5 Performing Oracle Identity and Access Management Deployment

After you create the deployment response file, you use it to deploy the Oracle Identity and Access Management environment. This chapter describes how to deploy Oracle Identity and Access Management.

This chapter contains the following sections:

5.1 Performing Deployment on a Single-Node

Single-node deployment is accomplished by using either the command line or the Oracle Identity and Access Management Deployment Wizard.

Note:

You must reboot the host before performing Oracle Identity and Access Management deployment.

This section contains the following topics:

5.1.1 Introduction to the Deployment Process

This section contains the following topics:

5.1.1.1 Oracle Identity and Access Management Deployment Stages

After you create the deployment response file, you use it to deploy the Oracle Identity and Access Management environment.

There are eight stages to deployment. These stages must be run in the following order:

  1. preverify

  2. install

  3. preconfigure

  4. configure

  5. configure-secondary

  6. postconfigure

  7. startup

  8. validate

Note:

Each new phase must run sequentially; that is, each stage must be completed before the next stage can begin. Failure of a stage will necessitate a cleanup and restart.

5.1.1.2 Tasks Performed During Deployment Stages

The tasks that are performed in each stage of Deployment, depend on the option that you selected on the Select IAM Products screen. This screen appears when you create the deployment response file using the Oracle Identity and Access Management Deployment Wizard.

Based on the products that you selected for Deployment, refer to one of the sections below:

Oracle Identity Manager (OIM) Only

Table 5-1 describes the order of execution of the Deployment stages, and the tasks that are performed in each stage for the Oracle Identity Manager (OIM) Only option.

Table 5-1 Tasks Performed for Oracle Identity Manager (OIM) Only

Order of Execution Stage Tasks Performed

1.

preverify

Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured.

2.

install

Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository.

3.

preconfigure

  • Creates the WebLogic Domain and extends it to all the necessary components

  • Creates OHS instance

4.

configure

  • Starts managed servers as necessary

  • Configures OIM

5.

configure-secondary

  • Integrates Weblogic Domain with Webtier

  • Registers Webtier with domain

6.

postconfigure

Configures UMS Mail Server

7.

startup

Starts up all components in the topology

8.

validate

Verifies the deployed environment.

Oracle Access Manager (OAM) Suite Only

Table 5-2 describes the order of execution of the Deployment stages, and the tasks that are performed in each stage for the Oracle Access Manager (OAM) Suite Only option.

Table 5-2 Tasks Performed for Oracle Access Manager (OAM) Suite Only

Order of Execution Stage Tasks Performed

1.

preverify

Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured.

2.

install

Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository.

3.

preconfigure

  • Creates the WebLogic Domain and extends it to all the necessary components

  • Creates OHS instance

4.

configure

  • Starts managed servers as necessary

  • Configures OAM to enable SSO.

5.

configure-secondary

  • Integrates Weblogic Domain with Webtier

  • Registers Webtier with domain

6.

postconfigure

  • Generates OAM Keystore

  • Configures Webgates

7.

startup

Starts up all components in the topology

8.

validate

Verifies the deployed environment.

OIM-OAM Integrated and Oracle Unified Directory (OUD)

Table 5-3 describes the order of execution of the Deployment stages, and the tasks that are performed in each stage for the OIM-OAM Integrated and Oracle Unified Directory (OUD) option.

Table 5-3 Tasks Performed for OIM-OAM Integrated and Oracle Unified Directory (OUD)

Order of Execution Stage Tasks Performed

1.

preverify

Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured.

2.

install

Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository.

3.

preconfigure

  • Creates OUD and seeds it with Users/Groups.

  • SSL Enable OUD

  • Creates the WebLogic Domain and extends it to all the necessary components

  • Creates OHS instance

4.

configure

  • Starts managed servers as necessary

  • Configures OIM

  • Associates OAM with OUD

5.

configure-secondary

  • Integrates Weblogic Domain with Webtier

  • Registers Webtier with domain

  • Integrates OAM and OIM

6.

postconfigure

  • Runs OIM Reconciliation

  • Configures UMS Mail Server

  • Generates OAM Keystore

  • Configures Webgates

7.

startup

Starts up all components in the topology

8.

validate

Verifies the deployed environment.

5.1.2 Performing Deployment by Running the Deployment Tool

To use the command line deployment tool, you must run the runIAMDeployment.sh script a number of times, specifying the deployment stage with the -target option. You MUST complete each command, in order, before running the next command.

Before running the deployment tool, ensure that the environment variable JAVA_HOME is set to REPOS_HOME/jdk6.

The command syntax for the deployment tool on UNIX is:

runIAMDeployment.sh -responseFile RESPONSE_FILE -target STAGE

Where:

RESPONSE_FILE is the complete path to the location of the deployment response file. You specified the file name and directory on the Summary Page when you ran the wizard to create the deployment response file. The default value is IDMLCM_HOME/provisioning/bin/provisioning.rsp on UNIX.

STAGE is one of the stages listed in Section 5.1.1.1, "Oracle Identity and Access Management Deployment Stages."

Example:

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preverify

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target install

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preconfigure

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure-secondary

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target postconfigure

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target startup

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target validate

5.1.3 Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard

If you want to use the Oracle Identity and Access Management Deployment Wizard to perform deployment, follow these steps:

  1. Before running the Oracle Identity and Access Management Deployment Wizard, ensure that the environment variable JAVA_HOME is set to REPOS_HOME/jdk6.

  2. Start the Oracle Identity and Access Management Deployment Wizard, as follows:

    cd IDMLCM_HOME/provisioning/bin
./iamDeploymentWizard.sh

The Welcome screen is displayed. Click Next, and proceed as described in the following sections.

Note:

In the Prerequisite Checks, Installation, Preconfigure, Configure, Configure Secondary, Postconfigure, and Startup pages, the Status of each build is indicated by one of these icons:

  • Block: Processing has not yet started for the named phase.

  • Clock: Performing the build for a phase.

  • Check mark: The build was completed successfully.

  • x mark: The build has failed for this phase. You must correct the errors before you can continue.

Click x to display information about failures. Click a build Log file to see details specific to that build.

In case of errors, you must manually clean up everything. Kill all running processes, delete the directories, rerun RCU, and start over from the beginning. For more information, see Section 8.1.2, "Recovering From Oracle Identity and Access Management Deployment Failure".

5.1.3.1 Choose IAM Installation Options

Select Deploy an Identity and Access Management Environment to use an existing deployment response file to deploy the environment.

In the Response File field, specify the path name of the file you want to use, either by typing it in the field or by clicking the Browse button, navigating to the desired file, and selecting it. This is the deployment response file that you created in Chapter 4, "Creating a Deployment Response File."

Click Next to continue.

5.1.3.2 Describe Response File

Use the Describe Response File screen to review the information about the response file, that you had provided when creating the Deployment Profile.

For more information, see Section 4.4.1.5, "Describe Response File".

5.1.3.3 Select Installation and Configuration Locations

Use the Select Installation and Configuration Locations screen to review the information about the Oracle Identity and Access Management installation and configuration directories, that you had provided when creating the Deployment Profile.

For more information, see Section 4.4.1.8, "Select Installation and Configuration Locations".

5.1.3.4 Review Deployment Configuration

The Review Deployment Configuration screen enables you to select configurations you want to review. This is optional. If you want to view or modify the configuration details of any component, then select that component and click Next. Based on the options that you select, the corresponding configuration screens are displayed.

  • OUD Configuration

  • OHS Configuration

  • SOA Configuration

  • OIM Configuration

  • OAM Configuration

  • OIM DB Configuration

  • OAM DB Configuration

Click Next to continue.

5.1.3.5 Summary

Use the Summary screen to view a summary of your selections and enter additional information.

Review the information displayed to ensure that the installation details are what you intend.

Click Next to continue.

5.1.3.6 Prerequisite Checks

For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".

See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.

Click Next to continue.

5.1.3.7 Installation

For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".

See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.

Click Next to proceed.

5.1.3.8 Preconfigure

For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".

See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.

Click Next. The Oracle Identity and Access Management Deployment Wizard starts the configure phase and displays the Configure screen.

5.1.3.9 Configure

For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".

See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.

Click Next. The Oracle Identity and Access Management Deployment Wizard starts the Configure-secondary phase and displays the Configure Secondary screen.

5.1.3.10 Configure Secondary

For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".

See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.

Click Next. The Oracle Identity and Access Management Deployment Wizard starts the Postconfigure phase and displays the Postconfigure screen.

5.1.3.11 Postconfigure

For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".

See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.

Click Next. The Oracle Identity and Access Management Deployment Wizard starts the Startup phase and displays the Startup screen.

5.1.3.12 Startup

For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".

See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.

Click Next. The Oracle Identity and Access Management Deployment Wizard starts the Validate phase and displays the Validation screen.

5.1.3.13 Validation

For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".

See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.

Click Next. The Oracle Identity and Access Management Deployment Wizard displays the Install Complete screen.

5.1.3.14 Install Complete

This screen appears after deployment has completed successfully. It shows a summary of the products that have been installed.

Click Finish to save the summary and exit the Oracle Identity and Access Management Deployment Wizard.

5.2 Performing Deployment on Multiple Hosts Using the Command Line Deployment Tool

This section describes the procedure for performing deployment on multiple hosts. It contains the following sections:

5.2.1 Introduction to the Deployment Process

This section contains the following topics:

5.2.1.1 Deployment Stages

There are eight stages to deployment. These stages must be run in the following sequence:

  1. preverify

  2. install

  3. preconfigure

  4. configure-secondary

  5. postconfigure

  6. startup

  7. validate

Each new phase must run sequentially; that is, each stage must be completed before the next stage can begin. Stage failures require a cleanup and restart.

5.2.1.2 Tasks Performed During OIM-Only Deployment

Table 5-4 describes the order of execution of the deployment stages, and the tasks that are performed in each stage for the Oracle Identity Manager (OIM) Only option.

Table 5-4 Deployment Stages (OIM-Only)

Order of Execution Stage Tasks Performed Sequence

1

preverify

Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured.

In the preverify stage, run the deployment tool on the command line on OIMHOST1, OIMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

2

install

Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository.

In the install stage, run the deployment tool on the command line on OIMHOST1, OIMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

3

preconfigure

Creates the WebLogic Domain and extends it to all the necessary components and creates OHS instance.

In the preconfigure stage, run the deployment tool on the command line on OIMHOST1, OIMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

4

configure

Starts managed servers, as necessary. Configures OIM.

In the configure stage, run the deployment tool on the command line on OIMHOST1, OIMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

5

configure-secondary

Integrates Weblogic domains with the Web tier, and registers the Web tier with the domains.

In the configure--secondary stage, run the deployment tool on the command line on OIMHOST1, OIMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

6

postconfigure

Configures UMS Mail Server.

In the postconfigure stage, run the deployment tool on the command line on OIMHOST1, OIMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

7

startup

Starts up all components in the topology.

In the startup stage, run the deployment tool on the command line on OIMHOST1, OIMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

8

validate

Verifies the deployed environment.

In the validate stage, run the deployment tool on the command line on OIMHOST1, OIMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

5.2.1.3 Tasks Performed During OAM-Only Deployment

Table 5-5 describes the order of execution of the deployment stages, and the tasks that are performed in each stage for the Oracle Access Management Suite (OAM-Only) option.

Table 5-5 Deployment Stages (OAM-Only)

Order of Execution Stage Tasks Performed Sequence

1

preverify

Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured.

In the preverify stage, run the deployment tool on the command line on OAMHOST1, OAMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

2

install

Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository.

In the install stage, run the deployment tool on the command line on OAMHOST1, OAMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

3

preconfigure

Creates the WebLogic Domain and extends it to all the necessary components and creates OHS instance.

In the preconfigure stage, run the deployment tool on the command line on OAMHOST1, OAMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

4

configure

Starts managed servers, as necessary.

Configures OAM to enable SSO.

In the configure stage, run the deployment tool on the command line on OAMHOST1, OAMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

5

configure-secondary

Integrates Weblogic domains with the Web tier, and registers the Web tier with the domains.

In the configure--secondary stage, run the deployment tool on the command line on OAMHOST1, OAMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

6

postconfigure

Generates OAM keystore and configures WebGate agents.

In the postconfigure stage, run the deployment tool on the command line on OAMHOST1, OAMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

7

startup

Starts up all components in the topology.

In the startup stage, run the deployment tool on the command line on OAMHOST1, OAMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

8

validate

Verifies the deployed environment.

In the validate stage, run the deployment tool on the command line on OAMHOST1, OAMHOST2, WEBHOST1, and WEBHOST2. Follow the same sequence and one by one. Do not run them in parallel.

5.2.2 Deployment Procedure

The following sections describe the procedure for performing Deployment.

Note:

Before you start the deployment process, reboot all hosts.

5.2.2.1 Running the Deployment Commands

After creating the required deployment response profile based on your installation scenario, you must perform deployment by running the command runIAMDeployment.sh a number of times on each host in the topology.

Before embarking on the Deployment process, read this entire section. There are extra steps detailed below which must be performed during the process.

You must run each command on each host in the topology before running the next command.

Before running the Deployment tool, set the following environment variable:

Set JAVA_HOME to: REPOS_HOME/jdk6

The commands you must run are:

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preverify

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target install

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preconfigure

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure-secondary

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target postconfigure

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target startup

runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target validate

Note:

Run same phase on each host, in order. Wait for a phase to finish before starting the same phase on the next host. You cannot run these phases in parallel. Repeat this for each phase.

5.2.2.2 Creating Backups

It is important that you take a backup of the file systems and databases at the following points:

  1. Prior to starting Deployment.

  2. At the end of the installation phase.

  3. Upon completion of Deployment

It is not supported to restore a backup at any phase other than those three.

5.3 Deploying Identity and Access Management Without a Common LCM_HOME

The previous deployment instructions assume that the LCM_HOME directory is shared across every host in the topology for the duration of the deployment process.

If your organization does not permit this sharing, you can still run the deployment by making LCM_HOME available locally on every host. The following extra manual steps are required.

  1. Create a local version of the LCM_HOME directory, including the software repository.

  2. Copy the Deployment Response File, responsefilename_data folder, and Summary created in Section 4.4.2.15, "Summary" to the same location on each of the hosts.

  3. If LCM_HOME is not mounted on WEBHOST1 and WEBHOST2, before execution of the postconfigure phase on WEBHOST1, copy LCM_HOME/keystores/webgate_artifacts from OAMHOST1 to WEBHOST1 and WEBHOST2

    LCM_HOME/keystores/webgate_artifacts is created after the configure phase on OAMHOST1.

5.4 Additional Information on Oracle HTTP Server Configuration Files

When you perform an Oracle Identity And Access Management deployment, Oracle HTTP Server is setup in the reverse proxy mode. The modules for Oracle HTTP Server are contained in files with a .conf extension. These files are located at:

config/instances/ohs1/config/OHS/ohs1/moduleconf

If you had selected the Enable Local Configuration Location option on the Select Installation and Configuration Locations screen when creating the deployment response file, then config is the local configuration location. If you had not selected the Enable Local Configuration Location option on the Select Installation and Configuration Locations screen when creating the deployment response file, then config is the location of shared configuration.