- Oracle...ORACLE_TEXTPreUpgradeReport.html Oracle TEXT is a mandatory RDBMS component for OIM...
Transcript of - Oracle...ORACLE_TEXTPreUpgradeReport.html Oracle TEXT is a mandatory RDBMS component for OIM...
ltInsert Picture Heregt
Oracle Identity Manager 11gR2-PS2 Hands-on Workshop
Tech Deep Dive ndash Upgrade
atulgoyaloraclecom
Principal Product Manager Oracle Identity Governance
This document is for informational purposes It is not a commitment
to deliver any material code or functionality and should not be
relied upon in making purchasing decisions The development
release and timing of any features or functionality described in this
document remains at the sole discretion of Oracle This document in
any form software or printed matter contains proprietary information
that is the exclusive property of Oracle This document and
information contained herein may not be disclosed copied
reproduced or distributed to anyone outside Oracle without prior
written consent of Oracle This document is not part of your license
agreement nor can it be incorporated into any contractual agreement
with Oracle or its subsidiaries or affiliates
Agenda
bull One Hop Upgrade Overview
bull Upgrade Concepts bull Upgrade Design
bull One Hop Upgrade Process
bull Major vs Minor vs Websphere Upgrades
bull Cluster Upgrades
bull Pre Upgrade Considerations
bull Pre Upgrade Report
bull Back up and Recovery
bull Cross Platform Upgrade
One Hop Upgrade Overview
Oracle Identity Management (OIM) One Hop Upgrade being released for the customers
to directly upgrade to Latest Release from any source
For the release seacutequence R1 R2 R3hellipRn-1 Rn in chronological order if the customer on
release R1 wants to upgrade to release Rn
Advantage
ndash Hop-By-Hop Upgrade With the Hop by Hop Upgrade Model Upgrade Path would
be R1R2 R2R3 helliphelliphellip Rn -1 Rn
ndash Direct Upgrade With the One Hop Upgrade Model Upgrade Path would be R1
Rn
Following Upgrade Paths will be supported by One Hop Upgrade
bull OIM R1PS1 OIM Rn [WLS]
bull OIM R1PS2 OIM Rn [WLS] [NON FA]
bull OIM R2 OIM Rn [WLS]
bull OIM R2PS1 OIM Rn [WLSWAS]
bull OIM 9x OIM Rn [WLSWAS]
Upgrade Design
PRE Upgrade Report
Middle Ware
Middle Ware
Schemas OIM MDS
SOAINFRA ORASDPM
Schemas
OIM MDS
SOAINFRA ORASDPM
OPSS
Post Upgrade Steps and Verification
Schema Upgrade
Mid Tier Upgrade
Rx Ry
Binaries (OIM HOME SOA
HOME)
Binaries (OIM HOME SOA
HOME)
Cluster Upgrade
bullUPGRADE STEPS
Binary Upgrade Configuring Domain with DB Policy Store Schema Upgrade Upgrading Oracle Identity Management Schemas Using Patch Set Assistant Mid Tier Upgrade Starting the Administration Server and SOA Managed Server Upgrading Oracle Identity Manager Middle Tier MDS patching
bullUPGRADE STEPS
Binary Upgrade Pack domain from Node1 Unpack the same on Node2
NODE-2
OIM Server SOA Server
OIM Server SOA Server
NODE-1
Admin Server OIM Server SOA Server
T2
T1 T1
T2
Admin Server
PRE UPGRADE CONSIDERATIONS
PRE UPGRADE CONSIDERATIONS
bull Upgrade Path Supported
bull Execution of Pre-Upgrade Utility
bull Analysis of Pre Upgrade Reports
bull Back-up and Restore
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
This document is for informational purposes It is not a commitment
to deliver any material code or functionality and should not be
relied upon in making purchasing decisions The development
release and timing of any features or functionality described in this
document remains at the sole discretion of Oracle This document in
any form software or printed matter contains proprietary information
that is the exclusive property of Oracle This document and
information contained herein may not be disclosed copied
reproduced or distributed to anyone outside Oracle without prior
written consent of Oracle This document is not part of your license
agreement nor can it be incorporated into any contractual agreement
with Oracle or its subsidiaries or affiliates
Agenda
bull One Hop Upgrade Overview
bull Upgrade Concepts bull Upgrade Design
bull One Hop Upgrade Process
bull Major vs Minor vs Websphere Upgrades
bull Cluster Upgrades
bull Pre Upgrade Considerations
bull Pre Upgrade Report
bull Back up and Recovery
bull Cross Platform Upgrade
One Hop Upgrade Overview
Oracle Identity Management (OIM) One Hop Upgrade being released for the customers
to directly upgrade to Latest Release from any source
For the release seacutequence R1 R2 R3hellipRn-1 Rn in chronological order if the customer on
release R1 wants to upgrade to release Rn
Advantage
ndash Hop-By-Hop Upgrade With the Hop by Hop Upgrade Model Upgrade Path would
be R1R2 R2R3 helliphelliphellip Rn -1 Rn
ndash Direct Upgrade With the One Hop Upgrade Model Upgrade Path would be R1
Rn
Following Upgrade Paths will be supported by One Hop Upgrade
bull OIM R1PS1 OIM Rn [WLS]
bull OIM R1PS2 OIM Rn [WLS] [NON FA]
bull OIM R2 OIM Rn [WLS]
bull OIM R2PS1 OIM Rn [WLSWAS]
bull OIM 9x OIM Rn [WLSWAS]
Upgrade Design
PRE Upgrade Report
Middle Ware
Middle Ware
Schemas OIM MDS
SOAINFRA ORASDPM
Schemas
OIM MDS
SOAINFRA ORASDPM
OPSS
Post Upgrade Steps and Verification
Schema Upgrade
Mid Tier Upgrade
Rx Ry
Binaries (OIM HOME SOA
HOME)
Binaries (OIM HOME SOA
HOME)
Cluster Upgrade
bullUPGRADE STEPS
Binary Upgrade Configuring Domain with DB Policy Store Schema Upgrade Upgrading Oracle Identity Management Schemas Using Patch Set Assistant Mid Tier Upgrade Starting the Administration Server and SOA Managed Server Upgrading Oracle Identity Manager Middle Tier MDS patching
bullUPGRADE STEPS
Binary Upgrade Pack domain from Node1 Unpack the same on Node2
NODE-2
OIM Server SOA Server
OIM Server SOA Server
NODE-1
Admin Server OIM Server SOA Server
T2
T1 T1
T2
Admin Server
PRE UPGRADE CONSIDERATIONS
PRE UPGRADE CONSIDERATIONS
bull Upgrade Path Supported
bull Execution of Pre-Upgrade Utility
bull Analysis of Pre Upgrade Reports
bull Back-up and Restore
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Agenda
bull One Hop Upgrade Overview
bull Upgrade Concepts bull Upgrade Design
bull One Hop Upgrade Process
bull Major vs Minor vs Websphere Upgrades
bull Cluster Upgrades
bull Pre Upgrade Considerations
bull Pre Upgrade Report
bull Back up and Recovery
bull Cross Platform Upgrade
One Hop Upgrade Overview
Oracle Identity Management (OIM) One Hop Upgrade being released for the customers
to directly upgrade to Latest Release from any source
For the release seacutequence R1 R2 R3hellipRn-1 Rn in chronological order if the customer on
release R1 wants to upgrade to release Rn
Advantage
ndash Hop-By-Hop Upgrade With the Hop by Hop Upgrade Model Upgrade Path would
be R1R2 R2R3 helliphelliphellip Rn -1 Rn
ndash Direct Upgrade With the One Hop Upgrade Model Upgrade Path would be R1
Rn
Following Upgrade Paths will be supported by One Hop Upgrade
bull OIM R1PS1 OIM Rn [WLS]
bull OIM R1PS2 OIM Rn [WLS] [NON FA]
bull OIM R2 OIM Rn [WLS]
bull OIM R2PS1 OIM Rn [WLSWAS]
bull OIM 9x OIM Rn [WLSWAS]
Upgrade Design
PRE Upgrade Report
Middle Ware
Middle Ware
Schemas OIM MDS
SOAINFRA ORASDPM
Schemas
OIM MDS
SOAINFRA ORASDPM
OPSS
Post Upgrade Steps and Verification
Schema Upgrade
Mid Tier Upgrade
Rx Ry
Binaries (OIM HOME SOA
HOME)
Binaries (OIM HOME SOA
HOME)
Cluster Upgrade
bullUPGRADE STEPS
Binary Upgrade Configuring Domain with DB Policy Store Schema Upgrade Upgrading Oracle Identity Management Schemas Using Patch Set Assistant Mid Tier Upgrade Starting the Administration Server and SOA Managed Server Upgrading Oracle Identity Manager Middle Tier MDS patching
bullUPGRADE STEPS
Binary Upgrade Pack domain from Node1 Unpack the same on Node2
NODE-2
OIM Server SOA Server
OIM Server SOA Server
NODE-1
Admin Server OIM Server SOA Server
T2
T1 T1
T2
Admin Server
PRE UPGRADE CONSIDERATIONS
PRE UPGRADE CONSIDERATIONS
bull Upgrade Path Supported
bull Execution of Pre-Upgrade Utility
bull Analysis of Pre Upgrade Reports
bull Back-up and Restore
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
One Hop Upgrade Overview
Oracle Identity Management (OIM) One Hop Upgrade being released for the customers
to directly upgrade to Latest Release from any source
For the release seacutequence R1 R2 R3hellipRn-1 Rn in chronological order if the customer on
release R1 wants to upgrade to release Rn
Advantage
ndash Hop-By-Hop Upgrade With the Hop by Hop Upgrade Model Upgrade Path would
be R1R2 R2R3 helliphelliphellip Rn -1 Rn
ndash Direct Upgrade With the One Hop Upgrade Model Upgrade Path would be R1
Rn
Following Upgrade Paths will be supported by One Hop Upgrade
bull OIM R1PS1 OIM Rn [WLS]
bull OIM R1PS2 OIM Rn [WLS] [NON FA]
bull OIM R2 OIM Rn [WLS]
bull OIM R2PS1 OIM Rn [WLSWAS]
bull OIM 9x OIM Rn [WLSWAS]
Upgrade Design
PRE Upgrade Report
Middle Ware
Middle Ware
Schemas OIM MDS
SOAINFRA ORASDPM
Schemas
OIM MDS
SOAINFRA ORASDPM
OPSS
Post Upgrade Steps and Verification
Schema Upgrade
Mid Tier Upgrade
Rx Ry
Binaries (OIM HOME SOA
HOME)
Binaries (OIM HOME SOA
HOME)
Cluster Upgrade
bullUPGRADE STEPS
Binary Upgrade Configuring Domain with DB Policy Store Schema Upgrade Upgrading Oracle Identity Management Schemas Using Patch Set Assistant Mid Tier Upgrade Starting the Administration Server and SOA Managed Server Upgrading Oracle Identity Manager Middle Tier MDS patching
bullUPGRADE STEPS
Binary Upgrade Pack domain from Node1 Unpack the same on Node2
NODE-2
OIM Server SOA Server
OIM Server SOA Server
NODE-1
Admin Server OIM Server SOA Server
T2
T1 T1
T2
Admin Server
PRE UPGRADE CONSIDERATIONS
PRE UPGRADE CONSIDERATIONS
bull Upgrade Path Supported
bull Execution of Pre-Upgrade Utility
bull Analysis of Pre Upgrade Reports
bull Back-up and Restore
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Upgrade Design
PRE Upgrade Report
Middle Ware
Middle Ware
Schemas OIM MDS
SOAINFRA ORASDPM
Schemas
OIM MDS
SOAINFRA ORASDPM
OPSS
Post Upgrade Steps and Verification
Schema Upgrade
Mid Tier Upgrade
Rx Ry
Binaries (OIM HOME SOA
HOME)
Binaries (OIM HOME SOA
HOME)
Cluster Upgrade
bullUPGRADE STEPS
Binary Upgrade Configuring Domain with DB Policy Store Schema Upgrade Upgrading Oracle Identity Management Schemas Using Patch Set Assistant Mid Tier Upgrade Starting the Administration Server and SOA Managed Server Upgrading Oracle Identity Manager Middle Tier MDS patching
bullUPGRADE STEPS
Binary Upgrade Pack domain from Node1 Unpack the same on Node2
NODE-2
OIM Server SOA Server
OIM Server SOA Server
NODE-1
Admin Server OIM Server SOA Server
T2
T1 T1
T2
Admin Server
PRE UPGRADE CONSIDERATIONS
PRE UPGRADE CONSIDERATIONS
bull Upgrade Path Supported
bull Execution of Pre-Upgrade Utility
bull Analysis of Pre Upgrade Reports
bull Back-up and Restore
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Cluster Upgrade
bullUPGRADE STEPS
Binary Upgrade Configuring Domain with DB Policy Store Schema Upgrade Upgrading Oracle Identity Management Schemas Using Patch Set Assistant Mid Tier Upgrade Starting the Administration Server and SOA Managed Server Upgrading Oracle Identity Manager Middle Tier MDS patching
bullUPGRADE STEPS
Binary Upgrade Pack domain from Node1 Unpack the same on Node2
NODE-2
OIM Server SOA Server
OIM Server SOA Server
NODE-1
Admin Server OIM Server SOA Server
T2
T1 T1
T2
Admin Server
PRE UPGRADE CONSIDERATIONS
PRE UPGRADE CONSIDERATIONS
bull Upgrade Path Supported
bull Execution of Pre-Upgrade Utility
bull Analysis of Pre Upgrade Reports
bull Back-up and Restore
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
PRE UPGRADE CONSIDERATIONS
PRE UPGRADE CONSIDERATIONS
bull Upgrade Path Supported
bull Execution of Pre-Upgrade Utility
bull Analysis of Pre Upgrade Reports
bull Back-up and Restore
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
PRE UPGRADE CONSIDERATIONS
bull Upgrade Path Supported
bull Execution of Pre-Upgrade Utility
bull Analysis of Pre Upgrade Reports
bull Back-up and Restore
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Execution of Pre Upgrade Utility
List of Steps
bull Download the pending transaction report utility as described in the note 14719051
at httpssupportoraclecom
bull Edit preupgrade_report_inputproperties file to provide values for parameters
bull Set the following environment Variables
bull JAVA_HOME (Note JAVA_HOME version should be 16 or above)
bull MW_HOME
bull OIM_HOME
bull Note For 9x source version setting MW_HOME and OIM_HOME not required
bull Invoke generatePreUpgradeReportsh on UNIX or generatePreUpgradeReportbat on
Windows and provide the following details
bull After invoking the utility the following details need to be given at the command prompt
bull OIM Schema Password
bull MDS Schema Password
bull DBA Schema Password
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Analysis of Pre Upgrade Reports
Note The report should be clean as far as possible but its ok to leave behind some items like unprocessed
requests etc With a known fact that they wont be processed
Report Name Report Description
APPROVALPOLICYPreUpgradeReporthtml
This report lists the request approval policies that has a rule defined on the non existing template
AUTHORIZATIONPOLICYPreUpgradeReporthtml OIM 1112 uses a new authorization framework that does not use the authorization policies created in OIM 1111X Therefore all of the authorization policies created in OIM 1111X are invalid in this release
CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReporthtml The report includes a list of cyclic groups and instructions to remove cyclic dependency It is mandatory to remove all cyclic dependencies running in the OIM environment
EVENT_HANDLERPreUpgradeReporthtml This report captures all user customizations related to Event Handler in OIM
ORACLE_TEXTPreUpgradeReporthtml Oracle TEXT is a mandatory RDBMS component for OIM 1112Check this report to ensure that the component exists in your database installation
PROVISIONINGPreUpgradeReporthtml This report lists entities that are based on the following
bullEach resource object must have a process form associated with it
bullLists the resources that do not have a process form
bullResource objects must have an attribute of field type ITResource set in the process form
bullLists the ITResources without the ITResource field type in their respective Process Form
bullResource Objects that have multiple ITResource Lookup fields in the process form must set the ITResource Type property to true for at least one of the attributes
bullLists the Resource Objects that you do not have the ITResource Type property set
bullAccess Policies without ITResource value set in default policy data
REQUESTPreUpgradeReporthtml This report lists any necessary actions and invalid requests
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Pre Upgrade Report Relevances
Report Name (in index) Actual Name Is Relevant for 9x
Is Relevant for R1PS1
Is Relevant for R1PS2
Is Relevant for R2
Is Relevant for R2PS1
Comment
Installation Status of Mandatory Database Components ORACLE_MANDATORY_COMPONENT_CHKPreUpgradeReporthtml yes yes yes yes yes
List of invalid Password Policies PasswordPolicyPreUpgradeReport yes yes yes yes yes
Prerequisites for Online Purge ORACLE_ONLINE_PURGEPreUpgradeReport yes yes yes yes yes Existence based on query output
Pending Audit Tasks AUDITPreUpgradeReport yes No no no No
Pending Recon Events RECONPreUpgradeReport yes No no no No
Pending Approval Tasks REQUESTPreUpgradeReport yes No no no No
Pending Offline Provisioning Tasks JMSPreUpgradeReport yes No no no No
OSI Data Upgrade Utility Status OSIPreUpgradeReport yes No no no No
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport yes No no no No
List of potential app instance creation issues PROVISIONINGPreUpgradeReport yes No no no No
Installation Status of UDF UDFPreUpgradeReport No yes yes yes yes
Status of Mandatory deletion of OIM Authenticator Jar(s) WLSMBEANPreUpgradeReport No yes yes yes yes
List of invalid approval policies APPROVALPOLICYPreUpgradeReport No yes yes no No
List of Requests affected REQUESTPreUpgradeReport No yes yes no No
List of Invalid Request Data PROVISIONINGBYREQUESTPreUpgradeReport No yes yes no No
Event Handlers affected during upgrade EVENT_HANDLERPreUpgradeReport No yes yes yes No
Domain Reassociation report DomainReassocAuthorization No yes yes yes yes
Challenge Questions report ChallengeQuesPreUpgradeReport No yes yes yes yes
List of cyclic groups in LDAP directory CYCLIC_GROUP_MEMBERSHIP_CHKPreUpgradeReport No yes yes no yes
List of potential app instance creation issues PROVISIONINGPreUpgradeReport No yes yes no yes
Certification Report CertificationUpgradeReport No No no no yes
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Back-up and Restore
bull OIM Upgrade recommends back-up of
ndash MW_HOME directory including the Oracle Home directories inside Middleware Home
ndash Domain Home directory
ndash OIM schemas
ndash MDS schema
ndash ORASDPM schema
ndash SOAINFRA schemas
bull Please follow the Back-Up and Restore Document 13596561 at httpssupportoraclecom
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Upgrade Process
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Upgrade Process Steps
bull Binary Upgrade ndash Upgrading Oracle WebLogic Server
ndash Upgrading Oracle SOA Suite Used by OIM
ndash Upgrading Oracle Identity Manager 11g Release 2 (1112)
bull Configuring Domain with DB Policy Store ndash Creating Oracle Platform Security Services Schema
ndash Extending OIM 111150 Component Domains with OPSS Template
ndash Upgrading Oracle Platform Security Services
ndash Configuring OPSS Security Store
bull Schema Upgrade
ndash Upgrading Oracle Identity Management Schemas Using Patch Set Assistant
bull Mid Tier Upgrade
ndash Starting the Administration Server and SOA Managed Server
ndash Upgrading Oracle Identity Manager Middle Tier
ndash Restart Administration SOA Managed Server
bull MDS patching
ndash Start OIM Managed Server
ndash OIM Metadata is upgraded to latest release
bull Design Console Upgrade
bull Remote Manager Upgrade
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Binary Upgrade
bull Weblogic Upgrade
bull 1035 1036
bull Tool Weblogic Upgrade Script
bull OIM Binary Upgrade
bull Tool ndash OIM Rn Installer
bull SOA Binary Upgrade bull Tool ndash SOA Rn Installer
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Schema Upgrade
bull Pre-requisites
bull Oracle Text must be installed
bull No Cyclic dependency in the User Groups
bull Tool
bull Patch Set Assistant (PSA ndash Minor Upgrade)
bull Upgrade Assistant (UA ndash Major Upgrade)
bull Dependent Schemas
bull MDS
bull SOA
bull Invoking PSA (Minor Upgrade)
bull Go to $MW_HOMEoracle_commonbin
bull invoke psa (Linux) or psabat (windows)
bull Invoking UA (Major Upgrade)
bull Go to $MW_HOMEbin
bull Invoke UA (Linux) or uabat (windows)
bull Salient Features of Schema Upgrade
bull Pre Checkndash if any of the pre-requisites does not meet PSA fails
bull Re-enterant
bull Dependent Schemas (MDSSOA) are upgraded first
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Configuring Domain with DB based Policy Store
bull Model in PS1 bull File Based Policy Store
bull OPSS policies resided in domain (fmwconfigsystem-jaznxml)
bull Model R2 Onwards bull DB based policy store
bull How Upgrade deals with it bull New OPSS schema is created using RCU
bull Domain is extended for the new schema
bull Run Configure Policy Store
bull To change the domain configuration to use db-based policy store
bull To seed the policies into the db-based policy store
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Mid Tier Upgrade
bull Pre-requisites
bull OIM Schema Upgrade complete
bull Admin Server and SOA Server started
bull Tool
bull Stand Alone Utility OIMUpgradesh (Linux) OIMUpgradebat (Windows)
bull Location ltMW_HOMEgtOracle_IDM1serverbin
bull Mode to run MT Upgrade
bull Using Property File
bull Salient features of MT Upgrade
bull Pre-Check ndash MT fails if any of the pre-requisite is not met
bull Re-enternant in nature
bull Feature Upgrade Reports
bull Selective Feature Upgrade Possible
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
MDS patching
bull Pre Requisites
bull Schema Upgrade complete
bull Responsibility
bull Patches the Rn OIM Metadata in MDS while preserving the User Customizations
bull Eg New task definitions in dbtaskxml
bull Tool
bull MDS Listeners
bull Triggered during deployment of metadataear
bull Salient Features
bull MDS Patching Report
bull Event Handler Customizations needs to be done post-upgrade
bull In place validation for binary-schema upgrade
EAR Name Deployment Name EAR location Protected
oim_ee_metadataear OIMAppMetadata $ORACLE_OIM_HOMEserverapps oim_ee_metadataear
No
metadataear OIMMetadata $ORACLE_OIM_HOMEserverappsmetadataear
Yes
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Post Upgrade Steps
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Post Upgrade Manual Steps S No POST-UPGRADE STEPS Comments 9X WLS R1x WLS R2x WLS
1 Creating sysadmin Key manually create the sysadmin key using OEM N Y N
2 Running the Entitlement List Schedule For using catalog features Y Y N
3 Running the Entitlement Assignments Schedule Job ensure that the existing entitlement grants are shown properly in the My Entitlements tab Y N N
4 Running the Evaluate User Policies Scheduled Task to start provisioning based on access policy Y Y N
5 Running Catalog Synchronization To provosion AppInstance Y Y N
6 UMS Notification Provider To use the new notification provider Y Y N
7 Upgrading User UDF several features like user creation role creation and self registration request where UDFs are involved fails Y Y N
8 Upgrading Application Instances creates the UI Forms and Datasets for the Application Instances and seeds to MDS Y Y N
9 Redeploying XIMDD Y Y N
10 Redeploying SPML-DSML required only if the DSML web services for AD Password Sync were deployed Y Y N
11 Customizing Event Handlers re-customize after UpgradeUse a new file for customization to preserve the in upgrade Y Y N
12 Recompiling Adapters Y N N
13 Rewriting Prepopulate Adapters Y N N
14 Disabling User Login No longer mandatory attribute Y N N
15 Upgrading Oracle Identity Management Reports Y Y Y
16 Creating New SOA Composites Y N N
17 Upgrading SOA Composites manually upgrade OOTB composites and custom composites built before upgrading N Y N
18 Targetting JRFWSAsyncJmsModule to Oracle Identity Manager Server If you wish to use async webservices for SoD integration N N Y
19 Configuring Auto-Approval for Self-Registration Disabled after upgrade Y N N
20 Authorization Policy Changes Pre-upgrade custom Authorization Policies must be assigned new administrator roles in relation to User Administration Role Administration or Help Desk
N Y N
21 Generating an Audit Snapshot Y N N
22 Enabling Audit Y N N
23 Creating Password Policies a default password policy will be seeded at the TOP organization As a result any password policy rules created using the older password policy model in Oracle Identity Manager 91xx environment will not be supported The upgrade utility does not migrate the password policies of Oracle Identity Manager 91xx
Y y N
24 Impact of Removing Approver-Only Attribute in Request Data Set manually add LDAP Sync Validation Handler remove RDN pre-process handler N Y N
25 Provisioning OIM Login Modules Under WebLogic Server Library Directory N Y N
26 Reconfiguring Lookup Based UDF Field If UDF of type lookup or dropdown as outputText field exists N N Y
27 Creating PeopleSoft Enterprise HRMS Reconciliation Profile If you have PeopleSoft connector N Y Y
28 Reviewing OIM Data Purge Job Parameters the OIM Data Purge Job will be seeded in enabled stateby upgrade which will purge platform data with a retention period of 1 day for complete orchestration To enable purge of request reconciliation and provisioning task you must revisit the OIM Data Purge Job parameters
Y Y Y
29 Reviewing Performance Tuning Recommendations Y Y Y
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test
Post Upgrade Verification
bull Use the following URL in a web browser to verify that Oracle Identity Manager 1112 is running
httpltoimexamplecomgtltoim_portgtsysadmin
httpoimexamplecom14000identity where
ltoimexamplecomgt is the path of the administration console
ltoim_portgt is the port number
bull Use Fusion Middleware Control to verify that Oracle Identity Manager and any other Oracle Identity Management components are running in the Oracle Fusion Middleware environment
bull Install the Diagnostic Dashboard and run the following tests
ndash Oracle Database Connectivity Check
ndash Account Lock Status
ndash Data Encryption Key Verification
ndash JMS Messaging Verification
ndash SOA-Oracle Identity Manager Configuration Check
ndash SPML Web Service
ndash Test OWSM setup
ndash Test SPML to Oracle Identity Manager request invocation
ndash SPML attributes to Oracle Identity Manager attributes
ndash Username Test