Skip Headers
Oracle® Application Server Installation Guide
10g Release 2 (10.1.2) for Solaris Operating System (SPARC)
B14088-03
  Go To Documentation Library
Home
Go To Table Of Contents
Contents
Go To Index
Index

Previous
Previous
Next
Next
 

6 Installing OracleAS Infrastructure

Table 6-1 Contents of This Chapter

Topics Procedures



6.1 Infrastructure Installation Types

Infrastructure components can be grouped into Oracle Identity Management components and the OracleAS Metadata Repository component. Table 6-2 describes these components:

Table 6-2 OracleAS Infrastructure Components

Infrastructure Components Description

Oracle Identity Management components

These components provide directory, security, and user management functionality. Some of these components have schemas in the OracleAS Metadata Repository.

  • Oracle Internet Directory

  • OracleAS Single Sign-On

  • Oracle Delegated Administration Services

  • Oracle Directory Integration and Provisioning

  • OracleAS Certificate Authority

OracleAS Metadata Repository

OracleAS Metadata Repository is a collection of schemas used by other Oracle Application Server components. The schemas can be grouped into these categories:

  • Product metadata

  • Oracle Identity Management metadata

  • Management metadata

See Section 6.11, "Contents of the OracleAS Metadata Repository" for details.


When you install the infrastructure, the installer asks if you want to install the Oracle Identity Management components, OracleAS Metadata Repository, or both. These are the installation types for the OracleAS Infrastructure:

In addition to the components listed in Table 6-2, when you install the OracleAS Infrastructure, you also get the Oracle HTTP Server, Oracle Application Server Containers for J2EE, and Oracle Enterprise Manager 10g components. These components are always installed and configured, regardless of which installation type you selected.

See the next section, Section 6.2, "Why Would I Select the Different Infrastructure Installation Types?"

6.2 Why Would I Select the Different Infrastructure Installation Types?

By separating the infrastructure into Oracle Identity Management components and OracleAS Metadata Repository, the installer enables you to install the OracleAS Infrastructure components over multiple computers. For example, you can install the OracleAS Metadata Repository on one computer, and the Oracle Identity Management components on another computer. Within the Oracle Identity Management option, you can install Oracle Identity Management components over multiple computers as well.

These options also enable you to create a new database or use an existing database for the OracleAS Metadata Repository. Selecting either the "OracleAS Metadata Repository" or the "OracleAS Metadata Repository and Oracle Identity Management" option causes the installer to create a new database and populate it with the OracleAS Metadata Repository.

To use an existing database, see Section 6.8, "Can I Use an Existing Database for the OracleAS Metadata Repository?"

6.3 Order of Installation for the Infrastructure

If you plan to install both OracleAS Metadata Repository and Oracle Identity Management components on the same computer, select the "Oracle Identity Management and OracleAS Metadata Repository" option. The installer installs the components in the proper order. See Section 6.20, "Installing OracleAS Infrastructure" for the step-by-step procedure.

If you plan to install the infrastructure components on separate computers, install them in this order:

  1. Install the OracleAS Metadata Repository.

    You can have the installer create a new database and populate it with the OracleAS Metadata Repository, or you can run the Oracle Application Server Metadata Repository Creation Assistant to install the OracleAS Metadata Repository in an existing database.

    Note that you cannot register the OracleAS Metadata Repository with Oracle Internet Directory at this point, because you do not have an Oracle Internet Directory yet. The registration is done in the next step.

    See:

  2. Install the Oracle Identity Management components.

    The installer prompts you to enter the connect information for the OracleAS Metadata Repository database.

    See Section 6.23, "Installing Oracle Identity Management Components Only (Including Oracle Internet Directory)" for the step-by-step procedure.

    The installer registers the OracleAS Metadata Repository with the newly created Oracle Internet Directory. See Section 6.10, "Registration of OracleAS Metadata Repository in Oracle Internet Directory and Password Randomization" for details about registration.

Installing Only the OracleAS Metadata Repository Does Not Give You an Oracle Application Server Instance

If you install only the OracleAS Metadata Repository when installing the infrastructure, the installer creates a new database and populates it with the OracleAS Metadata Repository schemas. This instance is different from other Oracle Application Server instances in the following ways:

6.4 Can I Install Components on Separate Computers?

You already know that you can install Oracle Application Server instances on separate computers. In addition, you can also distribute components over multiple computers. This is especially useful for infrastructure components. You might want to do this to improve performance, security, scalability, and availability of infrastructure services.

Examples:

Table 6-3 shows some possible OracleAS Infrastructure configurations:

Table 6-3 OracleAS Infrastructure Configurations

Configuration Description / How to Install
Description of infra_simple.gif follows
Description of the illustration infra_simple.gif

In this configuration, the OracleAS Metadata Repository and the Oracle Identity Management components run from the same Oracle home.

To install this configuration, install the OracleAS Metadata Repository and the Oracle Identity Management components at the same time. For installation steps, see Section 6.20, "Installing OracleAS Infrastructure".

Description of infra_mr_im.gif follows
Description of the illustration infra_mr_im.gif

In this configuration, the OracleAS Metadata Repository and the Oracle Identity Management components run on separate computers.

To install this configuration:

  1. Install the OracleAS Metadata Repository first. See Section 6.22, "Installing OracleAS Metadata Repository in a New Database".

    Alternatively, you can install the OracleAS Metadata Repository in an existing database. See Chapter 14, "Installing the OracleAS Metadata Repository in an Existing Database".

  2. Then install the Oracle Identity Management components. See Section 6.23, "Installing Oracle Identity Management Components Only (Including Oracle Internet Directory)".

Description of infra_mr_im_oid.gif follows
Description of the illustration infra_mr_im_oid.gif

In this configuration, the OracleAS Metadata Repository runs on one computer, Oracle Internet Directory runs on a second computer, and the remaining Oracle Identity Management components run on a third computer.

To install this configuration:

  1. Install the OracleAS Metadata Repository first. See Section 6.22, "Installing OracleAS Metadata Repository in a New Database".

    Alternatively, you can install the OracleAS Metadata Repository in an existing database. See Chapter 14, "Installing the OracleAS Metadata Repository in an Existing Database".

  2. Install Oracle Internet Directory. See Section 6.25, "Installing Oracle Internet Directory Only".

  3. Install the remaining Oracle Identity Management components. See Section 6.24, "Installing Oracle Identity Management Components Only (Excluding Oracle Internet Directory)".

Description of infra_oca.gif follows
Description of the illustration infra_oca.gif

In this configuration, you want OCA to use its own OracleAS Metadata Repository (for security reasons). Other Oracle Identity Management components use another OracleAS Metadata Repository.

To install this configuration:

  1. Install OracleAS Metadata Repository and Oracle Identity Management components, but not OCA.

    You can install all these items in the same Oracle home (see the first configuration), or you can distribute them. The figure shows a distributed configuration.

  2. Install OCA with its own OracleAS Metadata Repository. See Section 6.21, "Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory".


Note that if you install Oracle Identity Management components on a separate computer from OracleAS Metadata Repository, then the OracleAS Metadata Repository will need network access to the Oracle Identity Management components.

See also Chapter 15, "Recommended Topologies", which describes configurations involving multiple computers and distributed components.

6.5 Tips for Installing Oracle Identity Management Components Separately

If you are installing Oracle Identity Management components separately, keep the following guidelines in mind when choosing which components to configure in the Select Configuration Options screen:

6.6 Do I Need the Oracle Delegated Administration Services or the Oracle Directory Integration and Provisioning Components?

These components are optional, but you might want to install them because they provide the following services:

6.7 Can I Configure Components After Installation?

If you did not configure a component during installation (that is, you did not select the component in the Select Configuration Options screen), you can configure some components after installation.

You cannot configure Oracle Internet Directory after installation. You need to install and configure Oracle Internet Directory through the installer.

See Section 16.8, "Component Configuration After Installation" for details.

6.8 Can I Use an Existing Database for the OracleAS Metadata Repository?

You can install the OracleAS Metadata Repository in a new database, or in an existing database.

If you want to install the OracleAS Metadata Repository in an existing database, see Oracle Application Server Metadata Repository Creation Assistant User's Guide for details.

6.9 Can I Use an Existing Oracle Internet Directory?

You can use an existing Oracle Internet Directory instead of having the installer create a new one. You might want to do this if your applications need to authenticate users that are already stored in your Oracle Internet Directory. During the infrastructure installation, do not select "Oracle Internet Directory" in the Select Configuration Options screen.

You need to provide the connect information (hostname, port, username, password) for the existing Oracle Internet Directory.

The Oracle Internet Directory must be version 9.0.4 or later. Note that Oracle Internet Directory version 9.2.x is not supported.

To determine the Oracle Internet Directory version, make sure that Oracle Internet Directory is up and running. Then run the following command:

prompt> oidldapd -version

The oidldapd command can be found in the ORACLE_HOME/bin directory, where ORACLE_HOME is the root directory where you installed Oracle Internet Directory.

6.10 Registration of OracleAS Metadata Repository in Oracle Internet Directory and Password Randomization

The OracleAS Metadata Repository and the Oracle Internet Directory work closely together. Before you can use an OracleAS Metadata Repository (in most cases), ensure that it is registered with an Oracle Internet Directory.

An exception to this rule is when you want to use a J2EE and Web Cache middle tier with the Database-Based Farm feature but without the Oracle Identity Management Access feature. In this case, you need an OracleAS Metadata Repository, but it need not be registered with an Oracle Internet Directory.

Table 6-4 shows the scenarios where the installer automatically registers the OracleAS Metadata Repository with an Oracle Internet Directory, and the scenarios where you decide whether to register or not.

Table 6-4 Database Registration Scenarios

Scenario Registration Schema Passwords

Install and configure the OracleAS Metadata Repository and Oracle Internet Directory in the same installation session

For steps, see Section 6.20, "Installing OracleAS Infrastructure".

Automatic

Randomized

Install the OracleAS Metadata Repository against an existing Oracle Internet Directory

See Section 6.21, "Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory".

Automatic

Randomized

Install an Oracle Internet Directory against an existing OracleAS Metadata Repository

See Section 6.25, "Installing Oracle Internet Directory Only".

Automatic

Randomized (the metadata repository schemas are given new randomized passwords)

Install the OracleAS Metadata Repository only (without installing Oracle Identity Management components) and you choose to register it with Oracle Internet Directory

This scenario applies to installing it in a new database or in an existing database.

Section 6.22, "Installing OracleAS Metadata Repository in a New Database"

Chapter 14, "Installing the OracleAS Metadata Repository in an Existing Database"

Yes

Randomized

Install the OracleAS Metadata Repository only (without installing Oracle Identity Management components) and you choose not to register it with Oracle Internet Directory

This scenario applies to installing it in a new database or in an existing database.

No

The schemas are locked, and the passwords are expired.


In the last two scenarios, the installer asks you if you want to register the OracleAS Metadata Repository with an Oracle Internet Directory. If you answer yes, you provide connect information for the Oracle Internet Directory. If you answer no, the installer does not register the OracleAS Metadata Repository with an Oracle Internet Directory.


Note:

If you did not register the OracleAS Metadata Repository with an Oracle Internet Directory during installation, you can register it later using the Oracle Application Server Metadata Repository Creation Assistant. See the Oracle Application Server Metadata Repository Creation Assistant User's Guide for details.

6.11 Contents of the OracleAS Metadata Repository

The OracleAS Metadata Repository contains schemas that can be grouped into these categories:

If you are interested in seeing the names of all the schemas, see the Oracle Application Server Metadata Repository Creation Assistant User's Guide.

6.12 Can I Use Multiple Metadata Repositories?

You can install multiple metadata repositories to increase performance. This enables different components in your topology to use different metadata repositories. To use multiple metadata repositories, follow these guidelines:

Figure 6-1 shows a topology that involves two metadata repositories. It uses four computers:

Figure 6-1 Multiple Metadata Repositories in Use

Description of Figure 6-1  follows
Description of "Figure 6-1 Multiple Metadata Repositories in Use"


Notes:

  • If you are installing multiple metadata repositories on the same computer, each metadata repository must have a unique global database name and system identifier (SID).

  • If you are registering multiple metadata repositories with the same Oracle Internet Directory, each metadata repository must have a unique global database name and SID. If not, the Oracle Internet Directory Configuration Assistant will fail when you install the second metadata repository with the same name.


6.13 What High Availability Options Does Oracle Application Server Support?

Oracle Application Server can run in the following high availability environments:

See Chapter 10, "Installing in High Availability Environments: Overview" for details.

6.14 Restrictions on the Passwords for the SYS, SYSTEM, SYSMAN, and DBSNMP Users

When you install the OracleAS Metadata Repository in a new database, the installer prompts you to set the passwords for the SYS, SYSTEM, SYSMAN, and DBSNMP users, which are privileged users for the database. The passwords for these users have the following restrictions:

6.15 Support for NE8ISO8859P10 and CEL8ISO8859P14 Characters Sets

If you use characters in the NE8ISO8859P10 or CEL8ISO8859P14 character sets, make sure that your database uses the Unicode character set AL32UTF8. If you are installing a new database, select "AL32UTF8" in the Specify Database Configuration Options screen.

The reason for this is that Java does not support the NE8ISO8859P10 or CEL8ISO8859P14 character sets. If you configure the database to use a character set not supported by Java, you will get an "Unsupported IANA character encoding" error in OracleAS Portal.

6.16 What Do I Enter in the "Specify Namespace in Internet Directory" Screen?

The distinguished name (DN) that you specify on this screen will be designated as the namespace in Oracle Internet Directory where users and groups are administered.

Select the suggested namespace if it meets your deployment requirements. If not, enter a DN that you want in the custom namespace field. The installer determines the suggested namespace from the /etc/hosts file. See Section 4.10, "The /etc/hosts File".

If you plan to integrate your Oracle Identity Management components with a third-party directory, you should specify the DN of a namespace that matches the DN of the default namespace in the third-party directory. See the Oracle Internet Directory Administrator's Guide for details on integration with third-party directories.

6.17 How to Determine Port Numbers Used by Components

During installation, you might need to know port numbers used by certain Oracle Application Server components. For example, if you install OracleAS Infrastructure against an existing Oracle Internet Directory, the installer prompts for the Oracle Internet Directory hostname and port number.

You can get a list of port numbers in the following ways:

6.18 Can I Add OCA After Installation?

If you installed OracleAS Infrastructure but did not select to configure OCA, and later decide that you want to use OCA, you have to install it in a separate Oracle home. You cannot install it in an existing Oracle home.

When you install OCA in a new Oracle home, you can install it on the same or different computer as the OracleAS Infrastructure. You can also install it with its own OracleAS Metadata Repository or install it against an existing OracleAS Metadata Repository:

6.19 How to Deploy Oracle Delegated Administration Services on a Separate Host

To configure Oracle Delegated Administration Services in a separate Oracle Home, you perform a standalone installation of it. To do this, select the Identity Management installation type, and, on the Configuration Options screen, select Delegated Administration Services.

6.20 Installing OracleAS Infrastructure

Perform this procedure to install an OracleAS Metadata Repository and Oracle Identity Management components. This procedure provides a complete OracleAS Infrastructure in a single Oracle home.

If you want to use an existing Oracle Internet Directory, see Section 6.21, "Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory".

If you want to use an existing database for the OracleAS Metadata Repository, see Chapter 14, "Installing the OracleAS Metadata Repository in an Existing Database".

Table 6-5 Steps for Installing OracleAS Infrastructure


Screen Action

1.

--

Start up the installer and complete the first few screens. See Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

  • In the Select Installation Type screen, select Identity Management and Metadata Repository.

2.

Select Configuration Options

Select Oracle Internet Directory.

Select Oracle Application Server Single Sign-On.

Select Oracle Application Server Delegated Administration Services.

Select Oracle Application Server Directory Integration and Provisioning.

Select Oracle Application Server Certificate Authority (OCA) if you want to configure your own certificate authority which can issue certificates for users and servers.

Do not select High Availability and Replication.

Click Next.

3.

Specify Port Configuration Options

If you want to use default ports for the components, select Automatic.

If you do not want to use the default ports, and you have created a staticports.ini file, select Manual and enter the fullpath to your staticports.ini file.

Click Next.

4.

Specify Namespace in Internet Directory

Select the suggested namespace, or enter a custom namespace for the location of the default Oracle Identity Management realm.

Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. See Section 6.16, "What Do I Enter in the "Specify Namespace in Internet Directory" Screen?".

Click Next.

5.

OCA screens

If you select Oracle Application Server Certificate Authority (OCA) in the Select Configuration Options screen, the installer displays screens where you need to enter OCA information. See Section 6.30, "Install Fragment: OCA Screens".

6.

Oracle Database screens

Enter information for the OracleAS Metadata Repository database. See Section 6.29, "Install Fragment: Database Screens".

7.

Specify Instance Name and ias_admin Password

Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: infra

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.10, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

8.

--

Finish the installation. See Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.


6.21 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory

Perform this procedure to install Oracle Identity Management components (except Oracle Internet Directory) and the OracleAS Metadata Repository.

Prerequisite: Oracle Internet Directory version 9.0.4 or later

You would perform this procedure in cases where you already have an Oracle Internet Directory (and its associated OracleAS Metadata Repository), and you want to:

You cannot use this procedure to install other Oracle Identity Management components (OracleAS Single Sign-On, Oracle Delegated Administration Services, or Oracle Directory Integration and Provisioning). To install Oracle Identity Management components without OracleAS Metadata Repository, follow the procedure in Section 6.24, "Installing Oracle Identity Management Components Only (Excluding Oracle Internet Directory)".

Table 6-6 Steps for Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory


Screen Action

1.

--

Start up the installer and complete the first few screens. See Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

  • In the Select Installation Type screen, select Identity Management and Metadata Repository.

2.

Select Configuration Options

Do not select Oracle Internet Directory because you want to use an existing one.

Do not select Oracle Application Server Single Sign-On.

Do not select Oracle Application Server Delegated Administration Services.

Do not select Oracle Application Server Directory Integration and Provisioning.

Select Oracle Application Server Certificate Authority (OCA) if you want to configure your own certificate authority which can issue certificates for users and servers.

Do not select High Availability and Replication.

Click Next.

3.

Specify Port Configuration Options

If you want to use default ports for the components, select Automatic.

If you do not want to use the default ports, and you have created a staticports.ini file, select Manual and enter the fullpath to your staticports.ini file.

Click Next.

4.

Register with Oracle Internet Directory

Hostname: Enter the name of the computer where Oracle Internet Directory is running.

Port: Enter the port at which Oracle Internet Directory is listening. See Section 6.17, "How to Determine Port Numbers Used by Components" if you do not know the port number.

Use Only SSL Connections with this Oracle Internet Directory: Select this option if you want Oracle Application Server components to use only SSL to connect to Oracle Internet Directory.

Click Next.

5.

Specify Oracle Internet Directory Login

Username: Enter the username to log in to Oracle Internet Directory. You must log in as a user who belongs to the necessary groups in Oracle Internet Directory. Which groups are necessary depends on which components you are installing. See Section 8.3, "Groups Required to Configure or Deinstall Components" for details.

Password: Enter the password for the username.

Realm: Enter the realm against which to validate the username. This field appears only if your Oracle Internet Directory has multiple realms.

Click Next.

6.

OCA screens

If you select Oracle Application Server Certificate Authority (OCA) in the Select Configuration Options screen, the installer displays screens where you need to enter OCA information. See Section 6.30, "Install Fragment: OCA Screens".

7.

Oracle Database screens

Enter information for the OracleAS Metadata Repository database. See Section 6.29, "Install Fragment: Database Screens".

8.

Specify Instance Name and ias_admin Password

Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: infra

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.10, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

9.

--

Finish the installation. See Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.


6.22 Installing OracleAS Metadata Repository in a New Database

Perform this procedure to create a new database and populate it with the OracleAS Metadata Repository. This procedure does not install any Oracle Identity Management components.

Table 6-7 Steps for Installing OracleAS Metadata Repository in a New Database


Screen Action

1.

--

Start up the installer and complete the first few screens. See Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

  • In the Select Installation Type screen, select Metadata Repository.

2.

Select Configuration Options

For installing the OracleAS Metadata Repository in a new database, there are no configuration options.

Click Next.

3.

Register OracleAS Metadata Repository

If you already have an Oracle Internet Directory and know its connect information, select Yes and enter the name of the computer where Oracle Internet Directory is running and the port number. See Section 6.17, "How to Determine Port Numbers Used by Components" if you do not know the port number.

Use Only SSL Connections with this Oracle Internet Directory: Select this option if you want Oracle Application Server components to use only SSL to connect to Oracle Internet Directory.

If you do not have an Oracle Internet Directory, or do not know its connect information, select No.

Click Next.

4.

Specify Oracle Internet Directory Login

This screen appears only if you selected Yes in the previous screen.

Username: Enter the username for logging into Oracle Internet Directory. The user must belong to the iAS Admins group in Oracle Internet Directory.

Password: Enter the password.

Realm: This field appears only if your Oracle Internet Directory contains multiple realms. Enter the name of the realm against which to authenticate the user.

Click Next.

5.

Oracle Database screens

Enter information for the OracleAS Metadata Repository database. See Section 6.29, "Install Fragment: Database Screens".

6.

--

Finish the installation. See Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.

7.

--

Unlock the dcm schema, and set its password. This step is required only if you want to use the metadata repository for database clustering of middle-tier instances.

  1. Set the ORACLE_HOME environment variable to point to the full path of the directory where you installed the OracleAS Metadata Repository.

  2. Set the ORACLE_SID environment variable to the SID of the OracleAS Metadata Repository.

  3. Unlock the dcm schema and set its password using SQL*Plus.

    The following alter user command sets the password to "welcome1", but you can set it to any value.

    prompt> $ORACLE_HOME/bin/sqlplus "sys/password as sysdba"
    SQL> alter user dcm identified by welcome1 account unlock;
    

6.23 Installing Oracle Identity Management Components Only (Including Oracle Internet Directory)

Perform this procedure to install Oracle Identity Management components without installing an OracleAS Metadata Repository.

Follow this procedure to configure Oracle Internet Directory against a remote OracleAS Metadata Repository. You have installed the OracleAS Metadata Repository in an existing database (see Chapter 14, "Installing the OracleAS Metadata Repository in an Existing Database") or in a new database (Section 6.22, "Installing OracleAS Metadata Repository in a New Database").

Prerequisite: OracleAS Metadata Repository that is not already registered with any Oracle Internet Directory

Table 6-8 Steps for Installing Oracle Identity Management Components Only (Including Oracle Internet Directory)


Screen Action

1.

--

Start up the installer and complete the first few screens. See Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

  • In the Select Installation Type screen, select Oracle Identity Management.

2.

Select Configuration Options

Select Oracle Internet Directory.

Select Oracle Application Server Single Sign-On.

Select Oracle Application Server Delegated Administration Services and/or Oracle Application Server Directory Integration and Provisioning if you need the services provided by these components. See Section 6.6, "Do I Need the Oracle Delegated Administration Services or the Oracle Directory Integration and Provisioning Components?"

Select Oracle Application Server Certificate Authority (OCA) if you want to configure your own certificate authority which can issue certificates for users and servers.

Do not select High Availability and Replication.

Click Next.

3.

Specify Port Configuration Options

If you want to use default ports for the components, select Automatic.

If you do not want to use the default ports, and you have created a staticports.ini file, select Manual and enter the fullpath to your staticports.ini file.

Click Next.

4.

Specify Repository

Username: Enter the username to use to log in to the OracleAS Metadata Repository database. The user must have DBA privileges.

Password: Enter the user's password.

Hostname and Port: Enter the name of the computer where the database is running, and the port number at which it is listening. Use the format: host:port.

Service Name: Enter the service name of the database. Note that the service name must include the database domain name.

Example: orcl.mydomain.com

Click Next.

5.

Specify Namespace in Internet Directory

Select the suggested namespace, or enter a custom namespace for the location of the default Oracle Identity Management realm.

Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. See Section 6.16, "What Do I Enter in the "Specify Namespace in Internet Directory" Screen?".

Click Next.

6.

Enter information to configure OCA

Provide the information as prompted by the OCA screens. See Section 6.30, "Install Fragment: OCA Screens" for details.

7.

Specify Instance Name and ias_admin Password

Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: id_mgmt

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.10, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

8.

--

Finish the installation. See Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.


6.24 Installing Oracle Identity Management Components Only (Excluding Oracle Internet Directory)

Perform this procedure to install Oracle Identity Management components without installing an OracleAS Metadata Repository or Oracle Internet Directory.

Use this procedure to install additional OracleAS Single Sign-On, Oracle Delegated Administration Services, or Oracle Directory Integration and Provisioning components against an existing Oracle Internet Directory.

Prerequisites: OracleAS Metadata Repository, Oracle Internet Directory version 9.0.4 or later.

Table 6-9 Steps for Installing Oracle Identity Management Components Only (Excluding Oracle Internet Directory)


Screen Action

1.

--

Start up the installer and complete the first few screens. See Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

  • In the Select Installation Type screen, select Oracle Identity Management.

2.

Select Configuration Options

Do not select Oracle Internet Directory.

Select Oracle Application Server Single Sign-On.

Select Oracle Application Server Delegated Administration Services and/or Oracle Application Server Directory Integration and Provisioning if you need the services provided by these components. See Section 6.6, "Do I Need the Oracle Delegated Administration Services or the Oracle Directory Integration and Provisioning Components?"

Select Oracle Application Server Certificate Authority (OCA) if you want to configure your own certificate authority which can issue certificates for users and servers.

Do not select High Availability and Replication.

Click Next.

3.

Specify Port Configuration Options

If you want to use default ports for the components, select Automatic.

If you do not want to use the default ports, and you have created a staticports.ini file, select Manual and enter the fullpath to your staticports.ini file.

Click Next.

4.

Register with Oracle Internet Directory

Hostname: Enter the name of the computer where Oracle Internet Directory is running.

Port: Enter the port on which Oracle Internet Directory is listening. See Section 6.17, "How to Determine Port Numbers Used by Components" if you do not know the port number.

Use Only SSL Connections with this Oracle Internet Directory: Select this option if you want Oracle Application Server components to use only SSL to connect to Oracle Internet Directory.

Click Next.

5.

Specify Oracle Internet DirectoryLogin

Username: Enter the username to log in to Oracle Internet Directory. You must log in as a user who belongs to the necessary groups in Oracle Internet Directory. Which groups are necessary depends on which components you are installing. See Section 8.3, "Groups Required to Configure or Deinstall Components" for details.

Password: Enter the password for the username.

Realm: Enter the realm against which to validate the username. This field appears only if your Oracle Internet Directory has multiple realms.

Click Next.

6.

Specify ODS Password

Enter the password for the ODS schema in the OracleAS Metadata Repository. The ODS schema is the main schema used by Oracle Internet Directory.

By default, the ODS password is the same as the ias_admin password (the password that you entered in the Specify Instance Name and ias_admin Password screen).

Click Next.

7.

Enter information to configure OCA

Provide the information as prompted by the OCA screens. See Section 6.30, "Install Fragment: OCA Screens" for details.

8.

Specify Instance Name and ias_admin Password

Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: id_mgmt

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.10, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

9.

--

Finish the installation. See Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.


6.25 Installing Oracle Internet Directory Only

Perform this procedure to install an Oracle Internet Directory.

Prerequisite: OracleAS Metadata Repository

Table 6-10 Steps for Installing Oracle Internet Directory


Screen Action

1.

--

Start up the installer and complete the first few screens. See Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

  • In the Select Installation Type screen, select Identity Management.

2.

Select Configuration Options

Select Oracle Internet Directory.

Do not select Oracle Application Server Single Sign-On.

Do not select Oracle Application Server Delegated Administration Services.

Do not select Oracle Application Server Directory Integration and Provisioning.

Do not select Oracle Application Server Certificate Authority (OCA).

Do not select High Availability and Replication.

Click Next.

3.

Specify Port Configuration Options

If you want to use default ports for the components, select Automatic.

If you do not want to use the default ports, and you have created a staticports.ini file, select Manual and enter the fullpath to your staticports.ini file.

Click Next.

4.

Specify Repository

Username: Enter the username to use to log in to the OracleAS Metadata Repository database. The user must have DBA privileges.

Password: Enter the user's password.

Hostname and Port: Enter the name of the computer where the database is running, and the port number at which it is listening. Use the format: host:port.

Service Name: Enter the service name of the database. Note that the service name must include the database domain name.

Example: orcl.mydomain.com

Click Next.

5.

Specify Namespace in Internet Directory

Select the suggested namespace, or enter a custom namespace for the location of the default Oracle Identity Management realm.

Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. See Section 6.16, "What Do I Enter in the "Specify Namespace in Internet Directory" Screen?".

Click Next.

6.

Specify Instance Name and ias_admin Password

Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: infra

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.10, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

7.

--

Finish the installation. See Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.


6.26 Installing OCA and OracleAS Metadata Repository Only

Perform this procedure to install the OCA and the OracleAS Metadata Repository components only. This scenario is used by the Section 15.7, "OCA Topology".

Prerequisites: Oracle Internet Directory version 9.0.4 or later

Table 6-11 Steps for Installing OCA and OracleAS Metadata Repository


Screen Action

1.

--

Start up the installer and complete the first few screens. See Section 6.27, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

  • In the Select Installation Type screen, select Identity Management and OracleAS Metadata Repository.

2.

Select Configuration Options

Do not select Oracle Internet Directory because you want to use an existing one.

Do not select Oracle Application Server Single Sign-On.

Do not select Oracle Application Server Delegated Administration Services.

Do not select Oracle Application Server Directory Integration and Provisioning.

Select Oracle Application Server Certificate Authority (OCA).

Do not select High Availability and Replication.

Click Next.

3.

Specify Port Configuration Options

If you want to use default ports for the components, select Automatic.

If you do not want to use the default ports, and you have created a staticports.ini file, select Manual and enter the fullpath to your staticports.ini file.

Click Next.

4.

Register with Oracle Internet Directory

Hostname: Enter the name of the computer where Oracle Internet Directory is running.

Port: Enter the port on which Oracle Internet Directory is listening. See Section 6.17, "How to Determine Port Numbers Used by Components" if you do not know the port number.

Use Only SSL Connections with this Oracle Internet Directory: Select this option if you want Oracle Application Server components to use only SSL to connect to Oracle Internet Directory.

Click Next.

5.

Specify Oracle Internet Directory Login

Username: Enter the username to log in to Oracle Internet Directory. You must log in as a user who belongs to the Trusted Application Admins group and to the iAS Admins group in Oracle Internet Directory.

Password: Enter the password for the username.

Realm: Enter the realm against which to validate the username. This field appears only if your Oracle Internet Directory has multiple realms.

Click Next.

6.

OCA screens

Enter information to configure OCA. See Section 6.30, "Install Fragment: OCA Screens".

7.

Oracle Database screens

Enter information for the OracleAS Metadata Repository database. See Section 6.29, "Install Fragment: Database Screens".

8.

Specify Instance Name and ias_admin Password

Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.9, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: infra_oca

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.10, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

9.

--

Finish the installation. See Section 6.28, "Install Fragment: The Last Few Screens of the Installation" for details.


6.27 Install Fragment: The First Few Screens of the Installation

The first few screens of the installer are described here because they are the same for all installations. Most installation procedures in this chapter refer to this section as their starting point.

Table 6-12 First Few Screens of the Installation


Screen Action

1.

--

Start the installer. See Section 5.19, "Starting theOracle Universal Installer" for details.

2.

Welcome

Click Next.

3.

Specify Inventory Directory and Credentials

This screen appears only if this is the first installation of any Oracle product on this computer.

Enter the full path of the inventory directory: Enter a full path to the inventory directory. Enter a directory that is different from the Oracle home directory for the product files.

Example: /opt/oracle/oraInventory

Specify Operating System group name: Select the operating system group that will have write permission for the inventory directory.

Example: oinstall

Click Next.

4.

Run orainstRoot.sh

This screen appears only if this is the first installation of any Oracle product on this computer.

Run the orainstRoot.sh script in a different shell as the root user. The script is located in the oraInventory directory.

After running the script, click Continue.

5.

Specify File Locations

Name: Enter a name to identify this Oracle home. The name can consist of alphanumeric and the underscore (_) characters only, and cannot be longer than 128 characters.

Example: OH_INFRA

Path: Enter the full path to the destination directory. This is the Oracle home. If the directory does not exist, the installer creates it. If you want to create the directory beforehand, create it as the oracle user; do not create it as the root user.

Example: /opt/oracle/infra

Click Next.

6.

Specify Hardware Cluster Installation Mode

This screen appears only if the computer is part of a hardware cluster.

If you are installing an infrastructure, select the computers in the hardware cluster where you want to install the infrastructure. You can select multiple computers, or you can just select the current computer.

Click Next.

7.

Select a Product to Install

Select Oracle Application Server Infrastructure 10g.

If you need to install additional languages, click Product Languages. See Section 5.8, "Installing Additional Languages" for details.

Click Next.

8.

Select Installation Type

The options displayed on this screen depend on what you selected in the Select a Product to Install screen.

The installation types for OracleAS Infrastructure are:

  • Identity Management and Metadata Repository

  • Identity Management

  • Metadata Repository

Click Next.

If you get an error message saying that the TMP environment variable is not set, it means that the default temp directory does not have enough space. You can either set the TMP environment variable to point to a different directory or free up enough space in the default temp directory.

For details on the TMP environment variable, see Section 4.9.6, "TMP".

9.

Upgrade Existing Oracle9iAS Infrastructure

This screen appears if the installer detects an Infrastructure Release 2 (9.0.2) instance on the computer and you selected to install OracleAS Infrastructure.

This screen presents you with the option to upgrade the existing Release 2 (9.0.2) Infrastructure, or install the current version of the OracleAS Infrastructure. If you want to upgrade, see the Oracle Application Server Upgrade and Compatibility Guide.

10.

Confirm Pre-Installation Requirements

Verify that your computer meets all the requirements. Click Next.


Figure 6-2 summarizes the screen sequence.

Figure 6-2 Sequence for the First Few Screens in the Installation

Description of Figure 6-2  follows
Description of "Figure 6-2 Sequence for the First Few Screens in the Installation"

6.28 Install Fragment: The Last Few Screens of the Installation

The last few screens of the installer are described in this section because they are the same for all installations. Most installation procedures in this chapter refer to this section as their end point.

Table 6-13 Last Few Screens in the Installation


Screen Action

1.

Summary

Verify your selections and click Install.

2.

Install Progress

This screen shows the progress of the installation.

3.

Run root.sh

Note: Do not run the root.sh script until this dialog appears.

  1. When you see this dialog, run the root.sh script in a different shell as the root user. The script is located in this instance's Oracle home directory.

  2. Click OK.

4.

Configuration Assistants

This screen shows the progress of the configuration assistants. Configuration assistants configure components.

5.

End of Installation

Click Exit to quit the installer.


6.29 Install Fragment: Database Screens

If you are installing a new database for the OracleAS Metadata Repository, the installer displays the following screens:

Table 6-14 Database Screens


Screen Action

1.

Specify Database Configuration Options

Global Database Name: Enter a name for the OracleAS Metadata Repository database. Append a domain name to the database name. This domain name for the global database name can be different from your network domain name.

The domain name portion of the global database name has the following naming restrictions:

  • Can contain only alphanumeric, underscore (_), minus (-), and pound (#) characters

  • Must not be longer than 128 characters

The database name portion of the global database name has the following naming restrictions:

  • Must contain alphanumeric characters only

  • Must not be longer than eight characters

  • Must not contain PORT or HOST in uppercase characters. If you want the name to contain "host" or "port", use lowercase characters.

Example: orcl.mydomain.com

Note: Be sure that you do not enter two or more periods together, for example, orcl.mydomain.com. The installer does not check for this, and this will lead to errors later during the installation process.

SID: Enter the system identifier for the OracleAS Metadata Repository database. Typically this is the same as the global database name, but without the domain name. The SID must be unique across all databases.

SIDs have the following naming restrictions:

  • Must contain alphanumeric characters only

  • Must not be longer than eight characters

  • Must not contain PORT or HOST in uppercase characters. If you want the name to contain "host" or "port", use lowercase characters.

Example: orcl

Database Character Set: Select the character set to use. See also Section 6.15, "Support for NE8ISO8859P10 and CEL8ISO8859P14 Characters Sets".

Database File Location: Enter the full path to the parent directory for the data files directory. This parent directory must already exist, and you must have write permissions in this directory.

The installer will create a subdirectory in this parent directory, and the subdirectory will have the same name as the SID. The data files will be placed in this subdirectory.

Example: If you enter /u02/oradata, and the SID is orcl, then the data files will be located in /u02/oradata/orcl.

Click Next.

2.

Specify Database Schema Passwords

Set the passwords for these privileged database schemas: SYS, SYSTEM, SYSMAN, and DBSNMP. You can set different passwords for each schema, or you can set the same password for all the schemas.

Click Next.


6.30 Install Fragment: OCA Screens

If you select Oracle Application Server Certificate Authority (OCA) in the Select Configuration Options screen when you are installing an OracleAS Infrastructure, the installer displays the screens listed in Table 6-15.

Note that you cannot install more than one OCA against the same OracleAS Metadata Repository. When you are installing Oracle Identity Management components only against an existing OracleAS Metadata Repository, be sure that the metadata repository does not already have an instance of OCA configured against it.

Example: You install OracleAS Metadata Repository and Oracle Identity Management components including OCA on a computer. Then if you try to install additional Oracle Identity Management components (including OCA) on the same or different computer against the same OracleAS Metadata Repository, this installation would fail.

Table 6-15 OCA Screens


Screen Action

1.

Select OracleAS Metadata Repository

This screen appears only if you are configuring OCA and you are using an existing Oracle Internet Directory and you are using an existing OracleAS Metadata Repository. The Oracle Internet Directory must contain the registration for the OracleAS Metadata Repository that you want to use.

Select the OracleAS Metadata Repository that you want OCA to use.

Click Next.

2.

Specify OCA Distinguished Name

OCA uses the DN specified on this screen to populate the Issuer field of certificates that it issues.

Typical DN: Use this section if your DN uses only the attributes listed in this section. You do not have to fill in all the attributes specified in this section. Only the o (organization) attribute is required. Note that the ' (single quote) character is not a valid character in any of the attributes.

  • Common Name (CN): Enter the name that you want on the certificate. This name must be different from your hostname. Example: John Doe.

  • Organizational Unit (OU): Enter the name of your division or department. Example: Sales.

  • Organization (O)*: Enter the name of your company or organization. Example: Oracle Corporation.

  • Country (C): Select your country from the drop-down list.

Custom DN: If your DN uses attributes not listed in the Typical DN section, specify your DN in this section.

Click Next.

3.

Select OCA Key Length

Key Length (bits): Select the key length used in RSA algorithm to sign all certificates issued by OCA. Oracle recommends that you use at least a 2048-bit key length. Longer key lengths provide greater security, but require more time to issue each new certificate.

Click Next.

4.

Specify OCA Administrator's Password

Administrator's Password and Confirm Password: Specify and confirm the password for the OCA administrator. The password has the following restrictions:

  • It must contain at least eight characters.

  • It must contain at least one alphabetic character.

  • It must contain at least one non-alphabetic character (for example, a number).

  • Its first character cannot be a number.

You need this password to manage OCA. This password is also used by the OCA Configuration Assistant.

You can change the password after installation using the ocactl command. See the OCA Online Help for details.

Click Next.