Table of Contents
- Title and Copyright Information
-
Part I Understanding an Enterprise Deployment
- 1 Enterprise Deployment Overview
-
2
About a Typical Enterprise Deployment
- Diagram of a Typical Enterprise Deployment
-
About the Typical Enterprise Deployment Topology Diagram
- Understanding the Firewalls and Zones of a Typical Enterprise Deployment
- Understanding the Elements of a Typical Enterprise Deployment Topology
- Receiving Requests Through Hardware Load Balancer
- Understanding the Web Tier
-
Understanding the Application Tier
- Configuration of the Administration Server and Managed Servers Domain Directories
- Using Oracle Web Services Manager in the Application Tier
- Best Practices and Variations on the Configuration of the Clusters and Hosts on the Application Tier
- About the Node Manager Configuration in a Typical Enterprise Deployment
- About Using Unicast for Communications within the Application Tier
- Understanding OPSS and Requests to the Authentication and Authorization Stores
- About Coherence Clusters In a Typical Enterprise Deployment
- About the Data Tier
-
3
About the IAM Enterprise Deployment
- Understanding the Primary and Build-Your-Own Enterprise Deployment Topologies
- Diagram of Oracle Identity and Access Management on Distributed Hardware
- About the Primary Oracle Identity and Access Management Topology Diagrams
- About the Forgotten Password Functionality
- Integrating OIG, OAM and LDAP
- Roadmap for Implementing the Primary IAM Suite Topologies
- Building your Own Oracle Identity and Access Management Topology
- About Using Service or Server Migration to Enable High Availability of the Enterprise Topology
-
4
About the IAM Exalogic Enterprise Deployment
- Why Install Oracle IAM on Exalogic
- Understanding the Primary and Build your Own Enterprise Deployment Topologies on Exalogic
-
Diagrams of the Primary Oracle Identity and Access Management Exalogic Enterprise Topologies
- Diagram of Oracle Identity and Access Management on Physical Exalogic
- Diagram of Oracle Identity and Access Management on Virtual Exalogic
- Diagram of Oracle Identity and Access Management with an External Web Tier
- About the Primary Oracle Identity and Access Management Topology Diagrams
- Differences Between an Exalogic Deployment and a Platform Deployment
- Oracle Identity and Access Management and Exalogic Networking
- Summary of the Managed Servers and Clusters on the Application Tier Hosts
- Understanding Oracle Traffic Director
- About Exalogic Optimizations for WebLogic
- Roadmap for Implementing the Primary Oracle Identity and Access Management Topologies
- Building your Own Oracle Identity and Access Management Topology
- About Installing and Configuring a Custom Enterprise Topology
- About Using Service or Server Migration to Enable High Availability of the Enterprise Topology
-
5
About a Multi-Data Center Deployment
- About the Oracle Identity and Access Management Multi-Data Center Deployment
- Administering Oracle Identity and Access Management Multi-Data Center Deployment
-
About the Requirements for Multi-Data Center Deployment
- About the Multi-Data Center Deployment Topology
- About the Entry Points in Multi-Data Center Deployment
- About the Databases in Multi-Data Center Deployment
- About the Directory Tier in Multi-Data Center Deployment
- About the Load Balancers in Multi-Data Center Deployment
- Shared Storage Versus Database for Transaction Logs and Persistent stores
- About the Characteristics of a Multi-Data Center Deployment
-
Part II Preparing for an Enterprise Deployment
-
6
Using the Enterprise Deployment Workbook
- Introduction to the Enterprise Deployment Workbook
- Typical Use Case for Using the Workbook
- Who Should Use the Enterprise Deployment Workbook?
- Using the Oracle Identity and Access Management Enterprise Deployment Workbook
-
7
Procuring Resources for an Enterprise Deployment
- Hardware and Software Requirements for the Enterprise Deployment Topology
- Exalogic Requirements for an Enterprise Deployment
- Reserving the Required IP Addresses for an Enterprise Deployment
- Identifying and Obtaining Software Distributions for an Enterprise Deployment
-
8
Preparing the Load Balancer and Firewalls for an Enterprise Deployment
-
Configuring Virtual Hosts on the Hardware Load Balancer
- Overview of the Hardware Load Balancer Configuration
- Typical Procedure for Configuring the Hardware Load Balancer
- Load Balancer Health Monitoring
- Summary of the Virtual Servers Required for an Enterprise Deployment
- Summary of the Virtual Servers Required for an Oracle Identity and Access Management Exalogic Deployment
- Configuring Global Load Balancers
- Configuring the Firewalls and Ports for an Enterprise Deployment
- Configuring the Firewalls and Ports for an Exalogic Enterprise Deployment
-
Configuring Virtual Hosts on the Hardware Load Balancer
-
9
Preparing the File System for an Enterprise Deployment
- Overview of Preparing the File System for an Enterprise Deployment
- Shared Storage Recommendations When Installing and Configuring an Enterprise Deployment
- About the Recommended Directory Structure for an Enterprise Deployment
- File System and Directory Variables Used in This Guide
- About Creating and Mounting the Directories for an Enterprise Deployment
- Summary of the Shared Storage Volumes in an Enterprise Deployment
- 10 Preparing Exalogic for an Oracle Identity and Access Management Deployment
-
11
Preparing the Host Computers for an Enterprise Deployment
- Verifying the Minimum Hardware Requirements for Each Host
- Verifying Linux Operating System Requirements
- Enabling Unicode Support
- Setting the DNS Settings
- Configuring Users and Groups
- Configuring a Host to Use an NTP (time) Server
- Configuring a Host to Use an NIS/YP Host
- Mounting the Required Shared File Systems on Each Host
- Enabling the Required Virtual IP Addresses on Each Host
- 12 Preparing the Database for an Enterprise Deployment
-
6
Using the Enterprise Deployment Workbook
-
Part III Configuring the Enterprise Deployment
-
13
Configuring Oracle LDAP for an Enterprise Deployment
- Configuring Oracle Unified Directory for an Enterprise Deployment
- Configuring Oracle HTTP Server for Oracle Unified Directory Services Manager
- Preparing an Existing LDAP Directory
-
14
Creating Infrastructure for Oracle Access Management
- About the Initial Infrastructure Domain
- Variables Used When Creating Infrastructure for Oracle Access Management
- Installing the Oracle Fusion Middleware Infrastructure
- Installing Oracle Access Management for an Enterprise Deployment
- Configuring LDAP
- Creating the Database Schemas for Access Manager
- Configuring the Oracle Access Management Domain
-
Configuring the Domain Directories and Starting the Servers
- Starting the Node Manager in the Administration Server Domain Home
- Creating the boot.properties File
- Performing the Post-Configuration Tasks for Oracle Access Management Domain
- Starting the Administration Server Using the Node Manager
- Validating the Administration Server
- Creating a Separate Domain Directory for Managed Servers
- Starting the Node Manager in the Managed Server Domain Directory on OAMHOST1
- Propagating the Domain and Starting the Node Manager on OAMHOST2
- Removing OAM Server from WebLogic Server 12c defaultCoherenceCluster
- Adding a Load Balancer Certificate to JDK Trust Stores
- Enabling Virtualization
- Configuring the WebLogic Proxy Plug-In
- Enabling Exalogic Optimizations
-
15
Creating Infrastructure for Oracle Identity Governance
- Synchronizing the System Clocks
- About the Initial Infrastructure Domain
- Variables Used When Creating the Infrastructure Domain
- Support for Dynamic Clusters in Infrastructure Domains
- Installing the Oracle Fusion Middleware Infrastructure on OIMHOST1
-
Installing Oracle Identity Governance for an Enterprise Deployment
- Starting the SOA Suite Installer on OIMHOST1
- Navigating the Oracle SOA Suite Installation Screens
- Starting the Oracle Identity and Access Management Installer
- Navigating the Oracle Identity and Access Management Installation Screens
- Verifying the Installation
- Downloading the Oracle Connector Bundle
- Installing the Oracle Identity Governance Connector
- Creating the Database Schemas for Oracle Identity Governance
- Configuring the Oracle Identity Governance Domain
- Creating Oracle Identity Manager Authenticator
-
Configuring the Domain Directories and Starting the Servers
- Starting the Node Manager in the Administration Server Domain Home
- Creating the boot.properties File
- Disabling the Derby Database
- Enabling the Managed Servers to use IPv4 Networking
- Setting the Memory Parameters in IAMGovernanceDomain
- Starting the Administration Server Using the Node Manager
- Validating the Administration Server
- Creating a Separate Domain Directory for Managed Servers
- Starting the Node Manager in the Managed Server Domain Directory on OIMHOST1
- Configuring Listen Addresses When Using Dynamic Clusters
- Starting and Validating the WLS_WSM1 Managed Server on OIMHOST1
- Configuring Listen Addresses When Using Dynamic Clusters
- Propagating the Domain and Starting the Servers on OIMHOST2
- Modifying the Upload and Stage Directories to an Absolute Path
- About the Supported Authentication Providers
- Creating a New LDAP Authenticator and Provisioning Enterprise Deployment Users and Group
- Configuring the WebLogic Proxy Plug-In
- Enabling Exalogic Optimizations
- Backing Up the Configuration
- Verification of Manual Failover of the Administration Server
-
16
Configuring Oracle HTTP Server for an Enterprise Deployment
- Variables Used When Configuring the Oracle HTTP Server
- About the Oracle HTTP Server Domains
- Installing a Supported JDK
- Installing Oracle HTTP Server on WEBHOST1
- Creating an Oracle HTTP Server Domain on WEBHOST1
- Installing and Configuring an Oracle HTTP Server Domain on WEBHOST2
- Starting the Node Manager and Oracle HTTP Server Instances on WEBHOST1 and WEBHOST2
- Backing Up the Configuration
-
Configuring Oracle HTTP Server to Route Requests to the Application Tier
- About the Oracle HTTP Server Configuration for an Enterprise Deployment
- Modifying the httpd.conf File to Include Virtual Host Configuration Files
- Modifying the httpd.conf File to Set Server Runtime Parameters
- Creating the Virtual Host Configuration Files
- Configuring Routing to the Administration Server and Oracle Web Services Manager
- Configuring Oracle HTTP Server for Oracle Access Manager Managed Servers
- Configuring Oracle HTTP Server for Oracle Identity Governance Managed Servers
- Validating the Virtual Server Configuration and Access to the Consoles
- Restarting the OHS Instances on OHSHOST1 and OHSHOST2
- Sample Virtual Host Files
-
17
Configuring Oracle Traffic Director for an Enterprise Deployment
- About Oracle Traffic Director
- Variables Used When Configuring Oracle Traffic Director
- Installing Oracle Traffic Director in Collocated Mode on the Application Tier Hosts
- Installing Oracle Traffic Director in Standalone Mode on the Web Tier Hosts
- Creating the Oracle Traffic Director Administration Domain
- Configuring the Node Manager and Starting the Servers
- Propagating the Domain and Starting the Node Manager on the Web Tier Hosts
- Creating an Oracle Traffic Director Configuration
- Starting the Oracle Traffic Director Default Instance
- Defining Oracle Traffic Director Virtual Servers for an Enterprise Deployment
- Creating a TCP Proxy for an Enterprise Deployment
- Creating a Failover Group for Virtual Hosts
-
18
Configuring Oracle Access Management
- Variables Used in This Chapter
- Configuring and Integrating with LDAP
- Updating WebGate Agents
- Updating Host Identifiers
- Adding Missing Policies to OAM
- Updating Federation Service Details
- Updating Idle Timeout Value
- Validating the Authentication Providers
- Starting the Managed Servers in the Domain
- Validating Access Manager
-
Enabling Forgotten Password
- Prerequisites for Enabling Forgotten Password
- Add Permissions to oamLDAP user
- Create an OTP Administrative Group in LDAP
- Enabling Adaptive Authentication Service
- Configuring Adaptive Authentication Plug-in
- Enabling Password Management in the Directory
- Storing User Messaging Credentials in CSF
- Setup for Forgot Password Link on Login Page
- Restarting the domain
- Validating The Forgotten Password Functionality
- Enabling Exalogic Optimizations
- Backing Up the Configuration
-
19
Configuring Oracle Identity Governance
- Variables Used When Configuring Oracle Identity Governance
- Starting and Validating the Oracle Identity Governance Managed Servers
- Analyzing the Bootstrap Report
- Configuring the Web Tier for the Domain
- Managing the Notification Service
- Configuring the Messaging Drivers
- Increasing Database Connection Pool Size
- Forcing Oracle Identity Governance to use Correct Multicast Address
- Integrating Oracle Identity Governance with LDAP
- Integrating Oracle Identity Governance and Oracle Access Manager
- Restarting the IAMGovernanceDomain
- Enabling OIM to Connect to SOA Using LDAP User
- Configuring OIM Workflow Notifications to be Sent by Email
- Adding the wsm-pm Role to the Administrators Group
- Restarting the IAMGovernanceDomain
-
Integrating Oracle Identity Manager with Oracle Business Intelligence Publisher
- Configuring Oracle Identity Manager to use BI Publisher
- Assigning the BIServiceAdministrator Role to xelsysadm
- Storing the BI Credentials in Oracle Identity Governance
- Creating OIM and BPEL Data Sources in BIP
- Deploying Oracle Identity Governance Reports to BI
- Deploying Oracle Identity Governance Reports on the OBIEE Environment
- Enable Certification Reports
- Validating the Reports
- Enabling Exalogic Optimizations
-
20
Configuring Multi-Data Center
- Variables Used When Configuring Multi-Data Center
- Roadmap for Configuring Multi-Data Center Deployment
- Procuring Resources for a Multi-Data Center Deployment
- Preparing the Load Balancer for a Multi-Data Center Deployment
- Preparing the File System for a Multi-Data Center Deployment
- Preparing the Host Computers for a Multi-Data Center Enterprise Deployment
- Preparing the Database for a Multi-Data Center Deployment
- Configuring Oracle LDAP for a Multi-Data Center Deployment
- Configuring the Web Tier for a Multi-Data Center Deployment
- Creating the Oracle Access Management Infrastructure for a Multi-Data Center Deployment
- Configuring Oracle Access Management for a Multi-Data Center Deployment
- Creating the Oracle Identity Governance Infrastructure for a Multi-Data Center Deployment
- Configuring Oracle Identity Governance for a Multi-Data Center Deployment
- Updating TAP Endpoint
- Enabling Multi-Data Center
-
13
Configuring Oracle LDAP for an Enterprise Deployment
-
Part IV Common Configuration and Management Procedures for an Enterprise Deployment
-
21
Common Configuration and Management Tasks for an Enterprise Deployment
-
Configuration and Management Tasks for All Enterprise Deployments
- Verifying Appropriate Sizing and Configuration for the WLSSchemaDataSource
- Verifying Manual Failover of the Administration Server
- Configuring Listen Addresses in Dynamic Cluster Server Templates
- Modifying the Upload and Stage Directories to an Absolute Path in an Enterprise Deployment
- Setting the Front End Host and Port for a WebLogic Cluster
-
Enabling SSL Communication Between the Middle Tier and the Hardware Load Balancer
- When is SSL Communication Between the Middle Tier and Load Balancer Necessary?
- Generating Self-Signed Certificates Using the utils.CertGen Utility
- Creating an Identity Keystore Using the utils.ImportPrivateKey Utility
- Creating a Trust Keystore Using the Keytool Utility
- Importing the Load Balancer Certificate into the Truststore
- Adding the Updated Trust Store to the Oracle WebLogic Server Start Scripts
- Configuring WebLogic Servers to Use the Custom Keystores
-
Using Persistent Stores for TLOGs and JMS in an Enterprise Deployment
- Products and Components that use JMS Persistence Stores and TLOGs
- JDBC Persistent Stores vs. File Persistent Stores
-
Using JDBC Persistent Stores for TLOGs and JMS in an Enterprise Deployment
- Recommendations for TLOGs and JMS Datasource Consolidation
- Roadmap for Configuring a JDBC Persistent Store for TLOGs
- Roadmap for Configuring a JDBC Persistent Store for JMS
- Creating a User and Tablespace for TLOGs
- Creating a User and Tablespace for JMS
- Creating GridLink Data Sources for TLOGs and JMS Stores
- Assigning the TLOGs JDBC Store to the Managed Servers
- Creating a JDBC JMS Store
- Assigning the JMS JDBC store to the JMS Servers
- Creating the Required Tables for the JMS JDBC Store
- Using File Persistent Stores for TLOGs and JMS in an Enterprise Deployment
- About JDBC Persistent Stores for Web Services
- Performing Backups and Recoveries for an Enterprise Deployment
- Configuration and Management Tasks for an Oracle Identity and Access Management Enterprise Deployment
- Considerations for Cross-Component Wiring
- Starting and Stopping Servers in Dynamic Clusters
- Expanding or Reducing Dynamic Clusters
-
Configuration and Management Tasks for All Enterprise Deployments
-
22
Using Whole Server Migration and Service Migration in an Enterprise Deployment
- About Whole Server Migration and Automatic Service Migration in an Enterprise Deployment
- Creating a GridLink Data Source for Leasing
- Configuring Whole Server Migration for an Enterprise Deployment
-
Configuring Automatic Service Migration in an Enterprise Deployment
- Setting the Leasing Mechanism and Data Source for an Enterprise Deployment Cluster
-
Configuring Automatic Service Migration for Static Clusters
- Changing the Migration Settings for the Managed Servers in the Cluster
- About Selecting a Service Migration Policy
- Setting the Service Migration Policy for Each Managed Server in the Cluster
- Validating Automatic Service Migration in Static Clusters
- Failing Back Services After Automatic Service Migration
- Configuring Automatic Service Migration for Dynamic Clusters
- 23 Scaling Procedures for an Enterprise Deployment
-
24
Configuring Single Sign-On for an Enterprise Deployment
- About Oracle Webgate
- General Prerequisites for Configuring Oracle HTTP Server WebGate
- Configuring Oracle HTTP Server 12c WebGate for an Enterprise Deployment
- Configuring Oracle Traffic Director 12c WebGate for an Enterprise Deployment
- Copying WebGates Artifacts to Web Tier
- Restarting the Oracle HTTP Server Instance
- Setting Up the WebLogic Server Authentication Providers
- Configuring Oracle ADF and OPSS Security with Oracle Access Manager
-
25
Sanity Checks
-
Sanity Checks for Oracle Access Management
- Verifying LDAP Authentication for OAM Agent Protected Application for Valid User
- Verifying LDAP Authentication Failure for OAM Agent Protected Application for Invalid Password
- Verifying LDAP Authentication Failure for OAM Agent Protected Application for Invalid Username
- Verifying Access of OAM Agent Protected Unavailable Resource
- Verifying Access of Resource that was Recently Deleted or Replaced from the Policy
-
Sanity Checks for Oracle Identity Governance
- Creating Organization
- Creating User
- Creating Role
- Managing Sandboxes
- Publishing a Sandbox
- Adding User Defined Field (UDF) in User
- Creating Disconnected Application and Provision
- Importing and Configuring DB User Management
- Creating Access Policy and Provision
- Creating End User Request for Accounts, Entitlements, and Roles
- Resetting Account Password
- Creating Certification and Approving
- Creating Identity Audit Scan Definitions and Viewing its Results
- Testing Identity Audit
-
Sanity Checks for Oracle Access Management
-
26
Troubleshooting
- Troubleshooting Oracle Traffic Director
- Troubleshooting IDMLCM Start/Stop Scripts
-
Troubleshooting Oracle Access Management Access Manager
- Access Manager Runs out of Memory
- User Reaches the Maximum Allowed Number of Sessions
- Policies Do Not Get Created When Oracle Access Management Access Manager is First Installed
- You Are Not Prompted for Credentials After Accessing a Protected Resource
- Cannot Log In to Access Management Console
- Oracle Coherence Cluster Startup Errors in WLS_AMA Server Logs
- Errors in log File when Starting OAM Servers
-
Troubleshooting Oracle Identity Governance
- java.io.FileNotFoundException When Running Oracle Identity Governance Configuration
- ResourceConnectionValidationxception When Creating User in Oracle Identity Governance
- Oracle Identity Manager Reconciliation Jobs Fail
- OIM Reconciliation Jobs Fail When Running Against Oracle Unified Directory
- Cannot Open Reports from OIM Self Service Console
- Troubleshooting Oracle SOA Suite
- Troubleshooting Integration OIGOAMIntegration.sh-configureLDAPConnector
- General Troubleshooting
-
21
Common Configuration and Management Tasks for an Enterprise Deployment