Part IV Starting, Configuring, and Registering Identity Manager

In this part of the installation guide you start Identity Manager, log on to the Administrator interface, perform some basic configuration tasks, and register your installation with Sun.

Chapters in this part include:

• Chapter 12, Starting Identity Manager

• Chapter 13, Registering Identity Manager with Sun

Chapter 12 Starting Identity Manager

Follow these steps to begin using Identity Manager or Identity Manager Service Provider.

Starting Identity Manager

To Start Identity Manager and Log in to the User Interface

1. Start your application server.

2. In a Web browser, enter the URL for your application server, including port, and append the URL for the Identity Manager Web application (typically, this is /idm).

   For example: http://appserver.example.com:8080/idm

   ---

   Note –

   If you are using Internet Information Server (IIS) as your Web server, you must add index.html to the list of Default Documents under Properties for the Identity Manager virtual directory. Otherwise, the application's main page will not resolve correctly when accessing the Identity Manager server.

   ---

3. Enter a user ID and password to log in. You can log in with one of the default account IDs and passwords:

   ID

   Configurator

   Password

   configurator

   or

   ID

   Administrator

   Password

   administrator

   ---

   Note –

   It is strongly recommended that you reset the default administrator account passwords after installation.

   ---

   ---

   Note –

   For security reasons, we additionally recommend that you access the applications through a secure web server using HTTPS. Read the chapter titled Identity Manager Security in the Sun Identity Manager 8.1 System Administrator’s Guide for additional security recommendations.

   ---

Enabling Language Support

The Identity Manager applications support multiple languages, including French, Spanish, German, Italian, Brazilian Portuguese, Japanese, Simplified Chinese, Traditional Chinese, Korean, and English. Use the following steps to install localized files on your application server.

To Install a Language Pack

1. In a browser, go to the Sun Download Center: http://www.sun.com/download.

   A registered account name and password is required to access the download center.

2. Click to download Identity Manager for All Supported Platforms, Multi-language. The language pack (L10N file) is available as a separate download.

3. Unpack the downloaded language pack to a temporary location.

4. Copy the JAR file from the temporary location to the $WSHOME/WEB-INF/lib directory (UNIX) or the %WSHOME%\WEB-INF\lib directory (Windows).

5. Restart the application server instance.

Setting the lh Environment

Some deployments require added environment variables and other settings to the shell environment (or command environment in Windows) for lh to function. For example, when using a WebSphere datasource for the repository, extra environment variables are required.

You may create an environment file that lh uses to load deployment-specific environment settings. This file must be named and placed in the following location:

UNIX

$WSHOME/bin/idm-env.sh

Windows

%WSHOME%\bin\idm-env.bat

An environment file is not provided. You can, however, use the following files as a starting point for your own environment file:

UNIX

sample/other/idm-env.sh-ws5

Windows

sample\other\idm-env.bat-ws5

Chapter 13 Registering Identity Manager with Sun

You are encouraged to register your installation of Identity Manager.

Registering Identity Manager

To register, you will need a Sun Online Account and password. If you do not have a Sun Online Account, you can register for one by completing the form at this address:

https://reg.sun.com/register

Identity Manager can be registered from the console or by using the Administrator interface.

Registering from the console allows you to also create a local service tag, which can be used with Sun Service Tag software to track your inventory of Sun systems, software, and services. The service tags client package should be installed before you create a local service tag. This package can be downloaded by clicking the Download Service Tags button at the following address:

http://inventory.sun.com/inventory

In order to register Identity Manager, you should be logged on with an administrator account that allows you to configure Identity Manager objects. This account should have the Product Registration capability. For information about capabilities, see Assigning Capabilities to Users in Sun Identity Manager 8.1 Business Administrator’s Guide.

---

Note –

Java on your Identity Manager application servers must be properly configured for SSL in order for the product registration feature to work. All JARs referenced in your java.security file (or equivalent) need to be present.

---

Registering Identity Manager from the Console

To Create a Local Service Tag or Register Identity Manager over the Internet with Sun

1. Go to the following directory:

   %WSHOME%\bin\lh (Windows)

   $WSHOME/bin/lh (UNIX)

2. To create a local service tag, use the following command:

   lh register -local

   To register Identity Manager over the Internet with Sun, use the following command:

   lh register -remote -u <userid> -p <password> -userSOA <soaUserid> -passSOA <soaPassword> -domain <domain> -proxy <proxyHost> -port <proxyPortNumber>

   where:

   • userid is the Identity Manager userID of the Identity Manager administrator who is authorized to do the registration

   • password is the Identity Manager password of the Identity Manager administrator who is authorized to do the registration

   • soaUserid is the user ID of the Sun Online Account that will be used for registration.

   • soaPassword is the password of the Sun Online Account that will be used for registration.

   • domain is the domain (or team) that the Sun Online Account user belongs to and wishes to use for the registration.

   • proxyHost is the network proxy to use for access to the Sun online registration service. Only required if your network is configured to use a proxy to reach external Internet addresses.

   • proxyPortNumber is the port on the network proxy to use for access to the Sun online registration service. Only required if your network is configured to use a proxy to reach external Internet addresses

The register Command

Usage

register -local
register -remote [-u <userid> [-p <password>]] [-prompt] -userSOA <userid> -passSOA <password>
-domain <domain>  [-proxy <proxyHost> [-port <proxyPortNumber>]] register [-help | -?]

Options

Use these options with the register command:

Table 13–1 Syslog Command Options

Option	Description
-local	Create a service tag on this host.
-remote	Register this installation of Identity Manager over the network directly with Sun.
-u <userid>	The Identity Manager user ID of the Identity Manager administrator who is authorized to do the registration.
-p <password>	The Identity Manager password of the Identity Manager administrator who is authorized to do the registration.
-prompt	Interactively prompt for the password if missing.
-userSOA <userid>	The user ID of the Sun Online Account that will be used for registration. Required if registering with the -remote option.
-passSOA <password>	The password of the Sun Online Account that will be used for registration. Required if registering with the -remote option.
-domain <domain>	The domain (or team) that the Sun Online Account user belongs to and wishes to use for the registration. Required if the user belongs to multiple domains.
-proxy <proxyHost>	The network proxy to use for access to the Sun online registration service. Required if registering with the -remote option and your network is configured to use a proxy to reach external Internet addresses.
-port <proxyPortNumber>	The port on the network proxy to use for access to the Sun online registration service. Required if registering with the -remote option and your network is configured to use a proxy to reach external Internet addresses.
-help | -?	Print help for this command to the console.

Registering Identity Manager from the Administrator Interface

If you do not need to create a local service tag, register Identity Manager from the Administrator interface.

To Register Identity Manager from the Administrator Interface

1. In the Administrator interface, click Configure.

2. In the secondary menu, click Product Registration.

   The Product Registration page opens.

3. Complete the form and click Register Now. Click the i-Helps for information about individual form fields.

   ---

   Note –

   If your application server is not configured to allow outgoing SSL connections, you may receive the following error message:

   Failed to register on Sun Connection server due to invalid Sun Online Account user/password.

   To resolve this issue, add the appropriate trusted root certificates to your application server’s keystore. Consult your application server’s documentation for details.

   ---

   ---

   Note –

   If old versions of xml-apis.jar and xercesImpl.jar are present in your application server’s classpath, you may receive the following error message:

   java.lang.NoSuchMethodError:org.w3c.dom.Node.getTextContent()Ljava/lang/String;

   To resolve this problem, modify the classpath so that only the most recent versions of xml-apis.jar and xercesImpl.jar are present.

   ---