Sun Identity Manager 8.1 Installation

Configuring a WebSphere Data Source for Identity Manager

Use the following information to configure a WebSphere Data Source for Identity Manager.

This section includes:

Servlet 2.3 Data Sources

As of the Identity Manager 6.0 release, the deployment descriptor in the WEB-INF/web.xml file refers to Servlet 2.3. Because of this, the Identity Manager web application can no longer be used with a WebSphere application server version 4 data source.

Note –

Due to interoperability issues between WebSphere data sources and Oracle JDBC drivers, Oracle customers who want to use a WebSphere data source with Identity Manager must use Oracle 10g R2 and the corresponding JDBC driver. (The Oracle 9 JDBC driver will not work with a WebSphere data source and Identity Manager.) If you have a version of Oracle prior to 10g R2 and cannot upgrade Oracle to 10g R2, then configure the Identity Manager repository so that it connects to the Oracle database using Oracle’s JDBC Driver Manager (and not a WebSphere data source).

ProcedureTo Configure a WebSphere Data Source for Identity Manager

  1. Configure a JDBC provider.

  2. Configure a WebSphere JDBC Data Source.

  3. Point the repository to the data source.

    These steps are discussed next.

Configuring a JDBC Provider

ProcedureTo Configure a JDBC Provider

Before You Begin

Use WebSphere’s administration console to configure a new JDBC Provider.

  1. Click the Resources tab in the left pane to display a list of resource types.

  2. Click JDBC then JDBC Providers to display a table of configured JDBC providers.

  3. Click the New button above the table of configured JDBC providers.

  4. Select from the list of JDBC database types, provider types, and implementation types. Optionally modify the Name and Description fields.

    Oracle, Oracle JDBC Drive, and Connection pool Data Source will be used for this example.

    Click Next.

  5. Enter database classpath information. The contents of the Enter database class path information page may vary, depending on what you selected in the previous step.

    • Specify the path to the JAR that contains the JDBC driver. For example, to specify the Oracle thin driver, specify a path similar to the following:


      Click Next.

    • Complete any other fields as required. The selected database, provider, and implementation types determine which fields are displayed. Click Next when you have completed the dialog.

    • A summary page is displayed. When you are finished reviewing your selections, click the Finish button at the bottom of the table. Click the Save link to keep your definition. The right pane should display the provider you added.

      To configure a data source that uses this JDBC provider, see Point the Identity Manager Repository to the Data Source.

Configuring a WebSphere JDBC Data Source

Use WebSphere’s Administrative Console to define a data source with an existing JDBC Provider.

Before you can finish configuring the data source, you must configure authentication data. These aliases contain credentials that are used to connect to the DBMS.

ProcedureTo Configure the Authentication Data

  1. Click Security > Secure administration, applications, and infrastructure.

  2. Under Authentication, click Java Authentiation and Authorization Service configuration > J2C authentication data. The JAAS - J2C authentication data panel is displayed.

  3. Click New.

  4. Enter a unique alias, a valid user ID, a valid password, and a short description (optional). The user ID must be valid on the target database.

  5. Click OK or Apply. No validation for the user ID and password is required.

  6. Click Save.

    Note –

    The newly created entry is visible without restarting the application server process to use in the data source definition. But the entry is only in effect after the server is restarted.

ProcedureTo Configure the Data Source

  1. Click Resources > JDBC Providers > Your_JDBC_Provider_Name > Data Sources tab in the left pane to display the Data sources page. The right pane displays a table of data sources configured for use with this JDBC provider. Click the New button above the table of data sources.

  2. Use the wizard provided to configure the general properties for the new data source. Note the following on the Enter basic data source information page:

    • The JNDI Name is the path to the DataSource object in the directory service. You must specify this same value as the -f argument in setRepo -tdbms -iinitCtxFac -ffilepath.

    • Select the Component-managed Authentication Alias that you created in Configuring a JDBC Provider. These are the credentials that will be used to access the DBMS (to which this DataSource points).

      Click Next when you have configured this panel. The Create New JDBC provider page is displayed.

  3. Configure the database-specific properties for this data source as needed. Refer to the online help for information about the available properties.

    Make sure Use this data source in container-managed persistence (CMP) is unchecked. Identity Manager does not use Enterprise Java Beans (EJBs). Click Next to go to the summary page.

  4. Click Finish to save your data source.

Configure the Data Source in a WebSphere Cluster

When configuring the data source in clustered WebSphere environments, configure it at the cell level. This allows the data source to be accessed from all nodes in the cell.

To configure this use the -D $propertiesFilePath option where $propertiesFilePath contains:



-u iiop://localhost:jndi_port/

ProcedureTo Determine the JNDI Port to Specify

Examine the WebSphere configuration to determine the JNDI port to specify.

  1. In the WebSphere administration console, navigate to Servers > Application Servers > Your_Server > Ports.

  2. Look at the BOOTSTRAP_ADDRESS property. Use the specified port in the java.naming.provider.url property.

    Note –

    The java.naming.provider.url uses localhost as the hostname. WebSphere replicates a JNDI server on each node in the cluster so that each application server has its own JNDI server to query. Specify localhost for the host so that each application server in the cluster is used as the JNDI server that Identity Manager queries when the DataSource is being located.

Point the Identity Manager Repository to the Data Source

ProcedureTo Point the repository to a Newly Created Data Source

  1. Set the WSHOME environment variable to point to your Identity Manager installation; for example:

    export WSHOME=$WAS_HOME/installedApps/idm.ear/idm.war

    where $WAS_HOME is the WebSphere home directory, such as /usr/WebSphere/AppServer

  2. Make sure that the JAVA_HOME environment variable is set correctly; for example:

    export JAVA_HOME=$WAS_HOME/java

  3. Make sure that the Java executable is in your path; for example:

    export PATH=$JAVA_HOME/bin;$PATH

  4. Make sure the classpath is pointing to the WebSphere properties directory. For example

    export CLASSPATH=$WAS_HOME/properties

  5. Change to the $WSHOME/bin directory.

  6. (For SQLServer only): Install JTA support:

    1. Copy the sqljdbc.dll file located in the SQLServer JTA directory to the SQL_SERVER_ROOT/binn directory of the SQLServer database server.

      Note –

      The default location of the SQLServer JTA directory is C:\Program Files\Microsoft SQL Server 2000 Driver for JDBC\SQLServer JTA. The default location of SQL_SERVER_ROOT/binn is C:\Program Files\Microsoft SQL Server\MSSQL\Binn.

    2. From the database server, use the ISQL or OSQL utility to run the instjdbc.sql script, which is also found in the SQLServer JTA directory. The following examples illustrate the use of these utilities:

      isql -Usa -p sa-password -S server-name -i location \instjdbc.sqlosql -E -i location \instjdbc.sql

  7. Archive a copy of the existing ServerRepository.xml file, in case you need to revert. By default, this file is located in $WSHOME/WEB-INF (UNIX), or %WSHOME%\WEB-INF (Windows).

  8. Point the repository to the new location. For example:

    lh -Djava.ext.dirs="$JAVA_HOME/jre/lib:$JAVA_HOME/jre/lib/ext:
       $WASHOME/lib:$WASHOME/:$WASHOME/runtimes" setRepo
     -toracle -fDataSourcePath -n -o

    In the above example the DataSourcePath might be jdbc/jndiname. The -Djava.ext.dirs option adds all of the JAR files in WebSphere’s lib/ and java/jre/lib/ext/ directories to the CLASSPATH. This is necessary in order for the setRepo command to run normally.

    Change the -f location flag to match the value you specified for the JNDI Name field when configuring the data source. See Appendix F, setRepo Reference for more information about this command.

  9. In the RepositoryConfiguration configuration object, set the connectionPoolDisable attribute to true.

    <RepositoryConfiguration connectionPoolDisable=’true’>

    This setting prevents WebSphere from sending extraneous warnings to the SystemOut.log file. For more information, see

  10. Restart WebSphere to pick up changes. (This also restarts the system.)

Specifying Additional JNDI Properties to the setRepo Command

The setRepo command provides an option that allows you to specify an arbitrary set of properties. The -D $propertiesFilePath option allows you to specify any number of settings, including vendor-specific properties not specified by JNDI, by including them in a properties file that you create.

For example, to specify a different JNDI port number, include a line like the following in your properties file: