This document is intended for users of OIM BUNDLE PATCH 14.1.2.1.250708. It contains the following sections:
1.1 Understanding Bundle Patches
This section describes Bundle Patches and explains differences between Stack Patch Bundles, Bundle Patches, interim patches (also known as one-offs) and Patch Sets.
1.1.1 Stack Patch Bundle
Stack Patch Bundle deploys the IDM product and dependent FMW patches using a tool. For more information about these patches, see Stack Patch Bundle for Oracle Identity Management Products (Doc ID 2657920.2) at https://support.oracle.com.
1.1.2 Bundle Patch
A Bundle Patch is an official Oracle patch for an Oracle product. In a Bundle Patch release string, the fifth digit indicated the Bundle Patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the "YYMMDD" format where:
-
YY is the last 2 digits of the year
-
MM is the numeric month (2 digits)
-
DD is the numeric day of the month (2 digits)
Each Bundle Patch includes the libraries and files that have been rebuilt to implement one or more fixes. All the fixes in the Bundle Patch have been tested and are certified to work with one another. Regression testing has also been performed to ensure backward compatibility with all components in the Bundle Patch.
Each Bundle Patch is cumulative: the latest Bundle Patch includes all fixes in earlier Bundle Patches for the same release and platform. Fixes delivered in Bundle Patches are rolled into the next release.
1.1.3 Interim Patch
In contrast to a Bundle Patch, an interim patch addresses only one issue for a single component. Although each interim patch is an official Oracle patch, it is not a complete product distribution and does not include packages for every component. An interim patch includes only the libraries and files that have been rebuilt to implement a specific fix for a specific component.
Interim patch is also known as, security one-off, exception release, x-fix, PSE, MLR, or hotfix.
1.1.4 Patch Set
A Patch Set is a mechanism for delivering fully tested and integrated product fixes that can be applied to installed components of the same release. Patch Sets include all fixes available in previous Bundle Patches for the release. A Patch Set can also include new functionality. Each Patch Set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform.
All fixes in the Patch Set have been tested and are certified to work with one another on the specified platforms.
1.2 Recommendations
Oracle has certified the dependent Middleware component patches for Identity Management products and recommends that you apply these certified patches. For more information about these patches, see Stack Patch Bundle for Oracle Identity Management Products (Doc ID 2657920.2) at https://support.oracle.com.
1.3 Bundle Patch Requirements
You must satisfy the following requirements before applying this Bundle Patch:
-
Verify that you are applying this Bundle Patch to an Oracle Identity Governance 14.1.2.1.0 installation.
Note:
When installing OPatch, you might find that interim or one-off patches have already been installed. -
Download the latest version of OPatch. Oracle recommends using the latest version of OPatch to all customers. To learn more about OPatch and how to download the latest version, see Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c /14c (Doc ID 1587524.1) at https://support.oracle.com.
You can access My Oracle Support at https://support.oracle.com.
-
Verify the Oracle Universal Installer (OUI) Inventory. To apply patches, OPatch requires access to a valid OUI Inventory. To verify the OUI Inventory, ensure that ORACLE_HOME/OPatch path appears in your system PATH. For example:
export PATH=$ORACLE_HOME/OPatch:$PATH
Then run the following command in OPatch inventory:
opatch lsinventory
If the command returns an error or you cannot verify the OUI Inventory, contact Oracle Support. You must confirm the OUI Inventory is valid before applying this Bundle Patch.
-
Confirm that the opatch and unzip executables exist and appear in your system PATH, as both are needed to apply this Bundle Patch. Execute the following commands:
which opatch which unzip
Both executables must appear in the environment variable PATH before applying this Bundle Patch.
-
Ensure that there are no pending JMS messages in Oracle Identity Governance server. You can monitor JMS messages with WebLogic console.
1.4 Prerequisites of Applying the Bundle Patch
Before applying the Bundle Patch, perform the following prerequisites:
-
This patch process makes changes to Oracle Identity Governance database schema (such as adding/modifying data), Oracle Identity Governance Meta Data Store (MDS) database schema (such as adding/modifying data), domain configuration changes, and other binary changes in the file system under ORACLE_HOME on which Oracle Identity Governance is installed. It is mandatory to create a backup of the following:
-
Oracle Identity Governance, MDS, and Service-Oriented Architecture (SOA) database schemas. For example, the database schema can be DEV_OIM, DEV_MDS schemas used by Oracle Identity Governance. Simple export of the schemas is sufficient.
-
The ORACLE_HOME directory on which Oracle Identity Governance is installed, for example, /u01/Oracle/Middleware.
-
Oracle Identity Governance WebLogic Domain location, for example, /u01/Oracle/Middleware/user_projects/domains/IAMGovernanceDomain/.
-
The UNIX user applying the Bundle Patch must have read, write, and execute permissions on both ORACLE_HOME as well as WebLogic DOMAIN_HOME.
-
-
If you have customized the event handler file metadata/iam-features-configservice/event-definition/EventHandlers.xml in your setup, then perform the following steps to ensure that the upgrade does not override any customization done to this file:
-
Export the metadata/iam-features-configservice/event-definition/EventHandlers.xml file from MDS and create a backup of this file.
-
After upgrading and running all the post install steps, export the new metadata/iam-features-configservice/event-definition/EventHandlers.xml file, merge your customization to this new file, and import it back to MDS.
Note:
For more information on MDS Utilities, see Deploying and Undeploying Customizations.
-
1.5 Applying the Bundle Patch to an Existing Instance
Applying OIM BUNDLE PATCH 14.1.2.1.250708 is done in the following stages:
Note:
Before performing the steps to apply the Bundle Patch, create a backup of the database, as stated in Prerequisites of Applying the Bundle Patch which will help you roll back to the previous release.
1.5.1 Understanding the Process Sequence With an Example
1.5.2 Stage 1: Patching the Oracle Binaries (OPatch Stage)
This section describes the process of applying the binary changes by copying files to the ORACLE_HOME directory, on which Oracle Identity Governance is installed. This step must be executed for each ORACLE_HOME in the installation topology nodes irrespective of whether Oracle Identity Governance server is being run in the node or not.
Perform the following steps to apply the bundle patch to an existing Oracle Identity Governance instance:
1.5.3 Stage 2: Filling in the patch_oim_wls.profile File
Using a text editor, edit the file patch_oim_wls.profile
located in the ORACLE_HOME/idm/server/bin/ directory and change the values in the file to match your environment. The patch_oim_wls.profile
file contains sample values.
Note:
For clustered and multinode installation of Oracle Identity Governance, perform the step described in this topic on the ORACLE_HOME_A directory on which Oracle Identity Governance is installed. This is because you need to run the patch_oim_wls
script from the node with WebLogic Admin Server, oim_server1, and soa_server1 installed. In the patch_oim_wls.profile
file, mention the host and port of the Oracle Identity Governance server and SOA server running on the first node. When you run the script, only WebLogic Admin Server, oim_server1, and soa_server1 should be running, and the rest of the servers can be down.
Table 1-1 lists the information to be entered for the patch_oim_wls.profile
file. This file is used in next stage of the Bundle Patch process.
Table 1-1 Parameters of the patch_oim_wls.profile File
Parameter | Description | Sample Value |
---|---|---|
ant_home |
Location of the ANT installation. It is usually under MW_HOME. |
For Linux: %MW_HOME%\oracle_common\modules\thirdparty\org.apache.ant\apache-ant For Windows: %MW_HOME%\oracle_common\modules\thirdparty\org.apache.ant\apache-ant |
java_home |
Location of the JDK/JRE installation that is being used to run the Oracle Identity Governance domain. |
For Linux: <JAVA_HOME_PATH> consumed by $MW_HOME For Windows: <JAVA_HOME_PATH> consumed by %MW_HOME% |
mw_home |
Location of the Middleware home on which Oracle Identity Governance is installed. |
For Linux: /u01/Oracle/Middleware For Windows: C:\Oracle\MW_HOME\ |
oim_oracle_home |
Location of the Oracle Identity Governance installation. |
For Linux: $MW_HOME/idm For Windows: %MW_HOME%\idm |
soa_home |
Location of the SOA installation. |
For Linux: $MW_HOME/soa For Windows: %MW_HOME%\soa |
weblogic.server.dir |
Directory on which WebLogic server is installed. |
For Linux: $MW_HOME/wlserver For Windows: %MW_HOME%\wlserver |
domain_home |
Location of the domain home on which Oracle Identity Governance is installed. |
For Linux: $MW_HOME/user_projects/domains/base_domain For Windows: %MW_HOME%\user_projects\domains\base_domain |
weblogic_user |
Domain administrator username. Normally it is "weblogic" but could be different as well. |
weblogic |
weblogic_password |
Domain admin user's password. If this line is commented out, then password will be prompted. |
NA |
soa_host |
Listen address of the SOA Managed Server, or the hostname on which the SOA Managed Server is listening. Note: If the SOA Managed Server is configured to use a virtual IP address, then the virtual hostname must be supplied. |
oimhost.example.com |
soa_port |
Listen port of the SOA Managed Server, or SOA Managed Server port number. |
8001 Only Non-SSL Listen port must be provided. |
operationsDB.user |
Oracle Identity Governance database schema user. |
DEV_OIM |
OIM.DBPassword |
Oracle Identity Governance database schema password. If this line is commented out, then the password will be prompted when the script is executed. |
NA |
operationsDB.host |
Hostname of the Oracle Identity Governance database. |
oimdbhost.example.com |
operationsDB.serviceName |
Database service name of the Oracle Identity Governance schema/database. This is not the hostname and it can be a different value as well. |
oimdb.example.com |
operationsDB.port |
Database listener port number for the Oracle Identity Governance database. |
1521 |
mdsDB.user |
MDS schema user |
DEV_MDS |
mdsDB.password |
MDS schema password. If this line is commented out, then password will be prompted. |
NA |
mdsDB.host |
MDS database hostname |
oimdbhost.example.com |
mdsDB.port |
MDS database/Listen port |
1521 |
mdsDB.serviceName |
MDS database service name |
oimdb.example.com |
oim_username |
Oracle Identity Governance username. |
System administrator username |
oim_password |
Oracle Identity Governance password. This is optional. If this is commented out, then you will be prompted for the password when the script is executed. |
NA |
oim_serverurl |
URL to navigate to Oracle Identity Governance. |
t3://oimhost.example.com:14000 |
wls_serverurl |
URL to navigate to WLS Console |
t3://wlshost.example.com:7001 |
opss_customizations_present=false |
Enables customizations related to authorization or custom task flow. Set this value to true to enable customization. |
true |
ATP-D |
Set the value to false if DB type is not ATP-D. Set this to true if underlying DB type is ATP-D. |
true |
TNS_ADMIN |
Set this value only if the value of ATP-D is true. Set this value to the TNS String as provided by DB Admin, for example, fmwatpdedic2_tp?TNS_ADMIN=/home/opc. Here, /home/opc is the path of the wallet zip that is downloaded. If you are using some other predefined service, then provide the path to that service. |
fmwatpdedic2_tp?TNS_ADMIN=/home/opc |
Note:
Update the parameter value as per the setup used and then execute thepatch_oim_wls.sh
file.
1.5.4 Stage 3: Patching the Oracle Identity Governance Managed Servers (patch_oim_wls Stage)
Patching the Oracle Identity Governance managed servers is the process of copying the staged files in the previous steps to the correct locations, running SQL scripts and importing event handlers and deploying SOA composite. For making MBean calls, the script automatically starts the Oracle Identity Governance Managed Server and SOA Managed Server specified in the patch_oim_wls.profile file.
This step is performed by running patch_oim_wls.sh (on UNIX) or patch_oim_wls.bat (on Microsoft Windows) script by using the inputs provided in the patch_oim_wls.profile file. As prerequisites, the WebLogic Admin Server, SOA Managed Servers, and Oracle Identity Governance Managed Server must be running.
Note:
For clustered and multinode installation of Oracle Identity Governance,
perform the steps described in this topic on the ORACLE_HOME_A directory on
which Oracle Identity Governance is installed. In other words, run the
patch_oim_wls
script from the node with WebLogic
Admin Server, oim_server1, and soa_server1 installed. When you run the
script, only WebLogic Admin Server, oim_server1, and soa_server1 should be
running, and the rest of the servers can be down.
To patch Oracle Identity Governance Managed Servers on WebLogic:
1.6 Applying the Bundle Patch to a New Instance
Perform the following steps to apply the Bundle Patch to a new instance:
1.6.1 Installing a New Oracle Identity Governance Instance with OIM BUNDLE PATCH 14.1.2.1.250708
You can install a new Oracle Identity Governance instance with the Bundle Patch in any one of the following ways:
1.6.1.1 Using the Quickstart Installer
Note:
For clustered deployments, perform the steps provided in this section on each node in the cluster.1.6.1.2 Using the Generic Installer
Note:
For clustered deployments, perform the steps provided in this section on each node in the cluster.1.7 Removing the Bundle Patch
Note:
For clustered installations, perform steps 1 through 3 on all nodes in the cluster.1.8.1 Resolved Issues in OIM BUNDLE PATCH 14.1.2.1.250708
Applying this Bundle Patch resolves the issues described in the following table. This is true.
Table 1-2 Resolved Issues in OIM BUNDLE PATCH 14.1.2.1.250708
Bug | Description |
---|---|
37912966 | PROV TASKS GOES REJECTED STATUS WHEN THE VALUE IS REMOVED FROM DATE FIELDS (SSO SETUP) |
37593041 | USER CERTIFICATION JOBS ARE FAILING |
37916124 | ADDING CUSTOM FIELDS TO APPLICATION SCHEMA IS FAILING |
37949703 | ROLE CERT REPORTS SHOWING INVALID DATA AFTER OCT 24 STACK PATCH BUNDLE |
37838929 | Fix for Bug 37838929 |
36460208 | UI- ISS APPLICATION AND SYSTEM CONFIGURATION LIMITED TO A SMALL FRAME WINDOW. |
37603463 | OIG12CPS4: PROBLEM WITH ASSIGNING A GROUP OF ACCEPTANCE WHEN HAVING A PROXY |
37604877 | DISABLE JOB RUNS AUTOMATICALLY OFTEN |
37623243 | CONNECTOR ERRORS ARE NOT BEING LOGGED |
37815446 | IGNORE RESOURCE LIST FOR ENTITLEMENT LIST JOB IS NOT WORKING |
37640708 | CERTS "PREVENT SELF CERTIFICATION" NOT WORK FOR ENTITLEMENT TYPE CERTIFICATION WITH PROXY USERS |
37567925 | ACC: OATB TABLE HAS ERRORS IN CERTIFICATION DASHBOARD |
36575454 | MANUAL FULFILLMENT TASKS GOING TO "STALE" STATE |
37235779 | GENERIC REST CONNECTOR THROWS GENERIC MESSAGE FOR 409 EXCEPTIONS |
37263547 | CUSTOM UDFS DON'T CHANGE VALUE ON THE CERTIFICATION USER DETAIL PAGE |
37659461 | USER PROXIES ALLOWS OVERLAPPING DATES FOR MANAGER AND OTHER TYPE PROXIES |
37810395 | PASSWORD RESET POPUP - PROPOSAL TO IMPROVE CLARITY |
37790603 | UPDATE OF START DATE AND END DATE TRIGGERING DUPLICATE PROV TASKS IN OIM-OAM ENV |
34812616 | USER WITH ADMIN ROLE IS UNABLE TO LOCK/UNLOCK USERS IN OIM. |
36874561 | ASTERISK SIGN AND HEADING ARE NOT COMPLIANT WITH WCAG 2.1 LEVEL A 1.3.1INFO AND RELATIONSHIPS |
37203068 | MANUALLY LOCKED USERS BEING UPDATED FROM OUD TRUSTED RECON |
37349902 | OIG12CPS4:DIAGNOSTIC_MAINT JOB IS NOT PURGING DATA ON DIAG_LOG AND DIAG_LOG_DTLS |
37461743 | APPROVAL TASK OF APPROVAL DETAILS SECTION ARE NOT GETTING LOADED ON REFRESHING REQUEST PAGE |
37639701 | ACCESSIBILITY ISSUES: KEYBOARD NAVIGATION NOT WORKING AS EXPECTED |
37651931 | 37197658 REGRESSION: WHEN REMEDIATOR ROLE SET IS DELETED, IDA POLICY DO NOT OPEN ON UI. |
37386262 | QUERY BY EXAMPLE IS NOT ENABLED FOR ACCOUNT STATUS COLUMN IN USERS PAGE |
37257293 | MODIFYING THE 'USE BULK' FLAG DOES NOT MAKE ANY CHANGES IN THE BACKGROUND |
37473491 | ROLEUSERMEMBERSHIPRULESQLSUPPORTED SHOULD NOT LIMITED TO ACTIVE USERS |
37008610 | SSO GROUP MEMBERSHIP INCREMENTAL RECON DOESN'T WORK FOR ALL SPECIAL CHARACTERS |
36891740 | OIG12CPS4: AOB UI DOES NOT PROVIDE SEPARATE REQUIRED/OPTIONAL OPTION FOR RECONCILIATION FIELDS |
37465786 | ADDING "STATUS" COLUMN IN HOMPAGE WORKFLOW FOR DIRECT REPORTS CAUSES DUPLICATES |
1.8.2 Resolved Issues in OIM BUNDLE PATCH 14.1.2.1.250328
Applying this Bundle Patch resolves the issues described in the following table.
Table 1-3 Resolved Issues in OIM BUNDLE PATCH 14.1.2.1.250328
Bug | Description |
---|---|
37621708 | FMW 14121 : OIM : SYSADMIN PAGE : HELP PAGE IN LOGIN SCREEN : COPYRIGHT UPDATE REQUIRED |
37621784 | FMW 14121 : OIM : IDENTITY PAGE : HELP PAGE IN LOGIN SCREEN : COPYRIGHT UPDATE REQUIRED |
1.9 Known Issues and Workarounds
Known issues and their workarounds in Oracle Identity Governance Release 14.1.2 are described in the Oracle Identity Governance chapter of the Release Notes for Oracle Identity Management document. You can access the Release Notes document in the Oracle Identity Management Documentation library at the following URL:
https://docs.oracle.com/en/middleware/idm/suite/14.1.2/idmrn/index.html
Note:
Some known issues listed in the Release Notes for Oracle Identity Management may have been resolved by this Bundle Patch. Compare the issues listed in Resolved Issues of this document when reviewing the Release Notes for Oracle Identity Management.This section describes the issues and workarounds in this BP release of Oracle Identity Governance:
1.9.1 ANT Location Updated for Windows
For Windows, before running patch_oim_wls.bat, the ANT location must be updated from
%MW_HOME%\oracle_common\modules\thirdparty\org.apache.ant\1.10.5.0.0\apache-ant-1.10.5
to the following location:
%MW_HOME%\oracle_common\modules\thirdparty\org.apache.ant\apache-ant.
1.10 Related Documents
For more information, see the following resources:
- Following is the list of guides for this release:
-
This contains documentation for all Oracle Fusion Middleware 14c products.
-
This site contains additional documentation that is not included as part of the documentation libraries.
1.11 Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Fusion Middleware Oracle Identity Governance Bundle Patch Readme, OIM Bundle Patch 14.1.2.1.250708
G36971-01