| Oracle® Identity Manager Installation Guide for WebSphere Release 9.0.3.1 Part Number B32462-02 |
|
|
View PDF |
| Oracle® Identity Manager Installation Guide for WebSphere Release 9.0.3.1 Part Number B32462-02 |
|
|
View PDF |
This chapter explains how to install Oracle Identity Manager Remote Manager. It contains the following sections:
The following procedure describes how to install the Remote Manager on Windows.
Note:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a machine that is hosting another Oracle Identity Manager component (the server or the Design Console), specify an install directory that hasn't been used yet.To install the Remote Manager on a Windows host:
Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Launch Windows Explorer, then navigate to the installServer directory on the installation CD.
Double-click the setup_rm.exe file.
Choose a language from the list on the Installer screen. The Welcome page appears.
On the Welcome page, click Next.
On the Target directory page, complete one of the following sub-steps:
The default directory for Oracle Identity Manager products is C:\oracle. To install Remote Manager into this directory, click Next.
To install Remote Manager into another directory, enter the path in the Directory name field, and click Next.
or
Navigate to the desired location, then click Next.
Note:
If the directory path that you specified does not exist, the Base Directory settings text box appears: Click OK. Oracle Identity Manager creates this directory for the Oracle Identity Manager server. If you do not have write permission to create the default directory for the Oracle Identity Manager server, a dialog appears informing you that the installer could not create the directory. Click OK to dismiss the dialog, then contact your System Administrator to obtain the appropriate permissions.Select either the JRE that is installed with Oracle Identity Manager or specify an existing JRE.
Click Next. The Remote Manager Configuration screen appears.
On the Remote Manager Configuration page, enter the appropriate information for the Remote Manager:
Enter the Service Name.
Enter the Remote Manager binding port.
Enter the Remote Manager SSL port.
Click Next.
On the Shortcut page, select (or deselect) the check boxes for the shortcut options according to your preferences:
Choose to create a shortcut for the Remote Manager on the desktop.
Choose to create a shortcut for the Remote Manager on the Start Menu.
Click Next when you are satisfied with the check box settings.
On the Summary page, review the configuration details, and then click Install to initiate installation.
Click Finish to complete the installation.
Note:
You must configure the Remote Manager before you can start it. See Configuring the Remote Manager for more information.To install the Remote Manager on UNIX or Linux:
Before installing the Remote Manager you must set the JAVA_Home variable to the appropriate JDK.
On Solaris or Linux, set JAVA_HOME to the Sun JDK. On AIX, set JAVA_HOME to the WebSphere JDK. For example, use the following commands on AIX:
export JAVA_HOME=$<WEBSPHERE_HOME>/java
Add $JAVA_HOME/bin to the $PATH environment variable using the following command: export PATH=$JAVA_HOME/bin:$PATH
Note:
Refer to the Oracle Identity Manager Release Notes to learn about the certified JDK versions.Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Note:
If the autostart routine is enabled for your machine, proceed to Step 5.From the File Manager, access the root CD directory (or the installServer directory, if you are installing from a tar file).
Run the install_rm.sh file.
The command-line installer starts.
Choose a language from the list by entering a number and then entering 0 to apply the language.
The Welcome panel appears.
On the Welcome panel, enter 1 to move to the next panel.
The Target directory panel appears.
On the Target directory panel, enter the path to the directory where you want to install the Oracle Identity manager Remote Manager.
The default directory is /opt/oracle.
Enter 1 to move to the next panel.
If the directory does not exist, you are asked to create it. Enter y for yes.
Important:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Remote Manager on a machine that is hosting an Oracle Identity Manager server, you must specify a unique install directory.Specify the JRE to use with Remote Manager:
Enter 1 to install the JRE bundled with Oracle Identity Manager.
Enter 2 to use an existing JRE at a specified location.
Enter 0 to accept your selections
Enter 1 to move to the next panel.
The Remote Manager Configuration panel appears.
On the Remote Manager Configuration panel, enter the Remote Manager configuration information.
Enter the Service Name, or press the Enter key to accept the default.
Enter the Remote Manager binding port, or press the Enter key to accept the default.
Enter the Remote Manager SSL port, or press the Enter key to accept the default.
Enter 1 to move to the next panel.
The Remote Manager installation summary panel appears.
Check the information.
Enter 2 to go back and make changes.
Enter 1 to start the installation.
Oracle Identity Manager installs and the Post Install Summary panel appears.
Enter 3 to finish the Remote Manager installation.
Note:
You must configure the Remote Manager before you can start it. See "Configuring the Remote Manager" for more information.The Remote Manager and Oracle Identity Manager server communicate using SSL. If you are using Remote Manager, you must enable a trust relationship between your Oracle Identity Manager server and the Remote Manager. (The server must trust the Remote Manager certificate).
Optionally, you can enable client-side authentication (where the Remote Manager checks the server's certificate). Import the Remote Manager's certificate into your Oracle Identity Manager server's keystore and make it trusted. For client-side authentication, import the certificate for your Oracle Identity Manager server into the keystore for your Remote Manager, then make that certificate trusted. You must also manually edit the configuration file associated with the server, and depending on the options you selected during Remote Manger installation, the Remote Manager configuration file as well.
To configure the Remote Manager:
Copy the Remote Manager certificate to the server computer.
On the Remote Manager computer, locate the file <XL_RM_HOME>\xlremote\config \xlserver.cert and copy it to the server computer.
Note:
The server certificate located in <XL_HOME>\config is also named xlserver.cert, so make sure you do not overwrite that certificate.Open a command prompt on the server computer.
To import the certificate using the keytool, use the following command:
<JAVA_HOME>\jre\bin\keytool -import -alias rm_trusted_cert -file <RM_cert_location>\xlserver.cert -trustcacerts -keystore <XL_HOME>\xellerate\config\.xlkeystore -storepass xellerate
<JAVA_HOME> is the location of the Java directory for your application server, the value of alias is an arbitrary name for the certificate in the store, and <RM_cert_location> is the location where you copied the certificate.
Note:
If you changed the keystore password, substitute that value instead of xellerate for the value of the storepass variable.Enter Y at the prompt to trust the certificate.
Launch a plain-text editor, then open the <XL_HOME>\xellerate\config\xlconfig.xml file.
Locate the property <RMIOverSSL> and set it to true.
For example:
<RMIOverSSL>true</RMIOverSSL>
Locate the <KeyManagerFactory> property.
If you are using the IBM JRE, set the value to IBMX509. For all other JREs, set the value to SUNX509. For example:
<KeyManagerFactory>IBMX509</KeyManagerFactory>
or
<KeyManagerFactory>SUNX509</KeyManagerFactory>
Save the file.
Restart your application server.
Complete the following steps if you want to use your own certificate:
On the Remote Manager System:
Import your custom key in a new keystore (new_keystore_name) other than .xlkeystore.
Be sure to remember the password (new_keystore_pwd) you used for the new keystore.
Copy this new keystore to the <XL_RM_HOME>\xlremote\config\ directory.
Open <XL_RM_HOME>\xlremote\config\xlconfig.xml using a text editor.
Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:
If you are using the IBM JRE, change the values to:
<KeyStore>
<Location>new_keystore_name</Location>
<Password encrypted="false">new_keystore_pwd</Password>
<Type>JKS</Type>
<Provider>com.ibm.crypto.provider.IBMJCE</Provider>
</KeyStore>
For all other JREs, change the values to:
<KeyStore>
<Location>new_keystore_name</Location>
<Password encrypted="false">new_keystore_pwd</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
Restart the Remote Manager Server and open xlconfig.xml to make sure the password for the new keystore was encrypted.
On the Oracle Identity Manager Server System:
Import the same certificate key used in the Remote Manager system to a new keystore (new_svrkeystore_name) other than .xlkeystore.
Be sure to remember the password (new_svrkeystor_pwd) you used for the new keystore.
Copy this new keystore to the <XL_HOME>\xellerate\config directory.
Open <XL_HOME>\xellerate\config\xlconfig.xml using a text editor.
Locate the <RMSecurity> tag and change the value in the <Location> and <Password> tags as follows:
If you are using the IBM JRE, change the values to:
<KeyStore>
<Location>new_keystore_name</Location>
<Password encrypted="false">new_keystore_pwd</Password>
<Type>JKS</Type>
<Provider>com.ibm.crypto.provider.IBMJCE</Provider>
</KeyStore>
For all other JREs, change the values to:
<KeyStore>
<Location>new_keystore_name</Location>
<Password encrypted="false">new_keystore_pwd</Password>
<Type>JKS</Type>
<Provider>sun.security.provider.Sun</Provider>
</KeyStore>
Restart the Oracle Identity Manager Server and open xlconfig.xml to make sure the password for the new keystore was encrypted.
To enable client-side authentication:
On the machine hosting the Remote Manager, launch a plain-text editor and open the <XL_RM_HOME>\xlremote\config\xlconfig.xml file.
Locate the <ClientAuth> property and set it to true, for example:
<ClientAuth>true</ClientAuth>
Locate the <RMIOverSSL> property and verify it is set to true, for example:
<RMIOverSSL>true</RMIOverSSL>
Locate the <KeyManagerFactory> property.
If you are using the IBM JRE, set the value to IBMX509. For all other JREs, set the value to SUNX509. For example:
<KeyManagerFactory>IBMX509</KeyManagerFactory>
or
<KeyManagerFactory>SUNX509</KeyManagerFactory>
Save the <XL_RM_HOME>\xlremote\config\xlconfig.xml file.
Copy the server certificate to the Remote Manager computer.
On the server computer, locate the file <XL_HOME>\xellerate\config\xlserver.cert and copy it to the Remote Manager computer.
Note:
The Remote Manager certificate is also named xlserver.cert, so make sure you do not overwrite that certificate.Open a command prompt on the Remote Manager computer.
Import the certificate using the keytool, use the command:
<JAVA_HOME>\jre\bin\keytool -import -alias trusted_server_cert -file <server_cert_location>\xlserver.cert -trustcacerts -keystore <XL_RM_HOME>\xlremote\config\.xlkeystore -storepass xellerate
<JAVA_HOME> is the location of the Java directory for your Remote Manager, the value of alias is an arbitrary name for the certificate in the store, <XL_RM_HOME> is the home directory for the Remote Manager, and <server_cert_location> is the location to which you copied the server certificate.
Note:
If you changed the keystore password, substitute that value for xellerate, which is the default value of the storepass variable.Enter Y at the prompt to trust the certificate.
Restart the Remote Manager.
To start Remote Manager on Windows, execute the following script:
<XL_RM_HOME>\xlremote\remotemanager.bat
To start Remote Manager on UNIX or Linux, execute the following script:
<XL_RM_HOME>/xlremote/remotemanager.sh
