4 Application Server Configuration

This chapter includes the steps required to configure the application server to run the Oracle Role Manager (Role Manager) server and Web application.

This chapter includes the following sections:

Before You Configure the Application Server
Configuring WebLogic Server
Configuring JBoss
Configuring IBM WebSphere

4.1 Before You Configure the Application Server

Role Manager is intended to be deployed on only one server platform per installation. The server platform can be one of the following:

Oracle WebLogic Server
JBoss
IBM WebSphere

The procedures in this chapter assume the following:

The application server system has network access to the database server host.
The Role Manager software is accessible by the application server system.
You know the application server's listener port and host name.
If running on WebSphere, a server, cell, and node to use for Role Manager have been created and configured.

4.2 Configuring WebLogic Server

You can configure WebLogic server in a clustered mode and a nonclustered mode. This section includes the following topics:

Configuring Oracle WebLogic Server in a Nonclustered Mode
Configuring Oracle WebLogic Server in a Clustered Mode

4.2.1 Configuring Oracle WebLogic Server in a Nonclustered Mode

You can configure the WebLogic server either manually or automatically, following an extension template. This section provides the information about automated configuration of WebLogic server. If you want to configure the WebLogic server manually, refer to Appendix A.

Note:

Before you run the automated configuration of WebLogic server, ensure that the WebLogic server is installed and the node manager is up and running. You can start the node manager by running the BEA_HOME/wlserver_10.3/server/bin/startNodeManager.sh script for Linux.

BEA_HOME/wlserver_10.3/server/bin/startNodeManager.cmd script for Microsoft Windows.

You must configure WebLogic server in SSL mode to operate in a secure environment. For information about configuring SSL for WebLogic server, refer to the following URL:

http://e-docs.bea.com/wls/docs103/secmanage/ssl.html

4.2.1.1 Configuring WebLogic Server

To perform the template based configuration of WebLogic server:

Run the configuration wizard in WebLogic server directory:

BEA_HOME\wlserver_10.3\common\bin\config.exe or config.sh
When the configuration wizard is displayed, select Create a new WebLogic Domain and click Next.
Select Base this domain on an existing templateORM and go to:

ORM_HOME/weblogic/templates/10.3/orm_createdomain_template_103.jar
Click Next.
In the Configure Administrator Username and Password window, type User Name and Password and then click Next.
Configure server start mode and JDK by performing the following steps:
1. On the left side of the window, select either Development Mode or Production Mode, based on your server configuration.
2. On the right side of the window, select Oracle SDK and click Next.
A message is displayed asking whether you want to customize any of the options mentioned. Select Yes.
Click Next.
In the Configure RDBMS Security Store Database window, select I don't want to change anything here and click Next.
In the Configure Administration Server window, set the Listen Address to a value appropriate to your setup such as, LocalHost, IP Address, DNS equivalent and Listen Port and then click Next.
In the Configure Managed Servers window, set the Listen Address to a value appropriate to your setup such as, LocalHost, IP Address, DNS equivalent and Listen Port and then click Next.
In the Configure Clusters window, click Next.
In the Configure Machines window:
- for UNIX machine, click the UNIX machine tab, the Oracle Role Manager machine name is auto populated. Click Next.
- for Windows machine, click the UNIX machine tab and delete the existing Oracle Role Manager machine name, ormMachine. On the Machine tab, click Add and then type Oracle Role Manager machine name, Node manager listen address, and Node manager listen port, and then click Next.
In the Assign servers to machines window, select AdminServer on the left window, click the right arrow and select ormMachine on the right window, and then click Next.
In the Configure Data Sources window, in both the ORM XA Data Source tab and the ORM Data Source tab, type the DBMS details such as Name, Host, Port, User Name, and Password and click Next.
Note:
If you are using RAC database, provide the following string while creating the data source:
```
jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=host1-vip)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=host2-vip)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=orcl.us.oracle.com)))
```
In the Review WebLogic Domain window, verify the details and click Next.
Click Create. The domain is created and the following are configured automatically:
1. Admin server is created.
2. Managed server for Oracle Role Manager is created.
3. Non-XA Data Source, Oracle Role Manager Data Source is created.
4. XA Data Source, Oracle Role Manager XA Data Source is created.
5. JMS Server, Oracle Role Manager JMSServer is created.
6. JMS Module, Oracle Role Manager JMSModule is created.
7. Subdeployment, Oracle Role Manager JMSSubdeployment is created.
8. Notification Topic, Oracle Role Manager NotificationTopic is created.
9. Queues, Oracle Role Manager FinisherQueue, Oracle Role Manager LoaderQueue, and Oracle Role Manager IncomingEventQueue are created.
Set up the Commons Logging by performing the steps described in "Setting Up Commons Logging"

Note:
You must restart both WebLogic Administration server and Oracle Role Manager server for the logging to take effect.
Start the server and log in to the WebLogic Admin Console.
Set the JTA transaction timeout parameter by performing the following steps:
1. In the domain tree, select Services, JTA.
2. In the Timeout Seconds field, type 1200.
3. In the Abandon Timeout Seconds field, ensure that the value is 86400.
4. Click Save.
Note:
The value of Abandon Timeout Seconds must always be greater than Timeout Seconds and Stuck Thread Max Time.
Set the Stuck Thread Max Time parameter by performing the following steps:
1. In the domain tree, select Environment, Servers, ORMServer.
2. Click the Tuning tab.
3. In the Stuck Thread Max Time field, type 3000.
4. Click Save.
Note:
The value of Stuck Thread Max Time must be at least twice that of the value of Timeout Seconds.
Configure the JMS Connection Factory by performing the following steps:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMS Module.
3. In the Name field, select ORM ConnectionFactory.
4. Select Default Targeting Enabled.
5. Click Save.
6. Click the Transactions tab, ensure that the XA Connection Factory Enabled field is selected and then click Save.
7. In the domain tree, select Services, Messaging, JMS Modules.
8. Click ORM JMS Module.
9. In the Name field, select Finalization ORM ConnectionFactory.
10. Select Default Targeting Enabled.
11. Click Save.
12. Click the Transactions tab, ensure that the XA Connection Factory Enabled field is selected and then click Save.
In the domain tree, select Environment, Servers, ORM Server and navigate to the Control tab and click Start to start the managed server.

Note:
You must start node manager before starting the managed server.
Click Deployment to start the Role Manager applications and perform the steps described in the "Deploying Role Manager".

4.2.2 Configuring Oracle WebLogic Server in a Clustered Mode

This section explains how to deploy Oracle Role Manager in a clustered Oracle WebLogic Server environment.

This section discusses the following topics:

About Oracle WebLogic Server Clusters
Configuring WebLogic 10.3 Clusters
Configuring Apache Failover Proxy

4.2.2.1 About Oracle WebLogic Server Clusters

A clustered installation requires multiple host computers. The instructions in this chapter involve deployment and running of Oracle Role Manager on three host computers. These instructions assume that you have three computers, of which one is used to host the Web server and the other two are used for Oracle Role Manager cluster.

Table 4-1 describes the entities needed for a cluster, the computers that the entities run on, and the software required for the entities. Host computers and entities are labeled.

Table 4-1 WebLogic-Based Oracle Role Manager Cluster Host Computers

Host Computers	Entities	Software	Description
Admin Server, Finalization Server and Managed Server1	WebLogic Admin Server, WebLogic Finalization Server, and WebLogic Node Manager	WebLogic Server	Administrative server for the WebLogic domain, Finalization Server and WebLogic Managed Servers
	ORM_SERVER1	Oracle Role Manager	Part of ORM_CLUSTER
	ORM_CLUSTER	Oracle Role Manager	Name of the WebLogic cluster that hosts Oracle Role Manager (logical entity).
Managed Server2	ORM_SERVER2	Oracle Role Manager	WebLogic Managed Server 2
	WebLogic Node Manager		Part of ORM_CLUSTER
	ORM_CLUSTER		Name of the WebLogic cluster that hosts Oracle Role Manager (logical entity).
Web Server	Apache Web Server	Apache HTTP Server 2.2 with WebLogic 10.3 Apache plugin	Apache Failover Proxy

Caution:

Deploying an application in a clustered installation is a complex procedure. This document assumes that you have expertise in installing and running applications on an Oracle WebLogic Server cluster. This chapter provides Oracle Role Manager-specific information only. It does not cover the procedure to set up an Oracle WebLogic Server cluster. For more information about clustering, refer to Oracle WebLogic Server documentation.

4.2.2.2 Configuring WebLogic 10.3 Clusters

The instructions mentioned in this section are for installing Role Manager in a WebLogic cluster of two machines with two Role Manager servers, one Admin Server and one finalization server. Therefore there are four servers, first machine hosts Admin, Finalization, and Managed Server1 and the second machine hosts Managed Server2. In addition, the data store for the queues are going to be database-based and not file-based.

To configure WebLogic 10.3 in a cluster mode:

On the primary node, complete the single instance of WebLogic server 10.3 configuration, install and deploy Role Manager, load sample data, and ensure that the server is running. Refer to "Configuring Oracle WebLogic Server in a Nonclustered Mode" for instructions on configuring the WebLogic server 10.3. The following are the configuration details for the primary node:

Host: PRIMARY_NODE

Machine: ORM_Machine

BEA_Home: BEA_HOME

WLS_HOME: WLS_HOME

DOMAIN_HOME: DOMAIN_HOME

ADMIN_PORT: ADMIN_PORT

ORM server: ORMServer

ORM server Port: ORMServer_Port (9001)

Node_manager Port: NODE_MANAGER_PORT (5556, ssl)

To control your Managed Servers remotely from the Administrative Server, you must set up and configure Node Manager on each of the remote systems hosting Managed Servers by following the instructions on the BEA e-docs page: http://e-docs.bea.com/wls/docs103/nodemgr/nodemgr_config.html

On each remote computer, on which BEA WebLogic Server is installed and Managed Servers are configured, edit the nodemanager.hosts file and specify the IP address/DNS Name (set ReverseDnsEnabled=true in the nodemanager.properties file to use DNS name) of the Administrative Server host.

Note:
After installing BEA WebLogic Server, you must start (or restart) the Node Manager to generate the initial nodemanager.hosts file.

The default location of the nodemanager.hosts and nodemanager.properties files is:

For Microsoft Windows:

BEA_HOME\wlserver_10.3\common\nodemanager

For UNIX:

BEA_HOME/wlserver_10.3/common/nodemanager
Install WebLogic 10.3 on a secondary node.
Start the node manager on both the nodes.
Log in to the admininistrative server on the primary node.
Shutdown ORMServer on the primary node as follows:
1. In the domain tree, select Environment, Servers.
2. Click the Control tab.
3. Select ORM Server and then click Shutdown.
Create a Machine, for example, ORM_Machine1 for the secondary node as follows:
1. In the domain tree, select Environment, Machines.
2. Click New.
3. In the Name field, type ORM_Machine1.
4. Click OK.
Configure the machine to access Node Manager on secondary machine as follows
1. In the domain tree, select Environment, Machines.
2. Click on the machine that you created, for example, ORM_Machine1.
3. Click the Node Manager tab.
4. In the Listen Address field, type the IP address of the secondary node and click Save.
Create a server, for example, ORMServer1 which uses the port, for example, ORMServer_Port1(7071) as follows:
1. In the domain tree, select Environment, Servers.
2. Click New.
3. In the Server Name field, type ORM_Server1.
4. In the Server Listen Port field, type 7071.
5. Click Finish.
Ensure that ORMServer1 is assigned to ORM_Machine1 as follows:
1. In the domain tree, select Environment, Machines, ORM_Machine1, Node Manager.
2. Check whether the IP address is same as the secondary node.
3. Click the Servers tab and select Add.
4. Select Select an existing server, and associate it with this machine and from the Select a server list, select ORMServer1.
5. Click Next and then click Finish.
The following are the configuration details of the secondary node:

Host: SECONDARY_NODE

Machine: ORM_Machine1

BEA_Home: BEA_HOME1

WLS_HOME: WLS_HOME1

DOMAIN_HOME: No domain yet

ADMIN_PORT: No admin server on seconday node

ORM server: ORMServer1

ORM server Port: ORMServer_Port1 (7071)

Node_manager Port: NODE_MANAGER_PORT1 (5556, ssl)
Create cluster as follows:
1. In the domain tree, select Environment, Clusters.
2. Click New.
3. In the Name field, type ORMCluster.
4. Click OK.
5. In the domain tree, select Environment, Clusters.
6. Click ORMCluster.
7. Click Configuration tab and then click Servers tab.
8. Click Add to add a server to cluster.
9. Select the server, ORM_Server and click Finish.
10. Repeat the steps e to i and select the second server, ORM_Server1.
Configure the JDBC data sources as follows:
1. In the domain tree, select Environment, Services.
2. In the Summary of Services section, select JDBC, Data Sources.
3. Click ORM Data Source.
4. Click the Targets tab.
5. Select ORMCluster, All servers in the cluster.
6. Click Save.
7. Repeat the steps a to f for ORM XA Data Source, except that in the Step c, click ORM XA Data Source.
Create a JDBC Store as follows:
1. In the domain tree, select Services.
2. Click Persistent Stores.
3. Click New and select Create JDBC Store from the list.
4. In the Name field, type JDBCStore.
5. In the Target field, select ORMServer.
6. In the DataSource field, select ORM Data Source.
7. In the Prefix Name field, type jdbcstore.
8. Click OK.
Create another JDBC Store as follows:
1. In the domain tree, select Services.
2. Click Persistent Stores.
3. Click New and select Create JDBCStore from the list.
4. In the Name field, type JDBCStore1.
5. In the Target field, select ORMServer1.
6. In the DataSource field, select ORM Data Source.
7. In the Prefix Name field, type jdbcstore1.
8. Click OK.
Create a JMS server for the secondary node as follows:
1. In the domain tree, select Services, Messaging.
2. Click JMS Servers, ORM JMSServer.
3. In the Persistent Store field, select JDBCStore.
4. click Save.
Create another JMS server in the secondary node as follows:
1. In the domain tree, select Services, Messaging.
2. Click JMS Servers, ORM JMSServer.
3. Click New.
4. In the Name field, type ORM JMSServer1.
5. In the Persistent Store field, select JDBCStore1 and then click Next.
6. In the Target field, select ORMServer1.
7. Click Finish.
Configure JMS Modules as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Click the Targets tab.
4. Select ORMCluster, All servers in the cluster.
5. Click Save.
Create a Subdeployment as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Click the Subdeployments tab.
4. Click New.
5. In the Subdeployment Name field, type ORM JMSSubdeployment1.
6. Click Next and select ORM JMSServer1 as the target server.
7. Click Finish.
Create a second Subdeployment as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Click the Subdeployments tab.
4. Click New.
5. In the Subdeployment Name field, type cf-sub.
6. Click Next and select ORMCluster, All servers in the cluster.
7. Click Finish.
Create JMS Topics and Queues using Distributed Option as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Select ORM NotificationTopic, ORM FinisherQueue, ORM LoaderQueue, ORM IncomingEventQueue.
4. Click Delete.
Recreate the Oracle Role Manager NotificationTopic as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Click New.
4. Select Distributed Queue.
5. In the JNDI Name field, type orm/topic/NotificationTopic.
6. Click Save.
Recreate the Oracle Role Manager LoaderQueue as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Click New.
4. Select Distributed Queue.
5. In the JNDI Name field, type orm/queue/LoaderQueue.
6. Click Save.
Recreate the Oracle Role Manager IncomingEventQueue as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Click New.
4. Select Distributed Queue.
5. In the JNDI Name field, type orm/queue/IncomingEventQueue.
6. Click Save.
Create a server, ORMFinalizationServer as follows:

Note:
The new server can be in a different domain, or in the same domain, but not in the cluster.
1. In the domain tree, select Environment, Servers.
2. Click New.
3. In the Server Name field, type ORMFinalizationServer.
4. In the Server Listen Port field, type 7074.
Configure a machine for the Oracle Role Manager FinalizationServer as follows:
1. In the domain tree, select Environment, Servers.
2. Click ORMFinalizationServer.
3. Click Machine and select the host computer on which the server is run.
Create a JMS Server as follows:
1. In the domain tree, select Services, Messaging.
2. Click JMS Servers.
3. Click New.
4. In the Name field, type FinalizationJMSServer.
5. Click Next.
6. In the Target field, type ORMFinalizationServer.
7. Click Finish.
Create a JMS module as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click New.
3. In the Name field, type FinalizationJMSModule.
4. Click Next.
5. In the Target field, type ORMFinalizationServer.
6. Click Finish.
Create a Subdeployment in the JMS module as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click FinalizationJMSModule.
3. Click the Subdeployments tab.
4. Click New.
5. In the Subdeployment Name field, type ORM Subdeployment.
6. Click Next and select FinalizationJMSServer as the target server.
7. Click Finish.
Create a connection factory as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click FinalizationJMSModule.
3. Click New.
4. Select Connection Factory and click Next.
5. In the Name field, type Finalization ORM ConnectionFactory and click Next.
6. In the JNDI Name field, type orm/remote/jms/FinalizationConFac.
7. Click Next and then click Finish.
8. Click Finalization ORM ConnectionFactory.
9. Click the Transactions tab.
10. Select XA Connection Factory Enabled.
11. Click Save.
Create a queue as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click FinalizationJMSModule.
3. Click New.
4. Select Queue and click Next.
5. In the Name field, type ORM FinalizationQueue.
6. In the JNDI Name field, type orm/remote/queue/BtFinisherQueue.
7. Click Next.
8. In the Subdeployments field, select ORM JMSSubdeployment.
9. Click Finish.
Change the configuration of Oracle Role Manager Data Source to target ORMFinalizationServer as follows:
1. In the domain tree, select Environment, Services, JDBC, Data Sources.
2. Click ORM Data Source.
3. Click the Targets tab.
4. Select ORMFinalizationServer, and ensure that ORMCluster is selected.
5. Click Save.
Create a JDBC Store as follows:
1. In the domain tree, select Services, JDBC, Persistent Stores.
2. Click Persistent Stores.
3. Click New and select Create JDBCStore from the list.
4. In the Name field, type ORMJDBCStoreF.
5. In the Target field, select ORMFinalizationServer.
6. In the DataSource field, select ORM Data Source.
7. In the Prefix Name field, type ORMF.
8. Click OK.
Create a foreign server as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Click New.
4. Select Foreign Server and click Next.
5. In the Name field, type FinalizationServer and click Next.
6. Click Finish.
7. Click FinalizationServer.
8. In the JNDI Initial Context Factory field, type weblogic.jndi.WLInitialContextFactory.
9. In the JNDI Connection URL field, type t3://machine_name:7074.
  
  Note:
  The machine_name is the name of the machine where ORMFinalizationServer is deployed.
10. Select Default Targeting Enabled.
11. Click Save.
12. Click the Destinations tab and click New.
13. In the Name field, type ORM FinalizationQueue.
14. In the Local JNDI Name field, type orm/queue/BtFinisherQueue.
15. In the Remote JNDI Name field, type orm/remote/queue/BtFinisherQueue.
16. Click OK.
17. Click the Connection Fatories tab and click New.
18. In the Name field, type ORM Finalization ConnectionFactory.
19. In the Local JNDI Name field, type orm/jms/FinalizationConFac.
20. In the Remote JNDI Name field, type orm/remote/jms/FinalizationConFac.
21. Click OK.
Configure the connection factory as follows:
1. In the domain tree, select Services, Messaging, JMS Modules.
2. Click ORM JMSModule.
3. Click ORM ConnectionFactory.
4. Deselect Default Targeting Enabled.
5. Click Save.
6. Click Subdeployment tab.
7. In the Subdeployment field, select cf-sub and click Save.
Change the deployed applications (ORMServerApp and webui) to All servers in the cluster as target.
Pack/unpack the domain to secondary node as follows:

Note:
Ensure that all server node managers are running while performing the following steps.
1. On primary node, run the following command:
```
>cd <WLS_HOME>/common/bin
>pack.cmd -domain=$DOMAIN_HOME -template=/tmp/template_x.jar -template_name="template_x" -managed=true
```
2. Copy template_x.jar to secondary node.
  
  On secondary node, run the following command:
```
>cd $WLS_HOME/common/bin
>unpack.cmd -template=??/template_x_orm.jar -domain=$DOMAIN_HOME
```
Configure SSL as follows:
1. In the domain tree, select Environment, Servers.
2. Click AdminServer(admin).
3. Click the SSL tab.
4. Click Advanced.
5. In the Hostname Verification field, select None.
6. Repeat Steps a to e for ORMFinalization Server, ORMServer, and ORMServer1.
  
  Note:
  You must perform this step only when there is a certificate failure error.

Note:

Start ORMFinalizationServer before starting the Managed Server.
If you are starting ORMServer1 for the first time, you must start it manually once using the following command from:
```
startManagedWebLogic.sh ORMServer1 http://primary_node:adminport
```

4.2.2.3 Configuring Apache Failover Proxy

To configure Apache failover proxy:

Install Apache HTTP server 2.2.
Download the weblogic apache plugin from:

http://www.oracle.com/technology/products/weblogic/index.html
Unzip and copy:

win/mod_wl_22.so to apache_home/modules directory

Add the following to httpd.conf file:

LoadModule weblogic_module modules/mod_wl_22.so
 
<IfModule mod_weblogic.c>
  WebLogicCluster node1_ip:port,node2_ip:port
</IfModule>
 
<Location /webui>
  SetHandler weblogic-handler
</Location>
 
<Location /ormconsole>
  SetHandler weblogic-handler
</Location>

Restart Apache and all weblogic servers.

You must be able to access webui and console at:

http://myApacheServer/webui

http://myApacheServer/ormconsole

4.3 Configuring JBoss

This procedure assumes that JBoss is installed on the application server host for Role Manager.

You must configure JBoss server in SSL mode to operate in a secure environment. For information about configuring SSL for JBoss server, refer to the following URL:

http://docs.jboss.org/jbossas/guides/webguide/r2/en/html_single/#ch9.https.sec

To configure JBoss for Role Manager

Copy the orm-ds.xml and orm-service.xml files from:
```
<ORM_install>/samples/jboss/4.2.3
```
to the JBoss server where you want to deploy Role Manager. For example:
```
<JBOSS_HOME>/server/default/deploy
```

Include the following connection strings in orm-ds.xml file:

If you are using Oracle RAC database:

<connection-url>jdbc:oracle:thin:@(DESCRIPTION = (ADDRESS = (PROTOCOL =
TCP)(HOST = host1-vip)(PORT = 1521))(ADDRESS = (PROTOCOL = TCP)(HOST =
host2-vip)(PORT = 1521))(LOAD_BALANCE = yes)(CONNECT_DATA = (SERVER =
DEDICATED)(SERVICE_NAME = db-service)))</connection-url>

If you are not using Oracle RAC database:

<connection-url>jdbc:oracle:thin:@//SERVER_NAME:1521/SERVICE_NAME</connection-url>

Set the session ID to false in the following path:

JBOSS_HOME/server/default/deploy/jboss-web.deployer/server.xml file
setting emptySessionPath="false" for the HTTP/1.1 Connector

Set the JTA transaction timeout parameter by performing the following steps:
1. Open the jboss-service.xml file from the following path:
```
%JBOSS_HOME%/server/default/conf/jboss-service.xml file
```
2. Locate the configuration for mbean with the name, "jboss:service=TransactionManager".
3. Change the TransactionTimeout attribute value to 1200:
```
<attribute name="TransactionTimeout">1200</attribute>
```
  Note:
  For more information about the JBoss Application Server, refer to the following link:
  http://www.jboss.org/docs/
Encrypt the password of the Role Manager application user defined in "Creating the Role Manager Users" (refer to Section 4.3.1 for instructions).
Edit the orm-ds.xml file as follows:
1. Change the two occurrences of connection-url to match your database environment:
```
<connection-url>jdbc:oracle:thin:@//SERVER_NAME:PORT/SERVICE_NAME</connection-url>
```
2. Change the two occurrences of user-name and password to match the credentials of the Role Manager application user with the newly encrypted password:
```
<user-name>USER_NAME</user-name>
<password>PASSWORD</password>
```
  Note:
  This step is optional. Perform this step for development or non-production environments, where password encryption is not needed.
Copy the server.ear file from <ORM_install>/lib to the JBoss directory used above.
Copy the webui.war file from <ORM_install>/webui/jboss/4.2.3 to the JBoss directory used above.
If JBoss is not already running, start the JBoss server using the following command:

For UNIX-based systems:
```
<JBoss Install Location>/bin/run.sh
```
For Windows systems:
```
<JBoss Install Location>\bin\run.bat
```
To test the server installation, ensure that you can get to the Role Manager administrative console from a Web browser. For example:
```
http://localhost:8080/ormconsole
```
To test the Role Manager Web application installation:
1. In a Web browser, navigate to the Role Manager Web UI. For example:
```
http://localhost:8080/webui
```
2. Log in as the Role Manager Administrator created in "Installing Role Manager"
  
  You should be able to see the Home page of the Role Manager Web application.
Note:
Data must be loaded into the system to expose all the functionality of the application. Refer to "Loading Standard and Sample Data" for instructions.

4.3.1 Encrypting the Role Manager Database Password

This section describes how to encrypt the Role Manager database password in JBoss application server deployments. Specifically, you must perform the following steps to manually encrypt a password, and then modify the orm-ds.xml and login-config.xml files so that they can access the encrypted form of the password instead of the clear text version.

To encrypt the Role Manager database password:

Open a console window and navigate to the JBOSS_HOME directory.
Stop the JBoss server.

Run one of the following commands to encrypt the Role Manager database password. In this command, replace password with the actual password that you want to encrypt.

For UNIX-based systems:

java -cp "$JBOSS_HOME/lib/jboss-jmx.jar:$JBOSS_HOME/lib/jboss-common.jar:$JBOSS_HOME/server/default/lib/jboss-jca.jar:$JBOSS_HOME/server/default/lib/jbosssx.jar" org.jboss.resource.security.SecureIdentityLoginModule password

For Windows systems:

java -cp "%JBOSS_HOME%/lib/jboss-jmx.jar;%JBOSS_HOME%/lib/jboss-common.jar;%JBOSS_HOME%/server/default/lib/jboss-jca.jar;%JBOSS_HOME%/server/default/lib/jbosssx.jar"org.jboss.resource.security.SecureIdentityLoginModule password

This command returns an encoded form of the password you specify. For example, the password Welcome1 is encoded as 3146f9cc50afd6a6df8592078de921bc.

Highlight and copy the encoded password to paste later in the JBoss application policy element definitions.
Open the JBOSS_HOME/server/default/deploy/orm-ds.xml file in a text editor.
Delete the <user-name> and <password> elements from the <no-tx-datasource> element.
Add the following <security-domain> element to the end of the <no-tx-datasource> element:
```
<security-domain>EncryptDBPassword</security-domain>
```
Delete the <user-name> and <password> elements from the <local-tx-datasource> element.
Add the following <security-domain> element to the end of the <local-tx-datasource> element:
```
<security-domain>EncryptXADBPassword</security-domain>
```
Save and close the orm-ds.xml file.
Open the JBOSS_HOME/server/default/conf/login-config.xml file in a text editor.

Add the following to <application-policy> element at the end of the <policy> element while replacing datasource_username with the data source user name and encoded_password with the encoded password you copied in step 3:

<application-policy name = "EncryptXADBPassword">
 <authentication>
  <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
    <module-option name = "username">datasource_username</module-option>
    <module-option name = "password">encoded_password</module-option>
    <module-option name = "managedConnectionFactoryName">
      jboss.jca:service=LocalTxCM,name=ORMServerXADS</module-option>
  </login-module>
 </authentication>
</application-policy>

<application-policy name = "EncryptDBPassword">
 <authentication>
  <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
    <module-option name = "username">datasource_username</module-option>
    <module-option name = "password">encoded_password</module-option>
    <module-option name = "managedConnectionFactoryName">jboss.jca:service=NoTxCM,name=ORMServerDS</module-option>
  </login-module>
 </authentication>
</application-policy>

Save and close the login-config.xml file.

4.3.2 Configuring Data Upload Size Limit

You can upload a DAR file to load data of maximum size one byte into the system. If you try to load data larger than this maximum upload size, you get an error message. You can configure the maximum data upload size limit to a higher or lower value than the default settings.

To configure the data upload size limit:

Edit the config file:

For UNIX-based systems:

JBOSS_HOME/bin/run.sh

For Windows systems:
```
JBOSS_HOME/bin/run.bat
```

Add the following argument to JAVA OPTS:

-Doracle.iam.rm.loader.max_upload_size=<new_value>

4.4 Configuring IBM WebSphere

This procedure assumes that a WebSphere application server profile has been created for Role Manager with a host alias set for port access to Role Manager.

Note:

During profile creation, you must select the option to enable administrative security.
When configuring WebSphere, it is recommended that you save your settings after every task.

You must configure IBM WebSphere server in SSL mode to operate in a secure environment. For information about configuring SSL for WebSphere server, refer to the following URL:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.ihs.doc/info/ihs/ihs/welc6topsecureihs.html

This section includes the following subsections:

Creating a Non-Administrative Server for Deploying Oracle Role Manager
Configuring WebSphere to Use a Non-Default HTTP Port
Configuring JDBC Providers
Reconfiguring JDBC Providers
Creating the Role Manager Database Credentials
Configuring the Non-XA Data Source
Configuring the Transaction (XA) Data Source
Configuring the JMS messaging buses
Configuring Bus Destinations
Configuring JMS Queue Connection Factories
Configuring the JMS Topic Connection Factory
Configuring JMS Queues
Configuring the JMS Notification Topic
Configuring JMS Activation Specifications
Securing the WebSphere Installation/Console
Creating a Custom User
Creating Alias for Custom User
Configuring Connection Factory Authentication
Configuring Activation Specification Authentication
Securing the Message Bus
Configuring Data Upload Size Limit
Increasing the Transaction Timeout
Deploying Role Manager Server
Deploying the Role Manager Web Application

4.4.1 Creating a Non-Administrative Server for Deploying Oracle Role Manager

Oracle recommends you to deploy the Oracle Role Manager system on a non-administrative server.

To create a non-administrative server:

Run the following command:
```
[WebSphere Install Dir]/AppServer/profiles/[Profile name]/bin/wsadmin.bat
```
Note:
You must ensure that the WebSphere server is running before performing this step.

On the wsadmin prompt (wsadmin>), enter the following commands:
```
$AdminTask createApplicationServer <Websphere Node Name> { -name orm -templateName default }
$AdminConfig save
quit
```
Note:
The node name specified in the first command must be same as the node name of the administrative server that gets created by default, for example server1. You can find out the node name on the admin console by going to Servers, Application Servers.

4.4.2 Configuring WebSphere to Use a Non-Default HTTP Port

If you are deploying the system on a non-administrative server, then perform the following steps:

To configure the WebSphere application server to use a non-default port:

If not already on the WebSphere administrative console, in a Web browser, type the URL, for example:

http://<appserverhost>:9060/ibm/console
Select Environment, Virtual Host, default_host, Host Aliases and then click New.
In the Host Name field, type *.
In the Port field, enter the HTTP port number of the non-admin server on which Oracle Role Manager is deployed, for example 9081.
Click OK.

4.4.3 Configuring JDBC Providers

To configure the transaction (XA) and non-transaction JDBC providers:

If not already on the WebSphere administrative console, in a Web browser, type the URL, for example:

http://<appserverhost>:9060/ibm/console
In the administrative console, go to Resources, JDBC, JDBC Providers.
Select the cell scope from the Scope list, and then click New to create the XA JDBC provider.
Select Oracle as the database type.
Select Oracle JDBC Driver as the provider type.
Select XA datasource as the Implementation type, and then click Next.
In the Directory location field, type the full path to the JDBC drivers, for example, <ORM_Install>/lib, and then click Next.

Note:
You must use "/" to specify the path.
Click Finish.
Click New to create the non-XA JDBC provider.
Select Oracle as the database type.
Select Oracle JDBC Driver as the provider type
Select Connection pool data source as the Implementation type, and then click Next.
Ensure that the value in the Directory location field is correct, and then click Next.
Click Finish.

4.4.4 Reconfiguring JDBC Providers

This section is applicable only when you are using Oracle 11g JDBC driver (ojdbc5.jar) to connect to oracle 11g database.

Oracle recommends you to use ojdbc5.jar when configuring Oracle Role Manager with Oracle11g database. WebSphere Application Server by default creates Oracle JDBC providers using the Oracle 10g JDBC driver (ojdbc14.jar). In the administrative console, the wizard for creating new data sources does not allow you to change the name of the jar file. For example, you cannot change the entry from ojdbc14.jar to ojdbc5.jar. For more information about JDBC providers, refer to the following link:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rdat_minreqoracle.html

After you create the JDBC provider using the wizard, modify it to change the class path entry to reflect the location of ojdbc5.jar as follows:

To reconfigure the JDBC providers:

This procedure assumes that you have already performed the steps mentioned in "Configuring JDBC Providers".

If not already on the WebSphere administrative console, in a Web browser, type the URL, for example: http://<appserverhost>:9060/ibm/console.
In the administrative console, go to Resources, JDBC, JDBC Providers.
Select the cell scope from the Scope list, and then click on JDBC provider, Oracle JDBC Driver.
In the Class path field, type the full path of the JDBC drivers ojdbc5.jar, for example, <ORM_Install>/lib/ojdbc5.jar.
Click Apply.
Click Save.

Note:
You must use "/" to specify the path and ensure that ojdbc5.jar file is copied from Oracle DB install to <ORM_Install>/lib.
Repeat the steps from 2 to 6 for the JDBC provider, Oracle JDBC Driver (XA).

Note:
You must execute these steps before creating any data sources as mentioned in "Configuring the Non-XA Data Source" and "Configuring the Transaction (XA) Data Source". If the data sources are already created, then you must recreate after deleting them.

4.4.5 Creating the Role Manager Database Credentials

To create the Role Manager Database Alias:

Go to Security, Secure administration, applications, and infrastructure.
In the Authentication area, select Java Authentication and Authorization Service and then click the J2C authentication data link.
Click New.
Type a name for the alias, for example, ORM Database to identify the Role Manager database.
Type the user ID and password for the Role Manager application user as specified in "Creating the Role Manager Users".
Click OK.

4.4.6 Configuring the Non-XA Data Source

To configure the non-XA data source and credentials:

Go to Resources, JDBC, Data sources.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
In the Data source name field, type a name for the non-XA data source, for example, ORM Non-XA Data source.
In the JNDI name field, type orm/jdbc/ORMServerDS, and then click Next.
Choose an existing JDBC provider and select the non-XA JDBC provider you created in the Step 9 of "Configuring JDBC Providers", for example, Oracle JDBC Driver, and then click Next.
In the URL field, type the JDBC connection URL:

jdbc:oracle:thin:@<server>[:<port>]:<database_name>

For example:

jdbc:oracle:thin:@localhost:1521:orcl
Select Oracle10g data store helper from the list, and then click Next.

Note:
You must use Oracle11g data store helper for Oracle 11g database.
Click Finish.

The non-XA data source for Role Manager should appear in the list.
Click the name of the new non-XA data source to display details.
In the Container-managed authentication alias list, select the database alias created in the Step 4 of "Creating the Role Manager Database Credentials" and then click Apply.

The reference to this option being deprecated can be ignored.
On the same page, in the Additional Properties section, click Connection Pool Properties and set the Maximum connections to 30.
Click OK.

4.4.7 Configuring the Transaction (XA) Data Source

To configure the XA data source:

Go to Resources, JDBC, Data sources.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
In the Data source name field, type a name for the XA data source, for example, ORM XA Data source.
In the JNDI name field, type orm/jdbc/ORMServerXADS, and then click Next.
Choose an existing JDBC provider and select the XA JDBC provider that you created in "Configuring JDBC Providers", for example, Oracle JDBC Driver (XA), and then click Next.
In the URL field, type the JDBC connection URL:

jdbc:oracle:thin:@<server>[:<port>]:<database_name>

For example:

jdbc:oracle:thin:@localhost:1521:orcl
Select Oracle10g data store helper from the list, and then click Next.

Note:
You must use Oracle11g data store helper for Oracle 11g database.
Click Finish.

Both the new XA data source and non-XA data source for Role Manager must appear in the list.
Click the name of the XA data source to display details.
In the Container-managed authentication alias list, select the database alias created in "Creating the Role Manager Database Credentials", and then click Apply.

The reference to this option being deprecated can be ignored.
On the same page, in the Additional Properties section, click Connection Pool Properties and set the Maximum connections to 30.
Click OK.

4.4.8 Configuring the JMS messaging buses

To configure the JMS messaging buses:

Select Service integration, Buses, and then click New.
Type a name for the Role Manager bus, such as ORM Bus, and deselect the Bus security check box, and then click Next.
Click Finish.
Click New to create the finalization bus.
Type a name for the finalization bus, such as ORM Finalization Bus, and deselect the Bus security check box, and then click Next.
Note:
- If you do not set the name to "ORM Finalization Bus", you must provide the "oracle.iam.rm.finalization.WebSphereFinalizationBusName" system property with the name that you use.
- If you want to use a different name for the finalization bus, you must follow the Step 6 to set the WebSphereFinalizationBusName property. Otherwise, skip the next step.
If you use a name other than ORM Finalization Bus:
1. Select Servers, Application Servers.
2. Click the server on which Role Manager is installed.
3. In the Server Infrastructure section, click Java and Process Management, Process Definition.
4. Click Java Virtual Machine.
5. Click Custom Properties.
6. Click New.
7. In the Name field, type the following text:
```
oracle.iam.rm.finalization.WebSphereFinalizationBusName
```
8. In the Value field, type the name you set for the finalization bus.
9. Click OK.
10. Click Finish.
Add the server to each of the newly created buses as follows:
1. Click the bus link, and then click Bus members.
2. Click Add.
3. Select the server to use for Role Manager, and then click Next.
4. In the Select the type of message store list, select File Store, click Next, and then click Next again.
5. Click Finish.

4.4.9 Configuring Bus Destinations

To configure the Role Manager Bus and Finalization Bus destinations:

If not already on the Buses page, go to Service integration, Buses.
Click the ORM Bus link, and then click Destinations.
Click New.
Select Queue as the destination type, and then click Next.
Type Loader Queue as the identifier, and then click Next.
Specify the bus member to own the queue, and then click Next.
Click Finish.
Repeat these steps, but this time, type Incoming Event Queue as the identifier.
Click New, select Topic space, and then click Next.
Type Notification Topic as the identifier, and then click Next.
Click Finish.
Click ORM Finalization Bus (or alternate finalization bus, if created in Section 4.4.8), and then click Destinations.
Click New.
Choose Queue as the destination type, and then click Next.
Type Finisher Queue as the identifier, and then click Next.
Specify the bus member to own the queue, and then click Next.
Click Finish.

4.4.10 Configuring JMS Queue Connection Factories

To configure JMS queue connection factories:

Go to Resources, JMS, Queue connection factories.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Choose Default messaging provider, and then click OK.
In the Name field, type a name for the Role Manager connection factory, such as ORM QCF.
In the JNDI name field, type orm/jms/QueueConFac.
In the Bus name list, select ORM Bus, and then click OK.
Click New.
Select Default messaging provider, and then click OK.
In the Name field, type a name for the Role Manager connection factory for finalization, such as ORM Finalization QCF.
In the JNDI name field, type orm/jms/FinalizationQueueConFac.
In the Bus name list, select ORM Finalization Bus (or alternate finalization bus, if created in Section 4.4.8).
Click OK.

4.4.11 Configuring the JMS Topic Connection Factory

To configure the JMS topic connection factory:

Go to Resources, JMS, Topic connection factories.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Select Default messaging provider, and then click OK.
In the Name field, type a name for the Role Manager topic connection factory, such

as ORM TCF.
In the JNDI name field, type orm/jms/TopicConFac.
In the Bus name list, select ORM Bus.
Click OK.

4.4.12 Configuring JMS Queues

To configure the Loader queue:

Go to Resources, JMS, Queues.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Select Default messaging provider, and then click OK.
In the Name field, type ORM Loader.
In the JNDI name field, type orm/jms/LoaderQueue.
In the Bus name list, select ORM Bus.
In the Queue name list, select Loader Queue.
Click OK.

To configure the Incoming Event queue:

Go to Resources, JMS, Queues.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Choose Default messaging provider, and then click OK.
In the Name field, type ORM Incoming Event Queue.
In the JNDI name field, type orm/jms/IncomingEventQueue.
In the Bus name list, select ORM Bus.
In the Queue name list, select Incoming Event Queue.
Click OK.

To configure the Finalization queue:

Go to Resources, JMS, Queues, select the same cell scope used in "Configuring JDBC Providers", and then click New.
Select Default messaging provider, and then click OK.
In the Name field, type ORM Finisher Queue.
In the JNDI name field, type orm/jms/FinisherQueue.
In the Bus name list, select ORM Finalization Bus (or alternate finalization bus, if created in "Configuring the JMS messaging buses").
In the Queue name list, select Finisher Queue.
Click OK.

4.4.13 Configuring the JMS Notification Topic

To configure the Notification Topic:

Go to Resources, JMS, Topics.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Select Default messaging provider, and then click OK.
In the Name and the Topic Name fields, type ORM Notification Topic.
In the JNDI name field, type orm/jms/NotificationTopic.
In the Bus name list, select ORM Bus.
In the Topic space list, select Notification Topic.
Click OK.

4.4.14 Configuring JMS Activation Specifications

To configure the Loader AS:

Go to Resources, JMS, Activation specifications.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Select Default messaging provider, and then click OK.
In the Name field, type ORM Loader AS.
In the JNDI name field, type orm/jms/LoaderAS.
In the Destination type list, select Queue.
In the Destination JNDI name field, type orm/jms/LoaderQueue.
In the Bus name list, select ORM Bus.
Click OK.

To configure the Incoming Event AS:

Go to Resources, JMS, Activation specifications.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Select Default messaging provider, and then click OK.
In the Name field, type ORM Incoming Event AS.
In the JNDI name field, type orm/jms/IncomingEventAS.
In the Destination type list, select Queue.
In the Destination JNDI name field, type orm/jms/IncomingEventQueue.
In the Bus name list, select ORM Bus.
Click OK.

To configure the Finisher AS:

Go to Resources, JMS, Activation specifications.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Choose Default messaging provider, and then click OK.
In the Name field, type ORM Finisher AS.
In the JNDI name field, type orm/jms/FinisherAS.
In the Destination type list, select Queue.
In the Destination JNDI name field, type orm/jms/FinisherQueue.
In the Bus name list, select ORM Finalization Bus (or alternate finalization bus, if created in "Configuring the JMS messaging buses").
In the Maximum concurrent endpoints field, set the value to 1.

Note:
You must set the value of Maximum concurrent endpoints as 1 to ensure the ORM application to function properly.
Click OK.

To configure the Notification AS:

Go to Resources, JMS, Activation specifications.
Select the same cell scope used in "Configuring JDBC Providers", and then click New.
Choose Default messaging provider, and then click OK.
In the Name field, type ORM Notification AS.
In the JNDI name field, type orm/jms/NotificationAS.
In the Destination type list, select Topic.
In the Destination JNDI name field, type orm/jms/NotificationTopic.
In the Bus name list, select ORM Bus.
Click OK.

4.4.15 Securing the WebSphere Installation/Console

To secure the WebSphere installation/console:

In a Web browser, type the URL to connect to the WebSphere administrative console. For example:

http://<appserverhost>:9060/ibm/console
Go to Security, Secure administration, applications, and infrastructure.
Click Security Configuration Wizard.
Select Enable application security and Use Java 2 security to restrict application access to local resources check boxes and then click Next.
In the Select user repository: section, select Federated repositories and then click

Next.
Type username and password for administrative user, for example, websphere/websphere and then click Next.

Note:
The username and password specified in this step must be the same as the username and password used to log in to the administrative console.
Click Finish.
Clear the Warn if applications are granted custom permissions check box.
Click Apply, and then save your changes.
From Servers, Application Servers, click the server on which Role Manager is to be

deployed.
In the Server Infrastructure section, click Java and Process Management, and then

click Process Definition.
In the Additional Properties section, click Java Virtual Machine.
In the Additional Properties section, click Custom Properties.
Click New.
In the Name field, type com.ibm.websphere.java2secman.nolog.
In the Value field, type true.
In the Description field, type Stop overlogging of security warnings.
Click OK, and then click Save.

4.4.16 Creating a Custom User

To create a custom user:

Log in to the Administrative Console.
Go to Users and Groups, Manage Users.
Click Create and type the following:
1. User ID, for example, ormserver.
2. First Name, for example, ORM.
3. Last Name, for example, Server.
4. Password, for example, ormserver.
Click Create, and then click Close.
Go to Users and Groups, Administrative User Roles.
Click Add and perform the following substeps:
1. In the User field, type the user ID created in Step 3.
2. In the Role(s) field, select Operator.
3. Click OK.

4.4.17 Creating Alias for Custom User

To create alias for the custom user:

Go to Security, Secure administration, applications, and infrastructure.
In the Authentication section, expand Java Authentication and Authorization Service and then click J2C authentication data.
Click New and perform the following substeps:
1. In the Alias field, type the alias name, for example, ormserver.
2. In the User field, type the User ID that you created in Step 3 of ""Creating a Custom User".
3. In the Password field, type the password that you created in Step 3 of "Creating a Custom User".
Click OK.

4.4.18 Configuring Connection Factory Authentication

To configure authentication for the connection factories:

Go to Resources, Resource Adapters, J2C connection factories.
Click the title of the connection factory.
Set the Container-managed authentication alias to the custom user alias created in "Creating Alias for Custom User",, and then click OK.

The reference to this option being deprecated can be ignored.
Repeat these steps for each of the new connection factories, then save your changes.

4.4.19 Configuring Activation Specification Authentication

To configure authentication for the activation specifications:

Go to Resources, Resource Adapters, J2C activation specification.
Click the title of the new activation specification.
Set the Authentication alias to the user alias created in "Creating Alias for Custom User", and then click OK.
Repeat these steps for each of the new activation specifications, and then save your changes.

4.4.20 Securing the Message Bus

To secure the message bus:

Go to Security, Bus Security.
In the Security column, for each Oracle Role Manager bus, click Disabled.
Select the Enable bus security check box, and then click Apply.

Note:
Enable bus security field is disabled if you have deselected Enable Bus Security field while configuring JMS messaging buses in the of the "Configuring the JMS messaging buses".
For each Oracle Role Manager Bus enabled, in the Additional Properties section, click Users and groups in the bus connector role.
Click New and select User Name.
In the User Name field, type the User ID that you created in Step 3 of "Creating a Custom User", and click OK.

4.4.21 Configuring Data Upload Size Limit

You can upload a DAR file to load data of maximum size 10 MB into the system. If you try to load data larger than this maximum upload size, you get an error message. Optionally, you can configure the maximum data upload size limit to a higher or lower value than the default settings.

To configure the data upload size limit:

Go to Servers, Application Servers, ORM Server.
In the Server Infrastructure section, expand Java and Process Management, and then click Process Definition.
In the Additional Properties section, click Java Virtual Machine, and then click Custom Properties.
Click New and type the following information:
1. In the Name field, type oracle.iam.rm.loader.max_upload_size.
2. In the Value field, type the maximum size (in bytes) of data upload that you want to set, for example, 10485760.
  
  Note:
  The default value of the maximum size of data upload is 10 MB (10x1024x1024 = 10485760). You can modify this value to any other limit.
3. In the Description field, type the description for the maximum upload size that you set, for example, maximum size limit for the Oracle Role Manager loader.
4. Click OK.

4.4.22 Increasing the Transaction Timeout

To increase the transaction timeout:

Log in to the WebSphere Administrative Console.
In the domain tree, select Application Servers, SERVER_NAME for example, server1.
In the Container Settings section, expand Container Service, and then Click Transaction Service.
In the Total transaction lifetime timeout field, type the new value, 1200, if you want to change the default value, which is 120.
In the Maximum transaction timeout field, type the new value, 1200, if you want to change the default value, which is 300.
Click Apply to save the server settings.
Restart the server.

Note:

For performance tuning of the WebSphere Application Server, refer to the following link:

http://www-01.ibm.com/software/webservers/appserv/was/performance.html

4.4.23 Deploying Role Manager Server

To deploy the Role Manager server:

Go to Applications, Install New Application.
Choose Remote file system, click Browse to navigate to the <ORM_install>/lib directory, select server.ear, and then click OK.
Click Next.
On the Map modules to servers page, perform the following substeps:
1. From the Cluster and Servers list, select the server on which Oracle Role Manager has to be deployed.
2. Select both modules, server.jar and ormconsole.
3. Click Apply.
4. Click Next.
Click Finish.

This could take a few moments to complete.
Click Save.

To associate the custom user to the Role Manager server:

Go to Applications, Enterprise Applications.
Select ORM Server.
In the Detail Properties section, click Security role to user/group mapping.
Select ORMServer, and then click Look up users.
Search and select the ormserver user that you created in Step 3 of "Creating a Custom User", and move it to the Selected list by clicking the right arrow and then click OK.
In the Security role to user/group mapping page, click OK.
In the Detail Properties section, click User RunAs roles.
Perform the following substeps:
1. In the User Name field, type the User ID that you created in Step 3 of "Creating a Custom User".
2. In the password field, type the password that you created in Step 3 of "Creating a Custom User".
3. In the Role(s) field, select ORMServer.
Click Apply, and then click OK.
Restart the server on which Role Manager is installed.
Note:
- If you have created a non-admin server in the for Role Manager, then the non-admin server does not get started automatically when the websphere admin server is started or when the websphere windows service is started. You can start the non-admin server using the following command:
```
[Websphere Profile Install Dir]/bin/startServer.bat <server-name>
```
- After starting the server on which Role Manager is installed, if you see the status of the Oracle Role Manager Server application through the administrative console of the admin server, it might show as stopped though the application has actually started. You cannot start the application deployed on the non-admin server through the administrative console of the admin server.
To test the server installation, ensure that you can get to the Role Manager administrative console from a Web browser. For example:

http://localhost:9080/ormconsole

You should be able to see the Home page of the Role Manager administrative console.

4.4.24 Deploying the Role Manager Web Application

To deploy the Role Manager Web application:

Go to Applications, Install New Application.
Select Remote file system, click Browse to navigate to the <ORM_install>/webui/websphere/6.1 directory, select webui.ear, click OK and then click Next.
On the Select installation options page, accept the defaults and then click Next.
On the Map modules to servers page, perform the following substeps:
1. From the Cluster and Servers list, select the server on which Oracle Role Manager has to be deployed.
2. Select the webui module.
3. Click Apply.
4. Click Next.
Click Finish, and then save your changes.
Go to Applications, Enterprise Applications, ORM Web UI.
Click Manage Modules.
Click the webui link.
In the Class loader order list, select Classes loaded with application class loader

first and apply.
From Applications, Enterprise Applications, select ORM Web UI, and then click

Start.

(This assumes you are administering WebSphere on the same server as the ORM Web UI is installed).

Note:
If Web UI is deployed on a non-administrative server, then restart that server.
Test the Web application installation as follows:
1. In a Web browser, navigate to the Role Manager Web application address. For
  
  example:
  
  http://localhost:9080/webui
2. Log in as the Role Manager Administrator created in the "Installing Role Manager" section.
  
  You should be able to see the Home page of the Role Manager Web application.