2 Installation and Configuration Issues

This chapter describes issues associated with the installation and configuration process of Oracle Identity and Access Management 11g Release 2 (11.1.2). It includes the following sections:

2.1 General Issues and Workarounds

This section describes general issues and workarounds. It includes the following topics:

2.1.1 Error when Installing OIM Design Console

When you are trying to install Oracle Identity Manager (OIM) Design Console on a Windows machine that has firewall between the machine and the OIM server, the following error message is displayed when you run the config.cmd command:

Error in validating the Hostname field value.Entered host is not up and running

To install OIM Design Console, you must open port 7 in the firewall.

2.1.2 Launching Oracle Identity Manager Configuration Wizard on AIX with JDK7

You can not launch Oracle Identity Manager Configuration Wizard on AIX with JDK7, when you run the script $<ORACLE_HOME>/bin/config.sh

The Oracle Universal Installer window appears if you add the -jreLoc option in the command line: $<ORACLE_HOME>/bin/config.sh -jreLoc <JRE_HOME>

2.1.3 Simple Security Mode Does Not Work on AIX

On AIX, the Simple security mode does not work with Oracle Access Management Server 11.1.2.

Workaround: Use either the Open or Cert security mode.

2.1.4 Unable to Add Weblogic Password in the Fusion Middleware Configuration Wizard

In the Fusion Middleware Configuration Wizard, you cannot add Weblogic password in the Configure Administrator User Name and Password screen.


When you are prompted to enter the Weblogic user password, you may not be able to enter the password. Click Next to go to the next screen. You will be prompted of an error: Password cannot be empty. Go back to the previous screen and type in the password again.


Before running the Oracle Fusion Middleware Configuration Wizard, ensure that you have installed the following:

  • Oracle WebLogic Server 11g Release 1 (10.3.6) or Oracle WebLogic Server 11g Release 1 (10.3.5)

  • Oracle SOA Suite (Oracle Identity Manager Users Only)

  • Oracle Identity and Access Management 11g Release 2 (11.1.2)

2.1.5 JPS Keystore Service Initialization Failure in Join Domain Scenario for Oracle Access Management Domain

In a join domain scenario between Oracle Identity Manager and Oracle Access Management, the keystore file configured in Oracle Platform Security Services (OPSS) configuration does not exist but passwords are already available from OIM installation in the Credential Store Framework (CSF) store. Hence when Oracle Access Management Server tries to store the key store file, it fails as the key already exists.


  • Before starting the Administration server, copy the key store file from Oracle Identity Manager domain to Oracle Access Management domain's key store location.

    For example: Copy the default keystore (.jks) file from <OIM domain>/config/fmwconfig to <OAM domain>/config/fmwconfig.


    This step should be performed after you have configured the Oracle Access Management domain using config.sh but before you start the Administration Server.

  • In Oracle Identity Manager domain, look for default context in jps-config.xml.

  • Under this locate keystore service and keystore file location.

  • Copy this keystore (.jks) file to the location defined in Oracle Access Management domain key store location under OPSS (jps-config.xml) configuration.

2.2 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

2.2.1 Apply Patches and Manually Copy OIM Adapter Template

The patches and workaround described in this note are required only if you are integrating Oracle Access Manager or Oracle Identity Manager with Oracle Unified Directory, and Oracle Unified Directory is configured for High Availability in active-active mode.

After performing a fresh installation of Oracle Identity and Access Management, apply the patch for Oracle Identity Manager Bug 16390983 and also Patch 15894053.

Then manually copy the file adapter_template_oim.xml from ORACLE_COMMON_HOME/modules/oracle.ovd_11.1.1/templates/ to: IAM_ORACLE_HOME/libovd/. For example:

cp ORACLE_COMMON_HOME/modules/oracle.ovd_11.1.1/templates/adapter_template_oim.xml IAM_ORACLE_HOME/libovd/

2.2.2 Default Cache Directory Error

When you start the Oracle Fusion Middleware Configuration Wizard, by running the config.cmd or the config.sh command, the following error message is displayed:

*sys-package-mgr*: can't create package cache dir

The error message indicates that the default cache directory is not valid. You can change the cache directory by including the-Dpython.cachedir=<valid_directory> option in the command line.

2.2.3 Mandatory Steps to Complete After Installing Oracle Access Management or Oracle Identity Manager

The following are the steps that must be followed after installing Oracle Access Management (OAM) 11g Release 2 (11.1.2) or Oracle Identity Manager (OIM) 11g Release 2 (11.1.2):

  1. Configure domain

  2. Configure the Configsecuritystore

  3. Copy jps-config.xml file to jps-config.xml_old for recovery and reference

  4. Do the following to edit the jps-config.xml file:

    1. Look for the XML element

      <serviceInstance name="pdp.service" provider="pdp.service.provider"> 
    2. Delete the following two entries:

      <property name="oracle.security.jps.pdp.AuthorizationDecisionCacheEnabled" value="false"/> 
      <property name="oracle.security.jps.ldap.policystore.refresh.interval" value="10000"/>

      After you delete the first two properties their default values will be set. The default values are true and 600000 (10 minutes) respectively:

    3. Add following entry in same section:

      <property name="oracle.security.jps.pd.client.PollingTimerInterval" value="31536000"/>
    4. The edited XML must look like the following:

      <serviceInstance name="pdp.service" provider="pdp.service.provider"> 
                  <description>Runtime PDP service instance</description> 
                  <property name="oracle.security.jps.runtime.instance.name" 
                  <property name="oracle.security.jps.runtime.pd.client.sm_name" 
                  <property name="oracle.security.jps.policystore.refresh.enable" 
      name="oracle.security.jps.pd.client.PollingTimerInterval" value="31536000"/> 

2.2.4 Use Absolute Paths While Running configureSecurityStore.py With -m Join

The Configure Security Store fails to create the policy store object when using variables such as ORACLE_HOME and MW_HOME while running configureSecurityStore.py with the -m join parameter. Specify absolute paths for ORACLE_HOME and MW_HOME while running the command with -m join parameter.

2.2.5 Warning Messages from idmConfigTool -upgradeLDAPUsersForSSO are Safe to Ignore

If you upgrade existing LDAP users using a command such as:

idmConfigTool.bat -upgradeLDAPUsersForSSO input_file=filename

you might see warning messages similar to these:

WARNING: Expiry date not present in cn=oamadmin,cn=Users,  
WARNING: Expiry date not present in cn=weblogic_idm,cn=Users,
WARNING: Expiry date not present in cn=orcladmin, cn=Users,

These messages do not impact function and can be safely ignored.

2.3 Mandatory Patches for Installing Oracle Identity Manager

This section describes the mandatory patches to be downloaded to install Oracle Identity Manager.


This section provides the mandatory patches that were available at the time of publishing the release notes. For additional changes and revised patch requirements, see My Oracle Support document ID 1908280.1.

The patches must be downloaded only after you have installed Oracle Identity Manager using the Oracle Identity and Access Management 11g Release 2 (11.1.2) Installer and before starting the Oracle Identity Manager configuration.

Table 2-1 lists the patches that need to be downloaded and installed:

Table 2-1 Patches to be Installed

Patch Number Product Name


Oracle Virtual Directory


Oracle Application Access Controls Governor


Oracle SOA Suite


Oracle Business Process Management Suite


Oracle Containers for J2EE

To download the patches, do the following:

  1. Log in to My Oracle Support.

  2. Click Patches & Updates.

  3. Select Patch name or Number.

  4. Enter the patch number.

  5. Click Search.

  6. Download and Install the patch.