| Oracle® Identity Manager Installation and Configuration Guide for JBoss Application Server Release 9.1.0 Part Number E10369-04 |
|
|
View PDF |
| Oracle® Identity Manager Installation and Configuration Guide for JBoss Application Server Release 9.1.0 Part Number E10369-04 |
|
|
View PDF |
This chapter explains how to install the Oracle Identity Manager Design Console, which is a Java client. You have the option to install the Design Console on the same computer as your Oracle Identity Manager installation or on a separate computer.
This chapter discusses the following topics:
Verify that your environment meets the following requirements for Design Console installation:
You must have a running installation of Oracle Identity Manager.
If you are installing the Design Console on a computer other than the host for the application server, you must know the host name and port number of the computer hosting that application server.
The Design Console host must be able to ping the application server host by using both the IP address and the host name.
For clustered Oracle Identity Manager installations, you must know the host name and port number of the Web server.
Note:
If you cannot resolve the host name of the application server, then try adding the host name and IP address in the hosts file in the C:\winnt\system32\drivers\etc\ directory.Note:
All Oracle Identity Manager components must be installed in different home directories. If you are installing the Design Console on a computer that is hosting another Oracle Identity Manager component, such as Oracle Identity Manager or the Remote Manager, then you must specify a different installation directory for the Design Console.To install the Design Console on a Microsoft Windows host:
Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.
Using Microsoft Windows Explorer, navigate to the installServer directory on the installation CD.
Double-click the setup_client.exe file.
Choose a language from the list on the Installer page. The Welcome page is displayed.
On the Welcome page, click Next.
On the Target directory page, complete one of the following sub-steps:
The default directory for the Design Console is C:\oracle. To install the Design Console in this directory, click Next.
To install the Design Console in another directory, specify the path of the directory in the Directory field, and then click Next.
Note:
If the directory path that you select does not exist, then the Base Directory settings field is displayed. Click OK. This directory is automatically created. If you do not have write permission to create the default directory, then a message is displayed informing you that the installer could not create the directory. Click OK to close the message and then contact your system administrator to obtain the appropriate permissions.On the Application Server page, select JBoss, then click Next. The next page prompts you to specify the JRE to use with Design Console.
Select the JRE that is installed with Oracle Identity Manager or specify an existing JRE. Then, click Next. The Application Server configuration page is displayed.
On the Application Server Host Information page, enter the information appropriate for the application server hosting your Oracle Identity Manager installation:
In the first field, enter the host name or IP address.
Note:
The host name is case-sensitive.In the second field, enter the naming port for the application server on which Oracle Identity Manager is deployed.
Click Next.
On the Graphical Workflow Rendering Information page, enter the application server configuration information:
Enter the Oracle Identity Manager server IP address.
Enter the port number.
Select Yes or No to specify whether or not the Design Console must use Secure Sockets Layer (SSL).
Click Next.
On the Shortcut page, select (or deselect) the check boxes for the shortcut options according to your preferences:
Choose to create a shortcut to the Design Console on the Start Menu.
Choose to create a shortcut to the Design Console on the desktop.
Click Next when you are satisfied with the check box settings.
On the Summary page, click Install to begin the Design Console installation.
The final installation page displays a reminder to copy certain application server-specific files to your Oracle Identity Manager installation. Follow these instructions and then click OK.
Click Finish to complete the installation process.
For both clustered and non-clustered installations, copy the JBOSS_HOME\client\jbossall-client.jar file from the computer hosting Oracle Identity Manager to the OIM_DC_HOME\xlclient\ext directory on the computer on which you are installing the Design Console instance.
To complete installation for clustered installations:
Change the <Discovery> settings in the OIM_DC_HOME\xlclient\Config\xlconfig.xml file for all Design Console installations.
For example, you would change a string like the following:
<java.naming.provider.url> jnp://localhost:1100 </java.naming.provider.url>
to the following string:
<java.naming.provider.url> jnp://IP_of_node1:1100,IP_of_node2:1100 </java.naming.provider.url>
Add the following tag to Discovery.CoreServer section of the OIM_DC_HOME\xlclient\Config\xlconfig.xml file:
<jnp.partitionName>MyPartition</jnp.partitionName>
MyPartition represents the partition name you specified during Oracle Identity Manager on JBoss Application Server clusters.
Note:
JBoss Application Server clustered environments are not supported in Oracle Identity Manager release 9.1.0. See "Certified Components" in Oracle Identity Manager Release Notes for information about certified components.To configure Workflow Visualization to access all available nodes in the cluster:
Open the OIM_DC_HOME\xlclient\Config\xlconfig.xml and locate the following statement:
<ApplicationURL>...</ApplicationURL>
Replace the application server URL with the IP address and port of the Web server, as follows:
<ApplicationURL>http://webserverIP/xlWebApp/LoginWorkflowRenderer.do
</ApplicationURL>
In the configuration XML file, change the multicast address to match that of Oracle Identity Manager:
Open the following file:
OIM_HOME\xellerate\config\xlconfig.xml
Search for the <MultiCastAddress> element, and copy the value assigned to this element.
Open the following file:
OIM_DC_HOME\xlclient\Config\xlconfig.xml
Search for the <Cache> element, and replace the value of the <MultiCastAddress> element inside this element with the value that you copy in Step b.
To start the Design Console, double-click OIM_DC_HOME\xlclient\xlclient.cmd or select Design Console from the Microsoft Windows Start menu or desktop.
In the System Configuration form of the Design Console, you must set the XL.CompilerPath system property to include the path of the bin directory inside the JDK directory (JDK_HOME\bin) that is used by the application server on which Oracle Identity Manager is deployed.
Then, restart Oracle Identity Manager.
See Also:
The "Rule Elements, Variables, Data Types, and System Properties" section in Oracle Identity Manager ReferenceAfter installing the Oracle Identity Manager Design Console, you might want to configure it to communicate to your Oracle Identity Manager over SSL. Use the following procedure to configure communication from your Design Console to Oracle Identity Manager over SSL.
Stop Oracle Identity Manager.
Perform the following backup tasks:
Create a backup of the OIM_HOME directory in which you installed Oracle Identity Manager.
Create a backup of the OIM_DC_HOME directory in which you installed the Oracle Identity Manager Design Console.
Create a backup of the JBOSS_HOME directory in which you installed JBoss Application Server.
Export the Oracle Identity Manager certificate by using the following commands:
cd OIM_HOME\config
%JAVA_HOME%\bin\keytool -export -file xlserver.cer -keystore .xlkeystore -storepass xellerate -alias xell
The xlserver.cer file is created in the config folder.
Open the OIM_HOME\config\xljbossssl-service.xml file:
Find the following line:
<attribute name="KeyStorePass"><XDtConfig:configParameter ValueparamName="KeyStorePass"/></attribute>
Change the line to the following:
<attribute name="KeyStorePass">xellerate</attribute>
Change the installation profile by using the following commands:
cd OIM_HOME\profiles
Open the jboss.profile file and set the following properties:
configure.ssl.invoker=true
jboss.ssl.invocation=true
jboss.ssl.port=10443
jboss.ssl.clustered.port=10444
jboss.stateful.invoker=xl-stateful-rmi-invoker
jboss.stateless.invoker=xl-stateless-rmi-invoker
Run the setup command by using the following commands:
cd OIM_HOME\setup
setup_jboss.cmd database_password
Note:
- For non-clustered installation, JBOSS_DIR refers to JBOSS_HOME\server\default and for clustered installation it refers to JBOSS_HOME\server\all.
- JBoss Application Server clustered environments are not supported in Oracle Identity Manager release 9.1.0. See "Certified Components" in Oracle Identity Manager Release Notes for information about certified components.
Edit the login-config.xml file by using the following commands:
cd JBOSS_DIR\conf
Open the login-config.xml file and find the XML tags toward the end in the file that look like the following:
<policy>
...
...
...
<application-policy name= "xellerate">
<authentication>
....
....
</authentication>
</application-policy>
</policy>
You will see two application-policy entries. Remove the last entry.
Note:
Ensure that you remove the lines starting with<application-policy name="xellerate"> and ending through </application-policy>. Do not remove the last line ending with </policy>.Copy the OIM_HOME\config\xlserver.cer file to OIM_DC_HOME\java\lib\security on all Design Console systems that will communicate with Oracle Identity Manager.
Use the following command to copy the xlserver.cer file:
..\..\bin\keytool -import -file xlserver.cer -keystore cacerts -storepass changeit -trustcacerts -alias xell
When prompted, enter yes to trust the certificate.
Copy the OIM_HOME\config\.xlkeystore file to the JBOSS_DIR\conf\ directory.
Copy the cacerts file from the OIM_DC_HOME\java\lib\security directory to the JBOSS_DIR\conf\ directory.
Open the JBOSS_HOME\deploy\jbossweb-tomcat55.sar\server.xml file:
Find the line that starts with:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
Edit the lines in this entry so that it is displayed as follows:
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/.xlkeystore"
keystorePass="xellerate"
truststoreFile="${jboss.server.home.dir}/conf/cacerts"
truststorePass="changeit"
sslProtocol = "TLS" />
Uncomment the entry.
Save and close the updated server.xml file.
Open the OIM_DC_HOME\config\xlconfig.xml in a text editor.
Change
<ApplicationURL>http://HOSTNAME:8080/xlWebApp/loginWorkflowRenderer.do </ ApplicationURL>
To:
<ApplicationURL>https://HOSTNAME:8443/xlWebApp/loginWorkflowRenderer.do </ ApplicationURL>
Note:
It is assumed that the JBOSS application server uses 8080 as the HTTP port and 8443 as the HTTPS port.
For clustered JBOSS installations, the value for <ApplicationURL> in OIM_DC_HOME\config\xlconfig.xml can point to one application server URL or it can point to the Web server URL. In the second case, you must trust the Web server certificate from the Web server as described in step 7 of this procedure.
JBoss Application Server clustered environments are not supported in Oracle Identity Manager release 9.1.0. See "Certified Components" in Oracle Identity Manager Release Notes for information about certified components.
Restart Oracle Identity Manager for the changes to take effect.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|