16 Validating Deployment

The Deployment process includes several validation checks to ensure that everything is working correctly. This chapter describes additional checks that you can perform for additional sanity checking.

This chapter contains the following sections:

• Section 16.1, "Validating the Administration Server"

• Section 16.2, "Validating the Access Manager Configuration"

• Section 16.3, "Validating Oracle Identity Manager"

• Section 16.4, "Validating SOA Instance from the WebTier"

• Section 16.5, "Validating Oracle Unified Directory"

• Section 16.6, "Validating WebGate and the Access Manager Single Sign-On Setup"

16.1 Validating the Administration Server

Validate the WebLogic Administration Server as follows.

16.1.1 Verify Connectivity

Verify that you can access the WebLogic Administration Console by accessing the following URLs and logging in as the user weblogic_idm:

http://IADADMIN.mycompany.com/console

http://IGDADMIN.mycompany.com/console

Verify that all managed servers are showing a status of Running.

Verify that you can access Oracle Enterprise Manager Fusion Middleware Control by accessing the URLs and logging in as the user weblogic_idm:

http://IADADMIN.mycompany.com/em

http://IGDADMIN.mycompany.com/em

16.1.2 Validating Failover

Test failover of the Access Administration server to OAMHOST2, and then fall back to OAMHOST1 as described in Section 20.8, "Manually Failing Over the WebLogic Administration Server."

Test failover of the Identity Governance Administration server to OIMHOST2, and then fall back to OIMHOST1 as described in Section 20.8, "Manually Failing Over the WebLogic Administration Server."

16.2 Validating the Access Manager Configuration

To Validate that this has completed correctly.

1. Access the Access Management Console at: http://IADADMIN.mycompany.com/oamconsole

2. Log in as the oamadmin user or the user identified by the entry in Section 13.9, "Set User Names and Passwords."

3. Click the System Configuration tab

4. Click SSO Agents in the Access Manager section.

5. Click Search.

6. You should see the WebGate agents Webgate_IDM, Webgate_IDM_11g, IAMSuiteAgent, and accessgate-oic.

16.3 Validating Oracle Identity Manager

Validate the Oracle Identity Manager Server Instance by bringing up the Oracle Identity Self Service in a Web browser at the following URL:

https://SSO.mycompany.com:443/identity

https://igdadmin.mycomapany.com/identity

Log in using the xelsysadm username and password.

16.4 Validating SOA Instance from the WebTier

Validate SOA by accessing the URL:

http://IDMINTERNAL.mycompany.com:7777/soa-infra

and logging in using the xelsysadm username and password.

Note:

You may need to add soa-infra as an excluded resource in OAM.

16.5 Validating Oracle Unified Directory

After configuration, you can validate that Oracle Unified Directory is working by performing a simple search. To do this issue the following commands:

OUD_ORACLE_INSTANCE/OUD/bin/ldapsearch -h LDAPHOST1.mycompany.com -p 1389 -D cn=oudadmin -b "" -s base "(objectclass=*)" supportedControl 

OUD_ORACLE_INSTANCE/OUD/bin/ldapsearch -h LDAPHOST2.mycompany.com -p 1389 -D cn=oudadmin -b "" -s base "(objectclass=*)" supportedControl 

OUD_ORACLE_INSTANCE/OUD/bin/ldapsearch -h IDSTORE.mycompany.com -p 389 -D cn=oudadmin -b "" -s base "(objectclass=*)" supportedControl 

If Oracle Unified Directory is working correctly, you will see a list supportedControl entries returned.

To check that Oracle Unified Directory replication is enabled, issue the command:

OUD_ORACLE_INSTANCE/OUD/bin/status

If you are asked how you wish to trust the server certificate, valid options are:

• Automatically trust

• Use a truststore

• Manually validate

Select your choice.

You are then prompted for the Administrator bind DN (cn=oudadmin) and its password.

Next, you see output similar to the following example. Replication will be set to enable.

--- Server Status ---
Server Run Status: Started
Open Connections: 2
 
--- Server Details ---
Host Name: ldaphost1
Administrative Users: cn=oudadmin
Installation Path: /u01/oracle/products/dir/oud
Instance Path: /u02/private/oracle/config/instances/oud1/OUD
Version: Oracle Unified Directory 11.1.2.2.0
Java Version: 1.6.0_29
Administration Connector: Port 4444 (LDAPS)
 
--- Connection Handlers ---
Address:Port : Protocol : State
-------------:-------------:---------
-- : LDIF : Disabled
8989 : Replication : Enabled
0.0.0.0:161 : SNMP : Disabled
0.0.0.0:1389 : LDAP : Enabled
0.0.0.0:1636 : LDAPS : Enabled
0.0.0.0:1689 : JMX : Disabled
 
--- Data Sources ---
Base DN: dc=mycompany,dc=com
Backend ID: userRoot
Entries: 1
Replication: Enabled
Missing Changes: 0
Age Of Oldest Missing Change: <not available>

16.6 Validating WebGate and the Access Manager Single Sign-On Setup

To validate that WebGate is functioning correctly, open a web browser and go the Access Management Console at: http://IADADMIN.mycompany.com/oamconsole

You now see the Access Manager Login page displayed. Enter your Access Manager administrator user name (for example, oamadmin) and password and click Login. The Access Management console appears.

To validate the single sign-on setup, open a web browser and go the WebLogic Administration Console at http://IADADMIN.mycompany.com/console and to Oracle Enterprise Manager Fusion Middleware Control at: http://IADADMIN.mycompany.com/em

Single Sign-On login page displays. Provide the credentials for the weblogic_idm user to log in.

16.7 Validating the Deployment

The following is a series of tests which you can perform to gain extra confidence in the deployment.

Testing SSO

Login to the Oracle Identity Self Service using the URL as the user xelsysadm:

https://sso.mycompany.com/identity as xelsysadmn

Now try logging into the OIM System Administration console using the following URL:

http://igdadmin.mycompany.com/sysadmin

You should not be prompted to enter xelsysadm credentials again as you have already logged into the Oracle Identity Self Service in the previous step.

Creating a New User in OUD to be Used by OAM

To create a new user in OUD:

1. Log in to the Oracle Identity Self Service as xelsysadmin using the following URL:

   http://sso.mycompany.com:443/identity
   

2. Click on Users under Administration

3. Select Create from the Actions menu

4. Complete the information about the user on the displayed form and click Submit.

5. Click Sign Out.

6. Log in to the Oracle Identity Self Service as the newly created user using the following URL:

   http://sso.mycompany.com:443/identity
   

   You are to set challenge questions at the first login. This indicates that the user was added to OUD and that you can log into OIM using OAM.

Testing the SOA workflow for approvals

To test the SOA workflow for approvals:

1. Access a protected resource, such as:

   http://igdadmin.mycompany.com/sysadmin
   

2. Click Register New Account.

3. Complete information about the new account and click Register

4. Click Return, then make a note of the request number.

5. Log in to the Oracle Identity Self Service as the user xelsysadm.

6. Click Inbox.

7. You request appears in the list of Pending approvals.

8. Click on the request and select Approve from the Actions menu.

9. Log out of the Oracle Identity Self Service.

10. Log back in as the newly created user.