This section includes the following topics:
The Oracle Identity Management Provisioning Framework which consists of the Oracle Identity Management Provisioning Wizard and related tools was developed to automate Oracle Identity Management Provisioning and reduce the time required to configure Oracle Identity Management for Oracle Fusion Applications.
The Oracle Fusion Applications Provisioning installer (faprov) is delivered with the other installers in the provisioning repository. The purpose of faprov is to create the Oracle Fusion Applications Provisioning framework consisting of the Provisioning Wizard, Provisioning Command-line interface and Provisioning-related files and utilities.
The Oracle Identity Management Provisioning tools share a repository with the Oracle Fusion Applications Provisioning tools.
The software required by Oracle Identity Management is located in the Oracle Fusion Applications repository. If the repository has not been already created, follow the instructions in Create the Oracle Fusion Applications Provisioning Repository to create one.
Ensure that the Provisioning Repository contains Java and Ant. Java should reside in a directory called jdk. Ant should reside in a directory called ant. The paths should be:
UNIX:
REPOSITORY_LOCATION/jdk REPOSITORY_LOCATION/provisioning/ant
For more information about the contents of the provisioning framework, see Table 6-3.
Before initiating the Oracle Identity Management Provisioning Framework installation, verify the following checklist:
Necessary infrastructure
Access to the server console is provided for the OS User (VNC recommended).
The provisioning repository or Oracle Database installer are available and accessible from the node where the Oracle Identity Management Provisioning Framework is installed.
Prerequisites for the host where the Oracle Identity Management Provisioning Framework is installed.
The Oracle Identity Management Provisioning Wizard is a component of the Oracle Identity Management Lifecycle Tools, which also includes the Oracle Identity Management Patching Framework. Install the tools by running an installer, which is located in the provisioning repository.
In a multi-host environment, the Oracle Identity Management Lifecycle Tools must be visible to each host in the topology.
The installation script for the Oracle Identity Management Lifecycle Tools resides in the directory:
REPOSITORY_LOCATION/installers/idmlcm/idmlcm/Disk1
where REPOSITORY_LOCATION is the Oracle Fusion Applications provisioning repository, as described in Create the Oracle Fusion Applications Provisioning Repository.
To begin installing the tools, change to that directory and start the script.
UNIX:
cd REPOSITORY_LOCATION/installers/idmlcm/idmlcm/Disk1
export JAVA_HOME=repository_location/jdk
./runInstaller -jreLoc REPOSITORY_LOCATION/jdk
Then proceed as follows in Table 6-1:
Table 6-1 Oracle Identity Management Lifecycle Tools Installation Screen Flow
| Screen | Description and Action Required |
|---|---|
|
Specify Inventory Directory (UNIX) |
If this is the first Oracle installation on this host, specify the location of the Inventory Directory. The inventory directory is used by the installer to keep track of all Oracle products installed on this host In the Operating System Group Name field, select the group whose members need to be granted access to the inventory directory. All members of this group can install products on this host. Click OK to continue. The Inventory Location Confirmation dialog prompts to run the
The standard location for this file is Note: In Solaris platforms, the following error message may appear at the end of execution of the ERROR: ./createCentralInventory.sh: line 53: syntax error at line 54: 'zero byte' unexpected Ignore the error and proceed further. To continue the installation without Click OK to continue. |
|
Welcome |
No action is necessary on this read-only screen. Click Next to continue. |
|
Install Software Updates |
Search the latest software updates, including important security updates, via a My Oracle Support account.
|
|
Prerequisite Checks |
An analysis of the host computer is performed to ensure that specific operating system prerequisites have been met. If any prerequisite check fails, the screen displays a short error message at the bottom. Fix the error and click Retry. To ignore the error or warning message, click Continue. Click Abort to stop the prerequisite check process for all components. Click Next to continue. |
|
Specify Installation Location |
Specify a location where the provisioning framework is installed. Enter the following information:
The installation process creates a logical directory called the Oracle home. This location is where software binaries are stored. No runtime process can write to this directory. The directory must initially be empty. Click Next to continue. |
|
Installation Summary |
A summary of the selections made during this installation session is presented. To change this configuration before installing, select a screen from the left navigation pane or click Back to return to a previous screen. Click Save to create a text file (response file) to use to perform the same installation later. Click Install to begin installing this configuration. |
|
Installation Progress |
The progress indicator shows the percentage of the installation that is complete, and indicates the location of the installation log file. Click Next when the progress indicator shows 100 percent. |
|
Installation Complete |
A summary of the installation that was just completed is presented. To save the details to a text file, click Save and indicate a directory to save the file. Click Finish to dismiss the screen and exit the installer. |
The Oracle Fusion Applications Provisioning installer (faprov) is delivered with the other installers in the provisioning repository. The purpose of faprov is to create the Oracle Fusion Applications Provisioning framework, which contains the following components:
Provisioning Wizard: A question-and-answer interview that guides through the process of installing a database, creating or updating a response file, and provisioning or deinstalling an Oracle Fusion Applications environment.
WARNING: Run the Provisioning Wizard on the primordial host to create a provisioning response file. If the Provisioning Wizard is run on a non-primordial host to create a provisioning response file, the validation assumes that the host is the primordial host. Ensure that the validation errors are interpreted correctly as they may not be applicable to the non-primordial host.
WARNING: When provisioning a new environment, run only the Provisioning Wizard on the primordial host and the Provisioning Command-line Interface on non-primordial hosts
Provisioning Command-Line Interface (CLI): Used for starting the wizard and running installation phases on the Primary host, Secondary host, and DMZ host (when present).
Provisioning-Related Files and Utilities: The ANT utilities, binary files, library files, templates, locations of saved response files and provisioning build scripts, and other provisioning utilities required for performing provisioning tasks.
Because the provisioning installer is a customized version of the Oracle Universal Installer (OUI), its behavior closely resembles that of the OUI.
Before initiating the Oracle Fusion Applications provisioning framework installation, verify the following checklist:
Necessary infrastructure
Access to the server console is provided for the OS User (VNC recommended).
The provisioning repository or Oracle Database installer are available and accessible from the node where the Oracle Fusion Applications provisioning framework is installed.
Prerequisites for the host where the Oracle Fusion Applications provisioning framework is installed.
To install the provisioning framework, locate the directory REPOSITORY_LOCATION/installers/faprov/Disk1 and run the script, runInstaller or setup.exe, depending on the hardware platform. Note that REPOSITORY_LOCATION is the directory where the provisioning repository was created.
WARNING: Do not run the scripts, runInstaller or setup.exe, located in REPOSITORY_LOCATION/installers/fusionapps/Disk1. These scripts are used and run by the Provisioning Wizard and Provisioning Command-line Interface when needed. They are not meant for installing the provisioning framework.
Table 6-2 lists the steps for running the provisioning framework installer.
Table 6-2 Provisioning Framework Installation Screen Flow
| Screen | Description and Action Required |
|---|---|
|
Specify Inventory Directory (UNIX) |
If this is the first Oracle installation on this host, specify the location of the Inventory Directory. The inventory directory is used by the installer to keep track of all Oracle products installed on this host Tip: This value is available in the Oracle Fusion Applications Installation Workbook , Storage tab, Inventories table, FA Provisioning Framework row. In the Operating System Group Name field, select the group whose members need to be granted access to the inventory directory. All members of this group can install products on this host. Click OK to continue. Tip: This value is available in the Oracle Fusion Applications Installation Workbook, Storage tab, Shared Storage table, FA Shared row, OS Group Owner column. The Inventory Location Confirmation dialog prompts to run the
The standard location for this file is Note: In Solaris platforms, the following error message may appear at the end of execution of the ERROR: ./createCentralInventory.sh: line 53: syntax error at line 54: 'zero byte' unexpected Ignore the error and proceed further. To continue the installation without Click OK to continue. |
|
Welcome |
No action is necessary on this read-only screen. Click Next to continue. |
|
Prerequisite Checks |
An analysis of the host computer is performed to ensure that specific operating system prerequisites have been met. If any prerequisite check fails, the screen displays a short error message at the bottom. Fix the error and click Retry. To ignore the error or warning message, click Continue. Click Abort to stop the prerequisite check process for all components. Click Next to continue. |
|
Installation Location |
In the Location field, specify where the provisioning framework is installed. This is the location where the Provisioning Wizard and the start command for provisioning are installed. This location is denoted as FAPROV_HOME. Choose any location if it is on a shared disk in a location that is accessible to all hosts in the new environment. Tip: This value is available in the Oracle Fusion Applications Installation Workbook, Storage tab, Install Directories table, FA Provisioning Framework Location row. The installation process creates a logical directory called the Oracle home. This location is where software binaries are stored. No runtime process can write to this directory. The directory must initially be empty. Click Next to continue. |
|
Installation Summary |
Summarizes the selections made during this installation session. To change this configuration before installing, select one of the screens from the left navigation pane or click Back to return to a previous screen. Click Save to create a text file (response file) that can be used to perform the same installation later. Click Install to begin installing this configuration. |
|
Installation Progress |
The progress indicator shows the percentage of the installation that is complete, and indicates the location of the installation log file. Click Next when the progress indicator shows 100 percent. |
|
Installation Complete |
Summarizes the installation just completed. To save the details to a text file, click Save and indicate a directory where to save the file. Click Finish to dismiss the screen and exit the installer. |
Table 6-3 shows the components in the FAPROV_HOME/provisioning directory.
Table 6-3 Contents of the Provisioning Framework
| Component Type | Component Name | General Use |
|---|---|---|
|
ANT |
ant |
Java processes for installing binaries, configuring domains and subsystems (JDBD and SOA composites), deploying applications, and domain startup |
|
Binary files |
bin |
Executable files, compiled programs, system files, spreadsheets, compressed files, and graphic (image) files |
|
Library files |
lib |
Previously defined functions that have related functionality or are commonly used, stored in object code format |
|
Location of saved response files |
provisioning-response file |
Location for completed or partially completed response files |
|
Location of provisioning build scripts |
provisioning-build |
Location for build scripts that are available when called for during the provisioning of an environment |
|
Location of templates |
template |
Start parameters, single sign-on configuration, and database templates |
|
Location of utility files |
util |
Other provisioning utilities |
The web tier contains Oracle HTTP Server, which can be installed on the same shared file system (inside the firewall) as the other components, or exist on a host in a DMZ. If the web tier is installed in a DMZ, the web tier host cannot be the same as any other host deployed, regardless of domain.
Installing the web tier in a DMZ enables to impose more restrictions on communication within the portion of the system that is within the firewall, including the following:
The DMZ host cannot access the shared storage that is accessible by the hosts within the firewall (in the APPLICATIONS_BASE area where the Middleware homes are installed or the shared area).
The DMZ host may not be able to communicate with the CommonDomain AdminServer through the firewall. If this is the case, web tier running on the DMZ is non-managed; that is, it is not associated with the CommonDomain running inside the firewall.
However, the APPLICATIONS_BASE (Oracle Fusion Applications) or IDM_BASE (Oracle Identity Management) file path and the directory structure under it remain the same on the DMZ host as for the other hosts that exist inside the firewall.
To set up and configure the web tier in DMZ, go to the web tier host and follow these directions:
WARNING: On a DMZ host, do not have any symlink or mount points that point to a repository or APPLICATIONS_BASE residing inside the firewall, that is, the repository and APPLICATIONS_BASE should be accessible from the DMZ host.
IDMLCM_HOME or FAPROV_HOME) to the DMZ host.<APPLICATIONS_BASE>/provisioning/plan/provisioning.plan) on the DMZ host.Install the Oracle Identity Management and Oracle Fusion Applications database. See Install Databases for Oracle Identity Management.
Consider installing Oracle Enterprise Governance, Risk and Compliance (GRC) with Oracle Fusion Applications. Although not required, GRC can serve as part of the user provisioning flow to ensure that proper controls for security exist.