This chapter describes how to upgrade Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) environments that are deployed using the Life Cycle Management (LCM) Tools on a single node, to 11g Release 2 (11.1.2.3.0) using the automated upgrade procedure.
If you wish to upgrade Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) highly available (HA) environments that are deployed using the Life Cycle Management (LCM) Tools, see Chapter 5, "Upgrading Oracle Identity and Access Management Highly Available Environments Deployed Using Life Cycle Management (LCM) Tools".
Note:
The upgrade procedure described in this chapter cannot be used to upgrade the Oracle Identity and Access Management environments that are configured manually, using the Oracle Universal Installer and Fusion Middleware Configuration wizard.For information about upgrading Oracle Identity and Access Management environments that configured manually, see Chapter 1, "Introduction to Oracle Identity and Access Management Upgrade".
Before you proceed, review the automated upgrade overview, deployment topologies supported for automated upgrade, and the supported starting points described in Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".
Note:
For information about any latest patches, see "Downloading and Applying Required Patches" in the Oracle Fusion Middleware Release Notes for Identity Management.This chapter includes the following sections:
Section 4.3, "Upgrading Oracle Identity Manager (OIM) Only Topology on a Single Node"
Section 4.4, "Upgrading Oracle Access Manager (OAM) Suite Only Topology on a Single Node"
Table 4-1 lists the variables used in this chapter.
Table 4-1 Variables Used in This Chapter and Their Descriptions
Variable | Description |
---|---|
|
This is the location where you copied the upgrade tool |
|
This is the host on which Oracle Identity Manager (OIM) Suite Only topology is deployed. The following components are installed on this host:
|
|
This is the host on which Oracle Access Manager (OAM) Suite Only topology is deployed. The following components are installed on this host:
|
|
The is the host on which OIM-OAM Integrated with Oracle Unified Directory (OUD) topology is deployed. The following components are installed on this host:
|
This chapter describes how to upgrade the following Oracle Identity and Access Management topologies deployed using the Life Cycle Management (LCM) Tools:
Oracle Identity Manager (OIM) Only Topology on a Single Node
For information about upgrading Oracle Identity Manager (OIM) Only topology on a single node, see Section 4.3, "Upgrading Oracle Identity Manager (OIM) Only Topology on a Single Node".
Oracle Access Manager (OAM) Suite Only Topology on a Single Node
For information about upgrading Oracle Access Manager (OAM) Suite Only topology on a single node, see Section 4.4, "Upgrading Oracle Access Manager (OAM) Suite Only Topology on a Single Node".
OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node
For information about upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node, see Section 4.5, "Upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node".
Isolated Upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node
For information about performing isolated upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node, see Section 4.6, "Performing Isolated Upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node".
Note:
For more information about isolated upgrade, see Section 2.3, "Isolated Upgrade Overview".For the list of scenarios supported for automated upgrade, see Section 2.2, "Deployment Topologies Supported for Automated Upgrade".
This section describes how to upgrade Oracle Identity Manager (OIM) Only topology on a single node deployed using LCM tool, from 11g Release 2 (11.1.2.2.0) to 11g Release 2 (11.1.2.3.0).
This topology contains OIMHOST
that hosts Oracle Identity Manager and Oracle HTTP Server (OHS).
As part of the Oracle Identity Manager upgrade, the embedded Oracle BI Publisher (BIP) will be installed and configured with Oracle Identity Manager. Therefore, after upgrading to Oracle Identity Manager 11.1.2.3.0, you can choose to either use the embedded BI Publisher or continue to use the standalone Oracle BI Publisher. If you choose to use the embedded BI Publisher and discontinue using the standalone BIP, then you must migrate the existing BIP reports to embedded BIP.
To upgrade Oracle Identity Manager (OIM) Only topology on a single node, perform the following tasks:
Before you start with the upgrade process, you must complete the following prerequisites:
Review the system requirements and certification document and make sure that your existing environment meets all hardware and software requirements necessary for 11g Release 2 (11.1.2.3.0) software. For more information, see Section 6.2, "Reviewing System Requirements and Certifications".
On OIMHOST
, ensure that the /etc/hosts
file contains both canonical hostnames (fully qualified host names) along with the hostname entry. For more information, see "Section 6.5, "Verifying Hostnames in the Hosts File".
Obtain the file idmUpgrade.zip
that contains the upgrade scripts. Copy the zip file to any accessible location on OIMHOST
and extract the contents of the zip file. For more information about obtaining the zip file, and extracting the contents, see Section 6.6, "Obtaining the Automated Upgrade Tool".
Note:
The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:Before you start with the upgrade process, you must set the required environment variables on OIMHOST
depending on the platform on which you are upgrading Oracle Identity and Access Management. For more information, see Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade".
You must update the upgrade.properties
file located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
on OIMHOST
with the values for the required properties.
For information about the properties that you must update for upgrading Oracle Identity Manager (OIM) Only topology, see Section 6.7, "Updating the upgrade.properties File".
After you update the properties file, you must perform pre-validation checks on OIMHOST
for both Oracle Identity Manager and Oracle HTTP Server. To do this, complete the following steps:
Run the preValidate.pl
script for Oracle Identity Manager by specifying OIM
for the argument -node
.
Run the preValidate.pl
script for Oracle HTTP Server by specifying WEBTIER
for the argument -node
.
For general syntax of the preValidate.pl
script and for information about running the script, see Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script".
If you are upgrading Oracle Identity Manager on platforms such as Solaris, IBM AIX, and HP Itanium using the automated upgrade tool, you must create the Oracle BI Publisher (BIPLATFORM) schema manually using the Repository Creation Utility (RCU) 11.1.2.3.0 from the machine that is running Linux or Windows operating system.
For more information about creating schema using RCU, see Section 6.9, "Creating BIP Schema for Oracle Identity Manager Upgrade on Solaris, IBM AIX, and HP Itanium Platforms".
Note:
If you are upgrading Oracle Identity Manager on Linux, skip this step, as the automated upgrade tool creates the BIPLATFORM schema on Linux.You must stop the following servers on OIMHOST
:
Oracle HTTP Server
Oracle Identity Manager Managed Server(s)
Oracle SOA Suite Managed Server(s)
WebLogic Administration Server
To stop all of the servers on a host, run the following command script from the location SHARED_CONFIG_DIR
/config/scripts
:
./stopall.sh
Before you run the upgrade script, you must backup your Database schemas and the WebLogic domain on OIMHOST
. For more information, see Section 6.3, "Backing up the Existing Environment".
You must upgrade binaries and configuration of both Oracle Identity Manager and Oracle HTTP Server on OIMHOST
using the idmUpgrade.pl
script.
Both binary upgrade and configuration upgrade can be performed together by specifying the value both
for the argument -mode
while running the script. When you do so, the upgrade script performs the binary upgrade first followed by the configuration upgrade. If you do not specify any value for the argument -mode
, the value will be taken as both
, as it is the default value. Therefore, -mode
is an optional argument when you upgrade Oracle Identity Manager on a single node.
Note:
Make sure that the Database services are up and running before you run the upgrade script.To upgrade the binaries and configurations of Oracle Identity Manager and Oracle HTTP Server on OIMHOST
, complete the following steps:
Run the idmUpgrade.pl
script on OIMHOST
for upgrading the binaries and configurations of Oracle Identity Manager by specifying OIM
for the argument -node
and both
for the argument -mode
.
Run the idmUpgrade.pl
script on OIMHOST
for upgrading the binaries and configurations of Oracle HTTP Server by specifying WEBTIER
for the argument -node
and both
for the argument -mode
.
For general syntax of the idmUpgrade.pl
script and for information about running the script, see Section 6.10, "Upgrading Oracle Identity and Access Management Binaries and Configuration Using idmUpgrade.pl script".
After you upgrade binaries and configuration, you must perform post-validation checks on OIMHOST
for both Oracle Identity Manager and Oracle HTTP Server using the postValidate.pl
script.
To perform the post-validation checks on OIMHOST
, complete the following steps:
Run the postValidate.pl
script for Oracle Identity Manager by specifying OIM
for the argument -node
.
Run the postValidate.pl
script for Oracle HTTP Server by specifying WEBTIER
for the argument -node
.
For general syntax of the postValidate.pl
script and for information about running the script, see Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script".
After you perform the post-validation checks, verify the Oracle Identity Manager upgrade by checking the log files on OIMHOST
. Log files are created at the location you specified for LOG_DIR
parameter in the upgrade.properties
file.
This section describes how to upgrade Oracle Access Manager (OAM) Suite Only topology on a single node deployed using LCM tool, from 11g Release 2 (11.1.2.2.0) to 11g Release 2 (11.1.2.3.0).
This topology contains OAMHOST
that hosts Oracle Access Manager and Oracle HTTP Server (OHS). This topology can also include Oracle Adaptive Access Manager if you had extended your Oracle Access Manager 11g Release 2 (11.1.2.2.0) domain to Oracle Adaptive Access Manager post-deployment.
Oracle Access Manager 11g Release 2 (11.1.2.3.0) has a new feature called Oracle Mobile Security Suite. You can enable Oracle Mobile Security Suite post-upgrade. For an introduction to Oracle Mobile Security Suite, see "Understanding Oracle Mobile Security Suite" in Oracle Fusion Middleware Administering Oracle Mobile Security Suite.
Note:
Upgrade is supported on OAM only environment with non-embedded LDAP - Oracle Unified Directory (OUD), Oracle Internet Directory (OID), and Microsoft Active Directory (AD). Upgrading OAM only environment with embedded LDAP is NOT supported.To upgrade Oracle Access Manager (OAM) Suite Only topology on a single node, perform the following tasks:
Before you start with the upgrade process, you must complete the following prerequisites:
Review the system requirements and certification document and make sure that your existing environment meets all hardware and software requirements necessary for 11g Release 2 (11.1.2.3.0) software. For more information, see Section 6.2, "Reviewing System Requirements and Certifications".
On OAMHOST
, ensure that the /etc/hosts
file contains both canonical hostnames (fully qualified host names) along with the hostname entry. For more information, see "Section 6.5, "Verifying Hostnames in the Hosts File".
Verify that the Oracle Adaptive Access Manager (OAAM) Administration Server is accessible at the following URL:
http://
OAM_HOST
:
OAAM_ADMIN_PORT
/oaam_admin
Use the OAAM admin username and OAAM admin password to access the OAAM Administration Server.
For example:
http://identity.example.com:14200/oaam_admin
Username: oaamadminuser
Password: Welcome1
Obtain the file idmUpgrade.zip
that contains the upgrade scripts. Copy the zip file to any accessible location on OAMHOST
and extract the contents of the zip file on both the hosts. For more information about obtaining the zip file, and extracting the contents, see Section 6.6, "Obtaining the Automated Upgrade Tool".
Note:
The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:Before you start with the upgrade process, you must set the required environment variables on OAMHOST
depending on the platform on which you are upgrading Oracle Identity and Access Management. For more information, see Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade".
You must update the upgrade.properties
file located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
on OAMHOST
with the values for the required properties.
For information about the properties that you must update for upgrading Oracle Access Manager (OAM) Only topology, see Section 6.7, "Updating the upgrade.properties File".
After you update the properties file, you must perform pre-validation checks for both Oracle Access Manager and Oracle HTTP Server on OAMHOST
, using the preValidate.pl
script. To perform pre-validation checks, complete the following steps:
Run the preValidate.pl
script for Oracle Access Manager by specifying OAM
for the argument -node
.
Run the preValidate.pl
script for Oracle HTTP Server by specifying WEBTIER
for the argument -node
.
For general syntax of the preValidate.pl
script and for information about running the script, see Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script".
You must stop the following server(s) on OAMHOST
:
Oracle HTTP Server
Oracle Access Manager Managed Server(s)
WebLogic Administration Server
To stop all of the servers on a host, run the following command script from the location SHARED_CONFIG_DIR
/config/scripts
:
./stopall.sh
Before you run the upgrade script, you must backup your Database schemas and the WebLogic domain on OAMHOST
. For more information, see Section 6.3, "Backing up the Existing Environment".
You must upgrade binaries and configuration of both Oracle Access Manager and Oracle HTTP Server on OAMHOST
using the idmUpgrade.pl
script.
Both binary upgrade and configuration upgrade can be performed together by specifying the value both
for the argument -mode
while running the script. When you do so, the upgrade script performs the binary upgrade first followed by the configuration upgrade. If you do not specify any value for the argument -mode
, the value will be taken as both
, as it is the default value. Therefore, -mode
is an optional argument when you upgrade Oracle Identity Manager on a single node.
Note:
Make sure that the Database services are up and running before you run the upgrade script.To upgrade the binaries and configurations of Oracle Access Manager and Oracle HTTP Server on OAMHOST
, complete the following steps:
Run the idmUpgrade.pl
script on OAMHOST
for upgrading the binaries and configurations of Oracle Access Manager by specifying OAM
for the argument -node
and both
for the argument -mode
.
Run the idmUpgrade.pl
script on OAMHOST
for upgrading the binaries and configurations of Oracle HTTP Server by specifying WEBTIER
for the argument -node
and both
for the argument -mode
.
For general syntax of the idmUpgrade.pl
script and for information about running the script, see Section 6.10, "Upgrading Oracle Identity and Access Management Binaries and Configuration Using idmUpgrade.pl script".
After you upgrade binaries and configuration, you must perform post-validation checks on OAMHOST
for both Oracle Access Manager and Oracle HTTP Server using the postValidate.pl
script.
To perform the post-validation checks on OAMHOST
, complete the following steps:
Run the postValidate.pl
script for Oracle Access Manager by specifying OAM
for the argument -node
.
Run the postValidate.pl
script for Oracle HTTP Server by specifying WEBTIER
for the argument -node
.
For general syntax of the postValidate.pl
script and for information about running the script, see Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script".
After you perform the post-validation checks, verify the Oracle Access Manager upgrade by checking the log files on OAMHOST
. Log files are created at the location you specified for LOG_DIR
parameter in the upgrade.properties
file.
This section describes how to upgrade OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node deployed using LCM tool, from 11g Release 2 (11.1.2.2.0) to 11g Release 2 (11.1.2.3.0).
This topology contains IDMHOST
that hosts Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory, and Oracle HTTP Server.
As part of the Oracle Identity Manager upgrade, the embedded Oracle BI Publisher (BIP) will be installed and configured with Oracle Identity Manager. Therefore, after upgrading to Oracle Identity Manager 11.1.2.3.0, you can choose to either use the embedded BI Publisher or continue to use the standalone Oracle BI Publisher. If you choose to use the embedded BI Publisher and discontinue using the standalone BIP, then you must migrate the existing BIP reports to embedded BIP.
Oracle Access Manager 11g Release 2 (11.1.2.3.0) has a new feature called Oracle Mobile Security Suite. You can enable Oracle Mobile Security Suite post-upgrade. For an introduction to Oracle Mobile Security Suite, see "Understanding Oracle Mobile Security Suite" in Oracle Fusion Middleware Administering Oracle Mobile Security Suite.
Note:
Isolated upgrade is supported on Linux. It implies that you can choose to upgrade only one of the tiers in OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology to 11.1.2.3.0. The upgraded tier should function properly with the rest of the tiers which are still at 11g Release 2 (11.1.2.2.0).For more information about isolated upgrade, see Section 2.3, "Isolated Upgrade Overview".
For information about performing isolated upgrade, see Section 4.6, "Performing Isolated Upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node".
To upgrade OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node, perform the following tasks:
Before you start with the upgrade process, you must complete the following prerequisites:
Review the system requirements and certification document and make sure that your existing environment meets all hardware and software requirements necessary for 11g Release 2 (11.1.2.3.0) software. For more information, see Section 6.2, "Reviewing System Requirements and Certifications".
On IDMHOST
, ensure that the /etc/hosts
file contains both canonical hostnames (fully qualified host names) along with the hostname entry. For more information, see "Section 6.5, "Verifying Hostnames in the Hosts File".
Verify that the Oracle Adaptive Access Manager (OAAM) Administration Server is accessible at the following URL:
http://
OAM_HOST
:
OAAM_ADMIN_PORT
/oaam_admin
Use the OAAM admin username and OAAM admin password to access the OAAM Administration Server.
For example:
http://identity.example.com:14200/oaam_admin
Username: oaamadminuser
Password: Welcome1
Obtain the file idmUpgrade.zip
that contains the upgrade scripts. Copy the zip file to any accessible location on IDMHOST
, and extract the contents of the zip file. For more information about obtaining the zip file, and extracting the contents, see Section 6.6, "Obtaining the Automated Upgrade Tool".
Note:
The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:Before you start with the upgrade process, you must set the required environment variables depending on the platform on which you are upgrading Oracle Identity and Access Management. For more information, see Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade".
You must update the upgrade.properties
file located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
on IDMHOST
, with the values for the required properties.
For information about the properties that you must update for upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) topology, see Section 6.7, "Updating the upgrade.properties File".
After you update the properties file, you must perform pre-validation checks on IDMHOST
for Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory, and Oracle HTTP Server, using the preValidate
.pl script.
To perform the pre-validation checks, complete the following tasks on IDMHOST
:
Run the preValidate.pl
script for Oracle Access Manager by specifying OAM
for the argument -node
.
Run the preValidate.pl
script for Oracle Identity Manager by specifying OIM
for the argument -node
.
Run the preValidate.pl
script for Oracle HTTP Server by specifying WEBTIER
for the argument -node
.
Run the preValidate.pl
script for Oracle Unified Directory by specifying DIRECTORY
for the argument -node
.
For general syntax of the preValidate.pl
script and for information about running the script, see Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script".
Note:
If you wish to perform the pre-validation checks for Oracle Unified Directory first, you must copy the fileslibnnz11.so
and libclntsh.so.11.1
to the folder SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/lib
on LDAPHOST
from one of the following locations:
IAD_WL_HOME
/server/adr
IGD_WL_HOME
/server/adr
Web_Tier_ORACLE_HOME
/lib
IAD_WL_HOME
refers to the IAMAccessDomain and IGD_WL_HOME
refers to the IAMGovernanceDomain.
After you copy the files, you can perform the pre-validation checks for Oracle Unified Directory.
If you are upgrading Oracle Identity Manager on platforms such as Solaris, IBM AIX, and HP Itanium using the automated upgrade tool, you must create the Oracle BI Publisher (BIPLATFORM) schema manually using the Repository Creation Utility (RCU) 11.1.2.3.0 from the machine that is running Linux or Windows operating system.
For more information about creating schema using RCU, see Section 6.9, "Creating BIP Schema for Oracle Identity Manager Upgrade on Solaris, IBM AIX, and HP Itanium Platforms".
Note:
If you are upgrading Oracle Identity Manager on Linux, skip this step, as the automated upgrade tool creates the BIPLATFORM schema on Linux.You must stop the following server(s) on IDMHOST
:
Oracle HTTP Server.
Oracle Access Manager Managed Server(s)
Oracle Identity Manager Managed Server(s)
Oracle SOA Suite Managed Server(s)
WebLogic Administration Server.
Oracle Unified Directory
To stop all of the servers on a host, run the following command script from the location SHARED_CONFIG_DIR
/config/scripts
:
./stopall.sh
Before you run the upgrade script, you must backup your Database schemas and the WebLogic domain. For more information, see Section 6.3, "Backing up the Existing Environment".
You must upgrade binaries and configuration of Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory, and Oracle HTTP Server, using the idmUpgrade.pl
script.
Both binary upgrade and configuration upgrade can be performed together by specifying the value both
for the argument -mode
while running the script. When you do so, the upgrade script performs the binary upgrade first followed by the configuration upgrade. If you do not specify any value for the argument -mode
, the value will be taken as both
, as it is the default value. Therefore, -mode
is an optional argument when you upgrade Oracle Identity Manager on a single node.
Note:
Make sure that the Database services are up and running before you run the upgrade script.To upgrade the binaries and configurations on IDMHOST
, complete the following steps:
Run the idmUpgrade.pl
script to upgrade the binaries and configurations of Oracle Unified Directory by specifying DIRECTORY
for the argument -node
and both
for the argument -mode
.
Note:
Before you upgrade the binaries and configuration of Oracle Unified Directory (OUD), ensure that you have stopped the Oracle Identity Manager and Oracle Access Manager Managed Servers.Run the idmUpgrade.pl
script to upgrade the binaries and configurations of Oracle Access Manager by specifying OAM
for the argument -node
and both
for the argument -mode
.
Run the idmUpgrade.pl
script to upgrade the binaries and configurations of Oracle Identity Manager by specifying OIM
for the argument -node
and both
for the argument -mode
.
Note:
Before you upgrade the binaries and configuration of Oracle Identity Manager, ensure that you have stopped the Oracle Access Manager Managed Server(s).Run the idmUpgrade.pl
script to upgrade the binaries and configurations of Oracle HTTP Server by specifying WEBTIER
for the argument -node
and both
for the argument -mode
.
For general syntax of the idmUpgrade.pl
script and for information about running the script, see Section 6.10, "Upgrading Oracle Identity and Access Management Binaries and Configuration Using idmUpgrade.pl script".
After you update the properties file, you must perform post-validation checks on IDMHOST
for Oracle Identity Manager, Oracle Access Manager, and Oracle Unified Directory, and Oracle HTTP Server, using the postValidate
.pl script.
To perform the post-validation checks, complete the following tasks on IDMHOST
:
Run the postValidate.pl
script for Oracle Access Manager by specifying OAM
for the argument -node
.
Run the postValidate.pl
script for Oracle Identity Manager by specifying OIM
for the argument -node
.
Run the postValidate.pl
script for Oracle HTTP Server by specifying WEBTIER
for the argument -node
.
Run the postValidate.pl
script for Oracle Unified Directory by specifying DIRECTORY
for the argument -node
.
For general syntax of the postValidate.pl
script and for information about running the script, see Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script".
This section lists the post-upgrade tasks required for some of the features to work post-upgrade. Perform the post-upgrade tasks based on your requirement.
This section includes the following topics:
If you have configured Oracle Adaptive Access Manager in OIM-OAM Integrated with Oracle Unified Directory (OUD) topology, you must add the JAVA system property -Djava.security.auth.login.config
to the setDomainEnv.sh
script located in the IAMAccessDomain
. For more information, see Section 6.13.1, "Adding the Java System Property for Oracle Adaptive Access Manager".
After you perform the post-validation checks, verify the upgrade by checking the log files on IDMHOST
. Log files are created at the location you specified for LOG_DIR
parameter in the upgrade.properties
file.
If you have deployed OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node using the LCM tool 11g Release 2 (11.1.2.2.0), you can choose to upgrade only one of the components without upgrading the entire suite.
In this section, IDMHOST
refers to the host on which OIM-OAM Integrated with Oracle Unified Directory (OUD) topology is deployed.
Note:
Isolated upgrade for OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology is supported on a single node Linux platform only.For more information about isolated upgrade, see Section 2.3, "Isolated Upgrade Overview".
Note:
If you wish to upgrade the full suite, that is the OIM-OAM Integrated with Oracle Unified Directory (OUD) topology on a single node, follow the instructions described in the section Section 4.5, "Upgrading OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a Single Node".For an OIM-OAM Integrated with Oracle Unified Directory (OUD) Topology on a single node, the following isolated upgrade scenarios are supported:
Upgrade only Oracle Identity Manager (OIM)
Upgrade only Oracle Access Manager (OAM)
Upgrade only Oracle Unified Directory (OUD)
Upgrade only Oracle HTTP Server (OHS)
Instructions for Performing Isolated Upgrade
To perform isolated upgrade, complete the following steps:
Complete the following prerequisites:
Review the system requirements and certification document and make sure that your existing environment meets all hardware and software requirements necessary for 11g Release 2 (11.1.2.3.0) software. For more information, see Section 6.2, "Reviewing System Requirements and Certifications".
On IDMHOST
, ensure that the /etc/hosts
file contains both canonical hostnames (fully qualified host names) along with the hostname entry. For more information, see "Section 6.5, "Verifying Hostnames in the Hosts File".
Obtain the file idmUpgrade.zip
that contains the upgrade scripts. Copy the zip file to any accessible location on IDMHOST
and extract the contents of the zip file. For more information about obtaining the zip file, and extracting the contents, see Section 6.6, "Obtaining the Automated Upgrade Tool".
Note:
The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:Set the required environment variables depending on the platform on which you are upgrading Oracle Unified Directory. For more information, see Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade".
Update the upgrade.properties
file located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
on IDMHOST
with the values for the required parameters depending on the component that you wish to upgrade.
For information about updating the upgrade.properties
file, and for the descriptions of these parameters, see Section 6.7, "Updating the upgrade.properties File".
Perform the pre-validation checks using the preValidate.pl
script for the component that you wish to upgrade.
If you are upgrading only Oracle Identity Manager, run the preValidate.pl
script for performing pre-validation checks for Oracle Identity Manager on IDMHOST
, by specifying OIM
for the argument -node
.
If you are upgrading only Oracle Access Manager, run the preValidate.pl
script for performing pre-validation checks for Oracle Access Manager on IDMHOST
, by specifying OAM
for the argument -node
.
If you are upgrading only Oracle Unified Directory, run the preValidate.pl
script for performing pre-validation checks for Oracle Unified Directory on IDMHOST
, by specifying DIRECTORY
for the argument -node
.
If you are upgrading only Oracle HTTP Server, run the preValidate.pl
script for performing pre-validation checks for Oracle HTTP Server on IDMHOST
, by specifying WEBTIER
for the argument -node
.
Note:
Before you perform the pre-validation checks for Oracle Unified Directory, copy the fileslibnnz11.so
and libclntsh.so.11.1
to the folder SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/lib
on LDAPHOST
from one of the following locations:
IAD_WL_HOME
/server/adr
IGD_WL_HOME
/server/adr
Web_Tier_ORACLE_HOME
/lib
IAD_WL_HOME
refers to the IAMAccessDomain and IGD_WL_HOME
refers to the IAMGovernanceDomain.
After you copy the files, you can perform the pre-validation checks for Oracle Unified Directory.
For general syntax of the preValidate.pl
script and for information about running the script, see Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script".
If you are upgrading only Oracle Identity Manager on platforms such as Solaris, IBM AIX, and HP Itanium using the automated upgrade tool, you must create the Oracle BI Publisher (BIPLATFORM) schema manually using the Repository Creation Utility (RCU) 11.1.2.3.0 from the machine that is running Linux or Windows operating system.
For more information about creating schema using RCU, see Section 6.9, "Creating BIP Schema for Oracle Identity Manager Upgrade on Solaris, IBM AIX, and HP Itanium Platforms".
Note:
If you are upgrading Oracle Identity Manager on Linux, skip this step, as the automated upgrade tool creates the BIPLATFORM schema on Linux.Stop the following servers on IDMHOST
.
Oracle HTTP Server.
Oracle Access Manager Managed Server(s)
Oracle Identity Manager Managed Server(s)
Oracle SOA Suite Managed Server(s)
WebLogic Administration Server.
Oracle Unified Directory
To stop all of the servers on a host, run the following command script from the location SHARED_CONFIG_DIR
/config/scripts
:
./stopall.sh
Backup your Database schemas and the WebLogic domain. For more information, see Section 6.3, "Backing up the Existing Environment".
Upgrade the binaries and configurations of the component that you wish to upgrade, using the idmUpgrade.pl
script.
If you are upgrading only Oracle Unified Directory, run the idmUpgrade.pl
script by for upgrading the binaries and configurations of Oracle Unified Directory, by specifying DIRECTORY
for the argument -node
and both
for the argument -mode
.
Note:
Before you upgrade the binaries and configuration of Oracle Unified Directory (OUD), ensure that you have stopped the Oracle Identity Manager and Oracle Access Manager Managed Servers.If you are upgrading only Oracle Access Manager, run the idmUpgrade.pl
script by for upgrading the binaries and configurations of Oracle Access Manager, by specifying OAM
for the argument -node
and both
for the argument -mode
.
If you are upgrading only Oracle Identity Manager, run the idmUpgrade.pl
script by for upgrading the binaries and configurations of Oracle Identity Manager, by specifying OIM
for the argument -node
and both
for the argument -mode
.
Note:
Before you upgrade the binaries and configuration of Oracle Identity Manager, ensure that you have stopped the Oracle Access Manager Managed Server(s).If you are upgrading only Oracle HTTP Server, run the idmUpgrade.pl
script by for upgrading the binaries and configurations of Oracle HTTP Server, by specifying WEBTIER
for the argument -node
and both
for the argument -mode
.
Perform the post-validation checks using the postValidate.pl
script for the component that you wish to upgrade.
If you are upgrading only Oracle Identity Manager, run the postValidate.pl
script for performing post-validation checks for Oracle Identity Manager on IDMHOST
, by specifying OIM
for the argument -node
.
If you are upgrading only Oracle Access Manager, run the postValidate.pl
script for performing post-validation checks for Oracle Access Manager on IDMHOST
, by specifying OAM
for the argument -node
.
If you are upgrading only Oracle Unified Directory, run the postValidate.pl
script for performing post-validation checks for Oracle Unified Directory on IDMHOST
, by specifying DIRECTORY
for the argument -node
.
If you are upgrading only Oracle HTTP Server, run the postValidate.pl
script for performing post-validation checks for Oracle HTTP Server on IDMHOST
, by specifying WEBTIER
for the argument -node
.
For general syntax of the postValidate.pl
script and for information about running the script, see Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script".
Perform the necessary post-upgrade tasks described in Section 6.13, "Post-Upgrade Tasks" depending on the component you upgraded.
Verify the upgrade by checking the log files on IDMHOST
. Log files are created at the location you specified for LOG_DIR
parameter in the upgrade.properties file.
For any issues that you may encounter during the upgrade process, refer to Section 6.14, "Troubleshooting" for workaround.
For the list of known issues related to automated upgrade and their workaround, see "Upgrade and Migration Issues for Oracle Identity and Access Management" in the Oracle Fusion Middleware Release Notes for Identity Management.