Moving from a Test to a Production Environment 21-11 ■ For Oracle Identity Federation, configured various trusted identity providers and service providers. ■ For Oracle Access Manager 11g, set up authentication with corresponding WebGates configured in the Web tier of the protected applications. The Oracle Access Manager configuration data resides in a file and the policy and configuration data resides in a database, as described in the Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service. ■ For Oracle Platform Security, created security policies and stored credentials in the Credential Store Framework CSF. Oracle Platform Security is useful for applications such as ADF, WebCenter, and SOA Composite applications. ■ For Oracle Web Services Manager, created Oracle Web Services Manager policies. These policies are also attached to Web services and clients. ■ For SSL, configured self-signed certificates. In a production environment, you use trusted CA-signed certificates.

21.4.1.1 Moving Identity Management to a New Production Environment

In this scenario, you have installed Identity Management components, such as Oracle Internet Directory, Oracle Virtual Directory, and Oracle Directory Integration Platform, in a test environment and you want to move them to a production environment that does not exist. First, perform the following task. It is required for all components: Task 1, Move the Database, Middleware Homes, and Domain Configuration to the New Production Environment Then, perform the following tasks, depending on which components you use: ■ Task 2, Move Oracle Internet Directory to the New Production Environment ■ Task 3, Move Oracle Virtual Directory to a New Production Environment ■ Task 4, Move Oracle Directory Integration Platform to a New Production Environment ■ Task 5, Move Oracle Access Manager 11g to a New Production Environment ■ Task 6, Move Oracle Access Manager 10g to a New Production Environment ■ Task 7, Move Oracle Identity Federation to a New Production Environment ■ Task 8, Move Oracle Adaptive Access Manager to a New Production Environment ■ Task 9, Move Oracle Identity Navigator to a New Production Environment ■ Task 10, Move Oracle Identity Manager to a New Production Environment ■ Task 11, Move Audit Policies to a New Production Environment ■ Task 12, Move Oracle Platform Security to a New Production Environment ■ Task 13, Move Oracle Web Services Manager to a New Production Environment Task 1 Move the Database, Middleware Homes, and Domain Configuration to the New Production Environment You move the database, a copy of all Identity Management Middleware homes, and the domain configuration to the production environment, using the following steps: 21-12 Oracle Fusion Middleware Administrators Guide 1. Move or create the database and the schemas, as described in Section 21.3.2 . 2. Move a copy of the Middleware home containing the Identity Management components from the test environment to the production environment using the copyBinary and pasteBinary scripts, as described in Section 21.3.3 . 3. Move a copy of the configuration of each domain containing the Identity Management configuration, as described in Section 21.3.4 . This step moves the configuration, including the domain, Administration Server, and Managed Servers. Moving the configuration also: ■ Reassociates the security store to an LDAP or database-based store, based on the values provided in move plan. ■ Moves Oracle Platform Security. ■ Moves Oracle Web Services Manager and any policies that are stored in the MDS Repository or deployment plans, and any custom policies that are stored in DOMAIN_HOMElib. ■ Configures data sources. ■ Configures JMS resources. ■ Starts the Administration Server. Task 2 Move Oracle Internet Directory to the New Production Environment To move Oracle Internet Directory to a new production environment: 1. Move the Oracle Internet Directory configuration, as described in Section 21.3.5 . Note the following: ■ If an Oracle Internet Directory component is copied with the same database credentials as the source component, the name of the target OID component should be different than the source component to avoid conflicts in the OID schema. ■ If an Oracle Internet Directory component is copied with different database credentials from the source component, the name of the target Oracle Internet Directory component should be the same as the source component to avoid conflicts in the OID schema. 2. Under certain conditions, you may see the following errors when you run the copyConfig and pasteConfig scripts: OID Cloning: Error cleaning replication agreements OID Cloning: Error deleting replication dn OID Cloning: Error updating orclreplicaid If you do, take the following steps: a. Run the following command: ORACLE_HOMEldapbinremtool -pcleanup When prompted, enter the Oracle Internet Directory host, non-SSL port, and the ODS schema password. b. Perform an ldapsearch on the root dn for the orclreplicaid value. Use the following command: ORACLE_HOMEbinldapsearch -p port -h host -b -s base objectclass= orclreplicaid Moving from a Test to a Production Environment 21-13 c. Using the value in obtained in Step b, perform an ldapdelete, deleting the following dns from Oracle Internet Directory: cn=replication dn, orclreplicaid=replicaid, cn=replication configuration orclreplicaid=replicaid, cn=replication configuration For example: ldapdelete -p port -h host cn=replication dn, orclreplicaid=replicaid, cn=replication configuration d. Set the orclreplicaid value in the root entry to 0. For example: ORACLE_HOMEbinldapmodify -p port -h host -f file.ldif The ldif file contains the following: dn: changetype: modify replace: orclreplicaid orclreplicaid: 0 e. Restart Oracle Internet Directory. 3. If you have configured Oracle Internet Directory replication in the test environment, you must reconfigure it again in the production environment after moving. The replication configuration is not moved from the test to the production environment. See Setting Up Replication in the Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory. Task 3 Move Oracle Virtual Directory to a New Production Environment To move Oracle Virtual Directory to a new production environment: 1. Move the Oracle Virtual Directory configuration, as described in Section 21.3.5 . Note that, during the pasteConfig operation, if you have not provided a password file for the Oracle Virtual Directory adapter or you specify an incorrect location for the password file in the move plan, the adapter configuration is not changed and the script returns the following message: Password file is either not provided or invalid for adapter adapter_name. Nothing will be changed for this adapter configuration. Task 4 Move Oracle Directory Integration Platform to a New Production Environment To move Oracle Directory Integration Platform to a new production environment: 1. Move Oracle Internet Directory, as described in Task 2 . Oracle Directory Integration Platform profiles reside in Oracle Internet Directory. If you have correctly moved Oracle Internet Directory to the production environment, the profiles are carried over to the production environment. 2. If you configured SSL on the test environment, that configuration is not moved to the production environment. You must configure SSL on the production environment. See Section 6.5.4.3 .