This section describes how to configure Oracle Identity Federation (OIF) with Oracle Internet Directory (OID) in a new WebLogic administration domain for LDAP Authentication, User Store, and Federation Store.
Note:
When you configure Oracle Identity Federation with Oracle Internet Directory, the Installer automatically configures connection, credential, attribute, and container settings using the Oracle Internet Directory configuration.This section includes the following information about this configuration:
Perform the configuration in this topic to quickly deploy Oracle Identity Federation with Oracle Internet Directory as the LDAP repository for Authentication, User Store, and Federation Store.
Performing the configuration in this section deploys the following components:
WebLogic Managed Server
Oracle Identity Federation
Oracle Internet Directory
Oracle Directory Services Manager
WebLogic Administration Server
Fusion Middleware Control
Optionally, Oracle HTTP Server
The configuration in this section depends on the following components:
Oracle WebLogic Server
Oracle Database for Oracle Internet Directory
Identity Management - Oracle Internet Directory schema existing in the database for Oracle Internet Directory
Oracle Database for Oracle Identity Federation, if using RDBMS for Session Store, Message Store, or Configuration Store.
New Identity Management - Oracle Identity Federation schema existing in the database for Oracle Identity Federation, if using RDBMS for Session Store, Message Store, or Configuration Store.
Perform the following steps to configure Oracle Identity Federation with Oracle Internet Directory in a new domain for LDAP Authentication, User Store, and Federation Store:
Decide if you want to use RDBMS for Session Store, Message Store, or Configuration Store. If you do, perform the following steps a and b.
Install the database for Oracle Identity Federation. Refer to Installing Oracle Database for more information.
Create the Identity Management - Oracle Identity Federation schema in the database. Refer to Creating Database Schema Using the Repository Creation Utility (RCU) for more information.
Install the Oracle Database for Oracle Internet Directory. Refer to Installing Oracle Database for more information.
Create the Identity Management - Oracle Internet Directory schema in the database for Oracle Internet Directory. Refer to "Creating Database Schema Using the Repository Creation Utility (RCU)" for more information.
Ensure that Oracle Identity Federation is installed, as described in Installation Roadmap and Installing the Latest Version of Oracle Identity Management.
Run <Oracle_Home>/bin/config.sh (On UNIX) or <Oracle_Home>\bin\config.bat to start the Oracle Identity Management Configuration Wizard. Click Next to continue.
On the Select Domain screen, select Create New Domain and enter the following information:
User Name: Enter the user name for the new domain.
User Password: Enter the user password for the new domain.
Enter the user password again in the Confirm Password field.
Domain Name: Enter a name for the new domain.
Click Next. The Specify Installation Location screen appears.
Identify the Homes, Instances, and the WebLogic Server directory by referring to Identifying Installation Directories. After you enter information for each field, click Next. The Specify Security Updates screen appears.
Choose how you want to be notified about security issues:
If you want to be notified about security issues through email, enter your email address in the Email field.
If you want to be notified about security issues through My Oracle Support (formerly MetaLink), select the My Oracle Support option and enter your My Oracle Support Password.
If you do not want to be notified about security issues, leave all fields empty.
Click Next. The Configure Components screen appears.
Select Oracle Internet Directory, Oracle Identity Federation, and optionally, Oracle HTTP Server. Refer to "Configuring Oracle HTTP Server for OIF" for information about configuring Oracle HTTP Server with Oracle Identity Federation.
The Oracle Directory Services Manager and Fusion Middleware Control management components are automatically selected for this installation.
Ensure no other components are selected and click Next. The Configure Ports screen appears.
Choose how you want the Installer to configure ports:
Select Auto Port Configuration if you want the Installer to configure ports from a predetermined range.
Select Specify Ports using Configuration File if you want the Installer to configure ports using the staticports.ini file. You can click View/Edit File to update the settings in the staticports.ini file.
Click Next. The Specify Schema Database screen appears.
Identify the ODS schema for Oracle Internet Directory that you created in step 3 by selecting Use Existing Schema and entering the following information:
Enter the database connection information in the Connect String field. The connection string must be in the form of hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form of hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Enter the password for the ODS schema in the Password field and click Next.
Note:
If your existing ODS and ODSSM schemas have different passwords, the Specify ODSSM Password screen will appear after you click Next. Enter the password for your existing ODSSM schema and click Next.The Create Oracle Internet Directory screen appears.
Enter the following information for Oracle Internet Directory:
Realm: Enter the location for your realm.
Administrator Password: Enter the password for the Oracle Internet Directory Administrator.
Confirm Password: Enter the administrator password again.
Click Next. The Specify OIF Details screen appears.
Enter the following information:
PKCS12 Password: Enter the password Oracle Identity Federation will use for encryption and for signing wallets. The Installer automatically generates these wallets with self-signed certificates. Oracle recommends using the wallets only for testing.
Confirm Password: Enter the PKCS12 password again.
Server ID: Enter a string that will be used to identify this Oracle Identity Federation instance. A prefix of oif will be added to the beginning of the string you enter. Each logical Oracle Identity Federation instance within an Oracle WebLogic Server administration domain must have a unique Server ID. Clustered Oracle Identity Federation instances acting as a single logical instance will have the same Server ID.
Click Next. The Select OIF Advanced Flow Attributes screen appears.
Notes:
Notice that the options for Authentication Type, User Store and Federation Store are automatically set to LDAP because you are installing Oracle Internet Directory with Oracle Identity Federation.
The Installer sets the User Federation Record Context to cn=fed,BASE_REALM, where BASE_REALM is typically dc=us,dc=oracle,dc=com.
Select the appropriate option for each configuration item and click Next:
Note:
User Session Store and Message Store appear in the Installer as separate configuration items, however, most deployments use the same type of repository for both stores.User Session Store: Memory or RDBMS
Select Memory to store transient runtime session state data in in-memory tables.
Select RDBMS to store transient runtime session state data in a relational database.
Message Store: Memory or RDBMS
Select Memory to store transient protocol messages in in-memory tables
Select RDBMS to store transient protocol messages in a relational database.
Configuration Store: File or RDBMS
Select File to store Oracle Identity Federation configuration data on the local file system.
Select RDBMS to store Oracle Identity Federation configuration data in a relational database.
Note:
The screens that appear next depend on the options you selected for the configuration items.Enter the following information on the Specify Transient Store Database Details screen:
HostName: Enter the connection string to the database host in the form: hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form: hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Username: Enter the name of the schema owner created by RCU, which is of the form PREFIX_OIF.
Password: Enter the password for the database user.
Complete the installation by performing all the steps in Completing an Installation.