate.pl script for Oracle HTTP Server by specifying WEBTIER for the argument -node.

For general syntax of the preValidate.pl script and for information about running the script, see Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script".

4.3.6 Creating BIP Schema for OIM Upgrade (Only on Solaris, IBM AIX, and HP Itanium Platforms)

If you are upgrading Oracle Identity Manager on platforms such as Solaris, IBM AIX, and HP Itanium using the automated upgrade tool, you must create the Oracle BI Publisher (BIPLATFORM) schema manually using the Repository Creation Utility (RCU) 11.1.2.3.0 from the machine that is running Linux or Windows operating system.

For more information about creating schema using RCU, see Section 6.9, "Creating BIP Schema for Oracle Identity Manager Upgrade on Solaris, IBM AIX, and HP Itanium Platforms".

Note:

If you are upgrading Oracle Identity Manager on Linux, skip this step, as the automated upgrade tool creates the BIPLATFORM schema on Linux.

4.3.7 Stopping All Servers on OIMHOST

You must stop the following servers on OIMHOST:

1. Oracle HTTP Server

2. Oracle Identity Manager Managed Server(s)

3. Oracle SOA Suite Managed Server(s)

4. WebLogic Administration Server

To stop all of the servers on a host, run the following command script from the location SHARED_CONFIG_DIR/config/scripts:

./stopall.sh

4.3.8 Backing Up Database and WebLogic Domain

Before you run the upgrade script, you must backup your Database schemas and the WebLogic domain on OIMHOST. For more information, see Section 6.3, "Backing up the Existing Environment".

4.3.9 Upgrading Binaries and Configuration on OIMHOST

You must upgrade binaries and configuration of both Oracle Identity Manager and Oracle HTTP Server on OIMHOST using the idmUpgrade.pl script.

Both binary upgrade and configuration upgrade can be performed together by specifying the value both for the argument -mode while running the script. When you do so, the upgrade script performs the binary upgrade first followed by the configuration upgrade. If you do not specify any value for the argument -mode, the value will be taken as both, as it is the default value. Therefore, -mode is an optional argument when you upgrade Oracle Identity Manager on a single node.

Note:

Make sure that the Database services are up and running before you run the upgrade script.

To upgrade the binaries and configurations of Oracle Identity Manager and Oracle HTTP Server on OIMHOST, complete the following steps:

1. Run the idmUpgrade.pl script on OIMHOST for upgrading the binaries and configurations of Oracle Identity Manager by specifying OIM for the argument -node and both for the argument -mode.

2. Run the idmUpgrade.pl script on OIMHOST for upgrading the binaries and configurations of Oracle HTTP Server by specifying WEBTIER for the argument -node and both for the argument -mode.

For general syntax of the idmUpgrade.pl script and for information about running the script, see Section 6.10, "Upgrading Oracle Identity and Access Management Binaries and Configuration Using idmUpgrade.pl script".

4.3.10 Performing Post-Validation Checks on OIMHOST

After you upgrade binaries and configuration, you must perform post-validation checks on OIMHOST for both Oracle Identity Manager and Oracle HTTP Server using the postValidate.pl script.

To perform the post-validation checks on OIMHOST, complete the following steps:

1. Run the postValidate.pl script for Oracle Identity Manager by specifying OIM for the argument -node.

2. Run the postValidate.pl script for Oracle HTTP Server by specifying WEBTIER for the argument -node.

For general syntax of the postValidate.pl script and for information about running the script, see Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script".

4.3.11 Verifying the Upgrade

After you perform the post-validation checks, verify the Oracle Identity Manager upgrade by checking the log files on OIMHOST. Log files are created at the location you specified for LOG_DIR parameter in the upgrade.properties file.

4.4 Upgrading Oracle Access Manager (OAM) Suite Only Topology on a Single Node

This section describes how to upgrade Oracle Access Manager (OAM) Suite Only topology on a single node deployed using LCM tool, from 11g Release 2 (11.1.2.2.0) to 11g Release 2 (11.1.2.3.0).

This topology contains OAMHOST that hosts Oracle Access Manager and Oracle HTTP Server (OHS). This topology can also include Oracle Adaptive Access Manager if you had extended your Oracle Access Manager 11g Release 2 (11.1.2.2.0) domain to Oracle Adaptive Access Manager post-deployment.

Oracle Access Manager 11g Release 2 (11.1.2.3.0) has a new feature called Oracle Mobile Security Suite. You can enable Oracle Mobile Security Suite post-upgrade. For an introduction to Oracle Mobile Security Suite, see "Understanding Oracle Mobile Security Suite" in Oracle Fusion Middleware Administering Oracle Mobile Security Suite.

Note:

Upgrade is supported on OAM only environment with non-embedded LDAP - Oracle Unified Directory (OUD), Oracle Internet Directory (OID), and Microsoft Active Directory (AD). Upgrading OAM only environment with embedded LDAP is NOT supported.

To upgrade Oracle Access Manager (OAM) Suite Only topology on a single node, perform the following tasks:

1. Completing the Prerequisites

2. Obtaining the Software

3. Setting the Environment Variables

4. Updating the Properties File

5. Performing Pre-Validation Checks on OAMHOST

6. Stopping All Servers on OAMHOST

7. Backing Up Database and WebLogic Domain

8. Upgrading Binaries and Configuration on OAMHOST

9. Performing Post-Validation Checks on OAMHOST

10. Verifying the Upgrade

4.4.1 Completing the Prerequisites

Before you start with the upgrade process, you must complete the following prerequisites:

1. Review the system requirements and certification document and make sure that your existing environment meets all hardware and software requirements necessary for 11g Release 2 (11.1.2.3.0) software. For more information, see Section 6.2, "Reviewing System Requirements and Certifications".

2. On OAMHOST, ensure that the /etc/hosts file contains both canonical hostnames (fully qualified host names) along with the hostname entry. For more information, see "Section 6.5, "Verifying Hostnames in the Hosts File".

3. Verify that the Oracle Adaptive Access Manager (OAAM) Administration Server is accessible at the following URL:

   http://OAM_HOST:OAAM_ADMIN_PORT/oaam_admin

   Use the OAAM admin username and OAAM admin password to access the OAAM Administration Server.

   For example:

   http://identity.example.com:14200/oaam_admin

   Username: oaamadminuser

   Password: Welcome1

4.4.2 Obtaining the Software

Obtain the file idmUpgrade.zip that contains the upgrade scripts. Copy the zip file to any accessible location on OAMHOST and extract the contents of the zip file on both the hosts. For more information about obtaining the zip file, and extracting the contents, see Section 6.6, "Obtaining the Automated Upgrade Tool".

Note:

The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:

https://updates.oracle.com/download/21419345.html

4.4.3 Setting the Environment Variables

Before you start with the upgrade process, you must set the required environment variables on OAMHOST depending on the platform on which you are upgrading Oracle Identity and Access Management. For more information, see Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade".

4.4.4 Updating the Properties File

You must update the upgrade.properties file located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties on OAMHOST with the values for the required properties.

For information about the properties that you must update for upgrading Oracle Access Manager (OAM) Only topology, see Section 6.7, "Updating the upgrade.properties File".

4.4.5 Performing Pre-Validation Checks on OAMHOST

After you update the properties file, you must perform pre-validation checks for both Oracle Access Manager and Oracle HTTP Server on OAMHOST, using the preValidate.pl script. To perform pre-validation checks, complete the following steps:

1. Run the preValidate.pl script for Oracle Access Manager by specifying OAM for the argument -node.

2. Run the preValidate.pl script for Oracle HTTP Server by specifying WEBTIER for the argument -node.

For general syntax of the preValidate.pl script and for information about running the script, see Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script".

4.4.6 Stopping All Servers on OAMHOST

You must stop the following server(s) on OAMHOST:

1. Oracle HTTP Server

2. Oracle Access Manager Managed Server(s)

3. WebLogic Administration Server

To stop all of the servers on a host, run the following command script from the location SHARED_CONFIG_DIR/config/scripts:

./stopall.sh

4.4.7 Backing Up Database and WebLogic Domain

Before you run the upgrade script, you must backup your Database schemas and the WebLogic domain on OAMHOST. For more information, see Section 6.3, "Backing up the Existing Environment".

4.4.8 Upgrading Binaries and Configuration on OAMHOST

You must upgrade binaries and configuration of both Oracle Access Manager and Oracle HTTP Server on OAMHOST using the idmUpgrade.pl script.

Both binary upgrade and configuration upgrade can be performed together by specifying the value both for the argument -mode while running the script. When you do so, the upgrade script performs the binary upgrade first followed by the configuration upgrade. If you do not specify any value for the argument -mode, the value will be taken as both, as it is the default value. Therefore, -mode is an optional argument when you upgrade Oracle Identity Manager on a single node.

Note:

Make sure that the Database services are up and running before you run the upgrade script.

To upgrade the binaries and configurations of Oracle Access Manager and Oracle HTTP Server on OAMHOST, complete the following steps:

1. Run the idmUpgrade.pl script on OAMHOST for upgrading the binaries and configurations of Oracle Access Manager by specifying OAM for the argument -node and both for the argument -mode.

2. Run the idmUpgrade.pl script on OAMHOST for upgrading the binaries and configurations of Oracle HTTP Server by specifying WEBTIER for the argument -node and both for the argument -mode.

For general syntax of the idmUpgrade.pl script and for information about running the script, see Section 6.10, "Upgrading Oracle Identity and Access Management Binaries and Configuration Using idmUpgrade.pl script".

4.4.9 Performing Post-Validation Checks on OAMHOST

After you upgrade binaries and configuration, you must perform post-validation checks on OAMHOST for both Oracle Access Manager and Oracle HTTP Server using the postValidate.pl script.

To perform the post-validation checks on OAMHOST, complete the following steps:

1. Run the postValidate.pl script for Oracle Access Manager by specifying OAM for the argument -node.

2. Run the postValidate.pl script for Oracle HTTP Server by specifying WEBTIER for the argument -node.

For general syntax of the postValidate.pl script and for information about running the script, see Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script".

4.4.10 Verifying the Upgrade

After you perform the post-validation checks, verify the Oracle Access Manager upgrade by checking the log files on OAMHOST. Log files are created at the location you specified for LOG_DIR parameter in the upgrade.properties file.

4.5 Upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node

This section describes how to upgrade OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node deployed using LCM tool, from 11g Release 2 (11.1.2.2.0) to 11g Release 2 (11.1.2.3.0).

This topology contains IDMHOST that hosts Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory, and Oracle HTTP Server.

As part of the Oracle Identity Manager upgrade, the embedded Oracle BI Publisher (BIP) will be installed and configured with Oracle Identity Manager. Therefore, after upgrading to Oracle Identity Manager 11.1.2.3.0, you can choose to either use the embedded BI Publisher or continue to use the standalone Oracle BI Publisher. If you choose to use the embedded BI Publisher and discontinue using the standalone BIP, then you must migrate the existing BIP reports to embedded BIP.

Oracle Access Manager 11g Release 2 (11.1.2.3.0) has a new feature called Oracle Mobile Security Suite. You can enable Oracle Mobile Security Suite post-upgrade. For an introduction to Oracle Mobile Security Suite, see "Understanding Oracle Mobile Security Suite" in Oracle Fusion Middleware Administering Oracle Mobile Security Suite.

Note:

Isolated upgrade is supported on Linux. It implies that you can choose to upgrade only one of the tiers in OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology to 11.1.2.3.0. The upgraded tier should function properly with the rest of the tiers which are still at 11g Release 2 (11.1.2.2.0).

For more information about isolated upgrade, see Section 2.3, "Isolated Upgrade Overview".

For information about performing isolated upgrade, see Section 4.6, "Performing Isolated Upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node".

To upgrade OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node, perform the following tasks:

1. Completing the Prerequisites

2. Obtaining the Software

3. Setting the Environment Variables

4. Updating the Properties File

5. Performing Pre-Validation Checks on IDMHOST

6. Creating BIP Schema for OIM Upgrade (Only on Solaris, IBM AIX, and HP Itanium Platforms)

7. Stopping All Servers on IDMHOST

8. Backing Up Database and WebLogic Domain

9. Upgrading Binaries and Configuration on IDMHOST

10. Performing Post-Validation Checks on IDMHOST

11. Performing the Required Post-Upgrade Tasks

12. Verifying the Upgrade

4.5.1 Completing the Prerequisites

Before you start with the upgrade process, you must complete the following prerequisites:

1. Review the system requirements and certification document and make sure that your existing environment meets all hardware and software requirements necessary for 11g Release 2 (11.1.2.3.0) software. For more information, see Section 6.2, "Reviewing System Requirements and Certifications".

2. On IDMHOST, ensure that the /etc/hosts file contains both canonical hostnames (fully qualified host names) along with the hostname entry. For more information, see "Section 6.5, "Verifying Hostnames in the Hosts File".

3. Verify that the Oracle Adaptive Access Manager (OAAM) Administration Server is accessible at the following URL:

   http://OAM_HOST:OAAM_ADMIN_PORT/oaam_admin

   Use the OAAM admin username and OAAM admin password to access the OAAM Administration Server.

   For example:

   http://identity.example.com:14200/oaam_admin

   Username: oaamadminuser

   Password: Welcome1

4.5.2 Obtaining the Software

Obtain the file idmUpgrade.zip that contains the upgrade scripts. Copy the zip file to any accessible location on IDMHOST, and extract the contents of the zip file. For more information about obtaining the zip file, and extracting the contents, see Section 6.6, "Obtaining the Automated Upgrade Tool".

Note:

The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:

https://updates.oracle.com/download/21419345.html

4.5.3 Setting the Environment Variables

Before you start with the upgrade process, you must set the required environment variables depending on the platform on which you are upgrading Oracle Identity and Access Management. For more information, see Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade".

4.5.4 Updating the Properties File

You must update the upgrade.properties file located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties on IDMHOST, with the values for the required properties.

For information about the properties that you must update for upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) topology, see Section 6.7, "Updating the upgrade.properties File".

4.5.5 Performing Pre-Validation Checks on IDMHOST

After you update the properties file, you must perform pre-validation checks on IDMHOST for Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory, and Oracle HTTP Server, using the preValidate.pl script.

To perform the pre-validation checks, complete the following tasks on IDMHOST:

1. Run the preValidate.pl script for Oracle Access Manager by specifying OAM for the argument -node.

2. Run the preValidate.pl script for Oracle Identity Manager by specifying OIM for the argument -node.

3. Run the preValidate.pl script for Oracle HTTP Server by specifying WEBTIER for the argument -node.

4. Run the preValidate.pl script for Oracle Unified Directory by specifying DIRECTORY for the argument -node.

For general syntax of the preValidate.pl script and for information about running the script, see Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script".

Note:

If you wish to perform the pre-validation checks for Oracle Unified Directory first, you must copy the files libnnz11.so and libclntsh.so.11.1 to the folder SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/lib on LDAPHOST from one of the following locations:

• IAD_WL_HOME/server/adr

• IGD_WL_HOME/server/adr

• Web_Tier_ORACLE_HOME/lib

IAD_WL_HOME refers to the IAMAccessDomain and IGD_WL_HOME refers to the IAMGovernanceDomain.

After you copy the files, you can perform the pre-validation checks for Oracle Unified Directory.

4.5.6 Creating BIP Schema for OIM Upgrade (Only on Solaris, IBM AIX, and HP Itanium Platforms)

If you are upgrading Oracle Identity Manager on platforms such as Solaris, IBM AIX, and HP Itanium using the automated upgrade tool, you must create the Oracle BI Publisher (BIPLATFORM) schema manually using the Repository Creation Utility (RCU) 11.1.2.3.0 from the machine that is running Linux or Windows operating system.

For more information about creating schema using RCU, see Section 6.9, "Creating BIP Schema for Oracle Identity Manager Upgrade on Solaris, IBM AIX, and HP Itanium Platforms".

Note:

If you are upgrading Oracle Identity Manager on Linux, skip this step, as the automated upgrade tool creates the BIPLATFORM schema on Linux.

4.5.7 Stopping All Servers on IDMHOST

You must stop the following server(s) on IDMHOST:

1. Oracle HTTP Server.

2. Oracle Access Manager Managed Server(s)

3. Oracle Identity Manager Managed Server(s)

4. Oracle SOA Suite Managed Server(s)

5. WebLogic Administration Server.

6. Oracle Unified Directory

To stop all of the servers on a host, run the following command script from the location SHARED_CONFIG_DIR/config/scripts:

./stopall.sh

4.5.8 Backing Up Database and WebLogic Domain

Before you run the upgrade script, you must backup your Database schemas and the WebLogic domain. For more information, see Section 6.3, "Backing up the Existing Environment".

4.5.9 Upgrading Binaries and Configuration on IDMHOST

You must upgrade binaries and configuration of Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory, and Oracle HTTP Server, using the idmUpgrade.pl script.

Both binary upgrade and configuration upgrade can be performed together by specifying the value both for the argument -mode while running the script. When you do so, the upgrade script performs the binary upgrade first followed by the configuration upgrade. If you do not specify any value for the argument -mode, the value will be taken as both, as it is the default value. Therefore, -mode is an optional argument when you upgrade Oracle Identity Manager on a single node.

Note:

Make sure that the Database services are up and running before you run the upgrade script.

To upgrade the binaries and configurations on IDMHOST, complete the following steps:

1. Run the idmUpgrade.pl script to upgrade the binaries and configurations of Oracle Unified Directory by specifying DIRECTORY for the argument -node and both for the argument -mode.

   Note:

   Before you upgrade the binaries and configuration of Oracle Unified Directory (OUD), ensure that you have stopped the Oracle Identity Manager and Oracle Access Manager Managed Servers.

2. Run the idmUpgrade.pl script to upgrade the binaries and configurations of Oracle Access Manager by specifying OAM for the argument -node and both for the argument -mode.

3. Run the idmUpgrade.pl script to upgrade the binaries and configurations of Oracle Identity Manager by specifying OIM for the argument -node and both for the argument -mode.

   Note:

   Before you upgrade the binaries and configuration of Oracle Identity Manager, ensure that you have stopped the Oracle Access Manager Managed Server(s).

4. Run the idmUpgrade.pl script to upgrade the binaries and configurations of Oracle HTTP Server by specifying WEBTIER for the argument -node and both for the argument -mode.

For general syntax of the idmUpgrade.pl script and for information about running the script, see Section 6.10, "Upgrading Oracle Identity and Access Management Binaries and Configuration Using idmUpgrade.pl script".

4.5.10 Performing Post-Validation Checks on IDMHOST

After you update the properties file, you must perform post-validation checks on IDMHOST for Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory, and Oracle HTTP Server, using the postValidate.pl script.

To perform the post-validation checks, complete the following tasks on IDMHOST:

1. Run the postValidate.pl script for Oracle Access Manager by specifying OAM for the argument -node.

2. Run the postValidate.pl script for Oracle Identity Manager by specifying OIM for the argument -node.

3. Run the postValidate.pl script for Oracle HTTP Server by specifying WEBTIER for the argument -node.

4. Run the postValidate.pl script for Oracle Unified Directory by specifying DIRECTORY for the argument -node.

For general syntax of the postValidate.pl script and for information about running the script, see Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script".

4.5.11 Performing the Required Post-Upgrade Tasks

This section lists the post-upgrade tasks required for some of the features to work post-upgrade. Perform the post-upgrade tasks based on your requirement.

This section includes the following topics:

• Adding the JAVA System Property if you have Configured OAAM

4.5.11.1 Adding the JAVA System Property if you have Configured OAAM

If you have configured Oracle Adaptive Access Manager in OIM-OAM Integrated with Oracle Unified Directory (OUD) topology, you must add the JAVA system property -Djava.security.auth.login.config to the setDomainEnv.sh script located in the IAMAccessDomain. For more information, see Section 6.13.1, "Adding the Java System Property for Oracle Adaptive Access Manager".

4.5.12 Verifying the Upgrade

After you perform the post-validation checks, verify the upgrade by checking the log files on IDMHOST. Log files are created at the location you specified for LOG_DIR parameter in the upgrade.properties file.

4.6 Performing Isolated Upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node

If you have deployed OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node using the LCM tool 11g Release 2 (11.1.2.2.0), you can choose to upgrade only one of the components without upgrading the entire suite.

In this section, IDMHOST refers to the host on which OIM-OAM Integrated with Oracle Unified Directory (OUD) topology is deployed.

Note:

Isolated upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology is supported on a single node Linux platform only.

For more information about isolated upgrade, see Section 2.3, "Isolated Upgrade Overview".

Note:

If you wish to upgrade the full suite, that is the OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node, follow the instructions described in the section Section 4.5, "Upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node".

For an OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a single node, the following isolated upgrade scenarios are supported:

• Upgrade only Oracle Identity Manager (OIM)

• Upgrade only Oracle Access Manager (OAM)

• Upgrade only Oracle Unified Directory (OUD)

• Upgrade only Oracle HTTP Server (OHS)

Instructions for Performing Isolated Upgrade

To perform isolated upgrade, complete the following steps:

1. Complete the following prerequisites:

   1. Review the system requirements and certification document and make sure that your existing environment meets all hardware and software requirements necessary for 11g Release 2 (11.1.2.3.0) software. For more information, see Section 6.2, "Reviewing System Requirements and Certifications".

   2. On IDMHOST, ensure that the /etc/hosts file contains both canonical hostnames (fully qualified host names) along with the hostname entry. For more information, see "Section 6.5, "Verifying Hostnames in the Hosts File".

2. Obtain the file idmUpgrade.zip that contains the upgrade scripts. Copy the zip file to any accessible location on IDMHOST and extract the contents of the zip file. For more information about obtaining the zip file, and extracting the contents, see Section 6.6, "Obtaining the Automated Upgrade Tool".

   Note:

   The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:

   https://updates.oracle.com/download/21419345.html

3. Set the required environment variables depending on the platform on which you are upgrading Oracle Unified Directory. For more information, see Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade".

4. Update the upgrade.properties file located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties on IDMHOST with the values for the required parameters depending on the component that you wish to upgrade.

   For information about updating the upgrade.properties file, and for the descriptions of these parameters, see Section 6.7, "Updating the upgrade.properties File".

5. Perform the pre-validation checks using the preValidate.pl script for the component that you wish to upgrade.

   • If you are upgrading only Oracle Identity Manager, run the preValidate.pl script for performing pre-validation checks for Oracle Identity Manager on IDMHOST, by specifying OIM for the argument -node.

   • If you are upgrading only Oracle Access Manager, run the preValidate.pl script for performing pre-validation checks for Oracle Access Manager on IDMHOST, by specifying OAM for the argument -node.

   • If you are upgrading only Oracle Unified Directory, run the preValidate.pl script for performing pre-validation checks for Oracle Unified Directory on IDMHOST, by specifying DIRECTORY for the argument -node.

   • If you are upgrading only Oracle HTTP Server, run the preValidate.pl script for performing pre-validation checks for Oracle HTTP Server on IDMHOST, by specifying WEBTIER for the argument -node.

     Note:

     Before you perform the pre-validation checks for Oracle Unified Directory, copy the files libnnz11.so and libclntsh.so.11.1 to the folder SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/lib on LDAPHOST from one of the following locations:

     • IAD_WL_HOME/server/adr

     • IGD_WL_HOME/server/adr

     • Web_Tier_ORACLE_HOME/lib

     IAD_WL_HOME refers to the IAMAccessDomain and IGD_WL_HOME refers to the IAMGovernanceDomain.

     After you copy the files, you can perform the pre-validation checks for Oracle Unified Directory.

   For general syntax of the preValidate.pl script and for information about running the script, see Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script".

6. If you are upgrading only Oracle Identity Manager on platforms such as Solaris, IBM AIX, and HP Itanium using the automated upgrade tool, you must create the Oracle BI Publisher (BIPLATFORM) schema manually using the Repository Creation Utility (RCU) 11.1.2.3.0 from the machine that is running Linux or Windows operating system.

   For more information about creating schema using RCU, see Section 6.9, "Creating BIP Schema for Oracle Identity Manager Upgrade on Solaris, IBM AIX, and HP Itanium Platforms".

   Note:

   If you are upgrading Oracle Identity Manager on Linux, skip this step, as the automated upgrade tool creates the BIPLATFORM schema on Linux.

7. Stop the following servers on IDMHOST.

   1. Oracle HTTP Server.

   2. Oracle Access Manager Managed Server(s)

   3. Oracle Identity Manager Managed Server(s)

   4. Oracle SOA Suite Managed Server(s)

   5. WebLogic Administration Server.

   6. Oracle Unified Directory

   To stop all of the servers on a host, run the following command script from the location SHARED_CONFIG_DIR/config/scripts:

   ./stopall.sh

8. Backup your Database schemas and the WebLogic domain. For more information, see Section 6.3, "Backing up the Existing Environment".

9. Upgrade the binaries and configurations of the component that you wish to upgrade, using the idmUpgrade.pl script.

   • If you are upgrading only Oracle Unified Directory, run the idmUpgrade.pl script by for upgrading the binaries and configurations of Oracle Unified Directory, by specifying DIRECTORY for the argument -node and both for the argument -mode.

     Note:

     Before you upgrade the binaries and configuration of Oracle Unified Directory (OUD), ensure that you have stopped the Oracle Identity Manager and Oracle Access Manager Managed Servers.

   • If you are upgrading only Oracle Access Manager, run the idmUpgrade.pl script by for upgrading the binaries and configurations of Oracle Access Manager, by specifying OAM for the argument -node and both for the argument -mode.

   • If you are upgrading only Oracle Identity Manager, run the idmUpgrade.pl script by for upgrading the binaries and configurations of Oracle Identity Manager, by specifying OIM for the argument -node and both for the argument -mode.

     Note:

     Before you upgrade the binaries and configuration of Oracle Identity Manager, ensure that you have stopped the Oracle Access Manager Managed Server(s).

   • If you are upgrading only Oracle HTTP Server, run the idmUpgrade.pl script by for upgrading the binaries and configurations of Oracle HTTP Server, by specifying WEBTIER for the argument -node and both for the argument -mode.

10. Perform the post-validation checks using the postValidate.pl script for the component that you wish to upgrade.

    • If you are upgrading only Oracle Identity Manager, run the postValidate.pl script for performing post-validation checks for Oracle Identity Manager on IDMHOST, by specifying OIM for the argument -node.

    • If you are upgrading only Oracle Access Manager, run the postValidate.pl script for performing post-validation checks for Oracle Access Manager on IDMHOST, by specifying OAM for the argument -node.

    • If you are upgrading only Oracle Unified Directory, run the postValidate.pl script for performing post-validation checks for Oracle Unified Directory on IDMHOST, by specifying DIRECTORY for the argument -node.

    • If you are upgrading only Oracle HTTP Server, run the postValidate.pl script for performing post-validation checks for Oracle HTTP Server on IDMHOST, by specifying WEBTIER for the argument -node.

    For general syntax of the postValidate.pl script and for information about running the script, see Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script".

11. Perform the necessary post-upgrade tasks described in Section 6.13, "Post-Upgrade Tasks" depending on the component you upgraded.

12. Verify the upgrade by checking the log files on IDMHOST. Log files are created at the location you specified for LOG_DIR parameter in the upgrade.properties file.

4.7 Troubleshooting

For any issues that you may encounter during the upgrade process, refer to Section 6.14, "Troubleshooting" for workaround.

For the list of known issues related to automated upgrade and their workaround, see "Upgrade and Migration Issues for Oracle Identity and Access Management" in the Oracle Fusion Middleware Release Notes for Identity Management.