Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun[TM] Identity Manager 8.0 Installation Guide 

Appendix B  
Configuring Data Sources for Identity Manager

This appendix provides procedures for creating data sources for Identity Manager in the following sections:

Configuring a WebSphere Data Source for Identity Manager

Use the following information to configure a WebSphere Data Source for Identity Manager. this section includes:

Servlet 2.3 Data Sources

As of the Identity Manager 6.0 Release, the deployment descriptor in the WEB-INF/web.xml file refers to Servlet 2.3. Because of this, the Identity Manager web application can no longer be used with a WebSphere Application Server Version 4 Data Source.

Note

Due to interoperability issues between WebSphere data sources and Oracle JDBC drivers, Oracle customers who want to use a WebSphere data source with Identity Manager must use Oracle 10g R2 and the corresponding JDBC driver. (The Oracle 9 JDBC driver will not work with a WebSphere data source and Identity Manager.) If you have a version of Oracle prior to 10g R2 and cannot upgrade Oracle to 10g R2, then configure the Identity Manager repository so that it connects to the Oracle database using Oracle's JDBC Driver Manager (and not a WebSphere data source).

Use the following steps to configure a WebSphere data source for Identity Manager:

  1. Configure a JDBC provider.
  2. Configure a WebSphere JDBC Data Source.
  3. Point the repository to the data source.

These steps are discussed in detail below.

Configuring a JDBC Provider

Use WebSphere's administration console to configure a new JDBC Provider.

  1. Click the Resources tab in the left pane to display a list of resource types.
  2. Click JDBC then JDBC Providers to display a table of configured JDBC providers.
  3. Click the New button above the table of configured JDBC providers.
  4. Select from the list of JDBC database types, provider types, and implementation types. Optionally modify the Name and Description fields.

    5. Oracle, Oracle JDBC Drive, and Connection pool Data Source will be used for this example.

    Click Next.

  5. Enter database classpath information. The contents of the Enter database class path information page may vary, depending on what you selected in the previous step.
    • Specify the path to the JAR that contains the JDBC driver. For example, to specify the Oracle thin driver, specify a path similar to the following:

      /usr/WebSphere/AppServer/installedApps/idm/idm.ear/idm.war/WEB-INF/lib/oraclejdbc.jar

      Click Next.

    • Complete any other fields as required. The selected database, provider, and implementation types determine which fields are displayed. Click Next when you have completed the dialog.
    • A summary page is displayed. When you are finished reviewing your selections, click the Finish button at the bottom of the table. Click the Save link to keep your definition. The right pane should display the provider you added.

To configure a data source that uses this JDBC provider, see Point the Identity Manager Repository to the Data Source.

Configuring a WebSphere JDBC Data Source

Use WebSphere's Administrative Console to define a data source with an existing JDBC Provider.

Configure the Authentication Data

Before you can finish configuring the data source, you must configure authentication data. These aliases contain credentials that are used to connect to the DBMS.

  1. Click Security > Secure administration, applications, and infrastructure.
  2. Under Authentication, click Java Authentiation and Authorization Service configuration > J2C authentication data. The JAAS - J2C authentication data panel is displayed.
  3. Click New.
  4. Enter a unique alias, a valid user ID, a valid password, and a short description (optional). The user ID must be valid on the target database.
  5. Click OK or Apply. No validation for the user ID and password is required.
  6. Click Save.

    7. Note

    The newly created entry is visible without restarting the application server process to use in the data source definition. But the entry is only in effect after the server is restarted.

Configure the Data Source

  1. Click Resources > JDBC Providers > Your_JDBC_Provider_Name > Data Sources tab in the left pane to display the Data sources page. The right pane displays a table of data sources configured for use with this JDBC provider. Click the New button above the table of data sources.
  2. Use the wizard provided to configure the general properties for the new data source. Note the following on the Enter basic data source information page:
    • The JNDI Name is the path to the DataSource object in the directory service. You must specify this same value as the -f argument in
      setRepo -tdbms -iinitCtxFac -ffilepath.
    • Select the Component-managed Authentication Alias that you created in Configuring a JDBC Provider. These are the credentials that will be used to access the DBMS (to which this DataSource points).

      • Click Next when you have configured this panel. The Create New JDBC provider page is displayed.

  3. Configure the database-specific properties for this data source as needed. Refer to the online help for information about the available properties.

    4. Make sure Use this data source in container-managed persistence (CMP) is unchecked. Identity Manager does not use Enterprise Java Beans (EJBs). Click Next to goto the summary page.

  4. Click Finish to save your data source.

Configure the Data Source in a Websphere Cluster

When configuring the data source in clustered WebSphere environments, configure it at the cell level. This allows the data source to be accessed from all nodes in the cell.

To configure this use the -D $propertiesFilePath option where $propertiesFilePath contains:

java.naming.provider.url=iiop://localhost:jndi_port/

or:

-u iiop://localhost:jndi_port/

To determine the JNDI port to specify, examine the WebSphere configuration.

  1. In the WebSphere administration console, navigate to Servers > Application Servers > Your_Server > Ports.
  2. Look at the BOOTSTRAP_ADDRESS property. Use the specified port in the java.naming.provider.url property.

    3. Note

    The java.naming.provider.url uses localhost as the hostname. WebSphere replicates a JNDI server on each node in the cluster so that each application server has its own JNDI server to query. Specify localhost for the host so that each application server in the cluster is used as the JNDI server that Identity Manager queries when the DataSource is being located.

Point the Identity Manager Repository to the Data Source

Use the following steps to point the repository to the newly created data source.

  1. Set the WSHOME environment variable to point to your Identity Manager installation; for example:

    2. export WSHOME=$WAS_HOME/installedApps/idm.ear/idm.war

    where $WAS_HOME is the WebSphere home directory, such as /usr/WebSphere/AppServer

  2. Make sure that the JAVA_HOME environment variable is set correctly; for example:

    3. export JAVA_HOME=$WAS_HOME/java

  3. Make sure that the Java executable is in your path; for example:

    4. export PATH=$JAVA_HOME/bin;$PATH

  4. Make sure the classpath is pointing to the WebSphere properties directory. For example

    5. export CLASSPATH=$WAS_HOME/properties

  5. Change to the $WSHOME/bin directory.
  6. (For SQLServer only): Install JTA support:
    1. Copy the sqljdbc.dll file located in the SQLServer JTA directory to the SQL_SERVER_ROOT/binn directory of the SQLServer database server.

      2. Note

      The default location of the SQLServer JTA directory is C:\Program Files\Microsoft SQL Server 2000 Driver for JDBC\SQLServer JTA. The default location of SQL_SERVER_ROOT/binn is C:\Program Files\Microsoft SQL Server\MSSQL\Binn.

    2. From the database server, use the ISQL or OSQL utility to run the instjdbc.sql script, which is also found in the SQLServer JTA directory. The following examples illustrate the use of these utilities:

      3. isql -Usa -psa_password -Sserver_name
      -i      location\instjdbc.sql

      osql -E -i      location\instjdbc.sql

  7. Archive a copy of the existing ServerRepository.xml file, in case you need to revert. By default, this file is located in $WSHOME/WEB-INF.
  8. Point the repository to the new location. For example:

    9. lh -Djava.ext.dirs="$JAVA_HOME/jre/lib:$JAVA_HOME/jre/lib/ext: $WASHOME/lib:$WASHOME/:$WASHOME/runtimes" setRepo
    -Uusername
    -Ppassword
    -toracle -icom.ibm.websphere.naming.WsnInitialContextFactory -fDataSourcePath -n -o

    In the above example the DataSourcePath might be jdbc/jndiname. The -Djava.ext.dirs option adds all of the JAR files all of the JAR files in WebSphere's lib/ and java/jre/lib/ext/ directories to the CLASSPATH. This is necessary in order for the setRepo command to run normally.

    Change the -f option to match the value you specified for the JNDI Name field when configuring the data source. See setRepo Reference for more information about this command.

  9. In the RepositoryConfiguration configuration object, set the connectionPoolDisable attribute to true.

    10. <RepositoryConfiguration connectionPoolDisable='true'>

    This setting prevents WebSphere from sending extraneous warnings to the SystemOut.log file. For more information, see http://www-1.ibm.com/support/docview.wss?uid=swg21121449

  10. Restart WebSphere to pick up changes. (This also restarts the system.)

Specifying Additional JNDI Properties to the setRepo Command

The setRepo command provides an option that allows you to specify an arbitrary set of properties. The -D $propertiesFilePath option allows you to specify any number of settings, including vendor-specific properties not specified by JNDI, by including them in a properties file that you create.

For example, to specify a different JNDI port number, include a line like the following in your properties file:

java.naming.provider.url=iiop://localhost:2909

Configuring a WebLogic Data Source for Identity Manager

Use the following procedure to update the repository configuration in Identity Manager to point to a WebLogic Data Source. This section includes:

Create a WebLogic Data Source

This example procedure describes configuration steps to use an Oracle database driver. Specific entries you make will differ, depending on your database type.

Note

These steps assume that you have:

  • Identity Manager installation running on WebLogic, Version 8.1
  • A current working repository

Create a Connection Pool

  1. Log in to the WebLogic Administrator Web console (by default, http://localhost:7001/console/).
  2. Expand the Services folder for the domain located in the navigation (left) pane.
  3. Expand the JDBC folder.
  4. Expand the Connection Pools folder.
  5. In the right pane (JDBC Connection Pools), click Configure a new JDBC Connection Pool.
  6. For Database Type select Oracle. You can use any of the applicable types. Note that drivers must be installed in order to use them.
  7. Select an applicable drive in the Database Driver selection box. In this example, select Oracle’s Driver (Thin).
  8. Click Continue.
  9. Configure the JDBC driver as follows:

    10. Value

    Action

    Name

    Choose a unique name that identifies your connection pool. For example: myOraConnPool.

    Database Name

    Select the name of the oracle database that you wish to connect to. In this example myOraDB.

    Host Name

    Specify the host name of Oracle DB server.

    Port

    Specify the port (default is 1521) for the database server.

    Database User Name

    Specify the database account users name used in the connection.

    Password

    Specify the password for the account user.

  10. Click Continue.
  11. Test the database connection on this page or click Skip this step. You may need to add additional properties depending on your installation. See the administrator’s guide for your target database.

    12. Note

    The following Connection Pool Settings are dependent on the driver that you select. The following options are for the Oracle driver and may not be applicable if you choose another kind of driver.

    The JDBC drivers must be installed for this to succeed. Follow the instructions provided with your target driver.

  12. Click Create and deploy.
  13. Configure connection settings for this connection pool:

    14. Example Connection Settings:

    Initial Capacity:20

    Maximum Capacity:100

    Capacity Increment: 10

    Statement Cache Type: LRU

    Statement Cache Size: 20

Create a JDBC Data Source

  1. Expand the Services folder for the domain located in the navigation (left) pane.
  2. Expand the JDBC folder.
  3. Expand the Data Source folder.
  4. In the right pane (JDBC Data Sources), click Configure a new JDBC Data Source.
  5. Configure the JDBC Data Source as follows:

    6. Value

    Action

    Name

    Choose a unique name for this data source. This name is used as a reference throughout the Weblogic Console. For example, MyOraDataSource.

    JNDI Name

    Specify the JNDI name. This can be the same as the Data Source name. For example MyOraDataSource.

    Honor Global Transactions  

    Select this check box (selected by default) if you wish to enable global transactions using this data source (see weblogic online help for more information concerning this option). In this example we keep the default.

    Emulate Two-Phase Commit for non-XA Driver

    See the WebLogic documentation for further information.

  6. Click Continue.
  7. Select the connection pool from part A. This allows an application to get a connection from the underlying connection pool.
  8. Click Continue.
  9. Select the servers on which you want deploy the new data source.
  10. Click Create.

    11. Note

    The configuration steps are saved in your WebLogic config.xml file for a given domain. Changes to the XML file appear as:

    <JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver"
    Name="myOraConnPool" Password="{3DES}7Ne5r7/NaLfLyXYQGBHoYg=="
    Properties="user=myuser" Targets="myserver"
    TestTableName="SQL SELECT 1 FROM DUAL" URL="jdbc:oracle:thin:@my.hostname:1521:mydatabasename"/>
    <JDBCTxDataSource JNDIName="MyOraDataSource"
    Name="MyOraDataSource" PoolName="MyOraConnPool" Targets="myserver"/>

Point the Identity Manager Repository to the Data Source

  1. Set the WSHOME environment variable to point to your Identity Manager installation; for example:

    2. set WSHOME=C:\bea\user_projects\domains\mydomain\applications\idm

  2. Make sure that the JAVA_HOME environment variable is set correctly; for example:

    3. set JAVA_HOME=C:\j2sdk1.5

  3. Make sure that your chosen database drivers are installed for you Weblogic Server. See the Weblogic documentation for further information. In this example, the Oracle drivers and classes12.jar are installed in following directory:

    4. WebLogicHome\server\lib

    1. On Windows, set the class path to include these files:

      2. set CLASSPATH=%CLASSPATH%;WeblogicHome\server\lib\<MyDBLibrary>

    2. For Oracle, set the class path to include these files:

      3. set CLASSPATH=%CLASSPATH%;c:\bea\weblogic81\server\lib\classes12.zip

  4. Include weblogic.jar in your CLASSPATH. On Windows, enter:

    5. set CLASSPATH=%CLASSPATH%;WeblogicHome\server\lib\weblogic.jar

    For example:

    set CLASSPATH=%CLASSPATH%;c:\bea\weblogic81\server\lib\weblogic.jar

  5. Change to the %WSHOME directory.
  6. Remove the j2ee.jar file from WEB-INF\lib\ after making a backup.
  7. Change directory to the %WSHOME\bin directory
  8. Point the repository to the new location. For example:

    9. lh setRepo -v -tOracle -iweblogic.jndi.WLInitialContextFactory -fDatasourceName -u"t3:Server:Port" -U"Username" -P"Password"

    For example:

    lh setRepo -v -tOracle -iweblogic.jndi.WLInitialContextFactory -fMyOraDataSource -u"t3://localhost:7001/" -U"weblogic" -P"weblogic"

    Note

    Change the -f option to match the value you selected for the JNDI Name field.

  9. If there are no reported errors, restart WebLogic to pick up the changes. (This also restarts the Identity Manager system.)

Configuring a Sun Application Server Data Source for Identity Manager

Refer to the documentation for the Sun Application Server for information about creating and configuring a data source.

Note

In this procedure, the environment variable WSHOME (or the equivalent Java system property waveset.home) must contain the path to the location where the Identity Manager web application is deployed.

Use the following steps to point the repository to an Application Server data source.

  1. Remove the j2ee.jar file from the $WSHOME/WEB-INF/lib directory. This file causes conflicts with the j2ee.jar that ships with Application Server.
  2. If you are not using default host name and port, then you must add the following flags to your JAVA_OPTS:

    3. -Dorg.omg.CORBA.ORBInitialHost=Hostname -Dorg.omg.CORBA.ORBInitialPort=Port

    The default values for Hostname and Port are localhost and 3700, respectively.

  3. Set your CLASSPATH to include the following Application Server JAR files (in order):

    4. SAS_INSTALL_DIR/lib/appserv-admin.jar

    SAS_INSTALL_DIR/lib/appserv-rt.jar

    SAS_IMQ_DIR/lib/imq.jar

    SAS_INSTALL_DIR/lib/j2ee.jar

  4. Set your CLASSPATH to include the JAR file or files required for your JDBC connection. For example:

    5. DataDirect JDBC Driver for Oracle

    • SAS_INSTALL_DIR/lib/jdbcdrivers/smoracle.jar
    • SAS_INSTALL_DIR/lib/jdbcdrivers/smbase.jar
    • SAS_INSTALL_DIR/lib/jdbcdrivers/smutil.jar

      • MySQL

    • MYSQL_DIR/lib/mysql-connector-java-3.0.9-stable-bin.jar
  5. Change directories to $WSHOME/WEB-INF.
  6. If you are using any driver other than Data Direct JDBC Driver for Oracle that ships with Sun Application Server, connect to the data source with the following command:

    7. lh setRepo -v -tType -iInitContextFactory -fDataSourcePath -uiiop://hostname:port

    For example:

    lh setRepo -v -tOracle -icom.sun.enterprise.naming.SerialInitContextFactory -fjdbc/idm
    -uiiop://localhost:3700

    Note

    If you enter this command when using the Data Direct JDBC Driver for Oracle, the operation will fail with following exception:

    java.sql.SQLException: [sunm][Oracle JDBC Driver]This driver is locked for use with embedded applications.

  7. The Data Direct JDBC Driver for Oracle that ships with Sun Application Server is “locked” so that it works only with embedded applications. That is, the driver works only within the web container. As a result, to use the lh command, you must create a separate connection.
    1. Archive the existing $WSHOME/WEB-INF/ServerRepository.xml file.
    2. Use the following command to force the connection and create a new ServerRepository.xml file:

      3. lh setRepo -tOracle -icom.sun.enterprise.naming.SerialInitContextFactory -fjdbc/IdMgr -uiiop://Hostname:Port -n -o ServerRepository.xml

Configuring a JBoss Data Source for Identity Manager

Refer to the documentation for the JBoss application server for detailed information about creating and configuring a data source.

Create the Data Source

  1. Copy the JDBC driver classes for your database type to the lib directory of your application server, such as JBossInstallDir\server\default\lib.
  2. Create a data source configuration file. These end in -ds.xml. Example files can be found in JBossInstallDir\docs\examples\jca. The file should configure a local transaction data source.
  3. Copy the configuration file to the JBossInstallDir\server\default\deploy directory on your application server.

Point Identity Manager to the Data Source

  1. Make sure that the WSHOME and JAVA_HOME environment variables are set correctly.
  2. Connect to the data source with the following command:
  3. Point the repository to the data source. For example:

    4. lh setRepo -v -tType -iInitContextFactory -fDataSourcePath

    For example:

    lh setRepo -v -tOracle -iorg.jnp.interfaces.NamingContextFactory -fjava:DatasourceName

  4. Start the JBoss server.

Configuring an Oracle Application Server Data Source for Identity Manager

Data source configuration can be performed entirely in the Oracle Enterprise Manager 10g Application Server Control Console. The online help in the Application Server Control Console provides useful information on data source settings.

Use the following procedure to update the repository configuration in Identity Manager to point to an Oracle Application Server Data Source. This section includes:

Create an Oracle Application Server Data Source

This example procedure describes configuration steps to use an Oracle database driver. Specific entries you make will differ, depending on your database type.

Create a Connection Pool

  1. Log in to the Oracle 10g Application Server Control console (by default, http://localhost:Port/em).
  2. On the Cluster Topology page select View By Application Servers
  3. Click the OC4J home link, then on the OC4J:home page click the Administration link.
  4. Click the Go to Task icon for Services -> JDBC Resources (Create/delete/view data sources and connection pools).
  5. Under Connection Pools, click the Create button
    1. Select idm from Application drop-down list
    2. Select the New Connection Pool radio button, then click Continue.
    3. On the Create Connection Pool page, configure the new connection pool as follows:

      4. Value

      Action

      Name

      Choose a unique name that identifies your connection pool. For example, IdmOraConnPool.

      Connection Factory Class

      Use default value of oracle.jdbc.pool.OracleDataSource.

      JDBC URL

      Specify jdbc:oracle:thin:@//hostname:1521/orcl (or fill in the Connection Information to have a URL generated for you)

      Hostname

      Specify the host name of Oracle DB server.

      Port

      Specify the port (default is 1521) for the database server.

      Username

      Specify the database account users name used in the connection.

      Password

      Specify the cleartext password for the account user.

    4. Click the Test Connection button to ensure connectivity.
    5. You may need to add additional properties on the Attributes and Properties pages depending on your installation. See the administrator's guide for your target database.
  6. Click the Finish button.

Create a JDBC Data Source

  1. On the JDBC Resources page, under Data Sources, click the Create button:
  2. Select idm from Application drop-down list
  3. Select the Managed Data Source radio button
  4. Click the Continue button
  5. On the Create Data Source - Managed Data Source page, configure the JDBC Data Source as follows:

    6. Value

    Action

    Name

    Choose a unique name for this data source. For example, IdmOraDataSource

    JNDI Name

    Specify the JNDI name. For example, jdbc/idmpool

    Transaction Level

    Use the default value of Global & Local Transactions.

    Connection Pool

    The name of the Connection Pool just created (IdmOraConnPool) should be displayed already       for more information concerning this option). In this example we keep the default.

    Login Timeout

    Set as desired for your installation.

    It is not necessary to enter Username and Cleartext Password information in the Credentials section unless you need to override the information already provided in the connection pool configuration.

  6. Click the Finish button.

    7. Note

    The connection information is saved in your Oracle Application Server's data-sources.xml file located in the $J2EE/home/application-deployments/idm directory.

Point the Identity Manager Repository to the Data Source

  1. Set the WSHOME environment variable to point to your Identity Manager installation; for example:

    2. set WSHOME=C:\product\10.1.3.1\OracleAS_1\j2ee\home\applications\idm

  2. Make sure that the JAVA_HOME environment variable is set correctly; for example:

    3. set JAVA_HOME=C:\product\10.1.3.1\OracleAS_1\jdk

  3. Make sure that your chosen database drivers are installed for your Oracle Application Server. Set the class path to include these files. See the Oracle Application Server documentation for further information.
  4. Include OLITE40.JAR in your CLASSPATH. On Windows, for example, enter:

    5. set CLASSPATH=%CLASSPATH%;C:\product\10.1.3.1\OracleAS_1\MOBILE\Sdk\bin\OLI TE40.JAR;

  5. Change to the %WSHOME% directory.
  6. Make a backup of WEB-INF\ServerRepository.xml file and move it out of the directory. This is your direct connection setup from the original install of Identity Manager.
  7. Change directory to the %WSHOME%\bin directory
  8. Point the repository to the new location using the Identity Manager lh command. For example:

    9. lh setRepo -v -tOracle -icom.evermind.server.ApplicationClientInitialContextFactory -fDatasourceName -n -o ServerRepository.xml

    Note

    Change the -f option to match the value you selected for the JNDI Name field.

  9. If there are no reported errors, restart your Oracle Application Server to pick up te changes. (This also restarts the Identity Manager system.)


Previous      Contents      Index      Next     

Part No: 820-2956-10.   Copyright 2008 Sun Microsystems, Inc. All rights reserved.