This document is intended for users of OIM BUNDLE PATCH 12.2.1.4.210112. It contains the following sections:
Note:
For issues documented after the release of OIM BUNDLE PATCH 12.2.1.4.210112, see My Oracle Support Document 2602696.1 at https://support.oracle.com/.
1.1 Understanding Bundle Patches
This section describes bundle patches and explains differences between bundle patches, patch set exceptions (also known as one-offs), and patch sets.
1.1.1 Stack Patch Bundle
Stack Patch Bundle deploys the IDM product and dependent FMW patches using a tool. For more information about these patches, see Quarterly Stack Patch Bundles (Doc ID 2657920.1) at https://support.oracle.com.
1.1.2 Bundle Patch
A bundle patch is an official Oracle patch for an Oracle product. In a bundle patch release string, the fifth digit indicated the bundle patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the form "YYMMDD" where:
-
YY is the last 2 digits of the year
-
MM is the numeric month (2 digits)
-
DD is the numeric day of the month (2 digits)
Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in the bundle patch have been tested and are certified to work with one another. Regression testing has also been performed to ensure backward compatibility with all Oracle Mobile Security Suite components in the bundle patch.
1.1.3 Patch Set Exception
In contrast to a bundle patch, a patch set exception addressed only one issue for a single component. Although each patch set exception was an official Oracle patch, it was not a complete product distribution and did not include packages for every component. A patch set exception included only the libraries and files that had been rebuilt to implement a specific fix for a specific component.
1.1.4 Patch Set
A patch set is a mechanism for delivering fully tested and integrated product fixes. A patch set can include new functionality. Each patch set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform. All of the fixes in a patch set are tested and certified to work with one another on the specified platforms.
1.2 Recommendations
Oracle has certified the dependent Middleware component patches for Identity Management products and recommends that you apply these certified patches. For more information about these patches, see Certification of Underlying or Shared Component Patches for Identity Management Products (Doc ID 2627261.1) at https://support.oracle.com.
1.3 Bundle Patch Requirements
You must satisfy the following requirements before applying this bundle patch:
-
Verify that you are applying this bundle patch to an Oracle Identity Governance 12.2.1.4.0 installation.
Note:
When installing OPatch, you might find that interim or one off patches have already been installed. -
Download the latest version of OPatch. The OPatch version for this bundle patch is 13.9.4.2.5. However, Oracle recommends using the latest version of OPatch to all customers. To learn more about OPatch and how to download the latest version, refer to the following:
You can access My Oracle Support at https://support.oracle.com.
-
Verify the OUI Inventory. To apply patches, OPatch requires access to a valid OUI Inventory. To verify the OUI Inventory, ensure that ORACLE_HOME/OPatch appears in your PATH for example:
export PATH=ORACLE_HOME/OPatch:$PATH
Then run the following command in OPatch inventory
opatch lsinventory
If the command returns an error or you cannot verify the OUI Inventory, contact Oracle Support. You must confirm the OUI Inventory is valid before applying this bundle patch.
-
Confirm the opatch and unzip executables exist and appear in your system PATH, as both are needed to apply this bundle patch. Execute the following commands:
which opatch which unzip
Both executables must appear in the PATH before applying this bundle patch.
-
Ensure that there are no pending JMS messages in Oracle Identity Governance server. You can monitor JMS messages with WebLogic console.
1.4 Applying the Bundle Patch to an Existing Instance
Applying OIM BUNDLE PATCH 12.2.1.4.210112 is done in the following stages:
Note:
Before performing the steps to apply the bundle patch, create a backup of the database, as stated in Prerequisites of Applying the Bundle Patch which will help you roll back to the previous release.
1.4.1 Patching the Oracle Binaries (OPatch Stage)
This section describes the process of applying the binary changes by copying files to the ORACLE_HOME directory, on which Oracle Identity Governance is installed. This step must be executed for each ORACLE_HOME in the installation topology nodes irrespective of whether Oracle Identity Governance server is being run in the node or not.
Perform the following steps to apply the bundle patch to an existing Oracle Identity Governance instance:
1.4.2 Stage 2: Filling in the patch_oim_wls.profile File
Using a text editor, edit the file patch_oim_wls.profile
located in
the directory ORACLE_HOME/idm/server/bin/ directory and change the values in the file to
match your environment. The patch_oim_wls.profile
file contains sample
values.
Table 1-1 lists the information to be entered for the patch_oim_wls.profile
file. This file is used in next stage of the bundle patch process.
Table 1-1 Parameters of the patch_oim_wls.profile File
Parameter | Description | Sample Value |
---|---|---|
ant_home |
Location of the ANT installation. It is usually under MW_HOME. |
For Linux: $MW_HOME/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/ For Windows: %MW_HOME%/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/ |
java_home |
Location of the JDK/JRE installation that is being used to run the Oracle Identity Governance domain. |
For Linux: <JAVA_HOME_PATH> consumed by $MW_HOME For Windows: <JAVA_HOME_PATH> consumed by %MW_HOME% |
mw_home |
Location of the middleware home location on which Oracle Identity Governance is installed. |
For Linux: /u01/Oracle/Middleware For Windows: C:\Oracle\MW_HOME\ |
oim_oracle_home |
Location of the Oracle Identity Governance installation. |
For Linux: $MW_HOME/idm For Windows: %MW_HOME%\idm |
soa_home |
Location of the SOA installation. |
For Linux: $MW_HOME/soa For Windows: %MW_HOME%\soa |
weblogic.server.dir |
Directory on which WebLogic server is installed. |
For Linux: $MW_HOME/wlserver For Windows: %MW_HOME%\wlserver |
domain_home |
Location of the domain home on which Oracle Identity Governance is installed. |
$MW_HOME/user_projects/domains/base_domain |
weblogic_user |
Domain administrator user name. Normally it is weblogic, but could be different as well. |
weblogic |
weblogic_password |
Domain admin user's password. If this line is commented out, then password will be prompted. |
NA |
soa_host |
Listen address of the SOA Managed Server, or the hostname on which the SOA Managed Server is listening. Note: If the SOA Managed Server is configured to use a virtual IP address, then the virtual host name must be supplied. |
oimhost.example.com |
soa_port |
Listen port of the SOA Managed Server, or SOA Managed Server port number. |
8001 Only Non-SSL Listen port must be provided. |
operationsDB.user |
Oracle Identity Governance database schema user. |
DEV_OIM |
OIM.DBPassword |
Oracle Identity Governance database schema password. If this line is commented out, then the password will be prompted when the script is executed. |
NA |
operationsDB.host |
Host name of the Oracle Identity Governance database. |
oimdbhost.example.com |
operationsDB.serviceName |
Database service name of the Oracle Identity Governance schema/database. This is not the hostname and it can be a different value as well. |
oimdb.example.com |
operationsDB.port |
Database listener port number for the Oracle Identity Governance database. |
1521 |
mdsDB.user |
MDS schema user |
DEV_MDS |
mdsDB.password |
MDS schema password. If this line is commented out, then password will be prompted. |
NA |
mdsDB.host |
MDS database host name |
oimdbhost.example.com |
mdsDB.port |
MDS database/Listen port |
1521 |
mdsDB.serviceName |
MDS database service name |
oimdb.example.com |
oim_username |
Oracle Identity Governance username. |
System administrator username |
oim_password |
Oracle Identity Governance password. This is optional. If this is commented out, then you will be prompted for the password when the script is executed. |
NA |
oim_serverurl |
URL to navigate to Oracle Identity Governance. |
t3://oimhost.example.com:14000 |
wls_serverurl |
URL to navigate to WLS Console |
t3://wlshost.example.com:7001 |
opss_customizations_present=false |
Enables customizations related to authorization or custom task flow. Set this value to true to enable customization. |
true |
Note:
Updated the parameter value as per the setup used and then execute thepatch_oim_wls.sh
file.
1.4.3 Stage 3: Patching the Oracle Identity Governance Managed Servers (patch_oim_wls Stage)
Patching the Oracle Identity Governance managed servers is the process of copying the staged files in the previous steps (stage 1) to the correct locations, and running SQL scripts and importing event handlers and deploying SOA composite. For making MBean calls, the script automatically starts the Oracle Identity Governance Managed Server and SOA Managed Server specified in the patch_oim_wls.profile file.
This step is performed by running patch_oim_wls.sh (on UNIX) and patch_oim_wls.bat (on Microsoft Windows) script by using the inputs provided in the patch_oim_wls.profile file. As prerequisites, the WebLogic Admin Server, SOA Managed Servers, and Oracle Identity Governance Managed Server must be running.
To patch Oracle Identity Governance Managed Servers on WebLogic:
1.4.4 Understanding the Process Sequence With an Example
1.5 Removing the Bundle Patch
Note:
For clustered installations, perform steps 1 through 3 on all nodes in the cluster.
1.6 Applying the Bundle Patch to a New Instance
Perform the following steps to apply the bundle patch to a new instance:
1.6.1 Installing a New Oracle Identity Governance Instance with OIM BUNDLE PATCH 12.2.1.4.210112
You can install a new Oracle Identity Governance instance with the bundle patch in any one of the following ways:
1.6.1.1 Using the Quickstart Installer
Note:
For clustered deployments, perform the steps provided in this section on each node in the cluster.1.6.1.2 Using the Generic Installer
Note:
For clustered deployments, perform the steps provided in this section on each node in the cluster.1.6.2 Updating Oracle Identity Governance Web Applications
The procedure described in this section is applicable only when installing bundle patches for Oracle Identity Governance and not for installing patch set updates.
For updating your web applications on Oracle WebLogic Server:
- Stop Oracle Identity Governance Managed Server.
- Login to WebLogic Administrative Console.
- Click Lock & Edit.
- Go to Deployments.
- Select the oracle.iam.ui.view and oracle.iam.ui.model app, and click Update. Complete the steps of the wizard by clicking Next. Do not change anything.
- Click Apply Changes.
- Start Oracle Identity Governance Managed Server.
1.6.3 Prerequisites of Applying the Bundle Patch
Before applying the bundle patch, perform the following prerequisites:
-
This patch process makes changes to Oracle Identity Governance database schema (such as adding/modifying data), Oracle Identity Governance Meta Data Store (MDS) database schema (such as adding/modifying data), domain configuration changes, and other binary changes in the file system under ORACLE_HOME on which Oracle Identity Governance is installed. It is mandatory to create a backup of the following:
-
Oracle Identity Governance, MDS, and Service-Oriented Architecture (SOA) database schemas. For example, the database schema can be DEV_OIM, DEV_MDS schemas used by Oracle Identity Governance. Simple export of the schemas is sufficient.
-
The ORACLE_HOME directory on which Oracle Identity Governance is installed, for example, /u01/Oracle/Middleware.
-
Oracle Identity Governance WebLogic Domain location, for example, /u01/Oracle/Middleware/user_projects/domains/IAMGovernanceDomain/.
-
The UNIX user applying opatch must have read, write, and execute permissions on both ORACLE_HOME as well as WEBLOGIC_DOMAIN_HOME. You can verify this manually in the file system for DOMAIN_HOME and ORACLE_HOME.
-
-
If you have customized the event handler file metadata/iam-features-configservice/event-definition/EventHandlers.xml in your setup, then perform the following steps to ensure that the upgrade does not override any customization done to this file:
-
Export the metadata/iam-features-configservice/event-definition/EventHandlers.xml file from MDS, and create a backup of this file.
-
After upgrading and running all the post install steps, export the new metadata/iam-features-configservice/event-definition/EventHandlers.xml file, merge your customization to this new file, and import it back to MDS.
Note:
For more information on MDS Utilities, see MDS Utilities and User Modifiable Metadata Files.
-
1.7 Changes in Track Request Functionality
Track Request functionality will change after this Bundle Patch is applied.
When a user performs a search in Self Service tab, Track Requests page, and in the search result table, applies Show list option as For Reportees, all the requests raised by or for the logged in user and user's direct and indirect reportee are displayed.
Note:
- The Organization Name field works only with the For Reportees feature.
- While using the Organization Name search criteria, at least one direct reportee should be associated with the organization. See Errors Related to the For Reportees Feature for the error message that is displayed when an organization name outside the reportee's organization is entered.
- Only two levels of reportees are considered, direct reportees and their immediate reportees
- The total number of direct reportees and indirect reportees must not exceed 1000. See Errors Related to the For Reportees Feature for the error message that is displayed if the number of direct reportees and indirect reportees are more than 1000.
1.8 Access Policy Harvesting to Enable Account Data Update
As a fix for bug# 30978612 in the bundle patch, the new
XL.APHarvesting.AllowAccountDataUpdate
system property is available
to update the account data with the policy defaults for the accounts linked to the
access policies. This system property has the following details:
Name: XL.APHarvesting.AllowAccountDataUpdate
Keyword: XL.APHarvesting.AllowAccountDataUpdate
Default value: FALSE
When this system property is set to TRUE, the account data is updated with the policy defaults for the accounts linked to access policy. If set to FALSE or if the system property does not exist, the account data is not updated.
To enable updating the account data with the policy defaults for the accounts
linked to the access policies, set the values of the
XL.APHarvesting.AllowAccountDataUpdate
,
XL.AllowAPHarvesting
, XL.APHarvestRequestAccount
,
XL.APHarvestDirectProvisionAccount
, and
XL.AllowAPBasedMultipleAccountProvisioning
system properties to
TRUE
.
1.9 Bulk Load Utility for Loading Accounts
With the fix for bug# 30145982 in the bundle patch, the Bulk Load Utility for loading account data asks for the following input:
Note:
Running the Bulk Load Utility for account data has the following requirements:
- Oracle Identity Governance server is running.
- The
MW_HOME
andOIM_ORACLE_HOME
paths must be accessible although they are running on different hosts.
1.10 Steps to Map the Role and employeeType Attributes
If the bundle patch is applied after the OAM-OIG integration, then for the bug fix
31162758 to work, perform the following steps to map the Role
attribute
to the employeeType
attribute:
- Login to Oracle Identity Self Service.
- Click the Manage tab, and then click the Applications box to open the Applications page.
- Search for SSOTrusted-for-SSOTargetApp and open it.
- Click the Schema tab.
- Map
Role
toemployeeType
. - Save the changes.
If the bundle patch is applied to OIG before the integration with OAM, then the manual mapping of the attributes are not required.
1.11 SSO Full User Reconciliation
For the bug fix 31605187 to work:
-
If the bundle patch is applied after SSO integration, then the job parameter Incremental Recon Attribute value must be provided manually for the latest token value to get updated.
-
If the bundle patch is applied before SSO integration, then manual steps are not required.
1.12.1 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210112
Applying the bundle patch resolves the issues described in Table 1-2.
Table 1-2 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210112
Bug Number | Description |
---|---|
25790911 | JAVA SCHEDULERSERVICE:GETLASTHISTORYOFJOB API CAUSING OUT OF SEQUENCE ISSUES WITH RAC DB |
27511207 | ACCOUNT END-DATE IS NOT CLEARED POST ENABLING THE ACCOUNT |
28025965 | LIBRARIES (.JAR)FOR MANAGED BEANS AND TASK FLOWS ARE MISSING IN 12C |
28361656 | EMPEMPLOYMENT.STARTDATE INVALIDDATAFORMATEXCEPTION |
28374155 | 12C SCIM API RETURNS ITEMSPERPAGE INSTEAD OF TOTALRESULTS |
29945486 | CONTINUATION OF BUG 29635993 - EXCESSIVE TIME ON CALLS TO /IDENTITY CONTEXT |
30446841 | IDENTITY AUDIT RULES CONTAINING SPECIAL CHARACTERS DO NOT RAISE POLICY VIOLATION |
30484714 | REFRESHROW ISSUE WITH OJDBC8 |
30587375 | DEADLOCK CAUSING STUCK THREADS |
30808736 | RECONCILIATION OF A USER STATUS FROM ACTIVE DIRECTORY DOES NOT SET OBUSERACCOUNTCONTROL IN LDAP |
30835811 | APPROVAL CHILD TASKS STATUS DOES NOT SHOW WITH BROWSER IN ITALIAN LANGUAGE |
30883086 | UNSUPPORTEDOPERATIONEXCEPTION ON MODIFYING USER WHEN USING UDF NUMBER IN ROLE MEMBERSHIP RULE |
30932205 | OIM REQUEST FAILED WITH MESSAGE IAM-2050126 : INVALID OUTCOME COM.ORACLE.BPEL.CLIENT.BPELFAULT |
30992823 | Fix for Bug 30992823 |
31161987 | PASSWORD RESET IN MYINFORMATION SUBMIT BUTTON |
31373822 | NEED SPECIAL HANDLING OF INT ON FORM WHEN NO VALUE PASSED |
31420786 | ACCESS POLICY DOES NOT REMOVE ENTITLEMENT WHEN 2 CHILDFORMS ARE UPDATED TOGETHER |
31530459 | IPV6: PURGECACHE UTILITY IS NOT WORKING WITH IPV6 ENABLED SETUP |
31637673 | VIEW FORM OR EDIT FORM IS BLANK FROM OPEN TASKS PAGE |
31645106 | HARVESTED ENTS INCLUDED WHEN ENTITLEMENTS PROVISIONED BY AP UNCHECKED |
31668539 | EVALUATE USER ACCESS POLICY JOB STUCK AND CAUSING OIM SERVER TO GO INTO WARNING |
31678727 | OAM OIM 12CPS3 USER IS SHOWING STATUS AS UNLOCKED IN OIM CONSOLE EVEN IT IS LOCKED |
31755105 | LOCKED USER UNABLE TO USE 'FORGOT PASSWORD' OPTION |
32102761 | PRE UPGARDE REPORT FAILS IF STAGING-MODE IS EMPTY |
32103803 | UPGRADE WITH REMOVED ITR PASSWORDS LEAD TO POST CREATE EVENT HANDLER KEEPS TRIGGERING |
1.12.2 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.201011
Applying this bundle patch resolves the issues described in Table 1-3.
Table 1-3 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.201011
Bug Number | Description |
---|---|
26308544 | DELETED ENTITLEMENTS IN ACCESS POLICY ARE NOT REMOVED IN TARGET APPLICATION |
29404814 | CERTIFYING 20K USERS WITH 20K ACCOUNTS AND 100K ENTITLEMENTS FAILS IN SELF-SERVICE |
29603087 | SELF REGISTRATION DOES NOT TRIGGER ROLE MEMEBERSHIP |
30062969 | TRUSTED RECON OF MANAGER DOES NOT PROPAGATE TO SSOTARGET |
30145982 | 12C ACCOUNTS BULK LOAD TO AOB APPINST FAILS: "ONE OR
MORE INPUT REQUIRED PARAM.
Note: See Bulk Load Utility for Loading Accounts for information about the input required for loading account data by using the Bulk Load Utility. |
30202020 | [ROLECERT]: NO CERTIFICATION TASK CREATED FOR PROXY USER'S MANAGER |
30239831 | CONT: ADAPTER FACTORY GENERATING INVALID JAVA CODE. |
30414695 | ISSUE WITH OFFLINE CERTIFICATION COMMENTS FIELD LENGTH WHEN UPDATING FROM EXCEL |
30500178 | XL.CATALOGSEARCHRESULTCAP NOT ONLY AFFECT THE UI BUT ALSO INTERNAL PROCESSING |
30546975 | WHILE WITHDRAWING A REQUEST, THE CONFIRMATION BOX IS APPEARING WITH A BIG DIALOG |
30716490 | UNABLE TO PROCESS BATCH UPDATE IF ANY SSOTARGET IN PROVISIONING STATUS FOR USER |
30717640 | RULEENGINEEXCEPTION: INVALID RULE EXPRESSION - NOT_IN |
30717793 | CLONED DISCONNECTED PROVISIONING COMPOSITE FAILS AT ASSIGNREQUESTINPUT STAGE |
30738489 | REQUESTS/PENDING REQUESTS GET ERROR IF SECOND MANAGER IS DISABLED |
30838859 | [ROLECERT]: FUTURE STARTING PROXY USER RECEIVES CERTIFICATION |
30865103 | DELETE TASK NOT TRIGGERED ON ATTRIBUTE SET AS NOT ENTITLEMENT IN CHILD FORM |
30865689 | ISSUE AUDIT MESSAGES JOB DOES NOT PROCESS AUD_JMS - ORA-01403: NO DATA FOUND |
30866653 | ACCESS DENIED ERROR WHEN CALLING CREATEITRESOURCEINSTANCE FROM SCHEDULED TASK |
30893984 | APPLICATION INSTANCE SORT ORDER IN USER CERTIFICATION NOT ALPHABETICAL |
30910129 | DUPLICATE ACCESS POLICY NAME ERROR NOT CLEAR |
30925400 | CRYPTIC ERROR MESSAGE WHEN REQUEST FAILS |
30930007 | EXPERIENCING VERY SLOW PERFORMANCE WHEN SCANNING SOD POLICIES WITH 4.5K RULES. |
30942250 | CREATE ADMIN ROLE THROWS: JBO-29000: UNEXPECTED EXCEPTION CAUGHT: JAVA.LANG.NULLPOINTEREXCEPTION |
30977436 | USER ASSIGNED TO A ROLE WITH THE "+" CHAR IN THE NAME CAN'T ACCESS WORKLISTAPP |
30978612 | AP HARVESTING SYNC ATTRIBUTES/ENTITLEMENTS TO MATCH
WITH THE ACCESS POLICY
Note: See Access Policy Harvesting to Enable Account Data Update for information about the XL.APHarvesting.AllowAccountDataUpdate system property for enabling account data update. |
31057153 | OIM 12C SSOTARGET APPLICATION PROFILE MODIFY NOT TAKING PATH IN LDAPCONTAINERRULES |
31111401 | ADMIN ROLE: JUMPING FROM SUMMARY PAGE BACK TO FIRST PAGE RESULTS IN LOST DATA |
31114189 | INTEGER FIELDS WITH NO VALUE DEFAULTING TO 0 FOR APPS CREATED USING AOB |
31162758 | OIM 12C SSO USER TARGET RECON OVERWRITING ROLE VALUE
SAVED ON OIM USER WITH DEFAULT VALUE
Note: See Steps to Map the Role and employeeType Attributes for information about the manual steps required for the bug fix to work. |
31177214 | UNABLE TO ADD EMPLOYEE TYPE AS DISPLAY DATA IN THE INFORMATION WINDOW |
31180365 | UPGRADE FROM 11.1.2.3 TO 12.2.1.3: STRINGINDEXOUTOFBOUNDSEXCEPTION: STRING INDEX OUT OF RANGE: -19 |
31193971 | ENTITLEMENT CERTIFICATIONS ARE NOT GETTING GENERATED FOR SOME OF THE CERTIFIERS. |
31202544 | NON REQUESTABLE ROLES INCONSISTENT BEHAVIOR IN CERT DEFN "CONTENT SELECTION" |
31254720 | DIAG: POOR LOGGING IN OIMDATAPROVIDER |
31292576 | PASSWORD CHANGE FLOW ISSUES AFTER FIX 30809484 |
31316925 | ENT CERT SHOULD BE CREATED FOR CERTIFIER FOR REMAING ENT WHICH ARE CORRECT |
31351771 | INCONSISTENT VALUES IN THE REQUEST STATUS FILTER FROM TRACK REQUESTS PAGE |
31375771 | SSO TARGET APPLICATION FAILS TO GET PROVISIONED WITH MANAGER ATTRIBUTE. |
31434988 | ENT_ASSIGN_HIST DOESN'T SAY IF THE ENTITLEMENT WAS PROVISIONED OR INPROGRESS |
31464420 | DISABLE USER TASK IS GETTING TRIGGERED FOR PROVISIONING ACCOUNTS |
31555186 | CERTIFY OIM OAM INTEGRATION ON SOLARIS |
31605168 | INTEROP: UPDATING ROLE NAME IN TARGET LDAP AND
RECONCILE DID NOT UPDATE THE ENTILEMENTS IN INTEROP ENV
Note: See Revoking Membership Does Not Work for the known issue about the bug fix. |
31605187 | INTEROP:SSO FULL USER RECON DID NOT UPDATE WITH LAST
TOKEN VALUE
Note: See SSO Full User Reconciliation for the manual steps required for the bug fix to work. |
31670117 | INTEROP: ERROR COMING ON MODIFYING ROLE IN INTEROP AD ENVIRONMENT |
1.12.3 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200624
Applying this bundle patch resolves the issues described in Table 1-4.
Table 1-4 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200624
Bug Number | Description |
---|---|
29055661 | PASSWORD POLICY DOES NOT MATCH BETWEEN OIM AND AD CAUSING ISSUES DURING PASSWORD SYNC |
30007378 | REASSIGN THE REVIEWER ON CERTIFICATION FAILED ON PREVENTING SELF CERTIFICATION |
30097140 | SLOWNESS OPENING USER DETAILS ADMIN ROLES TAB |
30153927 | APPROVAL DETAILS INCORRECT AFTER REVOKING ROLE BY XELSYSADMIN AND ANOTHER USER |
30216857 | SETCHALLENGERESPONSESFORLOGGEDINUSER - CHALLENGE QUESTIONS PROVIDED ARE NOT DEFI |
30343249 | WHILE DELETING ORGANIZATION USERS REMAIN IN ACTIVE STATE |
30343784 | ACCESS POLICY NOT REVOKING ENTITLEMENTS ON ALREADY DISABLED USERS |
30376706 | ROLEMANAGER GRANTROLE SQLEXCEPTION: EXCEEDED MAXIMUM VARRAY LIMIT |
30391615 | ROLE WITH RULE FOR DATE FIELD IS NOT ASSIGNED TO USER |
30420218 | OIM/OAM INTEGRATION USER SESSION LOST AFTER ANY USER DATA EDITED |
30439939 | AP HARVESTING DOES NOT WORK FOR RESROUCES WITH MULTIPLE PROVISIONING WORKFLOWS |
30506899 | DELETE RECONCILIATION LEAVES PROVISIONING OPEN TASKS IN LIMBO STATE. |
30517366 | DELEGATE THE REVIEWER ON CERTIFICATION FAILED ON PREVENTING SELF CERTIFICATION |
30757297 | DISCONNECTED APPLICATION NOT TRIGGERING UPDATE TASK ON CHILD FORM |
30788834 | DIAG: NEED SOME TRACE LOGGING IN THE SCIM FUNTIONALITY |
30896936 | PUMA: CUSTOM MESSAGE NOT DISPLAYED WHEN COMPLETING MANUAL TASK |
31184149 | PERFORMANCE ISSUE IN OIMDATAPROVIDER.GETARRAYFORHIERAR |
31477738 | UNABLE TO CREATE RULE MEMBERSHIP WITH DATE DATA TYPE |
1.12.4 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200505
Applying this bundle patch resolves the issues described in Table 1-5.
Table 1-5 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200505
Bug Number | Description |
---|---|
27074256 | OIM-OAM-OID: SSO USER FULL RECONCILIATION DO NOT DELETE USER |
27216374 | OIM-OAM-AD: SSO GROUP HIERARCHY SYNC FULL RECON DO NOT WORK |
30257502 | USER SESSION IS NOT TERMINATED IN UPGRADED 12CPS4 ENV |
30327749 | ROLES CREATED IN OIM ARE SHOWN AS ENTITLEMENT IN CATALOG SEARCH |
30330170 | LDAP USER DELETE RECON JOB NOT AVAILABLE |
30330745 | ISSUE WITH USER-ROLE MEMBERSHIP RECON |
30354276 | REMOVE LDAPSYNC RELATED JOBS IN CONNECTOR BASED 12CPS4 OAM-OIG ENV |
30555995 | SSOTARGET AND SSOTRUSTED-FOR-SSOTARGET SHOULD NOT BE AVAILABLE FOR OTHER OIM OPERATIONS SUCH AS REQUEST |
30654239 | USER NOT SEEN IN USER CONTAINER AFTER APPROVING THE USER REG REQUEST IN ROLLING UPG ENV(11G-12CPS3-12CPS4)) |
30654620 | USER NOT SHOWN AS LOCKED IN OIM AFTER PROVIDING WRONG PASSWORDS IN ROLLING UPG ENV(11G-12CPS3-12CPS4) |
30654852 | ROLE CREATED IN OIM IS NOT SEEN IN LDAP IN ROLLING UPG ENV(11G-12CPS3-12CPS4) |
30655208 | ROLE CREATED IN OUD IS NOT SEEN IN OIM IN ROLLING UPG ENV (11G-12CPS3-12CPS4) |
30655442 | SESSION TERMINATION FAILING IN ROLLING UPG ENV (11G-12CPS3-12CPS4) |
30655935 | ROLLING UPG(11G-12CPS3-12CPS4): SSOTARGET APP INSTANCE DOES NOT HAVE ANY ENTITLEMENTS IN 12CPS4 |
30855442 | NOT ABLE TO ADD MEMBER IN EXISTING ROLES IN AD ROLLING UPGRADE ENV (11G-12CPS3-12CPS4) |
30855747 | CAN NOT ADD ROLE HIERARCHY FOR EXISTING ROLES IN AD ROLLING UPGRADE ENV(11G-12CPS3-12CPS4) |
30855892 | CAN NOT DELETE EXISTING ROLES IN AD ROLLING UPGRADE ENV(11G-12CPS3-12CPS4) |
30857219 | SSO GROUP HIERARCHY SYNC FULL RECONCILIATION JOB AND SSO GROUP HIERARCHY SYNC INCREMENTAL RECONCILIATION JOB FAILING IN AD ROLLING UPGRADE ENV |
30864002 | EXECUTION OF SSO GROUP HIERARCHY SYNC FULL RECONCILIATION IS SHOWN AS FAILED IN OUD BASED ROLLING UPGRADE ENV |
30864119 | EXECUTION OF SSO GROUP MEMBERSHIP FULL RECONCILIATION IS SHOWN AS FAILED IN OUD BASED ROLLING UPGRADE ENV |
30868468 | MODIFICATIONS TO NEWLY CREATED USER IS FAILING IN AD ROLLING UPGRADE ENV |
31190098 | INTEROP OIM_OAM_OUD IS BROKEN AFTER APPLYING PATCH 31178096 |
31198576 | TC_CB_SAFE_BUG20134996_DIFFCASEINGROUPLOOKUP_XELSYSADM.DIF IN LRG_OIM_12CPS4_DB_CUSTOMER_1 TOPO |
1.12.5 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200206
Applying this bundle patch resolves the issues described in Table 1-6.
Table 1-6 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200206
Bug Number | Description |
---|---|
29942217 | IMPLEMENT BLIND/FILTERED SEARCH "FOR A REPORTEE" FOR A MANAGER |
29972923 | STEPS TO ROLLBACK AUTOCOMMITED DDL OPERATIONS IN DB |
30325576 | PARTIAL FIX FOR BUG 28777983 |
30680152 | ORGANIZATION SEARCH IN TRACK REQUESTS PAGE: ALL REQUESTS NOT DISPLAYED FOR ORGANIZATION NAME SEARCH IF NUMBER OF REQUESTS GREATER THAN 25 |
30680286 | ORGANIZATION SEARCH IN TRACK REQUESTS PAGE: DOES NOT EQUAL OPERATOR NOT WORKING AS EXPECTED |
30717520 | ORGANIZATION SEARCH IN TRACK REQUESTS PAGE: BENEFICIARY NAME NOT LISTED |
1.13 Known Issues and Workarounds
Known issues and their workarounds in Oracle Identity Governance Release 12.2.1.4.0 are described in the Oracle Identity Governance chapter of the Release Notes for Oracle Identity Management document. You can access the Release Notes document in the Oracle Identity Management Documentation library at the following URL:
https://docs.oracle.com/en/middleware/idm/suite/12.2.1.4/idmrn/index.html
Note:
Some known issues listed in the Release Notes for Oracle Identity Management may have been resolved by this Bundle Patch (OIM BUNDLE PATCH 12.2.1.4.210112). Compare the issues listed in Resolved Issues of this document when reviewing the Release Notes for Oracle Identity Management.This section describes the issues and workarounds in this BP release of Oracle Identity Governance:
1.13.1 Errors Related to the For Reportees Feature
While using the Organization Name search criteria, at least one direct reportee should be associated with the organization. When organization name outside the reportee's organization is entered, the following error message is displayed:
IAM-2053037 : An error occurred while searching for the reportees as the organization name is invalid or not associated with any reportee (This is EXPECTED). Atleast 1 direct reportee should belong to the org name being searched.
The total number of direct reportees and indirect reportees must not exceed 1000. For Reportees does not work if number of direct reportees and indirect reportees are more than 1000, and the following error message is displayed:
“IAM-2053036 : An error occurred while searching for the reportees as the reportee size exceeded the limit 1,200. Please retry with other search criteria”
1.13.2 Identity Self Service and Identity System Administration Not Accessible
After applying this bundle patch, OIG server deployments for Identity Self Service
and Identity System Administration fails with oracle.iam.ui.view
and oracle.iam.ui.model
applications.
When you apply the bundle patch and update the Oracle Identity Governance web
applications, the OIG system libraries
oracle.iam.ui.model(1.0,11.1.1.5.0)
and
oracle.iam.ui.view(11.1.1,11.1.1)
goes to the Prepared state.
The oracle.iam.console.identity.self-service.ear
and
oracle.iam.console.identity.sysadmin.ear
are referencing these
two libraries, and therefore, cause the deployment failure.
To workaround this issues, manually delete the
oracle.iam.ui.model(1.0,11.1.1.5.0)
and
oracle.iam.ui.view(11.1.1,11.1.1)
libraries from deployments, and
redeploy them in WebLogic Server Administration Console. To do so:
- In WebLogic Server Administration Console, go to Deployments, and click Lock and Edit.
- Select the oracle.iam.ui.model(1.0,11.1.1.5.0) library, and click Delete. Do the same for the oracle.iam.ui.view(11.1.1,11.1.1) library.
- Click Activate Changes.
- In Deployments, click Lock and Edit.
- Click Install, install the
oracle.iam.ui.model(1.0,11.1.1.5.0)
as a library by following all the default settings, and select the OIM cluster/server as the target. Click Finish and Save. Repeat for the same for theoracle.iam.ui.view(11.1.1,11.1.1)
library. - Click Activate Changes. The libraries are running in Active state.
- In Deployments, click Lock and Edit, and then click the Control tab.
- Select oracle.iam.console.identity.sysadmin.ear, which is in the Prepared state, and then select Start / Serving all requests.
- Select oracle.iam.console.identity.self-service.ear, which is in the Prepared state, and then select Start / Serving all requests.
- After the two applications go to the Active state, click Release configuration.
oracle.iam.console.identity.self-service.ear
and
oracle.iam.console.identity.sysadmin.ear
applications go to the
Active state, the system is up and running.
1.13.3 Revoking Membership Does Not Work
As part of the bug fix for 31605168, the entitlements are now updated with new role names, but the revoking of membership is not working.
1.13.4 Upgrade Assistant Fails With StringIndexOutOfBoundsException
Running the Upgrade Assistant for upgrading Oracle Identity Manager 11g Release 2 (11.1.2.3.0) to Oracle Identity Governance 12c (12.2.1.4) fails with the following error:
[2020-04-14T16:03:48.087-04:00] [Framework] [ERROR] [] [upgrade.Framework] [tid: XX] [ecid: XXXX] [[ java.lang.StringIndexOutOfBoundsException: String index out of range: -19 at java.lang.String.substring(String.java:1967) at oracle.iam.oimupgrade.mrua.OIMMRUA.readiness(OIMMRUA.java:345) at oracle.ias.update.plugin.Plugin.readiness(Plugin.java:595) at oracle.ias.update.plan.PlanStep.readiness(PlanStep.java:730) at oracle.ias.update.PhaseProcessor$ReadinessProcessor.runStepPhase(PhaseProcessor.java:873) at oracle.ias.update.PhaseProcessor.runStep(PhaseProcessor.java:369) at oracle.ias.update.PhaseProcessor$ExtendedRunnable.run(PhaseProcessor.java:1058) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) ]]
The issue takes place during the MDS backup. The cause of the error is the MDS JDBC URL used, which is in the form:
jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=xxxx)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=xxxx) (PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=xxxx)(FAILOVER_MODE=(TYPE=select)(METHOD=basic))))
The upgrade tool does not expect complex URLs with something before the address field.
To workaround this issue, remove (LOAD_BALANCE=ON)
from the JDBC
URL.
1.14 Related Documents
For more information, see the following resources:
-
Oracle Fusion Middleware Documentation
This contains documentation for all Oracle Fusion Middleware 12c products.
-
This site contains additional documentation that is not included as part of the documentation libraries.
1.15 Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Fusion Middleware Oracle Identity Governance Bundle Patch Readme, OIM BUNDLE PATCH 12.2.1.4.210112
F37643-01
January 2021
Copyright © 2021, Oracle and/or its affiliates.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract. The terms governing the U.S. Government’s use of Oracle cloud services are defined by the applicable contract for such services. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Inside are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Epyc, and the AMD logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.