21-14 Oracle Fusion Middleware Administrators Guide Task 5 Move Oracle Access Manager 11g to a New Production Environment To replicate the policy configuration information from the test environment into the production environment: 1. Update Oracle Access Manager server instances to reflect new host names and ports. See Viewing or Editing Individual OAM Server and Proxy Settings in the Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service. 2. Register the client, as described in Registering Partners Agents and Applications Remotely in the Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service. 3. The registration process generates a new modified ObAccessClient.xml file. Copy this file to the following location: WebGate_instance_dirwebgateconfig 4. Set the environment variable JAVA_HOME and add JAVA_HOME to the PATH. 5. Export the policies from the test environment, using the following WLST command: exportPolicypathTempOAMPolicyFile=path_of_Temp_PolicyFile 6. Copy the policy file to the production environment. 7. Import the policies into the production environment, using the following command: importPolicypathTempOAMPolicyFile=path_of_Temp_PolicyFile 8. Export the partner information from the test environment, using the following WLST command: exportPartnerspathTempOAMPartnerFile=path_of_Temp_PartnerFile 9. Copy the partner file to the production environment. 10. Import the partner information to the production environment, using the following WLST command: importPartnerspathTempOAMPartnerFile=path_of_Temp_PartnerFile 11. Start the Managed Servers. Task 6 Move Oracle Access Manager 10g to a New Production Environment To move Oracle Access Manager 10g to a new production environment: 1. Move the Directory Server from the test environment to the production environment. That is, migrate the o=oblix node. See Preparing the New Directory Server Instance in the Oracle Access Manager Installation Guide. 2. Remove the entries that are associated with the Identity Server, Policy Manager, and Access Servers. The entries are under the following: obcontainerId=DBAgents,Configuration DN Note: The Administration Servers in both the test environment and the production environment must be started. Moving from a Test to a Production Environment 21-15 Do not delete the container obcontainerId=DBAgents. 3. Install and configure Oracle Access Manager, specifying the LDAP information for the production environment, as described in the Oracle Access Manager Installation Guide. Oracle Access Manager stores policy and configuration data in the LDAP directory. If the LDAP directory is correctly configured for example if you have correctly moved Oracle Internet Directory from the test environment to the production environment, Oracle Access Manager inherits the policy and configuration data from the LDAP directory. 4. On the production environment, install the Identity Server and WebPass using new identifiers. For more information, see: ■ Installing the Identity Server in the Oracle Access Manager Installation Guide. ■ Installing WebPass in the Oracle Access Manager Installation Guide. After installation, take the following steps: a. Start the server. b. Complete the identity system browser setup. See Setting Up the Identity System in the Oracle Access Manager Installation Guide. 5. Install the Policy Manager, as described in Installing the Policy Manager in the Oracle Access Manager Installation Guide. However, do not update the schema because you already updated it when you moved the Directory Server. Do not configure the authentication scheme because it already exists in the Directory Server. 6. Complete the browser setup from the Access System Console, adding the Access Server with a new identifier. See Creating an Access Server Instance in the System Console in the Oracle Access Manager Installation Guide for more information. Also see About the Access Server and Installation in the Oracle Access Manager Installation Guide for additional information. 7. This scenario reuses the existing WebGate identifier for the production WebGates. Take the following steps: a. Navigate to the Access System Console and select the Access System Configuration tab. b. Select Host Identifiers. On the List all host identifiers page, select the host identifier that is used by the test environment. Note: After setting up the production Policy Manager, when you log in as the Oracle Access Manager Administrator, you may get the following error: There was a problem obtaining the user ID. One possible reason for this is a time difference between the Identity System and Access Systems Policy Manager and Access System Console. To fix this, from the LDAP, delete the cookie encryption key without changing the CPResponseEncryptionKey under the o=oblix node, and restart the Identity Server. Note that you should make a backup of the cookie encryption entry into an ldif file before deletion. 21-16 Oracle Fusion Middleware Administrators Guide c. Click Modify. Then, add the host name and port for the production Web server to the Hostname variations field. d. Click Save. e. From the Access System Configuration tab, select Access Gate Configuration. Then, select the relevant Access Gate. f. In the Details for AccessGate page, click Modify. g. Change the Hostname and Port, specifying the host name and port of the production Web server. h. Change the Preferred HTTP Host, specifying the host name variation that you added in Step c. i. Associate the WebGate to the newly added production Access Server, as described in Associating AccessGates and WebGates with Access Servers in the Oracle Access Manager Access Administration Guide. j. Disable the WebGate temporarily. From the Access System Console, select the Access System Configuration tab, then select AccessGate Configuration. Click Go to search. From the results, select an AccessGate. Then, click Modify. Click Disabled. Then, click Save. You enable it after you install the Access Server. 8. Install the Access Server using the new identifier that you used while creating the WebGates. See Installing the Access Server in the Oracle Access Manager Installation Guide. 9. Install the new WebGate. See Installing the WebGate in the Oracle Access Manager Installation Guide. 10. Verify entries and delete entries related to the test environment: a. From the Identity System Console, select the System Configuration tab, then select Directory Profiles. Verify that the respective Directory Profiles are associated with the new Identity Server, Access Server, and Policy Manager. b. From the Identity System Console, select the System Configuration tab, then select Webpass and delete the entry for the test WebPass. c. From the Identity System Console, select the System Configuration tab, then select Identity Server and delete the entry for the test Identity Server. d. From the Access System Console, select the Access System Configuration tab, then select Access Server Configuration. Delete the entry for the test environment Access Server. 11. From the Identity System Console, select the System Configuration tab, then select Password Policy. If the host and port are set for Password Change Redirect URL, change them to point to the new Identity Server. Note: Resources may become unprotected if you have the same host and port in multiple host identifiers. Ensure that only the host identifier used in the policy domain has the host:port in its definition. Remove host:port from other host identifiers.