1/18
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Introduction to Third-Party Application Servers
1.1
What is a Third-Party Application Server?
1.2
Oracle Fusion Middleware Components That Support Third-Party Application Servers
1.3
Overview of the Oracle Fusion Middleware IBM WebSphere Support
1.3.1
Supported IBM WebSphere Application Server
1.3.2
Understanding the Topology of Oracle Fusion Middleware on IBM WebSphere Application Server - ND
1.4
Documentation Resources for Using Oracle Identity and Access Management Suite Products on IBM WebSphere
2
Installing and Configuring Oracle Identity and Access Management on IBM WebSphere
2.1
Task 1: Review the System Requirements and Certification Information
2.2
Task 2: Obtain the Necessary Software Media or Downloads
2.3
Task 3: Identify a Database and Install the Required Database Schemas
2.4
Task 4: Install the IBM WebSphere Software
2.4.1
IBM Online Resources for Obtaining and Installing the IBM WebSphere Software
2.4.2
Important Considerations Before Installing the IBM WebSphere Software
2.4.2.1
Using the Correct IBM WebSphere Installer for Your Platform
2.4.2.2
About the Sample Applications and Default Profiles During the IBM WebSphere Installation
2.4.2.3
About the WAS_HOME Directory Path
2.5
Task 5: Install Oracle SOA Suite (Oracle Identity Manager Users Only)
2.6
Task 6: Install Oracle Identity and Access Management Suite
2.6.1
Special Instructions When Installing Oracle Identity and Access Management with IBM WebSphere
2.7
Task 7: Optional: Enabling TDE in Oracle Privileged Account Manager Data Store (For Oracle Privileged Account Manager Users Only)
2.7.1
Enabling TDE in the Database
2.7.2
Enabling Encryption in OPAM Schema
2.8
Task 8: Configure Your Oracle Identity and Access Management Components in a New IBM WebSphere Cell
2.8.1
General Information About Using the Configuration Wizard on IBM WebSphere
2.8.2
Configuring Oracle Identity and Access Management Components for Single-Node Setup
2.9
Task 9: Configure the Database Security Store
2.10
Task 10: Configure the Identity Store
2.11
Task 11: Start the IBM WebSphere Servers
2.12
Task 12: Verify the Configuration of the IBM WebSphere Cell
3
Managing Oracle Identity and Access Management Suite on IBM WebSphere
3.1
Summary of the Oracle Fusion Middleware Management Tools on IBM WebSphere
3.1.1
Using the WebSphere Administrative Console
3.1.1.1
About the IBM WebSphere Administrative Console
3.1.1.2
Locating the Port Number and URL of the IBM WebSphere Administrative Console
3.1.2
Using Oracle Enterprise Manager Fusion Middleware Control
3.1.2.1
About Oracle Enterprise Manager Fusion Middleware Control
3.1.2.2
Locating the Port Number and URL for Fusion Middleware Control
3.1.2.3
Displaying Fusion Middleware Control
3.1.2.4
Viewing an IBM WebSphere Cell from Fusion Middleware Control
3.1.2.5
Viewing an IBM WebSphere Server from Fusion Middleware Control
3.1.2.6
Viewing an IBM WebSphere Application Deployment from Fusion Middleware Control
3.1.2.7
Performing Oracle Fusion Middleware-Specific Administration Tasks for the Cell
3.1.2.8
Differences When Using Fusion Middleware Control on IBM WebSphere
3.1.3
Using the Oracle Fusion Middleware wsadmin Commands
3.1.3.1
About the Oracle Fusion Middleware wsadmin Command-Line Shell
3.1.3.2
Starting the Oracle Fusion Middleware wsadmin Command-Line Shell and Connecting to the Deployment Manager
3.1.3.3
Using the Oracle Fusion Middleware wsadmin Command-Line Online Help
3.1.3.3.1
Listing the Oracle Fusion Middleware wsadmin Command Categories
3.1.3.3.2
Listing the Commands Within an Oracle Fusion Middleware wsadmin Command-Line Category
3.1.3.3.3
Getting Help on a Specific Oracle Fusion Middleware wsadmin Command
3.1.3.4
Differences Between the wsadmin Commands and the WebLogic Scripting Tool (WLST) Commands
3.1.3.5
Differences Between Oracle Fusion Middleware wsadmin Commands and IBM WebSphere Wsadmin Commands
3.2
Basic Administration Tasks on IBM WebSphere
3.2.1
Starting and Stopping Servers on IBM WebSphere
3.2.1.1
Starting and Stopping IBM WebSphere Servers with Profile Scripts
3.2.1.2
Starting and Stopping IBM WebSphere Servers with Fusion Middleware Control
3.2.2
Configuring Metadata Services (MDS) on IBM WebSphere
3.2.2.1
Differences in MDS Command-Line Features on IBM WebSphere
3.2.2.1.1
Using the registerMetadataDBRepository authAlias parameter on IBM WebSphere
3.2.2.1.2
Using the registerMetadataDBRepository targetServers Parameter on IBM WebSphere
3.2.2.1.3
More Information About the registerMetadaDBRepository Command on IBM WebSphere
3.2.2.2
Differences in MDS Fusion Middleware Control Pages on IBM WebSphere
3.2.3
Configuring Oracle Fusion Middleware Logging on IBM WebSphere
3.2.4
Setting Up the Diagnostic Framework
3.2.5
Creating a Data Source in an IBM WebSphere Cell
3.3
Deploying Applications on IBM WebSphere
3.3.1
Preparing to Deploy Oracle Fusion Middleware Applications on IBM WebSphere
3.3.2
Methods for Deploying Oracle Fusion Middleware Applications on IBM WebSphere
3.3.3
Deploying Applications that Require MDS Deployment Plan Customizations on IBM WebSphere
3.4
Configuring Oracle Fusion Middleware High Availability on IBM WebSphere
3.4.1
Documentation Resources for Configuring Oracle Fusion Middleware High Availability on IBM WebSphere
3.4.2
Configuring Java Object Cache for Oracle Fusion Middleware on IBM WebSphere
4
Managing Oracle Identity Manager on IBM WebSphere
4.1
Conventions Used in this Document
4.2
System Requirements and Certified Components
4.3
Installing Oracle Identity Manager on IBM WebSphere
4.3.1
Configuring Oracle Identity Manager for Single-Node Setup
4.3.1.1
Installing and Configuring the Design Console
4.3.1.2
(OPTIONAL) Installing the Oracle Identity Manager Remote Manager on a Separate System
4.3.1.3
Installing the Diagnostic Dashboard
4.3.2
Installing Oracle Identity Manager for a Clustered Configuration
4.3.3
Performing Oracle Identity Manager Clustered Scale Out Configuration
4.4
Performing Postinstallation Configuration on IBM WebSphere
4.4.1
Configuring Transaction Timeout Properties
4.4.2
Updating SOA Server Default Composite (Cluster Only)
4.4.3
Accessing the Dynamic Monitoring Service Application (Optional)
4.4.4
Seeding LDAP Reconciliation Scheduled Jobs into the Database Schema
4.4.5
Changing Memory Settings for Oracle Identity Manager
4.4.6
Performing Postinstallation Configuration of IHS (Optional)
4.4.7
Adjusting Email Notification WSUrl (Cluster Only)
4.5
Upgrading Oracle Identity Manager on IBM WebSphere
4.5.1
Prerequisites for the Upgrade
4.5.2
Installing Oracle Identity Manager
4.5.3
Upgrading Oracle Identity Manager Schema
4.5.4
Configuring Oracle Identity Manager
4.5.4.1
Creating and Configuring a Cell
4.5.4.2
Performing Manual Configuration Steps
4.5.4.3
Upgrading CSF Seeding
4.5.4.4
Upgrading Oracle Identity Manager Components
4.5.5
Upgrading Features Using MT Upgrade Utility in Post-Config Mode
4.5.6
Performing Postupgrade Configuration
4.5.6.1
Customizing the UI to Mark Attributes as Required
4.6
Handling Lifecycle Management Changes on IBM WebSphere
4.6.1
URL Changes Related to Oracle Identity Manager
4.6.1.1
Oracle Identity Manager Database Host and Port Changes
4.6.1.2
Oracle Virtual Directory Host and Port Changes
4.6.1.3
Oracle Identity Manager Host and Port Changes
4.6.1.3.1
Changing OimFrontEndURL in Oracle Identity Manager Configuration
4.6.1.4
SOA Host and Port Changes
4.6.1.5
OAM Host and Port Changes
4.6.2
Password Changes Related to Oracle Identity Manager
4.6.2.1
Changing IBM WebSphere Administrator Password
4.6.2.2
Changing Oracle Identity Manager Administrator Password
4.6.2.3
Changing Oracle Identity Manager Database Password
4.6.2.4
Changing Oracle Identity Manager Passwords in the Credential Store Framework
4.6.2.5
Changing OVD Password
4.6.3
Configuring SSL for Oracle Identity Manager
4.6.3.1
Enabling SSL for Oracle Identity Manager and SOA Servers
4.6.3.1.1
Enabling SSL for Oracle Identity Manager
4.6.3.1.2
Enabling SSL for Oracle Identity Manager By Using Default Setting
4.6.3.1.3
Enabling SSL for Oracle Identity Manager By Using Custom Keystore
4.6.3.1.4
Securing the Design Console with SSL
4.6.3.1.5
Configuring SSL for Oracle Identity Manager Utilities
4.6.3.1.6
Configuring SSL for MDS Utilities
4.6.3.2
Enabling SSL for Oracle Identity Manager DB
4.6.3.2.1
Setting Up DB in Server-Authentication SSL Mode
4.6.3.2.2
Creating KeyStores and Certificates
4.6.3.2.3
Updating Oracle Identity Manager
4.6.3.2.4
Updating WebSphere Server
4.6.3.3
Enabling SSL for LDAP Synchronization
4.6.3.3.1
Enabling OVD-OID with SSL
4.6.3.3.2
Updating Oracle Identity Manager for OVD Host/Port
4.6.3.4
Securing the Remote Manager with SSL
4.6.3.4.1
Overview
4.6.3.4.2
Configuring One-way SSL Authentication
4.6.3.4.3
Configuring Two-way SSL Authentication
4.7
Using Oracle Identity Manager Utilities on IBM WebSphere
4.7.1
Prerequisites for Using Oracle Identity Manager Utilities on IBM WebSphere
4.7.2
Using Oracle Enterprise Manager to Export Metadata Files from the MDS Database
4.7.3
Using Oracle Enterprise Manager to Import Metadata Files into the MDS Database
4.7.4
Using the PurgeCache, UploadJars, DownloadJars, DeleteJars, UploadResourceBundles, and DownLoadResourceBundles Utilities
4.7.5
Using the Plugin Registration and Unregistration Utility
4.7.6
Registering a SOA Composite with Oracle Identity Manager on IBM WebSphere
4.7.7
Using the Form Version Control Utility
4.8
Understanding Identity Certification on IBM WebSphere
4.8.1
Identity Certification Configuration
4.8.2
Multi-Phased Review and Advanced Delegation
4.8.2.1
Multi-Phased Review
4.8.2.2
Advanced Delegation
4.8.3
Understanding How Risk Summaries are Calculated
4.8.4
Creating Certifications
4.8.4.1
Certification Type
4.8.4.2
Base Selection
4.8.4.3
Content Selection
4.8.4.4
Configuration
4.8.4.5
Reviewers
4.8.4.6
Incremental
4.8.4.7
Summary
4.8.5
Scheduling Certifications
4.8.6
Understanding Closed-Loop Remediation and Remediation Tracking
4.8.7
Installing ADFDi Plug-in for Excel-Based Certification Sign-Off
4.8.8
Pre-Requisites for Identity Certifications
4.9
Deinstalling Oracle Identity Manager on IBM WebSphere
5
Managing Access Manager on IBM WebSphere
5.1
Differences Between Access Manager When Deployed on WebLogic Server and IBM WebSphere
5.2
Using Oracle Access Manager WLST Commands on IBM WebSphere
5.3
Increasing the Number of Threads Available to Access Manager
5.4
Configuring x509 Authentication
5.4.1
Create the Server Certificate and Trust Store
5.4.2
Configure the Stores
5.4.3
Create a User Certificate
5.4.4
Adding the Root CA Certificate to the Store
5.4.5
Protecting a Resource Using the X509 Authentication Scheme
5.4.6
To Access an X509 Protected Resource
5.5
Deploying the RSA SecurID Authentication Plug-in
5.6
Configuring Access Manager Running on WebSphere for Windows Native Authentication
5.7
Moving Access Manager From a Test to Production Environment on IBM WebSphere
5.7.1
Introduction to Moving Access Manager on IBM WebSphere
5.7.2
Limitations and Restrictions
5.7.3
Overview of Procedures for Moving from a Source to a Target Environment
5.7.4
Prerequisites
5.7.5
Moving Access Manager From Test to Production
5.8
Installing Access Manager in a High-Availability WebSphere Environment
5.8.1
Overview of the Installation Process
5.8.2
Installation Roadmap
5.8.3
Configure the Oracle IAM Components on IBM WebSphere on Node 1
5.8.4
Configure the Oracle IAM Components on IBM WebSphere on Node 2
5.8.5
Start the Servers
5.8.6
Next Steps
5.9
Managing OAM-Federation on IBM WebSphere
5.9.1
SSLHandshakeException Error for Google and Yahoo IdP Partners
6
Managing Oracle Access Manager Identity Assertion on IBM WebSphere
6.1
Introduction to OAM Identity Assertion on IBM WebSphere
6.1.1
Scenario 1: Oracle Access Manager 10
g
(10.1.4.3) with the IAP on IBM WebSphere
6.1.2
Scenario 2: OAM 11
g
with the IAP and IBM WebSphere
6.2
Installing Components for the Oracle Access Manager IAP for IBM WebSphere
6.3
Introduction to the Oracle Access Manager 10
g
(10.1.4.3) Configuration Tool
6.4
Provisioning WebGate and Configuring OAM 10
g
(10.1.4.3) and the IAP for IBM WebSphere
6.5
Provisioning and Configuring OAM 11
g
for the IAP and IBM WebSphere
6.5.1
About Provisioning WebGates and AccessGates with OAM 11
g
6.5.2
Provisioning Agents and Creating OAM 11
g
Policies for IBM WebSphere
6.6
Installing the Required WebGate for the IHS Web Server
6.7
Preparing the IHS Web Server
6.8
Preparing the Login Form for WebGate
6.9
Configuring IBM WebSphere for OAM SSO and the IAP
6.9.1
Configuring a Stand Alone LDAP Registry for OAM in IBM WebSphere
6.9.2
Adding and Configuring a Virtual Host in IBM WebSphere
6.9.3
Configuring IHS Reverse Proxy in the IBM WebSphere Console
6.9.4
Creating the Interceptor Entry in the IBM WebSphere Console
6.9.5
Configuring the OAM TAI Configuration File
6.9.5.1
About Configuring the OAM TAI Configuration File
6.9.5.2
Configuring the OAM TAI Configuration File
6.10
Configuring SSO Logout for OAM IAP for IBM WebSphere
6.10.1
Configuring Logout for Generic (or Non-ADF) Applications
6.10.2
Configuring Logout for ADF-Coded Applications
6.10.2.1
Configuring WebGate for Logout
6.10.2.2
Configuring OPSS for SSO Logout with Oracle Access Manager
6.10.2.3
Configuring oamAuthenProvider.jar in the IBM WebSphere classpath
6.10.2.4
Verifying SSO Logout
6.11
Known Issues
7
Integrating Oracle Access Manager Identity Assertion with IBM WebSphere Portal
7.1
Integrating IBM WebSphere Portal with Oracle Access Manager
7.2
Supported Versions and Platforms
7.3
Integrating IBM WebSphere Portal v7.0 with Oracle Access Manager
7.4
Configuring a Stand Alone LDAP Registry for OAM in IBM WebSphere
8
Managing Oracle Adaptive Access Manager on IBM WebSphere
8.1
Installing and Configuring Oracle Adaptive Access Manager on IBM WebSphere
8.1.1
Starting the Servers
8.1.1.1
Starting the Deployment Manager
8.1.1.2
Synchronizing Nodes
8.1.1.3
Starting the Node
8.1.1.4
Starting the OracleAdminServer
8.1.1.5
Starting the Managed Server Hosting OAAM Administration Server Using Scripts
8.1.1.6
Starting the Managed Server Hosting the Oracle Adaptive Access Manager Runtime Server Using Scripts
8.1.2
Stopping the Servers
8.1.2.1
Stopping IBM WebSphere Servers with Fusion Middleware Control
8.1.2.2
Stopping IBM WebSphere Servers with Profile Scripts
8.1.2.3
Stopping the OracleAdminServer
8.1.2.4
Stopping the Node
8.1.2.5
Stopping the Deployment Manager
8.1.3
Creating User with Privileges to Log into the OAAM Administration Console
8.1.4
Setting Up the CLI Environment for OAAM on IBM WebSphere
8.1.4.1
Setting Up the CLI Work Directory
8.1.4.2
Specifying Properties for CLI Script Startup (Optional)
8.1.4.3
Setting Up Environment Variables
8.1.4.4
Configuring OAAM Database Details with CSF with MBeans
8.1.4.5
Setting Up OAAM Database Credentials
8.1.4.6
Running CLI Commands
8.2
Installing and Configuring Oracle Adaptive Access Manager Offline on IBM WebSphere
8.3
Setting Up the Import and Export Feature in CLI
8.4
Setting Up Reporting and Auditing for OAAM on IBM WebSphere
8.4.1
Creating the Audit Schema Using RCU
8.4.2
Starting the IBM WebSphere Administrative Console
8.4.3
Creating J2C Authentication Data
8.4.4
Create Data Sources for Audit Event
8.4.5
Set Audit Repository Using wsadmin Script
8.4.6
Set Audit Policy in Fusion Middleware Control
8.5
Moving OAAM from a Test to a Production Environment
8.5.1
Exporting the Snapshot from the Test Environment
8.5.2
Exporting Individual Configurations
8.5.3
Backing Up the Production Environment
8.5.4
Exporting Members of Groups
8.5.5
Importing the Snapshot into the Production Environment
8.5.5.1
Importing a Snapshot Using Universal Risk Snapshot
8.5.5.2
Importing the Snapshot Using CLI
8.5.6
Importing Group Members into the Production Environment
8.5.7
Copying Java Classes into the Production Environment
8.5.8
Creating a Custom Shared Library
8.5.8.1
Copying Customized Files
8.5.8.2
Creating the Shared Library
8.5.8.3
Adding the Shared Library Reference to OAAM Admin and OAAM Server
8.5.9
Recreating KBA and OTP Logic and Policy Overrides
8.5.10
Validating the Move Was Move Successful
8.6
Integrating Juniper Networks Secure Access (SA) with OAAM
8.6.1
Juniper Networks Secure Access (SA) and OAAM Integration Roadmap
8.6.2
Juniper Integration for OAAM on IBM WebSphere Prerequisite
8.6.3
Configuring the Authentication Provider
8.6.4
Configuring Oracle Platform Security Services (OPSS) for Integration
8.6.5
Synchronizing the Node and Restarting the Servers
8.6.6
Importing the SAML Configuration-Related Server Properties Using the OAAM Administration Console
8.6.7
Setting Up Certificate for Signing the Assertion
8.6.7.1
Creating Private Key for Certificate
8.6.7.2
Creating a Certificate Request
8.6.7.3
Submitting the Certificate Signing Request (CSR) to a Certificate Authority
8.6.7.4
Acting as Your Own Certificate Authority
8.6.7.4.1
Prerequisites
8.6.7.4.2
Creating the Necessary Directories
8.6.7.4.3
Initial OpenSSL Configuration
8.6.7.4.4
Creating the CA Certificate and Private Key
8.6.7.4.5
More OpenSSL Configuration (Mandatory)
8.6.7.4.6
Signing the Certificate Request
8.6.7.5
Importing the Certificate into Your Keystore
8.6.8
Modifying Integration Properties Using the OAAM Administration Console
8.6.9
Configuring Juniper Networks Secure Access (SA)
8.6.9.1
Creating SAML 1.1 Authentication Server
8.6.9.2
Creating a User Realm for SAML
8.6.9.3
Creating a Sign-In Policy
8.6.10
Verifying the Integration
8.6.11
Debugging the Integration
8.6.12
Troubleshooting Common Problems
8.7
Integrating OAAM and Java Message Service Queue for Asynchronous Execution
8.7.1
Installing the Asynchronous Integration Option
8.7.1.1
Before You Begin
8.7.1.2
Extracting the Asynchronous Integration Option Package
8.7.1.3
JMS Resources
8.7.1.4
Deploy the Asynchronous Integration Extension Files
8.7.1.5
Update OAAM Database
8.7.2
JMS Integration
8.7.2.1
Configuration
8.7.2.2
Message Structure
8.7.3
Database Views for Entities and Transactions
8.7.4
Python Expression
8.7.4.1
Prerequisite
8.7.4.2
Objects Available in Python
8.7.4.3
Examples
8.8
Setting Up the OAAM Sample Application
8.8.1
Setting Up the Native In-Proc-Based OAAM Sample Application
8.8.2
Setting Up the Native SOAP-based OAAM Sample Application
8.9
Installing for a Clustered OAAM Configuration
8.9.1
Overview of Clustered Configuration
8.9.2
OAAM Clustered Configuration Roadmap
8.9.3
Task 1: Install IBM WebSphere
8.9.4
Task 2: Install and Configure the Oracle 11g Database
8.9.5
Task 3: Install the Oracle Fusion Middleware Repository Creation Utility
8.9.6
Task 4: Create and Load the OAAM Schema into the Database
8.9.7
Task 5: Install Oracle Adaptive Access Manager
8.9.8
Task 6: Configure IBM WebSphere on the Deployment Manager Machine
8.9.9
Task 7: Configure Oracle Platform Security Services Security Store
8.9.10
Task 8: Start the Deployment Manager
8.9.11
Task 9: Configure IBM WebSphere on IBM WebSphere Node 2 Machine
8.9.12
Task 10: Configure an LDAP Server (Optional)
8.9.12.1
Installing LDAP Servers
8.9.12.2
Create OAAM Administrative Roles and User in LDAP
8.9.13
Task 11: Set Up Session Persistence in IBM WebSphere
8.9.14
Task 12: Restart the Servers
9
Managing Oracle Fusion Middleware Security on IBM WebSphere
9.1
IBM WebSphere Identity Stores
9.1.1
Configuring a Registry
9.1.2
Seeding a Registry
9.2
Configuring the Trust Association Interceptor
9.3
Migrating Policies at Deployment
9.3.1
jps.policystore.migration
9.3.2
jps.policystore.applicationid
9.3.3
jps.policystore.removal
9.4
Migrating Credentials at Deployment
9.4.1
jps.credstore.migration
9.5
Reassociating Policies with reassociateSecurityStore
9.6
Deployment Mode
9.7
Configuring the JpsFilter and the JpsInterceptor
9.8
Using System Variables in Code Source URLs
9.9
Sample opss-application File
9.10
About the File web.xml
9.11
Executing Common Audit Framework wsadmin Commands
9.12
Configuring Audit of Federation Events
9.12.1
Enabling Auditing of Federation Events
9.12.2
Moving Oracle Identity Federation Audit Records to Database
9.13
Creating a Data Source
10
Managing Oracle Entitlements Server on IBM WebSphere
10.1
Overview of Oracle Entitlements Server Installation on IBM WebSphere
10.2
Installation and Configuration Roadmap for Oracle Entitlements Server on IBM WebSphere
10.3
Configuring Oracle Entitlements Server Administration Server
10.3.1
Prerequisites
10.3.2
Configuring Oracle Entitlements Server in a New IBM WebSphere Cell
10.3.3
Configuring Security Store for Oracle Entitlements Server Administration Server
10.3.4
Configuring the Identity Store
10.3.5
Starting the Administration Server
10.3.6
Verifying Oracle Entitlements Server Administration Server Configuration
10.4
Installing Oracle Entitlements Server Client
10.4.1
Prerequisites
10.4.2
Obtaining Oracle Entitlements Server Client Software
10.4.3
Installing Oracle Entitlements Server Client
10.4.4
Applying a Patch
10.5
Configuring IBM WebSphere Security Module
10.5.1
Configuring WebSphere Security Module in a Non-JRF Environment
10.5.2
Configuring WebSphere Security Module in a JRF Environment
10.6
Using Oracle Entitlements Server wsadmin Commands on IBM WebSphere
10.7
Configuring Security Modules for Other Application Servers
10.8
Getting Started with Oracle Entitlements Server After Installation
10.9
Configuring High Availability for Oracle Entitlements Server
10.9.1
Overview of a Cluster Configuration
10.9.2
Horizontal Cluster Topology
10.9.3
High Availability Installation and Configuration Roadmap
10.9.4
Configuring a Two Node Horizontal Cluster
10.9.4.1
Configure the Deployment Manager Machine (Primary Host, IBM WebSphere Node 1)
10.9.4.2
Configure the Remote Machine (Secondary Host, IBM WebSphere Node 2)
10.9.4.3
Restart the Servers
11
Managing Oracle Privileged Account Manager on IBM WebSphere
11.1
Differences in How Oracle Privileged Account Manager is Deployed in Oracle Fusion Middleware
11.2
Differences in Getting Started with Administering Oracle Privileged Account Manager
11.2.1
Default Ports
11.2.2
Starting Oracle Privileged Account Manager on IBM WebSphere
11.2.2.1
Before You Begin
11.2.2.2
Configuring Oracle Privileged Account Manager on IBM WebSphere
11.2.2.3
Setting Up Non-TDE Mode
11.3
Differences in Oracle Privileged Account Manager Authorization
11.3.1
Administration Role Types
11.4
Differences in Adding and Managing an Oracle Privileged Account Manager Server on IBM WebSphere
11.5
Differences in Managing Oracle Privileged Account Manager Auditing and Logging
11.5.1
Configuring Auditing for Oracle Privileged Account Manager
11.5.2
Configuring Basic Logging for Oracle Privileged Account Manager
11.6
Differences in Performing Advanced Configuration Tasks for Oracle Privileged Account Manager on IBM WebSphere
11.6.1
Differences When Configuring Oracle Privileged Account Manager to Communicate with Target Systems Over SSL
11.6.2
Differences When Securing Data On Disk
11.7
Differences When Integrating with Oracle Identity Manager
11.8
Differences When Using the Oracle Privileged Account Manager Command Line Tool and REST Interfaces on IBM WebSphere
11.9
Configuring Oracle Privileged Account Manager for High Availability in a Clustered Environment
11.9.1
Overview of a Clustered Configuration
11.9.2
Installing Oracle Privileged Account Manager for a Clustered Configuration
11.9.2.1
Identify a Database and Install the Required Database Schema
11.9.2.2
Install IBM WebSphere
11.9.2.3
Install the Oracle Identity and Access Management Suite
11.9.2.4
Configure IBM WebSphere on the Deployment Manager Machine
11.9.2.5
(
Optional
) Set Up TDE Mode
11.9.2.5.1
Enabling TDE in the Database
11.9.2.5.2
Enabling Encryption in the Oracle Privileged Account Manager Schema
11.9.2.6
Configure the Oracle Platform Security Services Security Store
11.9.2.7
Start the Deployment Manager
11.9.2.8
Configure IBM WebSphere on the IBM WebSphere Node 2 Machine
11.9.2.9
Configure the External LDAP Server
11.9.2.10
Configure Oracle Privileged Account Manager
11.9.2.11
Restart the Servers
11.10
Limitations and Known Issues When Using Oracle Privileged Account Manager on IBM WebSphere
11.10.1
Limitations
11.10.2
Known Issues
12
Managing Oracle Identity Navigator on IBM WebSphere
12.1
Differences in Managing Oracle Identity Navigator on IBM WebSphere
12.1.1
Configuring a Proxy to Access News Feeds
12.1.2
Configuring Single Sign-On
12.2
Limitations When Using Oracle Identity Navigator on IBM WebSphere
13
Managing Oracle Access Management Mobile and Social on IBM WebSphere
13.1
Using Mobile and Social WLST Commands on IBM WebSphere
13.2
Configuring Mobile Services for Oracle Adaptive Access Manager
13.2.1
Creating an Administrator for OAAM Administration
13.2.2
Adding Oracle Access Management Server as Target of OAAM Data Source
13.3
Supporting Internet Identity Services on IBM WebSphere
13.3.1
Adding CA Certificates to the IBM Trust Store
13.3.2
Configuration Requirements for Apps Protected by Access Manager
13.4
Moving Mobile and Social From a Test to a Production Environment
14
Integrating Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Manager on IBM WebSphere
14.1
Integrating Access Manager and Oracle Identity Manager on IBM WebSphere
14.1.1
Integration Roadmap
14.1.2
Configure Additional IHS Web Server Reverse Proxies (Optional)
14.1.3
Configuring the Identity Store
14.1.3.1
Set the Environment Variables for idmConfigTool
14.1.3.2
Run idmConfigTool
14.1.3.3
Configure the OAM TAI Configuration File
14.1.4
Restart the OIM Servers
14.1.5
Copy the OAM 11
g
SSO Agent Artifacts
14.1.6
Configure the Web Server to Route Requests to OIM on WebSphere
14.2
Integrating Access Manager and OAAM on IBM WebSphere
14.2.1
Configuring OAAM Basic Integration with Access Manager
14.2.1.1
Prerequisites for OAAM Basic Integration with Access Manager
14.2.1.2
Protecting Resource in Authentication Policy with OAAMBasic Scheme
14.2.1.3
Creating User with Privileges to Log into the OAAM Administration Console
14.2.1.4
Modifying oam-config.xml
14.2.1.5
Starting the OAAM Admin Server
14.2.1.6
Importing the OAAM Snapshot
14.2.1.7
Shutting Down the OAAM Administration Server
14.2.1.8
Creating a Datasource
14.2.1.9
Deploying the Shared Library
14.2.1.9.1
Creating the Shared Library
14.2.1.9.2
Adding the Shared Library Reference to Application
14.2.1.10
Synchronizing the Node and Restarting the Server
14.2.1.11
Setting the OAAM Image Directory for Virtual Authentication Devices
14.2.1.12
Testing the Configuration
14.2.2
Configuring OAAM Advanced Integration with Access Manager
14.2.2.1
OAAM Advanced Integration with Access Manager Roadmap
14.2.2.2
OAAM Advanced Integration with Access Manager Prerequisites
14.2.2.3
Restarting the Servers
14.2.2.4
Creating Users and Groups
14.2.2.5
Importing Base Snapshot in OAAM
14.2.2.6
Validating Initial Configuration of Access Manager
14.2.2.7
Validating Initial Configuration of Oracle Adaptive Access Manager
14.2.2.8
Provisioning WebGate Using the Oracle Access Management Console
14.2.2.8.1
Registering the WebGate as a Partner
14.2.2.8.2
Copy the Access Management 11
g
SSO Agent Artifacts
14.2.2.8.3
Starting the IBM HTTP Server
14.2.2.9
Setting Up Access Manager for Integration with OAAM and Register OAAM as Thirdparty in Access Manager
14.2.2.10
Setting the Agent Password
14.2.2.10.1
Adding a Password to the IAMSuiteAgent Profile in the Oracle Access Management Console
14.2.2.11
Verifying TAP Partner Registration
14.2.2.11.1
Verifying the Challenge URL
14.2.2.11.2
Adding the MatchLDAPAttribute Challenge Parameter in the TAPScheme
14.2.2.11.3
Validating the IAMSuiteAgent Setup
14.2.2.12
Setting Up OAAM for TAP Integration
14.2.2.13
Moving the /oamTAPAuthenticate URL
14.2.2.14
Updating the Authentication Scheme in the Policy-Protected Resource Policy
14.2.2.15
Validating the Access Manager and Oracle Adaptive Access Manager Integration
14.3
Integrating Access Manager, OAAM, and OIM on IBM WebSphere
14.3.1
Access Manager, OAAM, and OIM Integration Roadmap
14.3.2
Access Manager, Oracle Adaptive Access Manager, and OIM Integration Prerequisites
14.3.3
Installing Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Manager
14.3.4
Integrating Access Manager and Oracle Identity Manager
14.3.5
Enabling LDAP Synchronization for Oracle Identity Manager
14.3.6
Integrating Access Manager and Oracle Adaptive Access Manager
14.3.7
Integrating Oracle Identity Manager and Oracle Adaptive Access Manager
14.3.7.1
Adding OAAM Users and Groups from the OIM Console
14.3.7.2
Setting Oracle Identity Manager Properties for Oracle Adaptive Access Manager
14.3.7.3
Updating OAAM Properties to Enable Integration Between Oracle Identity Manager and OAAM
14.3.7.4
Configuring Oracle Identity Manager Credentials in the Credential Store Framework
14.3.8
Migrating OAAM Policies
14.3.9
Enabling OAAM to Generate HTTP Post-Based Messages to Access Manager
A
Fusion Middleware Control Page Reference
A.1
Understanding the Information on the IBM WebSphere Cell Home Page
A.2
Understanding the Information on the WebSphere Application Server Home Page
A.3
Understanding the Information on the IBM WebSphere Application Deployment Home Page
Scripting on this page enhances content navigation, but does not change the content in any way.