Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 7 (11.1.7) Part Number E21032-21 |
|
|
PDF · Mobi · ePub |
This chapter describes tasks you must perform after provisioning.
It contains the following sections:
Section 10.2, "Updating Oracle HTTP Server Runtime Parameters"
Section 10.3, "Creating ODSM Connections to Oracle Virtual Directory"
Section 10.4, "Post-Provisioning Steps for Oracle Identity Manager"
Section 10.5, "Post-Provisioning Steps for Oracle Access Manager"
Section 10.6, "Passing Configuration Properties File to Oracle Fusion Applications"
Due to Bugs 17075699 and 17076033 in Identity Management Provisioning, you must make changes to the following datasources:
EDNLocalTxDataSource-rcn
mds-oim-rcn
mds-owsm-rcn
mds-soa-rcn
oamDS-rcn
oimJMSStoreDS-rcn
OraSDPMDataSource-rcn
SOALocalTxDataSource-racn
To make the changes, proceed as follows:
Log in to the WebLogic Administration Console at the URL listed in Section 16.2, "About Identity Management Console URLs."
Click Lock & Edit.
Navigate to Services -> Data Sources.
Click on the data source to be updated, for example, mds-soa-rc0
Click the Transaction tab.
Deselect Supports Global Transactions.
Click Save.
Repeat Steps 4 through 7 for all the listed datasources.
Click Activate Changes.
Restart all servers.
By default, the Oracle HTTP Server contains parameter values that are suitable for most applications. These values, however, must be adjusted in IDM Deployments, on both WEBHOST1 and WEBHOST2.
Proceed as follows:
Edit the file httpd.conf
, which is located in:
WEB_ORACLE_INSTANCE
/config/OHS/
component_name
Find the entry that looks like this:
<IfModule mpm_worker_module>
Update the values in this section as follows:
<IfModule mpm_worker_module> ServerLimit 20 MaxClients 1000 MinSpareThreads 200 MaxSpareThreads 800 ThreadsPerChild 50 MaxRequestsPerChild 10000 AcceptMutex fcntl </IfModule>
Leave all remaining values unchanged.
Save the file.
Before you can manage Oracle Virtual Directory you must create connections from ODSM to each of your Oracle Virtual Directory instances. To do this, proceed as follows:
Access ODSM through the load balancer at: http://ADMIN.mycompany.com/odsm
Follow these steps to create connections to Oracle Virtual Directory:
To create connections to Oracle Virtual Directory, follow these steps. Create connections to each Oracle Virtual Directory node separately. Using the Oracle Virtual Directory load balancer virtual host from ODSM is not supported:
Create a direct connection to Oracle Virtual Directory on LDAPHOST1 providing the following information in ODSM:
Host
: LDAPHOST1.mycompany.com
Port
: 8899
(The Oracle Virtual Directory proxy port, OVD_ADMIN_PORT
in Section 3.7, "Fixed Ports Used by the Provisioning Wizard.")
Enable the SSL option.
User
: cn=orcladmin
Password
: password_to_connect_to_OVD
Create a direct connection to Oracle Virtual Directory on LDAPHOST2 providing the following information in ODSM:
Host
: LDAPHOST2.mycompany.com
Port
: 8899
(The Oracle Virtual Directory proxy port)
Enable the SSL option.
User
: cn=orcladmin
Password
: password_to_connect_to_OVD
Perform the following task to ensure that Oracle Identity Manager works correctly after provisioning.
As a workaround for a bug in the Identity Management Provisioning tools (Bug 16667037), you must add an Oracle Identity Manager property. Perform the following steps:
Log in to the WebLogic Console. (The Console URLs are provided in Section 16.2, "About Identity Management Console URLs.")
Navigate to Environment -> Servers.
Click Lock and Edit.
Click on the server WLS_OIM1.
Click on the Server Start subtab
Add the following to the Arguments field:
-Djava.net.preferIPv4Stack=true
Click Save.
Repeat Steps 4-7 for the managed server WLS_OIM2.
Click Activate Changes.
Restart the managed servers WLS_OIM1 and WLS_OIM2, as described in Section 16.1, "Starting and Stopping Components."
Perform the tasks in the following sections.
The Identity Management Console URLs are provided in Section 16.2, "About Identity Management Console URLs."
Update the OAM Security Model of all WebGate profiles, with the exception of Webgate_IDM and Webgate_IDM_11g, which should already be set
To do this, perform the following steps:
Log in to the Oracle Access Manager Console as the Oracle Access Manager administration user identified by the entry in Section 8.2, "Update User Names in Provisioning Response File."
Click the System Configuration tab.
Expand Access Manager Settings - SSO Agents.
Click OAM Agents and select Open from the Actions menu.
In the Search window, click Search.
Click an Agent, for example: IAMSuiteAgent.
Set the Security value to the security model in the OAM Configuration screen of the Identity Management Provisioning Wizard, as described in Section 8.1, "Running the Identity Management Provisioning Wizard to Create a Profile.".
Click Apply.
Restart the managed servers WLS_OAM1 and WLS_OAM2 as described in Section 16.1, "Starting and Stopping Components."
To update the maximum number of WebGate connections, proceed as follows.
In the Oracle Access Manager Console, select the System Configuration tab.
Select Access Manager -> SSO Agents -> OAM Agent from the directory tree. Double-click or select the Open Folder icon.
On the displayed search page, click Search to perform an empty search.
Click the Agent Webgate_IDM.
Select Open from the Actions menu.
Set Maximum Number of Connections to 20
. (This is the total maximum number of connections for the primary servers, which is 10 wls_oam1 connections plus 10 wls_oam2 connections.)
Set AAA Timeout Threshold to 5
.
In the User Defined Parameters box, set client_request_retry_attempts
to 11
.
If the following Logout URLs are not listed, add them:
/oamsso/logout.html
/console/jsp/common/logout.jsp
/em/targetauth/emaslogout.jsp
Click Apply.
Repeat Steps 4 through 7 for each WebGate
In order to allow WebGate 11g to display the credential collector, you must add /oam
to the list of public policies.
Proceed as follows:
Log in to the OAM console at: http://ADMIN.mycompany.com/oamconsole
Select the Policy Configuration tab.
Expand Application Domains - IAM Suite
Click Resources.
Click Open.
Click New resource.
Provide the following values:
Type: HTTP
Description: OAM Credential Collector
Host Identifier: IAMSuiteAgent
Resource URL: /oam
Protection Level: Unprotected
Authentication Policy: Public Policy
Leave all other fields at their default values.
Click Apply.
Oracle Fusion Applications requires a property file which details the IDM deployment. After provisioning, this file can be found at the following location:
SHARED_CONFIG_DIR/fa/idmsetup.properties