Post on 24-Oct-2014
Embed Size (px)
Oracle Access ManagerRelease Notes Bundle Patch 184.108.40.206.3 GenericMay 2011
This document describes the bug fixes that are included with Bundle Patch 220.127.116.11.3. This bundle patch requires a base installation of Oracle Access Manager 11g Release 1 (18.104.22.168.0) with or without bundle patches applied.See Also: Oracle Access Manager Release Notes for Webgate 11g (22.214.171.124) Linux, Solaris, Windows, HP-Itanium, AIX, and HP PA-RISC Operating Systems, under Section 3.2, "Patch Set Notes and Bundle Patch Notes"
This document supersedes the documentation that accompanies Oracle Access Manager 11g Release 1 (126.96.36.199.0), and earlier documents if any. This document contains the following sections:
Section 1, "Documentation Accessibility" Section 2, "Bundle Patch Overview" Section 3, "Documentation" Section 4, "Bundle Patch Requirements" Section 5, "Before You Install This Bundle Patch" Section 6, "Bundle Patch Installation and Removal" Section 7, "Known Issues" Section 8, "Fixes Included in This Cumulative Bundle Patch" Section 9, "Documentation Issues Resolved in This Bundle Patch" Section 10, "Components Included with this Bundle Patch"
The names of the operating systems have been shortened for this document, as follows:
1 Documentation AccessibilityOur goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more
information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/. Accessibility of Code Examples in Documentation Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace. Accessibility of Links to External Web Sites in Documentation This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites. Deaf/Hard of Hearing Access to Oracle Support Services To reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html, and a list of phone numbers is available at http://www.fcc.gov/cgb/dro/trsphonebk.html.
2 Bundle Patch OverviewThis bundle patch must be applied to Oracle Access Manager 11g components. Following topics provide an overview of bundle patches:
Section 2.1, "Bundle Patch Introduction" Section 2.2, "Bundle Patch Baseline Packages" Section 2.3, "Bundle Patch Package Names"
2.1 Bundle Patch IntroductionA bundle patch is an official Oracle patch for Oracle Access Manager components on baseline platforms. Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in the bundle patch have been tested and are certified to work with one another. Regression testing has also been performed to ensure backward compatibility with all Oracle Access Manager components in the bundle patch, and earlier Webgates. Each bundle patch is cumulative: the latest bundle patch includes all fixes in earlier bundle patches for the same release and platform. Fixes delivered in bundle patches are rolled into the next release. Bundle patches are released on a regular basis and are available on My Oracle Support (formerly Oracle MetaLink). A knowledge base note, maintained by the Support team, is also available to provide a list of bundle patches and included packages. Look for Note: 736372.1 on My Oracle Support at:http://support.oracle.com
To remain in an Oracle-supported state, Oracle recommends that you apply the bundle patch to all installed components for which packages are provided.
Table 1 outlines the differences between a bundle patch and a standard patch set.Table 1 Bundle Patches versus Patch Sets Description A bundle patch is an official Oracle patch mechanism for Oracle Access Manager components on baseline platforms. Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. This bundle patch must be applied to Oracle Access Manager 11g Release 1 (188.8.131.52.0) components. See Also: Section 5, "Before You Install This Bundle Patch". Patch Set Note: There is no patch set available for Oracle Access Manager 11g. A patch set is a mechanism for delivering fully tested and integrated product fixes that can be applied to installed components of the same release. Patch sets include all of the fixes available in previous bundle patches for the release. A patch set can also include new functionality. All of the fixes in the patch set have been tested and are certified to work with one another on the specified platforms. Each patch set provides the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform.
Mechanism Bundle Patch
2.2 Bundle Patch Baseline PackagesBundle Patch 184.108.40.206.3 provides a generic package for all supported OAM Servers.See Also: Oracle Access Manager Release Notes for Webgate 11g (220.127.116.11) Linux, Solaris, Windows, HP-Itanium, AIX, and HP PA-RISC Operating Systems for details about Webgates delivered with Oracle Access Manager Bundle Patch 18.104.22.168.3
2.3 Bundle Patch Package NamesOracle Access Manager bundle patch releases are distributed in individual platform-specific bundles (zip files). Oracle Access Manager bundle patch zip file names are based on the following:
BaseRelease refers to the required component release base; for this bundle patch series the release base is 22.214.171.124.0. BPnn is the short name for a specific bundle patch release (BP01, for example, is also known as release 126.96.36.199.1; BP03 is also known as 188.8.131.52.3) component refers to a specific Oracle Access Manager component, such as OAM Server or a specific Webgate. Webserver is the Web server identifier for a Webgate
Table 2 lists sample package names for Oracle Access Manager bundle patches.Table 2 Bundle Patch Bundle Patch Package Name Examples Example
Convention Oracle_Access_Manager_BaseRelease_BPnn_component.zip OAM Server 11g Agents Oracle_Access_Manager_11_1_1_3_0_BP03_generic_server_ components.zip Convention Oracle_Access_Manager_11_1_1_3_0_BPnn_Webserver_Webgate.zip Example Oracle_Access_Manager_11_1_1_3_0_BP03_OHS_Webgate.zip OAM Identity Assertion Provider Convention oamAuthnProvider Example oracle.oamprovider_11.1.1/oamAuthnProvider.jar
3 DocumentationThis section describes the documentation that is available to support the latest bundle patch and the original release. This section provides the following topics:
Section 3.1, "Oracle Access Manager Manuals and Release Notes" Section 3.2, "Patch Set Notes and Bundle Patch Notes" Section 3.3, "Certification Documentation"
3.1 Oracle Access Manager Manuals and Release NotesYou can find release notes and manuals on Oracle Technology Network (OTN). If you already have a user name and password for OTN, you can go directly to the documentation section of the OTN Web site at:http://www.oracle.com/technetwork/indexes/documentation/index.html
Oracle Access Manager 11g is documented in the following manuals:
Oracle Access Manager 11g Release 1 (184.108.40.206.0) Release Notes chapter of the Oracle Fusion Middleware Release Notes 11g Release 1 (11.1.1) Oracle Fusion Middleware Installation Guide for Oracle Identity ManagementExplains how to use the Oracle Universal Installer and the WebLogic Configuration Wizard for initial Oracle Access Manager 11g deployment. Installing Oracle Access Manager 11g Webgates is also covered. Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token ServiceExplains how to manage Oracle Access Manager components and policies within one or more WebLogic administration domains. Oracle Fusion Middleware Integration Guide for Oracle Access ManagerExplains how to set up Oracle Access Manager to run with other Oracle and third-party products
Oracle Fusion Middleware Upgrade Planning Guide Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management Oracle Fusion Middleware Upgrade Guide for Java EEFor information about the types of Java EE environments available in 10g and instructions for upgrading those environments to Oracle Fusion Middleware 11g. Oracle Fusion Middleware Administrator's GuideDescribes how to manage Oracle Fusion Middleware, including how to change ports, deploy applications, and how to back up and recover Oracle Fusion Middleware. This guide also explains how to move data from a test to a production environment. Oracle Fusion Middleware Application Security GuideExplains deploying Oracle Access Manager 10g SSO solutions, which have been replaced by OAM 11g SSO. Oracle Application Server Single Sign-On Administrator's GuideFor details about using OracleAS Single Sign-On with mod_osso to protect access to Web applications. Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity ManagementFor a step-by-step guide to deployment. Oracle Fusion Middleware WebLogic Scripting Tool Command ReferenceProvides a section on customized Oracle Access Manager commands in the chapter "Infrastructure Security Custom WLST Commands".
3.2 Patch Set Notes and Bundle Patch NotesYou can download notes with software patches and bundle patches from My Oracle Support (formerly MetaLink) at:http://support.oracle.com
This document, Oracle Access Manager Release Notes for Bundle Patch 220.127.116.11.3 Generic, provides the following information for this specific bundle patch release:
General information about bundle patches General bundle patch requirements and installation details Details about what is included in this bundle patch This Oracle Access Manager Release Notes for Bundle Patch 18.104.22.168.3 Generic readme file is available in PDF format within the bundle patch distribution zip file. The file is named for the product and release (oam_111133_doc.pdf). An HTML version of this file, readme.htm, is available outside the zip file.
The Oracle Access Manager Release Notes for Webgate 11g (22.214.171.124) Linux, Solaris, Windows, HP-Itanium, AIX, and HP PA-RISC Operating Systems provides the following information for Webgates delivered with Oracle Access Manager Bundle Patch 126.96.36.199.3
General information about bundle patches General Webgate bundle patch requirements and installation details Details about what is included in the Webgate bundle patch
The Oracle Access Manager Release Notes for Webgate 11g (188.8.131.52) Linux, Solaris, Windows, HP-Itanium, AIX, and HP PA-RISC Operating Systemsreadme file is available in PDF format within the bundle patch distribution zip file. The file is named for the product and release (oam_111133_webgate_ doc.pdf). An HTML version of this file, wg_readme.htm, is available outside the zip file.
3.3 Certification DocumentationTable 3 provides the sites where you can find certified support information and installation packages.Table 3 OAM Certification Documentation, Installers, and Readme http://www.oracle.com/technetwork/middleware/ia s/downloads/fusion-certification-100350.html http://www.oracle.com/technology/software/produ cts/middleware/htdocs/fmw_11_download.html Oracle Fusion Middleware 11gR1 Software Downloads page Oracle Fusion Middleware System Requirements and Specifications Non-OHS 11g Webgate Installers and Release Notes http://www.oracle.com/technology/software/produ cts/ias/files/fusion_requirements.htm
Certification Matrix on Oracle Technology Network Certification Release Notes and Related Doc Updates on OTN
Webgates for Oracle Access Manager 11g (other than OHS 11g Webgates), can be found on the Oracle Identity Management 10g downloads page at: http://www.oracle.com/technology/software/produ cts/ias/htdocs/101401.html Oracle Access Manager - 3rd Party Integration Release Notes include:
Contents of Each Download Link Prerequisites Overview of changes to Oracle Access Manager manuals Known Issues
4 Bundle Patch RequirementsRequirements for this bundle patch are discussed in the following topics:
Section 4.1, "Base Release for Bundle Patch 184.108.40.206.3" Section 4.2, "Bundle Patch Recommendations"
4.1 Base Release for Bundle Patch 220.127.116.11.3Oracle Access Manager 11g Release 1 (18.104.22.168.0), is the required base for Bundle Patch 22.214.171.124.3.
See Also: Oracle Access Manager Release Notes for Webgate 11g (126.96.36.199) Linux, Solaris, Windows, HP-Itanium, AIX, and HP PA-RISC Operating Systems for details about Webgates delivered with Oracle Access Manager Bundle Patch 188.8.131.52.3
Oracle Access Manager 11g full installers are available with Oracle Fusion Middleware 11g on the Oracle Technology Network:http://www.oracle.com/technology/software/products/middleware/htdo cs/fmw_11_download.html
Additional Webgates (non-OHS 11g Webgates) are available on:http://www.oracle.com/technology/software/products/ias/htdocs/1014 01.html
4.2 Bundle Patch RecommendationsOracle recommends that you apply each bundle patch to all installed components included with the bundle patch. Oracle also recommends that OAM Server components be at the same (or higher) bundle patch level as the installed 11g Webgate. If a Webgate bundle patch is provided, Oracle recommends that you apply it as described in Table 4.See Also: Oracle Access Manager Release Notes for Webgate 11g (184.108.40.206) Linux, Solaris, Windows, HP-Itanium, AIX, and HP PA-RISC Operating Systems for details about Webgates delivered with Oracle Access Manager Bundle Patch 220.127.116.11.3Table 4 Bundle Patches and Webgates Perform Following Steps ... Apply a Webgate bundle patch:1.
If you have ... 11g Release 1 (18.104.22.168.0) Webgates
Confirm that an 11g Release 1 (22.214.171.124.0) Webgate is installed as described in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. See Section 10, "Components Included with this Bundle Patch" to learn if a Webgate is provided. Confirm that the installed Webgate bundle patch level, if any, is lower than the bundle patch you intend to apply. Apply the bundle patch as described in Section 6, "Bundle Patch Installation and Removal".
2. 3. 4.
Earlier Webgates (release 7.x, 10.x)
Deploy an 11g Release 1 (126.96.36.199.0) Webgate with a full installer package1.
Remove the earlier Webgate (or AccessGate) using instructions in the earlier Oracle Access Manager Installation Guide. Install the 11g Webgate using all specifications for the earlier Webgate and steps in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. Apply this bundle patch as described in Section 6, "Bundle Patch Installation and Removal".
5 Before You Install This Bundle PatchBefore installing this bundle patch, Oracle recommends that you review this section and follow these instructions carefully:
Ensure that your system configuration is at the appropriate level: Oracle Access Manager 11g Release 1 (188.8.131.52.0) Supported Operating System Supported Web server release and type
Confirm that any currently installed bundle patch level is lower than the one you intend to install. For example, you can install 184.108.40.206.3 on top of 220.127.116.11.3 but you cannot install 18.104.22.168.2 over 22.214.171.124.3.
There is no need to remove an earlier bundle patch before installing a later one.Note: If your system configuration does not meet support requirements, or if you are not certain that your system configuration meets these requirements, Oracle recommends that you log an Service Request to get assistance with this bundle patch. Oracle Support will make a determination about whether you should apply this bundle patch or not.
6 Bundle Patch Installation and RemovalThis section contains the following topics to guide you as you prepare and install the bundle patch files (or as you remove a bundle patch should you need to revert to your original installation):
Section 6.1, "Preparing the Environment and Downloading the Bundle Patch" Section 6.2, "Installing a Bundle Patch on Any Platform" Section 6.3, "Failure During Bundle Patch Application" Section 6.4, "Rolling Back a Bundle Patch on Any System"Note:
Oracle recommends that always install the latest bundle patch.
6.1 Preparing the Environment and Downloading the Bundle PatchThis section introduces the Oracle patch mechanism (Opatch) and requirements that must be met before applying the bundle patch. Opatch is a Java-based utility that runs on all supported operating systems and requires installation of the Oracle Universal Installer.Note:
Oracle recommends that you have the latest version of Opatch from My Oracle Support (formerly Oracle MetaLink). Opatch requires access to a valid Oracle Universal Installer (OUI) Inventory to apply patches.
The patching process uses both unzip and Opatch executables. After sourcing the ORACLE_HOME environment, Oracle recommends that you confirm that both of these exist before patching. Perform steps in the following procedure to prepare your environment and download the bundle patch. Due to formatting constraints in this document, some sample text lines wrap around. These line wraps should be ignored. Unless explicitly identified as relevant to only a specific condition, all steps apply to all intended Opatch usage and environments. Ignore steps that do not apply to your environment or intended Opatch use. For instance, Steps 6 and 7 are required only if you intend to use Opatch with the -auto flag for patch application. Without the Opatch Auto flag, you can skip Steps 6 and 7. Steps that relate to only a specific condition are identified with a bold condition.Note: Ignore line wrapping in syntax examples and ignore steps that do not apply to your environment or intended Opatch use.
Several steps instruct you to use new functionality available with this bundle patch. These steps include a link to more information.See Also:
Oracle Fusion Middleware Patching Guide Oracle Universal Installer and OPatch User's Guide at http://download.oracle.com/docs/cd/E14571_ 01/doc.1111/e16793/toc.htm Oracle Access Manager Release Notes for Webgate 11g (126.96.36.199) Linux, Solaris, Windows, HP-Itanium, AIX, and HP PA-RISC Operating Systems for details about Webgates delivered with Oracle Access Manager Bundle Patch 188.8.131.52.3
To prepare your environment and download the bundle patch 1. Download Opatch 11.1.x (version 184.108.40.206.3 or higher is required), if needed:Note:
If you have Opatch, enter opatch --help to learn the version. If earlier than 220.127.116.11.3, you must download the latest 11.1.x version. Do not download Opatch 11.2.
Log in to My Oracle Support:https://support.oracle.com/
Review the following notes before installing Opatch: Note 224346.1: Opatch - Where Can I Find the Latest Version of Opatch? and, in the document, click the Patch 6880880 link which takes you to the screen where you can obtain the latest version of OPatch based on release versions and platforms. Note 1051266.1: How To Install a WebCenter 11g Patch? Opatch -auto Option: See Note 1146793.1, How to check/verify/modify Node Manager username & password?
Confirm the required executables are in your system PATH, and add these if needed:which opatch which unzip
Verify the OUI Inventory using the following command:opatch lsinventory
If an error occurs, contact Oracle Support to validate and verify the inventory setup before proceeding. If the ORACLE_HOME does not appear, it might be missing from the Central Inventory, or the Central Inventory itself could be missing or corrupted.4. 5.
Confirm that ORACLE_HOME is pointing to the correct location (MW_ HOME/Oracle_IDM1) and change this if needed. On the machine that will host the bundle patch files, create a directory to store the unzipped patch (referenced later as PATCH_TOP). For example: Linux: /home/18.104.22.168.3/tmp Solaris: /opt/22.214.171.124.3/tmp Windows: C:\126.96.36.199.3\tmp Opatch -auto Flag: Steps 6 and 7 are required only if you intend to use Opatch with the -auto flag for patch application. Without the Opatch Auto flag, you can skip Steps 6 and 7.Note:
The Opatch -auto flag uses WLST commands with the Node Manager to start or shut down required WLS servers (AdminServer, OAM Servers, or both).
Opatch -auto Flag: Node Manager configuration:Note:
If nodemanager.properties is not in the default location, then starting and stopping Node Manager once creates this file.
Open the file nodemanager.properties in the default path: Default Path:MW_HOME or WebLogic_HOME/common/nodemanager/
Windows Example:fmw11g\wlserver_10.3\common\nodemanager\nodemanager.properties b.
Add or validate the following lines in nodemanager.properties:StartScriptEnabled=true StopScriptEnabled=true
Ensure that the Node Manager is running using the startNodeManager script in the following path:MW_HOME or WebLogic_HOME/server/bin/startNodeManager
Step 7 instructs you to change the server's machine name and listen address, which can be blank on a default installation. For the -auto option: The machine name for each WebLogic server (including AdminServer) must be set to a specific Host_Name, not blank or none. The listen address of the AdminServer and OAM Servers must be set to a real physical host address (hostname, FQDN, or IP address), not blank or localhost.
After this, you must connect to WLST (or the Administration Console) using this Host_Name (not "localhost"). Explicit Host_Name usage is required while accessing WLST or the Administration Console.7.
Opatch -auto Flag: Set the Machine Name and Listen Address as follows: Configure OAM Servers:Note:
With the WebLogic Server in Development Mode, ignore Steps labeled for Production Mode.
a. b. c. d.
Log in to the WebLogic Administration Console and go to the Domain Structure, go to Domain_Name, Environments, Machines. Production Mode: Click the Lock & Edit button. Create a new machine: Click the NEW button, enter a name, and choose the Machine OS (Unix, for example). Select the Machine just created, go to Configuration, Node Manager, then change the Listen Address to the Host_Name for which the Node Manager is listening, then click Save. In the Domain Structure, go to DOMAIN_NAME, Environments, Servers. Click on each server, assign the new machine created above; within 'Listen Address' enter the name of the host where the Node Manager is running and then click the Save button. Production Mode: Click the Activate Changes button. Repeat for each OAM Server.
Specific steps for the WebLogic Server in Development Mode, and Production Mode, are labeled.
From the WebLogic Administration Console, Stop the AdminServer and all OAM Servers. Production Mode: Backup and modify the existing config.xml as follows: Back up the existing config.xml file for the WebLogic domain. For example, the default path is:MW_HOME/user_projects/domains/DOMAIN_NAME/config/config.xml
Modify config.xml to search for the AdminServer entry and add the following entries beneath it:-------------------------------------------------[HOST_NAME] [HOST_NAME] --------------------------------------------------
Development Mode: Click AdminServer, assign the machine created earlier and click the Save button; within 'Listen Address' enter the name of the host where the Node Manager is running and click the Save button. Change the hostname verification for AdminServer. Production Mode: Click the Lock & Edit button. In the Domain Structure, go to DOMAIN_NAME, Environments, Servers. Click AdminServer, then within the Configuration tab and over the SSL subtab. Click within the Advanced link and then change the Hostname Verification to None, and click the Save button. Production Mode: Click the Activate Changes button.
Restart the Node Manager, AdminServer, and all OAM Servers. If AdminServer does not start, restore config.xml and contact Oracle Support.
Retrieve the Bundle Patch:a. b. c.
From My Oracle Support, click the Patches & Updates link. Enter the Patch ID or Number, then click Search to display a Patch Search Results table. Using the Release and Platform columns, find the desired patch, then click the associated Patch ID.
Download: In the page that appears, click the Download button to retrieve the packages.
Stop all OAM Servers and AdminServer. For example:unzip -d PATCH_TOP p12365301_111130_Generic.zip
10. Unzip the patch zip file into the PATCH_TOP directory you created earlier.
11. On AdminServer and OAM Servers, copy the following files:
config.jar configmgmt.jar mapstore-coherence.jar From: patch/files/oam/server/lib/jmx To: DOMAIN_HOME/config/fmwconfig/mbeans/oam12. On AdminServer and OAM Servers, copy RequestResponseXMLSchema.xsd
to your domain location. For example: From: patch/files/oam/server/config/RequestResponseXMLSchema.xsd To: DOMAIN_HOME/config/fmwconfigNote:
Step 13 describes how to delete mod-osso agent custom cookies on logout. If you already have an OAM domain, perform the Step 13 now. Otherwise, perform Step 13 after you have configured an OAM domain.
13. Remove mod-osso Agent Custom Cookies on Logout: First back up and
then edit DOMAIN_HOME/config/fmwconfig/oam-config.xml as follows:a.
Back up DOMAIN_HOME/config/fmwconfig/oam-config.xml.Note:
Steps 13b-c describe editing oam-config.xml to configure the OAM Server to delete custom cookies (set during authentication) when a user logs out of OAM. For instance, when integrating with Oracle E-Business Suite, the ORASSO_AUTH_HINT cookie is set by the application and should be included in the CookieNames list in Step b.
Delete Custom mod-osso Agent Cookies on Logout: In oam-config.xml, add the CookieDelMap element and CookieNames (one value or a comma-separated list of custom cookies to delete when a user logs out). See also the fix for bug 10216429 in Table 7, " Details of Cumulative Bundle Patch 188.8.131.52.3". Syntax: COOKIE_NAME
Example (beneath PluginClass" Type=...):
15. Migrated OSSO Environment: Oracle recommends that you apply the
bundle patch before starting migration. However, if the environment is already migrated, perform the following steps:a.
In OAM Administration Console, Policy Configuration tab, Shared Components node, edit the host identifier of 'migratedSSOPartners' to add the following two entries:Host Name = migratedSSOPartners, Port = 80 Host Name = migratedSSOPartners, Port = (empty value to be set for port)
b. c. d.
Turn off the Web server associated with the protected application. Back up your ORACLE_HOME. Move the backup directory to another location and record this so you can locate it later, if needed.
16. Proceed to Section 6.2, "Installing a Bundle Patch on Any Platform":
6.2 Installing a Bundle Patch on Any PlatformThis section describes how to install components in the bundle patch on any platform using Oracle patch (Opatch). While individual command syntax might differ depending on your platform, the overall procedure is the same. The files in each bundle patch are installed into the destination ORACLE_ HOME. This enables you to remove (roll back) the bundle patch even if you have deleted the original bundle patch files from the temporary directory you created. Oracle recommends that you back up the ORACLE_HOME using your preferred method before any patch operation. You can use any method (zip, cp -r, tar, and cpio) to compress the ORACLE_HOME. When Opatch starts, it validates the patch to ensure there are no conflicts with the software already installed in your ORACLE_HOME:
Conflicts with a patch already applied to the ORACLE_HOME. In this case, stop the patch installation and contact Oracle Support Services.
Conflicts with subset patch already applied to the ORACLE_HOME. In this case, continue installation because the new patch contains all the fixes from the existing patch in the ORACLE_HOME. The subset patch is automatically rolled back before installation of the new patch begins.
This patch is -auto flag enabled. You can choose to apply the patch with or without the -auto flag. Table 5 describes the Opatch application modes. The following procedure includes steps for both modes.Table 5 Mode opatch apply -auto On Windows: opatch apply -auto -domain domain_name Opatch Application Modes Description With the -auto option, Opatch bounces all local servers (and servers sharing the Middleware Home) affected by the patch. Also:
AdminServer and Node Manager must be running. OAM Servers may be running or not. If not running, you must start these servers to uptake the patch (OPatch does not). Opatch expects secure connections. In Open mode, you might see a WARNING after running opatch apply -auto. See details after this table.
With the -auto option, Opatch interviews you for the following inputs. Ensure that the values you enter are correct and complete to avoid patch failures: AdminUser: The WebLogic AdminServer username AdminPassword: The WebLogic AdminServer password AdminServerURL: The WebLogic AdminServer URL DomainHome: The WebLogic domain directory location ApplicationsDir: WebLogic applications directory location On Windows system, include the -domain option and the domain name. opatch apply Without the -auto flag:
No servers need to be running.
Secure Communication: When using the -auto flag in Open security mode, you might see a WARNING after running the opatch apply -auto command. Oracle recommends that you review the log file for more information. For example:The following warnings have occurred during Opatch execution: 1) OUI-67851: All the applications affected by this patch are deployed in 'No Stage' mode. Redeploy operation will not be performed for the affected applications. Please refer to the log file for more details
Migration from OSSO 10g to OAM 11g: The administrator must explicitly set the Identity Store (migratedUserIdentityStore) as the primary store, and also ensure that migratedUserIdentityStore is updated with the necessary Administrator Group to access Oracle Access Manager Console. This enables users to log in to and out of integrated Partner Applications (DAS 10g and Oracle E-Business Suite, for example) as a valid user (defined in your Oracle Internet Directory data store. Exactly when you perform this task depends on when the migration from OSSO 10g to OAM 11g occurs:
Migration Before Bundle Patch 184.108.40.206 Installation: Apply Bundle Patch 220.127.116.11, then reset the primary Identity Store (migratedUserIdentityStore) before logging in to integrated Partner Applications. Migration After Bundle Patch 18.104.22.168 Installation: Reset the primary Identity Store after migration and before logging in to integrated Partner Applications.
In either event, see Step 10 in "To install a bundle patch on any platform". Administrators can use either the Oracle Access Manager Console or WLST commands to accomplish this task. Step 10 describes this using the console. To install a bundle patch on any platform Complete all activities in Section 6.1, "Preparing the Environment and Downloading the Bundle Patch". Log in as the same user who installed the base product and:a. b. c. d. 3.
Stop the OAM Server to which you will apply this bundle patch, and any application that uses this component. Turn off the Web server associated with the protected application. Back up your ORACLE_HOME. Move the backup directory to another location and record this so you can locate it later, if needed.
Set your current directory to the directory where the patch is located. For example: cd PATCH_TOP/12365301
Use the desired Opatch command to apply the patch to your ORACLE_ HOME: Without Auto Flag: opatch apply Auto Flag: opatch apply -auto Auto Flag on Windows: opatch apply -auto -domain domain_nameNote:
Opatch operates on one instance at a time. If you have multiple instances, you must repeat these steps for each instance.
Auto Flag: Provide details as you are prompted for them (see Table 5), check for any WARNING messages then review the log file if needed.Note:
Step 6 is needed only when migrating from a test environment to a production environment. Here you are instructed to edit oam-config.xml. Oracle recommends that you back up the current oam-config.xml before editing.
Test to Production: When migrating a selected partner, retrieve the partner ID from the test systems oam-config.xml. For example, if the partner ID for the OSSO Agent with site name 'TEST_OSSO_AGENT2' is
998AF964144D39BC2F, as shown here (see also the fix for bug 10119361 in Table 7, " Details of Cumulative Bundle Patch 22.214.171.124.3"): TEST_OSSO_AGENT2
Then execute the following command from the WLST prompt:exportSelectedPartners(pathTempOAMPartnerFile="",partnersNameList="998AF964144D39BC2F") 7.
Remove the class files from the following directory (without erasing any jsp files you might have customized or configuration changes made to the deployment):/servers//tmp/_WL_user/oam_server/ xrd2uw/jsp_servlet/_pages/*.class
Multiple Instances: Repeat Steps 1-7 to apply the bundle patch to each instance throughout your installation. Without -auto Flag: Restart servers (AdminServer and all OAM Servers), as needed (see Table 5). (migratedUserIdentityStore) before logging in to the integrated Partner Applications:Note:
10. Migration from OSSO 10g to OAM 11g: Reset the primary Identity Store
Migration Before Bundle Patch 126.96.36.199 Installation: Apply Bundle Patch 188.8.131.52, then reset the primary Identity Store. Migration After Bundle Patch 184.108.40.206 Installation: Reset the primary Identity Store after migration.
a. b. c. d. e.
From the Oracle Access Manager Console, System Configuration tab, expand Data Sources, and expand User Identity Stores. In the navigation tree, double-click the name MigratedUserIdentityStore. Click the Set as Primary button. Click Apply. Log in to integrated Partner Applications, as usual. Step 11 describes how to enable SSL in an E-Business Suite partner application OAM Server and AdminServer.
11. Enable SSL for OAM Server: a. b. c.
Create a Wallet, Certificates, and keystore file. From the WebLogic Server Administration Console, configure SSL for AdminServer and oam_server1. Enable the SSL port for both AdminServer and oam_server1.
Specify the same keystore file for Node Manager in the nodemanager.properties file. Default Path:MW_HOME or WebLogic_HOME/common/nodemanager/
Windows Example:fmw11g\wlserver_10.3\common\nodemanager\nodemanager.properties e.
Confirm that the SSL enabled application correctly redirects to the SSL-enabled Oracle Access Manager SSO Login page, and that you can log in and access the application as expected. Back up DOMAIN_HOME/config/fmwconfig/oam-config.xml.Note:
Steps 11g-h describe editing oam-config.xml to configure the OAM Server for SSL through the AdminServer.
Update logoutRedirectUrl for IDMDomainAgent: In oam-config.xml, modify the logoutRedirectUrl parameter from http to https and change the http port to the https port). Syntax:> https://host:/oam/server/logout>
Configuration Version: Increment the Version xsd:integer as shown in the next to last line of this example (existing value (3) + 1): Example: