This section describes bundle patches and explains differences between bundle patches, patch set exceptions (also known as one-offs), and patch sets.

• Stack Patch Bundle

• Bundle Patch

• Patch Set Exception

• Patch Set

Stack Patch Bundle deploys the IDM product and dependent FMW patches using a tool. For more information about these patches, see Quarterly Stack Patch Bundles (Doc ID 2657920.1) at https://support.oracle.com.

A bundle patch is an official Oracle patch for an Oracle product. In a bundle patch release string, the fifth digit indicated the bundle patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the form "YYMMDD" where:

• YY is the last 2 digits of the year

• MM is the numeric month (2 digits)

• DD is the numeric day of the month (2 digits)

Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in the bundle patch have been tested and are certified to work with one another. Regression testing has also been performed to ensure backward compatibility with all Oracle Mobile Security Suite components in the bundle patch.

In contrast to a bundle patch, a patch set exception addressed only one issue for a single component. Although each patch set exception was an official Oracle patch, it was not a complete product distribution and did not include packages for every component. A patch set exception included only the libraries and files that had been rebuilt to implement a specific fix for a specific component.

A patch set is a mechanism for delivering fully tested and integrated product fixes. A patch set can include new functionality. Each patch set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform. All of the fixes in a patch set are tested and certified to work with one another on the specified platforms.

Oracle has certified the dependent Middleware component patches for Identity Management products and recommends that you apply these certified patches. For more information about these patches, see Certification of Underlying or Shared Component Patches for Identity Management Products (Doc ID 2627261.1) at https://support.oracle.com.

You must satisfy the following requirements before applying this bundle patch:

• Verify that you are applying this bundle patch to an Oracle Identity Governance 12.2.1.4.0 installation.

  Note:

  When installing OPatch, you might find that interim or one off patches have already been installed.

• Download the latest version of OPatch. Oracle recommends using the latest version of OPatch to all customers. To learn more about OPatch and how to download the latest version, refer to the following:

  You can access My Oracle Support at https://support.oracle.com.

• Verify the OUI Inventory. To apply patches, OPatch requires access to a valid OUI Inventory. To verify the OUI Inventory, ensure that ORACLE_HOME/OPatch appears in your PATH for example:

  export PATH=$ORACLE_HOME/OPatch:$PATH 

  Then run the following command in OPatch inventory

  opatch lsinventory

  If the command returns an error or you cannot verify the OUI Inventory, contact Oracle Support. You must confirm the OUI Inventory is valid before applying this bundle patch.

• Confirm the opatch and unzip executables exist and appear in your system PATH, as both are needed to apply this bundle patch. Execute the following commands:

  which opatch
  which unzip

  Both executables must appear in the PATH before applying this bundle patch.

• Ensure that there are no pending JMS messages in Oracle Identity Governance server. You can monitor JMS messages with WebLogic console.

Applying OIM BUNDLE PATCH 12.2.1.4.231030 is done in the following stages:

• Understanding the Process Sequence With an Example

• Patching the Oracle Binaries (OPatch Stage)

• Stage 2: Filling in the patch_oim_wls.profile File

• Stage 3: Patching the Oracle Identity Governance Managed Servers (patch_oim_wls Stage)

1. Shutdown the Oracle Identity Governance server, WebLogic Admin Server, and SOA Managed Server.
2. Run 'Opatch apply' on ORACLE_HOME_A. See Patching the Oracle Binaries (OPatch Stage) for more information.
3. Run 'Opatch apply' on ORACLE_HOME_B. See Patching the Oracle Binaries (OPatch Stage) for more information.
4. Fill-in the patch_oim_wls.profile file and run patch_oim_wls on ORACLE_HOME_A with WebLogic Admin Server, oim_server1, and soa_server1 running. The rest of the servers on other nodes can be down.

   See Stage 2: Filling in the patch_oim_wls.profile File for information on filling in the patch_oim_wls.profile.

   See Stage 3: Patching the Oracle Identity Governance Managed Servers (patch_oim_wls Stage) for information about running patch_oim_wls.

5. Restart the managed servers on all the nodes.

1. Stop the Admin Server, all Oracle Identity Governance managed servers, and all SOA managed servers.
2. Create a directory for storing the unzipped bundle patch. This document refers to this directory as PATCH_TOP.
3. Unzip the patch zip file in to the PATCH_TOP directory you created in step 2 by using the following command:

   unzip -d PATCH_TOP p35960040_122140_Generic.zip

   Note:

   On Windows, the unzip command has a limitation of 256 characters in the path name. If you encounter this issue, use an alternate ZIP utility, for example 7-Zip to unzip the zip file.

   Run the below command to unzip the file:

   "c:\Program Files\7-Zip\7z.exe" x p35960040_122140_Generic.zip
4. Move to the directory where the patch is located. For example:

   cd PATCH_TOP/35960040

5. Set the ORACLE_HOME directory in your system. For example:

   setenv ORACLE_HOME /u01/Oracle/Middleware

6. Ensure that the OPatch executables are present in your system PATH. To update the PATH environment variable to include the path of Opatch directory, run the following command:

   export PATH=$ORACLE_HOME/Opatch:$PATH

7. Apply the bundle patch to the ORACLE_HOME using the following command for Oracle Identity Governance:

   opatch apply

   Note:

   If OPatch fails with error code 104, cannot find a valid oraInst.loc file to locate Central Inventory, include the -invPtrLoc argument, as follows:

   opatch apply -invPtrLoc ORACLE_HOME/oraInst.loc

   When OPatch starts, it will validate the patch and ensure there are no conflicts with the software already installed in the ORACLE_HOME. OPatch categorizes two types of conflicts:

   • Conflicts with a patch already applied to the ORACLE_HOME. In this case, stop the patch installation and contact Oracle Support.

   • Conflicts with subset patch already applied to the ORACLE_HOME. In this case, continue the install, as the new patch contains all the fixes from the existing patch in the ORACLE_HOME. The subset patch will automatically be rolled back prior to the installation of the new patch.

     Note:

     For clustered and multi-node installation of Oracle Identity Governance, this step must be run on all the ORACLE_HOME directories on which Oracle Identity Governance is installed.

8. Start all the servers in the OIG domain, which are the Admin Server, SOA Server, and Oracle Identity Governance Server.

Using a text editor, edit the file patch_oim_wls.profile located in the directory ORACLE_HOME/idm/server/bin/ directory and change the values in the file to match your environment. The patch_oim_wls.profile file contains sample values.

Table 1-1 lists the information to be entered for the patch_oim_wls.profile file. This file is used in next stage of the bundle patch process.

1. Make sure that the WebLogic Admin Server, SOA Managed Servers, and Oracle Identity Governance Managed Server are running.
2. Set the following environment variables:

   For LINUX or Solaris, set the JAVA_HOME environment variable:

   export JAVA_HOME=<JAVA_HOME_PATH>
   export PATH=$JAVA_HOME/bin:$PATH

   For Microsoft Windows:

   set JAVA_HOME=<JAVA_HOME_PATH>
   set ANT_HOME=\PATH_TO_ANT_DIRECTORY\ant
   set ORACLE_HOME=%MW_HOME%\idm

   Note:

   Make sure to set the reference to JDK binaries in your PATH before running the patch_oim_wls.sh (on UNIX) or patch_oim_wls.bat (on Microsoft Windows) script. This JAVA_HOME must be of the same version that is being used to run the WebLogic servers. The JAVA_HOME version from /usr/bin/ or the default is usually old and must be avoided. You can verify the version by running the following command:

   java -version

3. Execute patch_oim_wls.sh (on UNIX) or patch_oim_wls.bat (on Microsoft Windows) to apply the configuration changes to the Oracle Identity Governance server. On Linux systems, you must run the script in a shell environment using the following command:

   sh patch_oim_wls.sh

   Note:

   For EDG implementations, this script must be run against the mserver domain directory rather than the server domain directory.

4. Delete the following directory from OIG domain home:

   $DOMAIN_HOME/servers/oim_server1/tmp/_WL_user/oracle.iam.console.identity.self-service.ear_V2.0

   Here, oim_server1 is the weblogic managed server used for OIG.

5. To verify that the patch_oim_wls script has completed successfully, check the ORACLE_HOME/idm/server/bin/patch_oim_wls.log log file.

   Note:

   On running the patch_oim_wls script, the $DOMAIN_HOME/servers/MANAGED_SERVER/security/boot.properties file might be deleted. If you use a script to start the Managed Server and use the boot.properties file to eliminate the need of entering the password in the script, then create a new boot.properties file.

   In an EDG environment, the boot.properties file is in MSERVER_HOME/servers/MANAGED_SERVER/security.

6. Stop and start WebLogic Admin Server, SOA Server, and Oracle Identity Governance Server.

   • Shutting down Oracle Identity Governance server might take a long time if it is done with force=false option. It is recommended that you force shutdown Oracle Identity Governance server.

   • The patch_oim_wls script is re-entrant and can be run again if a failure occurs.

Perform the following steps to apply the bundle patch to a new instance:

• Installing a New Oracle Identity Governance Instance with OIM BUNDLE PATCH 12.2.1.4.231030

• Updating Oracle Identity Governance Web Applications

• Prerequisites of Applying the Bundle Patch

1. Start the installation by referring to Installing Oracle Identity Governance Using Quickstart Installer of Installing and Configuring Oracle Identity and Access Management. Before creating the database schema, apply the patch by using Opatch, as described in Patching the Oracle Binaries (OPatch Stage). Then, continue with schema creation.

   Note:

   It is recommended that this step is performed before creating or extending the domain with Oracle Identity Governance.
2. Create the domain by launching the configuration wizard, as specified in Configuring and Updating the Oracle Identity Governance Domain of Installing and Configuring Oracle Identity and Access Management.
3. Run the offlineConfigManager command to perform post configuration tasks. See Running the Offline Configuration Command in Installing and Configuring Oracle Identity and Access Management.
4. Start the WebLogic Admin Server, SOA Server, and OIG server.
5. Verify that you are able to log in to Oracle Identity Self Service or Oracle Identity System Administration.
6. Login to Oracle Enterprise Manager Fusion Middleware Control, and invoke the OIMSOAIntegrationMBean to integrate OIG with SOA. See Integrating Oracle Identity Governance with Oracle SOA Suite in Installing and Configuring Oracle Identity and Access Management.

1. Start the installation by referring to Configuring the Oracle Identity Governance Domain of Installing and Configuring Oracle Identity and Access Management. Before creating the database schema, apply the patch by using Opatch, as described in Patching the Oracle Binaries (OPatch Stage). Then, continue with schema creation.

   Note:

   It is recommended that this step is performed before creating or extending the domain with Oracle Identity Governance.
2. Create the domain by launching the configuration wizard, as specified in Configuring the Domain of Installing and Configuring Oracle Identity and Access Management.
3. Run the offlineConfigManager command to perform post configuration tasks.
4. Start the WebLogic Admin Server, SOA Server, and OIG server.
5. Verify that you are able to log in to Oracle Identity Self Service or Oracle Identity System Administration.
6. Login to Oracle Enterprise Manager Fusion Middleware Control, and invoke the OIMSOAIntegrationMBean to integrate OIG with SOA. See Integrating Oracle Identity Governance with Oracle SOA Suite in Installing and Configuring Oracle Identity and Access Management.

After installing a new Oracle Identity Governance instance with OIM BUNDLE PATCH 12.2.1.4.200624, perform the following post installation configuration step:

In Oracle Identity Governance deployment that is integrated with Oracle Access Manager (OAM), during user password change, the password change confirmation popup message is not displayed.

If you want to display this popup so that it is consistent with rest of the UI, then add a new system property with OIM.PasswordRedirectEnabled as the keyword by using the System Management, System Properties section of the Advanced Administration Console, and set its value to FALSE.

If this property is not present, then the value is defaulted to TRUE. If the value is TRUE, then the user is redirected to the Tasks page after the change password operation.

1. Stop Oracle Identity Governance Managed Server.
2. Login to WebLogic Administrative Console.
3. Click Lock & Edit.
4. Go to Deployments.
5. Select the oracle.iam.ui.view and oracle.iam.ui.model app, and click Update. Complete the steps of the wizard by clicking Next. Do not change anything.
6. Click Apply Changes.
7. Start Oracle Identity Governance Managed Server.

Before applying the bundle patch, perform the following prerequisites:

• This patch process makes changes to Oracle Identity Governance database schema (such as adding/modifying data), Oracle Identity Governance Meta Data Store (MDS) database schema (such as adding/modifying data), domain configuration changes, and other binary changes in the file system under ORACLE_HOME on which Oracle Identity Governance is installed. It is mandatory to create a backup of the following:

  • Oracle Identity Governance, MDS, and Service-Oriented Architecture (SOA) database schemas. For example, the database schema can be DEV_OIM, DEV_MDS schemas used by Oracle Identity Governance. Simple export of the schemas is sufficient.

  • The ORACLE_HOME directory on which Oracle Identity Governance is installed, for example, /u01/Oracle/Middleware.

  • Oracle Identity Governance WebLogic Domain location, for example, /u01/Oracle/Middleware/user_projects/domains/IAMGovernanceDomain/.

  • The UNIX user applying opatch must have read, write, and execute permissions on both ORACLE_HOME as well as WEBLOGIC_DOMAIN_HOME. You can verify this manually in the file system for DOMAIN_HOME and ORACLE_HOME.

• If you have customized the event handler file metadata/iam-features-configservice/event-definition/EventHandlers.xml in your setup, then perform the following steps to ensure that the upgrade does not override any customization done to this file:

  1. Export the metadata/iam-features-configservice/event-definition/EventHandlers.xml file from MDS, and create a backup of this file.

  2. After upgrading and running all the post install steps, export the new metadata/iam-features-configservice/event-definition/EventHandlers.xml file, merge your customization to this new file, and import it back to MDS.

  Note:

  For more information on MDS Utilities, see MDS Utilities and User Modifiable Metadata Files.

1. Perform the same verification steps and requirement checks that you made before applying the bundle patch. For example, backup the XML files and import them to a different location, verify the OUI Inventory and stop all services running from the ORACLE_HOME.
2. Move to the directory where the bundle patch was unzipped. For example:

   cd PATCH_TOP/35960040

3. Run OPatch as follows to remove the bundle patch:

   opatch rollback -id  35960040

4. Restore ORACLE_HOME, the WebLogic domain home from the backup created before applying the patch.
5. Restore the Oracle Identity Governance database using the backup you created in Step 1 of Applying the Bundle Patch to an Existing Instance.

Track Request functionality will change after this Bundle Patch is applied.

When a user performs a search in Self Service tab, Track Requests page, and in the search result table, applies Show list option as For Reportees, all the requests raised by or for the logged in user and user's direct and indirect reportee are displayed.

1. Manually copy the contents of $PATCH_DIRECTORY/files/oracle.oim.server/12.2.1.4.0/oracle.oim.symbol/server/reports/oim_product_BIPReports_12c.zip/* directory to the $BI_DOMAIN_HOME/bidata/components/bipublisher/repository/Reports/ directory.
2. Restart the BI server.

As a fix for bug# 30978612 in the bundle patch, the new XL.APHarvesting.AllowAccountDataUpdate system property is available to update the account data with the policy defaults for the accounts linked to the access policies. This system property has the following details:

Name: XL.APHarvesting.AllowAccountDataUpdate

Keyword: XL.APHarvesting.AllowAccountDataUpdate

Default value: FALSE

When this system property is set to TRUE, the account data is updated with the policy defaults for the accounts linked to access policy. If set to FALSE or if the system property does not exist, the account data is not updated.

To enable updating the account data with the policy defaults for the accounts linked to the access policies, set the values of the XL.APHarvesting.AllowAccountDataUpdate, XL.AllowAPHarvesting, XL.APHarvestRequestAccount, XL.APHarvestDirectProvisionAccount, and XL.AllowAPBasedMultipleAccountProvisioning system properties to TRUE.

1. Before running the utility, perform the following steps
   1. Edit the oim_blkld_accounts.sh script, and add the following lines, and save the script.

      $MW_HOME/wlserver/server/lib/wlfullclient.jar
      $MW_HOME/oracle_common/modules/javax.management.j2ee.jar
      

   2. Generate wlfullclient.jar if it is not available in the MW_HOME/server/lib/ directory, and grant execute (755) permisssions to the file.
2. Enter the MW_HOME directory or Press [Enter] to accept the default.
3. Enter the OIM_ORACLE_HOME directory or Press [Enter] to accept the default.
4. Enter the hostname on which OIG is running :

   It is mandatory that OIG is running on the same host.

5. Enter the port where OIG server is running :

   The default port is 14000.

6. Enter the path of OIM_HOME.
7. Enter the OIG system administrator user name.
8. Enter the OIG system administrator password.

If the bundle patch is applied after the OAM-OIG integration, then for the bug fix 31162758 to work, perform the following steps to map the Role attribute to the employeeType attribute:

1. Login to Oracle Identity Self Service.
2. Click the Manage tab, and then click the Applications box to open the Applications page.
3. Search for SSOTrusted-for-SSOTargetApp and open it.
4. Click the Schema tab.
5. Map Role to employeeType.
6. Save the changes.

If the bundle patch is applied to OIG before the integration with OAM, then the manual mapping of the attributes are not required.

For the bug fix 31605187 to work:

• If the bundle patch is applied after SSO integration, then the job parameter Incremental Recon Attribute value must be provided manually for the latest token value to get updated.

• If the bundle patch is applied before SSO integration, then manual steps are not required.

The following are the major enhancements in Oracle Identity Governance 12.2.1.4.230408:

• To enhance the user experience, the UI option Manage Notification Template option is now available under the Oracle Identity Self Service which were earlier available under the System Administration section.

  For more information refer to Manage Notification Template.

• Admin users now have the capability to add, view or modify details for proxy users from the User Details page.

  For more information, see Managing Proxies.

• The option to disable the Close As Risk Accepted action is now available for any corresponding policy violation.

  For more information, see Creating Identity Audit Policies.

The following are the major enhancements in Oracle Identity Governance 12.2.1.4.221004:

• To enhance the user experience, the following UI options are now available under the Oracle Identity Self Service which were earlier available under the System Administration section.
  • Manage Scheduler
  • Manage System Properties

  For more information refer to Managing the Scheduler and Managing System Properties.

  Note:

  Refer to Scheduler and System Properties do not come up in the Integrated Environment.

• While configuring the Certification, you can now disable Accounts for the revoke action. For more information, see Configuring Certification Options

The following are the major enhancements in Oracle Identity Governance 12.2.1.4.211010:

• The Access Policy feature is enhanced to manage the evaluation of users in the Disabled status. See Evaluating Policies.
• The Account Chooser pop-up option is enhanced to display the Account Type along with the Account Name column while creating an Entitlement request. This helps users who access multiple accounts for the same application while requesting Entitlements.
• During certification to help reviewers for identifying the correct accounts, reviewers can use the Account Type option.
• The Resource History details of the Accounts section is enhanced to display the Entitlement Name and Request ID.
• Manual Fulfillment task, Accounts and Entitlement tabs under User Access UI are enhanced to display the Role Request ID.
• When users have entitlements provisioned outside of the Access Policies, a new option is provided which helps in keeping the account in the Active state. See Revoking or Disabling the Policy.
• The updateRoleGrant API of RoleManager is enhanced to start owner startDate and endDate attributes.
• The Reconciliation Jobs section of the Application Instance is enhanced with separate reconciliation jobs for defining and managing of the application instance during application on boarding. See Creating Application Instances.
• The Certification feature is enhanced to support mandatory certification comments on certify and non certify operations. The certification comments can also be mined from previous certifications and request justification. This helps the reviewer by providing better context about the access during certification. See About Pre-populate Certification Comments.

The following are the major enhancements in Oracle Identity Governance 12.2.1.4.210708:

• To improve the reset password performance in Active Directory (AD) integration, a new system property is available which needs to be set to True and the certificate from the AD target needs to be imported. See the following topics:

  • Default System Properties in Oracle Identity Governance
  • Improving Reset Password Performance on AD Integration

The following section lists the issues resolved in Release 12.2.1.4.231030:

• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.231030
• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.230708
• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.230408
• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.221215
• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.221004
• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220703
• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220413
• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220115
• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.211010

• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210708

• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210428

• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210112

• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.201011

• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200624

• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200505

• Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200206

Known issues and their workarounds in Oracle Identity Governance Release 12.2.1.4.0 are described in the Oracle Identity Governance chapter of the Release Notes for Oracle Identity Management document. You can access the Release Notes document in the Oracle Identity Management Documentation library at the following URL:

https://docs.oracle.com/en/middleware/idm/suite/12.2.1.4/idmrn/index.html

This section describes the issues and workarounds in this BP release of Oracle Identity Governance:

• Members Tab in Admin Role Freezes While Searching
• Revoke Multiple Entitlements Using Rest API
• Adding Missing ObjectClasses With OID
• Entitlement Type Not Available for Certification Reports

• Errors Related to the For Reportees Feature

• Identity Self Service and Identity System Administration Not Accessible

• Revoking Membership Does Not Work

• Upgrade Assistant Fails With StringIndexOutOfBoundsException

• Error on Running Bulk Load on ATP-D Setup

Issue:

The Members tab in the Admin Role freezes while you are trying to search for users and add them.

Resolution:

When this issue appears, the ADF patch 34247006 is required to resolve this issue.

While revoking multiple entitlements, a request gets created automatically if you use the REST client such as POSTMAN.

To view the request, navigate to Pending Approvals. If you approve the request without visiting the Pending Approvals section, the entitlements gets revoked. Select the specific request which opens the Request Details page.

An error, ORA-00911: invalid character is displayed and the entitlements are removed from the cart.

As a workaround for the bug 33541821, while running OIGOAMIntegration.sh for adding the missing ObjectClasses with OID *only*, if you encounter the following error, then re-run the command and add the missing objectClasses.

Context Initialization Error

Solution:uncomment line number 227 in _OIGOAMIntegration.sh:

read -p "Enter OID's ORACLE_HOME": ORACLE_HOME

In this patch, the feature Entitlement Type is introduced. The Certification UI and the Certification report does not display Entitlement Type details.

While using the Organization Name search criteria, at least one direct reportee should be associated with the organization. When organization name outside the reportee's organization is entered, the following error message is displayed:

IAM-2053037 : An error occurred while searching for the reportees as the organization name is invalid or not associated with any reportee (This is EXPECTED). Atleast 1 direct reportee should belong to the org name being searched.

The total number of direct reportees and indirect reportees must not exceed 1000. For Reportees does not work if number of direct reportees and indirect reportees are more than 1000, and the following error message is displayed:

“IAM-2053036 : An error occurred while searching for the reportees as the reportee size exceeded the limit 1,200. Please retry with other search criteria”

1. In WebLogic Server Administration Console, go to Deployments, and click Lock and Edit.
2. Select the oracle.iam.ui.model(1.0,11.1.1.5.0) library, and click Delete. Do the same for the oracle.iam.ui.view(11.1.1,11.1.1) library.
3. Click Activate Changes.
4. In Deployments, click Lock and Edit.
5. Click Install, install the oracle.iam.ui.model(1.0,11.1.1.5.0) as a library by following all the default settings, and select the OIM cluster/server as the target. Click Finish and Save. Repeat for the same for the oracle.iam.ui.view(11.1.1,11.1.1) library.
6. Click Activate Changes. The libraries are running in Active state.
7. In Deployments, click Lock and Edit, and then click the Control tab.
8. Select oracle.iam.console.identity.sysadmin.ear, which is in the Prepared state, and then select Start / Serving all requests.
9. Select oracle.iam.console.identity.self-service.ear, which is in the Prepared state, and then select Start / Serving all requests.
10. After the two applications go to the Active state, click Release configuration.

As part of the bug fix for 31605168, the entitlements are now updated with new role names, but the revoking of membership is not working.

Running the Upgrade Assistant for upgrading Oracle Identity Manager 11g Release 2 (11.1.2.3.0) to Oracle Identity Governance 12c (12.2.1.4) fails with the following error:

[2020-04-14T16:03:48.087-04:00] [Framework] [ERROR] [] [upgrade.Framework] [tid: XX] [ecid: XXXX] [[
  java.lang.StringIndexOutOfBoundsException: String index out of range: -19
  at java.lang.String.substring(String.java:1967)
  at oracle.iam.oimupgrade.mrua.OIMMRUA.readiness(OIMMRUA.java:345)
  at oracle.ias.update.plugin.Plugin.readiness(Plugin.java:595)
  at oracle.ias.update.plan.PlanStep.readiness(PlanStep.java:730)
  at oracle.ias.update.PhaseProcessor$ReadinessProcessor.runStepPhase(PhaseProcessor.java:873)
  at oracle.ias.update.PhaseProcessor.runStep(PhaseProcessor.java:369)
  at oracle.ias.update.PhaseProcessor$ExtendedRunnable.run(PhaseProcessor.java:1058)
  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
  at java.lang.Thread.run(Thread.java:748)
]]

The issue takes place during the MDS backup. The cause of the error is the MDS JDBC URL used, which is in the form:

jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=xxxx)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=xxxx)
      (PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=xxxx)(FAILOVER_MODE=(TYPE=select)(METHOD=basic))))

The upgrade tool does not expect complex URLs with something before the address field.

To workaround this issue, remove (LOAD_BALANCE=ON) from the JDBC URL.

When you run the Bulk Load utility on ATP-D by using wallet, the utility exits with the following error:

./oim_blkld_usr_load.sh: line 260: /home/opc/db18c/bin/sqlplus: Permission denied
./oim_blkld_usr_load.sh: line 311: /home/opc/db18c/bin/sqlplus: Permission denied
./oim_blkld_usr_load.sh: line 336: /home/opc/db18c/bin/sqlplus: Permission denied
./oim_blkld_usr_load.sh: line 361: /home/opc/db18c/bin/sqlplus: Permission denied
./oim_blkld_usr_load.sh: line 386: /home/opc/db18c/bin/sqlplus: Permission denied
./oim_blkld_usr_load.sh: line 411: /home/opc/db18c/bin/sqlplus: Permission denied
./oim_blkld_usr_load.sh: line 436: /home/opc/db18c/bin/sqlplus: Permission denied
./oim_blkld_usr_load.sh: line 462: /home/opc/db18c/bin/sqlplus: Permission denied
./oim_blkld_usr_load.sh: line 486: /home/opc/db18c/bin/sqlplus: Permission denied

To workaround this issue:

1. Log in to Oracle WebLogic Administration Console as an administrator.

2. Click Services, Datasources.

3. Select the oimOperationsDB datasource.

4. Click Connection Pool, and check the URL value. It is similar to the following:

   jdbc:oracle:thin:@(DESCRIPTION=(CONNECT_TIMEOUT=120)(RETRY_COUNT=20)(RETRY_DELAY=3)(TRANSPORT_CONNECT_TIMEOUT=3)(ADDRESS_LIST=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=abc.example.com)(PORT=1521)))
   (CONNECT_DATA=(SERVICE_NAME=db.example.com)))

5. Use the hostname, port, and service name from the URL value to run the Bulk Load utility.

For more information, see the following resources:

• Oracle Fusion Middleware Documentation

  This contains documentation for all Oracle Fusion Middleware 12c products.

• Oracle Technology Network

  This site contains additional documentation that is not included as part of the documentation libraries.

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.