9 Configuring JBoss

This chapter contains procedures for configuring the JBoss application servers for Oracle Identity Manager and Oracle Role Manager in preparation for deployment of the Oracle Role Manager Integration Library (Integration Library). The procedures in this chapter are expected to be performed in the sequence they are presented.

This chapter includes the following sections:

• Before You Configure

• Configuring the Oracle Role Manager Server

• Configuring the Oracle Identity Manager Server

• Deploying the Oracle Role Manager Integration Library Application on JBoss

9.1 Before You Configure

The Oracle Role Manager Integration Library is intended to be deployed on the application server on which Oracle Identity Manager is deployed. The procedures in this chapter assume the following:

• You have the access to the files installed in ORMINT_HOME.

• You have the appropriate permission to add and modify files in the application server where Oracle Identity Manager is deployed.

• You have the appropriate permission to stop and start the application server where Oracle Identity Manager is deployed.

• For clustered environments, Oracle Role Manager and Oracle Identity Manager have been installed and configured for on the server cluster and application server nodes as described in the Oracle Role Manager Installation Guide and Oracle Identity Manager Installation Guide.

Note:

For clustered environments, use the JBOSS_HOME/server/all directory instead of the JBOSS_HOME/server/default directory when following the instructions in this chapter.

9.2 Configuring the Oracle Role Manager Server

Note:

If you are configuring Oracle Role Manager Integration Library in a clustered environment, perform the first step in this procedure on the master node and all secondary nodes.

To configure the Oracle Role Manager server:

1. On the Oracle Role Manager application server host, copy the following file into the deploy directory of the application server for Oracle Role Manager (for example, C:\jboss-4.2.3\server\default\deploy for a nonclustered environment or C:\jboss-4.2.3\server\all\deploy-hasingleton\jms for a clustered environment):

   ORM_HOME/Integration_Library/samples/jboss/ormoim-service.xml
   

2. Navigate to the ORM_HOME/Integration_Library/config directory.

3. Using a utility like WinZip or jar, extract the entire contents of jboss_config.car into a temporary location, such as ORM_HOME/Integration_Library/config_temp/jboss_config.

4. From the temporary location where jboss_config.car was extracted, navigate to jboss_config/config/oracle.iam.rm.event.outgoing.

5. Open the oim_integration.xml file with a text editor and modify the JNDI URL as appropriate.

   This file contains configuration for the outgoing events required to support the Integration Library.

   The settings in this file may have to be modified to reflect your deployment environment, including the JNDI location of Oracle Identity Manager.

   1. For each of the five events, modify the value of the jndi-url element to match your environment.

      For clustered environments, the value must be in the form jnp://oim_host1_ip_address:jndi_port1, oim_host2_ip_address:jndi_port2.

      For example, if the Oracle Identity Manager application servers are run on hosts named Server_OIM_1 and Server_OIM_2, and the ha-jndi jnp bind address is 1100 as specified in the deploy/jms/hajndi-jms-ds.xml file, then the value for the jndi-url should be:

      jnp://Server_OIM_1:1099,Server_OIM_2:1100

      For nonclustered environments, the value must be in the form jnp://oim_host_ip_address:jndi_port.

      For example, if the Oracle Identity Manager application server is run on a host named Server_OIM, and the jnp bind address is 1099 as specified in the jboss-service.xml file where it is deployed, then the value for the jndi-url should be:

      jnp://Server_OIM:1099

   2. Save and close the oim_integration.xml file.

6. Using a utility like WinZip or jar, repackage everything in the jboss_config directory and create a file appended with the .car extension, for example, jboss_custom.car.

   Ensure that the CAR file directory layout is as follows:

   config/
           oracle.iam.rm.event.outgoing
                   oim_integration.xml
   

   If it does not match this layout, fix the layout, then repackage the CAR file.

7. Deploy the configuration changes to the Oracle Role Manager database as follows:

   1. Copy the new jboss_custom.car file from the temporary location to ORM_HOME/config.

   2. Ensure that the db.properties file in ORM_HOME/config contains the correct information. If it does not, modify it so it contains the following two lines:

      db.driverClass=oracle.jdbc.driver.OracleDriver
      db.connection_string=jdbc:oracle:thin:@$HOST$:$PORT$:$SERVICE$
      

      where $HOST$ is the database host name, $PORT$ is the database listener port, and $SERVICE$ is the database instance on which the Oracle Role Manager users were created.

   3. Stop the Oracle Role Manager application server if it is running.

      Note:

      If you have a clustered environment, shut down all nodes on the Oracle Role Manager cluster.

   4. In a command window, navigate to ORM_HOME/bin.

   5. Run the deploy command as follows:

      For UNIX-based systems:

      sh deploy.sh "../config/jboss_custom.car" orm-owner ormapp-user admin-user
      

      For Windows systems:

      deploy.bat "../config/jboss_custom.car" orm-owner ormapp-user admin-user
      

      In this command:

      • orm-owner is the user name of the Oracle Role Manager database owner user/schema

      • ormapp-user is the user name of the Oracle Role Manager application user/schema

      • admin-user is the user name of the Oracle Role Manager system administrator

   6. At the prompts, enter the passwords of the Oracle Role Manager database owner, Oracle Role Manager application user, and Oracle Role Manager administrator.

      You should see the message "Deployment successfully completed" in the command window.

9.3 Configuring the Oracle Identity Manager Server

Note:

If you are configuring Oracle Role Manager Integration Library in a clustered environment, perform this procedure on the master node and all secondary nodes.

To configure the Oracle Identity Manager server:

1. On the Oracle Identity Manager application server host, copy the following files into the deploy directory of the application server for Oracle Identity Manager (for example, C:\jboss4.2.3\server\default\deploy for a single installation or C:\jboss4.2.3\server\all\deploy for a clustered installation):

   ORMINT_HOME/samples/jboss/oimorm-service.xml
   ORMINT_HOME/lib/server_api_14.jar
   

2. Copy the following two files into the lib directory of the application server for Oracle Identity Manager. For example, C:\jboss4.2.3\server\default\lib.

   ORMINT_HOME/lib/orm_encryption.jar
   ORMINT_HOME/oimlib/OIM-IntegrationTransport.jar
   

9.3.1 Modifying the Oracle Identity Manager Startup Command

Before you can start using the Oracle Role Manager Integration library, the Oracle Identity Manager startup command must include the path to the Integration Library software. Making this change before the Integration Library software is deployed does not affect the operation of Oracle Identity Manager until it is restarted.

Note:

This step must be performed on the master node and all secondary nodes.

To modify how Oracle Identity Manager is invoked for the Integration Library:

1. Open the following file for editing:

   For UNIX-based systems:

   OIM_HOME/xellerate/bin/xlStartServer.sh
   

   For Windows systems:

   OIM_HOME\xellerate\bin\xlStartServer.bat 
   

2. Add the following argument to the Oracle Identity Manager startup command:

   -DORMINT_ROOT_DIR=ORMINT_HOME
   

   where ORMINT_HOME is the full path to the home directory of the Oracle Role Manager Integration Library.

   For example, on Windows, it might be similar to:

   C:\jboss4.2.3\bin\run.bat -DXL.HomeDir=C:\OIM\xellerate -Djava.awt.headless=true -DORMINT_ROOT_DIR=C:\ORMINT_HOME
   

3. Optionally, to enable logging for the Integration Library, add the following argument:

   -Djava.util.logging.config.file=ORMINT_HOME/config/logging.properties
   

   where ORMINT_HOME is the full path to the home directory of the Oracle Role Manager Integration Library.

4. Save and close the start script.

5. For these changes to go into effect immediately, restart the Oracle Identity Manager server. Alternatively, you can restart the server after deploying the Oracle Role Manager Integration Library application as described in the next section.

9.4 Deploying the Oracle Role Manager Integration Library Application on JBoss

Note:

If you are deploying the Oracle Role Manager Integration Library application in a clustered environment, perform this procedure on all nodes in the environment.

To deploy the Integration Library application:

1. On the Oracle Identity Manager application server host, create the EAR file for the Integration Library application that contains JAR files from Oracle Identity Manager as follows:

   1. In a command window, navigate to ORMINT_HOME/bin.

   2. Run the following command:

      For UNIX-based systems:    sh create_ear.sh OIM_HOME/xellerate

      For Windows systems:    create_ear.bat OIM_HOME/xellerate

      where OIM_HOME is the root installation directory for Oracle Identity Manager.

2. Copy the following file into the deploy directory of the application server for Oracle Identity Manager (for example, C:\jboss-4.2.3\server\default\deploy):

   ORMINT_HOME/lib/roleManagerIntegration_JBoss4.2.3.ear
   

   Note:

   For clustered environments, use the JBOSS_HOME/server/all/farm directory. For example, C:\jboss-4.2.3\server\all\farm.

3. Restart the Oracle Role Manager application server.