10 Installing and Configuring the Oracle Identity Manager Design Console

This chapter explains how to install the Oracle Identity Manager Design Console, which is a Java client. You have the option to install the Design Console on the same computer as your Oracle Identity Manager server or on a separate computer.

This chapter discusses the following topics:

Requirements
Installing the Design Console
Post-Installation Requirements for the Design Console
Configuring SSL Communication With the Design Console (optional)
Starting the Design Console

Requirements

Verify that your environment meets the following requirements for Design Console installation:

You must have an Oracle Identity Manager server installed and running.
If you are installing on a computer other than the host for the application server, you need to know the host name and port number of the computer hosting that application server.
The Design Console host must be able to ping the application server host using both IP and hostname.
For clustered Oracle Identity Manager server installations, you must know the host name and port number of the Web server.

Note:

If you cannot resolve the hostname of the application server, then try adding the hostname and IP address in the hosts file in the directory C:\winnt \system32\drivers\etc\.

Installing the Design Console

The following procedure describes how to install the Design Console.

Important:

All Oracle Identity Manager components must be installed in different home directories. If you are installing the Design Console on a machine that is hosting another Oracle Identity Manager component, such as the Oracle Identity Manager server or the Remote Manager, you must specify a different install directory for the Design Console.

To install the Design Console on a Windows host:

Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Launch Windows Explorer, then navigate to the installServer directory on the installation CD.
Double-click the setup_client.exe file.
Choose a language from the list on the Installer screen. The Welcome page appears.
On the Welcome page, click Next.
On the Target directory screen, complete one of the following sub-steps:
1. The default directory for the Design Console is C:\oracle. To install the Design Console into this directory, click Next.
2. To install the Design Console into another directory, enter the path in the Directory field, then click Next.
  
  or
  
  Click Browse, navigate to the desired location, then click Next.
  
  Note:
  If the directory path that you does not exist, the Base Directory settings text box appears: Click OK. Oracle Identity Manager creates this directory for the Oracle Identity Manager server. If you do not have write permission to create the default directory for the Oracle Identity Manager server, a message appears informing you that the installer could not create the directory, Click OK to dismiss the message, then contact your System Administrator to obtain the appropriate permissions.
On the Application Server page, select JBoss, then click Next. The next screen prompts you to specify the JRE to use with Design Console.
Select either the JRE that is installed with Oracle Identity Manager or specify an existing JRE. Click Next. The Application Server configuration screen appears.
On the Application Server Host Information page, enter the information appropriate for the application server hosting your Oracle Identity Manager server:
1. Enter the host name or IP address in the upper field.
  
  Note:
  The host name is case-sensitive.
2. Enter the naming port for the application server on which Oracle Identity Manager is deployed in the lower field.
3. Click Next.
On the Graphical Workflow Rendering Information page, enter the Application server configuration information:
1. Enter the Oracle Identity Manager server host IP address.
2. Enter the port number.
3. Select Yes or No to specify whether the Design Console should use SSL.
4. Click Next.
On the Shortcut page, select (or deselect) the check boxes for the shortcut options according to your preferences:
1. Choose to create a shortcut to the Design Console on the Start Menu.
2. Choose to create a shortcut to the Design Console on the desktop.
3. Click Next when you are satisfied with the check box settings.
On the Summary page, click Install to initiate Design Console installation.
The final installation page displays a reminder to copy certain application server-specific files to your Oracle Identity Manager server installation. Follow these instructions and then click OK.
Click Finish to complete the installation process.

Removing the Design Console Installation

To remove the Design Console installation:

Stop the Oracle Identity Manager server and the Design Console if they are running.
Stop all Oracle Identity Manager processes.
Delete the <XL_DC_HOME> directory where you installed the Design Console.

Post-Installation Requirements for the Design Console

For both clustered and non-clustered installations, copy the <JBOSS_HOME>\client\jbossall-client.jar file from the machine hosting your Oracle Identity Manager server to the directory <XL_DC_HOME>\xlclient\ext on the machine where you are installing the Design Console instance.

To complete installation for clustered installations:

Change the <Discovery> settings in the <XL_DC_HOME>/xlclient/Config/xlconfig.xml file for all Design Console installations.

For example, you would change a string like the following:
```
<java.naming.provider.url>    jnp://localhost:1100  </java.naming.provider.url>
```
to the following string:
```
<java.naming.provider.url>    jnp://<IP of node1>:1100,<IP of node 2>:1100  </java.naming.provider.url>
```
Add the following tag to Discovery.CoreServer section of the <XL_DC_HOME>/xlclient/Config/xlconfig.xml file:
```
<jnp.partitionName>MyPartition</jnp.partitionName>
```
MyPartition represents the partition name you specified during Oracle Identity Manager on JBoss clusters.
To configure Workflow Visualization to access all available nodes in the cluster:
1. Open the <XL_DC_HOME>/xlclient/Config/xlconfig.xml and locate the following statement:
  
  <ApplicationURL>...</ApplicationURL>
2. Replace the application server URL with the IP address and port of the Web server, as follows:
```
<ApplicationURL>http://<webserverIP>/xlWebApp/LoginWorkflowRenderer.do
</ApplicationURL>
```

Configuring SSL Communication With the Design Console (optional)

After installing the Oracle Identity Manager Design Console, you may want to configure it to communicate to your Oracle Identity Manager Server over SSL. Use the following procedure to configure communication from your Design Console to the Oracle Identity Manager Server over SSL.

To configure communication from your Design Console to the Oracle Identity Manager Server over SSL:

Back up your jboss-<version#> folder.
Export the Oracle Identity Manager Server certificate using the following commands:
1. cd <XL_HOME>\config
2. %JAVA_HOME%\bin\keytool -export -file xlserver.cer -keystore .xlkeystore -storepass xellerate -alias xell
  
  A file named xlserver.cer is created in the config folder.
Open the <XL_HOME>\config\xljbossssl-service.xml file:
1. Find the following line:
  
  <attribute name="KeyStorePass"><XDtConfig:configParameter ValueparamName="KeyStorePass"/></attribute>
2. Change the line to the following:
  
  <attribute name="KeyStorePass">xellerate</attribute>
Change the installation profile using the following commands:
1. cd <XL_HOME>\profiles
2. Open the jboss.profile file and set the following properties:
  - configure.ssl.invoker=true
  - jboss.ssl.invocation=true
  - jboss.ssl.port=10443
  - jboss.ssl.clustered.port=10444
  - jboss.stateful.invoker=xl-stateful-rmi-invoker
  - jboss.stateless.invoker=xl-stateless-rmi-invoker
Run the setup command by using the following commands:
1. cd <XL_HOME>\setup
2. setup_jboss.cmd <database_password>
Edit the login-config.xml file by using the following commands:
1. cd <JBOSS_DIR>\server\default\conf
2. Open the login-config.xml file and find the XML tags toward the end in the file that look like the following:
```
<policy>.........       <application-policy name= "xellerate">               <authentication>               ....               ....              </authentication>       </application-policy></policy> 
```
3. You will see two application-policy entries. Remove the last entry.
  
  Note:
  Be sure to remove the lines starting with <application-policy name="xellerate"> and ending through </application-policy>. Do not remove the last line ending with </policy>.
Copy the <XL_HOME>\config\xlserver.cer file to <XL_DC_HOME>\java\lib\security on all Design Console systems that will communicate with the Oracle Identity Manager server.

Use the following command to copy the xlserver.cer file:

..\..\bin\keytool -import -file xlserver.cer -keystore cacerts -storepass changeit -trustcacerts -alias xell

When prompted, enter yes to trust the certificate.
Copy the <XL_HOME>\config\.xlkeystore file to the <JBOSS_HOME>\server\default\conf\ directory.
Copy the cacerts from the <XL_DC_HOME>\java\lib\security directory to the <JBOSS_HOME>\server\default\conf\ directory.

Open the <JBOSS_HOME>\server\default\deploy\jbossweb-tomcat50.sar\server.xml file:

Find the line that starts with:

Edit the lines in this entry so that it appears as follows:

<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->        <Connector port="8443" address="${jboss.bind.address}"              maxThreads="100" minSpareThreads="5" maxSpareThreads="15"              scheme="https" secure="true" clientAuth="false"              keystoreFile="${jboss.server.home.dir}/conf/.xlkeystore"              keystorePass="xellerate"              truststoreFile="${jboss.server.home.dir}/conf/cacerts"              truststorePass="changeit"             sslProtocol = "TLS" />

Uncomment the entry.
Save and close the updated server.xml file.

Starting the Design Console

Double-click <XL_DC_HOME>\xlclient\xlclient.cmd or select Design Console from the Windows Start menu or desktop.