10 Installing and Configuring the Oracle Identity Manager Design Console

This chapter explains how to install the Oracle Identity Manager Design Console Java client. You have the option to install the Design Console on the same computer as your Oracle Identity Manager server or on a separate computer.

This chapter includes the following topics:

• Requirements

• Installing the Design Console

• Post-install Requirements for the Design Console

• Starting the Design Console

Requirements

Verify that your environment meets the following requirements for Design Console installation:

• You must have an Oracle Identity Manager server installed and running.

• If you are installing on a computer other than the host for the application server, you need to know the host name and port number of the computer hosting that application server.

• The Design Console host must be able to ping the application server host using both IP and hostname.

• For clustered Oracle Identity Manager server installations, you must know the host name and port number of the Web server.

  Note:

  If you cannot resolve the hostname of the application server, then try adding the hostname and IP address in the hosts file in the directory C:\winnt \system32\drivers\etc\.

• The Design Console must be installed on the same machine as the WebSphere Client Application.

• Make sure the WebSphere Application Client is configured with the appropriate server certificate.

  See "Setting Environment Variables" for more information.

• Ensure the complete JRE is installed for WebSphere Application Client—just as it is for the Application Server JRE installation.

Installing the Design Console

The following procedure describes how to install the Design Console.

Important:

All Oracle Identity Manager components must be installed in different home directories. If you are installing the Design Console on a machine that is hosting another Oracle Identity Manager component, such as the Oracle Identity Manager server or the Remote Manager, you must specify a different install directory for the Design Console.

To install the Design Console on a Windows host:

1. Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.

2. Launch Windows Explorer, then navigate to the installServer directory on the installation CD.

3. Double-click the setup_client.exe file.

4. Choose a language from the list on the Installer screen.

   The Welcome page appears.

5. On the Welcome page, click Next.

6. On the Target directory screen, complete one of the following sub-steps:

   1. The default directory for the Design Console is C:\oracle. To install the Design Console into this directory, click Next.

   2. To install the Design Console into another directory, enter the path in the Directory field, then click Next.

      or

      Click Browse, navigate to the desired location, then click Next.

      Note:

      If the directory path that you specified does not exist, the Base Directory settings text box appears: Click OK. Oracle Identity Manager creates this directory for the Oracle Identity Manager server. If you do not have write permission to create the default directory for the Oracle Identity Manager server, a dialog appears informing you that the installer could not create the directory. Click OK to dismiss the dialog, then contact your System Administrator to obtain the appropriate permissions.

7. On the Application Server page, select WebSphere, then click Next.

   The Application Client Location page appears.

8. Specify the JRE to use with the Design Console, choosing between the JRE bundled with Oracle Identity Manager, or point to an existing and compatible JRE on the system.

   Click Next.

9. On the Application Server configuration page, enter the information appropriate for the application server hosting your Oracle Identity Manager server:

   1. Enter the host name or IP address in the upper text box.

   2. Enter the naming port for the application server on which Oracle Identity Manager is deployed in the lower text box.

      Note:

      The host name is case-sensitive.

   3. Click Next.

10. On the Graphical Workflow Rendering Information page, enter the Application server configuration information:

    1. Enter the Oracle Identity Manager server host IP address. For a clustered environment, enter the IIS server IP address.

    2. Enter the port number. For a clustered environment, enter the IIS server port number.

    3. Select Yes or No to specify whether the Design Console should use SSL.

    4. Click Next.

11. On the Shortcut page, select (or deselect) the check boxes for the shortcut options according to your preferences:

    1. Choose to create a shortcut to the Design Console on the Start Menu.

    2. Choose to create a shortcut to the Design Console on the desktop.

    3. Click Next when you are satisfied with the check box settings.

12. On the Summary page, click Install to initiate Design Console installation.

13. The final installation page displays a reminder to copy certain application server-specific files to your Oracle Identity Manager server installation.

    Follow these instructions and then click OK.

14. Click Finish to complete the installation process.

Removing the Design Console Installation

To remove the Design Console installation, perform the following steps:

1. Stop the Oracle Identity Manager server and the Design Console if they are running.

2. Stop all Oracle Identity Manager processes.

3. Delete the <XL_DC_HOME> directory where you installed the Design Console.

Post-install Requirements for the Design Console

To run the Design Console, three jar files must be copied from the WebSphere application server installation to your Design Console installation. Two jar files can be copied directly. One of the jar files must be extracted from the Oracle Identity Manager ear file.

To set up the jar files:

1. Copy the files sas.jar and naming.jar from the following directory:

   <WEBSPHERE_HOME>\lib

   to the following directory:

   <XL_DC_HOME>\xlclient\ext

2. Extract the xlDataObjectBeans.jar file from the Oracle Identity Manager ear file.

3. Copy xlDataObjectBeans.jar into the following directory:

   <XL_DC_HOME>\xlclient\lib

   Click OK to replace the old xlDataObjectBeans.jar file.

Extracting xlDataObjectBeans.jar

To obtain the EAR file, export it from the WebSphere server using the WebSphere administrative console. You must also extract the xlDataObjectBeans.jar file from the EAR file so you can copy the JAR file to the Oracle Identity Manager Design Console's lib directory.

To extract the xlDataObjectBeans.jar file:

1. Launch a browser, then connect to the WebSphere administrative console using the following URL:

   http://localhost:9090/admin

2. Log in using Oracle Identity Manager Administrator name and password you specified during installation.

3. Click Applications, then select Enterprise Applications.

4. Select the Xellerate application check box.

5. Click Export.

6. Save the EAR file.

7. Extract the xlDataObjectBeans.jar file. (Make sure to extract xlDataObjectBeans.jar and NOT xlDataObjects.jar.)

Configuring the WebSphere Application Client in a Non-Clustered Environment

The certificate for the application server must be installed in the trusted store for the WebSphere AppClient. This required step establishes a trust relationship between the WebSphere server and client. Use the keytool included with WebSphere to perform this task.

Note:

If you use the default WebSphere certificate, this task is not necessary, as the certificate is already present in the keystore of the client.

To enable trust between the server and client:

1. Move to the <WEBSPHERE_HOME>\etc directory using the following command:

   cd <WEBSPHERE_HOME>\etc
   
   

2. Export the server certificate using the following commands:

   <WEBSPHERE_HOME>\java\jre\bin\keytool.exe -export 
   -alias server -keystore DummyServerKeyFile.jks 
   -storepass WebAS -file servercert
   
   

3. Copy the exported server certificate to the <WEBSPHERE_CLIENT_HOME>/etc directory on the client host computer. <WEBSPHERE_CLIENT_HOME> is the home directory of the WebSphere client. Typically, the home directory is <WEBSPHERE_INSTALL_DIR>/AppClient.

4. Import the server certificate into the trusted store for the client using the following commands, or similar commands to fit the specifics of your system:

   1. Move to the <WEBSPHERE_CLIENT_HOME>/etc directory using the following command:

      cd <WEBSPHERE_CLIENT_HOME>/etc
      
      

   2. Import the server certificate using the following:

      <WEBSPHERE_CLIENT_HOME>\java\jre\bin\keytool.exe -import -alias servertrust -trustcacerts -keystore DummyClientTrustFile.jks -storepass WebAS -file servercert
      
      

      Note:

      If the <WEBSPHERE_CLIENT_HOME> does not contain the complete java directory (when compared with the java directory inside the Webpshere Application Server installation directory), then copy the java directory from the Webpshere Application Server installation.

Configuring the Design Console in a WebSphere Cluster

If you are running Oracle Identity Manager in a WebSphere cluster, you must configure the Design Console. During deployment you update the JNDI references for each of the Nodes. You must also update the JNDI references for the Design Console.

To specify the JNDI URL for the Design Console:

1. On the computer that hosts the Design Console, open the <XL_DC_HOME>/xlclient/Config/xlconfig.xml file.

2. In the <Discovery> section, locate the java.naming.provider.url property.

3. Set this property to the JNDI URL.

   See "Updating the JNDI References" for instructions on how to obtain this value. For example, you could set the property to the following:

   <java.naming.provider.url>corbaloc:iiop:XL_NODE1_HOST:
   9812,:XL_NODE2_HOST:9813</java.naming.provider.url>
   
   

4. Save your changes.

5. Start or restart the Design Console.

Configuring WebSphere Client Communication with the Node Manager in Clusters

The certificate of the Node Manager must be installed in the trusted store of the WebSphere Client. This step is necessary to establish a trust relationship between the Node Manager server and WebSphere Application Client. Use the keytool included with WebSphere to perform this task.

To enable trust between the Node Manager and client:

1. Export the Node Manager certificate using the following commands. <NODE_MANAGER_HOME> is the home directory for WebSphere Network Deployment Manager.

   1. Move to the <NODE_MANAGER_HOME>\etc directory using the following:

      cd <NODE_MANAGER_HOME>\etc
      
      

   2. Export the server certificate using the following commands and command-line arguments:

      <NODE_MANAGER_HOME>\java\jre\bin\keytool.exe -export 
      -alias server –keystore DummyServerKeyFile.jks 
      -storepass WebAS -file servercert
      
      

2. Copy the exported server certificate to the client host machine.

3. Import the Node Manager certificate into the client's trusted store using the following commands. <WEBSPHERE_CLIENT_HOME> is the home directory for the WebSphere Client, typically this is \WebSphere\AppClient\.

   1. Move to the <WEBSPHERE_CLIENT_HOME>\etc directory using the following command:

      cd <WEBSPHERE_CLIENT_HOME>\etc
      
      

   2. Import the Node Manager certificate into the client's trusted store

      <WEBSPHERE_CLIENT_HOME>\java\jre\bin\keytool.exe -import 
      -alias servertrust -trustcacerts -keystore DummyClientTrustFile.jks 
      -storepass WebAS -file 
      servercert
      
      

Starting the Design Console

Double-click <XL_DC_HOME>\xlclient\wsxlclient.cmd or select Design Console from the Windows Start menu or desktop.