| Oracle® Identity Manager Installation and Configuration Guide for Oracle Application Server Release 9.1.0.1 Part Number E14062-01 |
|
|
View PDF |
| Oracle® Identity Manager Installation and Configuration Guide for Oracle Application Server Release 9.1.0.1 Part Number E14062-01 |
|
|
View PDF |
This chapter explains how to install Oracle Identity Manager Remote Manager. It contains the following sections:
Complete the following steps to install the Remote Manager on a Microsoft Windows host:
Important:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a computer that is hosting another Oracle Identity Manager component (the server or the Design Console), specify an installation directory that has not been used.Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Using Windows Explorer, navigate to the installServer directory in the installation CD.
Double-click the setup_rm.exe file.
Choose a language from the list on the Installer page. The Welcome page is displayed.
On the Welcome page, click Next.
On the Target directory page, complete one of the following sub-steps:
The default directory for Oracle Identity Manager products is C:\oracle. To install the Remote Manager in this directory, click Next.
To install Remote Manager in a different directory, specify the path of the directory in the Directory name field, and then click Next.
Note:
If the directory path that you specified does not exist, then the Base Directory settings field is displayed. Click OK. The directory is automatically created. If you do not have write permission to create the default directory for Oracle Identity Manager, then a message is displayed informing you that the installer could not create the directory. Click OK to close the message, and then contact your system administrator to obtain the appropriate permissions.Select either the JRE that is installed with Oracle Identity Manager or specify an existing JRE. Click Next. The Remote Manager Configuration page is displayed.
On the Remote Manager Configuration page, enter the appropriate information for the Remote Manager:
Enter the service name. The default value is RManager.
Use the default, prepopulated value of 12346 as the binding port.
Use the default, prepopulated value of 12345 as the Remote Manager SSL port.
Click Next.
On the Shortcut page, select (or deselect) the check boxes for the following shortcut options according to your preferences:
Choose to create a shortcut for the Remote Manager on the desktop.
Choose to create a shortcut for the Remote Manager on the Start Menu.
Click Next when you are satisfied with the check box settings.
On the Summary page, review the configuration details, and then click Install to begin the installation.
After the installation has completed, click Finish on the Completed page to exit.
To install the Remote Manager on UNIX or Linux:
Note:
Before installing the Remote Manager, you must set the JAVA_Home variable to the certified JRE.Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
From the File Manager, access the installServer directory in the installation CD.
Run the install_rm.sh file. The command-line installer starts.
Choose a language from the list by entering a number and then entering 0 to apply the language. The Welcome panel is displayed.
On the Welcome panel, enter 1 to move to the next panel. The Target directory panel is displayed.
On the Target directory panel, enter the path to the directory in which you want to install the Oracle Identity Manager Remote Manager. The default directory is /opt/oracle.
Enter 1 to move to the next panel.
If the directory does not exist, you are asked to create it. Enter y to create the directory.
Note:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a computer that is hosting an Oracle Identity Manager server, you must specify a unique installation directory.Specify the JRE to use with Remote Manager:
Enter 1 to install the JRE included with Oracle Identity Manager.
Enter 2 to use an existing JRE at a specified location.
After specifying the JRE, enter 0 to accept your selection and then enter 1 to move to the next panel.
On the Remote Manager Configuration panel, enter the Remote Manager configuration information:
Enter the Service Name, or press Enter to accept the default value.
Enter 12346 as the Remote Manager binding port.
Enter 12345 as the Remote Manager SSL port.
Enter 1 to move to the next panel.
The Remote Manager installation summary panel is displayed.
Check the information.
Enter 2 to go back and make changes.
Enter 1 to start the installation.
Oracle Remote Manager installs and the Post Install Summary panel is displayed.
Enter 3 to finish the Remote Manager installation.
The Remote Manager and Oracle Identity Manager server communicate using Secure Sockets Layer (SSL). If you are using Remote Manager, you must enable a trust relationship between your Oracle Identity Manager server and the Remote Manager. (The server must trust the Remote Manager certificate).
You also have the option to enable client-side authentication (where the Remote Manager checks the server's certificate). Import the Remote Manager's certificate into your Oracle Identity Manager server's keystore and make it trusted. For client-side authentication, import the certificate for your Oracle Identity Manager server into the keystore for your Remote Manager, then make that certificate trusted. You must also manually edit the configuration file associated with the server, and depending on the options you selected during Remote Manager installation, the Remote Manager configuration file as well.
During installation, the password for the Remote Manager keystore is set to xellerate. Oracle recommends that for changing the keystore passwords for all production installations.
To change the keystore passwords, you must change the storepass of .xlkeystore and the keypass of the xell entry in .xlkeystore—and these two values must be identical. Use the keytool utility and the following steps to change the keystore passwords:
Open a command prompt on the Oracle Identity Manager host computer.
Navigate to the OIM_RM_HOME\xlremote\config directory.
Run the keytool utility with the following options to change the storepass:
JAVA_HOME\jre\bin\keytool -storepasswd -new new_password -storepass xellerate -keystore .xlkeystore -storetype JKS
Run the keytool utility with the following options to change the keypass of the xell entry in .xlkeystore:
JAVA_HOME\jre\bin\keytool -keypasswd -alias xell -keypass xellerate -new new_password -keystore .xlkeystore -storepass new_password
JAVA_HOME represents the location of the Java installation associated with the Remote Manager installation.
Open OIM_RM_HOME\xlremote\config\xlconfig.xml in a text editor: .
Edit the <RMSecurity>.<KeyStore> to specify the keystore password as follows:
Change the password tag to encrypted="false".
Enter the password, for example:
<RMSecurity>
<KeyStore>
<Location>.xlkeystore</Location>
<Password encrypted="false">new_password</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
Note:
If you are using client-side authentication for the Remote Manager, enter the Oracle Identity Manager's keystore password in the <RMSecurity>.<TrustStore> section ofOIM_RM_HOME\xlremote\config\xlconfig.xml as follows:
<TrustStore>
<Location>.xlkeystore</Location>
<Password encrypted="false">OIM_Server_keystore_password</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</TrustStore>
Save and close the xlconfig.xml file.
Restart the Remote Manager.
Open OIM_HOME\xellerate\config\xlconfig.xml in a text editor.
Edit the <RMSecurity>.<TrustStore> to specify the new Remote Manager keystore password as follows:
Change the password tag to encrypted="false".
Enter the password (in the clear), for example:
<TrustStore>
<Location>.xlkeystore</Location>
<Password encrypted="false">new_password</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</TrustStore>
Save and close the xlconfig.xml file, then restart Oracle Identity Manager.
To establish a trust relationship between Oracle Identity Manager and the Remote Manager:
Copy the Remote Manager certificate to the server computer. On the Remote Manager computer, locate the file OIM_RM_HOME\xlremote\config\xlserver.cert and copy it to the server computer.
Note:
The server certificate inOIM_HOME\config is also named xlserver.cert. Ensure that you do not overwrite that certificate.Open a command prompt on the server computer.
To import the certificate by using the keytool utility, use the following command:
JAVA_HOME\jre\bin\keytool -import -alias rm_trusted_cert -file RM_cert_location\xlserver.cert -trustcacerts -keystore XL_HOME\xellerate\config\.xlkeystore -storepass new_password
JAVA_HOME is the location of the Java directory for your application server, the value of alias is an arbitrary name for the certificate in the store, and RM_cert_location is the location where you copied the certificate.
Note:
If you changed the keystore password, substitute that for xellerate for the value of the storepass variable.Enter Y at the prompt to trust the certificate.
Open OIM_HOME/xellerate/config/xlconfig.xml in a text editor.
In the OIM_HOME/xellerate/config/xlconfig.xml file, set the <ClientAuth> tag to true, for example:
<ClientAuth>true</ClientAuth>
Locate the <RMIOverSSL> property and set it to true, for example:
<RMIOverSSL>true</RMIOverSSL>
Locate the <KeyManagerFactory> property and set the value specific to the operating system you are using. For example:
For a Sun JDK supported operating system, specify as follows:
<KeyManagerFactory>SUNX509</KeyManagerFactory>
For an IBM operating system, specify as follows:
<KeyManagerFactory>IMBX509</KeyManagerFactory>
Save the file.
Restart Oracle Identity Manager.
To configure the Remote Manager by using your own certificate on the Remote Manager system:
Import your custom key in a new keystore (new_keystore_name) other than .xlkeystore. Remember the password (new_keystore_pwd) that you use for the new keystore.
Copy this new keystore to the OIM_RM_HOME\xlremote\config\ directory.
Open OIM_RM_HOME\xlremote\config\xlconfig.xml in a text editor.
Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:
<KeyStore>
<Location>new_keystore_name</Location>
<Password encrypted="false">new_keystore_pwd</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
Restart the Remote Manager server, and open the xlconfig.xml file to ensure that the password for the new keystore was encrypted.
To configure the Remote Manager by using your own certificate on the Oracle Identity Manager server:
Import the same certificate key used in the Remote Manager system to a new keystore (new_svrkeystore_name) other than .xlkeystore. Remember the password (new_svrkeystor_pwd) that you use for the new keystore.
Copy this new keystore to the OIM_HOME\xellerate\config directory.
Open OIM_HOME\xellerate\config\xlconfig.xml in a text editor.
Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:
<TrustStore> <Location>new_svrkeystore_name</Location> <Password encrypted="false">new_svrkeystor_pwd</Password> <Type>JKS</Type> <Provider>sun.security.provider.Sun</Provider></TrustStore>
Restart Oracle Identity Manager and open the xlconfig.xml file to ensure that the password for the new keystore is encrypted.
To enable client-side authentication:
On the computer hosting the Remote Manager, open OIM_RM_HOME\xlremote\config\xlconfig.xml in a text editor.
Set the <ClientAuth> property to true, for example:
<ClientAuth>true</ClientAuth>
Ensure the <RMIOverSSL> property is set to true, for example:
<RMIOverSSL>true</RMIOverSSL>
Locate the <KeyManagerFactory> property and set the value specific to the operating system you are using. For example:
For a Sun JDK supported operating system, specify as follows:
<KeyManagerFactory>SUNX509</KeyManagerFactory>
For an IBM operating system, specify as follows:
<KeyManagerFactory>IMBX509</KeyManagerFactory>
Save the file.
Copy the server certificate to the Remote Manager computer. On the server computer, locate the file OIM_HOME\xellerate\config\xlserver.cert and copy it to the Remote Manager computer.
Note:
The Remote Manager certificate is also named xlserver.cert. Ensure that you do not overwrite that certificate.Open a command prompt on the Remote Manager computer.
Import the certificate by using the following keytool command:
JAVA_HOME\jre\bin\keytool -import -alias trusted_server_cert -file server_cert_location\xlserver.cert -trustcacerts -keystore XL_RM_HOME\xlremote\config\.xlkeystore -storepass xellerate
JAVA_HOME is the location of the Java directory for your Remote Manager, the value of alias is an arbitrary name for the certificate in the store, OIM_RM_HOME is the home directory for the Remote Manager, and server_cert_location is the location to which you copied the server certificate.
Note:
If you changed the keystore password, substitute that value for xellerate, which is the default value of the storepass variable.Enter Y at the prompt to trust the certificate.
Restart the Remote Manager.
Use the following script to start the Remote Manager:
On Microsoft Windows:
OIM_RM_HOME\xlremote\remotemanager.bat
On UNIX:
OIM_RM_HOME/xlremote/remotemanager.sh
To remove the Remote Manager installation, perform the following steps:
Stop Oracle Identity Manager and the Remote Manager if they are running.
Stop all Oracle Identity Manager processes.
Delete the OIM_RM_HOME directory in which you installed the Remote Manager.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|