Oracle® Identity Manager Installation Guide for Oracle Containers for J2EE Release 9.0 Part Number B32148-02 |
|
|
View PDF |
After you have installed Oracle Identity Manager, you must complete some post-installation tasks before you can use the application. Additionally, there are several optional post-installation tasks you may choose to complete, depending on your deployment, before using the application. The following is a list of the sections in this chapter:
After you install Oracle Identity Manager on OC4J you must perform the tasks in this section for Oracle Identity Manager to operate properly.
After installing Oracle Identity Manager on OC4J you must increase the OC4J heap size before using Oracle Identity Manager. Perform the following steps to increase the OC4J heap size:
Open the <OC4J_HOME>\opmn\conf\opmn.xml file in a text editor.
Search for the following string:
-XX:MaxPermSize=128M
Change this string to the following:
-XX:MaxPermSize=512M
Save and close the <OC4J_HOME>\opmn\conf\opmn.xml file.
Restart the OC4J application server after increasing the heap size.
After installing Oracle Identity Manager on OC4J you must increase the number of MDB listener threads before using Oracle Identity Manager. By default, the number of listener threads is set to 1 and you must increase that setting to 15. Perform the following steps to increase the number of MDB listener threads:
Open the <XL_HOME>\xellerate\DDTemplates\BO\orion-ejb-jar.xml file in a text editor.
Add a listener thread attribute by inserting the following text:
<message-driven-deployment name="MessageHandlerMDB" connection-factory-location="jms/XAQueueConnectionFactory" destination-location="queue/xlQueue" listener-threads="15" >
Save and close the orion-ejb-jar.xml file.
Run the <XL_HOME>\setup\patch_oc4j command.
Restart the OC4J application server.
After installing Oracle Identity Manager on OC4J you must configure JMS file-based persistence to ensure messages in the JMS queue can continue to be processed after the server restarts. Perform the following steps to configure JMS file-based persistence:
Stop the OC4J application server if it is running.
Open the <OC4J_HOME>\j2ee\home\config\jms.xml file in a text editor.
Add a persistence file attribute for xlQueue by inserting the following text:
<queue name="xlQueue" location="queue/xlQueue" persistence-file="xlQueueJMSStore" >
Add a persistence file attribute for xlErrorQueue by inserting the following text:
<queue name="xlErrorQueue" location="queue/xlErrorQueue" persistence-file="xlErrorQueueJMSStore" >
Save and close the jms.xml file.
Start the OC4J application server.
After installing Oracle Identity Manager, you should considering performing the optional post-installation tasks documented in this section before using the application. Depending on your Oracle Identity Manager deployment, you may choose not to perform some of these tasks.
Oracle Identity Manager has two keystores: one for the Oracle Identity Manager server and one for the database. During installation, the passwords for both are set to xellerate. Oracle recommends changing the keystore passwords for all production installations. You can use the keytool to change the keystore password for either keystore.
To change the keystore password:
Open a command prompt on the Oracle Identity Manager host computer.
Navigate to the <XL_HOME>\xellerate\config directory.
Run the keytool with the following options:
<
JAVA_HOME
>\jre\bin\keytool -storepasswd -new <
new_password
> -storepass xellerate -keystore .xlkeystore -storetype JKS
Table 7-1 lists the options used in the preceding example of keytool usage:
Table 7-1 Command Options for keytool
Option | Description |
---|---|
|
Location of the Java directory associated with the application server |
|
New password for the keystore |
|
Keystore whose password you are changing (.xlkeystore for the Oracle Identity Manager server or .xldatabasekey for the database) |
|
JKS for .xlkeystore and JCEKS for .xldatabasekey |
Launch a plain-text editor, then open the <XL_HOME>\xellerate\config\xlconfig.xml file.
Edit the <xl-configuration>.<Security>.<XLPKIProvider>.<KeyStore> section to specify the keystore password.
Note:
Change the <XLSymmetricProvider>.<KeyStore> section of the configuration file to update the password for the database keystore (.xldatabasekey).Change the password tag to encrypted
="false
".
Enter the password (in the clear). For example, change the following block:
<Security> <XLPKIProvider> <KeyStore> <Location>.xlkeystore</Location> <Password encrypted="true">xYr5V2FfkRYHxKXHeT9dDg==</Password> <Type>JKS</Type> <Provider>sun.security.provider.Sun</Provider> </KeyStore>
to the following:
<Security> <XLPKIProvider> <KeyStore> <Location>.xlkeystore</Location> <Password encrypted="false">newpassword</Password> <Type>JKS</Type> <Provider>sun.security.provider.Sun</Provider> </KeyStore>
Restart your application server.
When you stop and start the application server, a backup of the configuration file is created. The configuration file (with the new password) is read in, and the password is encrypted in the file.
If all of the preceding steps have succeeded, you can delete the backup file.
Oracle Identity Manager uses log4j for logging. Logging levels are configured in the logging properties file, <XL_HOME>/xellerate/config/log.properties. By default, Oracle Identity Manager is configured to output at the Warning level. You can change the log level universally for all components or for an individual component.
Oracle Identity Manager components are listed in the <XL_HOME>\xellerate\config\log.properties file in the XELLERATE section, for example:
log4j.logger.XELLERATE=WARN log4j.logger.XELLERATE.DDM=DEBUG log4j.logger.XELLERATE.ACCOUNTMANAGEMENT=DEBUG log4j.logger.XELLERATE.SERVER=DEBUG log4j.logger.XELLERATE.RESOURCEMANAGEMENT=DEBUG log4j.logger.XELLERATE.REQUESTS=DEBUG log4j.logger.XELLERATE.WORKFLOW=DEBUG log4j.logger.XELLERATE.WEBAPP=DEBUG log4j.logger.XELLERATE.SCHEDULER=DEBUG log4j.logger.XELLERATE.SCHEDULER.Task=DEBUG log4j.logger.XELLERATE.ADAPTERS=DEBUG log4j.logger.XELLERATE.JAVACLIENT=DEBUG log4j.logger.XELLERATE.POLICIES=DEBUG log4j.logger.XELLERATE.RULES=DEBUG log4j.logger.XELLERATE.DATABASE=DEBUG log4j.logger.XELLERATE.APIS=DEBUG log4j.logger.XELLERATE.OBJECTMANAGEMENT=DEBUG log4j.logger.XELLERATE.JMS=DEBUG log4j.logger.XELLERATE.REMOTEMANAGER=DEBUG log4j.logger.XELLERATE.CACHEMANAGEMENT=DEBUG log4j.logger.XELLERATE.ATTESTATION=DEBUG log4j.logger.XELLERATE.AUDITOR=DEBUG
To set Oracle Identity Manager log levels, edit the logging properties in the <XL_HOME>\xellerate\config\log.properties file as follows:
Open the <XL_HOME>\xellerate\config\log.properties file in a text editor. This file contains a general setting for Oracle Identity Manager and specific settings for the components and modules that comprise Oracle Identity Manager.
By default, Oracle Identity Manager is configured to output at the Warning level:
log4j.logger.XELLERATE=WARN
This is the general value for Oracle Identity Manager. Individual components and modules are listed following the general value in the properties file. You can set individual components and modules to different log levels. The log level for a specific component overrides the general setting.
Set the general value to the desired log level. The following is a list of the supported log levels, appearing in descending order of information logged (DEBUG logs the most information and FATAL logs the least information):
DEBUG
INFO
WARN
ERROR
FATAL
Set other component log levels as desired. Individual components or modules can have different log levels. For example, the following values set the log level for the Account Management module to INFO, while the server is at DEBUG and the rest of Oracle Identity Manager is at the WARN level.
log4j.logger.XELLERATE=WARNlog4j.logger.XELLERATE.ACCOUNTMANAGEMENT=INFOlog4j.logger.XELLERATE.SERVER=DEBUG
Save your changes.
Restart your application server so that the changes take effect.