6 Installing and Configuring Oracle Identity Management (11.1.1.6.0)

This chapter includes the following topics:

Important Notes Before You Begin
Installing Oracle Identity Management Using "Install and Configure" Option
Configuring Oracle Identity Management for "Install Software - Do Not Configure" Option

6.1 Important Notes Before You Begin

Before you start installing and configuring Oracle Identity Management products, keep the following points in mind:

This chapter provides information for installing and configuring Oracle Identity Management (11.1.1.6.0) for new users. If you are an existing Oracle Identity Management 11g user, refer to "Applying the Latest Oracle Fusion Middleware Patch Set" in the Oracle Fusion Middleware Patching Guide.

For complete information about patching your Oracle Fusion Middleware 11g to the latest release, refer to the Oracle Fusion Middleware Patching Guide.
The Select Installation Type screen in the Installer presents two options: Install and Configure and Install Software - Do Not Configure. For more information about these options, see Installation Types: "Install Software - Do Not Configure" vs. "Install and Configure".

6.2 Installing Oracle Identity Management Using "Install and Configure" Option

Follow the instructions in this section to install and configure the latest Oracle Identity Management software.

Installing and configuring the latest version of Oracle Identity Management 11g components involves the following steps:

Obtaining the Oracle Fusion Middleware Software
Installing Oracle Database
Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU)
Required Installation Privileges for Oracle WebLogic Server and Oracle Identity Management on Windows Operating Systems
Installing Oracle WebLogic Server 11g Release 1 (10.3.6) and Creating the Middleware Home
Creating the Inventory Directory (UNIX Only)
Starting an Installation
Installing and Configuring Oracle Identity Management 11g Release 1 (11.1.1.6.0) Software

6.2.1 Obtaining the Oracle Fusion Middleware Software

For installing Oracle Identity Management, you must obtain the following software:

Oracle WebLogic Server 11g Release 1 (10.3.6)
Oracle Database
Oracle Repository Creation Utility
Oracle Identity Management Suite

For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe available at:

https://download.oracle.com/docs/cd/E23104_01/download_readme.htm

Note:

Oracle Identity Management 11g Release 1 (11.1.1.6.0) installer is platform specific.

To install Oracle Identity Management 11g Release 1 (11.1.1.6.0) on a 32-bit operating system, you must use the 32-bit installer and to install Oracle Identity Management 11g Release 1 (11.1.1.6.0) on a 64-bit operating system, you must use the 64-bit installer.

6.2.2 Installing Oracle Database

You must install an Oracle Database before you can install some Oracle Identity Management components, such as:

Oracle Internet Directory
Oracle Identity Federation, if you want to use an RDBMS data store

For the latest information about supported databases, visit the following Web site:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

The database must be up and running to install the relevant Oracle Identity Management component. The database does not have to be on the same system where you are installing the Oracle Identity Management component.

The database must also be compatible with Oracle Fusion Middleware Repository Creation Utility (RCU), which is used to create the schemas that Oracle Identity Management components require. For information about RCU requirements, refer to the system requirements document at the following Web site:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-requirements-100147.html

Note:

Ensure that the following database parameters are set:

'aq_tm_processes' >= 1
'db_cache_size' >= '150994944'
'java_pool_size'>= '125829120'
'shared_pool_size' >= '183500800'
'open_cursors' >= '500'

If you are installing a new database, be sure to configure your database to use AL32UTF8 character set encoding. If your database does not use the AL32UTF8 character set, you will see the following warning when running RCU: "The database you are connecting is with non-AL32UTF8 character set. Oracle strongly recommends using AL32UTF8 as the database character set." You can ignore this warning and continue using RCU.

6.2.3 Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU)

You must create and load the appropriate Oracle Fusion Middleware schema in your database before installing the following Oracle Identity Management components and configurations:

Oracle Internet Directory, if you want to use an existing schema rather than create a new one using the Installer during installation.

Note:

When you install Oracle Internet Directory, you have the choice of using an existing schema or creating a new one using the Installer. If you want to use an existing schema, you must create it using the Oracle Fusion Middleware Repository Creation Utility (RCU) before you can install Oracle Internet Directory. If you choose to create a new schema during installation, the Installer creates the appropriate schema for you and you do not need to use the RCU.

If you are installing Oracle Internet Directory and your database is not configured as per the requirements in the fusion middleware requirements and prerequisites doc, you would see the following warnings: "Recommended value for Database initialization parameter processes is 500. Choose YES to continue or NO to go back to the same screen and specify different database details." To fix this one can click No and apply the requisite configuration mentioned in the fusion middleware requirements and prerequisites doc - section 8 Repository Creation Utility (RCU) Requirements which can be accessed from the following link:

https://download.oracle.com/docs/html/E18558_01/fusion_requirements.htm#CHDJGECA
Oracle Identity Federation Advanced configurations that use RDBMS for the Federation Store, Session Store, Message Store, or Configuration Store.

You create and load Oracle Fusion Middleware schema in your database using the RCU, which is available in the Oracle Fusion Middleware 11g Release 1 (11.1.1) release media and on the Oracle Technology Network (OTN) Web site. You can access the OTN Web site at:

http://www.oracle.com/technetwork/index.html

Note:

RCU is available only on Linux x86 and Windows x86 platforms. Use the Linux RCU to create schemas on supported UNIX databases. Use Windows RCU to create schemas on supported Windows databases.

When you run RCU, create and load only the following schema for the Oracle Identity Management component you are installing—do not select any other schema available in RCU:

For Oracle Internet Directory, select only the Identity Management - Oracle Internet Directory schema
For Oracle Identity Federation, select only the Identity Management - Oracle Identity Federation schema

Note:

When you create schema, be sure to remember the schema owner and password that is shown in RCU. For Oracle Identity Federation, it is of the form PREFIX_OIF. You will need to provide this information when configuring Oracle Identity Federation with RDBMS stores.

See:

The Oracle Fusion Middleware Repository Creation Utility User's Guide for complete information.

6.2.4 Required Installation Privileges for Oracle WebLogic Server and Oracle Identity Management on Windows Operating Systems

In order to install Oracle WebLogic Server and Oracle Identity Management on a Microsoft Windows Vista or newer operating system, the operating system user must have Windows "Administrator" privileges.

Even when a user with "Administrator" privileges logs in to the machine, the administrative role is not granted for default tasks. In order to access the Oracle home files and folders, the user must launch the command prompt or Windows Explorer as "Administrator" explicitly, even if the user is logged in as the administrator.

To do so, you can do either one of the following:

Find the Command Prompt icon (for example, from the Start menu or from the Desktop), right-click on the icon, and select Run as Administrator. Then you can run the executables (for example, the WebLogic Server installer) from the command line.
Start Windows Explorer, find the executable you want to run (for example, rcu.bat for RCU, config.bat for the Configuration Wizard, or setup.exe for the installer), right-click on the executable, and select Run as Administrator.

6.2.5 Installing Oracle WebLogic Server 11g Release 1 (10.3.6) and Creating the Middleware Home

Oracle Identity Management requires Oracle WebLogic Server and a Middleware home directory.

For more information, see "Install Oracle WebLogic Server" in Oracle Fusion Middleware Installation Planning Guide. In addition, see Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server for complete information about installing Oracle WebLogic Server.

For information on installing the Oracle WebLogic Server, see "Preparing for Installation" and "Running the Installation Program in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.

Notes:

If you are installing Oracle Internet Directory without an Oracle WebLogic administration domain, you do not need to install Oracle WebLogic.
The same user who installed Oracle WebLogic Server must install Oracle Identity Management.
Do not log in to the Oracle WebLogic Server Administration Console during Oracle Identity Management installation.
If you want to configure the minimum amount for Oracle WebLogic Server's maximum heap size, see Optional: Configuring the Minimum Amount for Oracle WebLogic Server's Maximum Heap Size.

6.2.6 Creating the Inventory Directory (UNIX Only)

If you are installing on a UNIX system, and if this is the first time any Oracle product is being installed on your system with the Oracle Universal Installer, you will be asked to provide the location of an inventory directory. This is where the installer will set up subdirectories and maintain inventory data for each Oracle product that is installed on this system.

Follow the instructions in Table 6-1 to configure the inventory directory information:

Table 6-1 Inventory Directory and Group Screens

Screen	Description
Specify Inventory Directory	Specify the Oracle inventory directory and group permissions for that directory. The group must have write permissions to the Oracle inventory directory. Click OK to continue.
Inventory Location Confirmation	Run the createCentralInventory.sh script as root. Click OK to continue.

Screen

Description

Specify Inventory Directory

Specify the Oracle inventory directory and group permissions for that directory. The group must have write permissions to the Oracle inventory directory.

Click OK to continue.

Inventory Location Confirmation

Run the createCentralInventory.sh script as root.

Click OK to continue.

Note:

If you do not want to use the central inventory, you can create the oraInst.loc file, add the custom location of the inventory, and run the runInstaller by using the following command:

runInstaller -invPtrLoc <full location to oraInst.loc>

6.2.7 Starting an Installation

Perform the following steps to start an Oracle Identity Management installation:

Note:

You must be logged in to the UNIX operating system as a non-root user to start the Installer.

If you are using Sun JDK, start the Installer by executing one of the following commands:

UNIX: <full path to the runInstaller directory>/runInstaller

Windows: <full path to the setup.exe directory>\ setup.exe

If you are using Oracle JRockit JDK, start the Installer by executing one of the following commands:

UNIX: <full path to the runInstaller directory>/runInstaller -jreLoc <Middleware Home>/jrockit_1.6.0_24/jre

Windows: <full path to the setup.exe directory>\ setup.exe -jreLoc <Middleware Home>\jrockit_1.6.0_24\jre

Notes:

If you are using Oracle JRockit JDK, the installer prompts you to enter the absolute path of the JDK that is installed on your system. When you install Oracle WebLogic Server, the jrockit_1.6.0_24 directory is created under your Middleware Home. You must enter the absolute path of the JRE folder located in this JDK when launching the installer. For example, on Windows, if the JRE is located in D:\oracle\Middleware\jrockit_1.6.0_24, then launch the installer from the command prompt as follows:

D:\setup.exe -jreLoc D:\oracle\Middleware\jrockit_1.6.0_24\jre
If you do not specify the -jreLoc option on the command line when using the Oracle JRockit JDK, the following warning message is displayed:

-XX:MaxPermSize=512m is not a valid VM option. Ignoring

This warning message does not affect the installation. You can continue with the installation.
On 64 bit platforms, when you install Oracle WebLogic Server using the generic jar file, the jrockit_1.6.0_24 directory will not be created under your Middleware Home. You must enter the absolute path of the JRE folder from where your JDK is located.
On 64 bit platforms, the MaxPermSize should be set to 512M. Before launching the Installer, you can set the MaxPermSize in the environment as follows:

export _JAVA_OPTIONS=-XX:MaxPermSize=512m

If the MaxPermSize is not set to 512M, you will see the following error message:

java.lang.OutOfMemoryError: PermGen space
If you are using Sun JDK on 64 bit platforms, note that JDK1.7 is not supported.

6.2.8 Installing and Configuring Oracle Identity Management 11g Release 1 (11.1.1.6.0) Software

Follow the instructions in Table 6-2 to install and configure Oracle Identity Management 11.1.1.6.0.

If you need additional help with any of the installation screens, click Help to access the online help.

Table 6-2 Installation and Configuration Flow for Install and Configure Option

No.	Screen	When Does This Screen Appear?	Description and Action Required
1	Welcome	Always	Click Next to continue.
2	Install Software Updates	Always	Specify any software updates to install before you install Oracle Identity Management. To get updates from My Oracle Support, you can select Search My Oracle Support for Updates, specify a user name and password, and then click Search for Updates. Before you search, you can click Proxy Settings to change the settings for the proxy server and Test Connection to test the credentials. To get updates that you have saved to your computer, you can select Search Local Directory for Updates, specify a directory, and then click Search for Updates. If you do not want to update any software, select Skip Software Updates, and then click Next to continue the installation.
3	Select Installation Type	Always	Select Install and Configure option. Notes: If you choose Install Software - Do Not Configure option, you can configure them at a later time using the Oracle Identity Management 11g Release 1 (11.1.1.6.0) Configuration Wizard. To start the Oracle Identity Management 11g Release 1 (11.1.1.6.0) Configuration Wizard, execute the `ORACLE_HOME`/`bin/config.sh` script (`config.bat` on Windows). For more information, see Configuring Oracle Identity Management for "Install Software - Do Not Configure" Option. If you want to configure Oracle Directory Integration Platform with Oracle Unified Directory (OUD), or Oracle Directory Integration Platform with Oracle Directory Server Enterprise Edition (ODSEE), you must select Install Software - Do Not Configure option while installing Oracle Identity Management 11g Release 1 (11.1.1.6.0). After Oracle Identity Management 11g Release 1 (11.1.1.6.0) installation is complete, depending on the component you choose to configure with Oracle Directory Integration Platform, refer to the following sections: Configuring ODIP with Oracle Unified Directory (OUD) Configuring ODIP with Oracle Directory Server Enterprise Edition (ODSEE) Click Next to continue.
4	Prerequisite Checks	Always	Ensure that all the prerequisites are met. Click Next to continue.
5	Select Domain	This screen is displayed if you select Install and Configure option.	Select one of the following options: Create New Domain: Enter the User Name, User Password, and Domain Name for the domain you want to create. Depending on the component you choose, refer to the following sections: OID with ODSM and Fusion Middleware Control in a New WebLogic Domain OID with ODIP, ODSM, and Fusion Middleware Control in a New WebLogic Domain OID and OVD with ODSM in a New WebLogic Domain OVD with ODSM and Fusion Middleware Control in a New WebLogic Domain Only ODSM in a New WebLogic Domain ODIP with Fusion Middleware Control in a New WebLogic Domain Advanced Example: Configuring OIF with OID in a New WebLogic Domain for LDAP Authentication, User Store, and Federation Store Extend Existing Domain: Enter the Host Name, Port, User Name, and User Password for the existing domain you want to extend into. Depending on the component you choose, refer to the following sections: Only OID in an Existing WebLogic Domain Only OVD in an Existing WebLogic Domain Only ODSM in an Existing WebLogic Domain Only ODIP in an Existing WebLogic Domain Expand Cluster: Enter the information for the existing cluster you want to expand your Oracle Identity Management installation into. Enter the Host Name, Port, User Name, and User Password for cluster inclusion. Configure Without Domain: You will not be creating or extending the domain of your installation. Depending on the component you choose, refer to the following sections: Only OID Without a WebLogic Domain Only OVD Without a WebLogic Domain
6	Specify Installation Location	Always	Specify the Oracle Middleware Home location, Oracle Home Directory, WebLogic Server Directory, Oracle Instance Location, and Oracle Instance Name. For more information about these directories, see "Understanding Oracle Fusion Middleware Concepts and Directory Structure" in Oracle Fusion Middleware Installation Planning Guide. Click Next to continue.
7	Specify Security Updates	Always	This screen allows you to decide how you want to be notified about security issues: If you want to be notified about security issues through E-mail, enter your E-mail address in the E-mail field. If you want to be notified about security issues through My Oracle Support (formerly MetaLink), select the My Oracle Support option and enter your My Oracle Support Password. If you do not want to be notified about security issues, leave all fields empty. You will see the following message: You have not provided an E-mail address. Do you wish to remain uninformed of critical security issues in your configuration? Click Yes to continue. Click Next to continue.
8	Configure Components	This screen is displayed if you select Install and Configure option.	Select the Oracle Identity Management components that you wish to install and configure. For Create Domain installations, the Enterprise Manager checkbox under Management Components is automatically selected. Oracle Enterprise Manager Fusion Middleware Control Console (Fusion Middleware Control Console) will be installed and configured; you cannot deselect it. It is implicitly selected for configuration. If you select No Domain Flow, only Oracle Internet Directory and Oracle Virtual Directory will be available for configuration. In installations in which you select to extend the Domain, Enterprise Manager (Fusion Middleware Control Console) is not available as a selectable component. In the extend the domain installation only Oracle Directory Services Manager is available as a selection under the Management Components area. Oracle Directory Services Manager can be installed and configured as a stand-alone component. If you select to install Oracle Internet Directory or Oracle Virtual Directory in the create domain installation flow, Oracle Directory Services Manager is automatically selected and cannot be deselected. For extend domain or expand cluster, the Oracle Directory Services Manager can be deselected by you if you select to install Oracle Internet Directory or Oracle Virtual Directory. The Clustered selection field appears and is available if you at least one Java component selected for installation and configuration. Only managed servers and the applications that are deployed to them can be clustered. Enterprise Manager (Fusion Middleware Control Console) is not clustered during the installation because it is deployed to the administrative server. If you select to expand a cluster installation, at least one cluster should be present when you select this option. If you select to expand a cluster the Java EE components which are configured as part of the cluster will be listed. Click Next to continue.
9	Configure Ports	This screen is displayed if you select Install and Configure option.	Choose how you want the Installer to configure ports: Select Auto Port Configuration if you want the Installer to configure ports from a predetermined range. Select Specify Ports using Configuration File if you want the Installer to configure ports using the staticports.ini file. You can click View/Edit File to update the settings in the `staticports.ini` file. Click Next to continue.
10	Specify Schema Database	This screen is displayed if you select Install and Configure option and choose to configure Oracle Internet Directory.	Choose whether to use an existing schema or to create a new one using the Installer. Note: If you want to use an existing schema, it must currently reside in the database to continue with the installation. If it does not currently reside in the database, you must create it now using the Oracle Fusion Middleware Repository Creation Utility. To use an existing schema: Select Use Existing Schema. Enter the database connection information in the Connect String field. The connection string must be in the form of `hostname:port:servicename`. For Oracle Real Application Clusters (RAC), the connection string must be in the form of `hostname1:port1:instance1^hostname2:port2:instance2@servicename`. Enter the password for the existing ODS schema in the Password field. Click Next to continue. Note: If your existing ODS and ODSSM schemas have different passwords, the Specify ODSSM Password screen will appear after you click Next. Enter the password for your existing ODSSM schema and click Next. To create a new schema: Select Create Schema. Enter the database connection information in the Connect String field. The connection string must be in the form of `hostname:port:servicename`. For Oracle Real Application Clusters (RAC), the connection string must be in the form of `hostname1:port1:instance1^hostname2:port2:instance2@servicename`. Enter the name of the database user in the User Name field. The user you identify must have DBA privileges. Note: If you are using Oracle Database 11g Release 2 (11.2) or higher version, the database user should be only 'SYS'. Enter the password for the database user in the Password field. Click Next. The Enter OID Passwords screen appears. Create a password for the new ODS schema by entering it in the ODS Schema Password field. Enter it again in the Confirm ODS Schema Password field. Create a password for the new ODSSM schema by entering it in the ODSSM Schema Password field. Enter it again in the Confirm ODSSM Schema Password field. Click Next to continue.
11	Specify Oracle Virtual Directory Information	This screen is displayed if you select Install and Configure option and choose to configure Oracle Virtual Directory.	Enter the following information: LDAP v3 Name Space: Enter the name space for Oracle Virtual Directory. The default value is `dc=us,dc=oracle,dc=com`. HTTP Web Gateway: Select this option to enable the Oracle Virtual Directory HTTP Web Gateway. Secure: Select this option if you enabled the HTTP Web Gateway and you want to secure it using SSL. Administrator User Name: Enter the user name for the Oracle Virtual Directory administrator. The default value is `cn=orcladmin`. Password: Enter the password for the Oracle Virtual Directory administrator. Confirm Password: Enter the password for the Oracle Virtual Directory administrator again. Configure Administrative Server in secure mode: Select this option to secure the Oracle Virtual Directory Administrative Listener using SSL. This option is selected by default. Oracle recommends selecting this option. Click Next to continue.
12	Specify OID Administrator Password	This screen is displayed if you select Install and Configure option and choose to configure Oracle Internet Directory.	Enter the password for the Oracle Internet Directory administrator. Click Next to continue.
13	Select Oracle Identity Federation Configuration Type	This screen is displayed if you select Install and Configure option and choose to configure Oracle Identity Federation.	Select one of the following configuration types: Basic: You do not need to choose the datastore and authentication engine types or specify the connection details for Oracle Identity Federation. For more information, see Performing Basic Oracle Identity Federation Configurations Advanced: This option will enable you to choose the configuration types for the datastores, the authentication engine, and specify the connection details datastores and authentication engine. For more information, see Performing Advanced Oracle Identity Federation Configurations Note: The procedure in this table shows the screens that appears when the Basic option is selected. If you want to select Advanced option, refer to the following for complete details: Performing Advanced Oracle Identity Federation Configurations Advanced Example: Configuring OIF with OID in a New WebLogic Domain for LDAP Authentication, User Store, and Federation Store Advanced Example: Configuring OIF in a New or Existing WebLogic Domain with RDBMS Data Stores Click Next to continue.
14	Specify Oracle Identity Federation Details	This screen is displayed if you select Install and Configure option and choose to configure Oracle Identity Federation.	Enter the following information: PKCS12 Password: Enter the password Oracle Identity Federation will use for encryption and for signing wallets. The Installer automatically generates these wallets with self-signed certificates. Oracle recommends using the wallets only for testing. Confirm Password: Enter the PKCS12 password again. Server ID: Enter a string that will be used to identify this Oracle Identity Federation instance. A prefix `oif` will be added to the beginning of the string you enter. Each logical Oracle Identity Federation instance within an Oracle WebLogic Server administration domain must have a unique Server ID. Clustered Oracle Identity Federation instances acting as a single logical instance will have the same Server ID. Click Next to continue.
15	Installation Summary	Always	Verify the information on this screen. If you want to change any options, you can return to a previous screen by clicking a link in the navigation tree on the left or by clicking Back until you get to the screen. After you edit the required options, you can continue the installation from the previous screen. Click Save if you want to save a response file. You will be prompted for a name and location for the response file, which will contain information specific to your installation. After the installer creates the response file, you can use it exactly as is to replicate the installation on other systems, or you can modify the response file in a text editor. Click Install to begin the installation.
16	Installation Progress	Always	If you are installing on a UNIX system, you may be asked to run the `ORACLE_HOME/oracleRoot.sh` script to set up the proper file and directory permissions. For more information, see Executing the oracleRoot.sh Script on UNIX Platforms. Click Next to continue.
17	Configuration Progress	This screen is displayed if you select Install and Configure option.	Click Next to continue.
18	Installation Complete	Always	Click Save to save the installation configuration, and then click Finish to exit the installer.

Oracle Identity Management 11g Release 1 (11.1.1.6.0) is installed and configured if you selected Install and Configure option in the Select Installation Type screen. By default Oracle_IDM1 is created as the Oracle Identity Management Oracle home directory. This home directory is also referred to as IDM_Home in this guide.

To locate the installation log files, see Locating Installation Log Files.

6.3 Configuring Oracle Identity Management for "Install Software - Do Not Configure" Option

If you selected Install Software - Do Not Configure option in the Select Installation Type screen while installing Oracle Identity Management 11g Release 1 (11.1.1.6.0), as described in Installing and Configuring Oracle Identity Management 11g Release 1 (11.1.1.6.0) Software, you must now start the Oracle Identity Management Configuration Wizard to configure the following components:

Oracle Internet Directory (OID)
Oracle Virtual Directory (OVD)
Oracle Directory Services Manager (ODSM)
Oracle Directory Integration Platform (ODIP)
Oracle Identity Federation (OIF)

Run the Oracle Identity Management 11g Configuration Wizard as follows:

On UNIX systems:

ORACLE_IDM1/bin/config.sh

On Windows systems:

ORACLE_IDM1\bin\config.bat

The Oracle Identity Management 11g Configuration Wizard is displayed. You can use this wizard to configure your component in a new domain, in an existing domain, or without a domain. Note that you can install and configure only Oracle Internet Directory and Oracle Virtual Directory without a domain. For more information, see the following topics: