| Oracle® Identity Manager Installation and Configuration Guide for BEA WebLogic Server Release 9.1.0 Part Number E10370-03 |
|
|
View PDF |
| Oracle® Identity Manager Installation and Configuration Guide for BEA WebLogic Server Release 9.1.0 Part Number E10370-03 |
|
|
View PDF |
Oracle Identity Manager requires a database. You must install and configure your database before you begin the Oracle Identity Manager installation. Refer to the topic that applies to your database:
To use Oracle Database as your database, you must perform the tasks described in the following sections:
Install Oracle9i Database or Oracle Database 10g release 2 by referring to the documentation delivered with the Oracle database. See Oracle Identity Manager Release Notes for the specific supported versions. Oracle recommends using the Basic installation.
Note:
If you choose the Custom installation, then you must include the JVM option, which is required for XA transaction support.You can create a new Oracle database instance for Oracle Identity Manager. When creating the database, ensure that you configure the Oracle JVM feature and enable query rewrite.
You can use the Database Configuration Assistant (DBCA) tool to create the database. To configure the Oracle JVM feature, select the Oracle JVM feature on the Standard Database Features page of the DBCA.
To enable the database for query rewrite, set the initialization parameters QUERY_REWRITE_ENABLED to TRUE and QUERY_REWRITE_INTEGRITY to TRUSTED in the All Initialization Parameters field of the DBCA.
Note:
For the Oracle Identity Manager installation, Oracle recommends that you configure a minimum block size of 8K for Oracle Database.Refer to the Oracle Database documentation for detailed instructions on creating a database instance.
For globalization support for Oracle Identity Manager, Oracle recommends that for configuring the database for Unicode. To configure the database for Unicode, perform the following steps:
Select AL32UTF8 in the Character Sets tab of the DBCA. This character set supports the Unicode standard.
Set the NLS_LENGTH_SEMANTICS initialization parameter to CHAR in the All Initialization Parameters field of the DBCA.
See Also:
Oracle Identity Manager Globalization Guide for information about globalization support for Oracle Identity ManagerAfter you install Oracle Database and create a database instance, you must prepare the database instance for Oracle Identity Manager by completing the following tasks:
Verify that query rewrite is enabled.
Note:
Query rewrite is applicable only if you are using Oracle Database Enterprise Edition.Enable XA transactions support.
Note:
Java Virtual Machine (JVM) is required to enable XA transaction support. If you did not install the Oracle JVM component during Oracle Database installation, then you must install it now. See the Oracle Database documentation for specific instructions.Create at least one tablespace for storing Oracle Identity Manager data.
Create a database user account for Oracle Identity Manager.
You can perform the preceding tasks to prepare the Oracle database for Oracle Identity Manager by running one of the following scripts:
On Microsoft Windows, run the following:
prepare_xl_db.bat
On UNIX, run the following:
prepare_xl_db.sh
Both of these scripts ship with the Oracle Identity Manager Installer and are in the \installServer\Xellerate\db\oracle\ directory.
You must observe the following prerequisites when using these scripts:
The script must be run by a user holding DBA privileges. For example, the oracle user on UNIX typically holds these privileges.
The script must be run on the computer on which the database is installed.
The following sections describe how to prepare the Oracle database for Oracle Identity Manager.
Perform the steps associated with the operating system on the computer hosting the Oracle database.
To prepare the database on UNIX:
Copy the scripts prepare_xl_db.sh and xell_db_prepare.sql from the distribution CD to a directory on the computer hosting the database in which you (as the account user performing this task) have write permission.
Run the following command to enable permission to run the script:
chmod 755 prepare_xl_db.sh
Run the prepare_xl_db.sh script by entering the following command:
./prepare_xl_db.sh
Provide information appropriate for your database and host computer when the script prompts you for the following items:
The location of your Oracle home, which is ORACLE_HOME
The name of your database, which is ORACLE_SID
The name of the Oracle Identity Manager database user to be created
The password for the Oracle Identity Manager database user
The name of the tablespace to be created for storing Oracle Identity Manager data
The directory to store the data file for the Oracle Identity Manager tablespace
The name of the data file (You do not append the .dbf extension.)
The name of the temporary tablespace
Check the prepare_xl_db.lst log file located in the directory in which you ran the prepare_xl_db script to see the execution status and additional information.
Note:
If you encounter errors after running the prepare_xl_db.sh script, then run the following command to ensure that the prepare_xl_db.sh is executable on UNIX, and then run the prepare_xl_db.sh script again.$ dos2unix prepare_xl_db.sh
To prepare the database on Microsoft Windows:
Copy the prepare_xl_db.bat and xell_db_prepare.sql scripts from the distribution CD to a directory on the computer hosting the database in which you (as the account user performing this task) have write permission.
Open a command prompt, navigate to the directory in which you copied the scripts, and run prepare_xl_db.bat with the following arguments:
prepare_xl_db.bat ORACLE_SID ORACLE_HOME XELL_USER XELL_USER_PWD TABLESPACE_NAME DATAFILE_DIRECTORY DATAFILE_NAME XELL_USER_TEMP_TABLESPACE SYS_USER_PASSWORD
For example, the string you enter on the command line might look similar to the following:
prepare_xl_db.bat XELL C:\oracle\ora92 xladm xladm xeltbs C:\oracle\oradata xeltbs_01 TEMP manager
Table 4-1 lists the options used in the preceding example of prepare_xl_db.bat.
Table 4-1 Options for the prepare_xl_db.bat Script
| Argument | Description |
|---|---|
|
|
Name of the database |
|
|
Directory in which the Oracle database is installed |
|
|
Name of the Oracle Identity Manager user to be created |
|
|
Password for the Oracle Identity Manager user |
|
|
Name of the tablespace to be created |
|
|
Directory in which the data files will be placed |
|
|
Name of the data file (you do not need to include the .dbf extension) |
|
|
Name of the temporary tablespace that already exists in the database |
|
|
Password for the SYS user |
Check the prepare_xl_db.lst log file located in the directory in which you have run the xell_db_prepare script to see execution status and additional information.
If the script returns a message indicating successful execution, then you can continue to the next task, which is Oracle Identity Manager installation.
If the script does not succeed, then you must manually fix all fatal (nonrecoverable) errors so that the database is prepared successfully.
You can ignore all nonfatal errors. For example, when the script tries to drop a nonexistent view, it will return the error "ORA-00942: table or view does not exist".
Scan all the errors in the log file and ignore or resolve them on an individual basis.
This section explains how to deploy Oracle Real Application Clusters (Oracle RAC) databases for Oracle Identity Manager. It discusses the following sections:
Oracle RAC is a cluster database with a shared cache architecture that provides highly scalable and available database solutions. Oracle RAC consists of multiple database instances on different computers. These database instances act in tandem to provide database solutions.
Note:
The Oracle Identity Manager Installer program does not provide support for Oracle RAC. To deploy Oracle Identity Manager for Oracle RAC, you must install Oracle Identity Manager on a single database instance in Oracle RAC and then change the application server settings, specifically the connection pool parameters, to use the Oracle RAC JDBC connection string.Perform the following steps to install Oracle Identity Manager for Oracle RAC:
Ensure that Oracle RAC is properly set up and configured with the Oracle Identity Manager schema owner.
Start the Oracle Identity Manager Installer.
On the Database Parameters page of the installer, enter the host name, port number, and database name of a single database instance in Oracle RAC.
Complete the Oracle Identity Manager installation by performing the steps in the installer.
Configure the application server for RAC. Refer to the "Configuring BEA WebLogic Server for Oracle RAC" section.
The net services name entry for an Oracle RAC database differs from that of a conventional database. The following is an example of the net services name entry for an Oracle RAC database:
racdb=
(DESCRIPTION=
(LOAD_BALANCE=off)
(FAILOVER=on)
(ADDRESS_LIST=
(ADDRESS=(protocol=tcp)(host=node1-vip)(port=1521))
(ADDRESS=(protocol=tcp)(host=node2-vip)(port=1521)))
(CONNECT_DATA=
(SERVER=DEDICATED)
(SERVICE_NAME=racdb)))
Table 4-2 describes the parameters in a net services name entry for an Oracle RAC database.
Table 4-2 Parameters for Oracle RAC Database Net Services Name Entries
| Parameter | Description |
|---|---|
|
LOAD_BALANCE |
Specifies whether client load balancing is enabled (on) or disabled (off). The default setting is on. |
|
FAILOVER |
Specifies whether failover is enabled (on) or disabled (off). The default setting is on. |
|
ADDRESS_LIST |
Specifies the list of all the nodes in Oracle RAC, including their host names and the ports they listen on. |
JDBC client applications that use the Thin driver to connect to an Oracle RAC database must use the Oracle RAC net services name as a part of the JDBC URL. The entire Oracle RAC net services name is concatenated and the entire string is used in the JDBC URL so that the client application can connect to Oracle RAC.
The following sample code shows how a JDBC URL is used to connect to an Oracle RAC database:
//String url = "jdbc:oracle:thin:@dbhost:1521:dbservice"
String racUrl =
"jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=off)(FAILOVER=on)(ADDRESS_LIST=(ADDRESS=(protocol=tcp)(host=node1-vip)(port=1521))(ADDRESS=(protocol=tcp)(host=node2-vip)(port=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=racdb)))";
String strUser = "username";
String strPW = "password";
// load Oracle driver
Class.forName("oracle.jdbc.driver.OracleDriver");
// create the connection
con = DriverManager.getConnection(strURL, strUser, strPW);
The subsequent sections about configuring application servers for Oracle RAC databases explain how to modify connection pools to use a similar JDBC URL so that the application server can communicate with Oracle RAC.
This section explains how to configure BEA WebLogic Server (nonclustered or clustered) for Oracle RAC by ensuring the data sources and connection pools are configured to use the Oracle RAC JDBC connection string.
Note:
Before configuring BEA WebLogic Server for Oracle RAC, you must:Get the RAC net services name from the tnsnames.ora file.
Construct the RAC JDBC URL. Refer to the "JDBC and Oracle RAC" section.
Perform the following steps to configure both nonclustered and clustered BEA WebLogic Server for Oracle RAC:
Open the OIM_HOME/xellerate/config/xlconfig.xml file.
Locate the <DirectDB> section and replace the value of the <url>...</url> tag with the Oracle RAC JDBC URL. For example, the new tag might be similar to the following:
<url>jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=off)(FAILOVER=on)(ADDRESS_ LIST=(ADDRESS=(protocol=tcp)(host=node1-vip)(port=1521))(ADDRESS=(protocol=tcp) (host=node2-vip)(port=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_ NAME=racdb)))</url>
Save and close the OIM_HOME/xellerate/config/xlconfig.xml file.
Start BEA WebLogic Server and open the WebLogic Server Administration Console by using a Web browser.
Log in to the WebLogic Server Administration Console by using the administrator account.
Select Services, JDBC, Connection Pools, and then select xlConnectionPool.
Select the General tab for xlConnectionPool.
Enter the Oracle RAC JDBC URL described in Step 2 in the URL field and save the settings.
Select the Connections tab for xlConnectionPool.
Select Advanced Options and set the following:
Select Test Reserved Connections.
Set the Test Table Name value to dual.
Save the settings.
Select Services, JDBC, Connection Pools, and then select xlXAConnectionPool.
Select the General tab for xlXAConnectionPool.
Enter the Oracle RAC JDBC URL described in Step 2 in the URL field and save the settings.
Select the Connections tab for xlXAConnectionPool.
Select Advanced Options and set the following:
Select Test Reserved Connections.
Set the Test Table Name value to dual.
Select Keep XA Connection Till Transaction Complete.
Save the settings.
Restart the Administrative Server and the Managed Server. For BEA WebLogic Server clusters, restart all nodes in the cluster.
Note:
Microsoft SQL Server is not supported in Oracle Identity Manager release 9.1.0. See ÒCertified ComponentsÓ in Oracle Identity Manager Release Notes for information about certified components.To use Microsoft SQL Server for the database, you must complete the procedures in the following sections:
After you have completed these tasks, you are ready to install the Oracle Identity Manager components.
To install and configure Microsoft SQL Server for Oracle Identity Manager:
Install Microsoft SQL Server 2000 with Service Pack 3a.
During installation, select mixed authentication mode, and then set the password to sa.
On the computer hosting the application server, download the SQL Server 2000 Driver for JDBC Service Pack 3 from the following Web site:
On the computer hosting the application server, install SQL Server 2000 Driver for JDBC Service Pack 3.
Note:
Specify a short path for the installation folder, such asC:\JDBCjars, so that you can easily add the path to your CLASSPATH (Step 4). If the classpath is more than 256 characters, then the installer does not work properly.On the computer hosting the application server, locate the JDBC driver files mssqlserver.jar, msbase.jar, and msutil.jar.
Add their location to the system CLASSPATH environment variable. If the CLASSPATH environment variable does not exist, then you must create it. The string you add should look like the following:
C:\jdbc_install_folder\lib\mssqlserver.jar; C:\jdbc_install_folder\lib\msbase.jar; C:\jdbc_install_folder\lib\msutil.jar;
In these sample strings, jdbc_install_folder is the location where the SQL Server 2000 Driver for JDBC files is installed.
Enable distributed transactions by installing SQL Server JDBC XA procedures.
Copy the sqljdbc.dll file in the SQLServer JDBC Driver\SQLServer JTA\ directory to the following directory:
C:\Program Files\Microsoft SQl Server\MSSQL\Binn
Run the instjdbc.sql script.
Follow the instructions for installing stored procedures for Java Transaction APIs (JTA). These instructions are bundled with the SQL Server 2000 Driver for JDBC. See the jdbcsqlsrv9.html Help file.
Ensure that the Distributed Transaction Coordinator (MSDTC) service for the Microsoft SQL Server is running.
If necessary, use the SQL Server Service Manager to start it.
Note:
You can set the Distributed Transaction Coordinator to start automatically whenever the operating system is restarted.To register Microsoft SQL server:
Start the Microsoft SQL Server Enterprise Manager application.
From the Windows Start menu, select Programs, Microsoft SQL Server, and then select Enterprise Manager.
In the left pane of the SQL Server Enterprise Manager application window, select Console Root, and then select Microsoft SQL Servers.
Right-click SQL Server Group, and select New SQL Server Registration.
In the Register SQL Server Wizard dialog box, click Next.
On the Select a SQL Server page, perform one of the three following steps:
Select the server from the list in the right pane, click Add, then click Next.
Select LOCAL, click Add, and then click Next.
Enter the host name of the server in the text entry box, click Add, and then click Next.
On the Select an Authentication Mode page, select The SQL Server login information that is assigned to you by the administrator [SQL Server Authentication], and then click Next.
On the Register Connection Option page, select Login automatically using my SQL server account information, and then complete the following steps:
In the Login name field, enter the account name used to connect to your SQL server. Typically, this is sa.
In the Password field, enter the password associated with the account name you specified, and then click Next.
On the Select SQL Server Group page, select Add the SQL Server(s) to an existing SQL Server Group, select a group from the Group name list, and then click Next.
On the Completing the Register SQL Server Wizard page, click Finish, and then click Done.
The following procedure describes how to create a Microsoft SQL Server database.
Note:
The following procedure uses the name XELL for the database. You are not required to use XELL as the name for the database. This document refers to the name of the database as XELL throughout.To create a new database for Oracle Identity Manager:
Start the Microsoft SQL Server Enterprise Manager application. To do so, from the Windows Start menu, select Programs, Microsoft SQL Server, and then select Enterprise Manager.
In the left pane of the SQL Server Enterprise Manager application window, select Console Root, Microsoft SQL Servers, select the server group to which your server belongs, and then double-click the icon representing your server.
Right-click Databases, and then select New Database.
In the Database Properties dialog box, select the General tab, and then enter XELL in the Name field.
Select the Data Files tab. Then, for the Initial Size and Filegroup columns in the Database files matrix, enter the information from the corresponding columns in Table 4-3.
Table 4-3 Database Files
| File Name | Initial Size in Megabytes (MB) | Filegroup Name | Content |
|---|---|---|---|
|
XELL_PRIMARY |
100 |
PRIMARY |
System objects required for SQL Server operation |
|
XELL_DATA |
500 |
XELL_DATA |
Physical data and primary keys |
|
XELL_INDEX |
300 |
XELL_INDEX |
Indexes |
|
XELL_TEXT |
500 |
XELL_TEXT |
Large text fields |
|
XELL_UPA |
1000 |
XELL_UPA |
Keys for the User Profile Audit component |
Note:
Table 4-3 lists initial sizes for a production environment. For nonproduction installations, you can use the default initial sizes provided for the filegroups.To ensure successful installation of Oracle Identity Manager, filegroup names must be entered exactly as they are shown in Table 4-3. You can vary the File Name and Location strings to match the database name and the location of your SQL Server installation.
Select Automatically Grow File.
Select By Percent, and then enter 10 in the associated field.
Select Unrestricted file growth.
Note:
The PRIMARY filegroup contains the system objects required for SQL Server to operate. The XELL_DATA filegroup stores the physical data and primary keys, XELL_INDEX filegroup stores indexes, XELL_TEXT stores large text fields, and XELL_UPA stores the physical data and primary keys of the User Profile Audit component.Select the Transaction Log tab, and then change the initial size to 500 MB.
Leave all the other options on the tab at their default values.
Note:
For nonproduction installations, you can use the default size for the log file.Click OK to trigger database creation.
The following procedure describes how to create a database account for Oracle Identity Manager and assign appropriate permissions to that account.
Note:
The following procedure assumes that the account name is xladm. If you want an account name other than xladm, then specify that name instead of xladm throughout the following procedure and also when installing Oracle Identity Manager.To create a Microsoft SQL Server database account and permissions:
Start the Microsoft SQL Server Enterprise Manager application. To do so, from the Windows Start menu, select Programs, Microsoft SQL Server, and then select Enterprise Manager.
In the left pane of the SQL Server Enterprise Manager application window, select Console Root, Microsoft SQL Servers, select the server group to which your server belongs, and then double-click the icon representing your server.
Select Security, right-click Logins, and then select New Login.
In the SQL Server Login Properties dialog box, select the General tab. In the Name field, enter xladm.
Select SQL Server Authentication. In the Password field, enter the password associated with the account name that you specified in Step 4.
In the Database list in the Defaults section, select XELL from the list. Leave the Language field set to <default>.
Select the Database Access tab.
In the upper panel, select the check box associated with XELL.
In the lower panel, select the check boxes associated with the following:
public
db_owner
db_accessadmin
db_securityadmin
db_ddladmin
db_datareader
db_datawriter
Click OK to commit your changes.
When prompted, confirm the password and click OK.
To check your database settings, right-click the icon representing your server, and then select Properties from the shortcut menu.
On the SQL Server Properties page, select the Security tab, then verify that Authentication is set to SQL Server and Windows.
Click the General tab, and then verify that the check boxes associated with Autostart SQL Server and Autostart MSDTC are selected.
If Autostart SQL Server Agent is selected, then do not change the existing setting, because that setting might be required by other applications.
Click OK to close the SQL Server Properties page.
To remove Oracle Identity Manager entries from a SQL Server database after removing Oracle Identity Manager, perform the following steps:
Delete the Oracle Identity Manager database.
Delete the Oracle Identity Manager login account.
