Skip Headers
Oracle® Identity Manager Installation and Configuration Guide for IBM WebSphere Application Server
Release 9.1.0.1
Part Number E14064-04
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

11 Installing and Configuring the Oracle Identity Manager Remote Manager

This chapter explains how to install Oracle Identity Manager Remote Manager. It discusses the following sections:

11.1 Installing the Remote Manager for Microsoft Windows

To install the Remote Manager on a Microsoft Windows host:

Note:

All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a computer that is hosting another Oracle Identity Manager component, such as the server or the Design Console, then specify an installation directory that has not been used.

  1. Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.

  2. Using Windows Explorer, navigate to the installServer directory on the installation CD.

  3. Double-click the setup_rm.exe file.

  4. Choose a language from the list on the Installer page. The Welcome page is displayed.

  5. In the Welcome page, click Next.

  6. In the Target directory page, complete one of the following steps:

    • The default directory for Oracle Identity Manager products is C:\oracle. To install the Remote Manager into this directory, click Next.

    • To install Remote Manager in a different directory, specify the path of the directory in the Directory name field, and then click Next.

      Note:

      If the directory path that you specified does not exist, then the Base Directory settings field is displayed. Click OK. The directory is automatically created. If you do not have write permission to create the default directory for Oracle Identity Manager, then a message is displayed informing you that the installer could not create the directory. Click OK to close the message, and then contact your system administrator to obtain the appropriate permissions.

  7. Select either the JRE that is installed with Oracle Identity Manager or specify an existing JRE. Click Next. The Remote Manager Configuration page is displayed.

  8. In the Remote Manager Configuration page, enter the appropriate information for the Remote Manager:

    1. Enter the service name. The default value is RManager.

    2. Enter the Remote Manager binding port. The default value is 12346.

    3. Enter the Remote Manager Secure Sockets Layer (SSL) port. The default value is 12345.

    4. Click Next.

  9. In the Shortcut page, select the check boxes for the shortcut options according to your preferences:

    1. Choose to create a shortcut for the Remote Manager on the desktop.

    2. Choose to create a shortcut for the Remote Manager on the Start Menu.

    3. Click Next after completing the check box settings.

  10. In the Summary page, review the configuration details, and then click Install to start the installation.

  11. Click Finish to complete the installation.

    Note:

    You must configure the Remote Manager before you can start it. Refer to the "Configuring the Remote Manager" section for more information about configuring the Remote Manager.

11.2 Installing the Remote Manager for UNIX or Linux

To install the Remote Manager on UNIX or Linux:

  1. Before installing the Remote Manager, you must set the JAVA_Home variable to the appropriate JDK.

    On Solaris or Linux, set JAVA_HOME to the Sun JDK. On AIX, set JAVA_HOME to the WebSphere JDK. For example, use the following commands on AIX:

    • export JAVA_HOME=$WEBSPHERE_HOME/java

    • Add $JAVA_HOME/bin to the $PATH environment variable by using the following command:

      export PATH=$JAVA_HOME/bin:$PATH

    See Also:

    Oracle Identity Manager Readme for information about the certified JDK versions

  2. Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.

    Note:

    If the autostart routine is enabled for your computer, proceed to Step 5.

  3. From the File Manager, access the root CD directory or the installServer directory, if you are installing from a tar file.

  4. Run the install_rm.sh file.

    The command-line installer starts.

  5. Choose a language from the list by entering a number and then by entering 0 to apply the language.

    The Welcome panel is displayed.

  6. In the Welcome panel, enter 1 to move to the next panel.

    The Target directory panel is displayed

  7. In the Target directory panel, enter the path to the directory in which you want to install the Remote Manager. The default directory is /opt/oracle.

    • Enter 1 to move to the next panel.

    • If the directory does not exist, then you are asked to create it. Enter y for yes.

    Note:

    All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a computer that is hosting Oracle Identity Manager, then you must specify a unique installation directory.

  8. Specify the JRE to use with the Remote Manager, and then:

    • Enter 1 to install the JRE included with Oracle Identity Manager.

    • Enter 2 to use an existing JRE at a specified location.

    After specifying the JRE, enter 0 to accept your selection and then enter 1 to move to the next panel.

  9. In the Remote Manager Configuration panel, enter the Remote Manager configuration information as follows:

    1. Enter the Service Name, or press the Enter key to accept the default.

    2. Enter the Remote Manager binding port, or press the Enter key to accept the default.

    3. Enter the Remote Manager SSL port, or press the Enter key to accept the default.

    4. Enter 1 to move to the next panel.

    The Remote Manager installation summary panel is displayed.

  10. Check the information, and then:

    • Enter 2 to go back and make changes.

    • Enter 1 to start the installation.

    Oracle Identity Manager installs and the Post installation summary panel is displayed.

  11. Enter 3 to finish the Remote Manager installation.

    Note:

    You must configure the Remote Manager before you can start it. Refer to the "Configuring the Remote Manager" section for more information.

11.3 Configuring the Remote Manager

The Remote Manager and Oracle Identity Manager communicate by using SSL. If you are using the Remote Manager, then you must enable a trust relationship between Oracle Identity Manager and the Remote Manager. The server must trust the Remote Manager certificate.

Optionally, you can enable client-side authentication in which the Remote Manager checks the server certificate. Import the Remote Manager certificate into the Oracle Identity Manager keystore and make it trusted. For client-side authentication, import the certificate for Oracle Identity Manager into the keystore for the Remote Manager, and then make that certificate trusted. You must also manually edit the configuration file associated with the server, and depending on the options you selected during Remote Manager installation, edit the Remote Manager configuration file as well.

11.3.1 Changing the Remote Manager Keystore Passwords

During installation, the password for the Remote Manager keystore is set to xellerate. Oracle recommends that changing the keystore passwords for all production installations.

To change the keystore passwords, you must change the storepass of .xlkeystore and the keypass of the xell entry in .xlkeystore, and these two values must be identical. Use the keytool and perform the following steps to change the keystore passwords:

  1. Open a command prompt on the Oracle Identity Manager host computer.

  2. Navigate to the OIM_RM_HOME\xellerate\config directory.

  3. Run the keytool with the following options to change the storepass:

    JAVA_HOME\jre\bin\keytool -storepasswd -new new_password -storepass xellerate -keystore .xlkeystore -storetype JKS

  4. Run the keytool with the following options to change the keypass of the xell entry in .xlkeystore:

    JAVA_HOME\jre\bin\keytool -keypasswd -alias xell -keypass xellerate  -new new_password -keystore .xlkeystore -storepass xellerate

    JAVA_HOME represents the location of the Java installation associated with the Remote Manager installation.

  5. In a text editor, open the OIM_RM_HOME\xlremote\config\xlconfig.xml file.

  6. Edit the <RMSecurity>.<KeyStore> section to specify the keystore password as follows:

    • Change the password tag to encrypted=false.

    • Enter the password, for example:

      <RMSecurity> 
<KeyStore> 
<Location>.xlkeystore</Location> 
<Password encrypted="false">new_password</Password> 
<Type>JKS</Type> 
<Provider>sun.security.provider.Sun</Provider> 
</KeyStore>

    Note:

    If you are using client-side authentication for the Remote Manager, then enter the Oracle Identity Manager keystore password in the <RMSecurity>.<TrustStore> section of OIM_RM_HOME\xlremote\config\xlconfig.xml as follows: 
    <TrustStore> 
<Location>.xlkeystore</Location> 
<Password encrypted="false">OIM_Server_keystore_password</Password> 
<Type>JKS</Type> 
<Provider>sun.security.provider.Sun</Provider> 
</TrustStore>

  7. Save and close the xlconfig.xml file.

  8. Restart the Remote Manager.

  9. In a text editor, open the OIM_HOME\xellerate\config\xlconfig.xml file.

  10. Edit the <RMSecurity>.<TrustStore> section to specify the new Remote Manager keystore password as follows:

    • Change the password tag to encrypted=false.

    • Enter the password, for example:

      <TrustStore> 
<Location>.xlkeystore</Location> 
<Password encrypted="false">new_password</Password> 
<Type>JKS</Type> 
<Provider>sun.security.provider.Sun</Provider> 
</TrustStore>

  11. Save and close the xlconfig.xml file, then restart Oracle Identity Manager.

11.3.2 Trusting the Remote Manager Certificate

To establish a trust relationship between Oracle Identity Manager and the Remote Manager:

  1. Copy the Remote Manager certificate to the server computer.

    On the Remote Manager computer, locate the OIM_RM_HOME\xlremote\config \xlserver.cert file and copy it to the server computer.

    Note:

    The server certificate located in OIM_HOME\config is also named xlserver.cert. Ensure that you do not overwrite that certificate.

  2. Open a command prompt on the server computer.

  3. To import the certificate by using the keytool utility, use the following command:

    JAVA_HOME\jre\bin\keytool -import -alias 
rm_trusted_cert -file RM_cert_location\xlserver.cert 
-trustcacerts -keystore 
OIM_HOME\xellerate\config\.xlkeystore -storepass
xellerate

    JAVA_HOME is the location of the Java directory for the application server, the value of alias is an arbitrary name for the certificate in the store, and RM_cert_location is the location in which you copied the certificate.

    Note:

    If you changed the keystore password, then substitute that value instead of xellerate for the value of the storepass variable.

  4. Enter Y at the prompt to trust the certificate.

  5. In a text editor, open the OIM_HOME\xellerate\config\xlconfig.xml file.

  6. Locate the property <RMIOverSSL> and set it to true.

    For example:

    <RMIOverSSL>true</RMIOverSSL>

  7. Locate the <KeyManagerFactory> property.

    If you are using the IBM JRE, then set the value to IBMX509. For all other JREs, set the value to SUNX509. For example:

    <KeyManagerFactory>IBMX509</KeyManagerFactory>

    Or:

    <KeyManagerFactory>SUNX509</KeyManagerFactory>

  8. Save the file.

  9. Restart Oracle Identity Manager.

11.3.2.1 Using Your Own Certificate

To configure the Remote Manager by using your own certificate on the Remote Manager system:

  1. Import your custom key in a new keystore (new_keystore_name) other than .xlkeystore. Remember the password (new_keystore_pwd) that you use for the new keystore.

  2. Copy this new keystore to the OIM_RM_HOME\xlremote\config\ directory.

  3. In a text editor, open the OIM_RM_HOME\xlremote\config\xlconfig.xml file.

  4. Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:

    • If you are using the IBM JRE, then change the values to:

      <KeyStore>
     <Location>new_keystore_name</Location>
     <Password encrypted="false">new_keystore_pwd</Password>
     <Type>JKS</Type>
     <Provider>com.ibm.crypto.provider.IBMJCE</Provider>
</KeyStore>

    • For all other JREs, change the values to:

      <KeyStore>
     <Location>new_keystore_name</Location>
     <Password encrypted="false">new_keystore_pwd</Password>
     <Type>JKS</Type>
     <Provider>sun.security.provider.Sun</Provider>
</KeyStore>

  5. Restart the Remote Manager server, and open the xlconfig.xml file to ensure that the password for the new keystore was encrypted.

To configure the Remote Manager by using your own certificate on the Oracle Identity Manager server:

  1. Import the same certificate key used in the Remote Manager system to a new keystore (new_svrkeystore_name) other than .xlkeystore. Remember the password (new_svrkeystor_pwd) that you use for the new keystore.

  2. Copy this new keystore to the OIM_HOME\xellerate\config directory.

  3. In a text editor, open the OIM_HOME\xellerate\config\xlconfig.xml file.

  4. Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:

    • If you are using the IBM JRE, then change the values to:

      <KeyStore>
     <Location>new_keystore_name</Location>
     <Password encrypted="false">new_keystore_pwd</Password>
     <Type>JKS</Type>
     <Provider>com.ibm.crypto.provider.IBMJCE</Provider>
</KeyStore>

    • For all other JREs, change the values to:

      <KeyStore>
     <Location>new_keystore_name</Location>
     <Password encrypted="false">new_keystore_pwd</Password>
     <Type>JKS</Type>
     <Provider>sun.security.provider.Sun</Provider>
</KeyStore>

  5. Restart Oracle Identity Manager and open the xlconfig.xml file to ensure that the password for the new keystore is encrypted.

11.3.3 Enabling Client-Side Authentication for Remote Manager

To enable client-side authentication:

  1. On the computer hosting the Remote Manager, in a text editor, open the OIM_RM_HOME\xlremote\config\xlconfig.xml file.

  2. Locate the <ClientAuth> property and set it to true, for example:

    <ClientAuth>true</ClientAuth>

  3. Locate the <RMIOverSSL> property and verify it is set to true, for example:

    <RMIOverSSL>true</RMIOverSSL>

  4. Locate the <KeyManagerFactory> property.

    If you are using the IBM JRE, then set the value to IBMX509. For all other JREs, set the value to SUNX509. For example:

    <KeyManagerFactory>IBMX509</KeyManagerFactory>

    Or:

    <KeyManagerFactory>SUNX509</KeyManagerFactory>

  5. Save the OIM_RM_HOME\xlremote\config\xlconfig.xml file.

  6. Copy the server certificate to the Remote Manager computer.

    On the server computer, locate the OIM_HOME\xellerate\config\xlserver.cert file and copy it to the Remote Manager computer.

    Note:

    The Remote Manager certificate is also named xlserver.cert. Ensure that you do not overwrite that certificate.

  7. Open a command prompt on the Remote Manager computer.

  8. Import the certificate by using the following keytool command:

    JAVA_HOME\jre\bin\keytool -import -alias 
trusted_server_cert -file 
server_cert_location\xlserver.cert -trustcacerts 
-keystore OIM_RM_HOME\xlremote\config\.xlkeystore 
-storepass xellerate

    JAVA_HOME is the location of the Java directory for the Remote Manager, the value of alias is an arbitrary name for the certificate in the store, OIM_RM_HOME is the home directory for the Remote Manager, and server_cert_location is the location in which you copied the server certificate.

    Note:

    If you changed the keystore password, then substitute that value for xellerate, which is the default value of the storepass variable.

  9. Enter Y at the prompt to trust the certificate.

  10. Restart the Remote Manager.

11.4 Starting the Remote Manager

Use the following script to start the Remote Manager:

11.5 Removing the Remote Manager Installation

To remove the Remote Manager installation:

  1. Stop Oracle Identity Manager and the Remote Manager if they are running.

  2. Stop all Oracle Identity Manager processes.

  3. Delete the OIM_RM_HOME directory in which you installed the Remote Manager.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us