This chapter describes the scenarios in which an existing Oracle Identity Management domain can be extended to support new Oracle Identity Management products.
It includes the following topics:
When you extend an Oracle Identity Management domain, you are configuring new products in the existing domain to support new Oracle Identity Management products.
For example, you can extend an Oracle Identity Management 11.1.1.5.0 domain to support Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, or Oracle Identity Navigator. The existing Oracle Identity Management 11.1.1.5.0 domain may contain one or more of the various combinations of Oracle Identity Management products, such as Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Identity Federation, or Oracle Directory Integration Platform.
In addition, you can extend an Oracle Identity Management domain that contains any of the various combinations of Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator.
Note:
Note that the existing domain must have been created using the Oracle Identity Management 11g Release 1 (11.1.1) Installer and configured using the Oracle Identity Management 11g Configuration Wizard. You cannot extend an existing domain for Oracle Identity Management components if the domain was created by another program, such as the Oracle Fusion Middleware 11g Oracle SOA Suite Installer or the Oracle Fusion Middleware Configuration Wizard.Before you start installing and configuring Oracle Identity Management products in any of the scenarios discussed in this chapter, keep the following points in mind:
It is assumed that you are installing Oracle Internet Directory, Oracle Virtual Directory, Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator on the same machine.
Note:
In this chapter, two IDM_Home directories are mentioned in descriptions and procedures. For example, the first one, IDM_Home can be the IDM_Home directory for Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, and Oracle Identity Federation. The second one, IAM_Home can be the IDM_Home directory for Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, and Oracle Identity Navigator.However, note that IDM_Home and IAM_Home are used as examples in this document. You can specify any name for either of your IDM_Home directories. In addition, you can install the two Oracle Identity Management suites (one containing Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, and Oracle Identity Federation; another containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, and Oracle Identity Navigator) in any order on your machine.
If you choose to use the default names, the first installation creates an Oracle_IDM1 directory, and the second installation creates an Oracle_IDM2 directory.
If you have not installed Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, or Oracle Identity Federation on the same machine where you are installing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, and Oracle Identity Navigator, then you will see a single IDM_Home directory, such as Oracle_IDM1 (which is the default name), under your MW_HOME directory.
For more information, see Overview and Structure of Oracle Identity Management 11g Installation.
For Oracle Identity Manager users: You must use the Oracle Identity Manager Configuration Wizard to configure only Oracle Identity Manager Server, Oracle Identity Manager Design Console (on Windows only), and Oracle Identity Manager Remote Manager.
You must complete this additional configuration for Oracle Identity Manager components after configuring Oracle Identity Manager in a new or existing WebLogic administration domain. For more information, see the chapter Configuring Oracle Identity Manager.
If you are configuring Oracle Identity Manager Server, you must run the Oracle Identity Manager configuration wizard on the machine where the Administration Server is running. For configuring the Server, you can run the wizard only once during the initial setup of the Server. After the successful setup of Oracle Identity Manager Server, you cannot run the Oracle Identity Manager Configuration Wizard again to modify the configuration of Oracle Identity Manager Server. For such modifications, you must use Oracle Enterprise Manager Fusion Middleware Control.
If you are configuring only Design Console or Remote Manager, you can run the Oracle Identity Manager Configuration Wizard on the machine where Design Console or Remote Manager is being configured. Note that you can run the Oracle Identity Manager Configuration Wizard to configure Design Console or Remote Manager as and when you need to configure them on new machines.
Note that Oracle Identity Manager requires Oracle SOA Suite 11g (11.1.1.5.0), which should be exclusive to Oracle Identity Management. You must install Oracle SOA Suite before configuring Oracle Identity Manager. If you are setting up integration between Oracle Identity Manager and Oracle Access Manager, ensure that Oracle Identity Manager and Oracle SOA Suite are installed under the same Middleware Home directory and configured in the same WebLogic domain.
The following lists the scenarios in which you can extend an existing Oracle Identity Management domain to support new Oracle Identity Management products:
You can extend an existing Oracle Identity Management 11.1.1.5.0 domain (containing OID,OVD,ODSM,ODIP, and OIF) to support Oracle Identity and Access Management 11.1.1.5.0 products.
This scenario involves the following tasks:
Installing the latest version of Oracle SOA 11g Suite (for Oracle Identity Manager only), as described in Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only).
Installing the Oracle Identity Management Suite under your existing Middleware Home, as described in Installing Oracle Identity and Access Management (11.1.1.5.0).
Creating and loading the necessary schemas for the new components to be added, as described in Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).
Launching the Oracle Fusion Middleware Configuration Wizard <IAM_Home>/common/bin/config.sh script on UNIX (<IAM_Home>\common\bin\config.cmd on Windows).
Selecting the Extend an existing WebLogic domain option on the Welcome screen.
Selecting the existing Oracle Identity Management 11.1.1.5.0 domain on the Select a WebLogic Domain Directory screen.
Selecting the required domain templates on the Select Extension Source screen to support Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, or Oracle Identity Navigator.
Modifying JDBC component schemas, configuration of Managed Servers, Deployments and Services, and so on.
Starting the Administration Server on the local machine, as described in Starting or Stopping the Oracle Stack.
Starting Managed Servers, as described in Starting or Stopping the Oracle Stack.
Note:
When you extend an existing WebLogic domain to support Oracle Identity Manager, you should restart the Administration Server before launching the Oracle Identity Manager Configuration Wizard to configure Oracle Identity Manager Server.It is assumed that you have installed the latest versions of Oracle WebLogic Server and the Oracle Identity Management Suite. For Oracle Identity Manager, you should have installed the latest version of Oracle SOA 11g Suite. You should have created and loaded the necessary schemas by using Oracle Fusion Middleware Repository Creation Utility (RCU).
You should have configured a new domain to support any of the various combinations of Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), and Oracle Identity Navigator (OIN).
For example, you can configure Oracle Identity Manager in an existing Oracle Identity Management domain that contains Oracle Access Manager or Oracle Identity Navigator.
Several combinations are possible, based on your Oracle Identity Management environment and deployment.
This scenario involves the following tasks:
Creating and loading the necessary schemas for the new components to be added, as described in Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).
Launching the Oracle Fusion Middleware Configuration Wizard <IAM_Home>/common/bin/config.sh script on UNIX (<IAM_Home>\common\bin\config.cmd on Windows).
Selecting the Extend an existing WebLogic domain option on the Welcome screen.
Selecting the existing Oracle Identity Management domain (the domain that contains any of the various combinations of Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator) on the Select a WebLogic Domain Directory screen.
Selecting the required domain templates on the Select Extension Source screen to support Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, or Oracle Identity Navigator. The choice of domain templates in this step depends on the component you are trying to configure in the same domain.
Modifying JDBC component schemas, configuration of Managed Servers, Deployments and Services, and so on.
Starting the Administration Server on the local machine, as described in Starting or Stopping the Oracle Stack.
Starting Managed Servers, as described in Starting or Stopping the Oracle Stack.
Note:
When you extend an existing WebLogic domain to support Oracle Identity Manager, you should restart the Administration Server before launching the Oracle Identity Manager Configuration Wizard to configure Oracle Identity Manager Server.In some scenarios, you may want to install the Administration Server on one machine and component-specific Managed Servers on another machine. You must start the Administration Server on the machine where it is installed before you can create and run Managed Servers on the remote machine.
Before you can create and run Managed Servers on a remote machine, you must install Oracle WebLogic Server and Oracle Identity Management Suite on the remote machine. Then you must use the pack and unpack commands to create Managed Servers on the remote machine.
You must install Oracle WebLogic Server and Oracle Identity Management Suite on the remote machine.
On the remote machine, install Oracle WebLogic Server and create a Middleware Home directory, as described in Installing Oracle WebLogic Server and Creating the Oracle Middleware Home.
Note:
The structure of Middleware Home and IDM Home directories on the remote machine should be identical to that of the local machine.On the remote machine, install Oracle Identity Management Suite, as described in Installing Oracle Identity and Access Management (11.1.1.5.0).
After this installation, you can create and start Managed Servers on the remote machine, as described in the following topic.
To create and start a Managed Server on a remote machine, complete the following steps:
On the local machine where the domain is configured and the Administration Server is created, use the pack command located in the \common\bin directory under your IDM_Home directory to create a Managed Server template that contains a subset of the files in a domain that are required to create a Managed Server domain directory hierarchy on a remote machine.
The -managed={true} parameter of the pack command specifies whether the template is to be used to create Managed Servers on remote machines.
Ensure that the Administration Server is up and running on the local machine.
On the remote machine, use the unpack command located in the \common\bin directory under your IDM_Home directory to create the Managed Server domain directory on the remote machine.
Note:
For Oracle Identity Manager users only:If you want to start the SOA Server on a remote machine, then you must manually copy the composite files from the <DOMAIN_HOME>/soa/autodeploy directory on the local machine to the <DOMAIN_HOME>/soa/autodeploy directory on the remote machine after running the unpack command on the remote machine. If the <DOMAIN_HOME>/soa/autodeploy directory does not exist on the remote machine, you must create this directory before copying the composite files.
For more information, see the topic "Creating and Starting a Managed Server on a Remote Machine" in the guide Oracle Fusion Middleware Creating Templates and Domains Using the Pack and Unpack Commands. In addition, see the topic "Extending WebLogic Domains" in the guide Oracle Fusion Middleware Creating Domains Using the Configuration Wizard.