This chapter describes how to upgrade Oracle Entitlements Server 11g Release 2 (11.1.2.2.0), 11g Release 2 (11.1.2.1.0) and 11g Release 2 (11.1.2) environments to Oracle Entitlements Server 11g Release 2 (11.1.2.3.0) on Oracle WebLogic Server, using the manual upgrade procedure.
Note:
If your existing Oracle Identity and Access Management environment was deployed using the Life Cycle Management (LCM) Tools, you must use the automated upgrade procedure to upgrade to Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0).For information about automated upgrade procedure, supported starting points and topologies, see Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".
Note:
This chapter refers to Oracle Entitlements Server 11g Release 2 (11.1.2), 11g Release 2 (11.1.2.1.0), and 11g Release 2 (11.1.2.2.0) environments as 11.1.2.x.x.This chapter includes the following sections:
This section describes how to upgrade Oracle Entitlements Server Administration Server to 11.1.2.3.0.
This section includes the following topics:
Section 11.1.1, "Upgrade Roadmap for Oracle Entitlements Server Administration Server"
Section 11.1.3, "Shutting Down Administration Server and Oracle Entitlements Server Managed Servers"
Section 11.1.5, "Updating Oracle Entitlements Server Binaries to 11.1.2.3.0"
Section 11.1.7, "Upgrading Oracle Platform Security Services Schema"
Section 11.1.8, "Upgrading Oracle Platform Security Services"
Section 11.1.9, "Deleting Certain Directories From the Domain"
Section 11.1.10, "Starting the Administration Server and the Managed Servers"
Section 11.1.11, "Verifying the Oracle Entitlements Server Administration Server Upgrade"
Table 11-1 lists the steps to upgrade Oracle Entitlements Server Administration Server upgrade.
Note:
If you do not follow the exact sequence provided in this task table, your Oracle Entitlements Server Administration Server upgrade may not be successful.Table 11-1 Roadmap for Upgrading Oracle Entitlements Server Administration Server 11.1.2.x.x to 11.1.2.3.0
Sl No | Task | For More Information |
---|---|---|
1 |
Complete the pre-upgrade steps before you begin with the upgrade process. |
|
2 |
Stop the Administration Server and all the Oracle Entitlements Server Managed Servers. |
See, Shutting Down Administration Server and Oracle Entitlements Server Managed Servers |
3 |
Upgrade your existing Oracle WebLogic Server to 10.3.6 (if necessary). |
|
4 |
Upgrade the Oracle Entitlements Server binaries to 11.1.2.3.0. |
See, Updating Oracle Entitlements Server Binaries to 11.1.2.3.0 |
5 |
Delete all the |
|
6 |
Upgrade the Oracle Platform Security Services schemas. |
|
7 |
Upgrade Oracle Platform Security Services to 11.1.2.3.0. This task is optional but is recommended. |
|
8 |
Delete the |
|
9 |
Start all the servers. |
See, Starting the Administration Server and the Managed Servers |
10 |
Verify the Oracle Entitlements Server Administration Server upgrade. |
See, Verifying the Oracle Entitlements Server Administration Server Upgrade |
Before you begin with the upgrade, you must complete the following prerequisites:
Review the Oracle Fusion Middleware System Requirements and Specifications and Oracle Fusion Middleware Supported System Configurations documents to ensure that your system meets the minimum requirements for the products you are installing or upgrading to. For more information see Section 24.1.1, "Verifying Certification, System Requirements, and Interoperability".
Ensure that you are using a Java Development Kit (JDK) version that is supported and certified with Oracle Identity and Access Management 11.1.2.3.0.
You can verify the required JDK version by reviewing the certification information on the Oracle Fusion Middleware Supported System Configurations page.
The JDK can be downloaded from the Java SE Development Kit 7 Downloads page on Oracle Technology Network (OTN).
Note:
For more information about JDK version requirements, see the "Oracle WebLogic Server and JDK Considerations" topic in the Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management 11g Release 2 (11.1.2) document.The upgrade process involves changes to the binaries and to the schema. Therefore, before you begin the upgrade process, you must shut down the Oracle Entitlements Server Managed Server(s) and the WebLogic Administration Server.For information about stopping the WebLogic Administration Server and the Managed Servers, see Section 24.1.9, "Stopping the Servers".
Oracle Identity and Access Management 11.1.2.3.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Entitlements Server environment is using Oracle WebLogic Server 10.3.5 or any earlier version, you must upgrade it to Oracle WebLogic Server 10.3.6.
Note:
If you are already using Oracle WebLogic Server 10.3.6, ensure that you apply the mandatory patches to fix specific issues with Oracle WebLogic Server 10.3.6.To identify the required patches that you must apply for Oracle WebLogic Server 10.3.6, see "Downloading and Applying Required Patches" in the Oracle Fusion Middleware Infrastructure Release Notes.
The patches listed in the release notes are available from My Oracle Support. The patching instructions are mentioned in the README.txt
file that is provided with each patch.
For information about upgrading to Oracle WebLogic Server 10.3.6, see Section 24.1.5, "Upgrading Oracle WebLogic Server to 11g Release 1 (10.3.6)".
To upgrade Oracle Entitlements Server binaries to 11.1.2.3.0, you must use the Oracle Identity and Access Management 11.1.2.3.0 Installer. During the procedure, point the Middleware Home to your existing 11.1.2.x.x Middleware Home.
For information about updating the Oracle Entitlements Server binaries to 11.1.2.3.0, see Section 24.1.6, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.3.0)".
After you upgrade the Oracle Entitlements Server binaries, delete all the files with postfix py.class
in the newly installed Oracle Entitlements Server home (MW_HOME
/ORACLE_HOME
/
).
Upgrade the Oracle Platform Security Services schemas using Patch Set Assistant.
For more information about upgrading schemas using Patch Set Assistant, see Section 24.1.4, "Upgrading Schemas Using Patch Set Assistant".
After you upgrade Oracle Platform Security Services schemas, you must upgrade Oracle Platform Security Services (OPSS). This task is optional; however, it is recommended that you perform this task.
Note:
If you are upgrading Oracle Entitlements Server 11.1.2.1.0 to 11.1.2.3.0, you must upgrade Oracle Platform Security Services if Audit schema is installed. This step is required to upgrade the policy store to include the new 11.1.2.3.0 audit policies.Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores of Oracle Entitlements Server to 11.1.2.3.0. It upgrades the jps-config.xml
file and policy stores.
For information about upgrading Oracle Platform Security Services, see Section 24.1.7, "Upgrading Oracle Platform Security Services".
Delete the following directories from the location DOMAIN_HOME
/servers/
ServerName
:
tmp
cache
stage
After the upgrade is complete, start the WebLogic Administration Server, and the Oracle Entitlements Server Managed Server(s).
For information about starting the WebLogic Administration Server and the Managed Server(s), see Section 24.1.8, "Starting the Servers".
To verify the Oracle Entitlements Server upgrade, do the following:
Verify the schema version in the policy store by running the following SQL query:
select attrval from jps_attrs where attrname='orclProductVersion' and rownum = 1;
Ensure that the schema version is 11.1.1.9.0.
The application MAPI works with both old and new functionality.
Create a new policy to see if CRUD operations on the policy store artifacts, using their entity managers, are working.
For more information, see "Creating Fine Grained Elements for a Simple Policy" in the Oracle Fusion Middleware Developer's Guide for Oracle Entitlements Server.
The Application Runtime Authorization continues working.
To verify, create an authorization, as mentioned in "Using the PEP API" in the Oracle Fusion Middleware Developer's Guide for Oracle Entitlements Server, and see if it works correctly.
This section descries how to upgrade Oracle Entitlements Server client server to 11.1.2.3.0.
This section includes the following topics:
Section 11.2.1, "Upgrade Roadmap for Oracle Entitlements Server Client"
Section 11.2.3, "Upgrade Oracle Entitlements Server Client to 11.1.2.3.0"
Section 11.2.6, "Verifying Oracle Entitlements Server Client Upgrade"
Table 11-2 lists the steps to upgrade Oracle Entitlements Server Client Server upgrade.
Note:
If you do not follow the exact sequence provided in this task table, your Oracle Entitlements Server Client Server upgrade may not be successful.Table 11-2 Roadmap for Upgrading Oracle Entitlements Server Client 11.1.2.x.x to 11.1.2.3.0
Sl No | Task | For More Information |
---|---|---|
1 |
Stop all the security module instances, and the servers. |
|
2 |
Upgrade the Oracle Entitlements Server Client to 11.1.2.3.0. |
See, Upgrade Oracle Entitlements Server Client to 11.1.2.3.0 |
3 |
Delete all the |
|
4 |
Start the security modules. |
|
5 |
Verify the Oracle Entitlements Server Client Server upgrade. |
Bring down all security module instances, Administration Server, and Managed Servers.
The security module instances shuts down when the Administration Server and Managed Servers are shut down.
To stop the servers, see Section 11.1.3, "Shutting Down Administration Server and Oracle Entitlements Server Managed Servers".
To upgrade Oracle Entitlements Server Client, you must use the 11.1.2.3.0 installer. During the procedure, point the Middleware Home to your existing 11.1.2.x.x Oracle Entitlements Server Client Middleware Home. This upgrades your Middleware Home and Oracle Home from 11.1.2.x.x to 11.1.2.3.0.
This section contains the following topics:
You must install and configure Oracle Entitlements Server Administration Server, as described in Section 11.1.5, "Updating Oracle Entitlements Server Binaries to 11.1.2.3.0".
For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
For more information on installing Oracle Entitlements Server Client 11.1.2.3.0, see "Installing Oracle Entitlements Server Client" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
To verify that your Oracle Entitlements Server Client install was successful, go to your Oracle Home directory which you specified during installation and verify that the Oracle Entitlements Server Client installation files are created.
After you upgrade the Oracle Entitlements Server Client, delete all the files with postfix py.class
in the newly installed Oracle Entitlements Server home (MW_HOME
/ORACLE_HOME
/
).
Start the Security Modules. Prior to starting the security modules, ensure that you have started WebLogic Administration Server and the Managed Servers.
To start the servers, see Section 11.1.10, "Starting the Administration Server and the Managed Servers".
Note:
When starting the Oracle Service Bus Security Module, you must use the parameter-Doracle.oes.osbresource.converter.distinguishtransportprivilege=false
while running the script.To verify, create an authorization, as mentioned in "Using the PEP API" in the Oracle Fusion Middleware Developer's Guide for Oracle Entitlements Server, and see if it works correctly.
The Application Runtime Authorization continues working.