Skip Headers
Oracle® Access Manager Installation Guide
10g (10.1.4.3)

Part Number E12493-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

7 Installing the Policy Manager

After you install the Identity System, you can begin to install the Access System, which includes three components: the Policy Manager, the Access Server, and the WebGate. The Policy Manager is the first component that must be installed, as topics in this chapter describe:

See Also:

"Confirming Certification Requirements"

7.1 About Policy Manager Installation and Setup

The Policy Manager provides the login interface for the Access System, communicates with the directory server to write policy data, and communicates with the Access Server over the Oracle Access Protocol to update the Access Server when you make certain policy modifications. Master Access Administrators and Delegated Access Administrators use the Policy Manager to define resources to be protected and to group resources into policy domains. An overview is provided in the Oracle Access Manager Introduction.

The Policy Manager installation includes the Access System Console. Installing the Policy Manager combines elements of both Identity Server and WebPass installation. For instance, when installing the Policy Manager you must identify where to store Oracle Access Manager policy data. A default Policy Manager directory profile is created and becomes available after setup. You also need to update your Web server configuration for the Policy Manager, as you did for the WebPass. Rather than starting and stopping an Policy Manager service, you will start and stop the Policy Manager Web server.

Oracle recommends that you protect all WebPass and Policy Manager instances with WebGate. WebPass and Policy Manager use in-built simple authentication for protecting specific applications (User Manager, Group Manager, Policy Manager). However, this does not protect all possible WebPass and Policy Manager URLs from direct access.

Note:

You can install Policy Manager (and WebGate) against the same Web server instance as WebPass. You can accept creating default policy domains during Policy Manager setup. This enables you to have WebGate protect all Identity and Policy Manager URLs from un-authenticated access. For more information see "Configuring Authentication Schemes and Default Policy Domains".

Again, separate Web server-specific installation packages are provided for the Policy Manager in platform-specific directories. The installation process is similar regardless of the installation method you choose and your operating system. Information is saved at certain points during installation. If you cancel the installation after being informed that the Policy Manager is being installed, you must uninstall the component, as described in "Upgrading an Earlier Release".

After installation, you must complete the Policy Manager setup process before installing other Access System components. As with Identity System set up, your information is saved as you progress from one page to the next during setup. You may return to previous pages at any time and you may leave the setup process and restart it at any time. If you restart the setup process, you will continue with the question that follows your last saved entry.

For installation considerations, see "Policy Manager Guidelines".

7.1.1 About Installing Multiple Policy Managers

Oracle recommends you install multiple Policy Managers for fault tolerance. To install multiple Policy Managers, you simply perform the installation and setup described in this chapter for each new Policy Manager instance.

A Policy Manager installed with an IIS Web server depends on the Registry to obtain the \PolicyManager_install_dir. To avoid a conflict in the Registry when you install two Policy Managers on a single computer, one with an IIS Web server and the other with a Sun Web server, you must install the Policy Managers as outlined in the following procedure.

To avoid a conflict with IIS and Sun Web server instances

  1. Install the Policy Manager with the Sun Web server first.

  2. Install the Policy Manager with the IIS Web server second.

7.2 Policy Manager Prerequisites Checklist

Before you begin installing the Policy Manager, confirm that you have completed the tasks in Table 7-1. Failure to complete all prerequisites may adversely affect your Oracle Access Manager installation.

Table 7-1 Policy Manager Prerequisites Checklist

Checklist Policy Manager Prerequisites
 

Review and complete all prerequisites and requirements that apply to your environment, as described in Part I, "Installation Planning and Prerequisites"

 

Complete all activities in Part II, "Identity System Installation and Setup"

 

Install a WebPass for this Policy Manager, as described in Chapter 5, "Installing WebPass" and:

  • Ensure that the WebPass is installed on the same Web server instance and at the same directory level as you will install the Policy Manager.

  • Ensure that the Webpass has been configured to work with a particular Identity Server.

 

Review Web server specific details in:


7.3 Installing the Policy Manager

You must install your Policy Manager in the same directory as your WebPass. If you specify a directory that does not include a WebPass, you will be asked if you want to install a WebPass or specify a different directory. If you choose to install a WebPass, this may launch automatically.

Refer to your completed installation preparation worksheets as you install the Policy Manager. The installation task has been divided into the following procedures:

Task overview: Installing the Policy Manager

  1. Choose your installation method and start the process as described in "Starting the Installation".

  2. Identity the directory server and data location as explained in "Defining a Directory Server Type and Policy Data Location".

  3. Identity the transport security mode as described in "Specifying a Transport Security Mode".

  4. Update the Web server configuration as explained in "Updating Your Policy Manager Web Server Configuration".

  5. Complete installation as discussed in "Finishing the Policy Manager Installation".

7.3.1 Starting the Installation

Be sure to choose the appropriate installation package for your Web server and review Web server-specific details as described in Table 7-1.

To start the Policy Manager installation

  1. Log in as a user with administrator privileges.

  2. Locate the Policy Manager installer (including any Access System Language Packs you want to install) in the temporary directory you created.

  3. Launch the Policy Manager installer for your preferred platform, installation method, and Web server.

    For example:

    • GUI Method

      Oracle_Access_Manager10_1_4_3_0_Win32_API_Policy_Manager.exe

    • Console Method

      ./ Oracle_Access_Manager10_1_4_3_0_sparc-s2_API_Policy_Manager

    The Welcome screen appears.

  4. Dismiss the Welcome screen by clicking Next.

  5. Respond to the question about administrator rights based upon your platform. For example:

    You are asked to specify the installation directory for the Policy Manager.

  6. Choose the installation destination, then click Next.

    For example:

    \OracleAccessManager\WebComponent

  7. Language Pack: Choose a Default Locale and any other Locales to install, if this screen appears, then click Next.

    A summary identifies the installation directory and required disk space and asks you to make a note of this information for future reference.

  8. Write the installation directory name, if needed, then click Next.

You are notified that the Policy Manager is being installed, which may take several seconds. On Windows systems, you are informed that the Microsoft Managed Interfaces are being configured. Information is saved and you cannot return to previous screens to restate information.

The installation process is not complete. You are asked about the location for Oracle Access Manager policy data.

7.3.2 Defining a Directory Server Type and Policy Data Location

Oracle Access Manager policy data includes the rules that govern access to resources. You are asked to specify where policy data will be stored and if you want to add the Oracle Access Manager schema now or later. If your policy data is stored on the:

  • Same Directory Server: Respond with No. When Oracle Access Manager policy data will be stored in the same directory server as configuration data or user data, an update is not needed because the schema was added during the Identity Server installation.

  • Separate Directory Server: When Oracle Access Manager policy data will be stored in a separate directory server than either the configuration data or user data, the Oracle Access Manager schema must be added. You can direct this addition to occur either:

To identify the location of policy data

  1. Select your directory server type, then click Next

    For example:

    Sun

  2. Respond to the question about where policy data will be stored:

    • No: Answer No if policy data will be stored with user and configuration data or if you want to manually update the schema later.

    • Yes: Answer Yes when policy data will be stored separately and you want to automatically update the schema now.

    This information will be saved and you will not be allowed to return restate it.

  3. Click Next and skip to the appropriate procedure for your environment:

7.3.2.1 Continuing on Solaris Without Updating the Schema

During installation on a Solaris system, when policy data is stored with other Oracle Access Manager data you will be asked about the communication method for the existing directory server.

To specify directory server communication details

  1. Respond to the question about securing directory server communication with SSL, then click Next.

    Note:

    SSL-enabled communication is supported for Policy Managers installed on Solaris with Sun Web servers.
  2. SSL: Specify the path to the certificate, then click Next.

  3. Continue with "Specifying a Transport Security Mode".

7.3.2.2 Continuing on Windows Without Updating the Schema

During installation on a Windows system, when policy data is stored with other Oracle Access Manager data you will be asked about communication with the directory server.

Note:

When this sequence concludes, you will be asked for transport security details. When this occurs, skip to "Specifying a Transport Security Mode".

To specify details about the existing directory server

  1. Click Yes if you are using Active Directory with ADSI (or No if you are not), then click Next. For example:

    No

    Next you are asked about the communication between the directory server and the Policy Manager for each of the three types of data: user, configuration, and policy data.

  2. Check the box beside each type of data for which SSL communication with the directory server is needed, then click Next. For example:

    Directory Server ... user data is in SSL

    Directory Server ... configuration data is in SSL

    Directory Server ... Policy data is in SSL

  3. SSL: Specify the path to each certificate, then click Next.

  4. Continue with "Specifying a Transport Security Mode"

7.3.2.3 Storing Policy Data Separately and Updating the Schema

When your policy data is stored separately you need to identify the type of directory server and other relevant details. For additional information, see "Data Storage Requirements".

To specify directory server type and configuration details

  1. Specify your directory server type for policy data stored separately, then click Next. For example:

    Sun

  2. Specify the following directory server configuration information, then click Next. For example:

    • Host name: The DNS host name of the policy data directory server computer

    • Port number: The port on which the policy data directory server listens (for SSL connections, provide the encrypted port)

    • Bind DN: The DN for the policy data directory server

      Note:

      The distinguished name you enter as the bind DN must have full permissions for the policy data branch of the directory information tree (DIT). Oracle Access Manager will access the directory server as this account. Examples are provided in Table 7-2 Your configuration may be different.

      Table 7-2 Sample Bind DNs for Supported Directory Servers

      Directory Server Bind DN

      Sun Directory Server 5.x

      cn=administrator

      Note: Oracle recommends that you do not use cn=Directory Manager. For details, see "Meeting Directory Server Requirements".


    • Password: The password for the user data directory server bind DN

    • Update through SSL connection? (Yes or No): If you are installing on Solaris with a Sun Web server, SSL is not supported and communication must be Open.

    You complete step 3 when you indicated SSL.

  3. SSL only: Enter the certificate path, then click Next.

    If there is an error in the information you provide, the schema cannot be updated. You can either restate the configuration information during installation or manually update the schema later using the file: \PolicyManager_install_dir\access\oblix\tools\ldap_tools\ds_conf_update. See also, "Updating the Schema and Attributes Automatically Versus Manually".

    Next, you are asked about transport security.

7.3.3 Specifying a Transport Security Mode

You must specify a transport security mode for the Policy Manager and its WebPass. Transport security between all Access System components (Policy Managers, Access Servers, and associated WebGates) must match: either all open, all Simple mode, or all Cert.

To specify a transport security mode

  1. Specify the transport security mode this Policy Manager will use to communicate with the rest of the Access System.

  2. Click Next and perform the following operations according to the transport security mode you chose. For example:

  3. Certificate: Indicate if you are requesting or installing a certificate, complete the sequence, then continue with "Updating Your Policy Manager Web Server Configuration".

    Note:

    You cannot setup the Policy Manager until the certificates are copied to the \PolicyManager_install_dir\access\oblix\config directory, and the Policy Manager Web server is restarted. See the Oracle Access Manager Access Administration Guide for more information.

    You are ready to update the Policy Manager Web server configuration.

7.3.4 Updating Your Policy Manager Web Server Configuration

Your Web server must be configured to work with the Policy Manager. You can direct this Web server configuration update to occur either automatically or manually.

Note:

Oracle recommends automatically updating your Web server configuration. However, instructions for manual configuration are also provided.

To automatically update your Web server configuration

  1. Click Yes to automatically update your Web server, then click Next.

    A screen announces that the Web server configuration has been updated.

  2. Sun Web Servers: Apply the changes in the Web server Administration console before you continue.

  3. Stop the Policy Manager Web server instance, stop and restart the Identity Server service, then start the Policy Manager Web server instance.

    Note:

    With an IIS Web server, using net stop iisadmin and net start w3svc are good ways to stop and start the Web server, especially after installing the Policy Manager. The net commands help to ensure that the Metabase does not become corrupted following an installation. For more information, see Chapter 19, "Installing Web Components for the IIS Web Server".
  4. Click Next to dismiss the announcement and continue with "Finishing the Policy Manager Installation"

    ReadMe information appears.

To manually update your Web server configuration

  1. Click No when asked if you want to proceed with the automatic update, then click Next.

    A new window opens to assist you in manually setting up your Web server for Oracle Access Manager.

  2. Return to the Policy Manager installation and click Next.

  3. Refer to "Manually Configuring Your Web Server" after you finish the installation and before you setup the Policy Manager.

7.3.5 Finishing the Policy Manager Installation

The ReadMe information provides details about documentation and contacting Oracle.

To finish the Policy Manager installation

  1. Review the ReadMe information, then click Next.

    You are informed that the Policy Manager has been successfully installed.

  2. Click Finish to close the wizard.

  3. Continue with the following procedures, as needed:

7.4 Manually Configuring Your Web Server

During Policy Manager installation you are asked if you want to automatically update your Web server installation. If you selected No, you must do this manually before you set up the Policy Manager.

Note:

If the manual configuration process was launched during Policy Manager installation, you can skip step 1.

To manually configure your Web server for the Policy Manager

  1. Launch your Web browser, and open the following file, if needed:

    \PolicyManager_install_dir\access\oblix\lang\langTag\docs\config.htm

    where \PolicyManager_install_dir is the directory where you installed the Policy Manager; and langTag refers to a language specific directory (en-us, for example).

  2. Select the appropriate supported Web server interface configuration protocol from the table on the screen.

  3. Follow all instructions that appear, which are specific to each type of Web server, and note the following:

    • Make a back up copy of any file that you are required to modify during Web server set up, so it is available if you need to start over.

    • Some setups launch a new browser window or require you to launch a Command window to input information, so ensure that you return to and complete all original setup instructions to enable your Web server to recognize the appropriate Oracle Access Manager files.

    Note:

    If you accidentally closed the window, return to step1 and click the appropriate link again.
  4. Continue with the following procedures:

7.5 Setting Up the Policy Manager

The Policy Manager must communicate with your directory server to write the new policies you create. The following procedures guide you as you make the connections that are necessary for this communication.

During setup, specifications are saved whenever you click the Next button. If you leave setup and restart it later, you are returned to the same place.

Task overview: Setting up the Policy Manager

  1. Start the process, as described in "Starting the Setup Process".

  2. Define directory details, as described in "Specifying Directory Server Details and Data Locations".

  3. Set up authentication schemes, as described in "Configuring Authentication Schemes and Default Policy Domains".

  4. Finish the setup process, as described in "Completing Policy Manager Setup".

7.5.1 Starting the Setup Process

Policy Manager setup cannot be completed if the directory server used to store policy information is not loaded with the Oracle Access Manager schema.

You must manually update the policy data directory server schema before you begin the setup process, when the following conditions are both true:

  • You plan to store policy data in a separate directory server

  • You did not update this directory server schema during Identity System setup

If you need to do this, use the instructions in the following file:

\PolicyManager_install_dir\access\oblix\lang\langTag

\ldap_schema_changes_directory_server.html

where directory_server in the path name refers to your specific directory server type and \langTag refers to the language you are using, for example \en-us.

To start setting up the Policy Manager

  1. Make sure your Web server is running.

  2. Navigate to the Access System Console from your browser by specifying the URL of the WebPass instance that connects to the Policy Manager. For example:

    http://hostname:port/access/oblix
    

    where hostname refers to computer that hosts the Web server; port refers to the HTTP port number of the WebPass Web server instance; /access/oblix connects to the Access System Console.

    You will see the main Access System page.

  3. Click the Access System Console link.

    You are informed that the application is not yet set up.

  4. Click the Setup button.

    The next page asks about the directory server type.

  5. Continue with "Specifying Directory Server Details and Data Locations" and see Chapter 21, "Important Notes" for additional details:

7.5.2 Specifying Directory Server Details and Data Locations

You need to specify details about the directory servers where user data, configuration data, and policy data are stored. You will be asked to provide information about the directory server for each type of data:

  • User data

  • Configuration data

  • Policy data

Your directory server type affects the scope of activities. With Sun directory servers, you may store policy data on a different directory server than configuration or user data. All policy data must be stored together on the same directory server.

With Active Directory, a pure ADSI configuration is created and communication to the directory servers will be configured over ADSI when you select the ADSI option. If you want to enable Dynamic Auxiliary Object Classes (Windows 2003 only), see "About Dynamically-Linked Auxiliary Classes".

The information you see during setup will depend on your environment. In this example, user data, configuration data, and policy data are stored together on the same directory server. Your environment may be different.

To specify directory server details during Policy Manager setup

  1. Select your user data directory server type, then click Next. For example:

    Sun

    Now you specify details for the user data directory server to help the Policy Manager locate your directory server and copy information into it.

  2. Specify the user data directory server details based on your installation, then click Next. For example:

    • Computer: The user data directory server DNS hostname

    • Port Number: The user data directory server port number

    • Root DN: The user data directory server bind DN

    • Root Password: The password for the bind DN

    Note:

    For Active Directory, a Domain Name field is included to fill in. With ADSI, a User-Principle-Name field is included where you enter the UserPrincipleName of the Root DN, such as :admin@mycompany.com.

    You are asked about where the user data and configuration data are stored.

  3. Select your configuration data directory server type, then click Next. For example:

    Sun

    Next you are informed that you can store your user data and configuration data either in the same directory or in separate directories and asked to choose a configuration for your deployment.

  4. Choose the item that describes where you user data and configuration data are stored (together or separately), then click Next.

    • If the data is stored together, you are asked where policy data should be stored. In this case, continue with step 5.

    • If the data is stored separately, you are asked to specify details for the configuration data directory server before you continue.

  5. Choose the item that describes where your policy data and configuration data are stored (together or separately), then click Next.

    • If the data is stored together, continue with step 6.

    • If the data is stored separately, you are asked to specify details for the policy data directory server before you continue.

    The Setup Help button appears on the next page, which you can select to obtain additional information during the setup process. You are now asked to specify the location of the configuration DN, searchbase, and policy base.

    Note:

    The configuration DN, searchbase, and policy base may be at the same level or at different levels of the directory tree. However, when the searchbase and the policy base are in separate directories, they must have unique DNs. That is, the searchbase cannot be o=oblix,<Policy Base> or ou=oblix,<Policy Base> if they are in separate directories. Similarly, the policy base and the configuration DN cannot be same if they are in separate directories.
  6. Specify the appropriate information for your installation, then click Next. For example:

    • Searchbase: o=my-company,c=us

      This must be the same searchbase you specified during Identity System configuration.

    • Configuration DN: o=my-company,c=us

      This must be the same configuration DN you specified during Identity System configuration.

    • Policy Base: o=my-company,c=us

      This node resides within the policy directory server. If this node does not already exist, create it manually.

    You are now asked to specify the Person object class, which must match the one you specified during Identity System setup. For more information, see your preparation worksheets and "To specify Person and Group object class details".

  7. Enter the Person object class name, then click Next.

    For example:

    Person Object Class: gensiteOrgPerson

    At this point, you are prompted to restart your Web server.

    Note:

    If you are using IIS, be sure to follow additional on-screen instructions. Consider using net stop iisadmin and net start w3svc to stop and start IIS. The net commands help to ensure that the Metabase does not become corrupted.
  8. Stop and restart your WebPass/Policy Manager Web server instance and the related Identity Server instance, as usual, then click Next to continue.

    Now you are asked to specify the root directory for Oracle Access Manager policy domains.

    Oracle recommends that you accept the default value "/" unless you want to restrict the Master Administrator's ability to define and protect policy domains. For more information, see the Oracle Access Manager Access Administration Guide

  9. Accept the default root directory for policy domains (or specify a new root directory), then click Next. For example:

    Policy Domain Root /

    The next page asks about configuring authentication schemes.

7.5.3 Configuring Authentication Schemes and Default Policy Domains

This topic describes the authentication schemes and default policy domains that can be created during Policy Manager set up.

During Policy Manager setup, the following two authentication schemes are configured automatically:

  • Oracle Access and Identity Basic over LDAP: Used to protect Oracle Access Manager-related resources (URLs) and Oracle Access Manager-related resources (URLs) for Active Directory.

  • Anonymous: Used to unprotect specific Oracle Access Manager URLs.

    The Anonymous authentication method is especially useful because it provides for anonymous users. Users are allowed access to Oracle Access Manager-specific URLs you do not want protected with the Access System, such as Self Registration and Lost Password Management.

In addition, you can automatically configure a Basic and a Client Certificate authentication scheme based on the configuration information from your user directory:

  • Basic Over LDAP: This built-in Web server challenge mechanism requires the user to enter their login ID and password. The credentials supplied are then compared to the users profile in the LDAP directory server.

  • Client Certificate: This is a certificate-based user identification method. To use this method, a certificate must be installed on your browser and the Web server must be SSL-enabled.

The fields on the setup page for each scheme must be completed with information that is consistent with the Oracle Access Manager environment you are setting up. In most cases, appropriate defaults will appear on the setup page. You can modify these parameters later using the Access System Console.

You are also asked if you want to set up default policy domains. These will protect Access and Identity URLs. If you accept this option, the following two policy domains are created automatically:

  • Access Domain

  • Identity Domain

    Note:

    Oracle recommends that you accept creation of the Access domain and Identity domains to protect Identity and Policy URLs. Otherwise, you must manually create these policies later. For more information, see Oracle Access Manager Access Administration Guide.

Of course, you can decline automatic configuration. In this case, you need to set up Basic over LDAP and Client Certificate authentication schemes in the Access System Console later. Also, you must manually set up and enable the policy domains to protect Identity and Policy URLs. For more information about authentication schemes and policy domains, see the Oracle Access Manager Access Administration Guide.

To complete the authentication scheme and policy domain sequence

  1. Select Yes to initiate the automatic configuration sequence, or No to set up all authentication schemes yourself, then click Next.

    • If you selected Yes, continue with step 2.

    • Otherwise, skip to step 5.

  2. Choose the authentication scheme or schemes you want to configure automatically, then click Next.

    • If you chose Basic Over LDAP, a page appears with its definition, which you can change now or later. In this case, continue with step 3.

    • If you chose only Client Certificate, skip to step 4.

  3. Review and change Basic Over LDAP parameters, as needed, then click Next.

  4. Review and change Client Certificate parameters, as needed, then click Next.

    Next you are asked if you want to configure policies to protect Oracle Access Manager-related (URLs). The default is No.

  5. Select Yes to configure the policies (or No), then click Next. For example: Yes.

    Note:

    You must associate and install Access Servers and WebGates before you can use the policy domains. Additionally, you must enable policy domains to make them operational. For more information about policy domains, see the Oracle Access Manager Access Administration Guide.

    The next page provides instructions to complete the Policy Manager setup.

7.5.4 Completing Policy Manager Setup

The Securing Data Directories page lists the Oracle Access Manager directories that you must protect to maintain the security of the Identity System.

  • You must restrict access both from browsers and from network users who access the directory through the file system. See the documentation for your Web server and operating system if you need instructions on how to protect directories.

  • You can also protect the Access System within a policy domain.

The second half of the page on-screen provides additional information about configuring Oracle Access Manager policy domains.

To complete the Policy Manager setup

  1. Read all information on the page before you continue.

    Note:

    If you are using Active Directory, see "Installing and Setting Up the Access System" for additional information before you continue.
  2. Restart the Web server and Identity Server service in the following order:

    1. Stop the WebPass Web server instance, which is the same as the Policy Manager.

    2. Stop, then restart the Identity Server service for the WebPass.

    3. Restart the WebPass/Policy Manager Web server instance.

  3. After the Web server restarts, click Done.

    The Policy Manager home page appears.

  4. Review the following information; you may perform any of the following procedures:

    1. Confirming Policy Manager Setup

    2. Chapter 8, "Installing the Access Server"

    3. Protect the directories as indicated on the Securing Directories page during setup, as described in the Oracle Access Manager Access Administration Guide.

7.6 Confirming Policy Manager Setup

An easy way to confirm your Policy Manager setup is to log in and review the authentication schemes automatically configured during the setup process. You may also begin to use the Access System Console to setup the Access Server instance and define other administrators, as described in the Oracle Access Manager Access Administration Guide.

Note:

If the Policy Manager home page is on your screen, you may skip step 2

To confirm Policy Manager setup

  1. Navigate to the Access System Console from your browser. For example:

    http://hostname:port/access/oblix
    

    where hostname refers to computer that hosts the Web server; port refers to the HTTP port number of the WebPass Web server instance; /access/oblix connects to the Access System Console.

  2. Select the Access System Console link.

  3. Log in as a user with Master Administrator privileges.

    The Access System Console appears.

    You can click a tab in the top navigation bar to display a list of options, which will appear along the left side of the on-screen page. For example, complete step 4 to display a list of currently configured authentication schemes.

  4. Select the Access System Configuration tab, then click Authentication Management when it appears in the left column.

    A list of currently configured authentication schemes appears in the main body of the new page. If you did not choose to automatically configure schemes, none will be listed.

    At this point, you can:

    • Display configuration details for an authentication scheme by clicking the link that corresponds to the scheme.

    • Add an Access Server instance by selecting Access Server Configuration in the side navigation bar (this is a prerequisite to installing an Access Server). For more information, see "Installing the Access Server".

    • Continue to explore the Access System Console and Policy Manager.

      For example, you can define or modify policy domains as described in the Oracle Access Manager Access Administration Guide. The fact that Access Server or WebGate has not yet been installed has no impact on your ability to define them. Once these components are installed, the policy domains will be in affect.

    • Log out by selecting Logout in the side navigation bar.

      For more information, see the Oracle Access Manager Access Administration Guide

    • Install the Access Server. For details, see Chapter 8, "Installing the Access Server".