| Oracle® Identity Manager Installation and Upgrade Guide for WebLogic Release 9.0 B28761-01 |
|
 Previous |
 Next |
| Oracle® Identity Manager Installation and Upgrade Guide for WebLogic Release 9.0 B28761-01 |
|
Previous |
Next |
After you have installed Oracle Identity Manager, you must complete some post-installation tasks before you can use the application. Some of these tasks are common to all types of Oracle Identity Manager component installations; others are application server-specific tasks. This chapter describes:
General post-installation tasks for all Oracle Identity Manager installations—see "General Post-installation Tasks" for more information.
Post-installation tasks for a WebLogic configuration—see "Post-Installation Steps for WebLogic" for more information.
For any Oracle Identity Manager installation, you must change the keystore passwords from their defaults. If you are using a Remote Manager, you must enable a trust relationship between the Remote Manager and the Oracle Identity Manager server. Several of these tasks are optional and not required for system operation.
Oracle Identity Manager has two keystores: one for the Oracle Identity Manager server and one for the database. During installation, the passwords for both are set to xellerate. You can use the keytool to change the keystore password for either keystore. Oracle recommends changing the keystore passwords for all production installations.
To change the keystore password:
Open a command prompt on the Oracle Identity Manager host computer.
Navigate to the <XL_HOME>\xellerate\config directory.
Run the keytool with the following options:
<JAVA_HOME>\jre\bin\keytool -storepasswd -new <new_password> -storepass xellerate -keystore .xlkeystore -storetype JKS
where <JAVA_HOME> is the location of the Java directory associated with your application server, <new_password> is the new password for the keystore, the keystore option is the keystore whose password you are changing the (.xlkeystore for the Oracle Identity Manager server, or .xldatabasekey for the database), and and the storetype option is JKS for .xlkeystore and JCEKS for .xldatabasekey.
Launch a plain-text editor, then open the file xlconfig.xml, which is located in the directory <XL_HOME>\xellerate\config.
Edit the <xl-configuration>.<Security>.<XLPKIProvider>.<KeyStore> section to specify the keystore password.
|
Note: Change the <XLSymmetricProvider>.<KeyStore> section of the configuration file to update the password for the database keystore (.xldatabasekey). |
Change the password tag to encrypted=ÓfalseÓ.
Enter the password (in the clear). For example, change the following block
<Security> <XLPKIProvider>
<KeyStore>
<Location>.xlkeystore</Location>
<Password encrypted=ÓtrueÓ>xYr5V2FfkRYHxKXHeT9dDg==</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
to the following:
<Security>
<XLPKIProvider>
<KeyStore> <Location>.xlkeystore</Location> <Password encrypted="false">newpassword
</Password> <Type>JKS</Type> <Provider>sun.security.provider.Sun</Provider></KeyStore>
Restart your application server.
When you stop and start the application server, a backup of the configuration file is created. The configuration file (with the new password) is read in, and the password is encrypted in the file.
If all of the preceding steps have succeeded, you can delete the backup file.
Oracle Identity Manager uses log4j for logging. For WebLogic-based Oracle Identity Manager installations, logging is configured in the logging properties file, <XL_HOME>/xellerate/config/log.properties.
By default, Oracle Identity Manager is configured to output at the Warning level. You can change the log level universally for all components or for an individual component. For normal operation of Oracle Identity Manager, this post-installation configuration step is not required.
The components are listed in the <XL_HOME>\xellerate\config\log.properties file in the XELLERATE section. They are:
log4j.logger.XELLERATE.ACCOUNTMANAGEMENTlog4j.logger.XELLERATE.SERVERlog4j.logger.XELLERATE.RESOURCEMANAGEMENTlog4j.logger.XELLERATE.REQUESTSlog4j.logger.XELLERATE.WORKFLOWlog4j.logger.XELLERATE.WEBAPPlog4j.logger.XELLERATE.SCHEDULERlog4j.logger.XELLERATE.SCHEDULER.Tasklog4j.logger.XELLERATE.ADAPTERSlog4j.logger.XELLERATE.JAVACLIENTlog4j.logger.XELLERATE.POLICIESlog4j.logger.XELLERATE.RULESlog4j.logger.XELLERATE.DATABASElog4j.logger.XELLERATE.APISlog4j.logger.XELLERATE.OBJECTMANAGEMENTlog4j.logger.XELLERATE.JMSlog4j.logger.XELLERATE.REMOTEMANAGERlog4j.logger.XELLERATE.CACHEMANAGEMENTlog4j.logger.XELLERATE.ATTESTATIONlog4j.logger.XELLERATE.AUDITOR
To set Oracle Identity Manager log levels in Oracle Identity Manager running on WebLogic, edit the logging properties file (log.properties).
Complete the following steps to set log levels:
Open the <XL_HOME>\xellerate\config\log.properties file in a text editor. This file contains a general setting for Oracle Identity Manager and specific settings for the components and modules that comprise Oracle Identity Manager.
By default, Oracle Identity Manager is configured to output at the Warning level:
log4j.logger.XELLERATE=WARN
This is the general value for Oracle Identity Manager. Individual components and modules are listed following the general value in the properties file. You can set individual components and modules to different log levels. The log level for a specific component overrides the general setting.
Set the general value to the desired log level. The following is a list of the supported log levels, appearing in descending order of information logged (DEBUG logs the most information and FATAL logs the least information):
DEBUG
INFO
WARN
ERROR
FATAL
Set other component log levels as desired. Individual components or modules can have different log levels. For example, the following values set the log level for the Account Management module to INFO, while the server is at DEBUG and the rest of Oracle Identity Manager is at the WARN level.
log4j.logger.XELLERATE=WARNlog4j.logger.XELLERATE.ACCOUNTMANAGEMENT=INFOlog4j.logger.XELLERATE.SERVER=DEBUG
Save your changes.
Restart your application server so that the changes take effect.
After you install the Oracle Identity Manager software, perform the tasks in this section:
Once you install Oracle Identity Manager, you must set the memory size, set up the authentication information for Oracle Identity Manager, then create and configure an XML registry.
To configure WebLogic for Oracle Identity Manager:
Use the WebLogic administration console to shutdown the application server gracefully.
Navigate to <WEBLOGIC_HOME>\user_projects\domains\<domain_name> (for example, C:\bea\user_projects\domains\mydomain).
Open the WebLogic start script file in a text editor. The start script is:
startWebLogic.cmd for Windows.
startWebLogic.sh for Solaris.
Edit the script to specify memory options:
For Windows:
Locate the line that starts with:
%JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS%
and add the following line preceding it:
MEM_ARGS=Ó-Xmx1024mÓexport MEM_ARGS
Save and close the file.
Restart the WebLogic server by navigating to the directory
<XL_HOME>\xellerate\bin\ and running xlStartServer.bat (for Windows) or xlStartServer.sh (for UNIX).
Login to the WebLogic administration console.
In the left frame, select Security, select Realms, select myrealms, select Providers, then select Authentication.
Click Configure a new Xellerate Authenticator.
Leave Name as the default.
Set the Control Flag to Sufficient, then click Create.
In the left frame, click Authentication and select DefaultAuthenticator.
Set the Control Flag to Sufficient, then click Apply.
In the left frame, click Services.
Right-click XML, then select Configure a new XMLRegistry from the short-cut menu.
Enter the registry information:
Enter a unique name, such as Oracle Identity Manager XML registry.
Use default values for the other fields, then click Create.
Click the Target and Deploy tab.
Click the server check box to select it (myserver is the default server name).
Click Apply.
|
Note: For clustered environments, be sure perform this step on all cluster members. |
In the left-hand frame, click XML, then click your new XML registry entry to expand it.
Right-click Parser Select Entries, then select Configure a New XMLPareserSelectRegistryEntry from the short-cut menu.
Enter the configuration information:
Make sure the Public ID field is blank.
Make sure the System ID field is blank.
In the Root Element Tag field, enter database.
In the Document Builder Factory field, enter the following string:
org.apache.crimson.jaxp.DocumentBuilderFactoryImpl
Make sure the Parser Class Name field is blank.
In the SAX Parser Factory field, enter the following string:
org.apache.xerces.jaxp.SAXParserFactoryImpl.
Click Create.
Stop the WebLogic application server gracefully.
If you are using an Oracle database, copy the ojdbc14.jar file from <XL_HOME>\xellerate\ext\ to <WEBLOGIC_HOME>\weblogic81\server\lib\. For clustered environments, copy the ojdbc14.jar file to <WEBLOGIC_HOME>\weblogic81\server\lib\ on each of the XLMANAGED_SERVER_HOST nodes in the cluster.
Restart the WebLogic Server in order for the new configuration to become active.
After you install Oracle Identity Manager on WebLogic, you must set up an XA connection by completing the following steps:
Log in to the WebLogic administrative console, and select Services.
Select JDBC on the Services page.
Select Connection Pools on the JDBC page.
Select xlXAConnectionPool on the Connection Pools page.
Select the Connections tab.
Select Show under Advanced Options.
Select Keep XA Connection Till Transaction Complete.
Click Apply to commit your changes.
Restart your WebLogic application server.
Use the following steps to enable SSO for Oracle Identity Manager:
Stop the application server gracefully.
Launch a plain-text editor and open the
<XL_HOME>\xellerate\config\xlconfig.xml file.
Locate the following SSO configuration (these are the default settings without SSO):
<web-client> <Authentication>Default</Authentication> <AuthHeader>REMOTE_USER</AuthHeader></web-client>
