Upgrading OIG-OAM Integrated Environments

F Upgrading OIG-OAM Integrated Environments

You can upgrade your existing 11g and 12c OIG and OAM integrated environments to the latest 12c (12.2.1.4.0) release version.

F.1 About the Starting Points for an OIM-OAM Integrated Environment Upgrade

You can upgrade to OIM-OAM Integrated Environment 12c (12.2.1.4.0) from the supported 11g or 12c releases.

The steps to upgrade OIM-OAM Integrated Environment to 12c (12.2.1.4.0) depend on the following existing production topology:

OIG and OAM 12c (12.2.1.3.0) connector-based integrated environment with directories such as Oracle Unified Directory, Oracle Internet Directory, or Active Directory.
OAM 12c (12.2.1.3.0) with latest bundle patches applied and OIG 12c (12.2.1.4.0) with bundle patch 12.2.1.4.200505 applied with supported directories like Oracle Unified Directory 12.2.1.3.0 or Oracle Internet Directory 12.2.1.3.0.
OIG 12c (12.2.1.3.0) with latest bundle patches applied and OAM 12c (12.2.1.4.0) bundle patch 12.2.1.4.200327 applied with supported directories like such Oracle Unified Directory 12.2.1.3.0 or Oracle Internet Directory 12.2.1.3.0.
OIG and OAM 11g (11.1.2.3.0) LDAP synchronization integrated environment with directories such as Oracle Unified Directory, Oracle Internet Directory, or Active Directory.

Note:
To upgrade to 12.2.1.4.0 from 11.1.2.3.0, you must first upgrade to 12.2.1.3.0, and then upgrade to 12.2.1.4.0.

F.2 Upgrading an OAM-OIM Integrated Environment from a Previous 12c Release

You can upgrade an OAM-OIM integrated environment from a previous 12c release to 12c (12.2.1.4.0).

Complete the steps in the following topics to perform the upgrade:

Note:

You can upgrade Oracle Identity and Access Management highly available 12c (12.2.1.3.0) environments to 12c (12.2.1.4.0) using the procedure described in the following topics:

Upgrading Oracle Access Management Highly Available Environments in the Upgrading Oracle Identity and Access Management.

When you install the binaries, you must apply the OAM bundle patch 12.2.1.4.200327 or the latest bundle patch available for your release.
Upgrading Oracle Identity Manager Highly Available Environments in the Upgrading Oracle Identity and Access Management.

When you install the binaries, you must apply the OIM bundle patch 12.2.1.4.200505 or the latest bundle patch available for your release.

F.2.1 Task 1: Upgrading the OAM Environment

You can upgrade the OAM environment by installing the Oracle Identity and Access Management and Oracle Fusion Middleware Infrastructure 12c (12.2.1.4.0) software, applying the latest bundle patch, and copying the required files.

Note:

Before you start upgrading OAM environment, review all introductory information to understand the standard upgrade topologies and upgrade paths for Oracle Identity and Access Management. For more information, see Introduction to Upgrading Oracle Access Manager to 12c (12.2.1.4.0) in Upgrading Oracle Identity and Access Management.

Perform the following steps to upgrade the OAM environment.

Shut down all of the pre-upgrade processes and servers, including the Administration Server, any Managed Servers, and Node Manager. For more information, see Stopping Servers and Processes in Upgrading Oracle Identity and Access Management.
Back up and rename the 12.2.1.3.0 OAM Oracle home (ORACLE_HOME).

An Oracle home consists of product homes, such as the WebLogic Server home, an Oracle Common home ( Contain the OAM binaries), and the user_projects directories (Contains Oracle WebLogic Server domains).

Example:

/u01/app/fmw/ORACLE_HOME_old
Complete the pre-upgrade tasks, as described in Pre-Upgrade Requirements in Upgrading Oracle Identity and Access Management.
Install the 12c (12.2.1.4.0) OAM binaries in the existing 12c (12.2.1.3.0) OAM Oracle home (/u01/app/fmw/ORACLE_HOME) using:
- Oracle Fusion Middleware Infrastructure (fmw_12.2.1.4.0_infrastructure.jar)
- Oracle Identity and Access Management (fmw_12.2.1.4.0_idm.jar)
For more information about installing the Oracle Access Manager, see Installing Product Distributions in Upgrading Oracle Identity and Access Management.

Note:
OAM 12.2.1.4.0 requires Java Development Kit (JDK) 1.8.0_211 and later. You must update the JDK, as described in About Updating the JDK Location After Installing an Oracle Fusion Middleware Product in Upgrading Oracle Identity and Access Management.
Copy the user_projects folder from the backup of 12.2.1.3.0 OAM Oracle home (/u01/app/fmw/ORACLE_HOME_old/user_projects/) to the 12.2.1.4.0 OAM Oracle home (/u01/app/fmw/ORACLE_HOME).

Note:
Perform the above step, if your existing 12.2.1.3.0 DOMAIN_HOME reside within the 12.2.1.3.0 Oracle home directory.
Run OPatch to apply the OAM bundle patch 12.2.1.4.200327 or the latest bundle patch available for your release.
See Applying the Bundle Patch in the Oracle Access Management Bundle Patch Readme.
Start the Administration Server and the OAM Managed Server, as described in Starting the Servers in Installing and Configuring Oracle Identity and Access Management.

F.2.2 Task 2: Upgrading the OIG Environment

You can upgrade the OIG environment by installing the required 12c (12.2.1.4.0) software, applying the bundle patch, and running the Upgrade Assistant to upgrade product schemas and domain component configurations.

Note:

Do the following before you start upgrading OIG environment:

Review all introductory information to understand the standard upgrade topologies and upgrade paths for Oracle Identity and Access Management. See Introduction to Upgrading Oracle Identity and Access Management to 12c in Upgrading Oracle Identity and Access Management.
Perform pre-upgrade tasks such as cloning your current environment, verifying that your system meets certified requirements, and so on. See Pre-Upgrade Requirements in Upgrading Oracle Identity and Access Management.

Perform the following steps to upgrade the OIG environment.

Run the pre-upgrade report utility before you begin the upgrade process for Oracle Identity Manager. For more information about the pre-upgrade report utility, see Generating and Analysing Pre-Upgrade Report for Oracle Identity Manager in Upgrading Oracle Identity and Access Management.
Complete the tasks described in Completing the Pre-Upgrade Tasks for Oracle Identity Manager in Upgrading Oracle Identity and Access Management.
Shut down all of the pre-upgrade processes and servers, including the Administration Server, any Managed Servers, and Node Manager.

See Stopping Servers and Processes in Upgrading Oracle Identity and Access Management.
Back up and rename the 12.2.1.3.0 OIG Oracle home (ORACLE_HOME).

Example:

/u01/app/fmw/ORACLE_HOME_old
Install the 12c (12.2.1.4.0) OIG binaries in the existing 12c (12.2.1.3.0) OIG Oracle home (/u01/app/fmw/ORACLE_HOME) using the generic Installer or the quickstart Installer.
If you are using the generic installer, then obtain the following distributions:
- Oracle Fusion Middleware Infrastructure (fmw_12.2.1.4.0_infrastructure.jar)
- Oracle SOA Suite (fmw_12.2.1.4.0_soa_generic.jar)
- Oracle Identity and Access Management (fmw_12.2.1.4.0_idm.jar)
If you are using quickstart installer to install all the software in one go, obtain the following distributions:
- fmw_12.2.1.4.0_idmquickstart_generic.jar
Note:
It is recommended that you use the simplified installation process to install the product, using the quickstart installer.
For more information, see Installing Oracle Identity Governance Using Quickstart Installer in Installing and Configuring Oracle Identity and Access Management.
Copy the user_projects folder from the backup of 12.2.1.3.0 Oracle home (/u01/app/fmw/ORACLE_HOME_old/user_projects/) to the 12.2.1.4.0 Oracle home (/u01/app/fmw/ORACLE_HOME).

Note:
Perform the above step, if your existing 12.2.1.3.0 DOMAIN_HOME reside within the 12.2.1.3.0 Oracle home directory.
Run OPatch to apply the OIM bundle patch 12.2.1.4.200505 or the latest bundle patch available for your release, as described in Patching the Oracle Binaries (OPatch Stage) in Oracle Identity Governance Bundle Patch Readme.

Note:
Do not start the OIG servers after applying the bundle patch.
Update the latest JDK version in the domain home. See Updating the JDK location in Upgrading Oracle Identity and Access Management.
Run a readiness check before you start the upgrade process. See Running a Pre-Upgrade Readiness Check in Upgrading Oracle Identity and Access Management.
Tune the Database parameters for Oracle Identity Manager. See Tuning Database Parameters for Oracle Identity Manager in Upgrading Oracle Identity and Access Management.
Run the Upgrade Assistant from the 12c ( 12.2.1.4.0) Oracle home to upgrade product schemas, as described in Upgrading Product Schemas in Upgrading Oracle Identity and Access Management.

Note:
Ensure that you select All Schemas Used by a Domain in the Selected Schemas screen.
Run the Upgrade Assistant from the 12c ( 12.2.1.4.0) Oracle home to upgrade domain component configurations, as described in Upgrading Domain Component Configurations in Upgrading Oracle Identity and Access Management.
Start the WebLogic Admin Server, SOA Managed Servers, and Oracle Identity Governance Managed Server. For more information about starting the servers, see Starting the Servers in Installing and Configuring Oracle Identity and Access Management.

Note:
When you start the Oracle Identity Governance server, the bootstrap report is generated at DOMAIN_HOME/servers/oim_server1/logs/BootStrapReportPreStart.html. For more information about the bootstrap report, see Analyzing the Bootstrap Report in Installing and Configuring Oracle Identity and Access Management.
Open the patch_oim_wls.profile file (Located in the ORACLE_HOME/idm/server/bin/ directory) in a text editor, and change the values in the file to match your environment.

See Filling in the patch_oim_wls.profile File in Oracle Identity Governance Bundle Patch Readme.
Patch the OIG Managed Servers on WebLogic by performing the following steps:
1. Set the following environment variables:
  
  UNIX
```
setenv PATH $JAVA_HOME/bin:$PATH
```
  Windows
```
set JAVA_HOME=VALUE_OF_JAVA_HOME
set ANT_HOME=\PATH_TO_ANT_DIRECTORY\ant
set ORACLE_HOME=%MW_HOME%\idm
```
  Note:
  Make sure to set the reference to JDK binaries in your PATH before running the patch_oim_wls.sh (UNIX) or patch_oim_wls.bat (Microsoft Windows) script. This JAVA_HOME must be of the same version that is being used to run the WebLogic servers. The JAVA_HOME version from /usr/bin/ or the default is usually old and must be avoided. You can verify the version by running the following command:
2. Execute patch_oim_wls.sh (UNIX) or patch_oim_wls.bat (Microsoft Windows) to apply the configuration changes to the Oracle Identity Governance server.
3. Delete the following directory in domain home:
  DOMAIN_HOME//servers/oim_server1/tmp/_WL_user/oracle.iam.console.identity.self-service.ear_V2.0
  Here, oim_server1 is the weblogic manged server used for OIG.
4. To verify that the patch_oim_wls script has completed successfully, check the ORACLE_HOME/idm/server/bin/patch_oim_wls.log log file.
Restart the Administration Server, Oracle SOA Suite Managed Server, and the OIG Managed Server. See Starting the Servers in the Upgrading Oracle Identity and Access Management.

Note:
Depending on your OIG environment, you may need to perform additional post-upgrade task. See Post-Upgrade Task in Upgrading Oracle Identity and Access Management.

F.3 Upgrading an OAM-OIM Integrated Environment from a 11g Release

You can upgrade your OAM-OIG LDAP synchronization integrated environment 11g Release 2 (11.1.2.3.0) version to the latest 12c (12.2.1.4.0) release version. To upgrade to 12c (12.2.1.4.0), you must first upgrade to 12c (12.2.1.3.0), and then upgrade to 12c (12.2.1.4.0).

Note:

If you upgrade from 11g Release 2 (11.1.2.3.0) version to the latest 12c (12.2.1.4.0), then you must disable the LDAP synchronization integrated environment and migrate to LDAP connector-based integrated environment.

Complete the steps in the following topics to perform the upgrade:

F.3.1 Task 1: Upgrading the Integrated Environments

To upgrade your 11g Release 2 (11.1.2.3.0) environment, complete the following steps:

Upgrade your existing 11g Release 2 (11.1.2.3.0) integrated environment to Oracle Identity and Access Management 12c (12.2.1.3.0).
See:
- Introduction to Upgrading Oracle Access Manager to 12c (12.2.1.3.0) in in Upgrading Oracle Access Manager.
- Introduction to Upgrading Oracle Identity Manager to 12c (12.2.1.3.0) in Upgrading Oracle Identity Manager.
After upgrading the integrated environment to OAM-OIM 12c (12.2.1.3.0), perform the following:
1. If you have an existing Oracle Internet Directory 11g connector or Microsoft Active Directory User Management (AD User Management) 11g connector deployed for provisioning and reconciliation then you can use the same connectors for Single sign-on (SSO). To do so, you must upgrade the connectors to 12.2.1.3.0.
  For more information about the upgrade, see the following:
  - Upgrading the Oracle Internet Directory Connector in the Configuring the Oracle Internet Directory Application.
  - Upgrading the Microsoft Active Directory User Management Connector in the Configuring the Microsoft Active Directory User Management Application.
2. If any self-registration request is in pending state, then you must approve all pending requests using the Oracle Identity Self Service Interface.
  
  See Managing Pending Approvals in the Performing Self Service Tasks with Oracle Identity Governance.
Upgrade the OAM-OIM 12c (12.2.1.3.0) integrated environment that you have upgraded from 11g Release 2 (11.1.2.3.0) to 12c (12.2.1.4.0), as described in Upgrading an OAM-OIM Integrated Environment from a Previous 12c Release.

F.3.2 Task 2: Configuring Oracle HTTP Server

You can configuring the Oracle HTTP Server to front-end resources on OIG.

Note:

You can upgrade your earlier version of Oracle HTTP Server to the 12c (12.2.1.4.0) release. For more information about upgrade, see Introduction to Upgrading Oracle HTTP Server to 12c (12.2.1.4.0) Upgrading Oracle HTTP Server.

Configure the Oracle HTTP Server for the integrated environment, by completing the following steps:

Configure the Oracle HTTP Server WebGate for Oracle Access Management, as described in the section Installing Oracle HTTP Server and Configuring the Oracle HTTP Server WebGate
Populating the Oracle HTTP Server rules, as described in the section Populating OHS Rules Using Automated Script
If you have upgraded your 11g release or previous 12c release to the 12c (12.2.1.4.0) release then do the following:
1. Open a text editor and compare the older oim.conf file from your previous release with the new oim.conf file that you generated by running the OIGOAMIntegration.sh script.
2. Add any missing parameters from the older oim.conf file to the new oim.conf file.
3. Save the file when done.
4. Restart OHS Server.

F.3.3 Task 3: Prerequisites for the Connector-based Integration

Before you begin to migrate from a LDAP synchronization integrated environment to a connector-based integrated environment, you must complete the prerequisites such as setting the environment variables, updating the datasource, and downloading the connector bundle.

Complete the following prerequisites in this section before migrating from a LDAP synchronization integrated environment to a connector-based integrated environment.

Back up all system-critical files, including the databases that host your Oracle Fusion Middleware 12.2.1.4.0 schemas. For more information, see Creating a Complete Backup in Upgrading Oracle Identity and Access Management.

Note:
If any step in the migration from a LDAP synchronization integrated environment to a connector-based integrated environment process fails, restore the environment to its original state using the backup files you created.
Before running the OIGOAMIntegration.sh script to enable connector-based integrated environment, do the following:
1. Set the environment variables to the full path of the 12.2.1.4.0 OIG Oracle home, as shown in the following example:
```
export ORACLE_HOME=/u01/Oracle_Home
export MW_HOME=/u01/Oracle_Home
export OIM_ORACLE_HOME=/u01/Oracle_Home/idm/
export WL_HOME=/u01/Oracle_Home/wlserver
export JAVA_HOME=<<Java Home location>>
```
2. On UNIX, provide the executable permission for the OIGOAMIntegration.sh script in the 12.2.1.4.0 OIG Oracle home directory (Located at ORACLE_HOME/idm/server/ssointg/bin):
```
chmod 777 _OIGOAMIntegration.sh
chmod 777 OIGOAMIntegration.sh
```
Complete the prerequisites described in the section Prerequisites for the Connector-based Integration.
If you have upgraded the Oracle Internet Directory 11g connector or Microsoft Active Directory User Management 11g connector to 12.2.1.3.0, as describe in Step 2.a, then you must complete the following steps:
1. Navigate to the directory (For example, OID/OUD the folder is named OID-12.2.1.3.0 and AD the folder is named activedirectory-12.2.1.3.0) that has the connector that you upgraded from 11g to 12.2.1.3.0, and then copy one of the following folders depending on the LDAP directory to the backup of 12.2.1.3.0 OIG home directory.
  - OID/OUD: OID-12.2.1.3.0
  - AD: activedirectory-12.2.1.3.0
  Example:
  
  OID/OUD: ORACLE_HOME_old/idm/server/ConnectorDefaultDirectory/OID-12.2.1.3.0
  
  AD: ORACLE_HOME_old/idm/server/ConnectorDefaultDirectory/activedirectory-12.2.1.3.0
2. Navigate to the directory (For example, OID/OUD the folder is named OID-12.2.1.3.0 and AD the folder is named activedirectory-12.2.1.3.0), and then copy one of the following folders depending on you LDAP directory to the 12.2.1.4.0 OIG home directory.
  - OID/OUD: OID-12.2.1.3.0
  - AD: activedirectory-12.2.1.3.0
  Example:
  
  OID/OUD: ORACLE_HOME/idm/server/ConnectorDefaultDirectory/OID-12.2.1.3.0
  
  AD: ORACLE_HOME/idm/server/ConnectorDefaultDirectory/activedirectory-12.2.1.3.0
3. Open the configureLDAPConnector.config file from the 12.2.1.4.0 OIG Oracle home directory in a text editor and update the CONNECTOR_MEDIA_PATH parameter with the full path of the 12.2.1.3.0 backup OIG folder as shown in the following example:
  - OID/OUD: CONNECTOR_MEDIA_PATH=/u01/app/fmw/ORACLE_HOME/idm/server/ConnectorDefaultDirectory/OID-12.2.1.3.0
  - AD: CONNECTOR_MEDIA_PATH=/u01/app/fmw/ORACLE_HOME/idm/server/ConnectorDefaultDirectory/activedirectory -12.2.1.3.0

F.3.4 Task 4: Disabling LDAP Synchronization

This section describes how to disable the LDAP synchronization.

Complete the following steps:

Open the migrateOIMOAMIntegration.config file from the 12.2.1.4.0 OIG Oracle home directory (Located at ORACLE_HOME/idm/server/ssointg/config) in a text editor and update the parameters.

Example migrateOIMOAMIntegration.config File

IDSTORE_DIRECTORYTYPE 
OIM_WLSHOST 
OIM_WLSPORT 
OIM_WLSADMIN 
OIM_WLSADMIN_PWD 
OIM_SERVER_NAME 
OIM_HOST 
OIM_PORT 
WLS_OIM_SYSADMIN_USER 
WLS_OIM_SYSADMIN_USER_PWD 
MDS_EXPORT_PATH

The following table describes the parameters that you can set in the migrateOIMOAMIntegration.config file.

Table F-1 Parameters in migrateOIMOAMIntegration.config File

Parameters	Description	Sample Value
`IDSTORE_DIRECTORYTYPE`	Enter the identity store directory type. Valid options are OID, OUD, and AD.	`OUD`
`OIM_WLSHOST`	Enter the OIG admin server host name.	`oimadminhost.example.com`
`OIM_WLSPORT`	Enter the OIG admin server port.	`17001`
`OIM_WLSADMIN`	Enter the weblogic administrator user in OIM domain.	`weblogic`
`OIM_WLSADMIN_PWD`	Enter the password for the weblogic admin user in OIM domain.	`password`
`OIM_SERVER_NAME`	Enter the OIG server name.	`oim_server1`
`OIM_HOST`	Enter the host name for OIG managed server.	`oimhost.example.com`
`OIM_PORT`	Enter the port for OIG Server.	`14000`
`WLS_OIM_SYSADMIN_USER`	Enter the system admin user to be used to connect to OIG while configuring SSO. This user needs to have system admin role.	`xelsysadm`
`WLS_OIM_SYSADMIN_USER_PWD`	Enter the password for OIG system administrator user.	`Password`
`MDS_EXPORT_PATH`	Specify location to export MDS.	`/u01/app/upgrade/backup`

Run the OIGOAMIntegration.sh script from the 12.2.1.4.0 ORACLE_HOME (Located at ORACLE_HOME/idm/server/ssointg/bin) to delete the EventHandlers.xml file from MDS and disable all LDAP scheduled jobs:
```
./OIGOAMIntegration.sh -migrateOIMOAMIntegration
```
Delete the adapters configured for the libOVD configuration:
1. Invoke WLST interactively by running the following command from the 12.2.1.4.0 OIG Oracle home directory:
  ORACLE_HOME/oracle_common/common/bin/wlst.sh
2. Connect to the WebLogic Administration Server:
  connect('Weblogic_User', 'Weblogic_password', 't3://Weblogic_Host:Weblogic_AdminServer_Port')
  Example:
  connect('weblogic', 'Password', 't3://example.com:7001')
3. Lists the name and type of all adapters that are configured.
```
listAdapters([contextName])
```
  Example:
```
listAdapters(contextName='oim')
```
  See listAdapters in the WebLogic Scripting Tool Command Reference for Identity and Access Management.
4. Deletes all the existing adapter for the libOVD configuration:
```
deleteAdapter(adapterName, [contextName])
```
  Example:
```
deleteAdapter(adapterName='oud1', contextName='oim')
deleteAdapter(adapterName='CHANGELOG_oud1', contextName='oim')
```
  See deleteAdapter in WebLogic Scripting Tool Command Reference for Identity and Access Management.

F.3.5 Task 5: Configuring WLS Authentication Providers

You must configure the WLS Authentication Providers to set SSO logout for and security providers in OIG domain. So that both the SSO login and OIM client-based login, work appropriately.

Configure the WLS Authentication Providers by performing the steps described in the section Configuring WLS Authentication Providers Using Automated Script.

F.3.6 Task 6: Configuring the LDAP Connector

Configure LDAP Connector by performing the steps described in the section Configuring LDAP Connector Using Automated Script.

F.3.7 Task 7: Configuring SSO Integration

You must configure SSO integration to register OIM as TAP partner for OAM, add the resource policies for OIG-OAM communication, and update SSOIntegrationMXBean values in MDS.

To configure SSO integration, perform the steps described in the section Configuring SSO Integration Using Automated Script.

F.3.8 Task 8: Enabling OAM Notifications

Enable the OAM notification handlers and register OIG System Administrator to utilize OAM REST APIs.

To enable OAM notification, complete the steps described in the section Enabling OAM Notifications Using Automated Script.

F.3.9 Task 9: Adding Missing Object Classes

Add missing object classes for existing users in LDAP directory (Oracle Internet Directory or Oracle Unified Directory) using the OIGOAMIntegration.sh automated script.

Note:

This feature is not available for the Active Directory.

To add the missing object classes, complete the steps described in the section Adding Missing Object Classes Using Automated Script.

F.3.10 Task 10: Restarting Servers

Restart all processes and servers, including the Administration Server and any Managed Servers for OAM and OIG.

To start your servers:

Restart OHS Server. For information about starting the server, see Restarting Oracle HTTP Server Instances in Administering Oracle HTTP Server.

To start Node Manager, use the startNodeManager script:

UNIX

DOMAIN_HOME/bin/startNodeManager.sh

Windows

DOMAIN_HOME\bin\startNodeManager.cmd

To start the Administration Server, use the startWebLogic script:
UNIX
```
DOMAIN_HOME/bin/startWebLogic.sh
```
Windows
```
DOMAIN_HOME\bin\startWebLogic.cmd
```
When prompted, enter your user name, password, and the URL of the Administration Server.
To start a WebLogic Server Managed Server, use the startManagedWebLogic script:
UNIX
```
DOMAIN_HOME/bin/startManagedWebLogic.sh managed_server_name admin_url
```
Windows
```
DOMAIN_HOME\bin\startManagedWebLogic.cmd managed_server_name admin_url
```
When prompted, enter your user name, password, and the URL of the Administration Server.

Note:
For SOA and OIG Managed Servers, specify the URL of the Administration Server in the OIG domain.

F.3.11 Task 11: Performing Post-Upgrade Task

After you complete the upgrade and migrate to connector-based integrated environment, perform the following steps:

Open a browser, and access the Oracle Identity System Administration Console using the following URL format:
http://HOSTNAME:PORT/sysadmin
In this URL, HOSTNAME represents the name of the computer hosting the Oracle HTTP Server and PORT refers to the port on which the Oracle HTTP Server is listening.
In the left panel, under System Configuration , click Configuration Properties.
Enter SSOIntegration.GroupRecon.OIGRole.Matching.RoleName in the Search field.

Note:
If the SSOIntegration.GroupRecon.OIGRole.Matching.RoleName property is not available, then you must create it. See Creating System Properties in the Administering Oracle Identity Governance.
Click the icon next to the Search field. The SSOIntegration.GroupRecon.OIGRole.Matching.RoleName system property is displayed.
In the Property Name column of the search results table, click the SSOIntegration.GroupRecon.OIGRole.Matching.RoleName system property. The System Property Details page is displayed.
Set the value to true and click Save to save the changes made.
Run the SSO Group Create And Update Full Reconciliation job to import the new roles from target and update the existing roles in OIG:
1. In the left panel, under System Configuration , click Scheduler.
2. On the left pane, in the search results table, click SSO Group Create And Update Full Reconciliation then from the Actions list, click Run Now.
Run the Roles Migration on Post LDAP Sync to SSO Integration job to auto seed the necessary artifacts for the existing roles in OIG:
1. In the left panel, under System Configuration , click Scheduler.
2. On the left pane, in the search results table, click Roles Migration on Post LDAP Sync to SSO Integration then from the Actions list, click Run Now .
Navigate to Configuration Properties under System Configuration , click Configuration Properties and set the value to false for the SSOIntegration.GroupRecon.OIGRole.Matching.RoleName system property.
Navigate to Scheduler under System Configuration and run the following reconciliation jobs:
- SSO User Full Reconciliation
- SSO Group Membership Full Reconciliation
- SSO Group Hierarchy Sync Full Reconciliation

F.3.12 Task 12: Validating the Integrated Environments

After the upgrade, you can validate the integrated environments by performing the tasks described in the section Validating the Access Manager and Oracle Identity Governance Integration.

For any common problems you might encounter, see the section Troubleshooting Common Problems in Access Manager and OIG Integration.

For known issue and limitations, see Known Limitations and Workarounds in OIG-OAM Integration.