This post talks about migrating the OAM 11g configurations from one environment to the other. The OAM 11g migration process is explained in Oracle Documentation and that typically needs to have Oracle Home binaries to be copied over to the target OAM environment (Well, I think so!!) and few other things. The complete migration process for entire Oracle IAM suite is explained here.
However, there was a requirement where target environment will be setup and configurations has to be imported from source and to target without any UI interference. Therefore the migration has to be fully automated.
So, here are the high level steps I followed in target OAM environment:
- Create User Identity Store: There is a WLST command available to achieve the job (createUserIdentityStore).
- Update OAM configuration in oam-config.xml: Here I have to create authentication Modules and other OAM settings. It is neither recommended nor supported to update oam-config.xml manually. I’ll write a different post explaining the steps for creating modules, updating settings etc., in oam-config.xml.
- Edit the Authorization policies: OAM 11g Policies are stored in database and this needs to be exported to an XML file, read this post for more details. The policies in target environment should have URLs (such as Authentication Failure, Authorization Failure) pointing to target environment. Wrote java code to edit the exported policies XML.
- Edit the Host Identifiers and Authentication Scheme: Host Identifiers and Authentication Scheme details are also stored in policies XML (exported file). Wrote java code to edit the exported policies XML. For host identifiers a new set of hostname and port details needs to be added. A new authentication scheme needs to be added. I’ll write a different post explaining the steps for creating authentication schemes, updating host idenfiers etc., in policies XML.
- Import Partners & Policies: Import the policies and partners files into target OAM env. Refer the posts Partners, Policies for more details.
- Silent installation/configuration of Access Gate & WebGate: After the partners are imported into target environment, webgate/access gates can be installed in silent mode. Access Gate concepts in OAM 11g are explained in this post.
- Copy the proxy configurations: I had Apache Server used as proxy in Source OAM environment. So the target environment Apache Server also should have the proxy settings updated in httpd.conf at the end of the file. I have used a shell script to write contents to httpd.conf file. The proxy settings are read from text file.
Hope this helps. Please get back to me in case of any suggestions/queries. The above steps are followed only as per my environment setup and if there are any additional settings such as custom plug-ins and STS etc., you will need import those as well.
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc.,
Look @ my blog: http://talkidentity.blogspot.com
