27.7 Completing the Migration of the Identity Applications

After upgrading or migrating the identity applications, complete the migration process.

27.7.1 Preparing an Oracle Database for the SQL File

During the installation process, you might have chosen to write a SQL file to update the identity applications database. If your database runs on an Oracle platform, you must perform some steps before you can run the SQL file.

  1. In the database, run the following SQL statements:

    ALTER TABLE DATABASECHANGELOG ADD ORDEREXECUTED INT;
    UPDATE DATABASECHANGELOG SET ORDEREXECUTED = -1;
    ALTER TABLE DATABASECHANGELOG MODIFY ORDEREXECUTED INT NOT NULL;
    ALTER TABLE DATABASECHANGELOG ADD EXECTYPE VARCHAR(10);
    UPDATE DATABASECHANGELOG SET EXECTYPE = 'EXECUTED';
    ALTER TABLE DATABASECHANGELOG MODIFY EXECTYPE VARCHAR(10) NOT NULL;
  2. Run the following updateSQL command:

    C:\NetIQ\idm\jre\bin\java -Xms256m -Xmx256m -Dwar.context.name=IDMProv -
    Ddriver.dn="cn=User Application Driver,cn=driverset1,o=system" -
    Duser.container="o=data" -jar C:\NetIQ\idm\jre\liquibase.jar --
    databaseClass=liquibase.database.core.PostgresDatabase --
    driver=org.postgresql.Driver --
    classpath=C:\NetIQ\idm\apps\postgresql\postgresql-9.4.1212jdbc42.jar
    C:\NetIQ\idm\apps\UserApplication\IDMProv.war --
    changeLogFile=DatabaseChangeLog.xml --url="jdbc:postgresql://localhost:5432/
    idmuserappdb" --contexts="prov,newdb" --logLevel=info --
    logFile=C:\NetIQ\idm\apps\UserApplication\db.out --username=******** --
    password=******** update
  3. In a text editor, open the SQL file, by default in the \installation_path\userapp\sql directory.

  4. Insert a backslash (/) after the definition of the function CONCAT_BLOB. For example

      -- Changeset icfg-data-load.xml::700::IDMRBPM
    CREATE OR REPLACE FUNCTION CONCAT_BLOB(A IN BLOB, B IN BLOB) RETURN BLOB AS
                    C BLOB;
                BEGIN
                    DBMS_LOB.CREATETEMPORARY(C, TRUE);
                    DBMS_LOB.APPEND(C, A);
                    DBMS_LOB.APPEND(C, B);
                    RETURN c;
                END;
    /
  5. Execute the SQL file.

    For more information about running the SQL file, see Manually Creating the Database Schema.

    NOTE:Do not use SQL*Plus to execute the SQL file. The line lengths in the file exceed 4000 characters.

27.7.2 Flushing the Browser Cache

Before you log in to the identity applications, you should flush the cache on the browser. If you do not flush the cache, you might experience some runtime errors.

27.7.3 Using the Legacy Provider or an External Provider for Managing Passwords

By default, Identity Manager uses SSPR for password management. However, to use your existing password policies, you might want to use Identity Manager’s internal legacy provider. Alternatively, you can use an external provider. For more information about configuring Identity Manager for these providers, see one of the following sections:

27.7.4 Updating the Maximum Timeout Setting for the SharedPagePortlet

If you have customized any of the default settings or preferences for the SharedPagePortlet, then it has been saved to your database and this setting will get overwritten. As a result, navigating to the Identity Self-Service tab might not always highlight the correct Shared Page. To be sure that you do not have this problem, complete the following steps:

  1. Log in as a User Application Administrator.

  2. Navigate to Administration > Portlet Administration.

  3. Expand Shared Page Navigation.

  4. In the portlet tree on the left, click Shared Page Navigation.

  5. On the right side of the page, click Settings.

  6. Ensure that Maximum Timeout is set to 0.

  7. Click Save Settings.

27.7.5 Disabling the Automatic Query Setting for Groups

By default, the DNLookup Display for the Group entity in the Directory Abstraction Layer is enabled. This means that whenever the object selector is opened for a group assignment, all the groups are displayed by default without the need to search them. You should change this setting, since the window to search for groups should be displayed without any results until the user provides input for search.

You can change this setting in Designer by unchecking Perform Automatic Query, as shown below: