Skip Headers
Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition)
11
g
Release 7 (11.1.7)
Part Number E21032-21
Home
Book List
Index
Contact Us
Next
PDF
·
Mobi
·
ePub
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in This Guide
New and Changed Features for 11
g
Release 7 (11.1.7)
1
Enterprise Deployment Overview
1.1
About the Enterprise Deployment Guide
1.2
Enterprise Deployment Terminology
1.3
Benefits of Oracle Recommendations
1.3.1
Built-in Security
1.3.2
High Availability
2
Introduction to the Enterprise Deployment Reference Topologies
2.1
Overview of Enterprise Deployment Reference Topologies
2.1.1
Reference Topologies Documented in the Guide
2.1.1.1
Oracle Access Manager 11g and Oracle Identity Manager 11g for Fusion Applications
2.1.1.2
Oracle Identity Federation 11g for Fusion Applications
2.1.2
About the Directory Tier
2.1.2.1
Considering Oracle Internet Directory Password Policies
2.1.2.2
Using Different Directory Configurations
2.1.2.3
High Availability Provisions
2.1.3
About the Application Tier
2.1.3.1
Architecture Notes
2.1.3.2
High Availability Provisions
2.1.3.3
Security Provisions
2.1.3.4
About WebLogic Domains
2.1.4
About the Web Tier
2.1.4.1
Architecture Notes
2.1.4.2
High Availability Provisions
2.1.4.3
Security Provisions
2.2
Hardware Requirements for an Enterprise Deployment
2.3
Software Components Installed as Part of the Provisioning Process
2.4
Road Map for the Reference Topology Installation and Configuration
2.4.1
Flow Chart of the Oracle Identity Management Enterprise Deployment Process for Oracle Fusion Applications
2.4.2
Steps in the Oracle Identity Management Enterprise Deployment Process
3
Preparing the Network for an Enterprise Deployment
3.1
Overview of Preparing the Network for an Enterprise Deployment
3.2
Planning Your Network
3.3
About Virtual Server Names Used by the Topologies
3.3.1
Virtual Host Names
3.3.2
Virtual Server names
3.3.2.1
POLICYSTORE.mycompany.com
3.3.2.2
IDSTORE.mycompany.com
3.3.2.3
ADMIN.mycompany.com
3.3.2.4
IDMINTERNAL.mycompany.com
3.3.2.5
SSO.mycompany.com
3.4
Configuring the Load Balancers
3.4.1
Load Balancer Requirements
3.4.2
Load Balancer Configuration Procedures
3.4.3
Load Balancer Configuration
3.5
About IP Addresses and Virtual IP Addresses
3.6
About Firewalls and Ports
3.7
Fixed Ports Used by the Provisioning Wizard
3.8
Managing Oracle Access Manager Communication Protocol
3.8.1
Oracle Access Manager Protocols
3.8.2
Overview of Integration Requests
3.8.3
Overview of User Request
3.8.4
About the Unicast Requirement for Communication
4
Preparing Storage for an Enterprise Deployment
4.1
Overview of Preparing the File System for Enterprise Deployment
4.2
Terminology for Directories and Directory Variables
4.3
About Recommended Locations for the Different Directories
4.3.1
Shared Storage Recommendations for Binary (Oracle Home) Directories
4.3.1.1
About the Binary (Middleware Home) Directories
4.3.1.2
About Sharing a Single Middleware Home Across Multiple Hosts
4.3.1.3
About Using Redundant Binary (Middleware Home) Directories
4.3.2
Shared Storage Recommendations for Provisioning Repository
4.3.3
Recommendations for Domain Configuration Files
4.3.3.1
About Oracle WebLogic Server Administration and Managed Server Domain Configuration Files
4.3.3.2
Shared Storage Requirements for Administration Server Domain Configuration Files
4.3.3.3
Local Storage Requirements for Managed Server Domain Configuration Files
4.3.4
Shared Storage Recommendations for JMS File Stores and Transaction Logs
4.3.5
Recommended Directory Locations
4.3.5.1
Provisioning Repository
4.3.5.2
Shared Storage
4.3.5.3
Local Storage
4.4
Oracle Fusion Middleware Homes
5
Preparing the Servers for an Enterprise Deployment
5.1
Overview of Preparing the Servers
5.2
Verifying Your Server and Operating System
5.3
Meeting the Minimum Hardware Requirements
5.4
Meeting Operating System Requirements
5.4.1
Meeting UNIX and Linux Requirements
5.4.1.1
Configuring Kernel Parameters
5.4.1.2
Setting the Open File Limit
5.4.1.3
Setting Shell Limits
5.4.1.4
Configuring Local Hosts File
5.5
Enabling Unicode Support
5.6
Enabling Virtual IP Addresses
5.6.1
Virtual IP Addresses to Enable
5.6.2
Enabling Virtual Addresses by Using the Command Line
5.7
Mounting Shared Storage Onto the Host
5.8
Configuring Users and Groups
5.9
Installing Oracle Software onto a Server with Multiple Network Addresses
5.10
Synchronize Oracle Internet Directory Nodes
6
Preparing for Provisioning
6.1
Assembling Information for Identity Management Provisioning
6.2
Disable Oracle Internet Directory Monitoring
6.3
Creating an Oracle Fusion Applications Provisioning Repository
6.4
Verifying Java
6.5
Installing the IDM Provisioning Wizard
6.6
Applying Patch 17434914
6.7
Checking Port Availability
7
Preparing the Database for an Enterprise Deployment
7.1
Overview of Preparing the Databases for an Identity Management Enterprise Deployment
7.2
Verifying the Database Requirements for an Enterprise Deployment
7.2.1
Databases Required
7.2.2
Database Host Requirements
7.2.3
Database Versions Supported
7.2.4
Patching the Oracle Database
7.2.4.1
Patch Requirements for Oracle Database 11g (11.1.0.7)
7.2.4.2
Patch Requirements for Oracle Database 11g (11.2.0.2.0)
7.2.5
About Initialization Parameters
7.3
Installing the Database for an Enterprise Deployment
7.4
Creating Database Services
7.4.1
Why Create Database Services?
7.4.2
Creating Database Services for 10.x and 11.1.x Databases
7.4.3
Creating Database Services for 11.2.x Databases
7.4.4
Database Tuning
7.5
Preparing the Database for Repository Creation Utility (RCU)
7.6
Loading the Identity Management Schemas in the Oracle RAC Database by Using RCU
7.7
Backing up the Database
8
Creating a Provisioning Profile
8.1
Running the Identity Management Provisioning Wizard to Create a Profile
8.2
Update User Names in Provisioning Response File
8.3
Copy Provisioning File to DMZ Hosts
9
Provisioning Identity Management
9.1
Introduction to the Provisioning Process
9.1.1
Provisioning Stages
9.1.2
Processing Order
9.2
Provisioning Procedure
9.2.1
Running the Provisioning Commands
9.2.2
Creating Backups
9.2.3
Apply Patch 16708003
9.2.4
Copy Provisioning Files to WEBHOST1 and WEBHOST2
9.2.5
Copying WebGate Configuration Files to WEBHOST1 and WEBHOST2
9.3
Check List
10
Performing Post-Provisioning Configuration
10.1
Correcting Datasource Configuration
10.2
Updating Oracle HTTP Server Runtime Parameters
10.3
Creating ODSM Connections to Oracle Virtual Directory
10.4
Post-Provisioning Steps for Oracle Identity Manager
10.4.1
Add an Oracle Identity Manager Property
10.5
Post-Provisioning Steps for Oracle Access Manager
10.5.1
Updating Existing WebGate Agents
10.5.2
Update WebGate Configuration
10.5.3
Creating Oracle Access Manager Policies for WebGate 11
g
10.6
Passing Configuration Properties File to Oracle Fusion Applications
11
Enabling Oracle Identity Federation
11.1
Starting OIF Managed Servers
11.2
Updating OIF Web Configuration
11.3
Validating Oracle Identity Federation
11.4
Configuring the Enterprise Manager Agents
11.5
Enabling Oracle Identity Federation Integration with LDAP Servers
11.6
Updating the Oracle Identity Federation Authentication Scheme in Oracle Access Manager
11.7
Setting Oracle Identity Federation Authentication Mode and Enabling Password Policy Profile
11.8
Enabling and Disabling Oracle Identity Federation
11.8.1
Enabling Oracle Identity Federation
11.8.2
Disabling Oracle Identity Federation
12
Setting Up Node Manager for an Enterprise Deployment
12.1
Overview of the Node Manager
12.2
Configuring Node Manager to Use SSL
12.3
Update Domain to Access Node Manager Using SSL
12.4
Update Start and Stop Scripts to Use SSL
12.5
Enabling Host Name Verification Certificates for Node Manager
12.5.1
Generating Self-Signed Certificates Using the utils.CertGen Utility
12.5.2
Creating an Identity Keystore Using the utils.ImportPrivateKey Utility
12.5.3
Creating a Trust Keystore Using the Keytool Utility
12.5.4
Configuring Node Manager to Use the Custom Keystores
12.5.5
Configuring Managed WebLogic Servers to Use the Custom Keystores
12.5.6
Changing the Host Name Verification Setting for the Managed Servers
12.6
Update boot.properties Files
12.7
Starting Node Manager
13
Configuring Server Migration for an Enterprise Deployment
13.1
Overview of Server Migration for an Enterprise Deployment
13.2
Setting Up a User and Tablespace for the Server Migration Leasing Table
13.3
Creating a Multi Data Source Using the Oracle WebLogic Administration Console
13.4
Editing Node Manager's Properties File
13.5
Setting Environment and Superuser Privileges for the wlsifconfig.sh Script
13.6
Configuring Server Migration Targets
13.7
Testing the Server Migration
13.8
Backing Up the Server Migration Configuration
14
Validating Provisioning
14.1
Validating the Administration Server
14.1.1
Verify Connectivity
14.1.2
Validating Failover
14.2
Validating the Oracle Access Manager Configuration
14.3
Validating Oracle Directory Services Manager (ODSM)
14.3.1
Validating Browser Connection to ODSM Site
14.3.2
Validating ODSM Connections to Oracle Internet Directory
14.4
Validating Oracle Identity Manager
14.4.1
Validating the Oracle Internet Directory Instances
14.4.2
Validating the Oracle Virtual Directory Instances
14.4.3
Validating SSL Connectivity
14.4.4
Validating Oracle Identity Manager
14.4.5
Validating SOA Instance from the WebTier
14.4.6
Validating Oracle Identity Manager Instance
14.5
Validating WebGate and the Oracle Access Manager Single Sign-On Setup
15
Scaling Enterprise Deployments
15.1
Scaling Up the Topology
15.2
Scaling Out the Topology
15.3
Scaling Out the Database
15.4
Scaling the Directory Tier
15.4.1
Scaling Oracle Internet Directory
15.4.1.1
Assembling Information for Scaling Oracle Internet Directory
15.4.1.2
Configuring an Additional Oracle Internet Directory Instance
15.4.1.3
Registering Oracle Internet Directory with the WebLogic Server Domain (IDMDomain)
15.4.1.4
Configuring Oracle Internet Directory to Accept Server Authentication Mode SSL Connections
15.4.1.4.1
Configuring Oracle Internet Directory for SSL
15.4.1.5
Reconfiguring the Load Balancer
15.4.2
Scaling Oracle Virtual Directory
15.4.2.1
Assembling Information for Scaling Oracle Virtual Directory
15.4.2.2
Configuring an Additional Oracle Virtual Directory
15.4.2.3
Post-Configuration Steps
15.4.2.3.1
Registering Oracle Virtual Directory with the Oracle WebLogic Server Domain (IDMDomain)
15.4.2.3.2
Configuring Oracle Virtual Directory for SSL
15.4.2.4
Creating ODSM Connections to Oracle Virtual Directory
15.4.2.5
Creating Adapters in Oracle Virtual Directory
15.4.2.5.1
Creating Oracle Virtual Directory Adapters for Oracle Internet Directory and Active Directory
15.4.2.5.2
Validating the Oracle Virtual Directory Adapters
15.4.2.6
Reconfiguring the Load Balancer
15.5
Scaling the Application Tier
15.5.1
Mounting Middleware Home and Creating a New Machine when Scaling Out
15.5.2
Creating a New Node Manager when Scaling Out
15.5.3
Scaling ODSM
15.5.4
Scaling Oracle Access Manager 11g
15.5.4.1
Assembling Information for Scaling Oracle Access Manager
15.5.4.2
Prepare New Node for Scaling Out
15.5.4.3
Configure New Oracle Access Manager Server
15.5.4.4
Run Pack/Unpack
15.5.4.5
Register Managed Server with Oracle Access Manager
15.5.4.6
Update WebGate Profiles
15.5.4.7
Update the Web Tier
15.5.5
Scaling Oracle Identity Manager
15.5.5.1
Assembling Information for Scaling Oracle Identity Manager
15.5.5.2
Cloning an Existing Oracle Identity Manager Server when Scaling Up Oracle Identity Manager or SOA
15.5.5.3
Mounting Middleware Home and Creating a New Machine when Scaling Out
15.5.5.4
Configuring New JMS Servers
15.5.5.5
Performing Pack/Unpack When Scaling Out
15.5.5.6
Configuring Oracle Coherence for Deploying Composites
15.5.5.6.1
Enabling Communication for Deployment Using Unicast Communication
15.5.5.6.2
Specifying the Host Name Used by Oracle Coherence
15.5.5.7
Completing the Oracle Identity Manager Configuration Steps
15.5.6
Scaling Oracle Identity Federation
15.5.6.1
Assembling Information for Scaling Oracle Identity Federation
15.5.6.2
Configuring Oracle Identity Federation
15.5.6.3
Performing Pack/Unpack when Scaling Out
15.5.6.4
Complete Oracle Identity Federation Server Configuration
15.5.6.5
Add New Managed Server to OHS Configuration
15.5.7
Running Pack/Unpack
15.5.8
Adding New WebLogic Managed Server to Oracle HTTP Server Configuration Files
15.6
Scaling the Web Tier
15.6.1
Assembling Information for Scaling the Web Tier
15.6.2
Mounting Middleware Home and Copying Oracle HTTP Server Files when Scaling Out
15.6.3
Running the Configuration Wizard to Configure the HTTP Server
15.6.4
Registering Oracle HTTP Server with WebLogic Server
15.6.5
Reconfiguring the Load Balancer
15.7
Post-Scaling Steps for All Components
16
Managing the Topology for an Enterprise Deployment
16.1
Starting and Stopping Components
16.1.1
Startup Order
16.1.2
Starting and Stopping Servers
16.1.2.1
Starting All Servers
16.1.2.2
Stopping All Servers:
16.2
About Identity Management Console URLs
16.3
Monitoring Enterprise Deployments
16.3.1
Monitoring Oracle Internet Directory
16.3.1.1
Oracle Internet Directory Component Names Assigned by Oracle Identity Manager Installer
16.3.2
Monitoring Oracle Virtual Directory
16.3.3
Monitoring WebLogic Managed Servers
16.4
Auditing Identity Management
16.5
Performing Backups and Recoveries
16.5.1
Peforming Baseline Backups
16.5.2
Performing Runtime Backups
16.5.3
Performing Backups During Installation and Configuration
16.5.3.1
Backing Up Middleware Home
16.5.3.2
Backing Up LDAP Directories
16.5.3.2.1
Backing up Oracle Internet Directory
16.5.3.2.2
Backing up Oracle Virtual Directory
16.5.3.2.3
Backing Up Third-Party Directories
16.5.3.3
Backing Up the Database
16.5.3.4
Backing Up the WebLogic Domain
16.5.3.5
Backing Up the Web Tier
16.6
Patching Enterprise Deployments
16.6.1
Patching an Oracle Fusion Middleware Source File
16.6.2
Patching Identity Management Components
16.7
Preventing Timeouts for SQL
16.8
Manually Failing Over the WebLogic Administration Server
16.8.1
Failing Over the Administration Server to IDMHOST2
16.8.2
Starting the Administration Server on IDMHOST2
16.8.3
Validating Access to IDMHOST2 Through Oracle HTTP Server
16.8.4
Failing the Administration Server Back to IDMHOST1
16.9
Changing Startup Location
16.10
Troubleshooting
16.10.1
Troubleshooting Identity Management Provisioning
16.10.1.1
Provisioning Fails
16.10.1.2
OID Account is Locked
16.10.2
Troubleshooting Start/Stop Scripts
16.10.3
Troubleshooting Oracle Internet Directory
16.10.3.1
Oracle Internet Directory Server is Not Responsive.
16.10.3.2
SSO/LDAP Application Connection Times Out
16.10.3.3
LDAP Application Receives LDAP Error 53 (DSA Unwilling to Perform)
16.10.3.4
TNSNAMES.ORA, TAF Configuration, and Related Issues
16.10.4
Troubleshooting Oracle Virtual Directory
16.10.4.1
Command Not Found Error When Running SSLServerConfig.sh
16.10.4.2
Oracle Virtual Directory is Not Responsive
16.10.4.3
SSO/LDAP Application Connection Times Out
16.10.4.4
TNSNAMES.ORA, TAF Configuration, and Related Issues
16.10.4.5
SSLServerConfig.sh Fails with Error
16.10.5
Troubleshooting Oracle Directory Services Manager
16.10.5.1
ODSM Browser Window and Session Issues
16.10.5.2
ODSM Does not Open When Invoked from Fusion Middleware Control
16.10.5.3
ODSM Failover is Not Transparent
16.10.5.4
ODSM Loses Connection and Displays Message that LDAP Server is Down
16.10.5.5
ODSM Loses Connection to Instance Using ORAC Database
16.10.5.6
OHS Must Be Configured to Route ODSM Requests to Multiple Oracle WebLogic Servers
16.10.5.7
ODSM is Not Accessible
16.10.6
Troubleshooting Oracle Access Manager 11g
16.10.6.1
OAM Fails to Connect to the Identity Store at First Start
16.10.6.2
OAM Runs out of Memory
16.10.6.3
Fusion Applications Preverify Fails to Validate OAM Admin Users
16.10.6.4
User Reaches the Maximum Allowed Number of Sessions
16.10.6.5
Policies Do Not Get Created When Oracle Access Manager is First Installed
16.10.6.6
You Are Not Prompted for Credentials After Accessing a Protected Resource
16.10.6.7
Cannot Log In to OAM Console
16.10.7
Troubleshooting Oracle Identity Manager
16.10.7.1
java.io.FileNotFoundException When Running Oracle Identity Manager Configuration
16.10.7.2
ResourceConnectionValidationxception When Creating User in Oracle Identity Manager
16.10.8
Troubleshooting Oracle SOA Suite
16.10.8.1
Transaction Timeout Error
16.10.9
Troubleshooting Oracle Identity Federation
16.10.9.1
Extending the Domain with Oracle Identity Federation Fails
16.10.9.2
Cannot Change Oracle Identity Federation Parameters by Using Fusion Middleware Control
A
Adding Support for Active Directory
A.1
Creating Adapters in Oracle Virtual Directory
A.1.1
Removing Existing Adapters
A.1.2
Creating an Oracle Virtual Directory Adapter for Active Directory
A.1.3
Validating the Oracle Virtual Directory Adapters
A.2
Preparing Active Directory
A.2.1
Configuring Active Directory for Use with Oracle Access Manager and Oracle Identity Manager
A.2.2
Creating Users and Groups
A.2.2.1
Creating Users and Groups by Using the idmConfigTool
A.2.2.2
Creating the Configuration File
A.2.3
Creating Access Control Lists in Non-Oracle Internet Directory Directories
A.3
Modifying Oracle Identity Manager to Support Active Directory
A.4
Updating the Username Generation Policy for Active Directory
Index
Scripting on this page enhances content navigation, but does not change the content in any way.