| Oracle® Identity Manager Installation and Upgrade Guide for JBoss Release 9.0 B25938-01 |
|
 Previous |
 Next |
| Oracle® Identity Manager Installation and Upgrade Guide for JBoss Release 9.0 B25938-01 |
|
Previous |
Next |
After you have installed Oracle Identity Manager, you must complete some post-installation tasks before you can use the application. Some of these tasks are common to all types of Oracle Identity Manager component installations; others are application server-specific tasks. This chapter describes:
"General Post-installation Tasks" for all Oracle Identity Manager installations
For any Oracle Identity Manager installation, you must change the keystore passwords from their defaults. If you are using a Remote Manager, you must enable a trust relationship between the Remote Manager and the Oracle Identity Manager server. Several of these tasks are optional and not required for system operation.
Oracle Identity Manager has two keystores: one for the Oracle Identity Manager server and one for the database. During installation, the passwords for both are set to xellerate. You can use the keytool to change the keystore password for either keystore. Oracle recommends changing the keystore passwords for all production installations.
To change the keystore password:
Open a command prompt on the Oracle Identity Manager host computer.
Navigate to the <XL_HOME>\xellerate\config directory.
Run the keytool with the following options:
<JAVA_HOME>\jre\bin\keytool -storepasswd -new <new_password> -storepass xellerate -keystore .xlkeystore -storetype JKS
Where <JAVA_HOME> is the location of the Java directory associated with your application server, <new_password> is the new password for the keystore, the keystore option is the keystore whose password you are changing the (.xlkeystore for the Oracle Identity Manager server, or .xldatabasekey for the database), and and the storetype option is JKS for .xlkeystore and JCEKS for .xldatabasekey.
Launch a plain-text editor, then open the file xlconfig.xml, which is located in the directory <XL_HOME>\xellerate\config.
Edit the <xl-configuration>.<Security>.<XLPKIProvider>.<KeyStore> section to specify the keystore password.
|
Note: Change the <XLSymmetricProvider>.<KeyStore> section of the configuration file to update the password for the database keystore (.xldatabasekey). |
Change the password tag to encrypted="false".
Enter the password (in the clear). For example, change the following block:
<Security> <XLPKIProvider> <KeyStore> <Location>.xlkeystore</Location> <Password encrypted="true">xYr5V2FfkRYHxKXHeT9dDg==</Password> <Type>JKS</Type> <Provider>sun.security.provider.Sun</Provider> </KeyStore>
to the following:
<Security> <XLPKIProvider> <KeyStore> <Location>.xlkeystore</Location> <Password encrypted="false">newpassword</Password> <Type>JKS</Type> <Provider>sun.security.provider.Sun</Provider> </KeyStore>
Restart your application server.
When you stop and start the application server, a backup of the configuration file is created. The configuration file (with the new password) is read in, and the password is encrypted in the file.
If all of the preceding steps have succeeded, you can delete the backup file.
Oracle Identity Manager uses log4j for logging. For JBoss-based installations, logging is configured in the log4j.xml file.
By default, Oracle Identity Manager is configured to output at the Warning level. You can change the log level universally for all components or for an individual component. For normal operation of Oracle Identity Manager, this post-installation configuration step is not required.
The components are listed in the <XL_HOME>\xellerate\config\log.properties file in the XELLERATE section. They are:
log4j.logger.XELLERATE=WARN log4j.logger.XELLERATE.DDM=DEBUG log4j.logger.XELLERATE.ACCOUNTMANAGEMENT=DEBUG log4j.logger.XELLERATE.SERVER=DEBUG log4j.logger.XELLERATE.RESOURCEMANAGEMENT=DEBUG log4j.logger.XELLERATE.REQUESTS=DEBUG log4j.logger.XELLERATE.WORKFLOW=DEBUG log4j.logger.XELLERATE.WEBAPP=DEBUG log4j.logger.XELLERATE.SCHEDULER=DEBUG log4j.logger.XELLERATE.SCHEDULER.Task=DEBUG log4j.logger.XELLERATE.ADAPTERS=DEBUG log4j.logger.XELLERATE.JAVACLIENT=DEBUG log4j.logger.XELLERATE.POLICIES=DEBUG log4j.logger.XELLERATE.RULES=DEBUG log4j.logger.XELLERATE.DATABASE=DEBUG log4j.logger.XELLERATE.APIS=DEBUG log4j.logger.XELLERATE.OBJECTMANAGEMENT=DEBUG log4j.logger.XELLERATE.JMS=DEBUG log4j.logger.XELLERATE.REMOTEMANAGER=DEBUG log4j.logger.XELLERATE.CACHEMANAGEMENT=DEBUG log4j.logger.XELLERATE.ATTESTATION=DEBUG log4j.logger.XELLERATE.AUDITOR=DEBUG
The log4j.xml file is used for all logging with JBoss; therefore, Oracle Identity Manager components use an Xellerate tag. The log4j.xml file contains a general setting for Xellerate:
<category name="XELLERATE"> <priority value="WARN" /> </category>
You can change the log level for all components by editing the priority value of the general setting, or for a specific component by adding a new logging category element.
The available categories are listed in the log.properties file in the XELLERATE section. See Oracle Identity Manager Component Logging for more information.
For example, to change the level for the Oracle Identity Manager server, add the following element to the log4j.xml file:
<category name="XELLERATE.SERVER"> <priority value="WARN" /> <appender-ref ref="FILE"/> </category>
To set Oracle Identity Manager log levels in JBoss:
Open the file <JBOSS_HOME>\server\default\conf\log4j.xml in a text editor.
Insert an element for the desired component.
Set the priority value to the appropriate level for the desired components. The following is a list of the supported log levels, appearing in descending order of information logged (DEBUG logs the most information and FATAL logs the least information):
DEBUG
INFO
WARN
ERROR
FATAL
Save your changes.
If you are using JBoss for your application server, you must configure Oracle Identity Manager specifically for JBoss.
When two or more non-clustered JBoss installations connected to a load balancer point to a single database, you must configure the individual JBoss instances to use different JMS tables. To accomplish this, complete the following steps for the second and all other JBoss instances using the same Oracle Identity Manager database:
Launch a plain-text editor, navigate to the directory <JBoss_Home>/server/<config>/deploy/jms, then open the file <database_name>-jdbc2-service.xml, where <JBoss_Home> is the root installation directory for a given JBoss instance, and <database_name> refers to the common database used by multiple JBoss instances.
In all the queries and statements in the sqlProperties section of the file you just opened, change to new, unique, and valid values the names of the tables represented by JMS_NAMES and JMS_TRANSACTIONS.
Add the following statements to the end of the file:
DELETE_TEMPORARY_MESSAGES = DELETE FROM TABLE
WHERE TXOP='T'
CREATE_IDX_MESSAGE_TXOP_TXID = CREATE INDEX
TABLE_TXOP_TXID ON TABLE (TXOP, TXID)
CREATE_IDX_MESSAGE_DESTINATION = CREATE INDEX
TABLE_DESTINATION ON TABLE(DESTINATION)
Save and close the file.
Repeat the preceding steps for all remaining JBoss instances that point to the same database.
Use the following steps to enable SSO for Oracle Identity Manager:
Stop the application server gracefully.
Launch a plain-text editor and open the <XL_HOME>\xellerate\config\xlconfig.xml file.
Locate the following SSO configuration (these are the default settings without SSO):
<web-client> <Authentication>Default</Authentication> <AuthHeader>REMOTE_USER</AuthHeader> </web-client>
Edit the SSO configuration to be the following:
<web-client> <Authentication>SSO</Authentication> <AuthHeader><SSO_HEADER_NAME></AuthHeader> </web-client>
Replace <SSO_HEADER_NAME> with the appropriate header configured in your SSO system.
Change your application server and web server configuration to enable SSO. Refer to your application and web server vendor documentation for detailed instructions.
Restart the application server.
|
Note: Header names comprised only of alphabetic characters are certified. Oracle recommends not using special characters or numeric characters in header names. |
