This chapter contains the following sections:
Section 3.1, "Create the RBACX_HOME Environment Variable on Your Local System"
Section 3.2, "Create the Oracle Identity Analytics Folder Structure"
Section 3.4, "To Create the Oracle Identity Analytics Schema on the Database Server"
Section 3.5, "To Configure Oracle Identity Analytics for Standalone Deployment"
Section 3.6, "To Configure Oracle Identity Analytics for Clustered Deployment"
Section 3.7, "To Configure J2EE Data Sources for Oracle Identity Analytics (Optional)"
In this chapter you will you will create the Oracle Identity Analytics schema on the database server and you will customize the Oracle Identity Analytics WAR file before you deploy it on your application server.
You can perform the steps in this chapter either on the system on which OIA will be deployed or on a local system. If you configure OIA on a local system, your system should have the same installed OS as the system to which OIA will be deployed.
If the system that you are using to configure Oracle Identity Analytics is not the system on which you will deploy OIA, complete the steps in this section to create the RBACX_HOME environment variable. Otherwise, go to the next section.
Note:
To create a permanent environment variable on your application server system(s), see Section 2.2.5, "Configuring Environment Variables."
To Create the RBACX_HOME Environment Variable on Your Local System
Before configuring Oracle Identity Analytics you need to create the RBACX_HOME environment variable.
To temporarily set the $RBACX_HOME environment variable, type the following command at a command line. The $RBACX_HOME environment variable will remain valid for the length of your session.
Windows:
set RBACX_HOME=Path to the Oracle Identity Analytics installation directory
For example: set RBACX_HOME=C:\Oracle\OIA_Install
UNIX:
export RBACX_HOME=Path to the Oracle Identity Analytics installation directory
For example: export RBACX_HOME=/opt/Oracle/OIA_Install
Before You Begin - Prior to installing Oracle Identity Analytics, verify that the following prerequisites have been met:
You should have installed your database.
If your database is installed on the same machine on which you are installing Oracle Identity Analytics, you should create an environment variable that maps to your database installation directory. For example, if you are using Oracle Database, create an $ORACLE_HOME environment variable and map it to your Oracle installation directory.
If installing on a UNIX® based system, you should have sufficient privileges to create and modify folders in the /opt directory of the file system.
To execute the database schema on the target database, DBA privileges are required. Use system for Oracle Database or an account with equivalent privileges.
At a command prompt, type the following commands to create the necessary folder structure.
Windows:
C:\> mkdir Oracle\OIA_Install
UNIX:
$ mkdir -p /opt/Oracle/OIA_Install
Unpack the Oracle Identity Analytics installation package.
Windows:
unzip oia_install_package.zip -d OIA_Install
UNIX:
unzip oia_install_package.zip -d OIA_Install
Verify that the Oracle Identity Analytics folder structure was properly created.
The directory that you installed Oracle Identity Analytics to should consist of at least the following folders and files.
Table 3-1 Contents of the Base OIA Directory
| Name | Type |
|---|---|
|
|
folder |
|
|
folder |
|
|
folder |
|
|
folder |
|
|
file |
|
|
folder |
|
|
folder |
Note:
The sample folder contains import and export folders that show the folder structure recommended for file and ETL imports.
Copy the import and export folders (located in the sample folder) to $RBACX_HOME. The import and export folders should be at the same level as conf, .indexes, and reports.
Whereas some third-party files are available in the sample folder in the OIA package, other files need to be downloaded prior to installation. Third-party files should be saved to a library folder, which will be referred to as OIA_LIB.
For example:
Windows:
mkdir C:\Oracle\OIA_Lib
set OIA_LIB=Path to the downloaded third-party library files
(for example, set OIA_LIB=C:\Oracle\OIA_Lib)
UNIX:
mkdir /opt/Oracle/OIA_Lib
export OIA_LIB=Path to the downloaded third-party library files
(for example, export OIA_LIB=/opt/Oracle/OIA_Lib)
For Oracle Database Server, download from the Oracle website the ojdbc5.jar driver if using JDK 1.5, and download the ojdbc6.jar driver if using JDK 1.6. The JDBC driver file you choose needs to support both the JDK version you are running, as well as the backend Oracle database instance version.
This file is required by the Oracle Identity Analytics certification and reporting feature.
Download the jasper-jdt.jar file and paste it to the OIA_LIB folder:
http://tomcat.apache.org/dev/dist/m2-repository/org/apache/tomcat/jasper-jdt/6.0.18/
OIA uses CloverETL for data import and export transformations.
Download the CloverETL Engine class files, version 1.8.1 from this site:
http://download.berlios.de/cloveretl/cloverETL.rel-1-8-1.zip
Next, complete the steps in the following section to convert the library file to a JAR file.
Follow these steps to create the CloverETL JAR file.
Before You Begin - You will need the unzip utility and at least a Java 5 JDK.
Create a working directory named files and then open the directory:
mkdir files
cd files
Check the integrity of the .zip file and then expand it:
unzip -tq ../cloverETL.rel-1-8-1.zip
unzip -q ../cloverETL.rel-1-8-1.zip
Remove the log4j.properties file to prevent a file conflict in OIA:
rm log4j.properties
Go to the parent directory:
cd ..
Create the JAR manifest input file clover.mf, which consists of these lines:
Implementation-Version: 1.8.1 Implementation-Title: jETeL/Clover Implementation-URL:http://download.berlios.de/cloveretl/cloverETL.rel-1-8-1.zip Implementation-Vendor-Id: org.jetel
Create the JAR file:
jar cfm clover.mf cloverETL-1.8.1.jar -C files .
Copy the cloverETL-1.8.1.jar file to the OIA_LIB folder.
OIA uses the Java-Excel API to import data from an Excel spreadsheet file.
Download the jxl-2.5.9.jar file from this site and paste it to the OIA_LIB folder:
OIA uses the Web Services Description Language for Java Toolkit (WSDL4J.jar) for provisioning server integration, among other things. If you are using Oracle Identity Analytics Web Services, download the WSDL4J JAR file.
Download the wsdl4j-bin-1.6.1.zip file from this site:
http://sourceforge.net/projects/wsdl4j/files/WSDL4J/1.6.1/
Next, follow these steps to extract the wsdl4j.jar file and copy it to the OIA_LIB folder.
Verify the zip file was downloaded without errors:
Windows:
unzip -tq wsdl4j-bin-1.6.1.zip
UNIX:
unzip -tq wsdl4j-bin-1.6.1.zip
Extract the wsdl4j.jar file:
Windows:
unzip -q wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1\lib\wsdl4j.jar
UNIX:
unzip -q wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1/lib/wsdl4j.jar
Copy the JAR file to the OIA_LIB folder and rename it to include the version number:
Windows:
move wsdl4j-1_6_1\lib\wsdl4j.jar %OIA_LIB%\wsdl4j-1.6.1.jar
UNIX:
mv wsdl4j-1_6_1/lib/wsdl4j.jar $OIA_LIB/wsdl4j-1.6.1.jar
Clean up:
Windows:
del /F wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1\
UNIX:
rm -fr wsdl4j-bin-1.6.1.zip wsdl4j-1_6_1/
Before You Begin - Prior to creating the Oracle Identity Analytics schema on the Database Server, review the following:
You should have created the Oracle Identity Analytics folder structure as described in Section 3.2, "Create the Oracle Identity Analytics Folder Structure."
If the database is installed on a remote machine, copy the Oracle/OIA_Install/db folder to the database machine.
If it is necessary to use a database name other than rbacx and a user name other than rbacxservice, open the schema creation script and replace all instances of the default database name and default user name with the names that you will be using instead.
In the following steps you will create the rbacxservice user, run the schema creation script, and then verify that the schema was created.
To Create the rbacxservice User and run the Schema Creation Script
Open a command prompt and type oraenv.
At the ORACLE_SID prompt, type rbacx.
Access the database using SQL*Plus:
Type sqlplus at the command prompt.
Type the user name and password for your database when prompted.
At the SQL prompt, type the following:
create user rbacxservice identified by your-database-password;
where your-database-password is the password for your database.
For example:
create user rbacxservice identified by Welcome1;
At the SQL prompt, type the following:
Windows:
@C:\Oracle\OIA_Install\db\oracle\rbacx-version_oracle_schema.sql
UNIX:
@/opt/Oracle/OIA_Install/db/oracle/rbacx-version_oracle_schema.sql
Note:
For Oracle Identity Analytics 11gR1 PS1 the version number is 11.1.1.5.0.
The OIA schema creation script runs.
When the script is finished, the SQL prompt appears.
To Verify That the Schema was Created
Open the Oracle Enterprise Manager 11g Database Control and type the user name and password for your database.
Select Normal from the Connect As menu.
Choose Schema from the menu, then choose Tables from the Database Objects list.
Click the search icon to the right of the Schema field.
In the Search And Select: Schema window, type RBACXSERVICE in the Schema field and click Go.
You should see one match in the search results.
Note:
To optimize performance, Oracle recommends that a qualified database administrator perform database tuning steps. These steps are included in the Database Tuning chapter in the Database Administrator's Guide for Oracle Identity Analytics.
Follow these steps to build a custom .war file for your environment.
Before You Begin -
An installed JDK is required (Version 1.5, at minimum).
You should have completed the steps in Section 3.2, "Create the Oracle Identity Analytics Folder Structure."
You should have saved the required third-party files to the OIA_LIB library file. See Section 3.3, "Download the Third-Party Library Files" for more information.
You should have downloaded the JDBC connectivity JAR file for your database and saved it to the OIA_LIB library file. See Section 3.3.1, "JDBC Drivers" for more information.
You should have created the Oracle Identity Analytics schema on the database server (see Section 3.4).
Create a backup copy of the original rbacx.war file.
Windows:
C:\> cd C:\Oracle\OIA_Install
C:\Oracle\OIA_Install> mkdir rbacx_original
C:\Oracle\OIA_Install> copy rbacx.war rbacx_original
A copy of the rbacx.war file is created under C:\Oracle\OIA_Install\rbacx_original.
UNIX:
$ cd /opt/Oracle/OIA_Install
$ mkdir rbacx_original
$ cp rbacx.war rbacx_original/.
A copy of the rbacx.war file is created under /opt/Oracle/OIA_Install/rbacx_original.
Create an rbacx_staging folder under $RBACX_HOME.
Windows:
C:\Oracle\OIA_Install> mkdir rbacx_staging
C:\Oracle\OIA_Install> cd rbacx_staging
UNIX:
$ mkdir rbacx_staging
$ cd rbacx_staging
Extract rbacx.war to rbacx_staging so that configuration changes can be made.
Windows:
C:\Oracle\OIA_Install\rbacx_staging> jar -xvf ../rbacx.war
UNIX:
$ jar xvf ../rbacx.war
Navigate to rbacx_staging/WEB-INF.
Windows:
C:\Oracle\OIA_Install\rbacx_staging> cd WEB-INF
UNIX:
$ cd WEB-INF
Update the log4j.properties file with the correct path for your environment.
Note:
If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.
In a text editor, open the log4j.properties file located in the WEB-INF folder.
Locate the following line under # File Appender.
log4j.appender.file.file=logs/rbacx.log
Replace logs/rbacx.log with the full path to where the log file should be written.
For example, the line should look like this:
Windows: log4j.appender.file.file=C:/Oracle/OIA_Install/logs/rbacx.log
or
log4j.appender.file.file=E:\\Oracle\\OIA_Install\\logs\\rbacx.log
UNIX: log4j.appender.file.file=/opt/Oracle/OIA_Install/logs/rbacx.log
Update the jasper.properties file.
In a text editor, open the jasper.properties file located in the WEB-INF folder.
Add the following line to the end of the file:
net.sf.jasperreports.compiler.classpath=Path to your rbacx folder/rbacx/WEB-INF/lib/jasperreports-2.0.5-javaflow.jar
Note:
The path to the rbacx deployment folder will vary on the application server.
If you are using CloverETL, enable it in the configuration as follows:
In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.
In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.
Copy the downloaded third-party library files to the Oracle Identity Analytics library under the WEB-INF/lib directory.
Windows:
C:\> cd C:\Oracle\OIA_Install\rbacx_staging
C:\Oracle\OIA_Install\rbacx_staging> copy %OIA_LIB% WEB-INF\lib
UNIX:
$ cp $OIA_LIB/* WEB-INF/lib
Make the following changes if there are multiple instances of Oracle Identity Analytics, standalone or clustered, on the same subnet.
Navigate to rbacx_staging/WEB-INF directory.
In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.
Set the constructor-arg value with a unique instance name—for example, value="OIA-Instance-1".
In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.
If the deployment is standalone, constructor-arg defaults to a value of 0, which is specified as value="0".
If multiple instances of Oracle Identity Analytics, standalone or clustered, exist on the same subnet, navigate to rbacx_staging/WEB-INF/classes directory and do the following:
In a text editor, open oscache.properties (located in the rbacx_staging/WEB-INF/classes directory), and find the cache.cluster.multicast.ip property.
Uncomment cache.cluster.multicast.ip by removing the # at the start of the line. Each Oracle Identity Analytics instance requires a unique cache.cluster.multicast.ip value.
Uncomment the following line by removing the # at the start of the line.
cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
If you are using OIA Web Services, uncomment its configuration.
See the API Guide for Oracle Identity Analytics, "Enabling Web Services."
Run the following commands from the rbacx_staging folder to repack the newly modified rbacx.war file.
The expanded folder structure is repackaged to a .war file, which is required for deployment on the application server.
Windows:
C:\> cd C:\Oracle\OIA_Install\rbacx_staging
C:\Oracle\OIA_Install\rbacx_staging> jar -cvfM ../rbacx.war .
The new rbacx.war file is located in C:\Oracle\OIA_Install.
UNIX:
$ cd /opt/Oracle/OIA_Install/rbacx_staging
$ jar cvfM ../rbacx.war .
The new rbacx.war file is located in /opt/Oracle/OIA_Install.
Copy the jdbc.properties file for your database to the Oracle Identity Analytics conf directory, located as follows.
Windows:
cd C:\Oracle\OIA_Install\conf
copy oracle\jdbc.properties .
UNIX:
cd /opt/Oracle/OIA_Install/conf
cp oracle/jdbc.properties .
In a text editor, open the jdbc.properties file and edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database.
For Oracle Database:
# JDBC driver URL
jdbc.url=jdbc:oracle:thin:@$SERVER_NAME:$PORT_NUMBER:rbacx
The default port number for JDBC connectivity on the Oracle server is 1521 and it is assumed that the default SID is rbacx.
If you are using a database user name other than the default rbacxservice user name, change the jdbc.username value in the jdbc.properties file to the user name that you created. Otherwise, go to the next step.
In the jdbc.properties file, add the following line:
jdbc.password=YourClearTextDatabasePassword
Now encrypt the database password by typing the following command at a command line:
Windows:
C:\> java -jar ..\rbacx_staging\WEB-INF\lib\vaau-commons-crypt.jar
-encryptProperty -cipherKeyProperties .\cipherKey.properties
-propertyFile .\jdbc.properties -propertyName jdbc.password
UNIX:
$ java -jar ../rbacx_staging/WEB-INF/lib/vaau-commons-crypt.jar
-encryptProperty -cipherKeyProperties ./cipherKey.properties
-propertyFile ./jdbc.properties -propertyName jdbc.password
For more information about this command, see "Understanding the Property Encryption Utility" in the "Securing Oracle Identity Analytics" chapter of the Administrator's Guide for Oracle Identity Analytics.
The password is encrypted and stored as jdbc.password.encrypted.
Delete the rbacx_staging folder.
Windows:
C:\> cd C:\Oracle\OIA_Install
C:\> rmdir /s rbacx_staging
UNIX:
$ cd /opt/Oracle/OIA_Install
$ rm -rf rbacx_staging
Do the following:
Go to the following location and open iam.properties in a text editor.
Windows:
C:\>Oracle\OIA_Install\conf
UNIX:
/opt/Oracle/OIA_Install/conf
Edit the following lines, replacing $RBACX_HOME with the path to the directory where Oracle Identity Analytics is installed:
com.vaau.rbacx.iam.file.import.completeLocation=$RBACX_HOME/import/complete com.vaau.rbacx.iam.file.import.schemaLocation=$RBACX_HOME/import/schema com.vaau.rbacx.iam.file.import.dropLocation=$RBACX_HOME/import/in com.vaau.rbacx.etl.import.dropLocation=$RBACX_HOME/import/etl/in com.vaau.rbacx.etl.import.graphsLocation=$RBACX_HOME/import/etl/graphs com.vaau.rbacx.etl.import.completeLocation=$RBACX_HOME/import/etl/complete com.vaau.rbacx.etl.import.outputLocation=$RBACX_HOME/import/in com.vaau.rbacx.iam.file.export.dropLocation=$RBACX_HOME/export/etl/in com.vaau.rbacx.iam.file.export.schemaLocation=$RBACX_HOME/export/schema com.vaau.rbacx.etl.export.dropLocation=$RBACX_HOME/export/etl/in com.vaau.rbacx.etl.export.graphsLocation=$RBACX_HOME/export/etl/graphs com.vaau.rbacx.etl.export.completeLocation=$RBACX_HOME/export/etl/complete com.vaau.rbacx.etl.export.outputLocation=$RBACX_HOME/export/out
Follow these steps to build a custom .war file for your environment.
Note:
Before deploying Oracle Identity Analytics to a cluster, synchronize the clocks on every machine in the cluster. The clocks must be within one second of each other.
Before You Begin -
Complete the steps in Section 3.2, "Create the Oracle Identity Analytics Folder Structure."
An installed JDK is required (Version 1.5, at minimum).
You should have downloaded the JDBC connectivity JAR file for your database. See Section 3.3.1, "JDBC Drivers" for more information.
You should have created the Oracle Identity Analytics schema on the database server (see Section 3.4).
Create a backup copy of the original rbacx.war file.
Windows:
C:\> cd C:\Oracle\OIA_Install
C:\Oracle\OIA_Install> mkdir rbacx_original
C:\Oracle\OIA_Install> copy rbacx.war rbacx_original
A copy of the rbacx.war file is created under C:\Oracle\OIA_Install\rbacx_original
UNIX:
$ cd /opt/Oracle/OIA_Install
$ mkdir rbacx_original
$ cp rbacx.war rbacx_original/.
A copy of the rbacx.war file is created under /opt/Oracle/OIA_Install/rbacx_original
Create an rbacx_staging folder under $RBACX_HOME.
Windows:
C:\Oracle\OIA_Install> mkdir rbacx_staging
C:\Oracle\OIA_Install> cd rbacx_staging
UNIX:
$ mkdir rbacx_staging
$ cd rbacx_staging
Extract rbacx.war to rbacx_staging so that configuration changes can be made.
Windows:
C:\Oracle\OIA_Install\rbacx_staging> jar -xvf ../rbacx.war
UNIX:
$ jar xvf ../rbacx.war
Navigate to rbacx_staging/WEB-INF.
Windows:
C:\Oracle\OIA_Install\rbacx_staging> cd WEB-INF
UNIX:
$ cd WEB-INF
Update the log4j.properties file with the correct path for your environment.
Note:
If the Oracle Identity Analytics log file is going to be created in any folder other than the default log folder as defined by the application server, complete the step. Otherwise, skip and go to the next step.
In a text editor, open the log4j.properties file located in the WEB-INF folder.
Locate the following line under # File Appender.
log4j.appender.file.file=logs/rbacx.log
Replace logs/rbacx.log with the full path to where the log file should be written.
For example, the line should look like this:
Windows: log4j.appender.file.file=C:/Oracle/OIA_Install/logs/rbacx.log
UNIX: log4j.appender.file.file=/opt/Oracle/OIA_Install/logs/rbacx.log
Update the jasper.properties file.
In a text editor, open the jasper.properties file located in the WEB-INF/classes folder.
Add the following line to the end of the file:
net.sf.jasperreports.compiler.classpath=Path to your rbacx folder/rbacx/WEB-INF/lib/jasperreports-2.0.5-javaflow.jar
Note:
The path to the rbacx deployment folder will vary on the application server.
If you are using CloverETL, enable it in the configuration as follows:
In a text editor, open WEB-INF/etl-context.xml and uncomment the etlManager bean definition.
In a text editor, open WEB-INF/iam-context.xml and uncomment the etlManager bean reference in the property list of the file bean definition.
Copy the downloaded third-party library files to the Oracle Identity Analytics library under the WEB-INF/lib directory.
Note:
Ensure that the oscache.jar and javagroups-all.jar JAR files are not part of the third-party library files being copied in this step. If they are, do not copy the JAR files to the WEB-INF/lib directory of the Oracle Identity Analytics library.
If these JAR files are copied, the OIA managed servers in the cluster will fail to start the OIA application.
Windows:
copy %OIA_LIB% * WEB-INF\lib
UNIX:
cp $OIA_LIB/ * WEB-INF/lib
Make the following changes to enable Oracle Identity Analytics 11gR1 support for clustered application server deployments.
Navigate to the rbacx_staging/WEB-INF directory.
In a text editor, open application-context.xml, find bean ID commManager, and examine the constructor-arg value.
Set the constructor-arg value as the cluster name—for example, value="Prod-1-Cluster".
If Oracle Identity Analytics is deployed on multiple clusters within the same subnet, you should define unique constructor-arg values for each deployment. For example, if both clusters Prod-Cluster and QA-Cluster have Oracle Identity Analytics deployed, the constructor-arg values of each should be set to Prod-Cluster and QA-Cluster respectively.
Members of the same cluster should have the same constructor-arg value.
In bean ID commManager, locate the constructor-arg index="1" value.
Replace the value with the IP address of each cluster member. This setting binds the multicast addresses to the IP addresses. In addition, add the enabled property and set it to true. For example:
<constructor-arg index="1" value="140.84.134.133;140.84.135.88"/> <property name="enabled" value="true"/>
Save the application-context.xml file.
In a text editor, open search-context.xml, find bean ID searchConfiguration, and examine the constructor-arg value.
If the deployment is a clustered deployment, constructor-arg defaults to a value of 1 or 2 depending on the location of the .indexes directory.
To set the constructor-arg value, do the following:
If each clustered node will be accessing local individual .indexes directories, set constructor-arg to 1. For example, value="1".
If clustered nodes will be accessing a shared.indexes directory, set constructor-arg to 2. For example, value="2". The .indexes directory needs to be located on an NFS share location where each clustered node has read-write permission. Edit indexLocation such that the NFS share location replaces $RBACX_HOME in the value field.
If clustered nodes will be accessing a shared.indexes directory, then copy the $RBACX_HOME/.indexes directory structure across the shared indexes location. Perform the following procedure to do so:
To copy the directory structure from $RBACX_HOME/.indexes to the shared indexes location, do the following:
Undeploy the OIA from weblogic cluster.
Re-copy the ./indexes from the OIA installation media.
In the RBACX_HOME/rbacx.war/WEB-INF/lib directory, remove the stax-api-1.0.1.jar file or rename it to stax-api-1.0.1.jar.backup on the 2 servers.
Download stax-api-1.0-2.jar from http://download.java.net/maven/1/javax.xml.stream/jars/ and place it in the RBACX_HOME/rbacx.war/WEB-INF/lib directory on the 2 servers.
Redeploy RBACX_HOME/rbacx.war from the Weblogic console.
If multiple instances of Oracle Identity Analytics, standalone or clustered, exist on the same subnet, navigate to the rbacx_staging/WEB-INF/classes directory and do the following:
In a text editor, open oscache.properties (located in the rbacx_staging/WEB-INF/classes directory), and find the cache.cluster.multicast.ip property.
Uncomment cache.cluster.multicast.ip by removing the # at the start of the line. Each non-member instance requires a unique cache.cluster.multicast.ip value.
Uncomment the following line by removing the # at the start of the line.
cache.event.listeners=com.opensymphony.oscache.plugins.clustersupport.JavaGroupsBroadcastingListener,com.opensymphony.oscache.extra.CacheMapAccessEventListenerImpl
If you are using OIA Web Services, uncomment its configuration.
See the API Guide for Oracle Identity Analytics, "Enabling Web Services."
Run the following commands from the rbacx_staging folder to repack the newly modified rbacx.war file. The expanded folder structure is repackaged to a .war file, which is required for deployment on the application server.
Windows:
C:\> cd C:\Oracle\OIA_Install\rbacx_staging
C:\> jar -cvfM ../rbacx.war .
The new rbacx.war file is located in C:\Oracle\OIA_Install.
UNIX:
$ cd /opt/Oracle/OIA_Install/rbacx_staging
$ jar cvfM ../rbacx.war .
The new rbacx.war file is located in /opt/Oracle/OIA_Install.
Copy the jdbc.properties file for your database to the Oracle Identity Analytics conf directory, located as follows.
Windows:
cd C:\Oracle\OIA_Install\conf
copy oracle\jdbc.properties .
UNIX:
cd /opt/Oracle/OIA_Install/conf
cp oracle/jdbc.properties .
In a text editor, open the jdbc.properties file and edit the following lines, substituting $SERVER_NAME and $PORT_NUMBER with the host name and connectivity port of the target database.
For Oracle Database:
# JDBC driver URL
jdbc.url=jdbc:oracle:thin:@$SERVER_NAME:$PORT_NUMBER:rbacx
The default port number for JDBC connectivity on the Oracle server is 1521 and it is assumed that the default SID is rbacx.
If you are using a database user name other than the default rbacxservice user name, change the jdbc.username value in the jdbc.properties file to the user name that you created. Otherwise, go to the next step.
Make the following change to jdbc.properties for clustered Quartz support, and save the file:
jdbc.quartz.isClustered=true
In the jdbc.properties file, add the following line:
jdbc.password=YourClearTextDatabasePassword
Now encrypt the database password by typing the following command at a command line:
Windows:
C:\> java -jar ..\rbacx_staging\WEB-INF\lib\vaau-commons-crypt.jar
-encryptProperty -cipherKeyProperties .\cipherKey.properties
-propertyFile .\jdbc.properties -propertyName jdbc.password
UNIX:
$ java -jar ../rbacx_staging/WEB-INF/lib/vaau-commons-crypt.jar
-encryptProperty -cipherKeyProperties ./cipherKey.properties
-propertyFile ./jdbc.properties -propertyName jdbc.password
For more information about this command, see "Understanding the Property Encryption Utility" in the "Securing Oracle Identity Analytics" chapter of the Administrator's Guide for Oracle Identity Analytics.
The password is encrypted and stored as jdbc.password.encrypted.
Repeat steps 12 – 16 for each additional OIAinstance, or, if every OIA instance uses identical JDBC connection properties, copy the jdbc.properties file to all instances.
Delete the rbacx_staging folder.
Windows:
C:\> cd C:\Oracle\OIA_Install
C:\> rmdir /s rbacx_staging
UNIX:
$ cd /opt/Oracle/OIA_Install
$ rm -rf rbacx_staging
Do the following:
Go to the following location and open iam.properties in a text editor.
Windows:
C:\>Oracle\OIA_Install\conf
UNIX:
/opt/Oracle/OIA_Install/conf
Edit the following lines, replacing $RBACX_HOME with the path to the directory where Oracle Identity Analytics is installed:
com.vaau.rbacx.iam.file.import.completeLocation=$RBACX_HOME/import/complete com.vaau.rbacx.iam.file.import.schemaLocation=$RBACX_HOME/import/schema com.vaau.rbacx.iam.file.import.dropLocation=$RBACX_HOME/import/in com.vaau.rbacx.etl.import.dropLocation=$RBACX_HOME/import/etl/in com.vaau.rbacx.etl.import.graphsLocation=$RBACX_HOME/import/etl/graphs com.vaau.rbacx.etl.import.completeLocation=$RBACX_HOME/import/etl/complete com.vaau.rbacx.etl.import.outputLocation=$RBACX_HOME/import/in com.vaau.rbacx.iam.file.export.dropLocation=$RBACX_HOME/export/etl/in com.vaau.rbacx.iam.file.export.schemaLocation=$RBACX_HOME/export/schema com.vaau.rbacx.etl.export.dropLocation=$RBACX_HOME/export/etl/in com.vaau.rbacx.etl.export.graphsLocation=$RBACX_HOME/export/etl/graphs com.vaau.rbacx.etl.export.completeLocation=$RBACX_HOME/export/etl/complete com.vaau.rbacx.etl.export.outputLocation=$RBACX_HOME/export/out
Note:
When the application server is clustered, the nodes can maintain localized import/export directories, or utilize import/export directories on a NFS share. If the nodes use a shared NFS location for import/export, substitute $RBACX_HOME with the path to the NFS share.
The following steps describe how to configure Oracle Identity Analytics to use a JDBC connection pool. The use of JDBC connection pooling with Oracle Identity Analytics is optional.
On your application server, create the data source and configure the JDBC connection. Refer to your application server documentation for instructions.
Complete the following steps to point Oracle Identity Analytics to the data source.
Comment out the jdbc.properties configuration value using these steps:
Open conf-context.xml (located in the WEB-INF directory inside the WAR file) for editing.
Locate <property name="locations"> and comment out the following value:
<value>file:$RBACX_HOME/conf/jdbc.properties</value>
For example:
<property name="locations">
<!-- <value>file:$RBACX_HOME/conf/jdbc.properties</value> -->
Open dataaccess-context.xml (located in the WEB-INF directory inside the WAR file) for editing.
Comment out the bean with id="dataSource" and add the following bean below it:
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jdbc/RMConfig" />
Replace the value jdbc/RMConfig with a JNDI reference to the JDBC connection that you created on your application server.
For example:
<!-- <bean id="dataSource" parent="abstractDataSource">
<description>Default datasource that uses Oracle UCP as a pool implementation</description>
<property name="connectionFactoryClassName" value="${jdbc.driverClassName}"/>
<property name="URL" value="${jdbc.url}"/>
<property name="user" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password.encrypted}"/>
<property name="connectionPoolName" value="CONN_POOL"/>
<property name="minPoolSize" value="5"/>
<property name="maxPoolSize" value="150"/>
<property name="initialPoolSize" value="5"/>
<property name="inactiveConnectionTimeout" value="120"/>
<property name="validateConnectionOnBorrow" value="true"/>
<property name="SQLForValidateConnection" value="select 1 from globalusers"/>
<property name="maxStatements" value="10"/>
<property name="connectionFactoryProperties">
<bean class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location" value="file:${RBACX_HOME}/conf/jdbcConnectionFactory.properties"/>
<property name="ignoreResourceNotFound" value="true"/>
</bean>
</property>
</bean> -->
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jdbc/rbacx" />
Open scheduling-context.xml (located in the WEB-INF directory inside the WAR file) for editing:
Locate the bean with id="quartzSchedulerFactoryBean".
Locate the property name <property name="quartzProperties">.
Change the ${jdbc.quartz.driverDelegateClass} key value to org.quartz.impl.jdbcjobstore.oracle.OracleDelegate.
Change the ${jdbc.quartz.selectWithLockSQL} key value to SELECT * FROM {0}LOCKS WHERE LOCK_NAME = ? FOR UPDATE.
If utilizing a clustered configuration, change the ${jdbc.quartz.isClustered} key value to true.
If utilizing a clustered configuration, open the application-context.xml file (located in the WEB-INF directory inside the WAR file) for editing:
Locate the property name <property name="quartzProperties">.
Change the ${jdbc.quartz.isClustered} key value to true.