Skip Headers
Oracle® Access Manager Installation Guide
10g (10.1.4.3)

Part Number E12493-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

1 About the Installation Task, Options, and Methods

This chapter provides an introduction to installing Oracle Access Manager. Topics include:

Before starting activities in this guide, be sure to read the Oracle Access Manager Introduction.

1.1 About Installation Packages, Patch Sets, Bundle Patches, and Newly Certified Agents

This section provides information and distinctions on the following Oracle-provided product packages:

1.1.1 Full Installers

Oracle provides full Oracle Access Manager 10g (10.1.4.3) installers. Each full installer package includes the libraries and files that implement all product functionality. This is a complete software distribution and includes packages for every component on supported platforms. All of the components have been tested and are certified to work with one another across supported platforms.

Note:

You can use 10g (10.1.4.3) installers to create a fresh Oracle Access Manager installation only. For details about upgrading, see "Packages for Upgrading".

An Oracle Media Pack is an electronic version of Oracle software products on physical media (DVDs).

Note:

Oracle products that are intended for use with a third party product are not available on physical media. For example, WebGate for Oracle HTTP Server is available on Oracle media; however, WebGate for Apache is available only on virtual media.

Physical Oracle Media Packs are available to any customer working with a Sales Representative. In addition, you can order a physical Media Pack from the Oracle store. Shop online at: http://oracle.com.

Virtual DVDs and Media Packs are available as follows:

  • From Oracle Technology Network (OTN) at:

    http://www.oracle.com/technology/software/products/ias/htdocs/idm_11g.html
    

    OTN provides links to all Oracle Access Manager components (provided as virtual DVDs) including those that operate with Oracle and third party products:

    • Oracle Access Manager Core Components (10.1.4.3.0): Identity Server, Access Server, Software Developer Kit; WebPass and Policy Manager (including WebPass and Policy Manager for Oracle HTTP Server 11g); SNMP agent.

    • Oracle Access Manager WebGate (10.1.4.3.0): WebGates, including those for Oracle HTTP Server 11g; Connectors for Oracle and third-party applications and products. For more information, see "Confirming Certification Requirements".

    • Oracle Access Manager NLS Packages (10.1.4.3.0): Language Pack installers. For more information, see Chapter 3, "About Multi-Language Environments".

  • From Oracle edelivery at:

    http://edelivery.oracle.com/EPD/Search/get_form
    

    Oracle edelivery provides access to Oracle Fusion Middleware Media Packs that mirror the contents of the physical Media Pack bundle.

1.1.1.1 Packages for Upgrading

When upgrading from Oracle Access Manager release 6.x or 7.x, you must use either:

  • In-Place Component Upgrade Method with 10g (10.1.4.0.1) installers available on OTN, and then apply the 10g (10.1.4.2.0) patch and then apply the 10g (10.1.4.3) patch.

  • Zero Downtime Upgrade Method using both 10g (10.1.4.0.1) installers available on OTN and 10g (10.1.4.2.0) patch set packages available on My Oracle Support (formerly MetaLink), and then apply the 10g (10.1.4.3) patch.

For more information, see the Oracle Access Manager Upgrade Guide for details about upgrading earlier instances to 10.1.4.

1.1.2 Patch Sets

A patch set is a mechanism for delivering fully tested and integrated product fixes. Patch sets include all of the fixes available in previous bundle patches and patch sets for a particular release. A patch set can also include new functionality. For example, release 10g (10.1.4.3) includes all fixes available in 10g (10.1.4.2.0) and bundle patches up to and including 10g (10.1.4.2.0)-BP07, as well as all enhancements for 10g (10.1.4.3).

Each patch set includes the libraries and files that have been rebuilt to implement bug fixes and new functions. All of the fixes in the patch set have been tested and are certified to work with one another on the specified platforms. However, a patch set might not be a complete software distribution and might not include packages for every component on every platform.

10g (10.1.4.3) patch set packages will be available on My Oracle Support (formerly MetaLink) at:

https://metalink.oracle.com

You can apply the 10g (10.1.4.3) patch set to only 10g (10.1.4.2.0) components. The entire10g (10.1.4.3) patch set, including patch set notes, 10g (10.1.4.3) manuals, and an updated Oracle Access Manager Upgrade Guide will be available on My Oracle Support (formerly MetaLink).

Note:

You cannot use 10g (10.1.4.3) patch set packages for a fresh installation nor an upgrade.

See Also:

1.1.3 Bundle Patches

A bundle patch is an official Oracle patch for Oracle Access Manager components. Each bundle patch includes the libraries and files that have been rebuilt to implement one or more fixes. All of the fixes in the bundle patch have been tested and are certified to work with one another.

Bundle patches are available following one patch set release and before the next. 10g (10.1.4.3) bundle patches will be available on My Oracle Support (formerly MetaLink) following release of 10g (10.1.4.3) full installers and before the next major Oracle Access Manager release or patch set. See:

https://metalink.oracle.com

Each bundle patch has a unique number so that you can locate it on My Oracle Support (formerly MetaLink). Each bundle patch is cumulative: the latest bundle patch includes all fixes in earlier bundle patches. For example, Oracle Access Manager 10g (10.1.4.3) bundle patch 02 includes all fixes available in 10g (10.1.4.3) bundle patch 01.

1.1.4 Newly Certified Agent Packages

Oracle provides packages for Oracle Access Manager 10.1.4 components on newly certified platforms. These packages are available under the Oracle Access Manager 3rd Party Integration link on the Oracle Technology Network (OTN) at:

http://www.oracle.com/technology/software/products/ias/htdocs/101401.html

The Readme in the 3rd Party Integration section of the table on OTN describes the contents of virtual CDs that contain Oracle Access Manager 10.1.4.x third-party and Oracle integration components. These are companions to the Oracle Access Manager release CDs containing the base product. 3rd Party packages can include WebGate, WebPass, Application Server Connectors, and Policy Manager packages. For more information, see "Confirming Certification Requirements".

Note:

You cannot use third-party integration packages to upgrade earlier components. Oracle Access Manager 10g (10.1.4.3) WebGate packages are released as full-installers.

1.2 About the Installation Task

The Identity System is required in all installations. The Access System is optional. For an overview of both the Identity System and the Access System, including a look at a simple installation and an overview of how each system operates, see the Oracle Access Manager Introduction.

The sequence of tasks you must complete to install and set up Oracle Access Manager components is outlined in Figure 1-1 and the expanded task overview that follows it.

Figure 1-1 Installation Task Overview

Installation Task Overview is described in following text.
Description of "Figure 1-1 Installation Task Overview"

Task overview: Installing Oracle Access Manager

  1. Review and choose your installation options, as described in "Installation Options", and your methods as described in "Installation Methods".

  2. Complete all prerequisites in Chapter 2, "Preparing for Installation" and review the following information as needed for your environment.

  3. If you have a multi-language environment, review information on this in Chapter 3, "About Multi-Language Environments".

  4. Install the first Identity Server, as described in Chapter 4, "Installing the Identity Server".

  5. Install the first WebPass, as described in Chapter 5, "Installing WebPass".

  6. Set up the Identity System to ensure that object classes and attributes appear in the directory server and that the Identity Server is working correctly with the WebPass, and assign a Master Administrator who has access to the entire system, as described in Chapter 6, "Setting Up the Identity System".

  7. Install other Identity Servers if needed in this environment, as described in Chapter 4, "Installing the Identity Server".

  8. Install other WebPass instances if needed in this environment, as described in Chapter 5, "Installing WebPass".

    Note:

    If you are installing multiple instances of any component, you can do this automatically after the first instance is installed and set up. See Chapter 15, "Replicating Components" for information about automated installation, cloning, and synchronizing components.
  9. Start configuring and customizing your Identity System now (or after installing optional components). For example:

  10. Install and set up the optional Access System, as follows:

  11. Start configuring the Access System now (or install other optional components first), as follows:

  12. Install any other optional Oracle Access Manager components you'd like to use, such as:

1.3 Installation Options

This discussion identifies the options available to you during installation, and tells you where to find more information.

Task overview: Choosing your installation options

  1. Before installation, decide whether to install components using GUI method or the command line method, as described in "Installation Methods".

  2. During installation you can choose to enable automatic updates of the schema using system-provided defaults, or input your own values for attributes during Identity System and Policy Manager setup, as described in "Updating the Schema and Attributes Automatically Versus Manually".

  3. After installation of the first instance of a component, you can choose to install multiple instances of a component manually or use an automated installation method for multiple instances, as described in "Replicating an Installed Oracle Access Manager Component".

  4. If you have older component files in the installation directory that you specify, you are asked if you want to upgrade to the later release. See "Upgrading an Earlier Release".

1.3.1 Updating the Schema and Attributes Automatically Versus Manually

During Identity Server and Policy Manager installation, you are asked if you want to automatically update the schema with the configuration data branch. The schema update must occur before you begin the setup process.

Note:

Oracle recommends that you update the schema automatically during installation to obtain product-specific object classes and attributes. If you decline the automatic update during installation, a Schema Changes page appears at the beginning of the Identity System and Policy Manager setup process. The automatic schema update is not supported for the ADAM directory.

Custom schema changes must be added after the installation because the Identity Server installation changes the schema. During Identity System and Policy Manager setup, you are prompted to configure various object classes. For example, the Identity System requires attributes assigned to the Full Name, Login, and Password semantic types for Person and Group object classes. Oracle recommends that you automatically configure attributes using the Auto Configure option during setup to save time and avoid errors. You can reconfigure the attributes afterward if needed.

Automatically configuring attributes is a single step in the installation and setup processes, as shown in Table 1-1. With the ADAM directory, however, you must manually update the schema and data after Oracle Access Manager component installation, as described in Appendix B, "Installing Oracle Access Manager with ADAM".

Table 1-1 Automatically Configure the Schema for All Except the ADAM Directory

Component Automatic Schema Configuration for All Except ADAM

Identity Server installation

During the first Identity Server installation, select "Yes" to automatically update the schema.

For second and subsequent Identity Servers, select No.

WebPass installation

There are no options for the schema.

Identity System set up

Select "Auto Configure" when the option is offered.

After setup, you may reconfigure attributes, if needed.

Policy Manager installation and set up

Select "Auto Configure" when the option is offered.

After setup, you may reconfigure attributes, if needed.

Access Server installation

There are no options for the schema update.

WebGate installation

There are no options for the schema.


If you choose to manually configure attributes, this must occur after installation during the setup process. Manually configuring attributes requires one or more ldif files located in:

IdentityServer_install_dir\identity\oblix\data.ldap\common

PolicyManager_install_dir\access\oblix\data.ldap\common

Each ldif file is prefixed with a specific directory server type, as shown in Table 1-2. In most cases, you use the ldapmodify tool to perform the update. For example:

ldapmodify –h DS_hostname -p DS_port_number -D bind_dn -q -a –c -f DS_type_oblix_schema_add.ldif 
    Please enter bind password: 
    bind successful 

Note:

The Oracle Internet Directory LDAP tools have been modified to disable the less secure options -w password and -P password when the environment variable LDAP_PASSWORD_PROMPTONLY is set to TRUE or 1. When you use -q (or -Q), the command will prompt you for the user password (or wallet password). Oracle recommends that you set this variable whenever possible.

Table 1-2 provides details about the schema update files needed for each directory server type. Included are any index files required for configuration data or user data.

For more information about directory requirements, see "Meeting Directory Server Requirements".

Table 1-2 Manual Schema Update Files

Directory Server Type Manual Schema Update Files

Active Directory

ADSchema.ldif (Windows 2000 only)

ADdotNetSchema_add.ldif (Windows 2003 only)

ADAuxSchema.ldif (Windows 2003, statically-linked auxiliary classes)

ADUserSchema.ldif

Note: The Active Directory schema is extensible using Ldifde.exe. For more information, see Appendix A, "Installing Oracle Access Manager with Active Directory".

ADAM

ADAM_oblix_schema_add.ldif

ADAM_user_schema_add.ldif

ADAMAuxSchema.ldif (statically-linked auxiliary classes)

Note:

You must manually update the ADAM schema when installing Oracle Access Manager.

The ADAM schema is extensible using Ldifde.exe. For more information, see Appendix B, "Installing Oracle Access Manager with ADAM".

Data Anywhere (Oracle Virtual Directory)

VDE_user_schema_add.ldif

See Chapter 10, "Setting Up Oracle Access Manager with Oracle Virtual Directory" for details about:

  • Integrating Oracle Access Manager with Oracle Virtual Directory Server (VDS)

  • Prerequisites and Oracle Access Manager installation with VDS

  • schema.oblix.xml

  • Adapter and mapping script templates

  • DN conversion program and configuration file to patch user and group DNs in the configuration tree for use with VDS in existing Oracle Access Manager installations

IBM Directory Server

V3.oblix.ibm_at.ldif

V3.oblix.ibm_oc.ldif

V3.user.ibm_at.ldif

V3.user.ibm_oc.ldif

Oracle Internet Directory

OID_oblix_schema_add.ldif

OID_oblix_schema_delete.ldif

OID_oblix_schema_index_add.ldif

OID_user_index_add.ldif

OID_user_schema_add.ldif

OID_user_schema_delete.ldif

Novell Directory Server

NDS_oblix_index_add.ldif

NDS_oblix_schema_add.ldif

NDS_user_index_add.ldif

NDS_user_schema_add.ldif

Sun Directory Servers

iPlanet_oblix_schema_add.ldif.

iPlanet_user_schema_add.ldif

iPlanet5_oblix_index_add.ldif

iPlanet5_user_index_add.ldif


1.3.2 Replicating an Installed Oracle Access Manager Component

Rather than manually installing every instance of a component, you can replicate the configuration of one instance to another after installation and setup of the first instance of a particular component.

There are three methods to choose from:

  • Automate the installation process using a file that contains installation parameters (known as installing in silent mode).

  • Clone the configuration.

  • Synchronize two components or parts of two components.

1.3.2.1 Silent Mode

Silent mode permits installation without user intervention. The Oracle Access Manager installation script takes option and configuration information from a silent mode option file.

Important:

Silent mode is intended for new installations only.

For more information on silent mode, see Chapter 15, "Replicating Components".

1.3.2.2 Cloning and Synchronizing Installed Components

You can also replicate an installed component by cloning it, or you can synchronize two components or parts of two components.

For more information, see "Cloning and Synchronizing Installed Components".

1.3.3 Upgrading an Earlier Release

As described earlier, Oracle Access Manager 10g (10.1.4.3) installers can be used for only a fresh installation. The 10g (10.1.4.3) patch set can be applied to only 10g (10.1.4.2.0) instances.

Upgrade Considerations

10g (10.1.4.2.0) Patch Set: This patch set includes utilities that enable you to upgrade 6.x and 7.x components using the zero downtime upgrade method and tools. For more information, see the Oracle Access Manager Upgrade Guide.

10g (10.1.4.0.1) Installers: These packages can be used to install a fresh 10g (10.1.4.0.1) instance and are also needed when you choose to upgrade 6.x and 7.x components using the zero downtime method. You can also use 10g (10.1.4.0.1) installers to upgrade 6.x and 7.x components in place. With the in-place upgrade method, you start installing the component and specify a target directory containing an earlier instance. The earlier component is detected and you are asked if you want to upgrade. For more information, see the Oracle Access Manager Upgrade Guide.

After upgrading, you can apply the latest patches: 10g (10.1.4.2.0) and 10g (10.1.4.3) patch. For more information, see "Obtaining the Latest Installers, Patch Set, Bundle Patch, and Certified Agents".

1.4 Installation Methods

You may choose to install Oracle Access Manager components using the graphical user interface (GUI method) or using the command-line console (Console method). Regardless of the method you choose, the process is similar. The sequence and prompts detailed in this manual use GUI method. Any differences will be identified as they occur. For more information, see:

1.4.1 GUI Method

Different installation packages are available for Oracle Access Manager components, depending on your platform and Web server. The sequence of events and messages are the same regardless of the method you choose when launching the installation.

You obtain the Oracle Access Manager installation media from Oracle. GUI method is the default for Windows systems when you select the installation package. For example:

Oracle_Access_Manager10_1_4_3_0_win32_Identity_Server

Due to known problems with the third-party Installshield's ISMP framework, if any inputs supplied during installation contain the character $, the installer might interpret it unpredictably. For example, if the bind password supplied during the schema update for the first Identity Server is Admin$$, ISMP interprets this as Admin$ while invoking the schema update tool and the update fails citing a "bad credentials error(49)". If this problem is observed during invocation of a particular tool, you may run that tool from the command line.

Note:

Every Oracle Access Manager installer that uses the same password may also fail with a credential problem of some type.

See Also:

Appendix E for troubleshooting tips

1.4.2 Console Method

You may use the command-line console method when installing Oracle Access Manager components on UNIX platforms. Console method is the default for UNIX systems. For example:

/ Oracle_Access_Manager10_1_4_3_0_sparc-s2_Identity_Server

Note:

When using the console method for component installation, you are instructed to:

Press 1 for Next—1 is the default if you press the Enter key.

Press 3 to Cancel

Press 4 to Re-display the information

Occasionally, you will be asked to specify an option number then enter zero, 0, to confirm your choice.