Академический Документы
Профессиональный Документы
Культура Документы
Bundle Patch package names include the component name (Oracle Access Management):
BaseRelease: The required component release base for this package: 11.1.2 BPnn: The short name for a specific Bundle Patch package (BP01, for example). component: A specific OAM Server or agent package.
Table 1 lists sample package names for Oracle Access Management Bundle Patches.
Patch Sets A patch set is a mechanism for delivering fully tested and integrated product fixes that can be applied to installed components of the same release. Patch sets include all of the fixes available in previous Bundle Patches for the release. A patch set can also include new functionality. Each patch set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform. All of the fixes in the patch set have been tested and are certified to work with one another on the specified platforms.
Note: Oracle recommends that you always install the latest Bundle Patch.
Note: Oracle recommends that you have the latest version of Opatch (version 11.1.0.8.3 or higher) from My Oracle Support. Opatch requires access to a valid Oracle Universal Installer (OUI) Inventory to apply patches.
The patching process uses both unzip and Opatch executables. After sourcing the ORACLE_HOME environment, Oracle recommends that you confirm that both of these exist before patching. When Opatch starts, it validates the patch to ensure there are no conflicts with the software already installed in your $ORACLE_HOME: If you find conflicts with a patch already applied to the $ORACLE_HOME, stop the patch installation and contact Oracle Support Services. If you find conflicts with a subset patch already applied to the $ORACLE_HOME, continue Bundle Patch application. The subset patch is automatically rolled back before installation of the new patch begins. The latest Bundle Patch contains all fixes from the previous Bundle Patch in $ORACLE_HOME. This Bundle Patch is not -auto flag enabled. Without the -auto flag, no servers need to be running. The Machine Name & Listen Address can be blank on a default install.
See Also:
Perform steps in following procedure to prepare your environment and download Opatch. To download Opatch version 11.1.0.8.3 or higher 1. Log in to My Oracle Support:
https://support.oracle.com/
2. Review the Note 224346.1: Opatch - Where Can I Find the Latest Version of Opatch? and, in the document, click the Patch 6880880 link which takes you to the screen where you can obtain the latest version of OPatch based on release versions and platforms. 3. Review Note 1051266.1: How To Install a WebCenter 11g Patch? 4. Use opatch -help to learn if your version of Opatch is earlier than 11.1.0.8.3; if so, download the latest 11.1.x version.
5. Confirm the required executables are in your system PATH, and add these if needed:
which opatch which unzip
opatch lsinventory
Windows 64-bit: opatch lsinventory -jdk c:\jdk160 If an error occurs, contact Oracle Support to validate and verify the inventory setup before proceeding. If the ORACLE_HOME does not appear, it might be missing from the Central Inventory, or the Central Inventory itself could be missing or corrupted. 7. Review information in the next topic: "Applying the OAM Bundle Patch".
Note: Oracle recommends that you back up the $ORACLE_HOME using your preferred method before any patch operation. You can use any method (zip, cp -r, tar, and cpio) to compress the $ORACLE_HOME.
Formatting constraints in this document might force some sample text lines to wrap around. These line wraps should be ignored. To apply the OAM Bundle Patch 1. Change to the directory containing the Oracle Access Management patch: 17417554. 2. Log in as the same user who installed the base product and: a. Stop the AdminServer and all OAM Servers to which you will apply this Bundle Patch. Any application that uses this OAM Server and any OAM-protected servers will not be accessible during this period. b. Back up your $ORACLE_HOME: MW_HOME/Oracle_IDM. c. Move the backup directory to another location and record this so you can locate it later, if needed. 3. Run the appropriate Opatch command as an administrator to ensure the required permissions are granted to update the central inventory and apply the patch to your $ORACLE_HOME. For example:
opatch apply
Note: Opatch operates on one instance at a time. If you have multiple instances, you must repeat these steps for each instance.
4. Restart all Servers. 5. Multiple Instances: Repeat Steps 1-4 to apply the Bundle Patch to each instance throughout your installation.
1. Confirm that there are no configuration issues with your patch application. 2. Confirm that you can start the AdminServer successfully. 3. Shut down the AdminServer and roll back the patch as described in Section 4, "Removing the Bundle Patch", then perform patch application again.
Note: Removing a Bundle Patch overrides any manual configuration changes that were made after applying the Bundle Patch. These changes must be re-applied manually after removing the patch.
To remove a Bundle Patch on any system 1. Perform steps in Section 3.2, "Applying the OAM Bundle Patch" to set environment variables, verify the inventory, and shut down any services running from the ORACLE_HOME or host machine. 2. Change to the directory where the patch was unzipped. For example:
cd PATCH_TOP/17417554
3. Back up the $ORACLE_HOME directory that includes the Bundle Patch and move the backup to another location so you can locate it later. 4. Run Opatch to roll back the patch. For example:
opatch rollback -id 17417554
5. Restart servers (AdminServer and all OAM Servers) as needed based on the mode you are using. 6. Re-apply the Bundle Patch, if needed, as described in Section 3, "Applying the Bundle Patch".
5 Resolved Issues
This Bundle Patch provides fixes described in following topics: Section 5.1, "Access Manager Issues Resolved in 11g Release 2 (11.1.2.1.2)" Section 5.2, "Security Token Service Issues Resolved in 11g Release 2 (11.1.2.1.2)" Section 5.3, "Identity Federation Issues Resolved in 11g Release 2 (11.1.2.1.2)" Section 5.4, "Mobile & Social Issues Resolved in 11g Release 2 (11.1.2.1.2)" Section 5.5, "Access SDK Issues Resolved in 11g Release 2 (11.1.2.1.2)"
Number 11.1.2.1.2 17210405 17202334 17182118 17007489 16992233 16971881 16945288 16922465 16745287 16738949 16738914 The Application Domain page in the Access Manager console is very slow as is importing policies using the importpolicydelta WLSTcommand. FEDSTS-13013 error will not be seen after applying R2 PS1 BP02 patch. The authentication success redirect URL is now URL encoded. In OAM-OIM integration, Access Manager does not redirect the user to the lockout page when the user enters the correct credentials and is locked out through OIM. New responses have been added under the '$request' namespace. They are policy_eval_success_conditions and policy_eval_failure_conditions. Stuck thread and ConcurrentModificationExceptions in session management fixed. Fixed an issue in T2P which resulted in a ClassCastException at runtime while redirecting to OIM URLs. Fixed an issue in which the Access Manager server under stress may report stuck threads around the diagnostics layer in controller. The OpenSSO cookie domain (iplanetDirectoryPro) can now be configured using the WLST command setOpenssoProxyCookieDomain. Migration of OAM 10g LDAP Rules was failing if there is any operator in the filter (for example, &). The portion of the URL after the operator was completely lost but this has been fixed. The order in which policies in OAM 10g stores are to be evaluated is set in an LDAP attribute called obevalorder. If there is a high number of policies, the value for this attributeg is split into multiple values. If migration is performed against such data, it will fail to migrate and throw an error. This issue has been fixed. Resolved a bug that limited the length of user constraint authorization rules to 255 bytes or less. For basic authentication, when invalid credentials are submitted, the browser will not prompt again. Rather, the invalid credentials were passed to OAM resulting in OAM displaying a "user account locked" message. With the BP fix, the browser will reprompt the user for credentials until the number defined as the value of max retry attempts is reached. When a user omits the password during Basic Authentication credential collection, the user is redirected as if the policy failed. This has been fixed. After the application of patch 14760839, the error message "DAP Token not received" is no longer reported in the logfile at regular intervals. Fixes an issue with the Access Manager Server on Windows which resulted in "An existing connection was forcibly closed by the remote host" exception. Resolves an issue in which virtual hosting configurations were throwing an OAM-04020 exception when no suitable host identifier is defined. Fixed an issue that occured when creating authorization policies using the REST API; the attribute condition was not created even if one is provided. Added logging of username or userdn in all remaining relevent events logging. The fix for this bug also includes fixes for the following: 16951380 16834457 17027096 16756477 17083362 16998122 17214771 11.1.2.1.1 16513008 16615701 A NoClassDefFoundError is thrown when using the IDMConfigTool with -configOAM due to location of OAMManagementMXBeanImpl. After installing OAM 11.1.1.5 BP05, redirects to PWDMGMT.JSPX are missing the host name when port 80 is used OAM application performance issue OAM console is very slow App Domain 'Resources' search poor performance issue AdminServer for console takes too long to start up. OAM console is unresponsive OAM console is very slow in READ/WRITE operations Optimization for policy search API
16544090 16389891
14553716
Migration from 10g does not support SSL connections to user data stores. (Policy and configuration LDAP URLs should start with ldaps if they are SSL enabled.) Add the following four properties to the migration properties file if directory servers are configured in SSL mode. (The name and path to the migration properties file is user-defined.) ## This property indicates the path to the trust store file, a ## collective store for CA certs for all directory servers (policy store, ## config store, identity store) ldap_trust_store=<path of trust-store file in jks format> ldap_trust_store_password=<plain text password of trust store file> ## Two properties required if client authentication at directory server ## is enabled. This file contains the client certificates. client_keystore=<path of ketstore file in jks format> client_keystore_password=<plain text password of keystore file> If the ldap_trust_store_password and client_keystore_password proeprties are left empty, the WLST prompts for these passwords after the migration utility is run. Add option for case insensitive policy resource matching. For this to work, add the following parameter to the "properties" setting under PolicyService in the oam-config.xml file. <Setting Name="UseCaseInsensitiveResourceMatch" Type="xsd:boolean">true</Setting> 1. Create a WLST script with the following content. For this write-up, the script is called update-policyconfig.py. File: update-policy-config.py #!/usr/bin/python import os, sys oamConfigObjectName = "oracle.oam:type=Config" from java.lang import System from java.lang import Integer from oracle.security.am.admin.config.mgmt.model import BooleanSettings from javax.management.openmbean import CompositeData domainRuntime() value=True path = "DeployedComponent/Server/NGAMServer/Profile/PolicyService/ OAMPolicyProvider/properties" key = "UseCaseInsensitiveResourceMatch" on = ObjectName(oamConfigObjectName) path = ipath + '/' + ikey isValidPath(path) signatureAdd = ["java.lang.Boolean"] ls = IntegerSettings(ikey,ivalue) cd = ls.toCompositeData(IntegerSettings.toCompositeType()) newParams = [path, cd] signature = ["java.lang.String","javax.management.openmbean. CompositeData"] try: mbs.invoke(on, "applyBooleanProperty", newParams, signature) except Exception,e: print "setBoolean for " + path + " failed." print e.getLocalizedMessage() exit() 2. Log in to the AdminServer using wlst.sh under <IDM_HOME>/common/bin. 3. Execute the created WLST script to update the file as follows. execfile('<file-path>/update-policy-config.py') 4. Restart the managed server.
16538035
16502724
If applying this patch for bug# 16502724 (OAM returns NOT_FOUND header for empty valued attributes), please note that the behavior change (not returning empty responses) is triggered by the OAM 10g migration process. So first apply the patch and then run the OAM 10g migration tool. Post migration, manually edit $DOMAIN_HOME\config\fmwconfig \oam-config.xml as follows.
1. Stop all WebLogic Servers. 2. Add the following <SettingName> entry under the /DeployedComponent/Server/NGAMServer/Profile /PolicyService/ path. <Setting Name="IgnoreEmptyResponses" Type="xsd:boolean">true</Setting> For example: <Setting Name="PolicyService" Type="htf:map"> <Setting Name="IgnoreEmptyResponses" Type="xsd:boolean">true</Setting> <Setting Name="OAMPolicyProvider" Type="htf:map"> <Setting Name="name" Type="xsd:string">OESPolicyProvider</Setting> 3. Increment the "Version" by 1 in oam-config.xml. For example, if the Version is 37 as follows, update the number to 38. <Setting Name="Version" Type="xsd:integer">37</Setting> 16415274 16407516 Sending multivalued attribute values with colon delimited format is standard feature available in OAM 10g but not in OAM 11gR2. If an authorization response of type header is configured to use the session information set via the session response, the header variable shows the value "NOT_FOUND" for the first access after authentication. Subsequent access of the protected resource shows that the header variable is set correctly. oamMigrate() fails when generating a migration report from OAM 10g to OAM 11gR2 OAM fails to reconnect to LDAP directory if it was started after OAM was started Basic Authentication or WNA Fallback are not prompting for a second login Query strings with special character % fail Fix for Bug 16530251
Bug 16529708
Description Mobile & Social SDK: SSO Agent sample application does not work when a load balancer is fronting the Access Services
See Also: Oracle Fusion Middleware Release Notes for known issues with the full-installer release
7 Related Documentation
This section describes the documentation that is available to support the latest Bundle Patch and the original release. This section provides the following topics: Section 7.1, "Oracle Access Management Manuals and Release Notes" Section 7.2, "Bundle Patch Release Notes" Section 7.3, "Certification Documentation"
2. Register for a user name and password, if needed. 3. Under Fusion Middleware, click Identity Management. 4. Under Oracle Identity Management 11g documentation, click the desired library:
Oracle Fusion Middleware 11gR2 Release (11.1.2.0) 5. Choose the desired book; Oracle Access Management 11g is documented in the following manuals:
This document, Oracle Access Management Release Notes, Bundle Patch 11.1.2.0.2 Generic for All Server Platforms, provides the following information for this specific Bundle Patch release: General information about Bundle Patches General Bundle Patch requirements and installation details Details about what is included in this Bundle Patch This Oracle Access Management Release Notes, Bundle Patch 11.1.2.0.2 Generic for All Server Platforms file is available in HTML format (readme.htm), which you can view without downloading the zip file.
Go to .. http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
Go to ..
http://www.oracle.com/technetwork/middleware/id-mgmt/oid-11g-161194.html Oracle Identity and Access Management (11.1.2.0.1) Downloads Additional (non OHS11g) Webgates See the Oracle Identity Management 10g downloads page, Oracle Access Manager 10g - non OHS11g Webgates and 3rd Party Integrations section. http://www.oracle.com/technetwork/middleware/ias/downloads/101401-099957.html
8 Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc. Access to Oracle Support Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com /pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired. Accessibility of Code Examples in Documentation Screen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace. Accessibility of Links to External Web Sites in Documentation This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites. Deaf/Hard of Hearing Access to Oracle Support Services To reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html, and a list of phone numbers is available at http://www.fcc.gov/cgb/dro/trsphonebk.html. Oracle Access Management Release Notes, Bundle Patch 11.1.2.0.2 Generic for All Server Platforms Copyright 2000, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate failsafe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.