Skip Headers
Oracle® Access Manager Installation Guide
10g (10.1.4.3)

Part Number E12493-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

15 Replicating Components

Instead of using the command line or the installation GUI to install an Oracle Access Manager component, you can automate the installation process by replicating the configuration of one installed component to another. You do this by installing from an options file or by cloning an installed component. You can also partially replicate a component by synchronizing two installed components.

This chapter describes installation using an options file, cloning, and synchronization. It covers the following topics:

15.1 About the Silent Mode Options File

In addition to installing Oracle Access Manager from a GUI or the console, you can perform an automated installation using a file that contains installation parameters and values. This is called installing in silent mode. Silent mode permits installation without user intervention.

Note:

Silent mode is intended for new Oracle Access Manager installations only, not for migrations or upgrades. For details about ADAM and silent installation, see "Oracle Access Manager Silent Mode Installation Parameters".

You perform silent mode installations using an options file. When you install a Oracle Access Manager component, the installation program automatically creates a file named install_options.txt. This file is written to the installation directory for the component. The general path is:

/component_install_dir/identity|access/oblix/config/install_options.txt

component_install_dir is the top-level directory in the path and identity|access represents the suffix for the respective Oracle Access Manager component. For example:

/OracleAccessManager/identity/oblix/config/install_options.txt

Your installation session is recorded in the installation options file. This file contains information about the prompts you received and the values that you supplied during installation. You can use this file as a template for future installations, changing parameter values as needed.

You need to edit the file if you re-entered any values during installation. The entire installation session is recorded in this file, so you may need to delete information if you input data several times for the same option. You also need to edit this file to change parameter values for the new installation. For Identity Server and WebPass, you at least need to specify a unique ID for the new component. Passwords entered during installation are not stored for security reasons.

15.1.1 Additional Uses of the Silent Mode Options File

The silent mode options file can also be used to provide default values for an interactive installation. This is useful if you want to provide default values for installing multiple instances of a Oracle Access Manager component. To provide default values for an installation, follow the instructions in this chapter with the following exceptions:

  • Remove any parameters and values from the options file that have no defaults, such as password values.

  • Invoke the installation program without the -silent option described next.

15.2 Running the Silent Mode Options File

The procedure to run the silent mode options file follows.

Note:

Silent mode is intended for new installations only, not for migrations or upgrades.

To install new components in silent mode

  1. Make a copy of the original options file if you have not already done so.

  2. Run installation from the command prompt using the following options:

    -options path_to_install_options.txt -silent

    where path_to_install_options.txt is the location of the silent mode options file.You must include the file name in the path. The file name does not have to be install_options.txt.

Note:

To suppress the installation dialog box, add the –is:silent option to this command.

15.2.1 Selecting an Installation Directory on HP-UX and AIX

To direct an installation to a directory with sufficient space, you can use the -is:tempdir path parameter. The path must be an absolute path, to a file system with sufficient space.

15.2.2 Inputting Installation Passwords

You must supply a password at the command line or edit the silent mode options file and store the password there. If you do not supply a password, the installation will fail. Here is an example of entering the password using the command line:

installer -is:silent -silent -options path_to_install_options.txt -W oblixDSinfoBean.dsPassword=Your_Password

where path_to_install_options.txt is the location of the silent mode options file.

15.3 Editing the Silent Mode Options File

You can find the options file in the following location:

/component_install_dir/identity|access/oblix/config/install_options.txt

where component_install_dir is the top-level directory in the path and identity|access represents the component type.

You need to copy the options file and edit the copy to match your environment, using the following guidelines:

See the following examples:

15.3.1 Sample Options Files

An example of a Identity Server options file is shown in Example 15-5.

Note:

By default, the password field is commented out and a password is not provided when the silent mode options file is first created. Edit the password field if you want to insert a password. Delete the "#" and enter the correct password.

15.3.1.1 Sample Access Server Options Files

Several examples are presented here:

Sample: Same Directory Server

An example of an Access Server options file is shown in Example 15-1. In this example, the configuration and policy data are stored in the same directory server.

Example 15-1 Access Server Options File, Same Directory Server

Log file for this installation is located at C:\DOC\AMIT\LOCAL\Temp/aaa.log 
-P aaa.installLocation="C:\OracleAccessManager\oblix\access" 
-W securityModeBean.securityModeChoices="open" 
# The following are recommended to be entered as command line arguments. 
-W oblixDSInfoBean.dsType="NCSP10" 
-W oblixDSInfoBean.dsMode="open" 
-W oblixDSInfoBean.dsHostMachine="marinello" 
-W oblixDSInfoBean.dsPortNumber="999" 
-W oblixDSInfoBean.dsBindDN="cn=administrator" 
# The following are recommended to be entered as command line arguments. 
-W oblixDSInfoBean.dsPassword="mypassword" 
-W policyDataInWhichDSBean.askPolicyDataInWhichDS="OBLIX" 
W aaaInfoBean.accessServerID="aaa" 
-W aaaInfoBean.policyDataConfigDN="o=company,c=us" 
-W aaaInfoBean.policyDSBase="o=company,c=us" 

Sample: Separate directory servers

In this example of an Access Server options file, the configuration and policy data are stored in separate directory servers. See Example 15-2.

Example 15-2 Access Server Options File, Configuration and Policy Data in Separate Directories

# Log file for this installation is located at C:\DOC\AMIT\LOCAL\Temp/aaa.log 
-P aaa.installLocation="C:\OracleAccessManager\oblix\access" 
-W securityModeBean.securityModeChoices="open" 
# The following are recommended to be entered as command line arguments. 
-W oblixDSInfoBean.dsType="NCSP10" 
-W oblixDSInfoBean.dsMode="open" 
-W oblixDSInfoBean.dsHostMachine="marinello" 
-W oblixDSInfoBean.dsPortNumber="999" 
-W oblixDSInfoBean.dsBindDN="cn=administrator" 
# The following are recommended to be entered as command line arguments. 
-W oblixDSInfoBean.dsPassword="mypassword" 
-W policyDataInWhichDSBean.askPolicyDataInWhichDS="POLICY" 
-W policyDSInfoBean.dsMode="open" 
-W policyDSInfoBean.dsHostMachine="marinello" 
-W policyDSInfoBean.dsPortNumber="999" 
-W policyDSInfoBean.dsBindDN="cn=administrator" 
# The following are recommended to be entered as command line arguments. 
-W policyDSInfoBean.dsPassword="mypassword" 
-W aaaInfoBean.accessServerID="aaa" 
-W aaaInfoBean.policyDataConfigDN="o=company,c=us" 
-W aaaInfoBean.policyDSBase=o=company,c=us" 

Sample: Separate directory servers with SSL enabled for user data

In this example of an Access Server options file, Example 15-3, the configuration and policy data are stored in separate directory servers and the user directory server is operating in SSL mode.

Example 15-3 Access Server Options with Separate Directory Servers with SSL-Enabled

# Log file for this installation is located at C:\DOC\AMIT\LOCAL\Temp/aaa.log 
-P aaa.installLocation="C:\OracleAccessManager\oblix\access" 
-W securityModeBean.securityModeChoices="open" 
# The following are recommended to be entered as command line arguments 
-W oblixDSInfoBean.dsType="NCSP10" 
-W oblixDSInfoBean.dsMode="open" 
-W oblixDSInfoBean.dsHostMachine="marinello" 
-W oblixDSInfoBean.dsPortNumber="999" 
-W oblixDSInfoBean.dsBindDN="cn=administrator" 
# The following are recommended to be entered as command line arguments. 
-W oblixDSInfoBean.dsPassword="mypassword" 
-W policyDataInWhichDSBean.askPolicyDataInWhichDS="POLICY" 
-W policyDSInfoBean.dsMode="open" 
-W policyDSInfoBean.dsHostMachine="marinello" 
-W oblixDSInfoBean.dsPortNumber="999" 
-W policyDSInfoBean.dsBindDN="cn=administrator" 
# The following are recommended to be entered as command line arguments. 
-W policyDSInfoBean.dsPassword="mypassword" 
-W aaaInfoBean.accessServerID="aaa" 
-W aaaInfoBean.policyDataConfigDN="o=company,c=us" 
-W aaaInfoBean.policyDSBase=o=company,c=us" 
-W userDSSSLCertPath.sslCertPath="C:\Cert\ca.cert" 

Sample: Separate directory servers with SSL enabled for policies

In this example of an Access Server options file, Example 15-4, the configuration and policy data are stored in separate directory servers and the policy directory server is operating in SSL mode.

Example 15-4 Access Server Options, Separate Configuration and Policy Data, SSL-Enabled

# Log file for this installation is located at C:\DOC\AMIT\LOCAL\Temp/aaa.log 
-P aaa.installLocation="C:\OracleAccessManager\oblix\access" 
-W securityModeBean.securityModeChoices="open" 
# The following are recommended to be entered as command line arguments 
-W oblixDSInfoBean.dsType="NCSP10" 
-W oblixDSInfoBean.dsMode="open" 
-W oblixDSInfoBean.dsHostMachine="marinello" 
-W oblixDSInfoBean.dsPortNumber="999" 
-W oblixDSInfoBean.dsBindDN="cn=administrator" 
# The following are recommended to be entered as command line arguments. 
-W oblixDSInfoBean.dsPassword="mypassword" 
-W policyDataInWhichDSBean.askPolicyDataInWhichDS="POLICY" 
-W policyDSInfoBean.dsMode="ssl" 
-W policyDSInfoBean.dsHostMachine="marinello" 
-W policyDSInfoBean.dsPortNumber="333"
-W policyDSInfoBean.dsBindDN="cn=administrator"
# The following are recommended to be entered as command line arguments.
-W policyDSInfoBean.dsPassword="mypassword"
-W userDSSSLCertPath.sslCertPath="C:\Cert\ca.cert"
-W aaaInfoBean.accessServerID="aaa"
-W aaaInfoBean.policyDataConfigDN="o=company,c=us"
-W aaaInfoBean.policyDSBase=o=company,c=us"

Sample: Identity Server Installation using Active Directory

In this example of a Identity Server options file, Example 15-5, the installation is being done on Active Directory.

Example 15-5 Identity Server Installation Options using Active Directory

# Log file for this installation is located at C:\DOCUME~1\ADMINI~1\Temp\OracleAccessManager.log
-P ois.installLocation=ÓD:\test\adsi\ois\identityÓ
-W secruityModeBean.securityModeChoices=ÓopenÓ
-WoisInfoBean.hostName=Ótest001Ó
-W oisInfoBean.serverID=Ótest002Ó
-W oisInfoBean.portNumber=Ó9002Ó
-W askFirstIdentityServer.askFirstIdentityServerField=ÓnÓ
-W askSSLSetup.askSSLSetupField=ÓNoÓ
-W askADSI.isADSI=ÓyesÓ
-W askUseImplicitBind.useImplicitBind=ÓyesÓ
-W askNTServiceName.netServiceNameField=ÓtestcoreidadÓ
-W askNTServiceAccount.ntServiceUserAccount=Ó.\AdministratorÓ
# The following is recommended to be entered as a command line argument
# -W askNTServiceAccount.netServiceUserPassword=<your password>

15.4 Silent Mode Parameters

The following discussions describe options you may edit in the silent installation options file for each component. Anything shown in italics is a value you supply for a parameter. You must supply a value for each parameter in the file. Enclose all values in double quotes.

For details on installation prompts and their values, refer to the other chapters in this installation guide. For example, see Chapter 4, "Installing the Identity Server" for information on Identity Server installation prompts and values.

The following sections are sequenced in the recommended order for installing Oracle Access Manager components. The parameters are listed in the same order that they appear in the installation GUI.

Note:

When installing a component, you may not need to supply every parameter. You need only supply values for parameters that apply to your installation.

15.4.1 Identity Server Parameters

Table 15-1 describes silent installation parameters for the Identity Server.

Table 15-1 Silent Installation Parameters for the Identity Server

Identity Server Parameters and Descriptions Possible Values

-P ois.installLocation: The installation directory. The default directory is "C:\COREid" on Windows and "/coreid" on UNIX.

"installation directory"

-W userInfoBean.user: UNIX only. The user ID that the product will be running as.

"user ID"

-W userInfoBean.group: UNIX only. The group that corresponds to the userInfoBean.user.

"group id"

-W localePanel.defaultLang: Required when extra languages are to be installed with the main installation.

"en-us"

-W localePanel.installLanguages: Required when extra languages are to be installed with the main installation.

"en-us;fr-fr"

-W securityModeBean.securityModeChoices: Security mode for the Identity Server. A value of "open" means no security is used, a value of "simple" means encryption is used, and a value of "cert" means you are running your own CA.

"open", "simple", "cert"

-W oisInfoBean.hostName: Host name where Identity Server is installed.

"ip address" or "hostname"

-W oisInfoBean.serverID: Identity Server ID. This is a unique ID that you create.

"server id"

-W oisInfoBean.portNumber: Port number of the Identity Server. This port number cannot be used by another instance on the same computer.

"port number"

-W askFirstIdentityServer.askFirstIdentityServerField: This parameter specifies whether this is the first Identity Server being installed. The value "y" means yes, this is the first Identity Server installed, "n" means no.

"y" or "n"

-W askSSLSetup.askSSLSetupField: This parameter specifies whether to set up SSL between the Identity Server and the directory server.

"Yes" or "No"

-W askSSLSetup.askUserSSLSetupField: This parameter specifies whether to set up SSL between the Identity Server and the directory server containing user data.

"Yes" or "No"

-W askSSLSetup.askOblixSSLSetupField: This parameter specifies whether to set up SSL between the Identity Server and the directory server containing Oracle Access Manager configuration data

"Yes" or "No"

-W askUserSSLCertPath.sslCertPath: The absolute path to the SSL certificate. Use only if "askSSLSetup.askUserSSLSetupField" = "Yes".

"absolute path including the file name"

-W askOblixSSLCertPath.sslCertPath: The absolute path to the SSL certificate. Use only if "askSSLSetup.askOblixSSLSetupField" = "Yes".

"absolute path including the file name"

-W simpleModeBean.passphrase: This parameter is used if you are using the Simple transport security mode. This is a pass phrase allowing the Identity Server to communicate with the WebPass. Use only if "securityModeBean.securityModeChoices" = "simple".

"passphrase"

-W simpleModeBean.passphraseVerify: This parameter is used if you are using the Simple transport security mode. This parameter verifies that the pass phrase matches that of simpleModeBean.passphrase. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

-W certModeBean.passphrase: This parameter is used if you are using the Cert transport security mode. This is a pass phrase allowing the Identity Server to communicate with the WebPass. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W certModeBean.passphraseVerify: This parameter is used if you are using the Cert transport security mode. This parameter verifies that the pass phrase matches that of certModeBean.passphrase. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W installOrRequestCertBean.installOrRequest: Determines whether to install or request a certificate to be used to configure the Identity System. Used if your security mode is set to "cert". If you already have a certificate, use "install". If you want Oracle Access Manager to request a certificate, use "request".

"request" or "install"

-W certReqInfoBean.countryName: Country name. This is a two-letter country code that is valid for use in a DN. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"country code"

-W certReqInfoBean.stateOrProvinceName: State or province name. This is a two-letter state or province code. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request"

"state or province code"

-W certReqInfoBean.localityName: Locality name. This is usually the name of a geographic region. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request"

"locality name"

-W certReqInfoBean.organizationName: Organization name. This is usually the name of an organization. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization name"

-W certReqInfoBean.organizationalUnitName: Organizational unit name. This is usually the name of a department. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization unit name"

-W certReqInfoBean.commonName: Common name. This is usually the name of a person or entity. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"name"

-W certReqInfoBean.emailAddress: Email address. This is usually a valid email address. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"email address"

-W readyToInstallCertBean.readyToInstallField: If you requested that Oracle Access Manager request a certificate, this verifies that the certificate is ready for installation. Only use if installOrRequestCertBean.installOrRequest = "request". Oracle recommends that you use a value of "No" for silent mode. It is unlikely that you can take the request generated by Oracle Access Manager and receive the certificate faster than the Oracle Access Manager installation script can run from one step to the next.

"Yes" or "No"

-W copyCertificatesInputBean.certFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path, including the file name for the certificate file (for example: ois_cert.pem). Use if:

installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.keyFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path including the file name for the key file (for example: ois_key.pem). Use if:

installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.chainFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path including the file name for the chain file (for example: ois_chain.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W updateDSInfo.updateDSInfoChoice: Determines whether to automatically update the configuration and user schemas. Used only if askFirstIdentityServer.askFirstIdentityServeField= "y".

"YesOneDS" performs an automatic update. Configuration and User directory server are the same.

"YesTwoDS" performs an automatic update. Configuration and User directory servers are separate.

"No" does not perform an automatic update.

"YesOneDS", "YesTwoDS", "No"

-W AutoUpdateInput.AutoUpdateInputChoice: Determines whether to automatically update the schema when configuration data is in the same directory where user data is stored.

"Yes" or "No"

-W OblixDSAutoUpdateInput.AutoUpdateInputChoice: Determines whether to automatically update the schema when configuration data is in a different directory from user data.

"Yes" or "No"

-W dsTypeInput.dsType: Use this parameter if Oracle Access Manager is automatically updating the Configuration and User schemas (that is, if updateDSInfo.updateDSInfoChoice = "YesOneDS" or "YesTwoDS"). User directory server Types are:

1 - Sun Directory Server 5.x

2 - NDS

3 - Active Directory

4 - ADSI (Schema will be uploaded using LDAP)

5 - Active Directory on Windows Server 2003

6 - ADSI on Windows Server 2003

7 - Active Directory Application Mode (On Windows 2003 Only)

8 - Siemens DirX -- Not Supported in 10.1.4

9 - IBM Directory Server

10 - Data Anywhere

11 - Oracle Internet Directory

Note: Data Anywhere may be used with user data only and requires integration with Oracle Virtual Directory Server (VDS), as described in Chapter 10, "Setting Up Oracle Access Manager with Oracle Virtual Directory". The LDAP directory branches containing configuration (and policy) data must reside on one or more directory servers other than the one hosting VDS or user data.

Also Note: When the directory server type for user data differs from the directory server type for configuration data, use the following to specify the directory server type for configuration data: -W dsTypeInput1.dsType=#.

"1", "2", "3", "4", "5","6", "7", "9", "10", "11"

-W dsTypeInput1.dsType: See Also Note, in the preceding description.

 

-W dsUserDynAuxClassInput.dynamicAuxiliary: Set this parameter to "y" if you want to support dynamic auxiliary classes with Active Directory. Use only if you have set -W dsTypeInput.dsType to "5" or "7".

"y" or "n"

-W dsInfoInput.dsName: For most directory types, this is the User directory server host name. For Active Directory, use the Schema Master host name. Use only if updateDSInfo.updateDSInfoChoice = "YesOneDS" or "YesTwoDS".

"ip address" or "hostname"

-W dsInfoInput.dsName: For most directory types, this is the User directory server host name. For Active Directory, use the Schema Master host name. Use only if updateDSInfo.updateDSInfoChoice = "YesOneDS" or "YesTwoDS".

"ip address" or "hostname"

-W dsInfoInput.dsPortNumber: For most directory types, this is the User directory server port number. For Active Directory, use the Schema Master port number. Use only if updateDSInfo.updateDSInfoChoice = "YesOneDS" or "YesTwoDS".

"port number"

-W dsInfoInput.bindDN: For most directory types, this is the DN used to authenticate to the User directory server. For Active Directory, use the Schema Master bind DN. Use only if updateDSInfo.updateDSInfoChoice = "YesOneDS" or "YesTwoDS". Enter this value using valid DN syntax, for example, "cn=User Directory, o=Oblix".

"bind DN"

-W dsInfoInput.password: For most directory types, this is the User directory server password. For Active Directory, use the Schema Master password. Use only if updateDSInfo.updateDSInfoChoice = "YesOneDS" or "YesTwoDS". See the note in regarding secure password input.

"password"

-W OblixdsInfoInput.dsName: Configuration directory server name. Use only if configuration and User directory servers are separate and you are not using NDS or Active Directory, that is:

updateDSInfo.updateDSInfoChoice = "YesTwoDS" and dsTypeInput1.dsType does not equal to "2" or "3".

 

-W OblixdsInfoInput.dsPortNumber: Configuration directory server port number. Use only if configuration and User directory servers are separate and you are not using NDS or Active Directory, that is:

updateDSInfo.updateDSInfoChoice = "YesTwoDS" and dsTypeInput1.dsType does not equal "2" or "3".

"port number"

-W OblixdsInfoInput.bindDN: DN used to authenticate to the Configuration directory server. Use only if configuration and user data directory servers are separate and you are not using NDS or Active Directory, that is:

updateDSInfo.updateDSInfoChoice = "YesTwoDS" and dsTypeInput1.dsType does not equal to "2" or "3".

Enter this value using valid DN syntax, for example: "cn=Configuration Directory, o=Oblix".

"bind DN"

-W OblixdsInfoInput.password: Configuration directory server password. Use only if configuration and User directory servers are separate and you are not using NDS or Active Directory, that is:

updateDSInfo.updateDSInfoChoice = "YesTwoDS" and dsTypeInput1.dsType does not equal "2" or "3".

"password"

-W askNTServiceName.ntServiceNameField: Windows only. A service name for the Identity Server. This name will appear in the services control panel.

"name"

-W askADSI.isADSI: Confirms if you are using Active Directory with ADSI.

"yes", "no"

-W askADSISSL.isADSISSL: Confirms if you are running Active Directory with ADSI using SSL.

"yes", "no"

-W askSeparateADDomain.isSeparateDomain: Specifies if the computer where you are installing this Identity Server instance is in a different forest from the target Active Directory Forest that Oracle Access Manager is configured to use.

"yes", "no"

-W askUseImplicitBind.useImplicitBind: If the installation computer is in the same domain, do you want to use the Service account credentials to access Active Directory? A "yes" sets the parameter useImplicitBind in the adsi_params.xml file.

"yes", "no"

-W askNTServiceAccount.ntServiceUserAccount: If you set the value of askUseImplicitBind to "yes," this is the account that the service runs as, for example, ".\Administrator".

"account ID"

-W askNTServiceAccount.ntServiceUserPassword: If you set the value of ask UseImplicitBind to "yes", this is the service account password. Oracle recommends that you supply this value at the command line.

"password"


15.4.2 WebPass Parameters

Table 15-2 describes silent installation parameters for WebPass.

Table 15-2 Silent Installation Parameters for WebPass

WebPass Parameter and Description Possible Values

-P webpass.installLocation: Installation directory. The default directory is "C:\COREid\WebComponent" on Windows and "/coreid/webcomponent" on UNIX.

"installation directory"

-W userInfoBean.user: UNIX only. The user ID that the product will be running as.

"user ID"

-W userInfoBean.group: UNIX only. The group that corresponds to the userInfoBean.user.

"group id"

-W localePanel.defaultLang: Required when extra languages are to be installed with the main installation.

"en-us"

-W localePanel.installLanguages: Required when extra languages are to be installed with the main installation.

"en-us;fr-fr"

-W securityModeBean.securityModeChoices: The security mode for the Identity Server. A value of "open" means no security is used, a value of "simple" means encryption is used, and a value of "cert" means you are running your own CA.

"open", "simple", "cert"

-W webpassInfoBean.hostName: Host name of the Identity Server.

"ip address" or "hostname"

-W webpassInfoBean.webpassID: WebPass ID. This is an unique ID you specify during installation.

"ID"

-W webpassInfoBean.portNumber: Port number of the Identity Server.

"port number"

-W simpleModeBean.passphrase: Pass phrase allowing the Identity Server to communicate with the WebPass. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

-W simpleModeBean.passphraseVerify: Pass phrase allowing the Identity Server to communicate with the WebPass. This parameter is used to verify that the pass phrase matches that of certModeBean.passphrase. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

-W certModeBean.passphrase: Pass phrase allowing the Identity Server to communicate with the WebPass. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W certModeBean.passphraseVerify: Pass phrase allowing the Identity Server to communicate with the WebPass. This parameter verifies that the pass phrase matches that of certModeBean.passphrase. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W installOrRequestCertBean.installOrRequest: Determines whether to install or request a certificate that is used to configure the Identity System. Use if your security mode is set to "cert". If you already have requested a certificate, choose "install". If you want Oracle Access Manager to request a certificate that can be submitted to the CA, choose "request".

"install" or "request"

-W certReqInfoBean.countryName: Country name. This is a two-letter country code that is valid for use in a DN. It is part of the information that Oracle Access Manager uses to request a certificate. Use this parameter if you have opted to have Oracle Access Manager request a certificate, that is, if installOrRequestCertBean.installOrRequest = "request".

"country code"

-W certReqInfoBean.stateOrProvinceName: State or province name. This is a two-letter state or province code that is valid for use in a DN. It is part of the information that Oracle Access Manager uses to request certificate. Use if you have opted to have Oracle Access Manager request a certificate, that is, if installOrRequestCertBean.installOrRequest = "request".

"state or province code"

-W certReqInfoBean.localityName: Locality name. Part of the information that Oracle Access Manager uses to request a certificate. Use if you have opted to have Oracle Access Manager request a certificate, that is, if installOrRequestCertBean.installOrRequest = "request".

"locality name"

-W certReqInfoBean.organizationName: Organization name. This is usually the name of an organization. It is part of the information that Oracle Access Manager uses to request a certificate. Use if you have opted to have Oracle Access Manager request a certificate, that is, if installOrRequestCertBean.installOrRequest = "request".

"organization name"

-W certReqInfoBean.organizationalUnitName: Organizational unit name. This is usually the name of a department. It is part of the information that Oracle Access Manager uses to request a certificate. Use if you have opted to have Oracle Access Manager request a certificate, that is, if installOrRequestCertBean.installOrRequest = "request".

"organization unit name"

-W certReqInfoBean.commonName: Common name. This is usually the name of a person or entity. This is part of the information that Oracle Access Manager uses to request a certificate. Use if you have opted to have Oracle Access Manager request a certificate, that is, if installOrRequestCertBean.installOrRequest = "request".

"name"

-W certReqInfoBean.emailAddress: Email address. This is usually a valid email address. This is part of the information that Oracle Access Manager uses to request a certificate. Use if you have opted to have Oracle Access Manager request a certificate, that is, if installOrRequestCertBean.installOrRequest = "request".

"email address"

-W readyToInstallCertBean.readyToInstallField: If you requested that Oracle Access Manager request a certificate, this parameter asks if the certificate is ready for installation. Only use if installOrRequestCertBean.installOrRequest = "request". Oracle recommends you do not use "Yes" for silent mode. It is unlikely that you can take the request generated by Oracle Access Manager and receive the certificates faster than the Oracle Access Manager installation can run from one step to the next.

"Yes" or "No"

-W copyCertificatesInputBean.certFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path including the file name for the certificate file (for example: ois_cert.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.keyFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path including the file name for the key file (for example: ois_key.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.chainFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path including the file name for the chain file (for example: ois_chain.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W askAutoUpdateWSBean.askAutoUpdateWSField: Determines whether to update the Web server configuration automatically.

"Yes" or "No"

-W askConfFilePathBean.askConfFilePathField: For NSAPI, this is the absolute path of the Web server configuration directory containing obj.conf (for example: /export/Sun/servers/https-oblix/config). For Apache/Apache SSL, this is the absolute path of httpd.conf in your Web server configuration directory (for example: /export/apache/conf/httpd.conf). Use only for Apache, Apache SSL, and NSAPI Web servers and if askAutoUpdateWSBean.askAutoUpdateWSField = "Yes".

"absolute path (including the file name for Apache)"

-W askLaunchBrowserBean.launchBrowser: Determines whether to launch a browser to display instructions to manually update the Web server configuration. Use only if installing on UNIX and askAutoUpdateWSBean.askAutoUpdateWSField = "No".

"Yes" or "No"


15.4.3 Policy Manager Parameters

Table 15-3 describes silent installation parameters for the Policy Manager.

Table 15-3 Silent Installation Parameters for Policy Manager

Policy Manager Parameter and Description Possible Values

-P manager.installLocation: Installation directory. The default directory is "C:\COREid" on Windows and "/coreid" on UNIX.

"installation directory"

-W userInfoBean.user: UNIX only. The user ID that the product will be running as. This can be any valid user ID.

"user ID"

-W userInfoBean.group: UNIX only. The group that corresponds to the userInfoBean.user.

"group name"

-W localePanel.defaultLang: Required when extra languages are to be installed with the main installation.

"en-us"

-W localePanel.installLanguages: Required when extra languages are to be installed with the main installation.

"en-us;fr-fr"

-W updateDSInfo.updateDSInfoChoice: This parameter determines whether Oracle Access Manager updates the policy schema automatically. Use this parameter if the Policy directory server is the same as the configuration data directory server, but different from the User directory server.

"Yes" or "No"

-W dsTypeInput.dsType: If the Policy directory server is the same as the configuration server, but different from the User directory server updateDSInfo.updateDSInfoChoice = "Yes", you need to specify the Policy directory server type:

1 - Sun Directory Server 5.x

2 - NDS

3 - Active Directory

5 - Active Directory on Windows Server 2003

7 - Active Directory Application Mode (On Windows 2003 Only)

8 - Siemens DirX -- Not Supported

9 - IBM Directory Server

10 - Oracle Internet Directory

"1", "2", "3", "4", "5","6", "7", "9", "10"

-W dsInfoInput.dsName: Policy directory server name. Use this parameter if the Policy directory server is the same as the configuration data server, but different from the User directory server, and you are not using NDS or Active Directory.

updateDSInfo.updateDSInfoChoice = "Yes" and dsTypeInput.dsType does not equal "2" or "3".

"ip address " or "hostname"

-W dsInfoInput.dsPortNumber: Policy directory server port number. Use this parameter if the Policy directory server is the same as the configuration data directory server, but different from the User directory server, and you are not using NDS or Active Directory

updateDSInfo.updateDSInfoChoice = "Yes" and dsTypeInput.dsType does not equal "2" or "3".

"port"

-W dsInfoInput.bindDN: DN used to authenticate to the Policy directory server. Use this parameter if the Policy directory server is the same as the configuration data directory server, but different from the User directory server, and you are not using NDS or Active Directory:

updateDSInfo.updateDSInfoChoice = "Yes" and dsTypeInput.dsType does not equal "2" or "3".

Use conventional DN syntax for this entry, for example: "cn=Policy Directory, o=Oblix".

"bind DN"

-W dsInfoInput.password: Policy directory server password. Use this parameter if the Policy directory server is the same as the configuration data directory server, but different from the User directory server, and you are not using NDS or Active Directory:

updateDSInfo.updateDSInfoChoice = "Yes" and dsTypeInput.dsType does not equal "2" or "3".

"password"

-W dsInfoInput.dsSSLConnect: Determines whether the Policy directory server uses an SSL connection. Use this parameter if the Policy directory server is the same as the configuration data directory server, but different from the User directory server, and you are not using NDS or Active Directory:

updateDSInfo.updateDSInfoChoice = "Yes" and dsTypeInput.dsType does not equal "2" or "3".

"Yes" or "No"

-W askSSLCertPath.askSSLCertificatePathField: The absolute path to the SSL certificate. Use this parameter if the Policy directory server is the same as the configuration data directory server, but different from the User directory server, and you are not using NDS or Active Directory:

updateDSInfo.updateDSInfoChoice = "Yes" and dsTypeInput.dsType does not equal "2" or "3" and dsInfoInput.dsSSLConnect = "Yes".

"absolute path including the file name"

-W askAutoUpdateWSBean.askAutoUpdateWSField: Determines whether to update the Web server configuration automatically.

"Yes" or "No"

-W askConfFilePathBean.askConfFilePathField: For NSAPI, this is the absolute path of the Web server config directory containing obj.conf (for example: /export/Sun/servers/https-oblix/config). For Apache and Apache SSL, this is the absolute path of httpd.conf in your Web server config directory (for example: /export/apache/conf/httpd.conf).

Use only for Apache, Apache SSL, and NSAPI Web servers and if askAutoUpdateWSBean.askAutoUpdateWSField = "Yes".

"absolute path (including the file name for Apache)"

-W askLaunchBrowserBean.launchBrowser: Determines whether to launch a browser that displays instructions to manually update the Web server configuration. Use only on UNIX and only if askAutoUpdateWSBean.askAutoUpdateWSField = "No".

"Yes" or "No"

-W askADSI.isADSI: Confirms if you are running Active Directory with ADSI.

"yes", "no"

-W askADSISSL.isADSISSL: Confirms if you are running Active Directory with ADSI using SSL.

"yes", "no"


15.4.4 Access Server Parameters

Table 15-4 describes silent installation parameters for the Access Server.

Table 15-4 Silent Installation Parameters for Access Server

Access Server Parameter and Description Possible Values

-P aaa.installLocation: The installation directory. The default directory is "C:\COREid" on Windows and "/coreid" on UNIX.

"installation directory"

-W userInfoBean.user: UNIX only. The user ID that the product will be running as.

"user ID"

-W userInfoBean.group: UNIX only. The group that corresponds to the userInfoBean.user.

"group name"

-W localePanel.defaultLang: Required when extra languages are to be installed with the main installation.

"en-us"

-W localePanel.installLanguages: Required when extra languages are to be installed with the main installation.

"en-us;fr-fr"

-W securityModeBean.securityModeChoices: The security mode for the Access Server. A value of "open" means no security is used, a value of "simple" means encryption is used, and a value of "cert" means you are running your own CA.

"open", "simple", or "cert"

- W userDSSSLCerPath.sslCertPath: The absolute path to the SSL certificate. Use only if the user directory is in SSL mode.

"absolute path including the file name"

-W oblixDSInfoBean.dsHostMachine: Configuration directory server host computer.

"ip address " or "hostname"

-W oblixDSInfoBean.dsPortNumber: Configuration directory server port number.

"port number"

-W oblixDSInfoBean.dsBindDN: DN used to authenticate to the Configuration directory server.

"bind DN"

-W oblixDSInfoBean.dsPassword: Configuration directory server password.

"password"

-W oblixDSInfoBean.dsMode: Configuration directory server's mode (open or ssl).

"open" or "ssl"

-W oblixDSInfoBean.dsType: The Configuration directory server type:

NS5 - Sun Directory Server 5.x

NOVELL - NDS

MSAD - Microsoft Active Directory

MSAD_ADSI - Microsoft Active Directory with ADSI

MSADAM - Active Directory Application Mode

DIRX - Siemens DirX -- Not Supported

IBMSWAY - IBM Directory Server?

Oracle Internet Directory

"NS5", "NOVELL", "MSAD", "MSAD_ADSI" "MSADAM" "IBMSWAY" "OID"

-W oblixDSSSLCertPath.sslCertPath: The absolute path to the ssl certificate. Use only if oblixDSInfoBean.dsMode = "ssl".

"absolute path including the file name"

-W policyDataInWhichDSBean.askPolicyDataInWhichDS: Determines whether the Policy directory server is the same as the User or Configuration directory server. The value "OBLIX" means that the Policy and Configuration directory server are the same. The value "POLICY" means that the Policy directory server is different from that of User and Configuration directory server.

"OBLIX" or "POLICY"

-W policyDSInfoBean.dsHostMachine: The Policy directory server host computer. Use only if the Policy directory server is the same as the Configuration server, but different from the User directory server, policyDataInWhichDSBean.askPolicyDataInWhichDS = "OBLIX".

"ip address " or "hostname"

-W policyDSInfoBean.dsPortNumber: The Policy directory server port number. Use only if the Policy directory server is the same as the Configuration server, but different from the User directory server, policyDataInWhichDSBean.askPolicyDataInWhichDS = "OBLIX".

"port number"

-W policyDSInfoBean.dsBindDN: The DN used to authenticate to the Policy directory server. Use only if the Policy directory server is different from that of User and Configuration directory server policyDataInWhichDSBean.askPolicyDataInWhichDS = "POLICY". Use conventional DN syntax for this entry. Example: "cn=Policy Directory, o=Oblix".

"bind DN"

-W policyDSInfoBean.dsPassword: Policy directory server password. Use only if the Policy directory server is different from that of User and Configuration directory server policyDataInWhichDSBean.askPolicyDataInWhichDS = "POLICY".

"password"

-W policyDSInfoBean.dsMode: Policy directory server mode (open or ssl). Use only if the Policy directory server is different from that of User and Configuration directory server policyDataInWhichDSBean.askPolicyDataInWhichDS = "POLICY".

"open" or "ssl"

-W policyDSSSLCertPath.sslCertPath: The absolute path to the ssl certificate. Use only if the Policy directory server is the same as the Configuration server, but different from the User directory server, policyDataInWhichDSBean.askPolicyDataInWhichDS = "OBLIX".

"absolute path including the file name"

-W aaaInfoBean.accessServerID: The ID of the Access Server registered in the Access System Console. Supply the value you entered at the Access System Console for this Access Server.

"value"

-W aaaInfoBean.policyDataConfigDN: The configuration DN for the policy data. Use conventional DN syntax for this entry. Example: "cn=Policy Data, o=Oblix".

"DN"

-W aaaInfoBean.policyDSBase: The policy base, which is the node in the Policy directory under which Configuration stores its policy-related data.Example: "cn=Policy Data, o=Oblix".

"DN"

-W simpleModeInfoBean.passphrase: The pass phrase. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

-W simpleModeInfoBean.passphraseVerify: The pass phrase again, used for verification. This should be the same as simpleModeInfoBean.passphrase. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

-W simpleModeInfoBean.storePassPhraseinFile: Determines whether the pass phrase is stored in a file. If stored in a file, the Access Server can be started without a user or a script providing the pass phrase when the Access Server starts up.

"true" or "false"

-W certModeInfoBean.passphrase: Pass phrase. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W certModeInfoBean.passphraseVerify: Pass phrase again, used for verification. This should be the same as certModeInfoBean.passphrase. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W certModeInfoBean.storePassPhraseinFile: Determines whether the password or pass phrase is stored in a file. If stored in a file, the Access Server can be started without a user providing the pass phrase when the Access Server starts up.

"true" or "false"

-W installOrRequestCertBean.installOrRequest: Determines whether to install or request a certificate that is used to configure the Access System. Used if your security mode is set to "cert". If you already have a certificate, use "install." If you want Oracle Access Manager to request a request for a certificate, use "request".

"request" or "install"

-W certReqInfoBean.countryName: Country name. This is usually a two-letter country code that is valid for use in DNs. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"country code"

-W certReqInfoBean.stateOrProvinceName: State or province name. This is usually a two-letter state or province code that this valid for use in DNs. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"state or province code"

-W certReqInfoBean.localityName: Locality name. This is usually the name of a geographic region. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"locality name"

-W certReqInfoBean.organizationName: Organization name. This is usually the name of an organization. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization name"

-W certReqInfoBean.organizationalUnitName: Organization unit name. This is usually the name of a department. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization name"

-W certReqInfoBean.commonName: Common name. This is usually the name of a person or another entity. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"name"

-W certReqInfoBean.emailAddress: Email address. This is usually a valid email address. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"email address"

-W readyToInstallCertBean.readyToInstallField: If you requested that Oracle Access Manager request a certificate, this verifies that the certificate is ready for installation. Only use if installOrRequestCertBean.installOrRequest = "request". Oracle recommends you do not use "Yes" for silent mode. You probably cannot take the request generated by Oracle Access Manager and receive the certificates faster than the Oracle Access Manager installation can run from one step in the installation to the next.

"Yes" or "No"

-W copyCertificatesInputBean.certFile: The absolute path including the file name for the certificate file (for example: aaa_cert.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.keyFile: The absolute path including the file name for the key file (example: aaa_key.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.chainFile: The absolute path including the file name for the chain file (example: aaa_chain.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W askSeparateDomain.isSeparateDomain: Specifies if the computer where you are installing this Identity Server instance is in a different forest from the target Active Directory Forest that Oracle Access Manager is configured to use.

"yes", "no"

-W askUseImplicitBind.useImplicitBind: If the installation computer is in the same domain, do you want to use the Service account credentials to access Active Directory? A "yes" sets the parameter useImplicitBind in the adsi_params.xml file.

"yes", "no"

-W askNTServiceAccount.ntServiceUserAcount: If you set the value of askUseImplicitBind to "yes," this is the account that the service runs as, for example, ".\Administrator".

"account ID"

-W askNTServiceAccount.ntServiceUserPassword: If you set the value of askUseImplicitBind to "yes", this is the service account password. Oracle recommends that you supply this value at the command line.

"password"


15.4.5 WebGate Parameters

Table 15-5 describes silent installation parameters for WebGate.

Table 15-5 Silent Installation Parameters for WebGate

WebGate Parameter and Description Possible Values

-P webgate.installLocation: Installation directory. The default directory is "C:\COREid\WebComponent" on Windows and "/coreid/WebComponent" on UNIX.

"installation directory"

-W userInfoBean.user: UNIX only. The user ID that the product will be running as.

"user ID"

-W userInfoBean.group: UNIX only. The group that corresponds to the userInfoBean.user.

"group id"

-W localePanel.defaultLang: Required when extra languages are to be installed with the main installation.

"en-us"

-W localePanel.installLanguages: Required when extra languages are to be installed with the main installation.

"en-us;fr-fr"

-W securityModeBean.securityModeChoices: Security mode for WebGate. A value of "open" means no security is used, a value of "simple" means encryption is used, and a value of "cert" means you are running your own CA.

"open", "simple", "cert"

-W openModeBean.serverID: Access Server ID. Use the value you supplied at the Access System Console before installation. Use only if securityModeBean.securityModeChoices = "open".

"server id"

-W openModeBean.hostName: Access Server host name. Use only if securityModeBean.securityModeChoices = "open".

"ip address " or "hostname"

-W openModeBean.webgateID: WebGate ID. Use the ID that you entered in the Access System Console before running the installation. Use only if securityModeBean.securityModeChoices = "open".

"value"

-W openModeBean.portNumber: Access Server port number. Use only if securityModeBean.securityModeChoices = "open".

"port number"

-W openModeBean.password: WebGate password (optional). Use only if securityModeBean.securityModeChoices = "open".

"password"

-W simpleModeBean.serverID: Access Server ID. Use the value you supplied at the Access System Console before installation. Use only if securityModeBean.securityModeChoices = "simple".

"value"

-W simpleModeBean.hostName: Access Server host name. Use only if securityModeBean.securityModeChoices = "simple".

"ip address " or "hostname"

-W simpleModeBean.webgateID: The WebGate ID. Use the value you supplied at the Access System Console. Use only if securityModeBean.securityModeChoices = "simple".

"value"

-W simpleModeBean.portNumber: The Access Server port number. Use only if securityModeBean.securityModeChoices = "simple".

"port number"

-W simpleModeBean.password: The WebGate password (optional). Use only if securityModeBean.securityModeChoices = "simple".

"password"

-W simpleModeBean.passphrase: The pass phrase. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

-W simpleModeBean.passphraseVerify: The pass phrase again, used for verification and should be the same as simpleModeInfoBean.passphrase. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

-W certModeBean.serverID: The Access Server ID. Use the value you supplied at the Access System Console before installation. Use only if securityModeBean.securityModeChoices = "cert".

"value"

-W certModeBean.hostName: The Access Server host name use only if securityModeBean.securityModeChoices = "cert".

"ip address " or "hostname"

-W certModeBean.webgateID: The WebGate ID (optional). Use the value you supplied at the Access System Console. Use only if securityModeBean.securityModeChoices = "cert".

"value"

-W certModeBean.portNumber: The Access Server port number. Use only if securityModeBean.securityModeChoices = "cert".

"port number"

-W certModeBean.password: The WebGate password. Use only if securityModeBean.securityModeChoices = "cert".

"password"

-W certModeBean.passphrase: The pass phrase. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W askAutoUpdateWSBean.askAutoUpdateWSField: Determines whether to perform an automatic update of the Web server configuration.

"Yes" or "No"

-W askConfFilePathBean.askConfFilePathField: For NSAPI, this is the absolute path of the Web server configuration directory containing the obj.conf (for example: /export/Planet/servers/https-oblix/config). For Apache/Apache SSL, this is the absolute path of httpd.conf in your Web server config directory (for example: /export/apache/conf/httpd.conf). Use only for Apache, Apache SSL, and NSAPI Web servers and if askAutoUpdateWSBean.askAutoUpdateWSField = "Yes".

"absolute path (including the file name for Apache)"

-W certModeBean.passphraseVerify: The pass phrase again, used for verification and should be the same as certModeInfoBean.passphrase. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W installOrRequestCertBean.installOrRequest: Determines whether to install or request a certificate to be used to configure the Access System. Used if your security mode is set to "cert". If you already have a certificate, use "install". If you want Oracle Access Manager to request and request a certificate, use "request".

"request" or "install"

-W certReqInfoBean.countryName: Country name. This is a two-letter country code that is valid for use in a DN. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"country code"

-W certReqInfoBean.stateOrProvinceName: State or province name. This is a two-letter code that is valid for use in a DN. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"state or province code"

-W certReqInfoBean.localityName: Locality name. This is usually a geographic region. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"locality name"

-W certReqInfoBean.organizationName: Organization name. This is usually the name of the organization. It is part of the information used to request certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization name"

-W certReqInfoBean.organizationalUnitName: Organization unit name. This is usually a department name. It is part of the information used to request certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization unit name"

-W certReqInfoBean.commonName: Common name. This is usually a person's or entity's name. It is part of the information used to request certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"common name"

-W certReqInfoBean.emailAddress: Email address. This is usually a valid email address. This is part of the information used to request certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"email address"

-W readyToInstallCertBean.readyToInstallField: If you requested that Oracle Access Manager request a certificate, this verifies that the certificate is ready for installation. Only used if installOrRequestCertBean.installOrRequest = "request". Oracle recommends that you use a value of "No" for silent mode. It is unlikely that you can take the request generated by Oracle Access Manager and receive the certificate faster than the Oracle Access Manager installation can run from one step to the next.

"Yes" or "No"

-W copyCertificatesInputBean.certFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path including the file name for the certificate file (for example: aaa_cert.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.keyFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path including the file name for the key file (for example: aaa_key.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.chainFile: A certificate is composed of three files: a certificate file, a key file, and a chain file. This parameter specifies the absolute path including the file name for the chain file (for example: aaa_chain.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes."

"absolute path including the file name"


15.4.6 Access Manager SDK Parameters

Table 15-6 describes silent installation parameters for the Access Manager SDK.

Table 15-6 Silent Installation Parameters for the SDK

SDK Parameter and Description Possible Values

-P sdk.installLocation: The installation directory. The default directory is "C:\COREid" on Windows and "/coreid" on UNIX.

"installation directory"

-W userInfoBean.user: UNIX only. The user ID that the product will be running as.

"user ID"

-W userInfoBean.group: UNIX only. The group that corresponds to the userInfoBean.user.

"group id"


15.4.7 BEA WebLogic SSPI Parameters

Table 15-7 describes silent installation parameters for BEA WebLogic SSPI.

Table 15-7 Silent Installation Parameters for BEA WebLogic SSPI

BEA SSPI Parameters and Description Possible Value

-P bea.installLocation: The installation directory. The default directory is "C:\COREid"

on Windows and "/coreid" on UNIX.

"installation directory"

-W localePanel.defaultLang: Required when extra languages are to be installed with the main installation.

"en-us"

-W localePanel.installLanguages: Required when extra languages are to be installed with the main installation

"en-us;fr-fr"

-W sspiConfigLevel.ConfigMode: Configuration options. Typical option will require minimal inputs. Advanced option enables overriding of all defaults.

"typical;advanced"

-W verifyUserBean.verifyUserBeanField: Determines whether the user installing the product is the same one that the product should be running as. If the value is No, the installation exits.

"Yes" or "No"

-W sspiAdv1.authResType: Resource type used by Oracle Access Manager Security Provider in the policy to authenticate users in Weblogic. wl_authen

wl_authen

-W sspiAdv1.authRes: Resource name used by Oracle Access Manager Security Provider in the policy to authenticate users in Weblogic.

/Authen/Basic

-W sspiAdv1.authResOp: Resource operation used by Oracle Access Manager Security Provider in the policy to authenticate users in Weblogic. LOGIN

LOGIN

-W sspiAdv1.authAnonymousRes: Resource name used for anonymous access by Oracle Access Manager Security Provider in the policy to authenticate users in Weblogic. /Authen/Anonymous

Authen/Anonymous

-W sspiAdv1.authUID: LoginId--parameter used in credential_mapping plugin of authentication. userid

userid

-W sspiAdv1.authPass: Password parameter used in validate password of authentication scheme. Password

Password

-W sspiAdv1.authnActionType: Action Type (action is configured to get the loginId from ObSSOCookie). WL_REALM

WL_REALM

-W sspiAdv1.authnActionName: Action Name (action is configured to get the loginId from ObSSOCookie). uid

uid

-W sspiAdv1.obDummyUser: Dummy username used by form login for doing SSO when there is no webgate on proxy HTTP server. Obdummyuser

Obdummyuser

-W sspiAdv2.webAppResourceTypes: Weblogic resource types used for Web applications (comma separated) <url>,<web>

url>,<web>

-W sspiAdv2.roleResType: Resource type used by Oracle Access Manager Security Provider in the policy to get roles for a user.

wl_authen

-W sspiAdv2.roleRes: Resource name used by Oracle Access Manager Security Provider in the policy to get roles for a user.

/Authen/Roles

-W sspiAdv2.roleResOp: Resource operation used by Oracle Access Manager Security Provider in the policy to get roles for a user.

LOGIN

-W sspiAdv2.rolesCacheTTL: TTL(time to live) of elements in roles cache.

60

-W sspiAdv2.rolesCacheCleanupSchedule: Time to delete expired elements of cache (in seconds).

60

-W sspiAdv2.roleActionType: Action Type in authorization rule to get roles.

WL_REALM

-W sspiAdv3.notProtecedAction: Default access to resources not protected by Oracle Access Manager.

allow;deny;abstain

-W sspiAdv3.abstainMapsTo: Map the authorization result ABSTAIN to (allow,deny).

allow;deny

-W sspiAdv3.debug: Set debugging (This should be set to Off for production systems).

1 - On

2 - Off

-W securityModeBean.securityModeChoices: The security mode for BEA SSPI. A value of "open" means no security is used, a value of "simple" means

encryption is used, and a value of "cert" means you are running your own CA.

"open",

"simple", "cert"

-W openModeBean.serverID: Access Server ID. Use the value you supplied at the Access System Console before installation. Use only if

securityModeBean.securityModeChoices = "open".

Example: "AccessServer1".

"server ID"

-W openModeBean.hostName: Host name where Access Server is installed. Use only if securityModeBean.securityModeChoices = "open".

"ip_address"

or "hostname"

-W openModeBean.accessGateID: Access Gate ID. Use only if

securityModeBean.securityModeChoices = "open".

Example: "WeblogicRealm1".

"value"

-W openModeBean.portNumber: Port number of the Access Server. Use only if securityModeBean.securityModeChoices = "open".

"port_number"

#-W openModeBean.password: Password for Access Gate, if one is set. Use only if securityModeBean.securityModeChoices = "open".

"password"

-W simpleModeBean.serverID: Access Server ID. Use the value you supplied at the Access System Console before installation. Use only if

securityModeBean.securityModeChoices = "simple".

"server ID"

-W simpleModeBean.hostName: Host name where Access Server is installed. Use only if securityModeBean.securityModeChoices = "simple".

"ip address"

or "hostname"

-W simpleModeBean.accessGateID: Access Gate ID. This value has to match the one you specified at the Access System Console. Use only if

securityModeBean.securityModeChoices = "simple".

"value"

-W simpleModeBean.portNumber --Port number of the Access Server. Use only if securityModeBean.securityModeChoices = "simple".

"port number"

#-W simpleModeBean.password: Password for Access Gate, if one is set. Use only if securityModeBean.securityModeChoices = "simple".

"password"

#-W simpleModeBean.passphrase: Pass phrase for the Access Gate to communicate with the Access Server. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

#-W simpleModeBean.passphraseVerify: Pass phrase for the Access Gate to

communicate with the Access Server. This parameter verifies that the pass phrase matches that of securityModeBean.passphrase. Use only if securityModeBean.securityModeChoices = "simple".

"passphrase"

-W certModeBean.serverID: Access Server ID. Use the value you supplied at the Access System Console before installation. This value has to match the one you specified at the Access System Console. Use only if securityModeBean.securityModeChoices = "cert".

"value"

-W certModeBean.hostname: Host name where Access Server is installed. Use only if securityModeBean.securityModeChoices = "cert".

"ip address" or "hostname"

-W certModeBean.accessGateID: Access Gate ID. This value has to match the one you specified at the Access System Console. Use only if

securityModeBean.securityModeChoices = "cert".

"value"

-W certModeBean.portNumber: Port number of the Access Server. Use only if

securityModeBean.securityModeChoices = "cert".

"port number"

-W certModeBean.password: Password for Access Gate, if one is set. Use only if securityModeBean.securityModeChoices = "cert". "password"

"port number"

-W certModeBean.passphrase: Pass phrase allowing the Access Gate to communicate with the Access Server. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W certModeBean.passphraseVerify: Pass phrase allowing the Access Gate to communicate with the Access Server. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W installOrRequestCertBean.installOrRequest: Determines whether to install or request a certificate to be used to configure the Access System. Used if your security mode is set to "cert". If you already have a certificate, choose "install". If you want Oracle Access Manager to request and request a certificate, choose "request".

"install", "request"

-W certReqInfoBean.countryName: Country name. This is usually a two-letter country code that is valid for use in DNs. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"country code"

-W certReqInfoBean.stateOrProvinceName: State or province name. This is usually a two-letter state or province code that is valid for use in a DN. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"state or province code"

-W certReqInfoBean.localityName: Locality name. This is usually the name of a geographic region. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"locality name"

-W certReqInfoBean.organizationName: Organization name. This is usually the name of an organization. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization name"

-W certReqInfoBean.organizationalUnitName: Organization unit name. This is usually the name of a department. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization unit name"

-W certReqInfoBean.commonName: Common name. This is usually the name of a person or an entity. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"name"

-W certReqInfoBean.emailAddress: Email address. This is usually a valid email address. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"email address"

-W readyToInstallCertBean.readyToInstallField: If you requested that Oracle Access Manager request a certificate, this verifies that the certificate is ready for installation. This is only used if installOrRequestCertBean.installOrRequest = "request". Oracle recommends that you do not use "Yes" for silent mode. You probably cannot take the request generated by Oracle Access Manager and receive the certificates faster than the Oracle Access Manager installation can run from one step in the installation to the next.

"Yes" or "No"

-W copyCertificatesInputBean.certFile: The absolute path including the file name for the certificate file (for example: aaa_cert.pem). Use if:

installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and

readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.keyFile: The absolute path including the file name for the key file (for example: aaa_key.pem). Use if:

installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and

readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.chainFile: The absolute path including the file name to the chain file (for example: aaa_chain.pem). Use if:

installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and

readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"


15.4.8 WAS Registry Parameters

Table 15-8 provides silent installation parameters for the WAS registry.

Table 15-8 Silent Installation Parameters for WAS Registry

WAS Registry Parameter—Description Possible Values

-P was_registry.installLocation: The installation directory. The default directory is "C:\Program Files\COREid" on windows and "/opt/coreid" on UNIX.

"installation directory"

-W verifyUserBean.verifyUserBeanField: Determines whether the user installing the product is the same one that the product should be running as. If the value is No, the installation exists.

"Yes" or "No"

-W wasConfig.WPHostName: Hostname of Webpass

"host name"

-W wasConfig.WPPortNumber: Port Number of webpass

"port number"

-W wasConfig.WPIsProtected: Is webpass protected by webgate.

"true" or "false"

-W wasWebPassConfig.cookieDomain: Cookie domain set for WebGate, for example "company.com"

"domain name"

-W wasWebPassConfig.cookiePath: Cookie path set for WebGate, for example, "/"

"path"

-W wasDSConfig.WPSSL: Determines whether the Oracle Access Manager connector for websphere requires WebPass to connect to it in SSL mode (transmitting data using https).

"true" or "false"

-W wasDSConfig.UserAttr: User attribute.

"uid"

-W wasDSConfig.UserSearchAttr: User search attribute.

"cn"

-W wasDSConfig.GroupSearchAttr: Group search attribute

"cn"

-W wasWSClassesDir.classesDir: Full Path of the WebSphere classes directory.

"path"

-W configPortalInput.isPortalTobeUsed: Oracle Access Manager Websphere connector requires certain files to be copied to WebSphere Application directory for websphere portal server integration. This parameter asks if portal server needs to be integrated.

"true" or "false"

-W wasInfoBean.wasInstallDir: If -W configPortalInput.isPortalTobeUsed = "true" then enter WebSphere Application directory path.

$Websphere_install_dir/AppServer

-W securityModeBean.securityModeChoices: AccessGate mode configuration. A value of "open" means no security is required, a value of "simple" means encryption is used, and a value of "cert" means you are running your own CA.

"open", "simple" or "cert'

-W openModeBean.serverID: Access server ID. Use value you specified at the Access System Console before installation. Use only if securityModeBean.securityModeChoices = "open ".

"server id"

-W openModeBean.hostname: Computer name where Access Server is installed. Use only if securityModeBean.securityModeChoices = "open ".

"ip_addr" or "host_name"

-W openModeBean.accessGateID: AccessGate ID. Use only if securityModeBean.securityModeChoices = "open "

"AccessGate ID"

-W openModeBean.portNumber: Port number of the access server.

"port number"

#-W openModeBean.password: Password for AccessGate if one is set. Use only if securityModeBean.securityModeChoices = "open".

"password"

-W simpleModeBean.serverID: Access Server ID. Use value you specified at the Access System Console before installation. Use only if securityModeBean.securityModeChoices = "simple "

"Access Server ID"

-W simpleModeBean.hostname: Host name where access server is installed. Use only if securityModeBean.securityModeChoices = "simple "

"ip_addr" or "host_name"

-W simpleModeBean.accessGateID: AccessGate ID. Use only if securityModeBean.securityModeChoices = "simple "

"AccessGate ID"

-W simpleModeBean.portNumber: Port number of the access server. Use only if securityModeBean.securityModeChoices = "simple "

"port number"

#-W simpleModeBean.password: Password for access gate. Use only if securityModeBean.securityModeChoices = "simple "

"password"

#-W simpleModeBean.passphrase: Pass phrase for the access gate to communicate with the Access Server. Use only if securityModeBean.securityModeChoices = "simple "

"passphrase"

#-W simpleModeBean.passphraseVerify: Pass phrase for the access gate to communicate with the access server. This parameter verifies that the pass phrase matches the simpleModeBean.passphrase. Use only if securityModeBean.securityModeChoices = "simple "

"passphrase"

-W certModeBean.serverID: Access Server ID. Use the value you supplied at the Access System Console before installation. This value has to match the one you specified at the Access System Console. Use only if securityModeBean.securityModeChoices = "cert".

"server id"

-W certModeBean.hostname: Host name where Access Server is installed. Use only if securityModeBean.securityModeChoices = "cert".

"ip address" "ip addr" or "host name"

-W certModeBean.accessGateID: AccessGate ID. This value has to match the one you specified at the Access System Console. Use only if securityModeBean.securityModeChoices = "cert".

"AccessGate ID"

-W certModeBean.portNumber: Port number of the Access Server. Use only if securityModeBean.securityModeChoices = "cert".

"port number"

#-W certModeBean.password: Password for Access Gate, if one is set. Use only if securityModeBean.securityModeChoices = "cert".

"password"

#-W certModeBean.passphrase: Pass phrase allowing the AccessGate to communicate with the Access Server. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

#-W certModeBean.passphraseVerify: Pass phrase allowing the Access Gate to communicate with the Access Server. This parameter verifies that the pass phrase matches that of certModeBean.passphrase. Use only if securityModeBean.securityModeChoices = "cert".

"passphrase"

-W installOrRequestCertBean.installOrRequest: Determines whether to install or request a certificate to be used to configure the Access System. Used if your security mode is set to "cert". If you already have a certificate, choose "install". If you want Oracle Access Manager to request and request a certificate, choose "request".

"install", "request"

-W certReqInfoBean.countryName: Country name. This is usually a two-letter country code that is valid for use in DNs. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"country code"

-W certReqInfoBean.stateOrProvinceName: State or province name. This is usually a two-letter state or province code that is valid for use in a DN. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"state or province code"

-W certReqInfoBean.localityName: Locality name. This is usually the name of a geographic region. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"locality name"

-W certReqInfoBean.organizationName: Organization name. This is usually the name of an organization. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization name"

-W certReqInfoBean.organizationalUnitName: Organization unit name. This is usually the name of a department. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"organization unit name"

-W certReqInfoBean.commonName: Common name. This is usually the name of a person or an entity. It is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"name"

-W certReqInfoBean.emailAddress: Email address. This is usually a valid email address. This is part of the information used to request a certificate. Use only if installOrRequestCertBean.installOrRequest = "request".

"email address"

-W readyToInstallCertBean.readyToInstallField: If you requested that Oracle Access Manager request a certificate, this verifies that the certificate is ready for installation. This is only used if installOrRequestCertBean.installOrRequest = "request". Oracle recommends that you do not use "Yes" for silent mode. You probably cannot take the request generated by Oracle Access Manager and receive the certificates faster than the Oracle Access Manager installation can run from one step in the installation to the next.

"Yes" or "No"

-W copyCertificatesInputBean.certFile: The absolute path including the file name for the certificate file (for example: aaa_cert.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.keyFile: The absolute path including the file name for the key file (for example: aaa_key.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W copyCertificatesInputBean.chainFile: The absolute path including the file name to the chain file (for example: aaa_chain.pem). Use if: installOrRequestCertBean.installOrRequest = "install" or if installOrRequestCertBean.installOrRequest = "request" and readyToInstallCertBean.readyToInstallField = "Yes".

"absolute path including the file name"

-W localePanel.defaultLang: Required when extra languages are to be installed with the main installation.

"en-us"

-W localePanel.installLanguages: Required when extra languages are to be installed with the main installation.

"en-us;fr-fr"


15.5 Uninstalling a Component Installed With Silent Mode

The method to uninstall a component that was installed using silent mode depends upon your platform.

On Windows: Run:

component_install_dir\oblix\_uninstcomponent\uninstaller.exe -silent

On Solaris: Run:

component_install_dir/oblix/_uninstcomponent/uninstaller.bin -silent

where component_install_dir refers to the installation directory where the component is installed (in your path name \identity refers to the Identity System and \access refers to the Access System).

To remove components installed using GUI or Console method, see Chapter 22, "Removing Oracle Access Manager".

15.6 Cloning and Synchronizing Installed Components

Rather than using the command line or the installation GUI to install a component, you can automatically install a component by cloning the configuration of an already-installed component.

Cloning: Creates a mirrored copy of a component. That is, cloning creates a copy of a component on a local or remote system using an already-installed component as a template. Once a Identity Server or Access Server is cloned, you can:

On Windows and UNIX, in the directory oblix/tools/np_sync, you can use the command np_sync to clone a component. The np_sync tool is described in .

Synchronizing: Allows you to harmonize two installations of the same Oracle Access Manager component when one is more up-to-date than the other. Synchronization can be used to upgrade or repair installations on similar platforms. To synchronize two components, use the -sync or -sync-all command-line options for the np_sync tool.

Note:

For the Web server plug-ins WebPass, Policy Manager, and WebGate, the Web server configuration files are not updated using np_sync. This must be done either automatically during installation or manually afterward, as discussed earlier.

15.6.1 An Example of Using np_sync

Once a component has been installed and configured, a command such as:

np_sync -clone test2.oblix.com /export/home1/np7test2

clones the current computer to the system test2.oblix.com in the directory /export/home1/np7test2.

15.6.1.1 Syntax and Options for np_sync

The basic syntax for np_sync is as follows:

./np_sync -mode [-opts] host destination_dir

where mode is one of the following, sync, sync-all, or clone. For example:

-sync: The -sync command only updates files that are computer independent. These are customization (text) files. This command can be used to upgrade or repair installations on similar platforms. For example, if you have an AIX system and a Solaris system, you should be able to synchronize them.

-sync-all: The -sync-all command includes binaries, shared libraries, executable files, and so on as well as customization (text) files. This command can be used to upgrade or repair installations on similar platforms.

-clone: The -clone option copies the entire installation. This option also requires using the -p port and -n servername options described later.

where -opts is any combination from the following:

-u username: UNIX only. When you issue the np_sync command to connect to a remote system as a user other than the one you are logged in as, use the -u username option. This does not change the credentials that you use, but rather changes the user who executes the receiving end of the remote-copy command.

-rsync: UNIX only. Use the rsync command (rdist is used by default, see .

-ssh: UNIX only. Use ssh, the secure shell that uses an encrypted connection, to transfer data when using rsync. When using the rsync command, you may use ssh instead of the standard UNIX remote shell connection (rsh or remsh).

-path rsyncpath: UNIX only. Look for rsync in rsyncpath on the remote system (when using rsync).

-d: Debug mode: do not copy, just indicate what will be updated.

-l sorter: Use sorter as the source directory. By default, the current Oracle Access Manager installation area (where this program is located) is used as the source.

-n servername: For cloning an Identity or Access Server, you must specify a new Oracle Access Manager server name. Use servername for the new server.

-p portnumber: For cloning a Identity or Access Server, you need to specify a port. Use portnumber for the new server port.

Windows Only

-F: Windows only. This option forces an installation (ignore sanity checks). You may use the -F flag to force an installation to take place, even if some normal checks fail. This can be useful for re-executing a cloning operation that failed midway.

-f: Windows only. The -f flag forces a copy, ignoring the file modification times on the remote system, and updates all relevant files.

-r: Windows only. This option reboots the remote host after installation, if necessary. Use this option with cloning if system libraries need to be updated.

See also, .

15.6.1.2 UNIX-Specific Notes

On UNIX, remote copy permissions must be enabled using .rhosts.

The exact list of files to be copied for the -clone, -sync-all, and -sync command options is defined in the np_sync script. You may need to tune these files for special cases.

By default, UNIX uses the rdist command to update the remote system. Solaris assumes that rdist exists in /usr/ucb/ on the remote system, so it may not work on a different platform.

The rdist command is not usually shipped on Linux. You can use the rsync program on Linux. The rsync program is not usually shipped with Solaris, HP-UX, or AIX.

On UNIX, the remote system must grant permission for remote access, typically by using the .rhosts file of the remote system.The format of this file is any number of lines of the form host username, where host refers to the system that the copy is coming from, and username specifies the user who is permitted to issue the remote copy command.

15.6.1.3 Windows-Specific Notes

The Windows version of np_sync is an executable program (np_sync.exe).

The definitions for what files are transferred for the -clone, -sync, or -sync-all command options is defined in the patterns file in the np_sync subdirectory on Windows. You may need to tune the patterns files for special cases.

On Windows, the np_sync command automatically mounts the network drives necessary to complete cloning or synchronization. It unmounts the network drives when finished if the user does not interrupt the process.

When cloning on Windows, the np_sync tool also updates the system registry, updates any necessary system DLL files, and installs the appropriate entry in the system services. The np_sync command does not start or stop system services. Use the program NPServMgr.exe, in the directory oblix/tools/NPServMgr/ (on Windows only) to start, stop, add, or remove any Oracle Access Manager servers in the Windows system services.

Updating the registry and system services requires the local Windows user to have system administrator privileges on the remote system. To achieve this, use a network administrator login or assign administration privileges to the same user name and password on the remote system.

Note:

If the system drive is on a partition other than C: the "-S" or "-R" flag needs to be used.

The np_sync command uses the default system directory C:\WINNT\system32. However, on Windows XP and Windows Server 2003 the system directory is C:\Windows\system32. When the local system or remote system operating system version is after Windows 2000, you need to use the following in the np_sync command:

"-S" flag for local system directory

"-R" flag for remote system directory

15.7 Uninstalling a Cloned Component

The following sections describe how to uninstall a cloned component on UNIX and on Windows:

Note:

To remove components installed using GUI or Console method, see Chapter 22, "Removing Oracle Access Manager".

15.7.1 Uninstalling a Cloned Component on UNIX

The procedure to uninstall on UNIX systems follows.

To uninstall on UNIX

  1. If the component is WebPass, Policy Manager, or WebGate, delete the Oracle Access Manager-specific entries in their Web server's obj.conf file.

  2. If the component runs a process (Identity Server, Access Server), stop the process.

  3. Delete the component's directory.

15.7.2 Uninstalling a Cloned Component on Windows

You cannot uninstall a cloned component using InstallShield. On Windows, uninstallation requires removing registry entries. Installed services must be removed using a utility provided by Oracle.

15.7.2.1 Uninstalling Oracle Access Manager System

Two procedures follow.

To uninstall Identity and Access Server

  1. Uninstall the Identity or AAA service using NPServMgr.exe located in the component_install_dir\access\oblix\tools directory. Usage information is displayed by running NPServMgr.exe without any arguments.

  2. Delete the registry entries associated with the component.

  3. Delete the Identity or Access Server installation directory.

To uninstall WebPass, WebGate, and Policy Manager

  1. Remove the Oracle Access Manager modifications from the Web server's obj.conf (NSAPI), or the Oracle Access Manager .dll's and virtual directories (ISAPI).

  2. Stop the Web server instance that is hosting the component.

  3. Delete the registry entries.

  4. Delete the installation directory.