Skip Headers
Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition)
11g Release 7 (11.1.7)
Part Number E21032-21
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
PDF · Mobi · ePub

9 Provisioning Identity Management

This chapter describes how to provision Identity Management.

It contains the following sections:

9.1 Introduction to the Provisioning Process

This section introduces the provisioning process.

9.1.1 Provisioning Stages

There are eight stages to provisioning. These stages are:

  1. preverify - This checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured.

  2. install - This installs all of the software required by the installation.

  3. preconfigure - This does the following:

    • Creates OID and seeds it with Users/Groups.

    • Creates OVD

    • Configures ODSM

    • Creates the WebLogic Domain

    • Creates OHS instance

  4. configure - This does the following:

    • Associates the Policy Store to OID

    • Starts managed servers as necessary

    • Associates OAM with OID

    • Configure OIM

  5. configure-secondary - This does the following:

    • Integrates Weblogic Domain with Webtier

    • Register webtier with domain

    • Integrate OAM and OIM

  6. postconfigure - This does the following:

    • Register OID with Weblogic Domain

    • SSL Enable OID and OVD

    • Tune OID

    • Run OIM Reconciliation

    • Configure UMS Mail Server

    • Generate OAM Keystore

    • Configure OIF

    • Configure Webgates

  7. startup - This starts up all components in the topology

  8. validate - This performs a number of checks on the built topology to ensure that everything is working as it should be.

Each stage must be completed on each host in the topology before the next stage can begin. Failure of a stage will necessitate a cleanup and restart.

9.1.2 Processing Order

You must process hosts in the following order:

  1. LDAP Host 1

  2. LDAP Host 2

  3. Identity and Access Management Host 1

  4. Identity and Access Management Host 2

  5. Web Host 1

  6. Web Host 2

This equates to the following order for hosts in this guide:

  1. LDAPHOST1

  2. LDAPHOST2

  3. IDMHOST1

  4. IDMHOST2

  5. WEBHOST1

  6. WEBHOST2

9.2 Provisioning Procedure

The following sections describe the procedure for performing provisioning.

9.2.1 Running the Provisioning Commands

Provisioning is accomplished by running the command runIDMProvisioning.sh a number of times on each host in the topology.

BEFORE embarking on the provisioning process, read this entire section. There are extra steps detailed below which must be performed during the process.

You MUST run each command on each host in the topology before running the next command.

Before running the provisioning tool, set the following environment variables:

  • Set ANT_HOME to: REPOS_HOME/provisioning/ant

  • Set JAVA_HOME to: REPOS_HOME/jdk6

The commands you must run are:

runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preverify

runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target install

runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preconfigure

runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure

runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure-secondary

runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target postconfigure

runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target startup

runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target validate

9.2.2 Creating Backups

It is important that you take a backup of the file systems and databases at the following points:

  1. Prior to starting provisioning.

  2. At the end of the installation phase.

  3. Upon completion of provisioning

It is not supported to restore a backup at any phase other than those three.

9.2.3 Apply Patch 16708003

After performing the install phase on the primoridial host (IDMHOST1), you must download Patch 16708003and apply it on IDMHOST1.

9.2.4 Copy Provisioning Files to WEBHOST1 and WEBHOST2

If you are not sharing your provisioning directory onto the WEBHOSTs, you must manually copy the following directories from IDMHOST1 to the local provisioning directories on those hosts. You must do this BEFORE running the install on those hosts.

SHARED_CONFIG_DIR/lcmconfig/topology

SHARED_CONFIG_DIR/lcmconfig/credconfig

For example:

scp -r SHARED_CONFIG_DIR/lcmconfig/topology WEBHOST1:SHARED_CONFIG_DIR/lcmconfig/
scp -r SHARED_CONFIG_DIR/lcmconfig/credconfig WEBHOST1:SHARED_CONFIG_DIR/lcmconfig/

9.2.5 Copying WebGate Configuration Files to WEBHOST1 and WEBHOST2

When configuring WebGate during the postconfigure stage, the provisioning tool requires access to files created on the primordial host. So BEFORE postconfigure is run on WEBHOST1 and WEBHOST2, you must copy the entire directory ASERVER_HOME/output to the same location on WEBHOST1 and WEBHOST2.

For example:

scp -r IDMHOST1:$ASERVER_HOME/output  WEBHOST1:$ASERVER_HOME

Note:

Before making the copy, you might need to manually create the directory ASERVER_HOME on WEBHOST1 and WEBHOST2. After provisioning is complete, you can remove this directory from WEBHOST1 and WEBHOST2.

9.3 Check List

To help keep track of the provisioning process, print this check list from the PDF version of this guide. Run each stage on the hosts shown, and add a check mark to the corresponding row when that run is complete.

Provisioning Stage Host Complete

Preverify

LDAPHOST1

  
 

LDAPHOST2

  
 

IDMHOST1

  
 

IDMHOST2

  
 

WEBHOST1

  
 

WEBHOST2

  

Install

LDAPHOST1

  
 

LDAPHOST2

  
 

IDMHOST1

  

Copy Provisioning Files

IDMHOST1

  
 

WEBHOST1

  
 

WEBHOST2

  

Install

IDMHOST2

  
 

WEBHOST1

  
 

WEBHOST2

  

Preconfigure

LDAPHOST1

  
 

LDAPHOST2

  
 

IDMHOST1

  
 

IDMHOST2

  
 

WEBHOST1

  
 

WEBHOST2

  

Configure

LDAPHOST1

  
 

LDAPHOST2

  
 

IDMHOST1

  
 

IDMHOST2

  
 

WEBHOST1

  
 

WEBHOST2

  

Configure Secondary

LDAPHOST1

  
 

LDAPHOST2

  
 

IDMHOST1

  
 

IDMHOST2

  
 

WEBHOST1

  
 

WEBHOST2

  

Post Configure

LDAPHOST1

  
 

LDAPHOST2

  
 

IDMHOST1

  
 

IDMHOST2

  

Copy WebGate Files

WEBHOST1

  
 

WEBHOST2

  

Post Configure

WEBHOST1

  
 

WEBHOST2

  

Startup

LDAPHOST1

  
 

LDAPHOST2

  
 

IDMHOST1

  
 

IDMHOST2

  
 

WEBHOST1

  
 

WEBHOST2

  

Validate

LDAPHOST1

  
 

LDAPHOST2

  
 

IDMHOST1

  
 

IDMHOST2

  
 

WEBHOST1

  
 

WEBHOST2

  

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us