13-2 Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management ■ Task 13: Start the Oracle Identity Manager Managed Server ■ Task 14: Complete Any Required Oracle Identity Manager Post-Upgrade Tasks ■ Task 15: Verify the Oracle Identity Manager Upgrade

13.1 Upgrade Overview

When you run Upgrade Assistant to upgrade from Oracle Identity Manager 9.1 to Oracle Identity Manager 11g, the Upgrade Assistant upgrades most of the Oracle Identity Manager 9.1 configuration to Oracle Identity Manager 11g. This section describes some of the key differences in Oracle Identity Manager 11g such as the following: ■ Application Server and JVM Support ■ Database Support ■ Request Management ■ Authorization ■ Access Policy ■ Approval Process ■ Scheduled Tasks ■ User Interfaces Customization ■ Object Forms ■ Prepopulate Adapters ■ Task Assignment Adapters ■ Event Handlers ■ Signature-Based Login ■ Application Programming Interface ■ Task Assignments ■ After You Upgrade

13.1.1 Application Server and JVM Support

Oracle Identity Manager 11g only supports Oracle WebLogic Server as the deployment platform. Other application Servers such as OC4J, IBM WebSphere, and JBoss are not supported. Table 13–1 gives a comparison between the Application Server and JVM combinations supported for Oracle Identity Manager 9.1 and Oracle Identity Manager 11g. Table 13–1 Application Server and JDK Support for Oracle Identity Manager 11g Oracle Identity Manager 9.1 Oracle Identity Manager 11g Oracle WebLogic Server on Sun JDK, Oracle JRockit, or HP JDK. Oracle WebLogic Server on Sun JDK or JRockit JDK. JBoss Application Server on Sun JDK, Oracle JRockit, or HP JDK. Oracle WebLogic Server on Sun JDK or JRockit JDK. OC4J on Sun JDK, Oracle JRockit, or HP JDK. Oracle WebLogic Server on Sun JDK or JRockit JDK. Upgrading Oracle Identity Manager Environment 13-3

13.1.2 Database Support

Oracle Identity Manager 9.1 supports Microsoft SQL Server and Oracle Database. In Oracle Identity Manager 11g only Oracle Database is supported.

13.1.3 Request Management

Oracle Identity Manager 11g supports: ■ SOA Composite based approval processes ■ New types of Requests like Create User and Assign Roles ■ Enhanced Bulk Request ■ Request Templates Many Oracle Identity Manager 9.1 request related customizations may no longer be necessary after upgrading to Oracle Identity Manager 11g, since they are available out-of-the box. For more information about request related features refer to the Oracle Fusion Middleware Users Guide for Oracle Identity Manager.

13.1.4 Authorization

Application access controls to perform various operations are controlled by the authorization engine embedded in Oracle Identity Manager 11g with the help of authorization policies. The authorization policies determine at runtime whether a user is allowed to perform a particular action or not. You can define authorization policies that satisfy the authorization requirements within Oracle Identity Manager 11g. In Oracle Identity Manager 9.1, each component defined and managed its own authorization policy user interface and backend implementation. In Oracle Identity Manager 11g, authorization policy management is centralized as an administrative feature and enforced by an embedded version of Oracle Entitlements Server. These authorization policies secure access control to the Oracle Identity Manager 11g application, thereby defining who can do what inside the application. In Oracle Identity Manager 9.1, all data related to Organization Administrator was stored in the AAD table in the Oracle Identity Manager schema. This information is primarily used to ascertain the user groups which are allowed to perform operations on the respective organizations and hence the users in that organization. IBM WebSphere Application Server on IBM JDK Oracle WebLogic Server on Sun JDK or JRockit JDK. Note: When you are upgrading to Oracle Identity Manager 11g ensure that you use the same JDK provided that you used in Oracle Identity Manager 9.1. Note: Oracle Identity Manager 11g does not support organization - based request - provisioning. Table 13–1 Cont. Application Server and JDK Support for Oracle Identity Manager 11g Oracle Identity Manager 9.1 Oracle Identity Manager 11g 13-4 Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management In Oracle Identity Manager 11g, during the upgrade process the contents of AAD table will be read and an Oracle Entitlements Server policy will be created for User Management feature. In Oracle Identity Manager 9.1, all data related to Group Administrator was stored in GPP table in the Oracle Identity Manager schema. This information is primarily used to ascertain the user groups, which are allowed to perform operations on the other groups they manage. In Oracle Identity Manager 11g, during the upgrade process the contents of GPP table will be read and an Oracle Entitlements Server policy will be created for User Management feature. For more details about Oracle Entitlements Server, see http:www.oracle.comtechnologyproductsid_ mgmtoesindex.html .

13.1.5 Access Policy

Access policies are a list of roles to which you define roles for provisioning resources to users that are members of the roles to which the access policy is attached. Access policies are defined using the Create Access Policy and Manage Access Policies menu items in the Oracle Identity Manager 11g Administrative and User Console. For more information, see the Oracle Fusion Middleware Users Guide for Oracle Identity Manager.

13.1.6 Approval Process

Table 13–2 shows how the approval process differ when you upgrade from Oracle Identity Manager 9.1 to Oracle Identity Manager 11g. When you run Upgrade Assistant for upgrading the Oracle Identity Manager middle tier upgrade, a report is generated. This report lists the new approval policies and SOA composites that will be created during the upgrade. This report is located at IDM_HOMEupgradeworkflowreport.html. After upgrading from Oracle Identity Manager 9.1 to Oracle Identity Manager 11g, note the following: ■ Some of the approval processes may not be fully converted to SOA composites. These SOA composites must be manually modified. ■ The generated SOA composites are not automatically deployed to the SOA Server. After you complete the upgrade process, you can deploy SOA composite to SOA server as described in Deploying the SOA Composite in the Oracle Fusion Middleware Developers Guide for Oracle Identity Manager. ■ For all the approval processes that are specific to a resource, the corresponding approval policies created as part of the upgrade will be at the operational level. For the approval processes associated with the resource “Request”, the corresponding approval policies created will be at the request level. For more information about approval policy, refer to the Oracle Fusion Middleware Users Guide for Oracle Identity Manager. Table 13–2 Approval Process Oracle Identity Manager 9.1 Oracle Identity Manager 11g Approval Processes SOA Composites Process Determination Rules Approval Policies Upgrading Oracle Identity Manager Environment 13-5 ■ Approval processes associated with organization provisioning are not upgraded as part of the middle tier upgrade. Request-based organization provisioning is not supported in Oracle Identity Manager 11g. ■ Approval policies that are created during the upgrade will always be associated with DefaultOperationalApproval. Workflow upgrade report will specify this information. ■ E-mail templates associated with approval processes will not be migrated to SOA composites. For more information, see Task 14: Complete Any Required Oracle Identity Manager Post-Upgrade Tasks . The Approval process is partially upgraded if: ■ Event handlers or adapters are associated with System Validation and provide Information tasks. ■ Task information is used in creating the task assignment rule. ■ Process information is used in framing the task assignment rule with attributes, such as Process Name and Process Type. ■ Task of the approval process is associated with the Task Assignment Adapter or Event Handler or Process Task Adapter.

13.1.7 Scheduled Tasks

After upgrade, all scheduled tasks are migrated automatically to the Oracle Identity Manager 11g Scheduled Tasks and Jobs. For more information, see Managing Scheduled Tasks in the Oracle Fusion Middleware System Administrators Guide for Oracle Identity Manager. The content of the Oracle Identity Manager 9.1 Job History will be obsolete after you upgrade to Oracle Identity Manager 11g.

13.1.8 User Interfaces Customization

In Oracle Identity Manager 9.1 you can customize the following components of your Oracle Identity Manager Administrative and User Console: ■ General page layout ■ Descriptive text, labels, and error messages ■ Colors, fonts, and alignment ■ Logos ■ Self-registration, user initiated profile editing, and related approvals ■ Field configuration on pages ■ Menu selections that are available to users Oracle Identity Manager 11g upgrade process does not retain the above customizations done in Oracle Identity Manager 9.1 environment. You must recreate user interface customizations after you upgrade to Oracle Identity Manager 11g. If the Note: Oracle recommends you to reuse similar SOA composites as approval processes for different resources.