The following sections of this chapter describe the procedures that you must perform before you create the connector:
This section describes the following procedures:
Depending on the Oracle Identity Manager release you are using, perform the instructions given in one of the following sections:
Section 2.1.1.1, "Enabling Logging on Oracle Identity Manager Release 9.1.0.x"
Section 2.1.1.2, "Enabling Logging on Oracle Identity Manager Release 11.1.1 and 11.1.2.x"
Note:
In an Oracle Identity Manager cluster, perform this procedure on each node of the cluster. Then, restart each node.When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
ALL
This level enables logging for all events.
DEBUG
This level enables logging of information about fine-grained events that are useful for debugging.
INFO
This level enables logging of messages that highlight the progress of the application at a coarse-grained level.
WARN
This level enables logging of information about potentially harmful situations.
ERROR
This level enables logging of information about error events that might allow the application to continue running.
FATAL
This level enables logging of information about very severe error events that could cause the application to stop functioning.
OFF
This level disables logging for all events.
The file in which you set the log level and the log file path depend on the application server that you use:
Oracle WebLogic Server
To enable logging:
Add the following line in the OIM_HOME/xellerate/config/log.properties file:
log4j.logger.OIMCP.DATC=LOG_LEVEL
In this line, replace LOG_LEVEL
with the log level that you want to set.
For example:
log4j.logger.OIMCP.DATC=INFO
After you enable logging, log information is written to the following file:
WEBLOGIC_HOME/user_projects/domains/DOMAIN_NAME/SERVER_NAME/SERVER_NAME.log
IBM WebSphere Application Server
To enable logging:
Add the following line in the OIM_HOME/xellerate/config/log.properties file:
log4j.logger.OIMCP.DATC=LOG_LEVEL
In this line, replace LOG_LEVEL
with the log level that you want to set.
For example:
log4j.logger.OIMCP.DATC=INFO
After you enable logging, log information is written to the following file:
WEBSPHERE_HOME/AppServer/logs/SERVER_NAME/startServer.log
JBoss Application Server
To enable logging:
In the JBOSS_HOME/server/default/conf/log4j.xml file, locate or add the following lines:
<category name="OIMCP.DATC">
<priority value="LOG_LEVEL"/>
</category>
In the second XML line, replace LOG_LEVEL
with the log level that you want to set. For example:
<category name="OIMCP.DATC"> <priority value="INFO"/> </category>
After you enable logging, log information is written to the following file:
JBOSS_HOME/server/default/log/server.log
Oracle Application Server
To enable logging:
Add the following line in the OIM_HOME/xellerate/config/log.properties file:
log4j.logger.OIMCP.DATC=LOG_LEVEL
In this line, replace LOG_LEVEL
with the log level that you want to set.
For example:
log4j.logger.OIMCP.DATC=INFO
After you enable logging, log information is written to the following file:
ORACLE_HOME/opmn/logs/default_group~home~default_group~1.log
Oracle Identity Manager uses Oracle Java Diagnostic Logging (OJDL) for logging. OJDL is based on java.util.Logger. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:
SEVERE.intValue()+100
This level enables logging of information about fatal errors.
SEVERE
This level enables logging of information about errors that might allow Oracle Identity Manager to continue running.
WARNING
This level enables logging of information about potentially harmful situations.
INFO
This level enables logging of messages that highlight the progress of the application.
CONFIG
This level enables logging of information about fine-grained events that are useful for debugging.
FINE, FINER, FINEST
These levels enable logging of information about fine-grained events, where FINEST logs information about all events.
These log levels are mapped to ODL message type and level combinations as shown in Table 2-1.
Table 2-1 Log Levels and ODL Message Type:Level Combinations
Log Level | ODL Message Type:Level |
---|---|
SEVERE.intValue()+100 |
INCIDENT_ERROR:1 |
SEVERE |
ERROR:1 |
WARNING |
WARNING:1 |
INFO |
NOTIFICATION:1 |
CONFIG |
NOTIFICATION:16 |
FINE |
TRACE:1 |
FINER |
TRACE:16 |
FINEST |
TRACE:32 |
The configuration file for OJDL is logging.xml, which is located at the following path:
DOMAIN_HOME/config/fmwconfig/servers/OIM_SERVER/logging.xml
Here, DOMAIN_HOME and OIM_SERVER are the domain name and server name specified during the installation of Oracle Identity Manager.
To enable logging in Oracle WebLogic Server:
Edit the logging.xml file as follows:
Add the following blocks in the file:
<log_handler name='dbat-handler' level='[LOG_LEVEL]' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='logreader:' value='off'/> <property name='path' value='[FILE_NAME]'/> <property name='format' value='ODL-Text'/> <property name='useThreadName' value='true'/> <property name='locale' value='en'/> <property name='maxFileSize' value='5242880'/> <property name='maxLogSize' value='52428800'/> <property name='encoding' value='UTF-8'/> </log_handler>
<logger name="OIMCP.DATC" level="[LOG_LEVEL]" useParentHandlers="false">
<handler name="dbat-handler"/>
<handler name="console-handler"/>
</logger>
Replace both occurrences of [LOG_LEVEL]
with the ODL message type and level combination that you require. Table 2-1 lists the supported message type and level combinations.
Similarly, replace [FILE_NAME]
with the full path and name of the log file in which you want log messages to be recorded.
The following blocks show sample values for [LOG_LEVEL]
and [FILE_NAME]
:
<log_handler name='dbat-handler' level='NOTIFICATION:1' class='oracle.core.ojdl.logging.ODLHandlerFactory'> <property name='logreader:' value='off'/> <property name='path' value='F:\MyMachine\middleware\user_projects\domains\base_domain1\servers\oim_server1\logs\oim_server1-diagnostic-1.log'/> <property name='format' value='ODL-Text'/> <property name='useThreadName' value='true'/> <property name='locale' value='en'/> <property name='maxFileSize' value='5242880'/> <property name='maxLogSize' value='52428800'/> <property name='encoding' value='UTF-8'/> </log_handler> <logger name="OIMCP.DATC" level="NOTIFICATION:1" useParentHandlers="false"> <handler name="dbat-handler"/> <handler name="console-handler"/> </logger>
With these sample values, when you use Oracle Identity Manager, all messages generated for this connector that are of a log level equal to or higher than the NOTIFICATION:1
level are recorded in the specified file.
Save and close the file.
Set the following environment variable to redirect the server logs to a file:
For Microsoft Windows:
set WLS_REDIRECT_LOG=FILENAME
For UNIX:
export WLS_REDIRECT_LOG=FILENAME
Replace FILENAME with the location and name of the file to which you want to redirect the output.
Restart the application server.
Note:
This is an optional procedure. Perform this procedure only if you want to add fields to the standard set of OIM User fields.While creating the connector, when you perform the procedure described in "Step 3: Modify Connector Configuration Page", you create mappings between the OIM User fields and the corresponding target system fields (columns). If there are additional target system fields that you want to use during reconciliation or provisioning, then you can extend the set of OIM User fields by creating user-defined fields (UDFs). For information about creating UDFs, see one of the following guides:
For Oracle Identity Manager release 9.1.0.x: Oracle Identity Manager Design Console Guide
For Oracle Identity Manager release 11.1.1 and 11.1.2.x, see Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager
The following are the standard OIM User fields on Oracle Identity Manager release 9.1.0.x:
User ID
First Name
Last Name
Organization Name
User Type
Employee Type
Role
Password
Middle Name
Status
Provisioned Date
Creation Date
Manager ID
End Date
Start Date
The following are the standard OIM User fields on Oracle Identity Manager release 11.1.1 and 11.1.2.x:
User Login
First Name
Last Name
Organization
User Type
Password
Middle Name
Status
Provisioning Date
Creation Date
Manager
End Date
Start Date
Note:
This is an optional procedure. Perform this procedure only if you want to use lookup definitions as the input source for some of the fields on the process form during provisioning operations.If you are configuring the connector for provisioning, then you may want to create lookup fields on the process form. For example, during provisioning operations, you may want to select the Country Code value from a lookup field. While creating the connector, you can set up this field as a lookup field by specifying an input source (other than the target system) for the field.
You can use a lookup definition as the input source. For example, you can create a lookup definition containing country codes and then set up the lookup definition as the input source for the Country field. If you want to use a lookup definition as the input source, then you must first create it.
See Also:
The "Lookup Definition Form" section in one of the following guides for information about creating lookup definitions:For Oracle Identity Manager release 9.1.0.x: Oracle Identity Manager Design Console Guide
For Oracle Identity Manager release 11.1.1 and 11.1.2.x, see Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager
Alternatively, you can create a lookup field that uses columns from Oracle Identity Manager database tables as its input source. For example, if country code values are stored in any Oracle Identity Manager database table, then you can use the columns of that table as the input source for the Country Code lookup field.
While performing the procedure described in "Step 3: Modify Connector Configuration Page", you specify the custom lookup definition as the input source.
Note:
If the target system version is the same as the version of the database that Oracle Identity Manager is using, then you need not perform the procedure described in this section. This is because the JDBC drivers have already been copied into the specified application server directories on Oracle Identity Manager.Depending on the target system that you use, download one of the following sets of JDBC drivers from the vendor's Web site:
Note:
If the target system has the primary key column defined with the autoincrement option, then:Ensure that you use JDBC3-compliant database drives.
Ensure that the autoincrement mechanism is implemented on the target system. The connector does not generate and insert values in the autoincrementing field.
A target system with Composite Primary Keys is not supported.
For all platforms: db2jcc.jar
For Microsoft Windows and UNIX platforms: db2jcc_license_cu.jar
For IBM z/OS platforms: db2jcc_license_cisuz.jar
For IBM DB2/UDB with the autoincrement option set on the primary key column: db2jcc4.jar and jdk 1.6
For Microsoft SQL Server 2005: sqljdbc.jar version 1.2
For Microsoft SQL Server 2008: sqljdbc4.jar
For MySQL, you need the mysql-connector-java-5.1.8-bin.jar driver.
Oracle Database 10g release 2 (10.2.0.1), (10.2.0.2), or (10.2.0.3) drivers
Oracle Database 11g release 1 (11.1.0.6) drivers
Oracle Database 11g release 2 (11.2) drivers
Note:
If you are using Oracle Database 11g release 2 (11.2) drivers, then add the following system property to the startup parameter of the WebLogic Application Server:-Doracle.jdbc.J2EE13Compliant=true
Oracle RAC: Use the ojdbc14.jar file for JBoss Application Server. For all other application servers, use the ojdbc6.jar file.
Note:
The following is also mentioned as a limitation in the "Known Issues, Workarounds, and Troubleshooting" chapter:If you are using the ojdbc6.jar file, then the ArrayIndexOutOfBounds exception is encountered during a provisioning operation on Oracle Identity Manager 9.1.0.2 BP02 or later. To resolve this issue:
On JBoss Application Server, replace the ojdbc6.jar file with the ojdbc14.jar file in the following directory:
OIM_HOME/xellerate/ext and JBOSS_HOME/server/default/lib
For all other certified application servers, apply Patch 7112447. This patch is available on My Oracle Support (formerly OracleMetaLink).
For Sybase Adaptive Server Enterprise, use the jconn3.jar JDBC driver for all platforms.
Depending on the application server that you use, copy the JDBC drivers into one of the following directories:
Note:
In an Oracle Identity Manager cluster, copy the JDBC drivers into this directory on each node of the cluster.For Oracle Identity Manager release 9.1.0.x:
For Oracle WebLogic Server:
WEBLOGIC_HOME/java/jre/lib/ext
For JBoss Application Server:
JAVA_HOME/jre/lib/ext
For IBM WebSphere Application Server:
WEBSPHERE_HOME/java/jre/lib/ext
For Oracle Application Server:
There is no need to copy JDBC drivers to any specific location as they are already present in the specified application server directories on Oracle Identity Manager.
For Oracle Identity Manager release 11.1.1 and 11.1.2.x on Oracle WebLogic Server:
There is no need to copy JDBC drivers as they are already present in the specified application server directories on Oracle Identity Manager.
This section discusses the following topics:
For a target system that you configure as a target resource, Oracle Identity Manager expects the following account status values during reconciliation:
Enabled
Disabled
If you are configuring the target system as a target resource and if the target system uses the same status values, then you need not perform the procedure to configure account status reconciliation.
Similarly, for a target system that you configure as a trusted source, Oracle Identity Manager expects the following account status values during reconciliation:
Active
Disabled
If you are configuring the target system as a trusted source and if the target system uses the same status values, then you need not perform the procedure to configure account status reconciliation.
However, if the target system does not use status values that are compatible with Oracle Identity Manager, then you must configure account status reconciliation as follows:
Note:
For detailed instructions to perform these steps, see "Configuring Account Status Reconciliation" in one of the following chapters:For Oracle Identity Manager release 9.1.0.x: "Predefined Generic Technology Connector Providers Shipped with Oracle Identity Manager" chapter in Oracle Identity Manager Administrative and User Console Guide
For Oracle Identity Manager release 11.1.1 and 11.1.2.x: "Predefined Providers for Generic Technology Connectors" chapter in Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager
Create a lookup definition that maps the status values used in the target system with the status values used in Oracle Identity Manager.
While creating the connector, use the Translation Transformation Provider to create a transformation mapping between the fields that hold account status values in the Source and Reconciliation Staging data sets. The Translation Transformation Provider converts the target system status values into values that are compatible with Oracle Identity Manager.
Create a mapping between the field that holds account status values in the Reconciliation Staging data set and one of the following fields:
For a target system that you configure as a target resource, Oracle Identity Manager sends the following account status values during provisioning:
enable
disable
If the target system does not use the same values, then you must perform the following steps:
Create a lookup definition that maps the status values used in Oracle Identity Manager with the status values used in the target system.
See Also:
The "Lookup Definition Form" section in one of the following guides for information about creating lookup definitions:For Oracle Identity Manager release 9.1.0.x: Oracle Identity Manager Design Console Guide
For Oracle Identity Manager release 11.1.1 and 11.1.2.x, see Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager
The following table shows the Code Key and Decode values for the lookup definition that you must create:
Code Key | Decode |
---|---|
enable | Status value used in the target system for an account that is in the Enabled state |
disable | Status value used in the target system for an account that is in the Disabled state |
While performing the procedure described in "Step 2: Specify Parameter Values Page":
While performing the procedure described in "Step 3: Modify Connector Configuration Page", remove the status field from the Provisioning Staging data sets and from the OIM - Account data set.
Note:
In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Oracle Identity Manager Administrative and User Console.The files that contain the definitions of the predefined providers are placed in the Database Application Tables directory on the installation media. You must run the Connector Installer to install the connector.
To install the connector:
Copy the Database Application Tables directory from the installation media into the following directory:
For Oracle Identity Manager release 9.1.0.x:
OIM_HOME/xellerate/ConnectorDefaultDirectory
For Oracle Identity Manager release 11.1.1 and 11.1.2.x:
OIM_HOME/server/ConnectorDefaultDirectory
Depending on the Oracle Identity Manager release you are using, perform one of the following steps:
For Oracle Identity Manager release 9.1.0.x:
Log in to the Administrative and User Console by using the user account described in the "Creating the User Account for Installing Connectors" section of Oracle Identity Manager Administrative and User Console Guide.
Click Deployment Management, and then click Install Connector.
For Oracle Identity Manager release 11.1.1:
Log in to the Administrative and User Console by using the user account described in the "Creating the User Account for Installing Connectors" section of Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.
On the Welcome to Identity Manager Advanced Administration page, in the System Management region, click Manage Connector.
In the Manage Connector page, click Install.
For Oracle Identity Manager release 11.1.2.x:
Log in to Oracle Identity System Administration by using the user account described in the "Creating the User Account for Installing Connectors" section of Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.
In the left pane, under System Management, click Manage Connector.
In the Manage Connector page, click Install.
From the Connector List list, select the connector that you want to install. This list displays the names and release numbers of connectors whose installation files you copy into the ConnectorDefaultDirectory directory.
If you have copied the Database Application Tables directory into a different directory, then:
In the Alternative Directory field, enter the full path and name of that directory.
To repopulate the list of connectors in the Connector List list, click Refresh.
From the Connector List list, select the connector that you want to install.
Click Load.
To start the installation process, click Continue.
You can ignore the messages that are displayed after the process is completed.
Click Finish.
Restart Oracle Identity Manager.
Table 2-2 lists the provider files and their destination directories on Oracle Identity Manager.
Note:
If you are using Oracle Identity Manager release 9.1.0.x, then the provider files must be manually copied to the destination directories. On Oracle Identity manager release 11.1.x, when you install the connector, the provider files are automatically copied to the destination directories. Additionally, you must manually copy the lib/DatabaseApplicationTables.jar file to the OIM_HOME/server/JavaTasks directory.Table 2-2 Provider Files for the Connector
File in the Installation Media Directory | Description | Destination Directory on OIM 9.1.0.x | Destination Directory on OIM 11.1.x |
---|---|---|---|
lib/DatabaseApplicationTables.jar |
This file contains the code implementation of all the providers. |
OIM_HOME/xellerate/JavaTasks |
|
Files in the ProviderDefinitions directory
|
Each XML file in this directory contains the definition of one of the predefined providers. |
OIM_HOME/xellerate/GTC/ProviderDefinitions |
/db/GTC/ProviderDefinitions location in MDS |
Files in the resources directory |
Each of these resource bundles contains language-specific information that is used by the connector. Note: A resource bundle is a file containing localized versions of the text strings that include GUI element labels and messages. |
OIM_HOME/xellerate/connectorResources |
Oracle Identity Manager database |
Note:
Perform the instructions described in this section only if both conditions are true:You are using Oracle Identity Manager release 11.1.2.x.
Oracle Identity manager 11.1.2.x is running on IBM WebSphere Application Server.
The following procedure is a prerequisite for creating the connector:
Stop the IBM WebSphere Application Server.
Copy the commons-pool-1.2.jar file from oim.ear/xlWebApp.war/WEB-INF/lib/ directory to the oim.ear/APP-INF/lib directory.
Restart IBM WebSphere Application Server.
Configuring the target system involves performing the following optional procedures:
Note:
This is an optional procedure. Perform this procedure only if the target system is composed of read-only views.Provisioning involves updating data stored in the target system. If the target system is composed of read-only views, then you must create INSTEAD OF triggers to enable modification of the read-only views during provisioning operations. For information about creating INSTEAD OF triggers, refer to the documentation for the target system database.
Note:
This is an optional procedure. Perform this procedure only if you are creating a connector for target resource reconciliation.When you start creating the connector by using the Administrative and User Console, the ID field is added by default to the OIM - Account data set. Database Application Tables connectors do not need to use this field. If the target system were to contain a column named ID, then that column would overwrite the default ID field and the connector would not be created correctly. As a workaround, you can create a view based on the table and provide a different name for the column named ID.
Note:
This is an optional procedure. Perform this procedure on an Oracle database table only if you want an autoincrementing primary key.At any time after creating the Oracle database table, you can set up an autoincrementing primary key column for that database table. To set the autoincrementing primary key, create a sequence, and then create a trigger that inserts a unique autogenerated number in the primary key field while inserting a new record into the parent table. The following is a trigger that you can use:
CREATE OR REPLACE TRIGGER trigger_name BEFORE INSERT ON table_name FOR EACH ROW BEGIN SELECT sequence_name.nextval INTO :new.primaty_Key_column_name FROM DUAL; END;
Oracle Identity Manager requires a target system user account to access target system tables during reconciliation and provisioning operations. You provide the credentials of this user account while configuring the IT Resource for the target system.
The target system user account for performing connector operations on database tables must have the following permissions:
For provisioning operations: The user account must have permissions to perform select, insert, update, and delete operations on the tables to be managed by this connector.
For reconciliation: The user account must have permissions to run Select statements on the tables that must be managed by this connector.
Note:
It is recommended that you perform the procedure described in this section to secure communication between the target system and Oracle Identity Manager.The procedure to secure communication depends on the database that you are using:
Configuring Secure Communication Between IBM DB2/UDB and Oracle Identity Manager
Configuring Secure Communication Between Microsoft SQL Server and Oracle Identity Manager
Configuring Secure Communication Between MySQL and Oracle Identity Manager
Configuring Secure Communication Between Oracle Database and Oracle Identity Manager
Note:
IBM DB2/UDB version 9.1 Fix Pack 2 and later support secure communication over SSL.SSL communication is not supported if IBM DB2/UDB is running on IBM z/OS. This has been mentioned in the "Known Issues, Workarounds, and Troubleshooting" chapter.
To configure secure communication between IBM DB2/UDB and Oracle Identity Manager:
Refer to IBM DB2/UDB documentation for information about enabling SSL communication between IBM DB2/UDB and a client system. In this context, the client is Oracle Identity Manager.
Export the certificate on the IBM DB2/UDB host computer.
Copy the certificate to the Oracle Identity Manager host computer.
Import the certificate into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificate into the truststore, run the following command:
..\..\bin\keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION
with the full path and name of the certificate file.
Replace ALIAS
with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD
with a password for the truststore.
Replace TRUSTSTORE_LOCATION
with one of the truststore paths from Table 2-4. This table shows the location of the truststore for each of the supported application servers.
Note:
In an Oracle Identity Manager cluster, you must import the file into the truststore on each node of the cluster.Table 2-3 Truststore Locations on Supported Application Servers
Application Server | Truststore Location |
---|---|
For Oracle Identity Manager release 9.1.0.x on Oracle WebLogic Server |
WEBLOGIC_HOME/java/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on IBM WebSphere Application Server |
WEBSPHERE_HOME/java/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on JBoss Application Server |
JAVA_HOME/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on Oracle Application Server |
ORACLE_HOME/jdk/jre/lib/security/cacerts |
For Oracle Identity Manager release 11.1.1 and 11.1.2.x on Oracle Application Server |
JAVA_HOME/jre/lib/security/cacerts |
To configure secure communication between Microsoft SQL Server and Oracle Identity Manager:
Refer to Microsoft SQL Server documentation for information about enabling SSL communication between Microsoft SQL Server and a client system. In this context, the client is Oracle Identity Manager.
Export the certificate on the Microsoft SQL Server host computer.
Copy the certificate to the Oracle Identity Manager host computer.
Import the certificate into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificate into the truststore, run the following command:
..\..\bin\keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION
with the full path and name of the certificate file.
Replace ALIAS
with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD
with a password for the truststore.
Replace TRUSTSTORE_LOCATION
with one of the truststore paths from Table 2-4. This table shows the location of the truststore for each of the supported application servers.
Note:
In an Oracle Identity Manager cluster, you must import the file into the truststore on each node of the cluster.Table 2-4 Truststore Locations on Supported Application Servers
Application Server | Truststore Location |
---|---|
For Oracle Identity Manager release 9.1.0.x on Oracle WebLogic Server |
WEBLOGIC_HOME/java/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on IBM WebSphere Application Server |
WEBSPHERE_HOME/java/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on JBoss Application Server |
JAVA_HOME/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on Oracle Application Server |
ORACLE_HOME/jdk/jre/lib/security/cacerts |
For Oracle Identity Manager release 11.1.1 and 11.1.2.x on Oracle Application Server |
JAVA_HOME/jre/lib/security/cacerts |
To configure secure communication between MySQL and Oracle Identity Manager:
See MySQL documentation for information about enabling SSL communication between MySQL and a client system. In this context, the client is Oracle Identity Manager.
Export the certificate on the MySQL host computer.
Restart the MySQL database service by using the certificate exported in the preceding step. See MySQL documentation for information on restarting the database service.
Copy the ca-cert.pem and client-cert.pem certificates to the Oracle Identity Manager host computer.
Import the certificates into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificates into the truststore, run the following command for each certificate:
keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION with the full path and name of the certificate file.
Replace ALIAS with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD with a password for the truststore.
Replace TRUSTSTORE_LOCATION with one of the truststore paths from Table 2-5. This table shows the location of the truststore for each of the supported application servers.
Note:
In an Oracle Identity Manager cluster, you must import the file into the truststore on each node of the cluster.Table 2-5 Truststore Locations on Supported Application Servers
Application Server | Truststore Location |
---|---|
For Oracle Identity Manager release 9.1.0.x on IBM WebSphere Application Server |
For any supported IBM WebSphere Application Server release, import the certificate into the following certificate store: WEBSPHERE_HOME/java/jre/lib/security/cacerts In addition to importing the certificate into the cacerts certificate store, you must import the certificate into one of the following certificate stores:
|
For Oracle Identity Manager release 9.1.0.x on JBoss Application Server |
JAVA_HOME/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on Oracle WebLogic Server |
|
For Oracle Identity Manager release 11.1.1and 11.1.2.x on Oracle WebLogic Server |
JAVA_HOME/jre/lib/security/cacerts |
To secure communication between Oracle Database and Oracle Identity Manager, you can perform either one or both of the following procedures:
Refer to Oracle Database Advanced Security Administrator's Guide for information about configuring data encryption and integrity.
Note:
Database Application Tables connectors do not support SSL communication between an Oracle Database target system and Oracle Identity Manager running on IBM WebSphere Application Server or Oracle Application Server. This is also mentioned in the "Known Issues, Workarounds, and Troubleshooting" chapter (see Bug 6696248).To enable SSL communication between Oracle Database and Oracle Identity Manager:
Refer to Oracle Database Advanced Security Administrator's Guide for information about enabling SSL communication between Oracle Database and Oracle Identity Manager.
Export the certificate on the Oracle Database host computer.
Copy the certificate to Oracle Identity Manager.
Import the certificate into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificate into the truststore, run the following command:
..\..\bin\keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION
with the full path and name of the certificate file.
Replace ALIAS
with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD
with a password for the truststore.
Replace TRUSTSTORE_LOCATION
with one of the truststore paths from Table 2-6. This table shows the location of the truststore for each of the supported application servers.
Note:
In an Oracle Identity Manager cluster, you must import the file into the truststore on each node of the cluster.Table 2-6 Truststore Locations on Supported Application Servers
Application Server | Truststore Location |
---|---|
For Oracle Identity Manager release 9.1.0.x on Oracle WebLogic Server |
WEBLOGIC_HOME/java/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on JBoss Application Server |
JAVA_HOME/jre/lib/security/cacerts |
For Oracle Identity Manager release 11.1.1 and 11.1.2.x on Oracle WebLogic Server |
JAVA_HOME/jre/lib/security/cacerts |
To configure secure communication between Sybase Adaptive Server Enterprise and Oracle Identity Manager:
Refer to Sybase Adaptive Server Enterprise documentation for information about enabling SSL communication between Sybase Adaptive Server Enterprise and a client system. In this context, the client is Oracle Identity Manager.
Export the certificate on the Sybase Adaptive Server Enterprise host computer.
Copy the certificate to the Oracle Identity Manager host computer.
Import the certificate into the JVM truststore of the application server on which Oracle Identity Manager is running.
To import the certificate into the truststore, run the following command:
..\..\bin\keytool -import -file FILE_LOCATION -keystore TRUSTSTORE_LOCATION -storepass TRUSTSTORE_PASSWORD -trustcacerts -alias ALIAS
In this command:
Replace FILE_LOCATION
with the full path and name of the certificate file.
Replace ALIAS
with an alias for the certificate.
Replace TRUSTSTORE_PASSWORD
with a password for the truststore.
Replace TRUSTSTORE_LOCATION
with one of the truststore paths from Table 2-7. This table shows the location of the truststore for each of the supported application servers.
Note:
In an Oracle Identity Manager cluster, you must import the file into the truststore on each node of the cluster.Table 2-7 Truststore Locations on Supported Application Servers
Application Server | Truststore Location |
---|---|
For Oracle Identity Manager release 9.1.0.x on Oracle WebLogic Server |
WEBLOGIC_HOME/java/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on IBM WebSphere Application Server |
WEBSPHERE_HOME/java/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on JBoss Application Server |
JAVA_HOME/jre/lib/security/cacerts |
For Oracle Identity Manager release 9.1.0.x on Oracle Application Server |
ORACLE_HOME/jdk/jre/lib/security/cacerts |
For Oracle Identity Manager release 11.1.1 and 11.1.2.x on Oracle WebLogic Server |
JAVA_HOME/jre/lib/security/cacerts |