11 Installing and Configuring Oracle Identity Manager Design Console

This section explains how to install the Oracle Identity Manager Design Console, which is a Java client. You have the option to install the Design Console on the same computer as your Oracle Identity Manager server or on a separate computer.

Requirements

Verify that your environment meets the following requirements for Design Console installation:

You must have an Oracle Identity Manager server installed and running.
If you are installing on a computer other than the host for the application server, you need to know the host name and port number of the computer hosting that application server.
The Design Console host must be able to ping the application server host using both IP and hostname.
For clustered Oracle Identity Manager server installations, you must know the host name and port number of the Web server.

Note:
If you cannot resolve the hostname of the application server, then try adding the hostname and IP address in the hosts file in the directory C:\winnt \system32\drivers\etc\.
The Design Console must be installed on the same machine as the WebSphere Client Application.
Make sure the WebSphere Application Client is configured with the appropriate server certificate. See "Setting Environment Variables" for more information.

Installing the Design Console

To install the Design Console on a Windows host,

Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Launch Windows Explorer, then navigate to the installServer directory on the installation CD.
Double-click the setup_client.exe file.
On the Welcome page, click Next.

On the Target directory screen, complete one of the following sub-steps:

Important:

All Oracle Identity Manager components must be installed in different home directories. If you are installing the Design Console on a machine that is hosting another Oracle Identity Manager component such as the Oracle Identity Manager server or the Remote Manager), specify an install directory that hasn't been used yet.

The default directory for the Design Console is C:\Oracle. To install the Design Console into this directory, click Next.

To install the Design Console into another directory, type the path in the Directory field, then click Next.

Click Browse, navigate to the desired location, then click Next.

Note:

If the directory path that you specified does not exist, the Base Directory settings text box appears: Click OK. Oracle Identity Manager creates this directory for the Oracle Identity Manager server. If you do not have write permission to create the default directory for the Oracle Identity Manager server, a popup appears informing you that the installer could not create the directory. Click OK to dismiss the popup, then contact your System Administrator to obtain the appropriate permissions.

On the Application Server page, select WebSphere, then click Next. The Application Client Location page appears.
Specify the JRE to use with the Design Console, choosing between the JRE bundled with Oracle Identity Manager, or point to an existing and compatible JRE on the system. Click Next.
On the Application Server configuration page, enter the information appropriate for the application server hosting your Oracle Identity Manager server:
1. Type the host name or IP address in the upper text box.
2. Type the naming port for the application server on which Oracle Identity Manager is deployed in the lower text box.
  
  Note:
  The host name is case-sensitive.
3. Click Next.
On the Graphical Workflow Rendering Information page, enter the Application server configuration information:
1. Enter the Oracle Identity Manager server host IP address. For a clustered environment, enter the IIS server IP address.
2. Enter the port number. For a clustered environment, enter the IIS server port number.
3. Select Yes or No to specify whether the Design Console should use SSL.
4. Click Next.
On the Shortcut page, select (or deselect) the check boxes for the shortcut options according to your preferences:
1. Choose to create a shortcut to the Design Console on the Start Menu.
2. Choose to create a shortcut to the Design Console on the desktop.
3. Click Next when you are satisfied with the check box settings.
On the Summary page, click Install to initiate Design Console installation.
The final installation page displays a reminder to copy certain application server-specific files to your Oracle Identity Manager server installation. Follow these instructions and then click OK.
Click Finish to complete the installation process.

Post-install Requirements for the Design Console

To run the Design Console, three jar files must be copied from the WebSphere application server installation to your Design Console installation. Two jar files can be copied directly. One of the jar files must be extracted from the Oracle Identity Manager ear file.

Copy the files sas.jar and naming.jar from the following directory:

<WEBSPHERE_HOME>\AppServer\lib

to the following directory:

<XL_DC_HOME>\xlclient\ext
Extract the xlDataObjectBeans.jar file from the Oracle Identity Manager ear file.
Copy xlDataObjectBeans.jar into the following directory:

<XL_DC_HOME>\xlclient\lib

Click OK to replace the old xlDataObjectBeans.jar file.

Extracting xlDataObjectBeans.jar

To obtain the EAR file, export it from the WebSphere server using the WebSphere administrative console. You must also extract the xlDataObjectBeans.jar file from the EAR file so you can copy the JAR file to the Oracle Identity Manager Design Console's lib directory.

To extract the xlDataObjectBeans.jar file:

Launch a browser, then connect to the WebSphere administrative console using the following URL:

http://localhost:9090/admin
Enter xelsysadm as the user name and password.
Click Applications, then select Enterprise Applications.
Select the Xellerate application check box.
Click Export.
Save the EAR file.
Extract the xlDataObjectBeans.jar file. (Make sure to extract xlDataObjectBeans.jar and NOT xlDataObjects.jar.)

Setting up the WebSphere AppClient for the WebSphere Server in a Non-Clustered Environment

The certificate for the application server must be installed in the trusted store for the WebSphere AppClient. This required step establishes a trust relationship between the WebSphere server and client. Use the keytool included with WebSphere to perform this task.

Note:

If you use the default WebSphere certificate, this task is not necessary, as the certificate is already present in the keystore of the client.

To enable trust between the server and client, complete the following steps:

Export the server certificate.

For example, to export the server certificate, use the commands:
```
cd <WEBSPHERE_HOME>\etc
<WEBSPHERE_HOME>\java\jre\bin\keytool.exe -export 
-alias server -keystore DummyServerKeyFile.jks 
-storepass WebAS -file servercert
```
where <WEBSPHERE_HOME> is the home directory for the WebSphere Application Server.
Copy the exported server certificate to the client host machine.
Import the server certificate into the trusted store for the client. For example, use the following commands, or similar commands to fit the specifics of your system:
```
cd <WS_CLIENT_HOME>\etc
<WS_CLIENT_HOME>\java\jre\bin\keytool.exe -import 
-alias servertrust -trustcacerts -keystore 
DummyClientTrustFile.jks -storepass WebAS -file 
servercert
```
where WS_CLIENT_HOME is the home directory for the WebSphere client.

Configuring the Design Console in a WebSphere Cluster

If you are running Oracle Identity Manager in a WebSphere cluster, you must configure the Design Console. During deployment you update the JNDI references for each of the Nodes. You must also update the JNDI references for the Design Console.

To specify the JNDI URL for the Design Console:

On the computer that hosts the Design Console, open in a text editor the xlconfig.xml file, located in the <XL_DC_HOME>/xlclient/config directory.
In the <Discovery> section, locate the java.naming.provider.url property.
Set this property to the JNDI URL. See "Updating the JNDI References" for instructions on how to obtain this value. For example, set the property to:
```
<java.naming.provider.url>corbaloc:iiop:XL_NODE1_HOST:
9812,:XL_NODE2_HOST:9813</java.naming.provider.url>
```
Save your changes.
Start or restart the Design Console.

Setting up the WebSphere Client to Communicate with the Node Manager in Clustered Environments

The certificate of the Node Manager must be installed in the trusted store of the WebSphere Client. This step is necessary to establish a trust relationship between the Node Manager server and WebSphere Application Client. Use the keytool included with WebSphere to perform this task.

To enable trust between the Node Manager and client:

Export the Node Manager certificate.

For example, to export the server certificate, execute the following commands with command-line arguments:
```
cd <NODE_MANAGER_HOME>\etc
<NODE_MANAGER_HOME>\java\jre\bin\keytool.exe -export 
-alias server –keystore DummyServerKeyFile.jks 
-storepass WebAS -file servercert
```
where <NODE_MANAGER_HOME> is the home directory for WebSphere Network Deployment Manager.
Copy the exported server certificate to the client host machine.
Import the Node Manager certificate into the client's trusted store.

For example, to import the Node Manager certificate into the trusted store of the client, use the commands:
```
cd <WS_CLIENT_HOME>\etc
<WS_CLIENT_HOME>\java\jre\bin\keytool.exe -import 
-alias servertrust -trustcacerts -keystore DummyClientTrustFile.jks 
-storepass WebAS -file 
servercert
```
where <WS_CLIENT_HOME> is the home directory for the WebSphere Client.

Starting the Design Console

Double-click <XL_DC_HOME>\xlclient\wsxlclient.cmd or select Design Console from the Windows Start menu or desktop.