Skip Headers
Oracle® Identity Manager Connector Guide for Microsoft Exchange
Release 9.1.1

Part Number E11198-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

2 Deploying the Connector

The procedure to deploy the connector can be divided into the following stages:

Note:

Some of the procedures described in this chapter are meant to be performed on the target system. The minimum permissions required to perform the target system procedure are those assigned to members of the Domain Admins group. To perform the target system-specific procedures, you can use the same user account that you create for deploying the Microsoft Active Directory User Management connector.

See the "Deploying the Connector" chapter of Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management for information about creating that user account.

2.1 Preinstallation

Preinstallation information is divided across the following sections:

2.1.1 Preinstallation on Oracle Identity Manager

This section contains the following topics:

2.1.1.1 Files and Directories On the Connector Installation Media

The contents of the connector installation media directory are described in Table 2-1.

Table 2-1 Files and Directories On the Connector Installation Media

File in the Installation Media Directory Description

configuration/Exchange-CI.xml

This XML file contains configuration information that is used during the connector installation process.

lib/xliExchange.jar

This JAR file contains the class files required for provisioning.

lib/xliExchangeRecon.jar

This JAR file contains the class files required for reconciliation.

Files in the resources directory

Each of these resource bundles contains language-specific information that is used by the connector.

Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the Administrative and User Console. These text strings include GUI element labels and messages.

script/CreateMailboxExchange2007.vbs

This VBScript file is used by the Remote Manager to provision mailboxes in Exchange 2007. This script is called by the Remote Manager.

xml/MicrosoftExchange-ConnectorConfig.xml

This XML file contains definitions for the connector components. These components include the following:

  • IT resource type

  • Process form

  • Process task and adapters (along with their mappings)

  • Resource object

  • Provisioning process

  • Prepopulate rules

  • Lookup definitions

  • Scheduled tasks


2.1.1.2 Determining the Release Number of the Connector

You might have a deployment of an earlier release of the connector. While deploying the current release, you might want to know the release number of the earlier release. To determine the release number of the connector that has already been deployed:

  1. In a temporary directory, extract the contents of the following JAR file:

    OIM_HOME/xellerate/JavaTasks/xliExchange.jar
    
  2. Open the Manifest.mf file in a text editor. The Manifest.mf file is one of the files bundled inside the xliExchange.jar file and the xliExchangeRecon.jar file.

    In the Manifest.mf file, the release number of the connector is displayed as the value of the Version property.

2.1.2 Preinstallation on the Target System

Preinstallation on the target system involves creating a target system user account with appropriate permissions for connector operations. Oracle Identity Manager requires this account to connect to the target system during reconciliation and provisioning operations.

You can use a Microsoft Windows 2003 Server (Domain Controller) administrator account as a target system user account. Alternatively, you can create a user account and assign the minimum required rights to that user account, if Microsoft Active Directory and Microsoft Exchange are not installed on the same system.

The procedure to create a target system user account is provided in the following section.

2.1.2.1 Creating a Target System User Account for Connector Operations

To create the Microsoft Exchange user account for connector operations:

Note:

You need not perform this procedure if Microsoft Active Directory and Microsoft Exchange are installed on the same system.
  1. Create a group, for example OIMEXCConGroup, on Microsoft Active Directory.

  2. Make this group a member of the Account Operators group.

  3. Assign all read permissions for the OIMEXCConGroup group.

    Note:

    You assign read permissions on the Security tab of the dialog box for creating the user account. This tab is displayed only in Advanced Features view. To switch to this view, select Advanced Features from the View menu in the Microsoft Active Directory console.
  4. Assign the OIMEXCConGroup group to be a member of the Exchange View-Only Administrators group. Users in this group have permission to read all Exchange configuration.

  5. Create a user, for example OIMEXCConUser on the target system.

  6. Assign this user to the OIMEXCConGroup group. Using OIMEXCConUser, you can perform provisioning and reconciliation. You can also enable, disable, and delete a mailbox on Microsoft Exchange.

2.2 Installation

Installation information is divided across the following sections:

2.2.1 Installation on Oracle Identity Manager

Installation on Oracle Identity Manager involves the following procedures:

2.2.1.1 Running the Connector Installer

Note:

In this guide, the term Connector Installer has been used to refer to the Connector Installer feature of the Oracle Identity Manager Administrative and User Console.

Ensure that the Microsoft Active Directory User Management connector is installed before you proceed to install the connector.

To run the Connector Installer:

  1. Copy the contents of the connector installation media directory into the following directory:

    OIM_HOME/xellerate/ConnectorDefaultDirectory

  2. Log in to the Administrative and User Console by using the user account described in the "Creating the User Account for Installing Connectors" section of Oracle Identity Manager Administrative and User Console Guide.

  3. Click Deployment Management, and then click Install Connector.

  4. From the Connector List list, select Exchange 9.1.1. This list displays the names and release numbers of connectors whose installation files you copy into the default connector installation directory:

    OIM_HOME/xellerate/ConnectorDefaultDirectory

    If you have copied the installation files into a different directory, then:

    1. In the Alternative Directory field, enter the full path and name of that directory.

    2. To repopulate the list of connectors in the Connector List list, click Refresh.

    3. From the Connector List list, select Exchange 9.1.1.

  5. Click Load.

  6. To start the installation process, click Continue.

    The following tasks are performed, in sequence:

    1. Configuration of connector libraries

    2. Import of the connector XML files (by using the Deployment Manager)

    3. Compilation of adapters

    On successful completion of a task, a check mark is displayed for the task. If a task fails, then an X mark and a message stating the reason for failure are displayed. Depending on the reason for the failure, make the required correction and then perform one of the following steps:

    • Retry the installation by clicking Retry.

    • Cancel the installation and begin again from Step 0.

  7. If all three tasks of the connector installation process are successful, then a message indicating successful installation is displayed. In addition, a list of the steps that you must perform after the installation is displayed. These steps are as follows:

    1. Ensuring that the prerequisites for using the connector are addressed

      Note:

      At this stage, run the PurgeCache utility to load the server cache with content from the connector resource bundle in order to view the list of prerequisites. See "Clearing Content Related to Connector Resource Bundles from the Server Cache" for information about running the PurgeCache utility.

      There are no prerequisites for some predefined connectors.

    2. Configuring the IT resource for the connector

      Record the name of the IT resource displayed on this page. The procedure to configure the IT resource is described later in this guide.

    3. Configuring the scheduled tasks

      Record the names of the scheduled tasks displayed on this page. The procedure to configure these scheduled tasks is described later in this guide.

When you run the Connector Installer, it copies the connector files and external code files to destination directories on the Oracle Identity Manager host computer. These files are listed in Table 2-2.

Table 2-2 Files Copied During Connector Installation

File in the Installation Media Directory Destination Directory

lib/xliExchange.jar

OIM_HOME/xellerate/JavaTasks

lib/xliExchangeRecon.jar

OIM_HOME/xellerate/ScheduleTask

Files in the resources directory

OIM_HOME/xellerate/connectorResources


Note:

For a clustered environment, copy the files listed in Table 2-2 into their respective destination directories on each node of the cluster.
2.2.1.1.1 Copying the ldapbp.jar File

The ldapbp.jar file is used by the connector to enable LDAP-based search of user records on the target system. During the installation of the Microsoft Active Directory User Management connector, this file is copied into the ThirdParty directory of Oracle Identity Manager.

See the "Running the Connector Installer" section of Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management for details.

Note:

for a clustered environment, this JAR file must be copied into the ThirdParty directory on each node of the cluster.
2.2.1.1.2 Installing the Connector in an Oracle Identity Manager Cluster

While installing the connector in a clustered environment, you must copy all the JAR files and the contents of the resources directory into their destination directories on each node of the cluster. See Table 2-2, "Files Copied During Connector Installation" for information about the files that you must copy and their destination locations on the Oracle Identity Manager host computer.

2.2.1.2 Creating the IT Resource

The IT resource for the target system contains connection information about the target system. Oracle Identity Manager uses this information for reconciliation and provisioning.

For reconciliation and provisioning in Microsoft Exchange 2000 and Microsoft Exchange 2003, Oracle Identity Manager uses the Microsoft Active Directory IT resource. See Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management for instructions to create Microsoft Active Directory IT resources.

For reconciliation in Microsoft Exchange 2007, Oracle Identity Manager uses the Microsoft Active Directory IT resource. For provisioning in Microsoft Exchange 2007, Oracle Identity Manager uses the Microsoft Active Directory IT resource and Microsoft Exchange Server IT resource values.

To create the Microsoft Exchange Server IT resource:

  1. Log in to the Administrative and User Console.

  2. Expand Resource Management.

  3. Click Create IT Resource.

  4. On the Step 1: Provide IT Resource Information section, perform the following steps:

    • IT Resource Name: Enter Exchange Server IT Resource.

    • IT Resource Type: Select Exchange Server from the IT Resource Type list.

    • Remote Manager: At this point, do not enter a value in this field.

      Note:

      After you install a Remote Manager for the target system, specify the name of the IT resource for the Remote Manager as the value of the Remote Manager parameter. See "Installing the Remote Manager" for information about whether or not you need to install a Remote Manager.
  5. Click Continue. Figure 2-1 shows IT resource values added in the Create IT Resource page.

    Figure 2-1 Step 1: Provide IT Resource Information

    Description of Figure 2-1 follows
    Description of "Figure 2-1 Step 1: Provide IT Resource Information"

  6. On the Step 2: Specify IT Resource Parameter Values section, specify values for the parameters of the IT resource and click Continue. Figure 2-2 shows IT resource parameter values added in the Create IT Resource page.

    Figure 2-2 Step 2: Specify IT Resource Parameter Values

    Description of Figure 2-2 follows
    Description of "Figure 2-2 Step 2: Specify IT Resource Parameter Values"

    Table 2-3 describes the parameters for this IT resource.

    Table 2-3 Parameters of the IT Resource

    Parameter Description

    Remote Script Location

    Enter the full path of the CreateMailboxExchange2007.vbs script placed in the remote system (This remote system is the system where Exchange 2007 has been installed). The Remote Manager uses this script to create mailboxes on the target system.

    Note: This parameter is case-sensitive. Therefore, you must enter the correct case (uppercase and lowercase) of the path to the directory where the script is copied.

    Sample value: RM_HOME/RemoteScripts/CreateMailboxExchange2007.vbs

    Report Log Location

    Enter the full path of the directory where you want the log files to be generated. The log file stores the outcome of each run of the CreateMailboxExchange2007.vbs script.

    You must create the directory if it does not already exist.

    Note: This parameter is case-sensitive. Therefore, you must enter the correct case (uppercase and lowercase) of the path to the directory where the log files are to be generated.

    Sample value: RM_HOME/Log/Report.log

    Report.log is the name of the log file generated. You can change this file name.


  7. The Step 3: Set Access Permission to IT Resource page is displayed. On this page, the SYSTEM ADMINISTRATORS group is displayed by default in the list of groups that have Read, Write, and Delete permissions on the IT resource that you are creating.

    Note:

    This step is optional.

    If you want to assign groups to the IT resource and set access permissions for the groups, then:

    a. Click Assign Group.

    b. For the groups that you want to assign to the IT resource, select Assign and the access permissions that you want to set. For example, if you want to assign the ALL USERS group and set the Read and Write permissions to this group, then you must select the respective check boxes in the row, as well as the Assign check box, for this group.

    c. Click Assign.

  8. On the Step 3: Set Access Permission to IT Resource page, if you want to modify the access permissions of groups assigned to the IT resource, then:

    Note:

    - This step is optional.

    - You cannot modify the access permissions of the SYSTEM ADMINISTRATORS group. You can modify the access permissions of only other groups that you assign to the IT resource.

    a. Click Update Permissions.

    b. Depending on whether you want to set or remove specific access permissions for groups displayed on this page, select or deselect the corresponding check boxes.

    c. Click Update.

  9. On the Step 3: Set Access Permission to IT Resource page, if you want to unassign a group from the IT resource, then:

    Note:

    - This step is optional.

    - You cannot unassign the SYSTEM ADMINISTRATORS group. You can unassign only other groups that you assign to the IT resource.

    a. Select the Unassign check box for the group that you want to unassign.

    b. Click Unassign.

  10. Click Continue.

  11. On the Step 4: Verify IT Resource Details page, review the information that you provided on the first, second, and third pages. If you want to make changes in the data entered on any page, click Back to revisit the page and then make the required changes.

  12. To proceed with the creation of the IT resource, click Continue. Figure 2-3 shows the IT resource details that you created in the Create IT Resource page.

    Figure 2-3 Step 4: Verify IT Resource Details

    Description of Figure 2-3 follows
    Description of "Figure 2-3 Step 4: Verify IT Resource Details"

  13. The Step 5: IT Resource Connection Result page displays the results of a connectivity test that is run using the IT resource information. If the test is successful, then click Create. If the test fails, then you can perform one of the following steps:

    • Click Back to revisit the previous pages and then make corrections in the IT resource creation information.

    • Click Cancel to stop the procedure, and then begin from the first step onward.

    • Proceed with the creation process by clicking Continue. You can fix the problem later, and then rerun the connectivity test by using the Diagnostic Dashboard. Figure 2-4 shows the IT resource connection result in the Create IT Resource page.

      Figure 2-4 Step 5: IT Resource Connection Result Page

      Description of Figure 2-4 follows
      Description of "Figure 2-4 Step 5: IT Resource Connection Result Page"

  14. The Step 6: IT Resource Created page displays the details of the IT resource that you created. Click Finish. Figure 2-5 shows the IT resource created in the Create IT Resource page.

    Figure 2-5 IT Resource Created Page of Oracle Identity Manager

    Description of Figure 2-5 follows
    Description of "Figure 2-5 IT Resource Created Page of Oracle Identity Manager"

2.2.2 Installation on the Target System

This section discusses the following topics:

Note:

The procedure to configure the Remote Manager is described in "Configuring the Remote Manager".

2.2.2.1 Installing the Remote Manager

The Remote Manager enables mailbox provisioning operations on Microsoft Exchange 2007.

Note:

If Microsoft Exchange 2007 is running on 64-bit Microsoft Windows Server, then you must install the 64-bit version of JDK 1.4.2_15 or JDK 1.5 before you install the Remote Manager.

You must install the Remote Manager for Microsoft Exchange 2007 if you have not installed the Remote Manager for Microsoft Active Directory. See Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management for information about this Remote Manager.

A single Remote Manager can be used with multiple Microsoft Exchange installations (on multiple host computers) that are configured for a single Microsoft Active Directory installation. The Remote Manager can be installed on any Microsoft Exchange host on which Exchange Management tools are installed.

Note:

  • See the "Deploying the Connector" chapter of Oracle Identity Manager Connector Guide for Microsoft Active Directory User Management for information about installing and configuring the Remote Manager for Microsoft Active Directory.

  • In this guide, the directory in which you install the Remote Manager is referred to as RM_HOME.

To deploy the Remote Manager:

  1. The Remote Manager installation files are shipped along with the Oracle Identity Manager installation files. Depending on the application server that you use, perform the procedure to install the Remote Manager on the target system computer by following the instructions given in one of the following guides:

    • Oracle Identity Manager Installation and Configuration Guide for Oracle WebLogic Server

    • Oracle Identity Manager Installation and Configuration Guide for IBM WebSphere Application Server

    • Oracle Identity Manager Installation and Configuration Guide for JBoss Application Server

    • Oracle Identity Manager Installation and Configuration Guide for Oracle Application Server

  2. Copy the following JAR files into the RM_HOME/xlremote/JavaTasks directory:

    • OIM_HOME/xellerate/lib/xlVO.jar

    • OIM_HOME/xellerate/lib/xlScheduler.jar

    • OIM_HOME/xellerate/lib/xlAPI.jar

    • OIM_HOME/xellerate/JavaTasks/xliActiveDirectory.jar

    • OIM_HOME/xellerate/ScheduleTask/xliADRecon.jar

    • OIM_HOME/xellerate/JavaTasks/xliExchange.jar

    • OIM_HOME/xellerate/ScheduleTask/xliExchangeRecon.jar

  3. Copy the CreateMailboxExchange2007.vbs file from the following directory on the installation media to the RM_HOME/scripts directory:

    scripts/CreateMailboxExchange2007.vbs

    Note:

    Ensure that the RM_HOME directory is secured using Microsoft Windows best practices. Only the target system user account for Oracle Identity Manager must have permissions to access the RM_HOME directory.
  4. To enable logging in the Remote Manager, create a log directory and file inside the RM_HOME directory. For example:

    RM_HOME/Log/Report.log

  5. Specify the name of the Remote Manager as the value of the Remote Manager IT resource parameter. This parameter is described in "Creating the IT Resource".

    See Oracle Identity Manager Administrative and User Console Guide for information about modifying the value of an IT resource parameter.

2.2.2.2 Enabling Client-Side Authentication for the Remote Manager

To enable client-side authentication for the Remote Manager:

Note:

If you have already enabled client-side authentication for the Remote Manager in Microsoft Active Directory, then you need not perform the procedure described in this section.
  1. Open the RM_HOME/xlremote/config/xlconfig.xml file in a text editor.

  2. Set the ClientAuth property to true as follows:

    <ClientAuth>true</ClientAuth>
    
  3. Ensure that the RMIOverSSL property is set to true as follows:

    <RMIOverSSL>true</RMIOverSSL>
    
  4. Perform Steps 2 through 3 in the OIM_HOME/config/xlconfig.xml file.

2.3 Postinstallation

Postinstallation information is divided across the following sections:

2.3.1 Postinstallation on Oracle Identity Manager

Postinstallation on Oracle Identity Manager consists of the following procedures:

Note:

In a clustered environment, you must perform these procedures on each node of the cluster.

2.3.1.1 Clearing Content Related to Connector Resource Bundles from the Server Cache

While you deploy the connector, the resource bundles are copied from the resources directory on the installation media into the OIM_HOME/xellerate/connectorResources directory. Whenever you add a new resource bundle in the connectorResources directory or make a change in an existing resource bundle, you must clear content related to connector resource bundles from the server cache.

To clear content related to connector resource bundles from the server cache:

  1. In a command window, go to the OIM_HOME/xellerate/bin directory.

    Note:

    You must perform Step 1 before you perform Step 2. An exception is thrown if you run the command described in Step 2 as follows:

    OIM_HOME/xellerate/bin/BATCH_FILE_NAME

  2. Enter one of the following commands:

    • On Microsoft Windows:

      PurgeCache.bat ConnectorResourceBundle
      
    • On UNIX:

      PurgeCache.sh ConnectorResourceBundle
      

    Note:

    You can ignore the exception that is thrown when you perform Step 2.

    In this command, ConnectorResourceBundle is the content category that you must delete from the server cache.

    See Also:

    The following file for information about content categories:

    OIM_HOME/config/xlconfig.xml

2.3.1.2 Enabling Logging

When you enable logging, Oracle Identity Manager automatically stores in a log file information about events that occur during the course of provisioning and reconciliation operations. To specify the type of event for which you want logging to take place, you can set the log level to one of the following:

  • ALL

    This level enables logging for all events.

  • DEBUG

    This level enables logging of information about fine-grained events that are useful for debugging.

  • INFO

    This level enables logging of messages that highlight the progress of the application at a coarse-grained level.

  • WARN

    This level enables logging of information about potentially harmful situations.

  • ERROR

    This level enables logging of information about error events that may allow the application to continue running.

  • FATAL

    This level enables logging of information about very severe error events that could cause the application to stop functioning.

  • OFF

    This level disables logging for all events.

The file in which you set the log level and the log file path depend on the application server that you use:

  • Oracle WebLogic Server

    To enable logging:

    1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:

      log4j.logger.XELLERATE=LOG_LEVEL
      log4j.logger.OIMCP.MEXC=LOG_LEVEL
      
    2. In these lines, replace LOG_LEVEL with the log level that you want to set.

      For example:

      log4j.logger.XELLERATE=INFO
      log4j.logger.OIMCP.MEXC=INFO
      

    After you enable logging, log information is displayed on the server console.

  • IBM WebSphere Application Server

    To enable logging:

    1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:

      log4j.logger.XELLERATE=LOG_LEVEL
      log4j.logger.OIMCP.MEXC=LOG_LEVEL
      
    2. In these lines, replace LOG_LEVEL with the log level that you want to set.

      For example:

      log4j.logger.XELLERATE=INFO
      log4j.logger.OIMCP.MEXC=INFO
      

    After you enable logging, log information is written to the following file:

    WEBSHERE_HOME/AppServer/logs/SERVER_NAME/SystemOut.log

  • JBoss Application Server

    To enable logging:

    1. In the JBOSS_HOME/server/default/conf/log4j.xml file, locate or add the following lines:

      <category name="XELLERATE">
         <priority value="LOG_LEVEL"/>
      </category>
      
      <category name="OIMCP.MEXC">
         <priority value="LOG_LEVEL"/>
      </category>
      
    2. In the second XML code line of each set, replace LOG_LEVEL with the log level that you want to set. For example:

      <category name="XELLERATE">
         <priority value="INFO"/>
      </category>
      
      <category name="OIMCP.MEXC">
         <priority value="INFO"/>
      </category>
      

    After you enable logging, log information is written to the following file:

    JBOSS_HOME/server/default/log/server.log

  • Oracle Application Server

    To enable logging:

    1. Add the following lines in the OIM_HOME/xellerate/config/log.properties file:

      log4j.logger.XELLERATE=LOG_LEVEL
      log4j.logger.OIMCP.MEXC=LOG_LEVEL
      
    2. In these lines, replace LOG_LEVEL with the log level that you want to set.

      For example:

      log4j.logger.XELLERATE=INFO
      log4j.logger.OIMCP.MEXC=INFO
      

    After you enable logging, log information is written to the following file:

    ORACLE_HOME/opmn/logs/default_group~home~default_group~1.log

2.3.2 Postinstallation on the Target System

Postinstallation on the target system involves the following procedure:

2.3.2.1 Configuring SSL

You need not configure SSL for Microsoft Exchange if it is already configured on the Microsoft Active Directory target system to which your Microsoft Exchange is linked.

2.3.3 Configuring the Remote Manager

Note:

Perform this procedure only if you have installed the Remote Manager for Microsoft Exchange 2007. The procedure to install the Remote Manager is described in "Installing the Remote Manager".

If you have installed multiple Microsoft Exchange 2007 Remote Managers, then you must perform this procedure for each Remote Manager.

The IT resource for the Remote Manager contains connection information about the Remote Manager. The Remote Manager is used by Oracle Identity Manager to invoke the Exchange Management Shell script to create mailboxes in Microsoft Exchange 2007. When you run the Connector Installer, the IT resource for the Remote Manager is created in Oracle Identity Manager for Microsoft Exchange 2007.

For reconciliation in Microsoft Exchange 2007, Oracle Identity Manager uses the Microsoft Active Directory IT resource. For provisioning in Microsoft Exchange 2007, Oracle Identity Manager uses the Microsoft Active Directory IT resource, Exchange IT resource, and the Remote Manager IT resource values. For information about the Exchange IT resource parameters, see "Creating the IT Resource".

This section discusses the following topics:

2.3.3.1 Creating the IT Resource for the Remote Manager

To create the IT resource for the Remote Manager:

  1. Log in to the Administrative and User Console.

  2. Expand Resource Management.

  3. Click Create IT Resource.

  4. On the Step 1: Provide IT Resource Information page, enter the following information:

    • IT Resource Name: Enter Exchange Remote Manager IT Resource.

    • IT Resource Type: Select Remote Manager from the IT Resource Type list.

    • Remote Manager: Do not enter a value in this field.

  5. Click Continue.

  6. On the Step 2: Specify IT Resource Parameter Values page, specify values for the parameters of the IT resource and then click Continue. Table 2-4 describes the parameters for this IT resource.

    Table 2-4 Parameters of the IT Resource for the Remote Manager

    Parameter Description

    service name

    Enter a name for the remote manager.

    Sample value: RManager

    url

    Enter the IP address of the target system host computer and the port number at which the Remote Manager is listening.

    Sample value: rmi//10.0.0.1:12346


  7. Click Continue.

  8. On the Step 4: Verify IT Resource Details page, review the information that you provided on the first, second, and third pages. If you want to make changes in the data entered on any page, click Back to revisit the page and then make the required changes.

  9. To proceed with the creation of the IT resource, click Continue.

  10. The Step 5: IT Resource Connection Result page displays the results of a connectivity test that is run using the IT resource information. If the test is successful, then click Create. If the test fails, then you can perform one of the following steps:

    • Click Back to revisit the previous pages and then make corrections in the IT resource creation information.

    • Click Cancel to stop the procedure, and then begin from the first step onward.

    • Proceed with the creation process by clicking Continue. You can fix the problem later, and then rerun the connectivity test by using the Diagnostic Dashboard.

  11. The Step 6: IT Resource Created page displays the details of the IT resource that you created. Click Finish.

2.3.3.2 Configuring Oracle Identity Manager to Trust the Remote Manager

To configure Oracle Identity Manager to trust the Remote Manager you have installed:

  1. From the computer hosting the Remote Manager, copy the RM_HOME/xlremote/config/xlserver.cert file to a temporary directory on the Oracle Identity Manager host computer.

    Note:

    The server certificate in the OIM_HOME directory is also named xlserver.cert. Ensure that you do not overwrite that certificate.
  2. To import the certificate by using the keytool utility, run the following command:

    JAVA_HOME/jre/bin/keytool -import -alias ALIAS -file RM_CERT_LOCATION/xlserver.cert -keystore OIM_HOME/xellerate/config/.xlkeystore -storepass PASSWORD
    

    In the preceding command, replace:

    • JAVA_HOME with the location of the Java directory for your application server.

    • ALIAS with an alias for the certificate in the store.

    • RM_CERT_LOCATION with the full path of the temporary directory where you copied the certificate.

    • PASSWORD with the password of the keystore.

  3. Copy the OIM_HOME/xellerate/config/xlserver.cert file to a temporary directory on the Remote Manager host computer.

  4. To import the certificate by using the keytool utility on the Remote Manager host computer, run the following command:

    JAVA_HOME/jre/bin/keytool -import -alias ALIAS -file OIM_CERT_LOCATION/xlserver.cert -keystore RM_HOME/xlremote/config/.xlkeystore -storepass PASSWORD
    

    In the preceding command, replace:

    • JAVA_HOME with the location of the Java directory for your application server.

    • ALIAS with an alias for the certificate in the store.

    • OIM_CERT_LOCATION with the full path of the temporary directory where you copied the certificate.

    • PASSWORD with the password of the keystore.

      Note:

      It is recommended that you follow security best practices and change the default passwords used for the Remote Manager keystore. To change the Remote Manager keystore password, follow the instructions given in Oracle Identity Manager Installation and Configuration Guide for your application server.

2.3.3.3 Verifying That the Remote Manager Is Running

To ensure that the Remote Manager is running:

  1. Use the following script to start the Remote Manager:

    RM_HOME/xlremote/remotemanager.bat

  2. Log in to the Design Console.

  3. Expand Administration, and double-click Remote Manager.

  4. Search for and open the Remote Manager that you have created.

  5. Click the Refresh icon. The screen displays details of the Remote Manager that you have configured. The running check box should be selected for the Remote Manager. This implies that the status of the Remote Manager is active.