This chapter describes how to upgrade Oracle Adaptive Access Manager 11g Release 2 (11.1.2.1.0) and 11g Release 2 (11.1.2) environments to Oracle Adaptive Access Manager 11g Release 2 (11.1.2.3.0) on Oracle WebLogic Server, using the manual upgrade procedure.
Note:
If your existing Oracle Identity and Access Management environment was deployed using the Life Cycle Management (LCM) Tools, you must use the automated upgrade procedure to upgrade to Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0).For information about automated upgrade procedure, supported starting points and topologies, see Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".
Note:
This chapter refers to Oracle Adaptive Access Manager 11g Release 2 (11.1.2) and 11g Release 2 (11.1.2.1.0) environments as 11.1.2.x.x.This chapter includes the following sections:
Section 9.1, "Upgrade Roadmap for Oracle Adaptive Access Manager"
Section 9.3, "Shutting Down Administration Server and Managed Servers"
Section 9.4, "Backing Up Oracle Adaptive Access Manager 11.1.2.x.x"
Section 9.6, "Updating Oracle Adaptive Access Manager Binaries to 11.1.2.3.0"
Section 9.10, "Redeploying Oracle Adaptive Access Manager Applications"
Section 9.12, "Verifying the Oracle Adaptive Access Manager Upgrade"
Note:
If you do not follow the exact sequence provided in this task table, your Oracle Adaptive Access Manager upgrade may not be successful.Table 9-1 lists the steps to upgrade Oracle Adaptive Access Manager.
Table 9-1 Roadmap for Upgrading Oracle Adaptive Access Manager 11.1.2.x.x to 11.1.2.3.0.
Sl No | Task | For More Information |
---|---|---|
1 |
Perform the required pre-upgrade tasks before you start with the upgrade process. |
|
2 |
Stop the WebLogic Administration Server and the Oracle Adaptive Access Manager Managed Server(s) before you start the upgrade process. |
See, Shutting Down Administration Server and Managed Servers |
3 |
Back up your existing Oracle Adaptive Access Manager 11.1.2.x.x Environment. |
|
4 |
Upgrade Oracle WebLogic Server to 10.3.6, if necessary. |
|
5 |
Update the Oracle Adaptive Access Manager 11.1.2.x.x binaries to 11.1.2.3.0. |
See, Updating Oracle Adaptive Access Manager Binaries to 11.1.2.3.0 |
6 |
Upgrade the OAAM, MDS, IAU, and OPSS Schemas using Patch Set Assistant. |
|
7 |
Upgrade the Oracle Platform Security Services. |
|
8 |
Start the WebLogic Administration Server and Oracle Adaptive Access Manager Managed Server(s). |
See, Starting the Servers |
9 |
If you are upgrading Oracle Adaptive Access Manager 11.1.2 to 11.1.2.3.0, you must redeploy the applications after you start the servers. |
See, Redeploying Oracle Adaptive Access Manager Applications |
10 |
Restart the WebLogic Administration Server and the Oracle Adaptive Access Manager Managed Server(s). |
|
11 |
Verify the Oracle Adaptive Access Manager upgrade. |
Before you begin with the upgrade, you must complete the following prerequisites:
Review the Oracle Fusion Middleware System Requirements and Specifications and Oracle Fusion Middleware Supported System Configurations documents to ensure that your system meets the minimum requirements for the products you are installing or upgrading to. For more information see Section 24.1.1, "Verifying Certification, System Requirements, and Interoperability".
Ensure that you are using a Java Development Kit (JDK) version that is supported and certified with Oracle Identity and Access Management 11.1.2.3.0.
You can verify the required JDK version by reviewing the certification information on the Oracle Fusion Middleware Supported System Configurations page.
The JDK can be downloaded from the Java SE Development Kit 7 Downloads page on Oracle Technology Network (OTN).
Note:
For more information about JDK version requirements, see the "Oracle WebLogic Server and JDK Considerations" topic in the Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management 11g Release 2 (11.1.2) document.The upgrade process involves changes to the binaries and to the schema. Therefore, before you begin the upgrade process, you must shut down the WebLogic Administration Server and the Oracle Adaptive Access Manager Managed Servers.
For more information about stopping the WebLogic Administration Server and the Managed Servers, see Section 24.1.9, "Stopping the Servers".
You must back up your Oracle Adaptive Access Manager 11.1.2.x.x environment before you upgrade to Oracle Adaptive Access Manager 11.1.2.3.0.
After stopping the servers, you must back up the following:
MW_HOME directory, including the Oracle Home directories inside Middleware Home
Oracle Adaptive Access Manager Domain Home directory
Oracle Adaptive Access Manager schema
IAU schema, if it is part of any of your Oracle Adaptive Access Manager 11.1.2.x.x schema
MDS schema
For more information about backing up the Middleware Home and the schemas, see Section 24.1.2, "Backing up the Existing Environment".
Oracle Identity and Access Management 11.1.2.3.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Adaptive Access Manager environment is using Oracle WebLogic Server 10.3.5 or any earlier version, you must upgrade it to Oracle WebLogic Server 10.3.6.
Note:
If you are already using Oracle WebLogic Server 10.3.6, ensure that you apply the mandatory patches to fix specific issues with Oracle WebLogic Server 10.3.6.To identify the required patches that you must apply for Oracle WebLogic Server 10.3.6, see "Downloading and Applying Required Patches" in the Oracle Fusion Middleware Infrastructure Release Notes.
The patches listed in the release notes are available from My Oracle Support. The patching instructions are mentioned in the README.txt
file that is provided with each patch.
For information about upgrading Oracle WebLogic Server to 10.3.6, see Section 24.1.5, "Upgrading Oracle WebLogic Server to 11g Release 1 (10.3.6)".
To update the Oracle Adaptive Access Manager 11.1.2.x.x binaries to 11.1.2.3.0, you must use the Oracle Identity and Access Management 11.1.2.3.0 Installer. During the procedure, point the Middleware Home to your existing 11.1.2.x.x Middleware Home. Your Oracle Home is upgraded from 11.1.2.x.x to 11.1.2.3.0.
For information about updating the Oracle Adaptive Access Manager binaries to 11.1.2.3.0, see Section 24.1.6, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.3.0)".
You must upgrade the following schemas using Patch Set Assistant:
OAAM schema
MDS schema
OPSS schema
IAU schema (You must upgrade Audit schema (IAU) only if it is part of your 11.1.2.x.x schemas)
Note:
When upgrading schemas using Patch Set Assistant, you must select OAAM or OAAM_PARTN as appropriate, and provide details on all screens to complete the upgrade.For information about upgrading schemas using Patch Set Assistant, see Section 24.1.4, "Upgrading Schemas Using Patch Set Assistant".
After you upgrade schemas, you must upgrade Oracle Platform Security Services (OPSS).
Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Adaptive Access Manager to 11.1.2.3.0. It upgrades the jps-config.xml
file and policy stores.
For information about upgrading Oracle Platform Security Services, see Section 24.1.7, "Upgrading Oracle Platform Security Services".
Start the WebLogic Administration Server and the Oracle Adaptive Access Manager Managed Server(s).
For information about starting the WebLogic Administration Server and the Managed Servers, see Section 24.1.8, "Starting the Servers".
After you start the servers, you must redeploy your Oracle Adaptive Access Manager applications on the Oracle Adaptive Access Manager 11.1.2.3.0 servers.
You can redeploy the application using command line or using the WebLogic Administration console. Complete the following steps described in one of the following sections to redeploy applications:
Redeploying Applications Using Command Line
To redeploy applications on Oracle Adaptive Access Manager 11.1.2.3.0 servers using command line, do the following:
Launch the WebLogic Scripting Tool (WLST) by running the following command from the location IAM_HOME
/common/bin
:
On UNIX: ./wlst.sh
On Windows: wlst.cmd
Connect to the Administration Server using the following command:
connect('
weblogic-username
','
weblogic-password
','
weblogic-url
')
For example:
connect('wlsuser','wlspassword','localhost:7001')
Stop the applications by running the following commands:
stopApplication('oaam_admin')
stopApplication('oaam_server')
Note:
If you have Oracle Adaptive Access Manager Offline Server in your setup, run thestopApplication()
command to stop 'oaam_offline'
too.Redeploy the applications by running the following commands:
redeploy('oracle.oaam.extensions')
redeploy('oaam_admin')
redeploy('oaam_server')
Note:
If you have Oracle Adaptive Access Manager Offline Server in your setup, run theredeploy()
command to redeploy applications on 'oaam_offline'
too.Start the applications by running the following commands:
startApplication('oaam_admin')
startApplication('oaam_server')
Note:
If you have Oracle Adaptive Access Manager Offline Server in your setup, run thestartApplication()
command to stop 'oaam_offline'
too.Exit the WLST console using the exit()
command.
For more information about using the redeploy
command, see "redeploy" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
Redeploying Applications Using WebLogic Administration Console
To redeploy applications on Oracle Adaptive Access Manager 11.1.2.3.0 servers using the WebLogic Administration console, do the following
Log in to the WebLogic Administration console using the following URL:
http://
admin_host
:
admin_port
/console
Go to the Deployments tab.
Click lock and Edit on the left panel.
Stop the oaam_admin
and oaam_server
applications. If oaam_offline
is available in your environment, stop it too.
Select oaam_extension_library.
Click Update.
The console shows the location of the .ear
file. Confirm if that is the correct location of the .ear
file that you wish to deploy; Otherwise, change the location.
Click Finish.
When the deployment is completed, click Release configuration.
Repeat the procedure for OAAM_ADMIN
, OAAM_SERVER
, and OAAM_OFFLINE
as applicable.
After you redeploy the applications, restart the WebLogic Administration Server and the Oracle Adaptive Access Manager Managed Server(s).
Note:
After redeploying the applications, when you stop the servers for the first time, the following exception might be displayed:<Error> <oracle.oaam> <BEA-000000> <Exception writing monitor data: java.lang.IllegalStateException: Attempting to execute an operation on a closed EntityManagerFactory. at org.eclipse.persistence.internal.jpa.EntityManagerFactoryDelegate.verifyOpen(EntityManagerFactoryDelegate.java:305) at org.eclipse.persistence.internal.jpa.EntityManagerFactoryDelegate.createEntity ManagerImpl(EntityManagerFactoryDelegate.java:276) at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManagerImpl(EntityManagerFactoryImpl.java:294) at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:272) at com.bharosa.common.toplink.TopLink11gDBMgr.createSession(TopLink11gDBMgr.java: 313) at com.bharosa.common.db.BharosaDBMgr.beginSession(BharosaDBMgr.java:166) at com.bharosa.common.dataaccess.DataAccessMgr.beginSession(DataAccessMgr.java:95) at java.lang.Thread.run(Thread.java:662) > <Nov 24, 2014 2:43:22 AM PST> <Error> <oracle.oaam> <BEA-000000> <Session not found in endSession for database default. This is not okay. refCount=null java.lang.Throwable at com.bharosa.common.db.BharosaDBMgr.endSession(BharosaDBMgr.java:245) at com.bharosa.common.dataaccess.DataAccessMgr.endSession(DataAccessMgr.java:137) at com.bharosa.common.monitoring.Monitor.run(Monitor.java:113) at java.lang.Thread.run(Thread.java:662) >
This is a one time exception, seen the first time you stop the servers after upgrade. You can ignore this exception.
For information about stopping the servers, see Section 24.1.9, "Stopping the Servers".
For information about starting the servers, see Section 24.1.8, "Starting the Servers".
To verify the Oracle Adaptive Access Manager upgrade, do the following:
Verify the log file at the location MW_HOME
/oracle_common/upgrade/logs
to ensure that the upgrade was successful.
Verify the version of the OAAM schema by connecting to the OAAM schema as OAAM_schema_user
, and running the following query:
select version,status,upgraded from schema_version_registry where owner=<OAAM_SCHEMA_NAME>;
Ensure that the version number is 11.1.2.3.0.
Log in to the OAAM Administration console using the following URL:
http://oaam.example.com:<admin_port>/oaam_admin
Verify if the version number of Oracle Adaptive Access Manager is 11.1.2.3.0.
For the list of known issues related to upgrade, and their workaround, see "Upgrade and Migration Issues for Oracle Identity and Access Management" in the Oracle Fusion Middleware Release Notes for Identity Management.