Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 5 (11.1.5) Part Number E21032-15 |
|
|
PDF · Mobi · ePub |
This chapter describes the software installations required for an Oracle Identity Management enterprise deployment.
This chapter contains the following topics:
The installation is divided in two sections. In the first one, the WebTier required installations are addressed. In the second, the required Oracle Fusion Middleware components are installed. Later chapters describe the configuration steps to create the Oracle Identity Management topology.
See Also:
The Oracle Fusion Middleware 11g Release 1 Download, Installation, and Configuration Readme for this release, at: http://docs.oracle.com/cd/E23104_01/download_readme.htm
Oracle groups its software releases by product area. A Product Media Pack refers to those groupings. Each media pack may also include a zipped file containing electronic documentation files or "Quick Install" files, which facilitate the initial installation of the software.
Note:
For installations of Oracle Fusion Applications, you must have available the complete set of software contained in the product media pack. You cannot install from individual pieces. Therefore, if you need to install from media that is no longer available on Oracle Software Delivery Cloud, contact My Oracle Support to obtain the complete media pack.
Once you have completed the software licensing agreements, you can obtain the Oracle Fusion Applications software using one of these two methods:
Oracle Software Delivery Cloud Portal: Provides you with a readme document that helps you to determine which media you need to fulfill the license you have purchased. You download only the media you need. This is the default delivery method.
Oracle Store: Provides a complete set of the software in DVD format. You use only the DVDs covered by your software licensing agreement.
Using either method, you can obtain the Oracle Fusion Applications Provisioning repository and gain access to the Oracle Fusion Applications documentation library.
After you download the archive file, extract the archive file into a directory of your choice on the machine where you are performing the installation.
For more information, see the Preparing for an Installation chapter in Oracle Fusion Applications Installation Guide.
Different topologies use different servers and require different software to be installed. Table 6-1, "Software to be Installed for Different Topologies" shows, for each topology, which software should be installed into each host. The subsequent sections explain how to do this. Also see Table 2-2, "Software Versions Used" a
Where two different pieces of Oracle binary software are installed onto the same host (for example OIM11g and SOA11g), this software is installed in the same Middleware home location, but in different Oracle homes.
All software uses the same Middleware home location.
Notes:
When using shared storage, ensure that users and groups used in the installation have the same ID on all hosts that use the storage. If you fail to do this, some hosts might not be able to see or execute some all the files.
Some products, such as Oracle Internet Directory and Oracle Virtual Directory, require you to run a script that sets the permissions of some files to root
.
Table 6-1 Software to be Installed for Different Topologies
Topology | Hosts | OHS 11g | JRockit | WLS | IAM | SOA | IDM |
---|---|---|---|---|---|---|---|
All |
WEBHOST1 |
X |
|||||
WEBHOST2 |
X |
||||||
OAM11g/OIM11g |
IDMHOST1 |
X |
X |
X |
X |
X |
|
IDMHOST2 |
X |
X |
X |
X |
X |
||
OIMHOST1 |
X |
X |
X |
X |
|||
OIMHOST2 |
X |
X |
X |
X |
|||
LDAPHOST1 |
X |
X |
X |
||||
LDAPHOST2 |
X |
X |
X |
||||
Split Domain for OIM (Separate MW_HOME, SOA, and IAM) |
IDMHOST1 |
X |
X |
X |
X |
||
(Separate MW_HOME, SOA, and IAM) |
IDMHOST2 |
X |
X |
X |
X |
||
OIMHOST1 |
X |
X |
X |
X |
|||
OIMHOST2 |
X |
X |
X |
X |
|||
LDAPHOST1 |
X |
X |
X |
||||
LDAPHOST2 |
X |
X |
X |
||||
OIF11g/OAM11g |
IDMHOST2 |
X |
X |
X |
X |
X |
|
OIMHOST1 |
X |
X |
X |
X |
|||
OIMHOST2 |
X |
X |
X |
X |
|||
LDAPHOST1 |
X |
X |
X |
||||
LDAPHOST2 |
X |
X |
X |
||||
Oracle Identity Management products are bundled as two product sets: Oracle Identity Management and Oracle Identity and Access Management. (See Table 2-2, "Software Versions Used".) The relevant Identity Management software is installed into separate Oracle homes.
This section explains how to install Oracle HTTP Server on WEBHOST1 and WEBHOST2.
This section contains the following topics:
Prior to installing the Oracle HTTP server, check that your machines meet the following requirements:
Ensure that the system, patch, kernel, and other requirements are met as specified in Oracle Fusion Middleware Installation Guide for Oracle Web Tier.
On Linux platforms, if the /etc/oraInst.loc
file exists, check that its contents are correct, as described in Section 6.2.1.1, "Check oraInst.loc."
Check that the inventory directory is correct and that you have write permissions for that directory. If the /etc/oraInst.loc
file does not exist, you can skip this step.
The contents of the oraInst.loc
file are shown in this example:
inventory_loc=/u01/app/oraInventory inst_group=oinstall
As described in Section 4.4.4, "Directory Structure," you install the Oracle HTTP Server onto a local disk. You can install it on shared storage, but if you do that, you must allow access from the Web Tier DMZ to your shared disk array, which is undesirable. If you decide to install onto shared disk then please see the Release Notes for further configuration information.
Before Starting the install, ensure that the following environment variables are not set on Linux platforms.
LD_ASSUME_KERNEL
ORACLE_INSTANCE
To start Oracle Universal Installer on Linux, change directory to Disk 1 of the installation media and issue the command
./runInstaller
To start Oracle Universal Installer on Windows, navigate to Disk 1 of the installation media in Windows Explorer and double-click setup.exe
.
On the Specify Inventory Directory screen, do the following:
Enter HOME
/oraInventory
, where HOME
is the home directory of the user performing the installation (this is the recommended location).
Enter the OS group for the user performing the installation.
Click Next.
Follow the instructions on screen to execute createCentralInventory.sh
as root
.
Click OK.
Proceed as follows:
On the Specify Oracle Inventory Directory screen, enter HOME
/oraInventory
, where HOME
is the home directory of the user performing the installation. (This is the recommended location).
Enter the OS group for the user performing the installation.
Click Next.
On the Welcome screen, click Next.
On the Select Installation Type screen, select Install Software –> Do Not Configure
Click Next.
On the Prerequisite Checks screen, click Next.
On the Specify Installation Location screen, specify the following values:
Fusion Middleware Home Location (Installation Location) For example:
/u01/app/oracle/product/fmw
Oracle Home Location Directory: web
On the Specify SecurityUpdates screen, choose whether to receive security updates from Oracle support.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
This section describes how to install Oracle Fusion Middleware.
This section contains the following topics:
Section 6.3.1, "Installing Oracle Fusion Middleware Components"
Section 6.3.3, "Installing Oracle WebLogic Server and Creating the Fusion Middleware Home"
Section 6.3.6, "Installing Oracle Identity and Access Management"
Note:
Oracle Identity Management products are bundled as two product sets: Oracle Identity Management and Oracle Identity and Access Management.
This section describes how to install the required binaries to create the Middleware home (MW_HOME
), the Oracle WebLogic Server home (WL_HOME
), the Oracle homes for Oracle Identity Management (IDM_ORACLE_HOME
), the Oracle SOA Suite (SOA_ORACLE_HOME
) and Oracle Identity and Access Management (IAM_ORACLE_HOME
). A summary of these homes is provided in Table 6-2, "Summary of Homes".
Table 6-2 Summary of Homes
Home Name | Home Description | Products Installed |
---|---|---|
|
Consists of the Oracle WebLogic Server home and, optionally, one or more Oracle homes. |
|
|
This is the root directory in which Oracle WebLogic Server is installed. The |
Oracle WebLogic Server |
|
Contains the binary and library files for Oracle Identity Management and is located in: |
Oracle Internet Directory Oracle Virtual Directory Oracle Directory Services Manager Oracle Identity Federation |
|
Contains the binary and library files required for Oracle Identity and Access Management and is located in |
Oracle Access Manager Oracle Identity Management |
|
Contains the binary and library files required for the Oracle SOA Suite.Required only when creating topologies with OIM and is located in |
Oracle SOA Suite |
|
Contains the generic Oracle home files. This Oracle home is created automatically by any product installation and is located in |
Generic commands |
Footnote 1 Different topologies require multiple MW_HOMEs with different software installed. The MW_HOME, however, is always mounted at the same location, for example: /u01/app/oracle/product/fmw
If you are deploying Oracle Identity Manager in a split domain, install the IAM and SOA binaries twice, once for each domain, using a separate MW_HOME in the Oracle Identity Manager domain for one set.
Oracle strongly recommends that you read the release notes for any additional installation and deployment considerations prior to starting the setup process.
As described in Section 4.4.4, "Directory Structure," you install Oracle Fusion Middleware software in at least two storage locations for redundancy.
You must install the following components of Oracle Fusion Middleware to create a Middleware home (MW_HOME
):
Oracle WebLogic Server: Section 6.3.3, "Installing Oracle WebLogic Server and Creating the Fusion Middleware Home"
One or more of the Oracle Fusion Middleware components
Oracle Fusion Middleware for Identity Management
Perform these steps to install the Oracle WebLogic Server.
To install Oracle WebLogic Server, proceed as follows:
Note:
If you are installing WebLogic Server on a 64-bit platform using a 64-bit JDK, follow the steps in section "Installing WebLogic Server on 64-Bit Platforms Using a 64-Bit JDK" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server instead of the steps in this section.
Start the installer for Oracle WebLogic Server from the installation media:
./wls1036_linux32.bin
In the Welcome screen, click Next.
In the Choose Middleware Home Directory screen, do the following:
Select Create a new Middleware Home.
For Middleware Home Directory, enter ORACLE_BASE/product/fmw
ORACLE_BASE is the base directory under which Oracle products are installed. The recommended value is /u01/app/oracle
. See Section 4.4, "About Recommended Locations for the Different Directories" for more information.
Click Next.
In the Register for Security Updates screen, enter your contact information so that you can be notified of security updates, and click Next.
In the Choose Install Type screen, select Custom, and click Next.
In the Choose Products and Components screen, click Next.
In the JDK Selection screen, select only Oracle JRockit 1.6.0_version SDK, and click Next.
In the Choose Product Installation Directories screen, accept the directories ORACLE_BASE/product/fmw/wlserver_10.3 and ORACLE_BASE/product/fmw/coherence_3.7, and click Next.
In the Installation Summary screen, click Next.
The Oracle WebLogic Server software is installed.
In the Installation Complete screen, clear the Run Quickstart check box and click Done.
Validate the installation by verifying that the following directories and files appear in the ORACLE_HOME directory after installing Oracle WebLogic Server:
coherence_version
jrockit-jdkversion
modules
registry.xml
utils
domain-registry.xml
logs
ocm.rsp
registry.dat
wlserver_10.3
Perform these steps to install Oracle Identity Management on the hosts identified in Table 6-1, "Software to be Installed for Different Topologies".
Oracle Identity Management consists of:
Oracle Internet Directory
Oracle Virtual Directory
Oracle Directory Services Manager (ODSM)
Oracle Identity Federation
Note:
Because the installation is performed on shared storage, the two MW_HOME
installations are accessible and used by the remaining servers in that tier of the topology.
When provisioning the software on the local hard disk of the machine, ensure you complete the steps on all the hosts in the tier.
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management in the Oracle Fusion Middleware documentation library for the platform and version you are using.
To start the Oracle Fusion Middleware 11g Oracle Identity Management Installer, change directory to Disk 1 of the installation media and enter the command:
./runInstaller
Then proceed as follows:
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:
Specify the Inventory Directory: /u01/app/oraInventory
Operating System Group Name: oinstall
A dialog box appears with the following message:
Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
Log in as root
and run:
/u01/app/oraInventory/createCentralInventory.sh
This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, ensure that the following are true:
The /etc/oraInst.loc
file exists.
The Inventory directory listed is valid.
The user performing the installation has write permissions for the Inventory directory.
On the Welcome screen, click Next.
On the Install Software Updates screen, choose whether to register with Oracle Support for updates or search for updates locally.
Click Next.
On the Select Installation Type screen, select Install Software - Do Not Configure, and then click Next.
On the Prerequisite Checks screen, verify that the checks complete successfully, then click Next.
On the Specify Installation Location screen, enter the following values:
Oracle Middleware Home: Select the previously installed Middleware home from the list for MW_HOME
, for example:
/u01/app/oracle/product/fmw
Oracle Home Directory: Enter idm
as the Oracle home directory name.
Click Next.
On the Installation Summary screen, click Install - Do Not Configure.
On the Installation Progress screen, on Linux systems, a dialog box appears that prompts you to run the oracleRoot.sh
script. Open a window and run the oracleRoot.sh
script, as the root
user.
On the Installation Complete screen, click Finish.
Perform these steps to install the Oracle SOA Suite.
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle SOA Suite in the Oracle Fusion Middleware documentation library for the platform and version you are using.
To start the Oracle Fusion Middleware 11g SOA Suite Installer, change directory to Disk 1 of the installation media and enter the appropriate command.
On Linux systems the command is:
./runInstaller
On Windows, the command is:
setup.exe
When the installer prompts you for a JRE/JDK location, enter the Oracle SDK location created in the Oracle WebLogic Server installation, for example:
/u01/app/oracle/product/fmw/jrockit_version
Then perform these installation steps:
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:
Specify the Inventory Directory: /u01/app/oraInventory
Operating System Group Name: oinstall
A dialog box appears with the following message:
Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
Log in as root
and run:
/u01/app/oraInventory/createCentralInventory.sh
This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, check the following:
The /etc/oraInst.loc
file exists.
The Inventory directory listed is valid.
The user performing the installation has write permissions for the Inventory directory.
On the Welcome screen, click Next.
On the Install Software Updates screen, choose whether to register with Oracle Support for updates or search for updates locally.
Click Next.
On the Prerequisite Checks screen, verify that the checks complete successfully, and then click Next.
On the Specify Installation Location screen, enter the following values:
Oracle Middleware Home: Select a previously installed Middleware Home from the drop-down list. For example: /u01/app/oracle/product/fmw
Oracle Home Directory: Enter SOA
as the Oracle home directory name.
Note:
You must use the same Oracle home directory name for Oracle SOA Suite on all hosts.
Click Next.
On the Application Server screen, choose your Application Server, for example: Web Logic Server.
Click Next.
On the Installation Summary screen, click Install.
On the Installation Process screen, click Next.
On the Installation Complete screen, click Finish.
Oracle Identity and Access Management consists of the following products:
Oracle Access Manager 11g
Oracle Identity Manager
Perform the steps in this section to install Oracle Identity and Access Management on the hosts identified in Table 2-2, "Software Versions Used".
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management in the Oracle Fusion Middleware documentation library for the platform and version you are using.
To start the Oracle Fusion Middleware 11g Installer for Oracle Identity and Access Management, change directory to Disk 1 of the installation media and enter the command:
./runInstaller
When the installer prompts you for a JRE/JDK location, enter the Oracle SDK location created in the Oracle WebLogic Server installation, for example:
/u01/app/oracle/product/fmw/jrockit_version
Then perform these installation steps:
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:
Specify the Inventory Directory: /u01/app/oraInventory
Operating System Group Name: oinstall
A dialog box appears with the following message:
Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
Log in as root
and run:
/u01/app/oraInventory/createCentralInventory.sh
This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, check the following:
The /etc/oraInst.loc
file exists.
The Inventory directory listed is valid.
The user performing the installation has write permissions for the Inventory directory.
On the Welcome screen click Next.
On the Install Software Updates screen, choose whether to register with Oracle Support for updates or to search for updates locally.
On the Prerequisite Checks screen, verify that the checks complete successfully, then click Next.
On the Specify Installation Location screen, enter the following values:
Oracle Middle Ware Home: Select a previously installed Middleware Home from the drop-down list. For example: /u01/app/oracle/product/fmw
Oracle Home Directory: Enter iam
as the Oracle home directory name.
Click Next.
On the Installation Summary screen, click Install.
On the Installation Progress screen, click Next.
On the Installation Complete screen, click Finish.
You must apply the following patches and workarounds to your environment. Patches are available for download from http://support.oracle.com
. You can find instructions for deploying each patch in the enclosed README.html
file.
For a complete list of patches, see the Oracle Fusion Middleware Release Notes for your platform and operating system.
This section contains the following topics:
The Release Notes for this version of Oracle Fusion Applications contain the list of Oracle Fusion Middleware patches to apply. You must apply the patches to ensure that your software operates as expected.
Due to issues with versions of the configuration wizard, some environmental variables are not added to the ASERVER_HOME
/bin/setDomainenv.sh
script. This causes certain install sequences to fail. This section is a temporary workaround for that problem. The steps in this section must be performed on all the hosts in application tier (IDMHOST1, IDMHOST2, OIMHOST1, and OIMHOST2).
Apply the following steps across all the WebLogic Server homes in the domain.
Copy the OIMAuthenticator.jar
, oimmbean.jar
, oimsigmbean.jar
and oimsignaturembean.jar
files located under the IAM_ORACLE_HOME
/server/loginmodule/wls
directory to the MW_HOME
/wlserver_10.3/server/lib/mbeantypes
directory.
cp $IAM_ORACLE_HOME/server/loginmodule/wls/* $MW_HOME/wlserver_10.3/server/lib/mbeantypes/.
Change directory to MW_HOME
/wlserver_10.3/server/lib/mbeantypes/
.
cd $MW_HOME/wlserver_10.3/server/lib/mbeantypes
Change the permissions on these files to 750 by using the chmod
command.
chmod 750 *
Oracle Identity Manager uses the wlfullclient.jar
library for certain operations. Oracle does not ship this library, so you must create this library manually. Oracle recommends creating this library under the MW_HOME
/wlserver_10.3/server/lib
directory on all the machines in the application tier of your environment. You do not need to create this library on directory tier machines such as LDAPHOST1
and LDAPHOST2
.
Follow these steps to create the wlfullclient.jar
file:
Navigate to the MW_HOME
/wlserver_10.3/server/lib
directory
Set your JAVA_HOME
environment variable and ensure that the JAVA_HOME
/bin
directory is in your path.
Create the wlfullclient.jar
file by running:
java -jar wljarbuilder.jar
It is a best practice recommendation to back up the Middleware Home and the Oracle Homes. On Linux, to create a backup of the MW_HOME
and the ORACLE_HOME
s, as the root
user, type:
tar -cvpf fmwhomeback.tar ORACLE_BASE/product/fmw
This creates a backup of the installation files for any products installed in the Oracle Fusion Middleware home.