| Oracle® Identity Manager Installation and Configuration Guide for Oracle WebLogic Server Release 9.1.0.1 Part Number E14047-04 |
|
|
View PDF |
| Oracle® Identity Manager Installation and Configuration Guide for Oracle WebLogic Server Release 9.1.0.1 Part Number E14047-04 |
|
|
View PDF |
This chapter explains how to install Oracle Identity Manager Remote Manager. It discusses the following topics:
This section describes how to install the Remote Manager on Microsoft Windows.
Note:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a computer that is hosting another Oracle Identity Manager component (the server or the Design Console), then specify an installation directory that has not been used.To install the Remote Manager on a Microsoft Windows host:
Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Using Microsoft Windows Explorer, navigate to the installServer directory on the installation CD.
Double-click the setup_rm.exe file.
Specify a language from the list on the Installer page.
The Welcome page is displayed.
On the Welcome page, click Next.
On the Target directory page, perform one of the following steps:
The default directory for Oracle Identity Manager products is C:\oracle. To install the Remote Manager into this directory, click Next.
To install the Remote Manager in a different directory, specify the path of the directory in the Directory Name field, and then click Next.
Note:
If the directory path that you specified does not exist, then the Base Directory settings field is displayed. Click OK. The directory is automatically created. If you do not have write permission to create the default directory for Oracle Identity Manager, then a message is displayed informing you that the installer could not create the directory. Click OK to close the message, and then contact your system administrator to obtain the required permissions.On the page that is displayed, select the target system JRE by using the Browse button.
Note:
Select the JRE that is in use by the application server.See Oracle Identity Manager Readme for information about supported JRE versions for the Remote Manager.
On the Remote Manager Configuration page:
Enter the service name. The default value is RManager.
Enter the Remote Manager binding port. The default value is 12346.
Enter the Remote Manager Secure Sockets Layer (SSL) port. The default value is 12345.
Click Next.
On the Shortcut page, select or clear check boxes for shortcut options according to your preferences:
Create a shortcut for the Remote Manager on the desktop.
Create a shortcut for the Remote Manager on the Start Menu.
Click Next to move to the next page.
On the Installation page, review the configuration details, and then click Install to start the installation.
After the installation is complete, click Finish on the Completed page to exit.
To install the Remote Manager on UNIX:
Note:
Before installing the Remote Manager you must set the JAVA_HOME variable to the JRE that is included with the Remote Manager installer.Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Note:
If the autostart routine is enabled for your computer, then proceed to Step 3.From the console, change to the installServer directory on the installation CD by using the cd command, and then run the install_rm.sh file.
The command-line installer starts.
Specify a language from the list by entering a number and then enter 0 to apply the selection.
The Welcome panel is displayed.
On the Welcome panel, enter 1 to move to the next panel. The Target directory panel is displayed.
On the Target directory panel, enter the path to the directory in which you want to install the Oracle Identity Manager Remote Manager. The default directory is /opt/oracle.
Enter 1 to move to the next panel.
If the directory does not exist, then you are asked to create it. Enter y for yes.
Note:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a computer that is hosting an Oracle Identity Manager server, then you must specify a unique installation directory.Specify the JRE to use with the Remote Manager:
Enter 1 to install the JRE included with Oracle Identity Manager.
Enter 2 to use an existing JRE at a specified location.
After specifying the JRE, enter 0 to accept your selection and then enter 1 to move to the next panel.
On the Remote Manager Configuration panel, enter the Remote Manager configuration information:
Enter the Service Name, or press Enter to accept the default.
Enter the Remote Manager binding port, or press Enter to accept the default.
Enter the Remote Manager SSL port, or press Enter to accept the default.
After entering the Remote Manager configuration information, enter 1 to move to the next panel.
The Remote Manager installation summary panel is displayed.
Check the information.
Enter 2 to go back and make changes.
Enter 1 to start the installation.
Enter 3 to complete the Remote Manager installation.
The Remote Manager and Oracle Identity Manager communicate by using SSL. You must enable a trust relationship between Oracle Identity Manager and the Remote Manager.
Oracle Identity Manager must trust the Remote Manager certificate. To achieve this, you must import the Remote Manager certificate into the Oracle Identity Manager keystore and set it up as a trusted certificate.
If required, you can also enable client-side authentication in which the Remote Manager trusts the server certificate. For client-side authentication, import the certificate for Oracle Identity Manager into the Remote Manager keystore and set it up as a trusted certificate.
You might have to manually edit the configuration file (xlconfig.xml) associated with Oracle Identity Manager and the Remote Manager.
To establish a trust relationship between Oracle Identity Manager and the Remote Manager:
Copy the Remote Manager certificate to the server computer. On the Remote Manager computer, locate the OIM_RM_HOME\xlremote\config\xlserver.cert file, and copy it to the server computer.
Note:
The server certificate in
OIM_HOME is also named xlserver.cert. Ensure that you do not overwrite that certificate.Open a command prompt on the server computer.
To import the certificate by using the keytool utility, use the following command:
JAVA_HOME\jre\bin\keytool -import -alias rm_trusted_cert -file RM_cert_location\xlserver.cert -trustcacerts -keystore OIM_HOME\xellerate\config\.xlkeystore -storepass xellerate
JAVA_HOME is the location of the Java directory for the application server, the value of alias is an arbitrary name for the certificate in the store, and RM_cert_location is the location in which you copied the certificate.
Note:
If you changed the keystore password, then substitute that forxellerate, which is the value of the storepass variable.Enter Y at the prompt to trust the certificate.
In a text editor, open the OIM_HOME\xellerate\config\xlconfig.xml file.
Locate the <RMIOverSSL> property and ensure that the value is set to true, for example:
<RMIOverSSL>true</RMIOverSSL>
Locate the <KeyManagerFactory> property. If you are using the IBM JRE, then set the value to IBMX509. For example:
<KeyManagerFactory>IBMX509</KeyManagerFactory>
For all other JREs, set the value to SUNX509. For example:
<KeyManagerFactory>SUNX509</KeyManagerFactory>
Save the file.
Restart Oracle Identity Manager.
Note:
Perform the procedure given in this section only if you want to use your own certificate instead of the default Oracle Identity Manager keystores and certificates. Otherwise, skip this section.To configure the Remote Manager by using your own certificate on the Remote Manager system:
Import your custom key in a new keystore (new_keystore_name) other than .xlkeystore. Remember the password (new_keystore_pwd) that you use for the new keystore.
Copy this new keystore to the OIM_RM_HOME\xlremote\config\ directory.
Open the following file in a text editor:
OIM_RM_HOME\xlremote\config\xlconfig.xml
Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:
If you are using the IBM JRE, then change the values to:
<KeyStore>
<Location>new_keystore_name</Location>
<Password encrypted="false">new_keystore_pwd</Password>
<Type>JKS</Type>
<Provider>com.ibm.crypto.provider.IBMJCE</Provider>
</KeyStore>
For all other JREs, change the values to:
<KeyStore>
<Location>new_keystore_name</Location>
<Password encrypted="false">new_keystore_pwd</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
Restart the Remote Manager server, and open the xlconfig.xml file to ensure that the password for the new keystore was encrypted.
To configure the Remote Manager by using your own certificate on the Oracle Identity Manager server:
Import the same certificate key used in the Remote Manager system to a new keystore (new_svrkeystore_name) other than .xlkeystore. Remember the password (new_svrkeystor_pwd) that you use for the new keystore.
Copy the new keystore to the OIM_HOME\xellerate\config directory.
Open the following file in a text editor:
OIM_HOME\xellerate\config\xlconfig.xml
Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:
<TrustStore> <Location>new_svrkeystore_name</Location> <Password encrypted="false">new_svrkeystor_pwd</Password> <Type>JKS</Type> <Provider>sun.security.provider.Sun</Provider></TrustStore>
Restart Oracle Identity Manager, and then open the xlconfig.xml file to ensure that the password for the new keystore is encrypted.
Note:
Perform the procedure given in this section only if you want to to enable two-way SSL communication. Otherwise, skip this section.To enable client-side authentication:
On the computer hosting the Remote Manager, open the OIM_RM_HOME\xlremote\config\xlconfig.xml file in a text editor.
Set the <ClientAuth> property to true, for example:
<ClientAuth>true</ClientAuth>
Ensure that the <RMIOverSSL> property is set to true, for example:
<RMIOverSSL>true</RMIOverSSL>
Locate the <KeyManagerFactory> property.
If you are using the IBM JRE, then set the value to IBMX509. For example:
<KeyManagerFactory>IBMX509</KeyManagerFactory>
For all other JREs, set the value to SUNX509. For example:
<KeyManagerFactory>SUNX509</KeyManagerFactory>
Save the file.
On the Oracle Identity Manager host computer, locate the OIM_HOME\xellerate\config\xlserver.cert file, and copy it to the Remote Manager computer.
Note:
The Remote Manager certificate is also namedxlserver.cert. Ensure that you do not overwrite that certificate.Open a command prompt on the Remote Manager computer.
Import the certificate by using the following keytool command:
JAVA_HOME\jre\bin\keytool -import -alias trusted_server_cert -file server_cert_location\xlserver.cert -trustcacerts -keystore OIM_RM_HOME\xlremote\config\.xlkeystore -storepass xellerate
JAVA_HOME is the location of the Java directory for the Remote Manager, the value of alias is an arbitrary name for the certificate in the store, OIM_RM_HOME is the home directory for the Remote Manager, and server_cert_location is the location to which you copied the server certificate.
Note:
If you changed the keystore password, then substitute that value forxellerate, which is the default value of the storepass variable.Enter Y at the prompt to trust the certificate.
Restart the Remote Manager.
During installation, the password for the Remote Manager keystore is set to xellerate. Oracle recommends that you change the keystore passwords for all production installations.
To change the keystore password, you must change the storepass of .xlkeystore and the keypass of the xell entry in .xlkeystore. These two values must be identical. Use the keytool utility to change the keystore passwords as follows:
Open a command prompt on the Oracle Identity Manager host computer.
Navigate to the OIM_RM_HOME\xellerate\config directory.
Run the keytool utility with the following options to change the storepass:
JAVA_HOME\jre\bin\keytool -storepasswd -new new_password -storepass xellerate -keystore .xlkeystore -storetype JKS
Run the keytool utility with the following options to change the keypass of the xell entry in .xlkeystore:
JAVA_HOME\jre\bin\keytool -keypasswd -alias xell -keypass xellerate -new new_password -keystore .xlkeystore -storepass xellerate
JAVA_HOME represents the location of the Java installation associated with the Remote Manager installation.
In a text editor, open the OIM_RM_HOME\xlremote\config\xlconfig.xml file.
Edit the <RMSecurity>.<KeyStore> tag to specify the keystore password as follows:
Change the password tag to encrypted=false.
Enter the password, for example:
<RMSecurity>
<KeyStore>
<Location>.xlkeystore</Location>
<Password encrypted="false">new_password</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
Note:
If you are using client-side authentication for the Remote Manager, then enter the Oracle Identity Manager keystore password in the<RMSecurity>.<TrustStore> section of the OIM_RM_HOME\xlremote\config\xlconfig.xml file as follows:
<TrustStore>
<Location>.xlkeystore</Location>
<Password encrypted="false">OIM_Server_keystore_password</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</TrustStore>
Save and close the xlconfig.xml file.
Restart the Remote Manager.
In a text editor, open the OIM_HOME\xellerate\config\xlconfig.xml file.
Edit the <RMSecurity>.<TrustStore> section to specify the new Remote Manager keystore password as follows:
Change the password tag to encrypted="false".
Enter the password, for example:
<TrustStore>
<Location>.xlkeystore</Location>
<Password encrypted="false">new_password</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</TrustStore>
Save and close the xlconfig.xml file, and then restart Oracle Identity Manager.
Use the following script to start the Remote Manager:
On Microsoft Windows:
OIM_RM_HOME\xlremote\remotemanager.bat
On UNIX:
OIM_RM_HOME/xlremote/remotemanager.sh
|
 Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|