As per Prasad Akkiraju here Oracle Applications 11i/R12 is now certified with Oracle Identity Management (OID, DAS, DIP, SSO, Identity Federation) 10.1.4.2
This post summarizes key points in upgrading Oracle Identity Management (OID, DAS, DIP, SSO, Federation) from 10.1.4.0.1 version 10.1.4.2 (IdM 10g R3 patchset 1)
Things to note while upgarding OID/IdM to 10.1.4.2
1. Patch to upgrade Oracle Identity Management (including OID) to 10g Rel 3 patchset 1 (AKA 10.1.4.2) is 5983637
2. IdM 10g Rel 3 patchset 1 (10.1.4.2) can be applied only on IdM version 10.1.4.0.1 (For Previous release , first ugrade to 10.1.4.0.1)
3. This patch is currently (as of 31Mar08) certified for windows & linux only
4. While upgrading OID Node include $ORACLE_HOME/bin as first entry in PATH (This is to ensure installer takes ldapsearch or ldap* from $ORACLE_HOME/bin and not from /usr/bin )
5. Upgrade to 10.1.4.2 IdM (SSO, OID, DIP, DAS, Federation) includes software upgrade only.
How to patch/upgrade IdM (Oracle Identity Management) to 10.1.4.2
1. Download patch 5983637
2. Unzip patch
3. Shutdown Identity Management Services (OID, SSO, Identity Federation) and take backup
4. Go to Disk1 in directory where you unzipped patch
5. Ensure oraInventory (oraInst.loc) is pointing to right location
6. start upgrade by running ./runInstaller
7. Start Services
Main changes in 10.1.4.2 Patchset
Improvement in DIP
1. Profile Group & Configset
Configset– before 10.1.4.2 configset used to contain
a) configuration information for DIP (Directory Integration and Provisioning Server) like refresh interval, debug level, max number of profile to refresh …
b) List of profile that are schedule for execution
Profile Group– introduced in 10.1.4.2, consist of all profiles that are to be scheduled by specific instance of DIP.
Configset in 10.1.4.2 contains only configuration information like refresh interval, debug level, max number of profile to be executed … Point b) from previous release of DIP/OID is taken out of configset and moved to Profile Group
Improvement in OID
2. Server Chaining – New options are provided with OID server chaining (introduced in OID 10.1.4). To know more about OID Server chaining click here
2.1 SSL Support to connect to external directory
For more on this feature check metalink note # 452381.1 & 452385.1
3. Account with status locked, expired, etc. (custom control) were able to login via EUS (Enterprise User Security) where EUS was integrated with OID. With 10.1.4.2 you can stop account with status lock, expire to login from EUS
(More details visit metalink note # 459772.1)
Note* EUS (Enterprise User Security) is a feature in Oracle Database for centrally managing authentication and authorization of database users. – Updated later (Check comment below)
Improvement in DAS
4. Users without appropriate privileges could perform configuration operation in release previous to 10.1.4.2 (This is now fixed)
Improvement in SSO
5. Improvement in integration of SSO with Windows native authentication
Fixes around Identity Federation
6. Oracle Identity Federation can now consume PKCS#12 wallets created by OWM (Oracle Wallet Manager) Read More about OWM here
For full list of these bug fixes in IdM 10.1.4.2 check readme of Patch 5983637