Stack Patch Bundle for Oracle Identity Management Products
(Doc ID 2657920.1)
Last updated on MARCH 06, 2023
Applies to:
Oracle Identity Management SuiteIdentity Manager - Version 12.2.1.4.0 and later
Oracle Access Manager - Version 12.2.1.4.0 and later
Oracle Unified Directory - Version 12.2.1.4.0 and later
Oracle Internet Directory - Version 12.2.1.4.0 and later
Information in this document applies to any platform.
Details
Background
Most 12.2.1.x Identity Management product installations require an Oracle Fusion Middleware product installation. In addition to the Oracle Fusion Middleware installation, Oracle Identity Governance also requires an Oracle SOA Suite installation.
Together with the actual Identity Management product installation, these dependent installed products share certain underlying tech stack components which can be impacted by updates or patches.
Starting in January 2020, quarterly testing and certification is provided for the applicable underlying component patches indicated for select Oracle Identity Management 12c products. This was announced in Document 2627261.1.
Details
To further simplify the patching process, starting with the July 2020 quarterly release, a Stack Patch Bundle (SPB) was made available for select version 12.2.1.4 Identity Management Products on Linux based platforms.
Starting with the January 2021, SPB availability was extended to the 12.2.1.3 version and with the April 2021 release, SPB was made available for Solaris, Solaris on SPARC and Windows platforms as well.
The quarterly SPB includes the bundle patches for each of the select Identity Management products as well as the patches for their respective underlying components.
The SPB also includes the SPBAT tool which can be used to apply all of the patches for a single product with a single command by using a phased approach.
The phases for patch application include:
Preparation (or prerequisite) Phase where you'll download, stage and verify the details needed for SPB and the SPBAT commands.
Analysis (or prestop) Phase where analysis is performed to identify corrective actions needed to address any conflicts or prerequisite requirements prior to starting the patch application process.
The result of this phase is an HTML report showing whether or not there are any missing prerequisite steps or patch conflicts requiring intervention (such as new one offs that might be needed as a result of the patch applications) and verification that you can proceed to apply the patches using the downtime command.
Patching (or downtime) Phase where the product specific patches are applied.
This phase is entered only after you've verified through the analysis phase that you're ready to apply the patches and after you've taken the necessary steps to back up the environment.
Poststart Phase where any additional required patching steps are performed.
The ORACLE_HOME (Middleware Home) setup for IDM 12.2.1.x is broken down in to the following categories:
- Oracle Access Manager
- Oracle Identity Governance
- Collocated Oracle Unified Directory
- Collocated Oracle Internet Directory
With respect to the SPB, the above categories are described as separate install types, each containing a dedicated ORACLE_HOME deployed in dedicated VMs/Hosts.
In case the setup is spread across multiple VMs/Hosts, then perform the phased patch application steps for each ORACLE_HOME on the respective VMs/Hosts.
If there are multiple ORACLE_HOME locations on the same VM, then perform the phased patch application steps for each ORACLE_HOME separately.
In the case that future functional support allows for two or more install types share the same ORACLE_HOME, then perform the phased patch application steps for each install type against the ORACLE_HOME.
Limitations
The SPBAT utility automates the binary patch apply for the patches that are obtained through the SPB bundle only. It excludes the configuration actions and server restart operations.
The SPBAT utility does not handle the start, stop, and postpatching configuration operations of the servers. The user can use either custom startup/shutdown scripts or the ones available with the product. The post patch configuration operations, if any, must be manually performed, as documented in the SPB README.txt
The SPBAT utility has minimalistic error handling, and it relies on the correctness of the input values provided by the user while using the tool.
The SPBAT utility does not create any backup of the environment/application/configuration/data prior to individual patching of the product or component.
The SPBAT utility does not provide rollback support. For any issues, use the backups (created during downtime) to restore the environment. However, while applying SPB, existing one-offs present in the ORACLE_HOME can be rolled back. Manually review the ORACLE_HOME inventory and re-apply any one-offs that might have been rolled back during the application of IDM SPB.
As all of the patches included and applied with SPB are not Zero-Downtime (ZDT) patches, SPB is also not ZDT eligible.
Product Specific Patches Included In the Current SPB
| SPB Patch ID and Version | Identity Management Product | Patches Included and Applied Using SPB | Reference/Details |
|---|---|---|---|
|
NOTE: The SPB released is for Linux and Solaris. The Windows SPB has been delayed
12.2.1.4 Identity Management January 2023 SPB Current Version: 12.2.1.4.230117 <Patch 34986147>
|
Oracle Access Manager 12.2.1.4 |
|
|
|
Oracle Identity Governance 12.2.1.4 |
|
IMPORTANT NOTE FOR OIM PATCH: Per Previous OIG BP ReadMe:
IMPORTANT NOTE FOR SOA PATCH: |
|
|
Oracle Unified Directory 12.2.1.4 |
|
Note: For OUD Stand-Standalone, you cannot use the Stack Patch Bundle Process as there is no Weblogic instance install. Please follow th CPU article 2806740.2. | |
|
Oracle Internet Directory 12.2.1.4 |
|
Note: After installing the January 2023 OID stack patch bundle, if you have upgraded Oracle Database Client 12c to 19c, apply patch 35018518. For more information refer to the following document for the announcement and further requirements of the Database Client 19c upgrade:
Note: Note: For OID Stand-Standalone, you cannot use the Stack Patch Bundle Process as there is no Weblogic instance install. Please follow th CPU article 2806740.2. |
|
|
There are no January 2023 Bundle Patches for 12.2.1.3 Identity Management
|
|
NOTE The Error Correction for 12.2.1.3 has ended for all FMW 12.2.1.3 products. Only patches released before Jan 2023 are recommended, as per our CPU Advisor documentation and the MOS “Recommendation” setting on our documented patches. The Patch Availability Document, Doc ID 2917213.2 provides all external patches released for January 2023.
As a reminder, per the LSP policy & EC, “The error correction period for FMW 12.2.1.3 has been extended from September 2020 through December 2022. For Weblogic Server and Coherence, the 12.2.1.3 error correction period has been extended through June 2023. During this timeframe, content will be limited to P1 requests and security updates (CPU program) delivered via standard quarterly patches. For detailed information on bug fix and patch release policies, please refer to the Oracle Fusion Middleware Error Correction Policy (Doc ID: 209768.1).” |
Actions
Overview
The Stack Patch Bundle contains a README.txt file with the steps needed to apply the patches. The following information is provided to assist in planning and understanding the end-to-end patching process.
Initial Preparation:
- Create or designate a directory where you will extract the contents of the SPB. The location should be accessible to all IDM hosts and have read, write and execute permissions enabled and since the SPB contains many patches, it's large - so this location should also have plenty of space. The path to this location will be used to build one of the required inputs to the SPB patching commands, <spb_download_dir>.
- Create or designate a directory for the logs and reports which will be generated by the patching tool. This location will be a required input to the SPB patching commands, <log_dir>.
- Identify the ORACLE_HOME directory for your product. This location is synonymous with the ORACLE_HOME directory which is used in the SPB README.txt file and will also be a required input to the SPB patching commands, <ORACLE_HOME>.
- Download the SPB and extract it to the directory indicated in step 1.
Note: Extract SPB zip file using the 'jar -xvf' command (rather than the unzip command).
Reference:
WLS Of SPB Prerequisite Check "CheckApplicable" Failed. Commons-io-2.6.jar" Is Not Writeable. (Doc ID 2855861.1) - Verify the OPatch version in your products ORACLE_HOME. If it does not meet the minimum requirement (check the SPB README for the minimum OPatch version being applied), unzip the included OPatch patch as indicated in the SPB README.txt file, perform a cold backup of the ORACLE_HOME and update opatch using the steps in the opatch readme file.
- In case the setup is spread across multiple VMs/Hosts, repeat these steps for each ORACLE_HOME on the respective VMs/Hosts.
Analysis Phase:
- Using the variables identified earlier and the instructions in the SPB README.txt file, run the SPBAT prestop command for your product.
For example, consider the case where you have a single node Oracle Identity Governance environment with the ORACLE_HOME at /opt/oracle/IAM12c, the SPB has been downloaded and staged in /home/oracle/Downloads and a log directory OIGlogs has been created in the same location.
In that case, the command to run prestop will be like: - While downtime is running, you'll see some output in the terminal window - which you'll need to keep open until it completes.
The output includes information about logs which are generated as the patches are applied and details about a command you can run in a different terminal to know the status.
When downtime completes it will show a message indicating either success or failure. - After the downtime command has completed, follow the "Before Server Startup" instructions for your product as provided in the SPB README.txt file.
For example, the instructions for OIG are like:
After applying patches, clear out the contents of any cache/tmp/stage/dc directories which exist in all $DOMAIN_HOME/servers/<SERVER_NAME> locations, prior to restarting. - In case the setup is spread across multiple VMs/Hosts, repeat these steps for each ORACLE_HOME on the respective VMs/Hosts.
Poststart Phase:
- Start all of the products related services (including the WebLogic Servers) running on the products hosts and verify that the URLs are accessible.
- Using the variables identified earlier and the instructions in the SPB README.txt file, run the SPBAT poststart command for your product.
For example, using the same OIG environment and details from the earlier phase examples, the command to run poststart will be like:[oracle@machine SPBAT]$ ./spbat.sh -type oig -phase poststart -mw_home /opt/oracle/IAM12c -spb_download_dir /home/oracle/Downloads/IDM_SPB_12.2.1.4.200714 -log_dir /home/oracle/Downloads/OIGlogs - While poststart is running, you'll see some output in the terminal window - which you'll need to keep open until it completes.
The output includes information about logs which are generated as the command is run and details about an additional command you can run in a different terminal to know the status.
When poststart completes it will show a message indicating either success or failure. - After the poststart command has completed, follow the "After Server Startup" instructions for your product as provided in the SPB README.txt file.
For example, the instructions for OIG are like:
B) After Server Startup
i. Update $OIM_ORACLE_HOME/server/bin/patch_oim_wls.profile
For detailed instructions, please refer to the section 'Stage 2: Filling in the patch_oim_wls.profile File' in IDM_SPB_12.2.1.4./etc/OIG_Bundle_Patch_Readme_12.2.1.4.200624.htm .
ii.Execute $OIM_ORACLE_HOME/server/bin/patch_oim_wls.sh. - As indicated in the OIG readme referenced above, for OIG installs, you'll need to clear out the contents of the tmp directory in each of the OIG managed servers $DOMAIN_HOME/servers/<SERVER_NAME> locations.
- In case the setup is spread across multiple VMs/Hosts, repeat these steps for each ORACLE_HOME on the respective VMs/Hosts.
- Complete Validation - Once the SPB patching activity is complete, restart and verify the environment and URLs.
Contacts
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |