|Oracle® Access Manager Installation Guide
Part Number E12493-01
This section describes new features of the Oracle Access Manager release 10.1.4. This includes details for 10g (10.1.4.0.1), 10g (10.1.4.2.0), and 10g (10.1.4.3).
The following sections are included:
Note:For a comprehensive list of all new features and functions in Oracle Access Manager 10.1.4, and a description of where each is documented, see the chapter on what's new in the Oracle Access Manager Introduction.
The original product name, Oblix NetPoint, has changed to Oracle Access Manager. Most component names remain the same. However, there are several important changes that you should know about, as shown in the following table:
|Product Name||Oblix NetPoint
|Oracle Access Manager|
|Product Name||Oblix SHAREid
NetPoint SAML Services
|Oracle Identity Federation|
|Product Name||OctetString Virtual Directory Engine (VDE)||Oracle Virtual Directory|
|Product Name||BEA WebLogic Application Server
BEA WebLogic Portal Server
|Oracle WebLogic Server
Oracle WebLogic Portal
|Product Release||Oracle COREid 7.0.4||Also available as part of Oracle Application Server 10g Release 2 (10.1.2).|
|Directory Name||COREid Data Anywhere||Data Anywhere|
|Component Name||COREid Server||Identity Server|
|Component Name||Access Manager||Policy Manager|
|Console Name||COREid System Console||Identity System Console|
|Identity System Transport Security Protocol||NetPoint Identity Protocol||Oracle Identity Protocol|
|Access System Transport Protocol||NetPoint Access Protocol||Oracle Access Protocol|
|Directory Tree||Oblix tree||Configuration tree|
|Data||Oblix data||Configuration data|
|Software Developer Kit||Access Server SDK
|Access Manager SDK|
|API||Access Server API
|Access Manager API|
|API||Access Management API
Access Manager API
|Policy Manager API|
|Default Policy Domains||NetPoint Identity Domain
COREid Identity Domain
|Default Policy Domains||NetPoint Access Manager
COREid Access Manager
|Default Authentication Schemes||NetPoint None Authentication
COREid None Authentication
|Default Authentication Schemes||NetPoint Basic Over LDAP
COREid Basic Over LDAP
|Oracle Access and Identity Basic Over LDAP|
|Default Authentication Schemes||NetPoint Basic Over LDAP for AD Forest
COREid Basic Over LDAP for AD Forest
|Oracle Access and Identity for AD Forest Basic Over LDAP|
|Access System Service||AM Service State
Policy Manager API Support Mode
|Access Management Service
Note: Policy Manager API Support Mode and Access Management Service are used interchangeably.
All legacy references in the product or documentation should be understood to connote the new names.
Included in this release are new enhancements and bug fixes for 10g (10.1.4.3) in addition to all fixes and enhancements from 10g (10.1.4.2.0) bundle patches through BP07. The following topics describe 10g (10.1.4.3) enhancements described in this book:
See Also:Oracle Access Manager Introduction for a list of all new features and functions
New information is provided on Oracle Access Manager 10g (10.1.4.3) packages, as follows:
Installation Packages: 10g (10.1.4.3) component installers that you can use for a fresh installation only are delivered on media and Oracle Technology Network. However, you cannot use 10g (10.1.4.3) installers to upgrade an earlier Oracle Access Manager installation.
Patch Set Packages: A new topic has been added for patch sets. 10g (10.1.4.3) patch set packages will be provided on My Oracle Support (formerly MetaLink).
Bundle Patches: A new topic has been added to explain bundle patches and their use.
Newly Certified Agents: A new topic has been added to explain newly certified agents and how to get these.
As in earlier releases, Oracle Access Manager 10g (10.1.4.3) provides an SDK for Windows that supports .NET Framework 1.1 and Microsoft Visual Studio 2002. The installer is available on Oracle Technology Network.
Additionally, a new SDK for Windows is available for AccessGate development. This new SDK provides .NET 2 support and uses Microsoft Development Environment (MSDE) 2005, including NET Framework 2 and MSDE Visual Studio 2005.
See Also:"Obtaining the Latest Installers"
Oracle Access Manager 10g (10.1.4.3) provides new Language Pack installers. 10g (10.1.4.3) Language Packs are required in any 10g (10.1.4.3) deployment, whether it is a fresh installation or an upgraded and patched deployment.
Messages added for minor releases (10g (10.1.4.2.0) and 10g (10.1.4.3) as a result of new functionality might not be translated and can appear in only English.
Earlier releases of Oracle Access Manager for Linux used the LinuxThreads library only. Using LinuxThreads required that you set the environment variable LD_ASSUME_KERNEL, which is used by the dynamic linker to decide what implementation of libraries is used. When you set LD_ASSUME_KERNEL to 2.4.19 the libraries in /lib/i686 are used dynamically.
RedHat Linux v5 and later releases support only Native POSIX Thread Library (NPTL), not LinuxThreads. To accommodate this change, Oracle Access Manager 10g (10.1.4.3) is compliant with NPTL specifications. However, LinuxThreads is used by default for all except Oracle Access Manager Web components for Oracle HTTP Server 11g.
Note:On Linux, Oracle Access Manager Web components for OHS 11g use only NPTL; you cannot use the LinuxThreads library. In this case, do not set the environment variable LD_ASSUME_KERNEL to 2.4.19.
Linux details in Chapter 2, "Preparing for Installation"
Tuning for Oracle Internet Directory has been expanded for various Oracle Internet Directory releases.
See Also:"Tuning for Oracle Internet Directory"
Oracle Internet Directory schema for the orclrole objectclass does not follow RFC 2256. As a result, when Oracle Access Manager is configured with Oracle Internet Directory, this schema discrepancy in Oracle Internet Directory causes issues in the objectclass configuration of Oracle Access Manager.
Also, Oracle Internet Directory LDAP tools have been modified to disable the less secure options -w password and -P password when the environment variable LDAP_PASSWORD_PROMPTONLY is set to TRUE or 1.
See Also:"Oracle Internet Directory Schema"
inetOrgPerson and groupOfUniqueNames for user and group object classes are required when Oracle Access Manager is configured for Oracle Virtual Directory.
The LDIF that is created using obmigrateDN is stored in a different path.
Oracle continually certifies Oracle Access Manager support with various third-party platforms, Web server releases, directory server releases, and applications. For the latest support details, see the certification matrix that is available at:
See Also:"Confirming Certification Requirements"
Certain Oracle Access Manager Web server-specific packages will not be available with the initial release of 10g (10.1.4.3).
See Also:"Web Server-Specific Packages"
SELinux is delivered with Oracle Enterprise Linux. SELinux modifications provide a variety of security policies through the use of Linux Security Modules (LSM) within the Linux kernel. SELinux requires performing additional steps after installing Oracle Access Manager Web components and before starting the associated Web server. This applies to all supported Linux versions that have SELinux.
See Also:Topics on SELinux in Chapter 2, "Preparing for Installation" and Appendix E, "Troubleshooting Installation Issues"
When setting the searchbase to "dc=nc" during browser-based Identity System setup with Novell eDirectory, you must define the CONTAINMENT object under which the "o=Oblix" (oblixconfig) objectclass can exist.
See Also:"Novell eDirectory Issues"
The Sun One Directory Server v5.1 and v5.2 hang when there are more than 60 open SSL connections. You can apply patches to the directory server to eliminate the problem.
See Also:"Sun One Directory Server v5 SSL Issues"
Installing an Identity Server with Sun Java Directory Server 6.0 could result in an error when you are defining directory details.
An error occurs when you attempt to load the iPlanet5_oblix_index_add.ldif to a Sun One directory server version 6.3 because the structure of the node changed with v6.3.
General product and naming changes have been made throughout this book, as described in "Product and Component Name Changes".
Platform support details have been removed from this book and are now located on Oracle Technology Network (OTN), as described in "Confirming Certification Requirements".
Other updates and changes to specific chapters include the following:
Chapter 1, "About the Installation Task, Options, and Methods" has been streamlined and includes a section about the packages that you can use for installation.
Chapter 2, "Preparing for Installation" includes new component installation considerations. Installation considerations that formerly resided in individual component installation chapters were consolidated in this preparation chapter to eliminate redundancy and group related details together. Multi-language environment details have moved to a separate chapter.
Chapter 3, "About Multi-Language Environments" contains new information about preparing for installation in multi-language environments as well as updated details about installing Oracle-provided Language Packs.
Chapter 10, "Setting Up Oracle Access Manager with Oracle Virtual Directory" following the acquisition of OctetString by Oracle, this chapter moved from the Oracle Access Manager Integration Guide and includes minor changes for clarification, new information to describe graphics, and an updated table for the DN Conversion tool.
Chapter 13, "About Installing Audit-to-Database Components" provides an introduction to this feature. Complete details are in the Oracle Access Manager Identity and Common Administration Guide.
Chapter 14, "About the Software Developer Kit" has been added to provide a brief introduction to the independent installation of the Software Developer Kit (SDK). Complete details are provided in the Oracle Access Manager Developer Guide.
Chapter 15, "Replicating Components" has been updated to include new syntax and commands.
Chapter 16, "Configuring Apache v1.3-based Web Servers for Oracle Access Manager" has been updated to include details about OHS and new information about WebGate performance.
Chapter 17, "Configuring Web Components for Apache v2-based Web Servers" has been updated to include information about OHS and new information about Apache-based Web servers.
Chapter 21, "Important Notes" has been added to provide details that were previously included in a file called importantnotes.txt.
Chapter 22, "Removing Oracle Access Manager" is a new chapter that provides details about uninstalling components, including Language Packs, as well as removing schema objects and Web server configuration details
Appendix B, "Installing Oracle Access Manager with ADAM" has been updated to reflect the requirement for a manual schema update.
Appendix E, "Troubleshooting Installation Issues" is continuously updated with new information in a single appendix.
The features covered in this manual include:
WebGate support for Microsoft ISA Server is described in Chapter 20.
This manual focuses on installing Oracle Access Manager and includes information needed to install on computers with non-English (AMERICAN) operating systems and as well as details about installing Oracle-provided Language Packs
See Also:Chapter 3, "About Multi-Language Environments"
Prerequisites in installation chapters for each component
Oracle HTTP Server support is provided for WebPass, Access Manager, and WebGate components
Oracle Internet Directory Support is included.