We installed Oracle Identity Federation (OIF) 18.104.22.168 a few months ago and had to move on to some other, more pressing IDM-related issues. We finally came back to the Federation tasks at the beginning of September. The first thing I did was take an inventory of where we left off and compared to what the current released version was from Oracle. I found that we were now a version behind with both Weblogic Server (WLS) and OIF. I initially put off upgrading because we were in a hurry to integrate with one of their business partners. We were able to configure the Circle of Trust with the Relying Party (RP, aka Service Provider) with just a few issues. This particular partner is using OpenSAML as their software of choice. The only issue for us is that they didn’t (or don’t) create metadata files. This is their choice because OpenSAML has a module for doing this. The metadata files is a feature in SAML 2.0 that allows for easy (…easier) integration with your Federation partners. I was able to create one manually for them by using the sp.xml file that was created when using the OpenSSO Fedlet (that’s for another post).
So, finally on to the point of this post. The only issues that we have had with OIF 22.214.171.124 is that when trying to search for local users (we are using OVD as our User Data Store … OVD front’s two different AD instances) we have some issues with the search function and not all users can authenticate. Yes, this is actually a major problem.
(Note: I talked to my contact at Oracle Support who said that 126.96.36.199 is coming very soon)
This version requires that Weblogic be at least 10.1.3. I went back to the support site and downloaded the 10.1.3 patch from there. It’s a jar file that is run and will open up as an OUI installer. I found this site which I used as a guide. It’s pretty simple and painless. Make sure that you restart WLS after upgrading and before upgrading OIF. When the OIF upgrade is complete you should restart the managed service.
After restarting OIF I noticed in Enterprise Manager (EM) that OIF is still displaying as 188.8.131.52. I am running the Upgrade Assistant (Oracle_Home/bin/ua). On the second screen you can select “Verify Instance”. This will walk you through and verify that your OIF instance is upgraded to the correct version. In my case the status is showing as “Failed”. One thing that seems odd to me is that the port shown (on the error message) is 7499. It looks like it’s trying to access the URL to the metadata file and is trying to go on 7499. (i.e., http://hostname:7499/fed/idp/metadata). I can get to the file via 7777 and not 7499. So, I’ll need to check later as to why the Upgrade Assistant is using that port.
I just tried to re-run the 184.108.40.206 patch installer. It complained that the patch had already been applied to this Oracle_Home. So, now I am perplexed. Let’s try rebooting the box and restarting the WLS and OIF services.
Interestingly, after the reboot the OIF version is still showing as 220.127.116.11 … but my OIF LDAP Authentication Engine error is no longer occurring. So, maybe it did get patched?? I am working on confirming this … maybe the version number doesn’t get updated? … that doesn’t sound right though.