4 Upgrading Oracle Access Manager Highly Available Environments

Describes the process of upgrading an Oracle Access Manager highly available environments from 11g Release 2 (11.1.2.3.0) to 12c (12.2.1.3.0).

Topics

• About the Oracle Access Manager Multinode Upgrade Process
  Review the topology and the roadmap for an overview of the upgrade process for Oracle Access Manager highly available environments.
• Completing the Pre-Upgrade Tasks for Oracle Access Manager
  Complete the pre-upgrade tasks described in this section before you upgrade Oracle Access Manager.
• Creating 12c Oracle Home Folder on OAMHOST1 and OAMHOST2
  Create a folder for 12c Oracle Home on both OAMHOST1 and OAMHOST2.
• Installing Product Distributions on OAMHOST1 and OAMHOST2
  You must install the 12c binaries onto OAMHOST1 and OAMHOST2 or onto shared storage accessible by both. If you are using redundant binaries ensure you install into each of the redundant locations
• Installing the Latest Stack Patch Bundle
  After you install the product distributions, Oracle strongly recommends you to apply the latest IDM Stack Patch Bundle (SPB) 12.2.1.3.0 before proceeding with the upgrade process. You can apply the patch by using the Opatch tool. Applying the SPB helps eliminate most of the upgrade issues or workarounds.
• Upgrading Schemas on OAMHOST1
  Upgrade all of the necessary schemas for Oracle Access Manager, on OAMHOST1 by using the Upgrade Assistant.
• Reconfiguring the Domain on OAMHOST1
  Run the Reconfiguration Wizard on OAMHOST1 to reconfigure your domain component configurations to 12c (12.2.1.3.0).
• Replicating the Domain Configurations on each OAMHOST
  Replicate the domain configurations on OAMHOST2. This involves packing the upgraded domain on OAMHOST1 and unpacking it on OAMHOST2.
• Upgrading Domain Component Configurations on OAMHOST1 and OAMHOST2
  After reconfiguring the domain, use the Upgrade Assistant to upgrade the domain component configurations inside the domain to match the updated domain configuration.
• Starting the Servers on OAMHOST1 and OAMHOST2
  After you upgrade Oracle Access Manager on both OAMHOST1 and OAMHOST2, start the servers.
• Performing Post-Upgrade Tasks
  After performing the upgrade of Oracle Access Manager to 12c (12.2.1.3), you should complete the tasks summarized in this section, if required.
• Performing the Post-Patch Install Steps
  After completing the upgrade, you have to perform the post-patch installation steps.

About the Oracle Access Manager Multinode Upgrade Process

Review the topology and the roadmap for an overview of the upgrade process for Oracle Access Manager highly available environments.

The steps you take to upgrade your existing domain will vary depending on how your domain is configured and which components are being upgraded. Follow only those steps that are applicable to your deployment.

Upgrade Topology

The following topology shows the Oracle Access Manager cluster set up that can be upgraded to 12c (12.2.1.3.0) by following the procedure described in this chapter.

Figure 4-1 Oracle Access Manager High Availability Upgrade Topology

Description of "Figure 4-1 Oracle Access Manager High Availability Upgrade Topology"

On OAMHOST1, the following installations have been performed:

• An Oracle Access Management Access Manager instance has been installed in the WLS_OAM1 Managed Server.

• A WebLogic Server Administration Server has been installed. Under normal operations, this is the active Administration Server.

On OAMHOST2, the following installations have been performed:

• An Oracle Access Management Access Manager instance has been installed in the WLS_OAM2 Managed Server.

• A WebLogic Server Administration Server has been installed. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OAMHOST1 becomes unavailable.

The instances in the WLS_OAM1 and WLS_OAM2 Managed Servers on OAMHOST1 and OAMHOST2 are configured in a cluster named OAM_CLUSTER.

Table 4-1 Tasks for Upgrading Oracle Access Manager Highly Available Environments

Task	Description
Required If you have not done so already, review the introductory topics in this guide and complete the required pre-upgrade tasks.	See: Introduction to Upgrading Oracle Access Manager to 12c (12.2.1.3.0) Pre-Upgrade Requirements
Required Complete the necessary pre-upgrade tasks specific to Oracle Access Manager.	See Completing the Pre-Upgrade Tasks for Oracle Access Manager.
Required Create the 12c Oracle Home Folder on both OAMHOST1 and OAMHOST2, so that you can use the location for installing the product distributions.	See Creating 12c Oracle Home Folder on OAMHOST1 and OAMHOST2.
Required Install Oracle Access Manager 12c (12.2.1.3.0) in the new Oracle home.	See Installing Product Distributions on OAMHOST1 and OAMHOST2.
Required Apply the latest bundle patches	See Installing the Latest Stack Patch Bundle.
Required Upgrade the necessary schemas on OAMHOST1.	See Upgrading Schemas on OAMHOST1.
Required Reconfigure the Oracle Access Manager domain on OAMHOST1.	See Reconfiguring the Domain on OAMHOST1.
Required Replicate the Oracle Access Manager domain configurations on OAMHOST2.	This includes packing the domain on OAMHOST1 and unpacking it on OAMHOST2. See Replicating the Domain Configurations on each OAMHOST.
Required Upgrade the domain component configurations on both OAMHOST1 and OAMHOST2.	The Upgrade Assistant is used to update the reconfigured domain’s component configurations. See Upgrading Domain Component Configurations on OAMHOST1 and OAMHOST2.
Required Start the servers on OAMHOST1 and OAMHSOT2.	See Starting the Servers.
Required Complete any necessary post-upgrade tasks.	These tasks are optional. See Performing Post-Upgrade Tasks.
Required Complete the post-patch install steps.	See Performing the Post-Patch Install Steps.

Completing the Pre-Upgrade Tasks for Oracle Access Manager

Complete the pre-upgrade tasks described in this section before you upgrade Oracle Access Manager.

• Checking the Supported Starting Point for Oracle Access Manager Upgrade
  The Oracle Access Manager version that is supported for upgrade is 11g Release 2 (11.1.2.3.0).
• Checking if OAM is in a Different Domain to OAAM and OIM
  In the case of Oracle Access Manager (OAM), Oracle Adaptive Access Management (OAAM), and Oracle Identity Manager (OIM) integrated setup, where OAM and OAAM are in same domain, and OIM is in a separate domain, the OAM domain needs to be cloned that works with OAAM and OIM in the source domain.
• Removing the IAMSuiteAgent Deployment
  The IAMSuiteAgent deployment is not supported in 12c. Therefore, undeploy the IAMSuiteAgent before you proceed with the upgrade.
• Upgrading Java JSE Policy
  Upgrade Java JSE Policy, if required.
• Disabling Deprecated Services in OAM
  Applies only to Mobile and Social, Security Token Service, Mobile Security Service, and MSAS proxy users.

Checking the Supported Starting Point for Oracle Access Manager Upgrade

The Oracle Access Manager version that is supported for upgrade is 11g Release 2 (11.1.2.3.0).

If you are using an earlier version of Oracle Access Manager, you must upgrade to Oracle Access Manager 11g Release 2 (11.1.2.3.0) first, and then to 12c.

Checking if OAM is in a Different Domain to OAAM and OIM

In the case of Oracle Access Manager (OAM), Oracle Adaptive Access Management (OAAM), and Oracle Identity Manager (OIM) integrated setup, where OAM and OAAM are in same domain, and OIM is in a separate domain, the OAM domain needs to be cloned that works with OAAM and OIM in the source domain.

Note:

Ensure that Oracle Access Manager and Oracle Identity Manager are in different domains. If they are in the same domain, then you need to separate them into multiple domains. For more information, see Separating Oracle Identity Management Applications Into Multiple Domains.

To separate the OAM and OAAM domain, do the following:

1. Perform the test-to-production of the source environment (machine-1) where OAM and OAAM is in the same domain, so as to form the 11.1.2.3.0 OAM-OAAM environment on machine-2. This machine-2 acts as the production machine.
2. On machine-1, open the DOMAIN_HOME/config/fmwconfig/oam-config.xml file in a text editor, and search for the parameter HOST_ALIAS_1.
3. Update the serverhost parameter to reflect the name of production machine, so that it knows the target (OAAM) machine to which it has to point to render the OAAM authentication page.
4. Search for the parameter Version, and increment its value by one.
5. Restart only the Administration Server and the OAM Server of source machine (machine-1) to reflect the changes.
   Ensure that the oaam_admin_server1 and oaam_server_server1 on the source machine are stopped.
6. Start the oaam_admin_server1 and oaam_server_server1 on production machine (machine-2). The Administration Server on the production machine will be in Running state after the T2P.
7. Access the tapscheme protected resource of machine-1. Make sure that the request gets redirected to OAAM server of machine—2 and subsequent taspscheme login is successful.

   Note:

   Ensure that the date and time on source and production machine are in sync. If they are not, the authentication fails.

If OIM is installed in a separate domain, and is integrated with OAM and OAAM, do the following:

1. Update the following Oracle Identity Manager properties to contain the details of the new OAAM host:

   • OIM.ChangePasswordURL
   • OIM.ChallengeQuestionModificationURL

   For information about setting the Oracle Identity Manager properties for OAAM, see Setting Oracle Identity Manager Properties for Oracle Adaptive Access Manager in the Integration Guide for Oracle Identity Management Suite for 11g Release 2 (11.1.2.3.0).

2. Restart the Oracle Identity Manager server.

Note:

You must upgrade the OAM domain whose Managed Server is in the running state after the domain separation.

For example, if you have followed the steps in this section, you will have to upgrade OAM that resides on machine-1, to 12c.

Removing the IAMSuiteAgent Deployment

The IAMSuiteAgent deployment is not supported in 12c. Therefore, undeploy the IAMSuiteAgent before you proceed with the upgrade.

Removing IAMSuiteAgent from the WebLogic Administration Console

1. Log in to the WebLogic Administration Console using the following URL:

   http://hostname:port/console
   

   where hostname is the DNS name or IP address of the Administration Server and port is the listen port on which the Administration Server is listening for requests (port 7001 by default). If you have configured a domain-wide administration port, use that port number. If you configured the Administration Server to use Secure Socket Layer (SSL) you must add s after http as follows:

   https://hostname:port/console
   

   Note:

   A domain-wide administration port always uses SSL.
2. Click Security Realms.
3. Click myrealm.
4. Click Provider, and then select IAMSuiteAgent.
5. Click Delete.
6. Restart the servers.

Removing IAMSuiteAgent from the OAM Console

Note:

Before you delete IAMSuiteAgent from the OAM console, complete the following tasks:

• Replace IAMSuiteAgent with an 11g WebGate. See Replacing the IAMSuiteAgent with an 11g WebGate. Removing IAMSuiteAgent without replacing it with an 11g WebGate may result in a loss of the OAM functionalities in the 11g server.
• Back up the OAM configuration.

1. Log in to the OAM console.
2. Go to the Application Security tab, click Agents, and then Managed single sign-on agents.
3. From the list of SSO agents, select IAMSuiteAgent, and then click Delete.
4. Confirm the deletion.

Upgrading Java JSE Policy

Upgrade Java JSE Policy, if required.

Note:

This is required if any of the Identity Management components like Oracle Access Management (OAM), Oracle Identity Manager (OIM), Oracle Adaptive Access Manager (OAAM), or Oracle Access Manager Webgates of a data center are yet to be upgraded to 12c (12.2.1.3.0). This is for the phased transition to 12c (12.2.1.3.0).

For a Multi Data Center setup, this is required if any of the data centers has 12c (12.2.1.2.0) components (OAM, OIM, OAAM, OAM Webgates).

The jar files local_policy.jar and US_export_policy.jar are present in the directory $JAVA_HOME/jre/lib/security. You can upgrade Java JSE policy by overwriting these jar files with the specified versions. To do this, complete the following steps:

1. Download the local_policy.jar and US_export_policy.jar files from the following location:
   http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
2. Copy the jar files to the location $JAVA_HOME/jre/lib/security. This overwrites the existing files.

This completes the Java JSE policy upgrade.

Disabling Deprecated Services in OAM

Applies only to Mobile and Social, Security Token Service, Mobile Security Service, and MSAS proxy users.

Mobile and Social, Security Token Service, Mobile Security, and MSAS proxy Service cannot be used in OAM 12c (12.2.1.3.0). If your current installation makes use of any of these services, you must disable them before attempting to perform this upgrade. If any of these services are active during the upgrade, the upgrade will fail with an upgrade not feasible error message. You can find additional information about these features in the Oracle Mobile Security Suite Statement Of Direction support document.

Creating 12c Oracle Home Folder on OAMHOST1 and OAMHOST2

Create a folder for 12c Oracle Home on both OAMHOST1 and OAMHOST2.

It is recommended that you have the identical directory structure on OAMHOST1 and OAMHOST2.

For example:

/home/Oracle/product/ORACLE_HOME

Installing Product Distributions on OAMHOST1 and OAMHOST2

You must install the 12c binaries onto OAMHOST1 and OAMHOST2 or onto shared storage accessible by both. If you are using redundant binaries ensure you install into each of the redundant locations

The following products must be installed on both OAMHOST1 and OAMHOST2:

• Oracle Fusion Middleware Infrastructure 12c (12.2.1.3.0)

• Oracle Access Manager 12c (12.2.1.3.0)

• Any additional distributions for your pre-upgrade environment

For instructions to install the 12c binaries, see Installing Product Distributions.

Note:

If you have redundant Oracle_Home installations, binaries must be installed into each of the redundant locations.

• Installing Product Distributions
  Before beginning your upgrade, download Oracle Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.3.0) distributions on the target system and install them using Oracle Universal Installer.

Installing Product Distributions

Before beginning your upgrade, download Oracle Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.3.0) distributions on the target system and install them using Oracle Universal Installer.

Note:

• The 12c binaries are installed in a different location from the previous 11g binaries. You can install 12c binaries before any planned downtime for upgrade.
• If you are using Redundant binary locations, ensure that you install the software into each of those redundant locations.

To install the 12c (12.2.1.3.0) distributions:

1. Sign in to the target system.
2. Download the following from Oracle Technical Resources or Oracle Software Delivery Cloud to your target system:
   • Oracle Fusion Middleware Infrastructure (fmw_12.2.1.3.0_infrastructure_generic.jar)
   • Oracle Access Manager (fmw_12.2.1.3.0_idm_generic.jar)
   • Any additional distributions for your pre-upgrade environment

   Note:

   If you are upgrading an integrated environment that was set up using Life Cycle Management (LCM) tool, that includes Oracle Access Manager, Oracle Identity Manager, and WebGates, then you must install the respective 12c Web Server (Oracle HTTP Server or Oracle Traffic Director) binaries in the same Oracle Home.

3. Change to the directory where you downloaded the 12c (12.2.1.3.0) product distribution.
4. Start the installation program for Oracle Fusion Middleware Infrastructure:
   • (UNIX) JAVA_HOME/bin/java -jar fmw_12.2.1.3.0_infrastructure_generic.jar
   • (Windows) JAVA_HOME\bin\java -jar fmw_12.2.1.3.0_infrastructure_generic.jar
5. On UNIX operating systems, the Installation Inventory Setup screen appears if this is the first time you are installing an Oracle product on this host.
   Specify the location where you want to create your central inventory. Make sure that the operating system group name selected on this screen has write permissions to the central inventory location, and click Next.

   Note:

   The Installation Inventory Setup screen does not appear on Windows operating systems.
6. On the Welcome screen, review the information to make sure that you have met all the prerequisites. Click Next.
7. On the Auto Updates screen, select an option:

   • Skip Auto Updates: If you do not want your system to check for software updates at this time.

   • Select patches from directory: To navigate to a local directory if you downloaded patch files.

   • Search My Oracle Support for Updates: To automatically download software updates if you have a My Oracle Support account. You must enter Oracle Support credentials then click Search. To configure a proxy server for the installer to access My Oracle Support, click Proxy Settings. Click Test Connection to test the connection.

   Click Next.
8. On the Installation Location screen, specify the location for the Oracle home directory and click Next.
   For more information about Oracle Fusion Middleware directory structure, see About the Directories for Installation and Configuration in Planning an Installation of Oracle Fusion Middleware.
9. On the Installation Type screen, select the following:
   • For Infrastructure, select Fusion Middleware Infrastructure
   • For Oracle Access Manager, select Collocated Oracle Identity and Access Manager.
   Click Next.
10. The Prerequisite Checks screen analyzes the host computer to ensure that the specific operating system prerequisites have been met.
    To view the list of tasks that are verified, select View Successful Tasks. To view log details, select View Log. If any prerequisite check fails, then an error message appears at the bottom of the screen. Fix the error and click Rerun to try again. To ignore the error or the warning message and continue with the installation, click Skip (not recommended).
11. On the Installation Summary screen, verify the installation options that you selected.
    If you want to save these options to a response file, click Save Response File and enter the response file location and name. The response file collects and stores all the information that you have entered, and enables you to perform a silent installation (from the command line) at a later time.

    Click Install to begin the installation.

12. On the Installation Progress screen, when the progress bar displays 100%, click Finish to dismiss the installer, or click Next to see a summary.
13. The Installation Complete screen displays the Installation Location and the Feature Sets that are installed. Review this information and click Finish to close the installer.
14. After you have installed Oracle Fusion Middleware Infrastructure, enter the following command to start the installer for your product distribution and repeat the steps above to navigate through the installer screens:
    (UNIX) JAVA_HOME/bin/java -jar fmw_12.2.1.3.0_idm_generic.jar
    (Windows) JAVA_HOME\bin\java -jar fmw_12.2.1.3.0_idm_generic.jar

Note:

• If your 11.1.2.3.0 setup was deployed using Life Cycle Management (LCM) tool, you must install Oracle HTTP Server 12c (12.2.1.3.0) in the 12c Middleware home. See Preparing to Install and Configure Oracle HTTP Server in Installing and Configuring Oracle HTTP Server.
• By using the opatch tool, apply the latest recommended patchsets from Oracle Support. Complete only the binary installation of patchsets and follow any post-patch steps after the upgrade process is complete. This provides the latest known fixes for upgrade process, if any.

Installing the Latest Stack Patch Bundle

After you install the product distributions, Oracle strongly recommends you to apply the latest IDM Stack Patch Bundle (SPB) 12.2.1.3.0 before proceeding with the upgrade process. You can apply the patch by using the Opatch tool. Applying the SPB helps eliminate most of the upgrade issues or workarounds.

Following are the high-level tasks you should complete to apply the Stack Patch Bundle:

• Initial Preparation: In this phase, you stage the software, read the README.txt file, and verify and/or update the Opatch tool to the appropriate versions.
• Analysis Phase: In this phase, you run the prestop command with the variables from the README.txt file to determine if the system is ready for patching.
• Patching Phase: In this phase, you backup MW_HOME and DOMAIN_HOME, run the downtime command for OIG with the variables from the README.txt file, and then clear any temporary files.

Note:

At this point, you will not restart the servers. There is currently no link between the schemas, the local configuration, and the new bits. The remainder of the patching process will happen after the bootstrap.

To avoid a false failure during the domain Reconfiguration Phase of the upgrade, after completing the Patching Phase, update the following entries in the config.xml for the com.oracle.cie.comdev_7.8.2.0 and com.oracle.cie.xmldh_3.4.2.0 libraries:

<name>com.oracle.cie.comdev#3.0.0.0@7.8.2.0</name>
com.oracle.cie.comdev_7.8.2.0.jar

<name>com.oracle.cie.xmldh#2.0.0.0@3.4.2.0</name>
com.oracle.cie.xmldh_3.4.2.0.jar

From:

<library>
<name>com.oracle.cie.comdev#3.0.0.0@7.8.2.0</name>
<target>oim_cluster</target>
<source-path><MW_HOME>/oracle_common/modules/com.oracle.cie.comdev_7.8.2.0.jar
</source-path>
<deployment-order>511</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>

<library>
<name>com.oracle.cie.xmldh#2.0.0.0@3.4.2.0</name>
<target>oim_cluster</target>
<source-path><MW_HOME>/oracle_common/modules/com.oracle.cie.xmldh_3.4.2.0.jar<
/source-path>
<deployment-order>511</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>

To this:

<library>
<name>com.oracle.cie.comdev#3.0.0.0@7.8.4.0</name>
<target>oim_cluster</target>
<source-path><MW_HOME>/oracle_common/modules/com.oracle.cie.comdev_7.8.4.0.jar
</source-path>
<deployment-order>511</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>

<library>
<name>com.oracle.cie.xmldh#2.0.0.0@3.4.4.0</name>
<target>oim_cluster</target>
<source-path><MW_HOME>/oracle_common/modules/com.oracle.cie.xmldh_3.4.4.0.jar<
/source-path>
<deployment-order>511</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>

This update to the config.xml file changes the name of the libraries and version of the jar file in each library to the one that will be used post the patching process. Ensure that both nodes have the same settings.

For more information on the patching process, see Doc ID 2657920.1.

Note:

If you are using Windows or Solaris OS, download the individual Bundle Patches (BPs) from Doc ID 2457034.1.

After completing the upgrade, you have to perform the post-patch install steps. See Performing the Post-Patch Install Steps.

Upgrading Schemas on OAMHOST1

Upgrade all of the necessary schemas for Oracle Access Manager, on OAMHOST1 by using the Upgrade Assistant.

• Upgrading Product Schemas
  After stopping servers and processes, use the Upgrade Assistant to upgrade supported product schemas to the current release of Oracle Fusion Middleware.

Upgrading Product Schemas

After stopping servers and processes, use the Upgrade Assistant to upgrade supported product schemas to the current release of Oracle Fusion Middleware.

The Upgrade Assistant allows you to upgrade individually selected schemas or all schemas associated with a domain. The option you select determines which Upgrade Assistant screens you will use.

• Identifying Existing Schemas Available for Upgrade
  This optional task enables you to review the list of available schemas before you begin the upgrade by querying the schema version registry. The registry contains schema information such as version number, component name and ID, date of creation and modification, and custom prefix.
• Starting the Upgrade Assistant
  Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.
• Upgrading Oracle Access Manager Schemas Using the Upgrade Assistant
  Navigate through the screens in the Upgrade Assistant to upgrade the product schemas.
• Verifying the Schema Upgrade
  After completing all the upgrade steps, verify that the upgrade was successful by checking that the schema version in schema_version_registry has been properly updated.

Identifying Existing Schemas Available for Upgrade

This optional task enables you to review the list of available schemas before you begin the upgrade by querying the schema version registry. The registry contains schema information such as version number, component name and ID, date of creation and modification, and custom prefix.

You can let the Upgrade Assistant upgrade all of the schemas in the domain, or you can select individual schemas to upgrade. To help decide, follow these steps to view a list of all the schemas that are available for an upgrade:

1. If you are using an Oracle database, connect to the database by using an acount that has Oracle DBA privileges, and run the following from SQL*Plus:

   SET LINE 120
   COLUMN MRC_NAME FORMAT A14
   COLUMN COMP_ID FORMAT A20
   COLUMN VERSION FORMAT A12
   COLUMN STATUS FORMAT A9
   COLUMN UPGRADED FORMAT A8
   SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID;
   

2. Examine the report that is generated.

   If an upgrade is not needed for a schema, the schema_version_registry table retains the schema at its pre-upgrade version.

3. Note the schema prefix name that was used for your existing schemas. You will use the same prefix when you create new 12c schemas.

Notes:

• If you used an OID-based policy store in 11g, make sure to create a new OPSS schema before you perform the upgrade. After the upgrade, the OPSS schema remains an LDAP-based store.

• You can only upgrade schemas for products that are available for upgrade in Oracle Fusion Middleware release 12c (12.2.1.3.0). Do not attempt to upgrade a domain that includes components that are not yet available for upgrade to 12c (12.2.1.3.0).

Starting the Upgrade Assistant

Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.

To start the Upgrade Assistant:

Note:

Before you start the Upgrade Assistant, make sure that the JVM character encoding is set to UTF-8 for the platform on which the Upgrade Assistant is running. If the character encoding is not set to UTF-8, then you will not be able to download files containing Unicode characters in their names. This can cause the upgrade to fail.

To ensure that UTF-8 is used by the JVM, use the JVM option -Dfile.encoding=UTF-8.

1. Go to the oracle_common/upgrade/bin directory:
   • (UNIX) ORACLE_HOME/oracle_common/upgrade/bin
   • (Windows) ORACLE_HOME\oracle_common\upgrade\bin
2. Start the Upgrade Assistant:
   • (UNIX) ./ua
   • (Windows) ua.bat

Note:

In the above command, ORACLE_HOME refers to the 12c (12.2.1.3.0) Oracle Home.

For information about other parameters that you can specify on the command line, such as logging parameters, see:

• Upgrade Assistant Parameters
  

Upgrade Assistant Parameters

When you start the Upgrade Assistant from the command line, you can specify additional parameters.

Table 4-2 Upgrade Assistant Command-Line Parameters

Parameter	Required or Optional	Description
-readiness	Required for readiness checks Note: Readiness checks cannot be performed on standalone installations (those not managed by the WebLogic Server).	Performs the upgrade readiness check without performing an actual upgrade. Schemas and configurations are checked. Do not use this parameter if you have specified the -examine parameter.
-threads	Optional	Identifies the number of threads available for concurrent schema upgrades or readiness checks of the schemas. The value must be a positive integer in the range 1 to 8. The default is 4.
-response	Required for silent upgrades or silent readiness checks	Runs the Upgrade Assistant using inputs saved to a response file generated from the data that is entered when the Upgrade Assistant is run in GUI mode. Using this parameter runs the Upgrade Assistant in silent mode (without displaying Upgrade Assistant screens).
-examine	Optional	Performs the examine phase but does not perform an actual upgrade. Do not specify this parameter if you have specified the -readiness parameter.
-logLevel attribute	Optional	Sets the logging level, specifying one of the following attributes: TRACE NOTIFICATION WARNING ERROR INCIDENT_ERROR The default logging level is NOTIFICATION. Consider setting the -logLevel TRACE attribute to so that more information is logged. This is useful when troubleshooting a failed upgrade. The Upgrade Assistant's log files can become very large if -logLevel TRACE is used.
-logDir location	Optional	Sets the default location of upgrade log files and temporary files. You must specify an existing, writable directory where the Upgrade Assistant creates log files and temporary files. The default locations are: (UNIX) ORACLE_HOME/oracle_common/upgrade/logs ORACLE_HOME/oracle_common/upgrade/temp (Windows) ORACLE_HOME\oracle_common\upgrade\logs ORACLE_HOME\oracle_common\upgrade\temp
-help	Optional	Displays all of the command-line options.

Upgrading Oracle Access Manager Schemas Using the Upgrade Assistant

Navigate through the screens in the Upgrade Assistant to upgrade the product schemas.

Caution:

You can skip this step if you have already upgraded your schemas using RCU.

Note:

• If the pre-upgrade environment has Audit schema (IAU), you must first upgrade Audit schema only, using the Individually Selected Schema option on the Selected Schemas screen, and selecting Oracle Audit Services schema. Ensure that you select the appropriate IAU schema from the list of available IAU schemas. The upgrade assistant will not detect the corresponding IAU schema from the provided domain directory automatically. Hence, you must select it manually. Once the IAU schema is upgraded, run the Upgrade Assistant again to upgrade the remaining schemas using the All Schema Used by a domain option on the Selected Schemas screen.

• If there is no Audit schema (IAU) in your pre-upgrade environment, use the All Schema Used by a Domain option on the Selected Schemas screen and proceed.

• To check whether the pre-upgrade environment has the IAU schema, run the following SQL command using the user with sysdba privileges:

  select username from dba_users where username like '%IAU%';

  This command lists the IAU schemas available in your configured database.

To upgrade product schemas with the Upgrade Assistant:

1. On the Welcome screen, review an introduction to the Upgrade Assistant and information about important pre-upgrade tasks. Click Next.

   Note:

   For more information about any Upgrade Assistant screen, click Help on the screen.
2. On the Selected Schemas screen, select the schema upgrade operation that you want to perform:
   • Individually Selected Schemas if you want to select individual schemas for upgrade and you do not want to upgrade all of the schemas used by the domain.

     Caution:

     Upgrade only those schemas that are used to support your 12c (12.2.1.3.0) components. Do not upgrade schemas that are currently being used to support components that are not included in Oracle Fusion Middleware 12c (12.2.1.3.0).
   • All Schemas Used by a Domain to allow the Upgrade Assistant to discover and select all components that have a schema available to upgrade in the domain specified in the Domain Directory field. This is also known as a domain assisted schema upgrade. Additionally, the Upgrade Assistant pre-populates connection information on the schema input screens.

     Note:

     Oracle recommends that you select All Schemas Used by a Domain for most upgrades to ensure all of the required schemas are included in the upgrade.

   Note:

   If your 11g domain contains Oracle Identity Navigator, choose Individually Selected Schemas and select only the Oracle Access Manager (OAM) and the OAM-related schemas.

   Do not select Oracle Identity Navigator (OIN) and OIN-related schemas, as Oracle Identity Navigator is not supported in 12c.

   Click Next.

3. If you selected Individually Selected Schemas: On the Available Components screen, select the components for which you want to upgrade schemas. When you select a component, the schemas and any dependencies are automatically selected.

   If you selected All schemas used by a domain: On the Create Schema screen, enter the necessary Database details. This retrieves all of the schemas in the domain.

   Click Next.

4. On the Prerequisites screen, acknowledge that the prerequisites have been met by selecting all the check boxes. Click Next.

   Note:

   The Upgrade Assistant does not verify whether the prerequisites have been met.
5. On the Schema Credentials screen(s), specify the database connection details for each schema you are upgrading (the screen name changes based on the schema selected):

   • Select the database type from the Database Type drop-down menu.

   • Enter the database connection details, and click Connect.

   • Select the schema you want to upgrade from the Schema User Name drop-down menu, and then enter the password for the schema. Be sure to use the correct schema prefix for the schemas you are upgrading.

     Note:

     The component ID or schema name is changed for UCSUMS schema as of release 12.1.2, which means the Upgrade Assistant does not automatically recognize the possible schemas and display them in a drop-down list. You must manually enter the name in a text field. The name can be either prefix_ORASDPM or prefix_UMS, depending on the starting point for the upgrade.

     The UCSUMS schema is not auto-populated. Enter prefix_ORASDPM as the user. The upgrade environment uses _ORASDPM as the schema name, whereas in the 12c environment it is referred to as _UMS.

6. On the Examine screen, review the status of the Upgrade Assistant as it examines each schema, verifying that the schema is ready for upgrade. If the status is Examine finished, click Next.
   If the examine phase fails, Oracle recommends that you cancel the upgrade by clicking No in the Examination Failure dialog. Click View Log to see what caused the error and refer to Troubleshooting Your Upgrade in Upgrading with the Upgrade Assistant for information on resolving common upgrade errors.

   Note:

   • If you resolve any issues detected during the examine phase without proceeding with the upgrade, you can start the Upgrade Assistant again without restoring from backup. However, if you proceed by clicking Yes in the Examination Failure dialog box, you need to restore your pre-upgrade environment from backup before starting the Upgrade Assistant again.

   • Canceling the examination process has no effect on the schemas or configuration data; the only consequence is that the information the Upgrade Assistant has collected must be collected again in a future upgrade session.

7. On the Upgrade Summary screen, review the summary of the options you have selected for schema upgrade.
   Verify that the correct Source and Target Versions are listed for each schema you intend to upgrade.
   If you want to save these options to a response file to run the Upgrade Assistant again later in response (or silent) mode, click Save Response File and provide the location and name of the response file. A silent upgrade performs exactly the same function that the Upgrade Assistant performs, but you do not have to manually enter the data again.
   Click Upgrade to start the upgrade process.
8. On the Upgrade Progress screen, monitor the status of the upgrade.

   Caution:

   Allow the Upgrade Assistant enough time to perform the upgrade. Do not cancel the upgrade operation unless absolutely necessary. Doing so may result in an unstable environment.
   If any schemas are not upgraded successfully, refer to the Upgrade Assistant log files for more information.

   Note:

   The progress bar on this screen displays the progress of the current upgrade procedure. It does not indicate the time remaining for the upgrade.

   Click Next.

9. If the upgrade is successful: On the Upgrade Success screen, click Close to complete the upgrade and close the wizard.

   If the upgrade fails: On the Upgrade Failure screen, click View Log to view and troubleshoot the errors. The logs are available at ORACLE_HOME/oracle_common/upgrade/logs.

   Note:

   If the upgrade fails, you must restore your pre-upgrade environment from backup, fix the issues, then restart the Upgrade Assistant.

Verifying the Schema Upgrade

After completing all the upgrade steps, verify that the upgrade was successful by checking that the schema version in schema_version_registry has been properly updated.

If you are using an Oracle database, connect to the database as a user having Oracle DBA privileges, and run the following from SQL*Plus to get the current version numbers:

SET LINE 120
COLUMN MRC_NAME FORMAT A14
COLUMN COMP_ID FORMAT A20
COLUMN VERSION FORMAT A12
COLUMN STATUS FORMAT A9
COLUMN UPGRADED FORMAT A8
SELECT MRC_NAME, COMP_ID, OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY ORDER BY MRC_NAME, COMP_ID ;

In the query result:

• Check that the number in the VERSION column matches the latest version number for that schema. For example, verify that the schema version number is 12.2.1.3.0.

  Note:

  However, that not all schema versions will be updated. Some schemas do not require an upgrade to this release and will retain their pre-upgrade version number.

• The STATUS field will be either UPGRADING or UPGRADED during the schema patching operation, and will become VALID when the operation is completed.

• If the status appears as INVALID, the schema update failed. You should examine the logs files to determine the reason for the failure.

• Synonym objects owned by IAU_APPEND and IAU_VIEWER will appear as INVALID, but that does not indicate a failure.

  They become invalid because the target object changes after the creation of the synonym. The synonyms objects will become valid when they are accessed. You can safely ignore these INVALID objects.

Note:

Undo any non-SSL port changes and any non-SYSDBA user that you made when preparing for the upgrade.

Reconfiguring the Domain on OAMHOST1

Run the Reconfiguration Wizard on OAMHOST1 to reconfigure your domain component configurations to 12c (12.2.1.3.0).

• About Reconfiguring the Domain
  Run the Reconfiguration Wizard to reconfigure your domain component configurations to 12c (12.2.1.3.0).

About Reconfiguring the Domain

Run the Reconfiguration Wizard to reconfigure your domain component configurations to 12c (12.2.1.3.0).

When you reconfigure a WebLogic Server domain, the following items are automatically updated, depending on the applications in the domain:

• WebLogic Server core infrastructure

• Domain version

Note:

Before you begin the domain reconfiguration, note the following limitations:

• The Reconfiguration Wizard does not update any of your own applications that are included in the domain.

• Transforming a non-dynamic cluster domain to a dynamic cluster domain during the upgrade process is not supported.

  The dynamic cluster feature is available when running the Reconfiguration Wizard, but Oracle only supports upgrading a non-dynamic cluster upgrade and then adding dynamic clusters. You cannot add dynamic cluster during the upgrade process.

Specifically, when you reconfigure a domain, the following occurs:

• The domain version number in the config.xml file for the domain is updated to the Administration Server's installed WebLogic Server version.

• Reconfiguration templates for all installed Oracle products are automatically selected and applied to the domain. These templates define any reconfiguration tasks that are required to make the WebLogic domain compatible with the current WebLogic Server version.

• Start scripts are updated.

  If you want to preserve your modified start scripts, be sure to back them up before starting the Reconfiguration Wizard.

Note:

When the domain reconfiguration process starts, you can’t undo the changes that it makes. Before running the Reconfiguration Wizard, ensure that you have backed up the domain as covered in the pre-upgrade checklist. If an error or other interruption occurs while running the Reconfiguration Wizard, you must restore the domain by copying the files and directories from the backup location to the original domain directory. This is the only way to ensure that the domain has been returned to its original state before reconfiguration.

Follow these instructions to reconfigure the existing domain using the Reconfiguration Wizard. See Reconfiguring WebLogic Domains in Upgrading Oracle WebLogic Server.

• Backing Up the Domain
  
• Starting the Reconfiguration Wizard
  
• Reconfiguring the Oracle Access Manager Domain
  Navigate through the screens in the Reconfiguration Wizard to reconfigure your existing 11g domain.

Backing Up the Domain

Before running the Reconfiguration Wizard, create a backup copy of the domain directory.

To create a backup of the Administration server domain directory:

1. Copy the source domain to a separate location to preserve the contents.

   (Windows) copy /home/Oracle/config/domains to /home/Oracle/config/domains_backup.

   (UNIX) cp -rf domains domains_backup

2. For HA environments, before updating the domain on each remote Managed Server, create a backup copy of the domain directory on each remote machine.
3. Verify that the backed up versions of the domain are complete.

If domain reconfiguration fails for any reason, you must restore all files and directories from the backup directory into the original domain directory to ensure that the domain is returned entirely to its original state before reconfiguration.

Starting the Reconfiguration Wizard

Note:

Shut down the administration server and all collocated managed servers before starting the reconfiguration process. See Stopping Servers and Processes.

To start the Reconfiguration Wizard in graphical mode:

1. Open the command shell (on UNIX operating systems) or open a command prompt window (on Windows operating systems).
2. Edition Based Database Users Only: If your schemas are configured with EBR database, a default edition name must be manually supplied before you run the Reconfiguration Wizard.
   Run the following SQL command to set the default edition:

   ALTER DATABASE DEFAULT EDITION = edition_name;

   where edition_name is the child edition name.

3. Go to the oracle_common/common/bin directory:
   • (UNIX) ORACLE_HOME/oracle_common/common/bin
   • (Windows) ORACLE_HOME\oracle_common\commom\bin

   Where, ORACLE_HOME is the 12c Oracle Home.

4. Start the Reconfiguration Wizard:
   The ./reconfig.sh command, might display the following error to indicate that the default cache directory is not valid:

   *sys-package-mgr*: can't create package cache dir
   

   So, first, change the cache directory by setting the environment variable CONFIG_JVM_ARGS.

   For example: CONFIG_JVM_ARGS=-Dpython.cachedir=valid_directory

   Start the Reconfiguration Wizard with the following logging options:

   • (UNIX) ./reconfig.sh -log=log_file -log_priority=ALL
   • (Windows) reconfig.cmd -log=log_file -log_priority=ALL

   where log_file is the absolute path of the log file you'd like to create for the domain reconfiguration session. This can be helpful if you need to troubleshoot the reconfiguration process.

   The parameter -log_priority=ALL ensures that logs are logged in fine mode.

Reconfiguring the Oracle Access Manager Domain

Navigate through the screens in the Reconfiguration Wizard to reconfigure your existing 11g domain.

Note:

If the source is a clustered environment, run the Reconfiguration Wizard on the primary node only. Where, primary node is the Administration Server. Use the pack/unpack utility to apply the changes to other cluster members in the domain.

To reconfigure the domain with the Reconfiguration Wizard:

1. On the Select Domain screen, specify the location of the domain you want to upgrade or click Browse to navigate and select the domain directory. Click Next.
2. On the Reconfiguration Setup Progress screen, view the progress of the setup process. When complete, click Next.
   During this process:

   • The reconfiguration templates for your installed products, including Fusion Middleware products, are automatically applied. This updates various domain configuration files such as config.xml, config-groups.xml, and security.xml (among others).

   • Schemas, scripts, and other such files that support your Fusion Middleware products are updated.

   • The domain upgrade is validated.

3. On the Domain Mode and JDK screen, select the JDK to use in the domain or click Browse to navigate to the JDK you want to use. The supported JDK version for 12c (12.2.1.3.0) is 1.8.0_131 and later. Click Next.

   Note:

   You cannot change the Domain Mode at this stage.
   For a list of JDKs that are supported for a specific platform, see Oracle Fusion Middleware Supported System Configurations.
4. On the Database Configuration Type screen, select RCU Data to connect to the Server Table (_STB) schema.
   Enter the database connection details using the RCU service table (_STB) schema credentials and click Get RCU Configuration.
   The Reconfiguration Wizard uses this connection to automatically configure the data sources required for components in your domain.

   Note:

   By default Oracle’s Driver (Thin) for Service connections; Versions: Any is the selected driver. If you specified an instance name in your connection details — instead of the service name — you must select Oracle’s Driver (Thin) for pooled instance connections; Versions: Any If you do not change the driver type, then the connection will fail.

   For information about selecting grid link for RAC databases in HA environments, see Access Manager High Availability Architecture.

   Note:

   For any existing 11g datasource, the reconfiguration will preserve the existing values. For new datasources where the schema was created for 12c by the RCU, the default connection data will be retrieved from the _STB schema. If no connection data for a given schema is found in the _STB schema, then the default connection data is used.
   If the check is successful, click Next. If the check fails, reenter the connection details correctly and try again.

   Note:

   If your database has _OPSS or _IAU 11g database schemas, you must manually enter database connection details for those schemas. These schemas were not required in 11g and had to be created manually. Users could assign any name to these schemas, therefore the Reconfiguration Wizard does not recognize them. When providing connection information for _IAU, use the IAU_APPEND user information.
5. On the JDBC Component Schema screen, verify that the DBMS/Service and the Host name is correct for the following component schemas:
   • OPSS Audit schema
   • OPSS Audit viewer schema
   • OPSS schema

   If you are connecting to a RAC database, select each of the schemas you want to update and click Convert to Grid Link. Click Next to update the Service Name, Schema Password, SCAN, Hostname/Port, ONS Host/Port.

   Click Next.

6. On the JDBC Component Schema Test screen, select all the component schemas and click Test Selected Connections to test the connection for each schema. The result of the test is indicated in the Status column.
   When the check is complete, click Next.
7. On the Node Manager screen, select the appropriate Node Manager Type based on your requirements, specify the details, and click Next.

   Note:

   There are two types of node managers. It is recommend to use the domain-based node manager, so that, you can have different versions of the node manager for each domain.
8. On the Advanced Configuration screen, select Administration Server, Topology, and Deployments and Services. Select Domain Frontend Host Capture if required.
   For each of the categories you select, the appropriate configuration screen is displayed to allow you to perform advanced configuration.

   Note:

   Ensure that you assign oam_server1 or the OAM managed server name used to the server group OAM-MDG-SVRS, and oam_policy_mgr1 to the server group OAM-POLICY-MANAGED-SERVER.
9. On the Configuration Summary screen, review the detailed configuration settings of the domain before continuing.
   You can limit the items that are displayed in the right-most panel by selecting a filter option from the View drop-down list.
   To change the configuration, click Back to return to the appropriate screen. To reconfigure the domain, click Reconfig.

   Note:

   The location of the domain does not change when you reconfigure it.
10. The Reconfiguration Progress screen displays the progress of the reconfiguration process.
    During this process:

    • Domain information is extracted, saved, and updated.

    • Schemas, scripts, and other such files that support your Fusion Middleware products are updated.

    When the progress bar shows 100%, click Next.
11. The End of Configuration screen indicates whether the reconfiguration process completed successfully or failed. It also displays the location of the domain that was reconfigured as well as the Administration Server URL (including the listen port). If the reconfiguration is successful, it displays Oracle WebLogic Server Reconfiguration Succeeded.
    If the reconfiguration process did not complete successfully, an error message is displayed indicates the reason. Take appropriate action to resolve the issue. If you cannot resolve the issue, contact My Oracle Support.
    Note the Domain Location and the Admin Server URL for further operations.

Replicating the Domain Configurations on each OAMHOST

Replicate the domain configurations on OAMHOST2. This involves packing the upgraded domain on OAMHOST1 and unpacking it on OAMHOST2.

To do this, complete the following steps:

1. On OAMHOST1, run the following command from the location $ORACLE_HOME/oracle_common/common/bin to pack the upgraded domain:
   • On UNIX:

     sh pack.sh -domain=<Location_of_OAM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -template_name="OAM Domain" -managed=true

   • On Windows:

     pack.cmd -domain=<Location_of_OAM_domain> -template=<Location_where_domain_configuration_jar_to_be_created> -template_name="OAM Domain" -managed=true

2. Copy the domain configuration jar file created by the pack command on OAMHOST1 to any accessible location on OAMHOST2.
3. On OAMHOST2, run the following command from the location $ORACLE_HOME/oracle_common/common/bin to unpack the domain:
   • On UNIX:

     sh unpack.sh -domain=<Location_of_OAM_domain> -template=<absolute_path_to the_location_of_domain_configuration_jar_file> -overwrite_domain=true

   • On Windows:

     unpack.cmd -domain=<Location_of_OAM_domain> -template=<absolute_path_to the_location_of_domain_configuration_jar_file> -overwrite_domain=true

4. If you have other OAMHOSTs, repeat step 2 through step 3 on those hosts.

Note:

If you are following the EDG methodology you also need to pack and unpack the domain in the OAM managed server location on OAMHOST1.

Upgrading Domain Component Configurations on OAMHOST1 and OAMHOST2

After reconfiguring the domain, use the Upgrade Assistant to upgrade the domain component configurations inside the domain to match the updated domain configuration.

Upgrade the domain configurations on both OAMHOST1 and OAMHOST2.

• Upgrading Domain Component Configurations
  After reconfiguring the domain, use the Upgrade Assistant to upgrade the domain component configurations inside the domain to match the updated domain configuration.

Upgrading Domain Component Configurations

After reconfiguring the domain, use the Upgrade Assistant to upgrade the domain component configurations inside the domain to match the updated domain configuration.

• Starting the Upgrade Assistant
  Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.
• Upgrading Oracle Access Manager Domain Component Configurations
  Navigate through the screens in the Upgrade Assistant to upgrade component configurations in the WebLogic domain.
• Removing Oracle Mobile Security Manager Servers From the Domain
  Remove the Oracle Mobile Security Manager (MSM) servers from the upgraded domain, as they are not supported in 12c (12.2.1.3.0).

Starting the Upgrade Assistant

Run the Upgrade Assistant to upgrade product schemas, domain component configurations, or standalone system components to 12c (12.2.1.3.0). Oracle recommends that you run the Upgrade Assistant as a non-SYSDBA user, completing the upgrade for one domain at a time.

To start the Upgrade Assistant:

Note:

Before you start the Upgrade Assistant, make sure that the JVM character encoding is set to UTF-8 for the platform on which the Upgrade Assistant is running. If the character encoding is not set to UTF-8, then you will not be able to download files containing Unicode characters in their names. This can cause the upgrade to fail.

To ensure that UTF-8 is used by the JVM, use the JVM option -Dfile.encoding=UTF-8.

1. Go to the oracle_common/upgrade/bin directory:
   • (UNIX) ORACLE_HOME/oracle_common/upgrade/bin
   • (Windows) ORACLE_HOME\oracle_common\upgrade\bin
2. Start the Upgrade Assistant:
   • (UNIX) ./ua
   • (Windows) ua.bat

Note:

In the above command, ORACLE_HOME refers to the 12c (12.2.1.3.0) Oracle Home.

For information about other parameters that you can specify on the command line, such as logging parameters, see:

• Upgrade Assistant Parameters
  

Upgrade Assistant Parameters

When you start the Upgrade Assistant from the command line, you can specify additional parameters.

Table 4-3 Upgrade Assistant Command-Line Parameters

Parameter	Required or Optional	Description
-readiness	Required for readiness checks Note: Readiness checks cannot be performed on standalone installations (those not managed by the WebLogic Server).	Performs the upgrade readiness check without performing an actual upgrade. Schemas and configurations are checked. Do not use this parameter if you have specified the -examine parameter.
-threads	Optional	Identifies the number of threads available for concurrent schema upgrades or readiness checks of the schemas. The value must be a positive integer in the range 1 to 8. The default is 4.
-response	Required for silent upgrades or silent readiness checks	Runs the Upgrade Assistant using inputs saved to a response file generated from the data that is entered when the Upgrade Assistant is run in GUI mode. Using this parameter runs the Upgrade Assistant in silent mode (without displaying Upgrade Assistant screens).
-examine	Optional	Performs the examine phase but does not perform an actual upgrade. Do not specify this parameter if you have specified the -readiness parameter.
-logLevel attribute	Optional	Sets the logging level, specifying one of the following attributes: TRACE NOTIFICATION WARNING ERROR INCIDENT_ERROR The default logging level is NOTIFICATION. Consider setting the -logLevel TRACE attribute to so that more information is logged. This is useful when troubleshooting a failed upgrade. The Upgrade Assistant's log files can become very large if -logLevel TRACE is used.
-logDir location	Optional	Sets the default location of upgrade log files and temporary files. You must specify an existing, writable directory where the Upgrade Assistant creates log files and temporary files. The default locations are: (UNIX) ORACLE_HOME/oracle_common/upgrade/logs ORACLE_HOME/oracle_common/upgrade/temp (Windows) ORACLE_HOME\oracle_common\upgrade\logs ORACLE_HOME\oracle_common\upgrade\temp
-help	Optional	Displays all of the command-line options.

Upgrading Oracle Access Manager Domain Component Configurations

Navigate through the screens in the Upgrade Assistant to upgrade component configurations in the WebLogic domain.

After running the Reconfiguration Wizard to reconfigure the WebLogic domain to 12c (12.2.1.3.0), you must run the Upgrade Assistant to upgrade the domain component configurations to match the updated domain configuration.

To upgrade domain component configurations with the Upgrade Assistant:

1. On the Welcome screen, review an introduction to the Upgrade Assistant and information about important pre-upgrade tasks. Click Next.

   Note:

   For more information about any Upgrade Assistant screen, click Help on the screen.
2. On the next screen:

   • Select All Configurations Used By a Domain. The screen name changes to WebLogic Components.

   • In the Domain Directory field, enter the 11.1.2.3.0 domain directory path.

   Click Next.

3. On the Component List screen, verify that the list includes all the components for which you want to upgrade configurations and click Next.
   If you do not see the components you want to upgrade, click Back to go to the previous screen and specify a different domain.
4. On the Prerequisites screen, acknowledge that the prerequisites have been met by selecting all the check boxes. Click Next.

   Note:

   The Upgrade Assistant does not verify whether the prerequisites have been met.
5. On the Examine screen, review the status of the Upgrade Assistant as it examines each component, verifying that the component configuration is ready for upgrade. If the status is Examine finished, click Next.
   If the examine phase fails, Oracle recommends that you cancel the upgrade by clicking No in the Examination Failure dialog. Click View Log to see what caused the error and refer to Troubleshooting Your Upgrade in Upgrading with the Upgrade Assistant for information on resolving common upgrade errors.

   Note:

   • If you resolve any issues detected during the examine phase without proceeding with the upgrade, you can start the Upgrade Assistant again without restoring from backup. However, if you proceed by clicking Yes in the Examination Failure dialog box, you need to restore your pre-upgrade environment from backup before starting the Upgrade Assistant again.

   • Canceling the examination process has no effect on the configuration data; the only consequence is that the information the Upgrade Assistant has collected must be collected again in a future upgrade session.

6. On the Upgrade Summary screen, review the summary of the options you have selected for component configuration upgrade.
   The response file collects and stores all the information that you have entered, and enables you to perform a silent upgrade at a later time. The silent upgrade performs exactly the same function that the Upgrade Assistant performs, but you do not have to manually enter the data again. If you want to save these options to a response file, click Save Response File and provide the location and name of the response file.
   Click Upgrade to start the upgrade process.
7. On the Upgrade Progress screen, monitor the status of the upgrade.

   Caution:

   Allow the Upgrade Assistant enough time to perform the upgrade. Do not cancel the upgrade operation unless absolutely necessary. Doing so may result in an unstable environment.
   If any components are not upgraded successfully, refer to the Upgrade Assistant log files for more information.

   Upgrade Assistant log files location:

   • (UNIX) ORACLE_HOME/oracle_common/upgrade/logs/ua<timestamp>.log
   • (Windows) ORACLE_HOME\oracle_common\upgrade\logs\ua<timestamp>.log

   Note:

   The progress bar on this screen displays the progress of the current upgrade procedure. It does not indicate the time remaining for the upgrade.

   Click Next.

8. If the upgrade is successful: On the Upgrade Success screen, click Close to complete the upgrade and close the wizard. The Post-Upgrade Actions window describes the manual tasks you must perform to make components functional in the new installation. This window appears only if a component has post-upgrade steps.
   If the upgrade fails: On the Upgrade Failure screen, click View Log to view and troubleshoot the errors. The logs are available at ORACLE_HOME/oracle_common/upgrade/logs.

   Note:

   If the upgrade fails you must restore your pre-upgrade environment from backup, fix the issues, then restart the Upgrade Assistant.

Removing Oracle Mobile Security Manager Servers From the Domain

Remove the Oracle Mobile Security Manager (MSM) servers from the upgraded domain, as they are not supported in 12c (12.2.1.3.0).

To do this, complete the following steps

1. Go to the location DOMAIN_HOME/servers.
2. Run the following command to remove the Oracle Mobile Security Manager server(s):
   rm MSM_Server
   In the above command, MSM_Server is the name of the Oracle Mobile Security Manager (MSM) server.
   For example:
   rm wls_msm1
3. Repeat the step for all of the Oracle Mobile Security Manager servers in the domain.
4. Post upgrade and after the OAM Admin Server is running, complete the following:
   1. Log in to the WLS Console.
   2. Under Server, check for MSM and MSAS Servers.
   3. If present, delete the server entries.

Starting the Servers on OAMHOST1 and OAMHOST2

After you upgrade Oracle Access Manager on both OAMHOST1 and OAMHOST2, start the servers.

You must start the servers in the following order:

1. Start the Node Manager on both OAMHOST1 and OAMHOST2.

2. Start the Administration Server on OAMHOST1.

3. Start the Oracle Access Manager Managed Servers on OAMHOST1.

4. Start the Oracle Access Manager Managed Servers on OAMHOST2.

• Starting Servers and Processes
  After a successful upgrade, start all processes and servers, including the Administration Server and any Managed Servers.
• Configuring Oracle HTTP Servers to Front End OIM, and SOA Managed Servers
  
• Verifying the Domain-Specific-Component Configurations Upgrade
  To verify that the domain-specific-component configurations upgrade was successful, sign in to the Administration console and the Oracle Enterprise Manager Fusion Middleware Control and verify that the version numbers for each component is 12.2.1.3.0.

Starting Servers and Processes

After a successful upgrade, start all processes and servers, including the Administration Server and any Managed Servers.

The components may be dependent on each other so they must be started in the correct order.

Note:

The procedures in this section describe how to start servers and process using the WLST command line or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager in Administering Oracle Fusion Middleware.

To start your Fusion Middleware environment, follow the steps below.

Step 1: Start Node Manager

Start the Node Manager in the Administration Server domain home.

Go to the WLS_HOME/server/bin directory and run the following command:

Where, WLS_HOME is the top-level directory for the WebLogic Server installation.

• (UNIX) nohup ./startNodeManager.sh > DOMAIN_HOME/nodemanager/nodemanager.out 2>&1 &

• (Windows) nohup .\startNodeManager.sh > DOMAIN_HOME\nodemanager\nodemanager.out 2>&1 &

Where, DOMAIN_HOME is the Administration server domain home.

Step 2: Start the Administration Server

When you start the Administration Server, you also start the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

Method 1: To start a Administration Server, run the following command:

nohup DOMAIN_HOME/bin/startWeblogic.sh &

Method 2: To start a Administration Server by using node manager, run the following commands:

cd ORACLE_COMMON_HOME/common/bin
./wlst.sh
wlst offline> nmConnect('nodemanager_username','nodemanager_password',
                    'ADMINVHN','5556','domain_name',
                   'DOMAIN_HOME')
nmStart('AdminServer')

Step 3: Start the Managed Servers

Note:

In an HA environment, it is preferred to use the console or node manager to start servers.

Start a WebLogic Server Managed Server by using the Weblogic Console:

• Log into Weblogic console as a weblogic Admin.
• Go to Servers > Control tab.
• Select the required managed server.
• Click Start.

Configuring Oracle HTTP Servers to Front End OIM, and SOA Managed Servers

Complete the following steps:

1. On each of the web servers on WEBHOST1 and WEBHOST2, create a file named mod_wls_ohs.conf in the directory OHS_DOMAIN_HOME/config/fmwconfig/components/OHS/instances/OHS_INSTANCE_NAME.

   This file must contain the following information:

   # oam admin console(idmshell based)
      <Location /admin>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
      </Location>
    
   # oam self and advanced admin webapp consoles(canonic webapp)
    
     <Location /oam>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
      </Location>
   
     <Location /identity>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid 
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
       </Location>
   
     <Location /sysadmin>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
       </Location>
   
   # SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
     <Location /sodcheck>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster soavhn1.example.com:7003,soavhn2.example.com:7003
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
      </Location>
   
   # Callback webservice for SOA. SOA calls this when a request is approved/rejected
   # Provide the oam Managed Server Port
     <Location /workflowservice>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
   
   # xlWebApp - Legacy 9.x webapp (struts based)
      <Location /xlWebApp>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
   
   # Nexaweb WebApp - used for workflow designer and DM
     <Location /Nexaweb>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
   
   # used for FA Callback service.
     <Location /callbackResponseService>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
   
   # spml xsd profile
     <Location /spml-xsd>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
   
     <Location /HTTPClnt>
       SetHandler weblogic-handler
       WLCookieName    oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
    
   
     <Location /reqsvc>
       SetHandler weblogic-handler
       WLCookieName oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
    
    
     <Location /integration>
       SetHandler weblogic-handler
       WLCookieName oamjsessionid
       WebLogicCluster soavhn1.example.com:7003,soavhn2.example.com:7003
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
   
    
     <Location /provisioning-callback>
       SetHandler weblogic-handler
       WLCookieName oamjsessionid
       WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
       WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
       WLProxySSL ON
       WLProxySSLPassThrough ON
     </Location>
    
     <Location /CertificationCallbackService>
      SetHandler weblogic-handler
      WLCookieName JSESSIONID
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oam_component.log"
      WLProxySSL ON
      WLProxySSLPassThrough ON
    </Location>
   
     <Location /ucs>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster soavhn1.example.com:7003,soavhn2.example.com:7003
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON
     </Location>
   
     <Location /FacadeWebApp>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON
     </Location>
   
     <Location /iam/governance/configmgmt>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON
     </Location>
   
     <Location /iam/governance/scim/v1>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON>
     </Location>
   
     <Location /iam/governance/token/api/v1>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON
     </Location>
   
     <Location /OIGUI>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON
     </Location>
   
     <Location /iam/governance/applicationmanagement>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON
     </Location>
   
     <Location /iam/governance/adminservice/api/v1>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON
     </Location>
   
     <Location /iam/governance/selfservice/api/v1>
      SetHandler weblogic-handler
      WLCookieName oamjsessionid
      WebLogicCluster oamvhn1.example.com:14000,oamvhn2.example.com:14000
      WLLogFile /tmp/web_log.log
      WLProxySSL ON
      WLProxySSLPassThrough ON
     </Location>

2. Save the file on both WEBHOST1 and WEBHOST2.
3. Stop and start the Oracle HTTP Server instances on both WEBHOST1 and WEBHOST2.
4. Start system components, such as Oracle HTTP Server by using the startComponent script:
   • (UNIX) OHS_INSTANCE_HOME/bin/startComponent.sh ohs1
   • (Windows) OHS_INSTANCE_HOME\bin\startComponent.sh ohs1

   You can start system components in any order.

Verifying the Domain-Specific-Component Configurations Upgrade

To verify that the domain-specific-component configurations upgrade was successful, sign in to the Administration console and the Oracle Enterprise Manager Fusion Middleware Control and verify that the version numbers for each component is 12.2.1.3.0.

To sign in to the Administration Console, go to: http://administration_server_host:administration_server_port/console

To sign in to the Administration Console in an EDG deployment, see Validating the Virtual Server Configuration and Access to the Consoles.

To sign in to Oracle Enterprise Manager Fusion Middleware Control Console, go to: http://administration_server_host:administration_server_port/em

Note:

• After upgrade, ensure you run the administration tools from the new 12c Oracle home directory and not from the previous Oracle home directory.
• During the upgrade process, some OWSM documents, including policy sets and predefined documents such as policies and assertion templates, may need to be upgraded. If a policy set or a predefined document is upgraded, its version number is incremented by 1.
• In the site-specific configuration, the WebLogic and EM consoles must be accessible with the URLs either directly or through proxy URLs.

Performing Post-Upgrade Tasks

After performing the upgrade of Oracle Access Manager to 12c (12.2.1.3), you should complete the tasks summarized in this section, if required.

This section includes the following tasks:

• WebGates Configuration Fails during Authentication
  WebGates configured with the hmacEnabled=true in environments where globalHMACEnabled is not set to true fails during authentication.
• Updating the java.security File
  If you have multiple components of Oracle Identity and Access Management (Oracle Access Manager, Oracle Identity Manager, WebGates and so on) deployed, until you upgrade all of the components to 12c (12.2.1.3.0), you must update the java.security file with the changes described in this section.

WebGates Configuration Fails during Authentication

WebGates configured with the hmacEnabled=true in environments where globalHMACEnabled is not set to true fails during authentication.

To solve this issue, apply patch 12.2.1.3.181016 or later.

For more information, see Upgrading to OHS/OTD 12c WebGate.

Updating the java.security File

If you have multiple components of Oracle Identity and Access Management (Oracle Access Manager, Oracle Identity Manager, WebGates and so on) deployed, until you upgrade all of the components to 12c (12.2.1.3.0), you must update the java.security file with the changes described in this section.

To do this:

1. Open the java.security file located at JAVA_HOME/jre/lib/security/ in an editor.
2. Remove TLSv1, TLSv1.1, MD5withRSA from the following key:
   key - jdk.tls.disabledAlgorithms
3. Remove MD5 from the following key:
   key - jdk.certpath.disabledAlgorithms

For more information on possible upgrade scenarios, see Troubleshooting Security Policy Issues When Upgrading.

Performing the Post-Patch Install Steps

After completing the upgrade, you have to perform the post-patch installation steps.

The post-patch installation steps comprises the following:

• Running the Poststart Command to Confirm Successful Binary Patching
  
• Performing a Clean Restart of the Servers
  

Running the Poststart Command to Confirm Successful Binary Patching

Use the variables and the instructions in the Stack Patch Bundle README.txt file to run the poststart command for your product, as shown below:

$ ./spbat.sh -type oig -phase poststart -mw_home /<INSTALLATION_DIRECTORY>/IAM12c -spb_download_dir /<DOWNLOAD_LOCATION>/IDM_SPB_12.2.1.4.200714 -log_dir /<DOWNLOAD_LOCATION>/OIGlogs

For details, see Doc ID 2657920.1.

Performing a Clean Restart of the Servers

Restart all the servers including the Administration Server and any Managed Servers. See Starting Servers and Processes.