Skip Headers

Oracle® Application Server Installation Guide
10g Release 2 (10.1.2) for hp HP-UX PA-RISC (64-bit), and Linux x86
Part No. B14141-02
  Go To Documentation Library
Home		 Go To Table Of Contents
Contents
Previous
Previous 		Next
Next 		 

12 Installing in High Availability Environments: OracleAS Cluster (Identity Management)

This chapter describes how to install Oracle Application Server in OracleAS Cluster (Identity Management) configurations.

12.1 OracleAS Cluster (Identity Management): Introduction

In OracleAS Cluster (Identity Management) configurations, the Identity Management components and the OracleAS Metadata Repository run on separate nodes. All the nodes in an OracleAS Cluster (Identity Management) configuration are active. Requests from clients, such as middle tiers, are directed to a load balancer, which then directs the requests to one of the active nodes. See Figure 12-1.

These nodes can belong to a hardware cluster, but this is not required.

These configurations are called "OracleAS Cluster (Identity Management)" because the OracleAS Single Sign-On and Oracle Delegated Administration Services components are clustered. This means that these components are configured identically across nodes.

Database (OracleAS Metadata Repository) Requirement

You need an existing Real Application Clusters or cold failover cluster database. You will install the OracleAS Metadata Repository on this database using the OracleAS Metadata Repository Creation Assistant.


Note:

For OracleAS Cluster (Identity Management) configurations, you never select the "Identity Management and OracleAS Metadata Repository" option in the installer. You always select the Identity Management option. This is why you need an existing database for the OracleAS Metadata Repository.

Always Select the Same Components

Because the installer clusters the components in an OracleAS Cluster (Identity Management) configuration, you need to select the same components in the Select Configuration Options screen for all the nodes in the cluster.

For example, if you select Oracle Internet Directory, OracleAS Single Sign-On, and Oracle Delegated Administration Services for the installation on node 1, then you have to select the same set of components in subsequent installations.

Clustering will fail if you select different components in each installation.

Configurations

You can install OracleAS Cluster (Identity Management) in these configurations:

12.2 Pre-Installation Steps for OracleAS Cluster (Identity Management)

Before installing an OracleAS Cluster (Identity Management) configuration, you need to set up the following items:

12.2.1 Use the Same Path for the Oracle Home Directory (recommended)

For all the nodes that will be running Identity Management components, use the same full path for the Oracle home. This practice is recommended, but not required.

12.2.2 Synchronize Clocks on All Nodes

Synchronize the system clocks on all nodes.

12.2.3 Configure Virtual Server Names and Ports for the Load Balancer

Configure your load balancer with two virtual server names and associated ports:

  • Configure a virtual server name for LDAP connections. For this virtual server, you need to configure two ports: one for SSL and one for non-SSL connections.


    Note:

    Ensure that the same ports that you configured for the LDAP virtual server are available on the nodes on which you will be installing Oracle Internet Directory.

    The installer will configure Oracle Internet Directory to use the same port numbers that are configured on the LDAP virtual server. In other words, Oracle Internet Directory on all the nodes and the LDAP virtual server will use the same port number.


  • Configure a virtual server name for HTTP connections. For this virtual server, you also need to configure two ports: one for SSL and one for non-SSL connections.


    Note:

    The ports for the HTTP virtual server can be different from the Oracle HTTP Server Listen ports.

The installer will prompt you for the virtual server names and port numbers.

In addition, check the following:

  • Check that the virtual server names are associated with IP addresses and are part of your DNS. The nodes that will be running Oracle Application Server must be able to access these virtual server names.

12.2.4 Configure Your LDAP Virtual Server to Direct Requests to Node 1 Initially

Note that this procedure applies only to the LDAP virtual server configured on your load balancer. This does not apply to the HTTP virtual server configured on your load balancer.

Before you start the installation, configure your LDAP virtual server to direct requests to node 1 only. After you complete an installation on a node, then you can add that node to the virtual server.

For example, if you have three nodes:

  1. Configure the LDAP virtual server to direct requests to node 1 only.

  2. Install Identity Management components on node 1.

  3. Install Identity Management components on node 2.

  4. Add node 2 to the LDAP virtual server.

  5. Install Identity Management components on node 3.

  6. Add node 3 to the LDAP virtual server.

12.2.5 Set up Cookie Persistence on the Load Balancer

On your load balancer, set up cookie persistence for HTTP traffic. Specifically, set up cookie persistence for URIs starting with /oiddas/. This is the URI for Oracle Delegated Administration Services. If your load balancer does not allow you to set cookie persistence at the URI level, then set the cookie persistence for all HTTP traffic. In either case, set the cookie to expire when the browser session expires. Refer to your load balancer documentation for details.

12.3 About Oracle Internet Directory Passwords

In OracleAS Cluster (Identity Management) configurations, you install Oracle Internet Directory on multiple nodes, and in each installation, you enter the instance password in the "Specify Instance Name and ias_admin Password" screen.

The password specified in the first installation is used as the password for the cn=orcladmin and orcladmin users not just in the first Oracle Internet Directory, but in all Oracle Internet Directory installations in the cluster.

This means that to access the Oracle Internet Directory on any node, you have to use the password that you entered in the first installation. You cannot use the passwords that you entered in subsequent installations.

Accessing the Oracle Internet Directory includes:

You still need the passwords that you entered in subsequent installations for logging into Application Server Control.

12.4 About Configuring SSL and Non-SSL Ports for Oracle HTTP Server

When you are installing OracleAS Cluster (Identity Management) configurations, the installer displays the "Specify HTTP Load Balancer Host and Listen Ports" screen.

This screen has two sections:

You use this screen to set up the type of communication (SSL or non-SSL) between client, load balancer, and Oracle HTTP Server. Three cases are possible:


Note:

Because the values you specify in this dialog override the values specified in the staticports.ini file, you should not specify port numbers for the Oracle HTTP Server Listen port in the staticports.ini file.

12.4.1 Case 1: Client ---[HTTP]---> Load Balancer ---[HTTP]---> Oracle HTTP Server

HTTP Listener: Port: Enter the port number that you want to use as the Oracle HTTP Server Listen port. This will be the value of the Listen directive in the httpd.conf file. Enable SSL: Do not select this option. The installer tries the default port number for the SSL port.

HTTP Load Balancer: Hostname: Enter the name of the virtual server on the load balancer configured to handle HTTP requests.

HTTP Load Balancer: Port: Enter the port number that the HTTP virtual server listens on. This will be the value of the Port directive in the httpd.conf file. Enable SSL: Do not select this option.

Example

Table 12-1 Example for Case 1

Values in Screen Resulting Values in Configuration Files
HTTP Listener: Port: 8000

Enable SSL: Unchecked

HTTP Load Balancer: Port: 80

Enable SSL: Unchecked

In httpd.conf: 
Port 80
Listen 8000

In ssl.conf: 

Port <default port number assigned by installer>
Listen <default port number assigned by installer>

12.4.2 Case 2: Client ---[HTTPS]---> Load Balancer ---[HTTPS]---> Oracle HTTP Server

HTTP Listener: Port: Enter the port number that you want Oracle HTTP Server to listen on. This will be the value of the Listen directive in the ssl.conf file. Enable SSL: Select this option.

HTTP Load Balancer: Hostname: Enter the name of the virtual server on the load balancer configured to handle HTTPS requests.

HTTP Load Balancer: Port: Enter the port number that the HTTP virtual server listens on. This will be the value of the Port directive in the ssl.conf file. Enable SSL: Select this option.

In opmn.xml, the installer sets the ssl-enabled line in the Oracle HTTP Server section to true.

Example

Table 12-2 Example for Case 2

Values in Screen Resulting Values in Configuration Files
HTTP Listener: Port: 90

Enable SSL: Checked

HTTP Load Balancer: Port: 443

Enable SSL: Checked

In httpd.conf: 
Port <default port number assigned by installer>
Listen <default port number assigned by installer>

In ssl.conf: 

Port 443
Listen 90

12.4.3 Case 3: Client ---[HTTPS]---> Load Balancer ---[HTTP]---> Oracle HTTP Server

HTTP Listener: Port: Enter the port number that you want Oracle HTTP Server to listen on. This will be the value of the Listen directive in the httpd.conf file. Enable SSL: Do not select this option.

HTTP Load Balancer: Hostname: Enter the name of the virtual server on the load balancer configured to handle HTTPS requests.

HTTP Load Balancer: Port: Enter the port number that the HTTP virtual server listens on. This will be the value of the Port directive in the httpd.conf file. Enable SSL: Select this option.

The installer will change the following lines:

  • In opmn.xml, the installer sets the ssl-enabled line in the Oracle HTTP Server section to true.

  • In httpd.conf, the installer adds the following lines: 

    LoadModule certheaders_module libexec/mod_certheaders.so
SimulateHttps on

Example

Table 12-3 Example for Case 3

Values in Screen Resulting Values in Configuration Files
HTTP Listener: Port: 9000

Enable SSL: Unchecked

HTTP Load Balancer: Port: 443

Enable SSL: Checked

In httpd.conf: 
Port 443
Listen 9000

In ssl.conf: 

Port <default port number assigned by installer>
Listen <default port number assigned by installer>

12.5 Installing an OracleAS Cluster (Identity Management) Configuration

In this configuration, you need an existing database that is already running in a high availability environment, such as a Real Application Clusters database. You also need additional nodes (at least two nodes) to run Identity Management components. In this configuration, Oracle Internet Directory, OracleAS Single Sign-On, and Oracle Delegated Administration Services run on each node. If you want to distribute these components, see Section 12.6, "Installing a Distributed OracleAS Cluster (Identity Management) Configuration".

These nodes are accessed through a load balancer. See Figure 12-1.

You install the OracleAS Metadata Repository in your existing database, then install Identity Management components against this database.

Figure 12-1 OracleAS Cluster (Identity Management) Configuration

Description of multibox.gif follows
Description of the illustration multibox.gif

Subsections:

12.5.1 Installation Order

To create an OracleAS Cluster (Identity Management) configuration:

  1. Install the OracleAS Metadata Repository in your existing database.

  2. Install the Identity Management on each node. You run the installer on each node separately.

  3. Install middle tiers.

12.5.2 Installing OracleAS Metadata Repository

To install the OracleAS Metadata Repository in your existing database, you use the OracleAS Metadata Repository Creation Assistant. See the Oracle Application Server Metadata Repository Creation Assistant User's Guide for details.

12.5.3 Installing OracleAS Cluster (Identity Management) on the First Node

Run the installer on each node where you want to install Identity Management components.

Note that the procedure for installing Identity Management components on the first node is different from installing the components on subsequent nodes. To install the components on subsequent nodes, see Section 12.5.4, "Installing OracleAS Cluster (Identity Management) on Subsequent Nodes".

Subsections:

12.5.3.1 Create staticports.ini File

If you want to use custom ports for components other than Oracle HTTP Server or Oracle Internet Directory, you need to create a staticports.ini file for this installation.

If you want custom ports for Oracle HTTP Server or Oracle Internet Directory, you specify them in the "Specify HTTP Load Balancer Host and Listen Ports" and the "Specify LDAP Virtual Host and Listen Ports" screens.

If you specify custom ports for Oracle HTTP Server and Oracle Internet Directory also in the staticports.ini file, and you also specify ports in the screens mentioned above, the ports specified in the screens take precedence.

To avoid specifying Oracle HTTP Server and Oracle Internet Directory ports in the staticports.ini file, the staticports.ini file must not contain these lines: 

Oracle HTTP Server port = port_num
Oracle HTTP Server Listen port = port_num
Oracle HTTP Server SSL port = port_num
Oracle HTTP Server Listen (SSL) port = port_num
Oracle Internet Directory port = port_num
Oracle Internet Directory (SSL) port = port_num

If you have a staticports.ini file, you should also use the same file for installations on subsequent nodes.

12.5.3.2 Ensure that the OracleAS Metadata Repository Is Not Registered with any Oracle Internet Directory

When you perform the installation on the first node, you need to specify an OracleAS Metadata Repository that is not registered with any Oracle Internet Directory. The installer checks for this. If the installer finds that the OracleAS Metadata Repository is already registered with an Oracle Internet Directory, then it assumes that you are installing on subsequent nodes, and that you want to join the cluster that was created when you installed on the first node. It prompts you for the existing cluster name, and the connect information for the Oracle Internet Directory.

12.5.3.3 Select the Same Components for Each Node

You must select the same components in the Select Configuration Options screen when installing on each node. For example, if you select Oracle Internet Directory, OracleAS Single Sign-On, and Oracle Delegated Administration Services on the first node, you must select these same set of components on subsequent nodes.

12.5.3.4 Run the Installer

Follow the steps in Table 12-4.

Key Points for Installing on the First Node

  • In the Select Configuration Options screen, select High Availability and Replication, in addition to selecting the components.

  • In the Select High Availability or Replication Option screen, select OracleAS Cluster (Identity Management).

Table 12-4 Steps for Installing OracleAS Cluster (Identity Management) on the First Node


 Screen Action
1. -- Start up the installer and complete the first few screens. See Section 6.26, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

In the Select Installation Type screen, select Identity Management.

2. Select Configuration Options Select Oracle Internet Directory.

Select OracleAS Single Sign-On.

Select OracleAS Delegated Administration Services.

Select OracleAS Directory Integration and Provisioning.

Do not select OracleAS Certificate Authority (OCA).

Select High Availability and Replication.

Click Next.

3. Specify Port Configuration Options Select Manual and enter the fullpath to your staticports.ini file in the provided field. You need to use staticports.ini file for OracleAS Cluster (Identity Management) configurations. See Section 12.5.3.1, "Create staticports.ini File".

Click Next.

4. Specify Repository When you install on the first node, you need to specify an OracleAS Metadata Repository that is not registered with an Oracle Internet Directory. When you install on subsequent nodes, then the OracleAS Metadata Repository is registered with the Oracle Internet Directory on the first node.

Username: Enter the username to use to log in to the OracleAS Metadata Repository database. The user must have DBA privileges.

Password: Enter the user's password.

Hostname and Port: Enter the names of all the nodes where the Real Application Clusters database is running, and the port numbers. Use the format: 

host1.domain.com:port1, host2.domain.com:port2, ...

Service Name: Enter the service name of the database. Note that the service name must include the database domain name.

Example: asdb.mydomain.com

Click Next.

5. Select High Availability or Replication Option Select OracleAS Cluster (Identity Management), and click Next.
6. Specify New OracleAS Cluster Name Enter a name for the new OracleAS Cluster (Identity Management).

Example: cluster1

Click Next.

7. Specify Namespace in Internet Directory Select the suggested namespace, or enter a custom namespace for the location of the default Identity Management realm.

Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. See Section 6.16, "What Do I Enter in the "Specify Namespace in Internet Directory" Screen?".

Click Next.

8. Specify LDAP Virtual Host and Ports The values you enter in this screen depend on your scenario. There are two possible scenarios:

Scenario 1: You have configured a virtual server on your load balancer to handle LDAP traffic from Oracle Delegated Administration Services and OracleAS Single Sign-On to Oracle Internet Directory.

Scenario 2: You do not have a load balancer.

Hostname: In scenario 1, enter the name of the virtual server in this field. In scenario 2, enter the name of the computer running Oracle Internet Directory.

Notes on the port values (see Section 12.2.3, "Configure Virtual Server Names and Ports for the Load Balancer" for details):

  • The port numbers specified on this screen take precedence over the Oracle Internet Directory port numbers specified in the staticports.ini file.

  • The same port numbers will be used for the Oracle Internet Directory on subsequent nodes and for the load balancer.

SSL Port: In scenario 1, enter the port configured on the virtual server to handle SSL LDAP connections. In scenario 2, enter the port that you want Oracle Internet Directory to use for SSL connections. The standard port number for SSL LDAP connections is 636, but you can use any port that you want.

Non-SSL Port: In scenario 1, enter the port configured on the virtual server to handle non-SSL LDAP connections. In scenario 2, enter the port that you want Oracle Internet Directory to use for non-SSL connections. The standard port number for non-SSL LDAP connections is 389, but you can use any port that you want.

Click Next.

9. Specify HTTP Load Balancer Host and Ports See Section 12.4, "About Configuring SSL and Non-SSL Ports for Oracle HTTP Server" for details.

HTTP Listener: Port: Enter the port number that you want Oracle HTTP Server to listen on. Enable SSL: Select this option if you want to configure Oracle HTTP Server for SSL on this port.

HTTP Load Balancer: Hostname: Enter the name of the HTTP virtual server configured on your load balancer.

HTTP Load Balancer: Port: Enter the port for the HTTP virtual server. Enable SSL: Select this option if this port is for SSL communications only.

Click Next.

10. Specify Instance Name and ias_admin Password Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.7, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: idmgmt_10_1_2

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.8, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

11. -- Finish the installation. See Section 6.27, "Install Fragment: The Last Few Screens of the Installation" for details.

12.5.4 Installing OracleAS Cluster (Identity Management) on Subsequent Nodes

You run the installer on each node where you want to install Identity Management components. Use this procedure to install Identity Management components on nodes other than the first. For the first node, see Section 12.5.3, "Installing OracleAS Cluster (Identity Management) on the First Node".

Key Points for Installing on Subsequent Nodes

  • Use the same staticports.ini file that you used for installing on the first node to ensure that the same component on all nodes uses the same port number.

  • In the Specify HTTP Load Balancer Host and Ports screen, enter the name of the HTTP virtual server of the load balancer, and the associated port. You also enter the port number for Oracle HTTP Server on this screen.

Follow the steps in Table 12-5.

Table 12-5 Steps for Installing OracleAS Cluster (Identity Management) on Subsequent Nodes


 Screen Action
1. -- Start up the installer and complete the first few screens. See Section 6.26, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

In the Select Installation Type screen, select Identity Management.

2. Select Configuration Options Select Oracle Internet Directory.

Select OracleAS Single Sign-On.

Select OracleAS Delegated Administration Services.

Select OracleAS Directory Integration and Provisioning.

Do not select OracleAS Certificate Authority (OCA).

Select High Availability and Replication.

Click Next.

3. Specify Port Configuration Options Select Manual and enter the fullpath to your staticports.ini file in the provided field. You need to use staticports.ini file for OracleAS Cluster (Identity Management) configurations. See Section 12.5.3.1, "Create staticports.ini File".

Click Next.

4. Specify Repository When you install on the first node, you need to specify an OracleAS Metadata Repository that is not already registered with an Oracle Internet Directory. When you install on subsequent nodes, then the OracleAS Metadata Repository is registered with the Oracle Internet Directory on the first node.

Username: Enter the username to use to log in to the OracleAS Metadata Repository database. The user must have DBA privileges.

Password: Enter the user's password.

Hostname and Port: Enter the names of all the nodes where the Real Application Clusters database is running, and the port numbers. Use the format: 

host1.domain.com:port1, host2.domain.com:port2, ...

Service Name: Enter the service name of the database. Note that the service name must include the database domain name.

Example: asdb.mydomain.com

Click Next.

5. Warning This warning reminds you that you are installing this instance as part of an OracleAS Cluster (Identity Management), and that you need to synchronize the clocks on the nodes in the cluster. See Section 12.2.2, "Synchronize Clocks on All Nodes". Click OK.
6. Specify Existing OracleAS Cluster Name Specify an existing OracleAS Cluster (Identity Management) for the current instance to join. The cluster was created during a previous identical installation.

Example: cluster1

Click Next.

7. Specify ODS Password Enter the password for the ODS schema in the OracleAS Metadata Repository. The ODS schema is the main schema used by Oracle Internet Directory.

By default, the ODS password is the same as the ias_admin password (the password that you entered in the Specify Instance Name and ias_admin Password screen).

Click Next.

8. Specify OID Login Username: Enter the username to log in to Oracle Internet Directory. You need to log in as the Oracle Internet Directory superuser (cn=orcladmin).

Password: Enter the password for the username.

Realm: Enter the realm against which to validate the username. This field appears only if your Oracle Internet Directory has multiple realms.

Click Next.

9. Specify HTTP Load Balancer Host and Ports See Section 12.4, "About Configuring SSL and Non-SSL Ports for Oracle HTTP Server" for details.

HTTP Listener: Port: Enter the port number that you want Oracle HTTP Server to listen on. Enable SSL: Select this option if you want to configure Oracle HTTP Server for SSL on this port.

HTTP Load Balancer: Hostname: Enter the name of the HTTP virtual server configured on your load balancer.

HTTP Load Balancer: Port: Enter the port for the HTTP virtual server. Enable SSL: Select this option if this port is for SSL communications only.

Click Next.

10. Specify Instance Name and ias_admin Password Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.7, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: idmgmt_10_1_2

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.8, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

11. -- Finish the installation. See Section 6.27, "Install Fragment: The Last Few Screens of the Installation" for details.

12.5.5 If the Cluster Configuration Assistant Failed

If the Cluster Configuration Assistant failed, you can cluster the instance after installation. In this case, to cluster the instance, you must use the "dcmctl joincluster" command instead of Application Server Control. You cannot use Application Server Control in this case because Application Server Control cannot cluster instances that contain disabled components. In this case, the "home" OC4J instance is disabled.

12.6 Installing a Distributed OracleAS Cluster (Identity Management) Configuration

In this configuration, you need an existing database that is already running in a high availability environment, such as a Real Application Clusters database. This database will contain the OracleAS Metadata Repository.

You also need two nodes to run OracleAS Single Sign-On and Oracle Delegated Administration Services components, and two additional nodes to run Oracle Internet Directory. These nodes are accessed through load balancers. See Figure 12-2.

Oracle Directory Integration and Provisioning Is Started on the First Node Only

The installer starts Oracle Directory Integration and Provisioning only on the first node, even though you selected it on subsequent nodes as well. On subsequent nodes, the installer configures Oracle Directory Integration and Provisioning, but does not start it.

If You Want Oracle Internet Directory to Listen on SSL Ports Only

If you want Oracle Internet Directory to listen on SSL ports only, perform this configuration after you have installed OracleAS Single Sign-On and Oracle Delegated Administration Services. You need Oracle Internet Directory to be listening on both SSL and non-SSL ports when you install OracleAS Single Sign-On and Oracle Delegated Administration Services.

Figure 12-2 Distributed OracleAS Cluster (Identity Management) Configuration

Description of multibox-dist.gif follows
Description of the illustration multibox-dist.gif

Subsections:

12.6.1 Installation Order

To create a distributed OracleAS Cluster (Identity Management) configuration:

  1. Install OracleAS Metadata Repository in your existing database.

  2. Install Oracle Internet Directory on each node. You run the installer on each node separately.


    Note:

    If you want to configure Oracle Internet Directory to listen on SSL ports only, perform this configuration after you have installed OracleAS Single Sign-On and Oracle Delegated Administration Services. Oracle Internet Directory needs to be listening on both SSL and non-SSL ports when you install OracleAS Single Sign-On and Oracle Delegated Administration Services.

  3. Install OracleAS Single Sign-On and Oracle Delegated Administration Services on each node. You run the installer on each node separately.

  4. Install middle tiers.

12.6.2 Installing OracleAS Metadata Repository

To install the OracleAS Metadata Repository in your existing database, you use the OracleAS Metadata Repository Creation Assistant. See the Oracle Application Server Metadata Repository Creation Assistant User's Guide for details.

12.6.3 Installing Oracle Internet Directory on the First Node

You run the installer on each node separately to install the Identity Management components.

12.6.3.1 Set up staticports.ini File

When installing Oracle Internet Directory on the first node, you do not need a load balancer. You can set up and configure the load balancer later. However you must ensure that the port numbers used by Oracle Internet Directory and by the load balancer are the same.

To do this, create a staticports.ini file to specify port numbers that you want Oracle Internet Directory to use. Your load balancer will use the same port numbers for LDAP communications. The staticports.ini file should contain these lines: 

Oracle Internet Directory port = port_num
Oracle Internet Directory (SSL) port = port_num

12.6.3.2 Select the Same Components for Each Installation

If you are setting up the second node as a failover to the first node, then you must select the same set of components in the Select Configuration Options screen for each installation. For example, if you select Oracle Internet Directory and Oracle Directory Integration and Provisioning on the first node, you need to select them when installing on subsequent nodes.

12.6.3.3 Start the Installer

To install Oracle Internet Directory on the first node, follow the steps in Table 12-6.

To install Oracle Internet Directory on subsequent nodes, see Section 12.6.4, "Installing Oracle Internet Directory on Subsequent Nodes".

Key Points

  • You must select the same components in the Select Configuration Options screen on all nodes. For example, if you select both Oracle Internet Directory and Oracle Directory Integration and Provisioning on the first node, you must select them on subsequent nodes in this tier.

Table 12-6 Steps for Installing Oracle Internet Directory in a Distributed OracleAS Cluster (Identity Management) on the First Node


 Screen Action
1. -- Start up the installer and complete the first few screens. See Section 6.26, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

In the Select Installation Type screen, select Identity Management.

2. Select Configuration Options Select Oracle Internet Directory.

Do not select OracleAS Single Sign-On.

Do not select OracleAS Delegated Administration Services.

Select OracleAS Directory Integration and Provisioning if you need this component.

Do not select OracleAS Certificate Authority (OCA).

Select High Availability and Replication.

Click Next.

3. Specify Port Configuration Options Select Manual and enter the fullpath to your staticports.ini file in the provided field. You need to use staticports.ini file for OracleAS Cluster (Identity Management) configurations. See Section 12.6.3.1, "Set up staticports.ini File".

Click Next.

4. Specify Repository When you install on the first node, you need to specify an OracleAS Metadata Repository that is not already registered with an Oracle Internet Directory. When you install on subsequent nodes, then the OracleAS Metadata Repository is registered with the Oracle Internet Directory on the first node.

Username: Enter the username to use to log in to the OracleAS Metadata Repository database. The user must have DBA privileges.

Password: Enter the user's password.

Hostname and Port: Enter the name of the computer where the database is running, and the port number at which it is listening. Use the format: host:port.

Service Name: Enter the service name of the database. Note that the service name must include the database domain name.

Example: asdb.mydomain.com

Click Next.

5. Select High Availability or Replication Option Select OracleAS Cluster (Identity Management), and click Next.
6. Specify Namespace in Internet Directory Select the suggested namespace, or enter a custom namespace for the location of the default Identity Management realm.

Ensure the value shown in Suggested Namespace meets your deployment needs. If not, enter the desired value in Custom Namespace. See Section 6.16, "What Do I Enter in the "Specify Namespace in Internet Directory" Screen?".

Click Next.

7. Specify Instance Name and ias_admin Password Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.7, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: oid_das_10_1_2

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.8, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

8. -- Finish the installation. See Section 6.27, "Install Fragment: The Last Few Screens of the Installation" for details.

12.6.4 Installing Oracle Internet Directory on Subsequent Nodes

Before performing the steps in this section, you must have installed Oracle Internet Directory on the first node as described in Section 12.6.3, "Installing Oracle Internet Directory on the First Node".

12.6.4.1 Staticports.ini File Not Needed

You do not need a staticports.ini file for this installation because the installer will configure this Oracle Internet Directory to use the same ports as the Oracle Internet Directory on the first node.

The Oracle Internet Directory on the first node must be up and running.

12.6.4.2 Select the Same Components for Each Installation

If you are setting up the second node as a failover to the first node, then you must select the same set of components in the Select Configuration Options screen for each installation. For example, if you select OracleAS Single Sign-On and Oracle Delegated Administration Services on the first node, you need to select them when installing on subsequent nodes.

12.6.4.3 Do Not Select the SSL Check box in the "Register with Oracle Internet Directory" Screen

Do not select the "Use only SSL connections with this Oracle Internet Directory" check box in the "Register with Oracle Internet Directory" screen.

12.6.4.4 Start the Installer

To install Oracle Internet Directory on subsequent nodes, follow these steps:

Table 12-7 Steps for Installing Oracle Internet Directory in a Distributed OracleAS Cluster (Identity Management) on Subsequent Nodes


 Screen Action
1. -- Start up the installer and complete the first few screens. See Section 6.26, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

In the Select Installation Type screen, select Identity Management.

2. Select Configuration Options Select Oracle Internet Directory.

Do not select OracleAS Single Sign-On.

Do not select OracleAS Delegated Administration Services.

Select OracleAS Directory Integration and Provisioning if you need this component.

Do not select OracleAS Certificate Authority (OCA).

Select High Availability and Replication.

Click Next.

3. Specify Port Configuration Options Select Automatic. The installer configures Oracle Internet Directory to use the same ports as the Oracle Internet Directory on the first node.

Click Next.

4. Specify Repository Enter the same connect information that you entered for the first Oracle Internet Directory.

Username: Enter the username to use to log in to the OracleAS Metadata Repository database. The user must have DBA privileges.

Password: Enter the user's password.

Hostname and Port: Enter the name of the computer where the database is running, and the port number at which it is listening. Use the format: host:port.

Service Name: Enter the service name of the database. Note that the service name must include the database domain name.

Example: asdb.mydomain.com

Click Next.

5. Warning This warning reminds you that you are installing this instance as part of an OracleAS Cluster (Identity Management), and that you need to synchronize the clocks on the nodes in the cluster. See Section 12.2.2, "Synchronize Clocks on All Nodes". Click OK.
6. Specify ODS Password Enter the password for the ODS schema in the OracleAS Metadata Repository. The ODS schema is the main schema used by Oracle Internet Directory.

By default, the ODS password is the same as the ias_admin password (the password that you entered in the Specify Instance Name and ias_admin Password screen).

Click Next.

7. Register with Oracle Internet Directory Enter connect information for the first Oracle Internet Directory.

Hostname: Enter the name of the computer where Oracle Internet Directory is running.

Port: Enter the port on which Oracle Internet Directory is listening. See Section 6.17, "How to Determine Port Numbers Used by Components" if you do not know the port number.

Use Only SSL Connections with this Oracle Internet Directory: Do not select this option.

Click Next.

8. Specify OID Login Username: Enter the username to log in to the first Oracle Internet Directory. You must log in as the Oracle Internet Directory superuser (cn=orcladmin).

Password: Enter the password for the username.

Realm: Enter the realm against which to validate the username. This field appears only if your Oracle Internet Directory has multiple realms.

Click Next.

9. Specify Instance Name and ias_admin Password Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.7, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: oid_das_10_1_2

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.8, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.


12.6.5 Installing OracleAS Single Sign-On and Oracle Delegated Administration Services on Each Node

You run the installer on each node separately to install these Identity Management components.

12.6.5.1 Set up staticports.ini File

If you want to use custom ports for components other than Oracle HTTP Server, you need to create a staticports.ini file for this installation.

If you want custom ports for Oracle HTTP Server, you specify them in the "Specify HTTP Load Balancer Host and Listen Ports" screen.

If you specify custom ports for Oracle HTTP Server also in the staticports.ini file, and you also specify ports in the screen mentioned above, the ports specified in the screen take precedence.

To avoid specifying Oracle HTTP Server ports in the staticports.ini file, the staticports.ini file must not contain these lines: 

Oracle HTTP Server port = port_num
Oracle HTTP Server Listen port = port_num
Oracle HTTP Server SSL port = port_num
Oracle HTTP Server Listen (SSL) port = port_num

If you have a staticports.ini file, you should also use the same file for installations on subsequent nodes.

12.6.5.2 Start the Installer

Key Points

  • In the Specify OracleAS Cluster screen, for the first node, select Create a New Cluster. For the second node, select Join an Existing Cluster to join the cluster that you created when installing on the first node.

  • In the Specify HTTP Load Balancer Host and Ports screen, enter the name of the HTTP virtual server of the load balancer, and the associated port. You also enter the port number for Oracle HTTP Server on this screen.

  • Also in the Specify HTTP Load Balancer Host and Ports screen, you need to specify the same HTTP virtual server name and port number for all nodes. However, you can specify different port numbers for Oracle HTTP Server on each node, as long as your load balancer is configured to communicate with the specified port on that node.

Table 12-8 Steps for Installing Oracle Delegated Administration Services and OracleAS Single Sign-On in a Distributed OracleAS Cluster (Identity Management) Configuration


 Screen Action
1. -- Start up the installer and complete the first few screens. See Section 6.26, "Install Fragment: The First Few Screens of the Installation" for details.

Notes:

In the Select Installation Type screen, select Identity Management.

2. Select Configuration Options Do not select Oracle Internet Directory.

Select OracleAS Single Sign-On.

Select OracleAS Delegated Administration Services.

Select OracleAS Directory Integration and Provisioning if you need this component.

Do not select OracleAS Certificate Authority (OCA).

Select High Availability and Replication.

Click Next.

3. Specify Port Configuration Options Select Manual and enter the fullpath to your staticports.ini file in the provided field. You need to use staticports.ini file for OracleAS Cluster (Identity Management) configurations. See Section 12.6.5.1, "Set up staticports.ini File".

Click Next.

4. Select High Availability Option Select OracleAS Cluster (Identity Management), and click Next.
5. Create or Join an OracleAS Cluster (Identity Management) For the first node, select Create a New OracleAS Cluster.

For subsequent nodes, select Join an Existing Cluster.

Click Next.

6. Specify New OracleAS Cluster Name

- or -

Specify Existing OracleAS Cluster Name

For the first node, enter a name for a new OracleAS Cluster (Identity Management).

Example: cluster1

For subsequent nodes, enter the name of the existing OracleAS Cluster (Identity Management). Note: Be very sure that the cluster name you enter is correct. The installer does not perform any checks on this name. If the name is incorrect, the installation will fail.

Click Next.

7. Specify LDAP Virtual Host and Ports The installer will use the values on this screen to connect to Oracle Internet Directory.

Hostname: Enter the LDAP virtual server name of the load balancer.

SSL Port: Enter the port configured on this load balancer to handle LDAP SSL connections.

Non-SSL Port: Enter the port configured on this load balancer to handle LDAP non-SSL connections.

Click Next.

8. Specify OID Login Username: Enter the username to log in to Oracle Internet Directory, accessed through the load balancer host and port specified in the previous screen.

Log in as the Oracle Internet Directory superuser (cn=orcladmin), or as a user who belongs to the necessary groups in Oracle Internet Directory. Which groups are necessary depends on which components you are installing. See Section 8.3, "Groups Required to Configure or Deinstall Components" for details.

Password: Enter the password for the username.

Realm: Enter the realm against which to validate the username. This field appears only if your Oracle Internet Directory has multiple realms.

Click Next.

9. Specify HTTP Load Balancer Host and Ports See Section 12.4, "About Configuring SSL and Non-SSL Ports for Oracle HTTP Server" for details.

HTTP Listener: Port: Enter the port number that you want Oracle HTTP Server to listen on. Enable SSL: Select this option if you want to configure Oracle HTTP Server for SSL on this port.

HTTP Load Balancer: Hostname: Enter the name of the HTTP virtual server configured on your load balancer.

HTTP Load Balancer: Port: Enter the port for the HTTP virtual server. Enable SSL: Select this option if this port is for SSL communications only.

Click Next.

10. Specify Instance Name and ias_admin Password Instance Name: Enter a name for this infrastructure instance. Instance names can contain alphanumeric characters and the _ (underscore) character. If you have more than one Oracle Application Server instance on a computer, the instance names must be unique. See Section 5.7, "Oracle Application Server Instances and Instance Names" for instance name details.

Example: das_sso_10_1_2

ias_admin Password and Confirm Password: Set the password for the ias_admin user. This is the administrative user for the instance. See Section 5.8, "The ias_admin User and Restrictions on its Password" for restrictions on the password.

Example: welcome99

Click Next.

11. -- Finish the installation. See Section 6.27, "Install Fragment: The Last Few Screens of the Installation" for details.

12.6.5.3 If the Cluster Configuration Assistant Failed

You can cluster the instance after installation. See Section 12.5.5, "If the Cluster Configuration Assistant Failed" for details.

12.7 Post-Installation Steps

After installing Identity Management components on all nodes, reconfigure your load balancer to direct requests to all nodes. Before you started the installation, you had configured the load balancer to direct requests to node 1 only. See Section 12.2.4, "Configure Your LDAP Virtual Server to Direct Requests to Node 1 Initially".

12.8 Installing Middle Tiers Against OracleAS Cluster (Identity Management) Configurations

Pre-Installation

Before starting the middle-tier installation, configure the LDAP load balancer that you are using for Oracle Internet Directory so that it points to only one Oracle Internet Directory node.

Installation

When installing middle tiers against OracleAS Cluster (Identity Management) configurations, follow the steps described in Chapter 7, "Installing Middle Tiers".

When the installer prompts for the Oracle Internet Directory host and port, enter the LDAP virtual host name configured on the load balancer and the associated port.

Post-Installation

After installing the middle tiers, you can reconfigure the LDAP load balancer to point to all the Oracle Internet Directory nodes.

  Previous
Previous 		Next
Next
  Go To Documentation Library
Home		 Go To Table Of Contents
Contents