F Upgrading OIG-OAM Integrated Environments
You can upgrade your existing 11g and 12c OIG and OAM integrated environments to the latest 14c (14.1.2.1.0) release version.
F.1 About the Starting Points for an OIM-OAM Integrated Environment Upgrade
You can upgrade to OIM-OAM Integrated Environment 14c (14.1.2.1.0) from the supported 11g or 14c releases.
The steps to upgrade OIM-OAM Integrated Environment to 14c (14.1.2.1.0) depend on the following existing production topology:
- OIG and OAM 12c (12.2.1.3.0) connector-based integrated environment with directories such as Oracle Unified Directory, Oracle Internet Directory, or Active Directory.
- OAM 12c (12.2.1.3.0) with latest bundle patches applied and OIG 14c (14.1.2.1.0) with bundle patch 12.2.1.4.200505 applied with supported directories like Oracle Unified Directory 12.2.1.3.0 or Oracle Internet Directory 12.2.1.3.0.
- OIG 12c (12.2.1.3.0) with latest bundle patches applied and OAM 14c (14.1.2.1.0) bundle patch 12.2.1.4.200327 applied with supported directories like such Oracle Unified Directory 12.2.1.3.0 or Oracle Internet Directory 12.2.1.3.0.
- OIG and OAM 11g (11.1.2.3.0) LDAP synchronization integrated
environment with directories such as Oracle Unified Directory, Oracle Internet
Directory, or Active Directory.
Note:
To upgrade to 14.1.2.1.0 from 11.1.2.3.0, you must first upgrade to 12.2.1.3.0, and then upgrade to 14.1.2.1.0.
F.2 Upgrading an OAM-OIM Integrated Environment from a Previous 12c Release
You can upgrade an OAM-OIM integrated environment from a previous 12c release to 14c (14.1.2.1.0).
Complete the steps in the following topics to perform the upgrade:
Note:
You can upgrade Oracle Identity and Access Management highly available 12c (12.2.1.3.0) environments to 14c (14.1.2.1.0) using the procedure described in the following topics:
-
Upgrading Oracle Access Management Highly Available Environments in the Upgrading Oracle Identity and Access Management.
When you install the binaries, you must apply the OAM bundle patch 12.2.1.4.200327 or the latest bundle patch available for your release.
-
Upgrading Oracle Identity Manager Highly Available Environments in the Upgrading Oracle Identity and Access Management.
When you install the binaries, you must apply the OIM bundle patch 12.2.1.4.200505 or the latest bundle patch available for your release.
F.2.1 Task 1: Upgrading the OAM Environment
You can upgrade the OAM environment by installing the Oracle Identity and Access Management and Oracle Fusion Middleware Infrastructure 14c (14.1.2.1.0) software, applying the latest bundle patch, and copying the required files.
Note:
Before you start upgrading OAM environment, review all introductory information to understand the standard upgrade topologies and upgrade paths for Oracle Identity and Access Management. For more information, see Introduction to Upgrading Oracle Access Manager to 14c (14.1.2.1.0) in Upgrading Oracle Identity and Access Management.F.2.2 Task 2: Upgrading the OIG Environment
You can upgrade the OIG environment by installing the required 14c (14.1.2.1.0) software, applying the bundle patch, and running the Upgrade Assistant to upgrade product schemas and domain component configurations.
Note:
Do the following before you start upgrading OIG environment:
- Review all introductory information to understand the standard upgrade topologies and upgrade paths for Oracle Identity and Access Management. See Introduction to Upgrading Oracle Identity and Access Management to 14c in Upgrading Oracle Identity and Access Management.
- Perform pre-upgrade tasks such as cloning your current environment, verifying that your system meets certified requirements, and so on. See Pre-Upgrade Requirements in Upgrading Oracle Identity and Access Management.
F.3 Upgrading an OAM-OIM Integrated Environment from a 11g Release
You can upgrade your OAM-OIG LDAP synchronization integrated environment 11g Release 2 (11.1.2.3.0) version to the latest 14c (14.1.2.1.0) release version. To upgrade to 14c (14.1.2.1.0), you must first upgrade to 12c (12.2.1.3.0), and then upgrade to 14c (14.1.2.1.0).
Note:
If you upgrade from 11g Release 2 (11.1.2.3.0) version to the latest 14c (14.1.2.1.0), then you must disable the LDAP synchronization integrated environment and migrate to LDAP connector-based integrated environment.Complete the steps in the following topics to perform the upgrade:
- Task 1: Upgrading the Integrated Environments
- Task 2: Configuring Oracle HTTP Server
- Task 3: Prerequisites for the Connector-based Integration
- Task 4: Disabling LDAP Synchronization
- Task 5: Configuring WLS Authentication Providers
- Task 6: Configuring the LDAP Connector
- Task 7: Configuring SSO Integration
- Task 8: Enabling OAM Notifications
- Task 9: Adding Missing Object Classes
- Task 10: Restarting Servers
- Task 11: Performing Post-Upgrade Task
- Task 12: Validating the Integrated Environments
F.3.1 Task 1: Upgrading the Integrated Environments
F.3.2 Task 2: Configuring Oracle HTTP Server
You can configuring the Oracle HTTP Server to front-end resources on OIG.
Note:
You can upgrade your earlier version of Oracle HTTP Server to the 14c (14.1.2.1.0) release. For more information about upgrade, see Introduction to Upgrading Oracle HTTP Server to 14c (14.1.2.1.0) Upgrading Oracle HTTP Server.Configure the Oracle HTTP Server for the integrated environment, by completing the following steps:
-
Configure the Oracle HTTP Server WebGate for Oracle Access Management, as described in the section Installing Oracle HTTP Server and Configuring the Oracle HTTP Server WebGate
- Populating the Oracle HTTP Server rules, as described in the section Populating OHS Rules Using Automated Script
-
If you have upgraded your 11g release or previous 12c release to the 14c (14.1.2.1.0) release then do the following:
-
Open a text editor and compare the older
oim.conf
file from your previous release with the newoim.conf
file that you generated by running theOIGOAMIntegration.sh
script. -
Add any missing parameters from the older
oim.conf
file to the newoim.conf
file. -
Save the file when done.
-
Restart OHS Server.
-
F.3.3 Task 3: Prerequisites for the Connector-based Integration
Before you begin to migrate from a LDAP synchronization integrated environment to a connector-based integrated environment, you must complete the prerequisites such as setting the environment variables, updating the datasource, and downloading the connector bundle.
F.3.4 Task 4: Disabling LDAP Synchronization
This section describes how to disable the LDAP synchronization.
F.3.5 Task 5: Configuring WLS Authentication Providers
You must configure the WLS Authentication Providers to set SSO logout for and security providers in OIG domain. So that both the SSO login and OIM client-based login, work appropriately.
Configure the WLS Authentication Providers by performing the steps described in the section Configuring WLS Authentication Providers Using Automated Script.
F.3.6 Task 6: Configuring the LDAP Connector
Configure LDAP Connector by performing the steps described in the section Configuring LDAP Connector Using Automated Script.
F.3.7 Task 7: Configuring SSO Integration
You must configure SSO integration to register OIM as TAP partner for
OAM, add the resource policies for OIG-OAM communication, and update
SSOIntegrationMXBean
values in
MDS.
F.3.8 Task 8: Enabling OAM Notifications
Enable the OAM notification handlers and register OIG System Administrator to utilize OAM REST APIs.
To enable OAM notification, complete the steps described in the section Enabling OAM Notifications Using Automated Script.
F.3.9 Task 9: Adding Missing Object Classes
Add missing object classes for existing users in LDAP directory (Oracle Internet
Directory or Oracle Unified Directory) using the OIGOAMIntegration.sh
automated script.
Note:
This feature is not available for the Active Directory.To add the missing object classes, complete the steps described in the section Adding Missing Object Classes Using Automated Script.
F.3.10 Task 10: Restarting Servers
Restart all processes and servers, including the Administration Server and any Managed Servers for OAM and OIG.
F.3.11 Task 11: Performing Post-Upgrade Task
F.3.12 Task 12: Validating the Integrated Environments
After the upgrade, you can validate the integrated environments by performing the tasks described in the section Validating the Access Manager and Oracle Identity Governance Integration.
For any common problems you might encounter, see the section Troubleshooting Common Problems in Access Manager and OIG Integration.
For known issue and limitations, see Known Limitations and Workarounds in OIG-OAM Integration.