| Oracle® Identity Manager Installation Guide for Oracle Application Server Release 9.0.3 Part Number B32459-02 |
|
|
View PDF |
| Oracle® Identity Manager Installation Guide for Oracle Application Server Release 9.0.3 Part Number B32459-02 |
|
|
View PDF |
This chapter explains how to install Oracle Identity Manager Remote Manager. It contains the following sections:
Complete the following steps to install the Remote Manager on a Windows host:
Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Launch Windows Explorer, then navigate to the installServer directory on the installation CD.
Double-click the setup_rm.exe file.
Choose a language from the list on the Installer screen. The Welcome page appears.
On the Welcome page, click Next.
On the Target directory page, complete one of the following sub-steps:
Important:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a machine that is hosting another Oracle Identity Manager component (the server or the Design Console), specify an install directory that hasn't been used yet.The default directory for Oracle Identity Manager products is C:\oracle. To install Remote Manager into this directory, click Next.
To install Remote Manager into another directory, enter the path in the Directory name field, and click Next.
or
Navigate to the desired location, then click Next.
Note:
If the directory path that you specified does not exist, the Base Directory settings text box appears: Click OK. Oracle Identity Manager creates this directory for the Oracle Identity Manager server. If you do not have write permission to create the default directory for the Oracle Identity Manager server, a message appears informing you that the installer could not create the directory. Click OK to dismiss the message, then contact your System Administrator to obtain the appropriate permissions.Select either the JRE that is installed with Oracle Identity Manager or specify an existing JRE. Click Next. The Remote Manager Configuration screen appears.
On the Remote Manager Configuration page, enter the appropriate information for the Remote Manager:
Enter the Service Name.
Use the default, pre-filled value of 12346 as the binding port.
Use the default, pre-filled value of 12345 as the Remote Manager SSL port.
Click Next.
On the Shortcut page, select (or deselect) the check boxes for the shortcut options according to your preferences:
Choose to create a shortcut for the Remote Manager on the desktop.
Choose to create a shortcut for the Remote Manager on the Start Menu.
Click Next when you are satisfied with the check box settings.
On the Summary page, review the configuration details, and then click Install to initiate installation.
After the installation has completed, click Finish on the Completed page to exit.
To install the Remote Manager on UNIX or Linux:
Note:
Before installing the Remote Manager you must set the JAVA_Home variable to the JRE included with the Remote Manager installer.Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
From the File Manager, access the installServer directory on the installation CD.
Run the install_rm.sh file. The command-line installer starts.
Choose a language from the list by entering a number and then entering 0 to apply the language. The Welcome panel appears.
On the Welcome panel, enter 1 to move to the next panel. The Target directory panel appears.
On the Target directory panel, enter the path to the directory where you want to install the Oracle Identity manager Remote Manager. The default directory is /opt/oracle.
Enter 1 to move to the next panel.
If the directory does not exist, you are asked to create it. Enter y for yes.
Important:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a machine that is hosting an Oracle Identity Manager server, you must specify a unique install directory.Specify the JRE to use with Remote Manager:
Enter 1 to install the JRE included with Oracle Identity Manager.
Enter 2 to use an existing JRE at a specified location.
Enter 0 to accept your selections
Enter 1 to move to the next panel.
The Remote Manager Configuration panel appears.
On the Remote Manager Configuration panel, enter the Remote Manager configuration information:
Enter the Service Name, or press the Enter key to accept the default.
Enter 12346 as the Remote Manager binding port.
Enter 12345 as the Remote Manager SSL port.
Enter 1 to move to the next panel.
The Remote Manager installation summary panel appears.
Check the information.
Enter 2 to go back and make changes.
Enter 1 to start the installation.
Oracle Remote Manager installs and the Post Install Summary panel appears.
Enter 3 to finish the Remote Manager installation.
The Remote Manager and Oracle Identity Manager server communicate using SSL. If you are using Remote Manager, you must enable a trust relationship between your Oracle Identity Manager server and the Remote Manager. (The server must trust the Remote Manager certificate).
Optionally, you can enable client-side authentication (where the Remote Manager checks the server's certificate). Import the Remote Manager's certificate into your Oracle Identity Manager server's keystore and make it trusted. For client-side authentication, import the certificate for your Oracle Identity Manager server into the keystore for your Remote Manager, then make that certificate trusted. You must also manually edit the configuration file associated with the server, and depending on the options you selected during Remote Manger installation, the Remote Manager configuration file as well.
To configure the Remote Manager certificates:
Copy the Remote Manager certificate to the server computer. On the Remote Manager computer, locate the file <XL_RM_HOME>\xlremote\config \xlserver.cert and copy it to the server computer.
Note:
The server certificate in <XL_HOME>\config is also named xlserver.cert, so make sure you do not overwrite that certificate.Open a command prompt on the server computer.
To import the certificate using the keytool, use the following command:
<JAVA_HOME>\jre\bin\keytool -import -alias rm_trusted_cert -file <RM_cert_location>\xlserver.cert -trustcacerts -keystore <XL_HOME>\xellerate\config\.xlkeystore -storepass xellerate
<JAVA_HOME> is the location of the Java directory for your application server, the value of alias is an arbitrary name for the certificate in the store, and <RM_cert_location> is the location where you copied the certificate.
Note:
If you changed the keystore password, substitute that for xellerate for the value of the storepass variable.Enter Y at the prompt to trust the certificate.
Launch a plain-text editor, then open the <XL_HOME>\xellerate\config\xlconfig.xml file.
Locate the <RMIOverSSL> property and set it to true, for example:
<RMIOverSSL>true</RMIOverSSL>
Locate the <KeyManagerFactory> property and set the value to SUNX509. For example:
<KeyManagerFactory>SUNX509</KeyManagerFactory>
Save the file.
Restart your application server.
Complete the following steps if you want to use your own certificate:
On the Remote Manager Server System:
Import your custom key in a new keystore (new_keystore_name) other than .xlkeystore. Be sure to remember the password (new_keystore_pwd) you used for the new keystore.
Copy this new keystore to the <XL_RM_HOME>\xlremote\config\ directory.
Open <XL_RM_HOME>\xlremote\config\xlconfig.xml using a text editor.
Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:
<KeyStore>
<Location>new_keystore_name</Location>
<Password encrypted="false">new_keystore_pwd</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
Restart the Remote Manager Server and open xlconfig.xml to make sure the password for the new keystore was encrypted.
On the Oracle Identity Manager Server System:
Import the same certificate key used in the Remote Manager system to a new keystore (new_svrkeystore_name) other than .xlkeystore. Be sure to remember the password (new_svrkeystor_pwd) you used for the new keystore.
Copy this new keystore to the <XL_HOME>\xellerate\config directory.
Open <XL_HOME>\xellerate\config\xlconfig.xml using a text editor.
Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:
<TrustStore> <Location>new_svrkeystore_name</Location> <Password encrypted="false">new_svrkeystor_pwd</Password> <Type>JKS</Type> <Provider>sun.security.provider.Sun</Provider></TrustStore>
Restart the Oracle Identity Manager Server and open xlconfig.xml to make sure the password for the new keystore was encrypted.
To enable client-side authentication:
On the machine hosting the Remote Manager, launch a plain-text editor and open <XL_RM_HOME>\xlremote\config\xlconfig.xml
Set the <ClientAuth> property to true, for example:
<ClientAuth>true</ClientAuth>
Ensure the <RMIOverSSL> property is set to true, for example:
<RMIOverSSL>true</RMIOverSSL>
Locate the <KeyManagerFactory> property and set the value to SUNX509. For example:
<KeyManagerFactory>SUNX509</KeyManagerFactory>
Save the file.
Copy the server certificate to the Remote Manager computer. On the server computer, locate the file <XL_HOME>\xellerate\config\xlserver.cert and copy it to the Remote Manager computer.
Note:
The Remote Manager certificate is also named xlserver.cert, so make sure you do not overwrite that certificate.Open a command prompt on the Remote Manager computer.
Import the certificate using the keytool, use the following command:
<JAVA_HOME>\jre\bin\keytool -import -alias trusted_server_cert -file <server_cert_location>\xlserver.cert -trustcacerts -keystore <XL_RM_HOME>\xlremote\config\.xlkeystore -storepass xellerate
<JAVA_HOME> is the location of the Java directory for your Remote Manager, the value of alias is an arbitrary name for the certificate in the store, <XL_RM_HOME> is the home directory for the Remote Manager, and <server_cert_location> is the location to which you copied the server certificate.
Note:
If you changed the keystore password, substitute that value for xellerate, which is the default value of the storepass variable.Enter Y at the prompt to trust the certificate.
Restart the Remote Manager.
Use the following to start the Remote Manager:
Windows: execute the <XL_RM_HOME>\xlremote\remotemanager.bat script.
UNIX or Linux: execute the <XL_RM_HOME>/xlremote/remotemanager.sh script.
To remove the Remote Manager installation, perform the following steps:
Stop the Oracle Identity Manager server and the Remote Manager if they are running.
Stop all Oracle Identity Manager processes.
Delete the <XL_RM_HOME> directory where you installed the Remote Manager.
