Month: September 2010

Upgrade #Oracle #OIF to 11.1.1.3 #IDM #Identity


We installed Oracle Identity Federation (OIF) 11.1.1.2 a few months ago and had to move on to some other, more pressing IDM-related issues.  We finally came back to the Federation tasks at the beginning of September.  The first thing I did was take an inventory of where we left off and compared to what the current released version was from Oracle.  I found that we were now a version behind with both Weblogic Server (WLS) and OIF.  I initially put off upgrading because we were in a hurry to integrate with one of their business partners.  We were able to configure the Circle of Trust with the Relying Party (RP, aka Service Provider) with just a few issues.   This particular partner is using OpenSAML as their software of choice.  The only issue for us is that they didn’t (or don’t) create metadata files.  This is their choice because OpenSAML has a module for doing this.  The metadata files is a feature in SAML 2.0 that allows for easy (…easier) integration with your Federation partners.  I was able to create one manually for them by using the sp.xml file that was created when using the OpenSSO Fedlet (that’s for another post).

So, finally on to the point of this post.  The only issues that we have had with OIF 11.1.1.2 is that when trying to search for local users (we are using OVD as our User Data Store … OVD front’s two different AD instances) we have some issues with the search function and not all users can authenticate.  Yes, this is actually a major problem.

I noticed via http://support.oracle.com that there are a lot of patches available for 11.1.1.2.  I ended up downloading the 11.1.1.3 version from OTN (here).

(Note:  I talked to my contact at Oracle Support who said that 11.1.1.4 is coming very soon)

This version requires that Weblogic be at least 10.1.3.  I went back to the support site and downloaded the 10.1.3 patch from there.  It’s a jar file that is run and will open up as an OUI installer.  I found this site which I used as a guide.  It’s pretty simple and painless.  Make sure that you restart WLS after upgrading and before upgrading OIF.  When the OIF upgrade is complete you should restart the managed service.

After restarting OIF I noticed in Enterprise Manager (EM) that OIF is still displaying as 11.1.1.2.  I am running the Upgrade Assistant (Oracle_Home/bin/ua).  On the second screen you can select “Verify Instance”.  This will walk you through and verify that your OIF instance is upgraded to the correct version.  In my case the status is showing as “Failed”.    One thing that seems odd to me is that the port shown (on the error message) is 7499.  It looks like it’s trying to access the URL to the metadata file and is trying to go on 7499. (i.e., http://hostname:7499/fed/idp/metadata).  I can get to the file via 7777 and not 7499.  So, I’ll need to check later as to why the Upgrade Assistant is using that port.

I just tried to re-run the 11.1.1.3 patch installer.  It complained that the patch had already been applied to this Oracle_Home.  So, now I am perplexed.  Let’s try rebooting the box and restarting the WLS and OIF services.

Interestingly, after the reboot the OIF version is still showing as 11.1.1.2 … but my OIF LDAP Authentication Engine error is no longer occurring.  So, maybe it did get patched??  I am working on confirming this … maybe the version number doesn’t get updated?  … that doesn’t sound right though.

Advertisements

real conversation with #Dell #tech #support


Speaking with @Dell rep online today to inquire about the status of a laptop repair. He said “yes, they are performing general troubleshooting on the laptop now.” and then in the very next statement he asked, “By the way, have you sent the laptop to our facility yet?”. Perplexed by his question I said, “doesn’t the fact that they are working on it indicate that I have already sent the laptop?”. To further add to my confusion he then said, “Yes, this is what I am trying to confirm”.

So, apparently Dell’s system does not have enough information to tell him that I have sent in the laptop only that they are currently working on it and his common sense doesn’t have enough information to tell him that these two things are not mutually exclusive.

Now, I am not one to insult one’s common sense with out offering mine to ridicule … so, what did I miss in this conversation??

Identity Mgmt Publication Survey #IDM #Survey


I am trying to gather more information to help provide a better source of information for the IDM community.  I have put together a simple survey to give you the opportunity to provide feedback and to help steer the direction of this new publication.  We are targeting the first part of November for the initial release and would love to have your feedback to help shape this great resource.   The survey should take about 10 minutes of your time and as a thank-you I am giving a way a free year (1 year) subscription to everyone that completes the survey (be sure to include your email address).

Please let me know if you have any questions or comments!

Survey (http://www.tumy-tech.com/idm-publication-survey)

Thanks,

Brad Tumy