Oracle® Access Manager Installation Guide 10g (10.1.4.2.0) Part Number B32412-01 |
|
|
View PDF |
This chapter provides an introduction to installing Oracle Access Manager. Topics include:
Before starting activities in this guide, be sure to read the Oracle Access Manager Introduction. Upgrading an older installation to 10g (10.1.4.0.1) is described in the Oracle Access Manager Upgrade Guide.
Note:
Oracle Access Manager Release 10g (10.1.4.2.0) is a patch set. After installing 10g (10.1.4.0.1), you can apply Release 10.1.4 Patch Set 1 (10.1.4.2.0) to installed components. However, you cannot install 10g (10.1.4.2.0) directly.The Identity System is required in all installations. The Access System is optional. For an overview of both the Identity System and the Access System, including a look at a simple installation and an overview of how each system operates, see the Oracle Access Manager Introduction.
The sequence of tasks you must complete to install and set up Oracle Access Manager components is outlined in Figure 1-1 and the expanded task overview that follows it.
Task overview: Installing Oracle Access Manager
Review and choose your installation options, as described in "Installation Options", and your methods as described in "Installation Methods".
Complete all prerequisites in Chapter 2, "Preparing for Installation" and review the following information as needed for your environment.
If you are using Oracle Internet Directory in this installation, see also:
If you are using Oracle Virtual Directory in this installation, see also Chapter 10, "Setting Up Oracle Access Manager with Oracle Virtual Directory" and complete all prerequisite tasks before you setup the Identity System.
If you are using Active Directory in this installation, see also Appendix A, "Installing Oracle Access Manager with Active Directory".
If you are including Active Directory Application Mode (ADAM) in this installation, see also Appendix B, "Installing Oracle Access Manager with ADAM".
If you have a multi-language environment, review information on this in Chapter 3, "About Multi-Language Environments".
Install the first Identity Server, as described in Chapter 4, "Installing the Identity Server".
Install the first WebPass, as described in Chapter 5, "Installing WebPass".
Set up the Identity System to ensure that object classes and attributes appear in the directory server and that the Identity Server is working correctly with the WebPass, and assign a Master Administrator who has access to the entire system, as described in Chapter 6, "Setting Up the Identity System".
Install other Identity Servers if needed in this environment, as described in Chapter 4, "Installing the Identity Server".
Install other WebPass instances if needed in this environment, as described in Chapter 5, "Installing WebPass".
Note:
If you are installing multiple instances of any component, you can do this automatically after the first instance is installed and set up. See Chapter 15, "Replicating Components" for information about automated installation, cloning, and synchronizing components.Start configuring and customizing your Identity System now (or after installing optional components). For example:
Define administrators; configure workflows, auditing, and profiles; use applications (User Manager, Group Manager, Organization Manager), configure the system to use installed languages, as described in the Oracle Access Manager Identity and Common Administration Guide.
Configure failover, load balancing, caching; performance tune the Identity System; and take a look at migration planning for a production environment as described in the Oracle Access Manager Deployment Guide.
Start customizing the Identity System to change the appearance of applications and to control Oracle Access Manager by making changes to operating systems, Web servers, directory servers, directory content, or by connecting CGI files or JavaScripts to Oracle Access Manager screens, as described in the Oracle Access Manager Customization Guide.
Explore how to build and deploy Identity Event Plug-ins using the software developer kit (SDK) and APIs, and how to access Identity System functionality programmatically using IdentityXML and WSDL, as described in the Oracle Access Manager Developer Guide.
Note:
Installing the Oracle Access Manager Software Developer Kit and APIs are introduced in Chapter 14, "About the Software Developer Kit". Complete details are located in the Oracle Access Manager Developer Guide.Install and set up the optional Access System, as follows:
Install and setup the Policy Manager, as described in Chapter 7, "Installing the Policy Manager".
Install the Access Server, which includes adding an Access Server instance in the Access System Console, as described in Chapter 8, "Installing the Access Server".
Install the WebGate, which includes adding a WebGate instance in the Access System Console and associating the WebGate with an Access Server before installation, as described in Chapter 9, "Installing the WebGate".
Start configuring the Access System now (or install other optional components first), as follows:
Define policy domains, authentication schemes, and authorization schemes; allow users to access multiple resources with a single login by configuring single- and multi-domain single sign-on; and design custom login forms as described in the Oracle Access Manager Access Administration Guide.
Configure the Access System for auditing, as described in the Oracle Access Manager Identity and Common Administration Guide.
Create custom WebGates (known as AccessGates), and develop custom authentication and authorization plug-ins using the software developer kit and APIs, as described in the Oracle Access Manager Developer Guide.
Note:
Installing the Oracle Access Manager Software Developer Kit and APIs are introduced in Chapter 14, "About the Software Developer Kit". Complete details are located in the Oracle Access Manager Developer Guide.Install any other optional Oracle Access Manager components you'd like to use, such as:
SNMP monitoring, as discussed in Chapter 11, "Installing the SNMP Agent"
Oracle-provided Language Packs, which may be installed independently, after component installation, as described in Chapter 12, "Installing Language Packs Independently"
The Oracle Access Manager Software Developer Kit and APIs are introduced in Chapter 14, "About the Software Developer Kit". Complete details are located in the Oracle Access Manager Developer Guide.
This discussion identifies the options available to you during installation, and tells you where to find more information.
Task overview: Choosing your installation options
Before installation, decide whether to install components using GUI method or the command line method, as described in "Installation Methods".
During installation you can choose to enable automatic updates of the schema using system-provided defaults, or input your own values for attributes during Identity System and Policy Manager setup, as described in "Updating the Schema and Attributes Automatically Versus Manually".
After installation of the first instance of a component, you can choose to install multiple instances of a component manually or use an automated installation method for multiple instances, as described in "Replicating an Installed Oracle Access Manager Component".
If you have older component files in the installation directory that you specify, you are asked if you want to upgrade to the later release. See "Upgrading from a Earlier Release of Oracle Access Manager".
During Identity Server and Policy Manager installation, you are asked if you want to automatically update the schema with the configuration data branch. The schema update must occur before you begin the setup process.
Note:
Oracle recommends that you update the schema automatically during installation to obtain product-specific object classes and attributes. If you decline the automatic update during installation, a Schema Changes page appears at the beginning of the Identity System and Policy Manager setup process. The automatic schema update is not supported for the ADAM directory.Custom schema changes must be added after the installation because the Identity Server installation changes the schema. During Identity System and Policy Manager setup, you are prompted to configure various object classes. For example, the Identity System requires attributes assigned to the Full Name, Login, and Password semantic types for Person and Group object classes. Oracle recommends that you automatically configure attributes using the Auto Configure option during setup to save time and avoid errors. You can reconfigure the attributes afterward if needed.
Automatically configuring attributes is a single step in the installation and setup processes, as shown in Table 1-1. With the ADAM directory, however, you must manually update the schema and data after Oracle Access Manager component installation, as described in Appendix B, "Installing Oracle Access Manager with ADAM".
Table 1-1 Automatically Configure the Schema for All Except the ADAM Directory
If you choose to manually configure attributes, this must occur after installation during the setup process. Manually configuring attributes requires one or more ldif files located in:
IdentityServer_install_dir\identity\oblix\data.ldap\common
PolicyManager_install_dir\access\oblix\data.ldap\common
Each ldif file is prefixed with a specific directory server type, as shown in Table 1-2. In most cases, you use the ldapmodify tool to perform the update. For example:
ldapmodify –h DS_hostname -p DS_port_number -D bind_dn -w password -a –c -f DS_type_oblix_schema_add.ldif
Table 1-2 provides details about the schema update files needed for each directory server type. Included are any index files required for configuration data or user data.
For more information about directory requirements, see "Meeting Directory Server Requirements".
Table 1-2 Manual Schema Update Files
Directory Server Type | Manual Schema Update Files |
---|---|
ADSchema.ldif (Windows 2000 only) ADdotNetSchema_add.ldif (Windows 2003 only) ADAuxSchema.ldif (Windows 2003, statically-linked auxiliary classes) Note: The Active Directory schema is extensible using Ldifde.exe. For more information, see Appendix A, "Installing Oracle Access Manager with Active Directory". |
|
ADAM_oblix_schema_add.ldif ADAMAuxSchema.ldif (statically-linked auxiliary classes) Note: You must manually update the ADAM schema when installing Oracle Access Manager. The ADAM schema is extensible using Ldifde.exe. For more information, see Appendix B, "Installing Oracle Access Manager with ADAM". |
|
See Chapter 10, "Setting Up Oracle Access Manager with Oracle Virtual Directory" for details about:
|
|
Rather than manually installing every instance of a component, you can replicate the configuration of one instance to another after installation and setup of the first instance of a particular component.
There are three methods to choose from:
Automate the installation process using a file that contains installation parameters (known as installing in silent mode).
Clone the configuration.
Synchronize two components or parts of two components.
Silent mode permits installation without user intervention. The Oracle Access Manager installation script takes option and configuration information from a silent mode option file.
Important:
Silent mode is intended for new installations only.
For more information on silent mode, see Chapter 15, "Replicating Components".
You can also replicate an installed component by cloning it, or you can synchronize two components or parts of two components.
For more information, see "Cloning and Synchronizing Installed Components".
When you start installing a Oracle Access Manager component and specify a target installation directory that contains an earlier version, the component is detected and you are asked if you want to upgrade that component to 10g (10.1.4.0.1).
To avoid an upgrade, you must specify a new installation directory path.
To accept the upgrade and continue, see the Oracle Access Manager Upgrade Guide.
You may choose to install Oracle Access Manager components using the graphical user interface (GUI method) or using the command-line console (Console method). Regardless of the method you choose, the process is similar. The sequence and prompts detailed in this manual use GUI method. Any differences will be identified as they occur. For more information, see:
Different installation packages are available for Oracle Access Manager components, depending on your platform and Web server. The sequence of events and messages are the same regardless of the method you choose when launching the installation.
You obtain the Oracle Access Manager installation media from Oracle. GUI method is the default for Windows systems when you select the installation package. For example:
Oracle_Access_Manager10_1_4_0_1_win32_Identity_Server
Due to known problems with the third-party Installshield's ISMP framework, if any inputs supplied during installation contain the character $, the installer might interpret it unpredictably. For example, if the bind password supplied during the schema update for the first Identity Server is Admin$$, ISMP interprets this as Admin$ while invoking the schema update tool and the update fails citing a "bad credentials error(49)". If this problem is observed during invocation of a particular tool, you may run that tool from the command line.
Note:
Every Oracle Access Manager installer that uses the same password may also fail with a credential problem of some type.You may use the command-line console method when installing Oracle Access Manager components on Unix platforms. Console method is the default for Unix systems. For example:
/ Oracle_Access_Manager10_1_4_0_1_sparc-s2_Identity_Server
Note:
When using the console method for component installation, you are instructed to:Press 1 for Next—1 is the default if you press the Enter key.
Press 3 to Cancel
Press 4 to Re-display the information
Occasionally, you will be asked to specify an option number then enter zero, 0, to confirm your choice.