9 Installing and Configuring the Oracle Identity Manager Design Console

This chapter explains how to install the Oracle Identity Manager Design Console, which is a Java client for Oracle Identity Manager. You have the option to install the Design Console on the same computer as your Oracle Identity Manager installation or on a separate computer.

This chapter discusses the following topics:

Requirements for Installing the Design Console
Installing the Design Console
Postinstallation Requirements for the Design Console
Starting the Design Console
Setting the Compiler Path for Adapter Compilation
Configuring SSL Communication With the Design Console (Optional)
Removing the Design Console Installation

9.1 Requirements for Installing the Design Console

Verify that your environment meets the following requirements for Design Console installation:

You must have a running installation of Oracle Identity Manager.
If you are installing the Design Console on a computer other than the host for the application server, you must know the host name and port number of the computer hosting that application server.
The Design Console host must be able to ping the application server host by using both the IP address and the host name.
For clustered Oracle Identity Manager installations, you must know the host name and port number of the Web server.

Note:

If you cannot resolve the host name of the application server, then try adding the host name and IP address in the hosts file in the C:\winnt\system32\drivers\etc\ directory.

9.2 Installing the Design Console

Note:

All Oracle Identity Manager components must be installed in different home directories. If you are installing the Design Console on a computer that is hosting another Oracle Identity Manager component, such as Oracle Identity Manager or the Remote Manager, then you must specify a different installation directory for the Design Console.

To install the Design Console on a Microsoft Windows host:

Insert the Oracle Identity Manager Installation CD into the CD-ROM drive.
Using Microsoft Windows Explorer, navigate to the installServer directory on the installation CD.
Double-click the setup_client.exe file.
Select a language from the list on the Installer page. The Welcome page is displayed.
On the Welcome page, click Next.
On the Target directory page, perform one of the following steps:
1. The default directory for the Design Console is C:\oracle. To install the Design Console in this directory, click Next.
2. To install the Design Console in another directory, specify the path of the directory in the Directory field, and then click Next.
  
  Note:
  If the directory path that you select does not exist, then the Base Directory settings field is displayed. Click OK. This directory is automatically created. If you do not have write permission to create the default directory, then a message is displayed informing you that the installer could not create the directory. Click OK to close the message and then contact your system administrator to obtain the appropriate permissions.
On the Application Server page, select JBoss and then click Next. This page prompts you to specify the JRE to use with Design Console.
Select the JRE that is installed with Oracle Identity Manager or specify an existing JRE. Then, click Next. The Application Server configuration page is displayed.
On the Application Server Host Information page, enter the information appropriate for the application server hosting your Oracle Identity Manager installation:
1. In the first field, enter the host name or IP address.
  
  Note:
  The host name is case-sensitive.
2. In the second field, enter the naming port for the application server on which Oracle Identity Manager is deployed.
3. Click Next.
On the Graphical Workflow Rendering Information page, enter the application server configuration information:
1. Enter the Oracle Identity Manager server IP address.
2. Enter the port number.
3. Select Yes or No to specify whether or not the Design Console must use Secure Sockets Layer (SSL).
4. Click Next.
On the Shortcut page, select (or deselect) the check boxes for the shortcut options according to your preferences:
1. Create a shortcut to the Design Console on the Start Menu.
2. Create a shortcut to the Design Console on the desktop.
Click Next to move to the next page.
On the Summary page, click Install to begin the Design Console installation.
The final installation page displays a reminder to copy certain application server-specific files to your Oracle Identity Manager installation. Follow these instructions and then click OK.
Click Finish to complete the installation process.

9.3 Postinstallation Requirements for the Design Console

For both clustered and nonclustered installations, copy the jbossall-client.jar and log4j.jar files located in the JBOSS_HOME\client\ directory from the computer hosting Oracle Identity Manager to the OIM_DC_HOME\xlclient\ext directory on the computer on which you are installing the Design Console instance.

Note:

Delete the log4j-1.2.8.jar file from the OIM_DC_HOME\xlclient\ext directory.

To complete installation for clustered installations:

Change the <Discovery> settings in the OIM_DC_HOME\xlclient\Config\xlconfig.xml file for all Design Console installations.

For example, change the following string:

<java.naming.provider.url>
    jnp://localhost:1100
  </java.naming.provider.url>

To the following:

<java.naming.provider.url>
    jnp://IP_of_node1:1100,IP_of_node2:1100
  </java.naming.provider.url>

Add the following tag to the Discovery.CoreServer section of the OIM_DC_HOME\xlclient\Config\xlconfig.xml file:
```
<jnp.partitionName>MyPartition</jnp.partitionName>
```
MyPartition represents the partition name you specified during Oracle Identity Manager installation on JBoss Application Server clusters.
To configure Workflow Visualization to access all available nodes in the cluster:
1. Open the OIM_DC_HOME\xlclient\Config\xlconfig.xml file and locate the following statement:
  
  <ApplicationURL>...</ApplicationURL>
2. Replace the application server URL with the IP address and port of the Web server, as follows:
```
<ApplicationURL>http://webserverIP/xlWebApp/LoginWorkflowRenderer.do
</ApplicationURL>
```
In the configuration XML file, change the multicast address to match that of Oracle Identity Manager:
1. Open the following file:
```
OIM_HOME\xellerate\config\xlconfig.xml
```
2. Search for the <MultiCastAddress> element, and copy the value assigned to this element.
3. Open the following file:
```
OIM_DC_HOME\xlclient\Config\xlconfig.xml
```
4. Search for the <Cache> element, and replace the value of the <MultiCastAddress> element inside this element with the value that you copy in Step b.

9.4 Starting the Design Console

To start the Design Console, double-click OIM_DC_HOME\xlclient\xlclient.cmd or select Design Console from the Microsoft Windows Start menu or desktop.

9.5 Setting the Compiler Path for Adapter Compilation

In the System Configuration form of the Design Console, you must set the XL.CompilerPath system property to include the path of the bin directory inside the JDK directory (JDK_HOME\bin) that is used by the application server on which Oracle Identity Manager is deployed.

Then, restart Oracle Identity Manager.

9.6 Configuring SSL Communication With the Design Console (Optional)

After installing the Oracle Identity Manager Design Console, you might want to configure it to communicate with Oracle Identity Manager over SSL. Perform the following procedure to configure communication from your Design Console to Oracle Identity Manager over SSL:

Stop Oracle Identity Manager.
Perform the following backup tasks:
- Create a backup of the OIM_HOME directory in which you installed Oracle Identity Manager.
- Create a backup of the OIM_DC_HOME directory in which you installed the Oracle Identity Manager Design Console.
- Create a backup of the JBOSS_HOME directory in which you installed JBoss Application Server.
Export the Oracle Identity Manager certificate by running the following commands:
1. cd OIM_HOME\config
2. %JAVA_HOME%\bin\keytool -export -file xlserver.cer -keystore .xlkeystore -storepass xellerate -alias xell
  
  The xlserver.cer file is created in the config folder.
Open the OIM_HOME\config\xljbossssl-service.xml file:
1. Search for the following line:
  
  <attribute name="KeyStorePass"><XDtConfig:configParameter ValueparamName="KeyStorePass"/></attribute>
2. Change the line to the following:
  
  <attribute name="KeyStorePass">xellerate</attribute>
Change the installation profile by using the following commands:
1. cd OIM_HOME\profiles
2. Open the jboss.profile file and set the following properties:
  - configure.ssl.invoker=true
  - jboss.ssl.invocation=true
  - jboss.ssl.port=10443
  - jboss.ssl.clustered.port=10444
  - jboss.stateful.invoker=xl-stateful-rmi-invoker
  - jboss.stateless.invoker=xl-stateless-rmi-invoker
Run the setup command by using the following commands:
1. cd OIM_HOME\setup
2. setup_jboss.cmd database_password
  
  Note:
  For nonclustered installations, JBOSS_DIR refers to JBOSS_HOME\server\default and for clustered installations it refers to JBOSS_HOME\server\all.
Edit the login-config.xml file as follows:
1. Run cd JBOSS_DIR\conf.
2. Open the login-config.xml file and search for the XML tags toward the end in the file. These tags appear as follows:
```
<policy>
...
...
...
       <application-policy name= "xellerate">
               <authentication>
               ....
               ....
              </authentication>
       </application-policy>
</policy> 
```
3. There are two application-policy entries. Remove the last entry.
  
  Note:
  Ensure that you remove the lines starting with <application-policy name="xellerate"> and ending through </application-policy>. Do not remove the last line ending with </policy>.
Copy the OIM_HOME\config\xlserver.cer file to the JAVA_HOME\jre\lib\security directory where JAVA_HOME is the JDK location that points to the Design Console. The default is C:\ jdk160_05.

Use the following command to copy the xlserver.cer file:

..\..\bin\keytool -import -file xlserver.cer -keystore cacerts -storepass changeit -trustcacerts -alias xell

When prompted, enter yes to specify that the certificate must be trusted.
Copy the OIM_HOME\config\.xlkeystore file to the JBOSS_DIR\conf\ directory.
Copy the cacerts file from the JAVA_HOME\java\lib\security directory to the JBOSS_DIR\conf\ directory.

Open the JBOSS_HOME\deploy\jboss-web.deployer\server.xml file:

Search for the line that starts with:

Define a SSL HTTP/1.1 Connector on port 8443

Include the following after the preceding line:

<Connector port="8443" address="${jboss.bind.address}"
 protocol="HTTP/1.1" SSLEnabled="true"
 maxThreads="100" minSpareThreads="5" maxSpareThreads="15"
 scheme="https" secure="true" clientAuth="false"
 keystoreFile="${jboss.server.home.dir}/conf/.xlkeystore"
 keystorePass="xellerate"
 truststoreFile="${jboss.server.home.dir}/conf/cacerts"
 truststorePass="changeit"
 sslProtocol = "TLS" />

Uncomment the entry.
Save and close the updated server.xml file.

Open the OIM_DC_HOME\config\xlconfig.xml in a text editor.

Change
```
<ApplicationURL>http://HOSTNAME:8080/xlWebApp/loginWorkflowRenderer.do
    </ ApplicationURL>
```
To:
```
<ApplicationURL>https://HOSTNAME:8443/xlWebApp/loginWorkflowRenderer.do
    </ ApplicationURL>
```
Note:
- It is assumed that the JBOSS application server uses 8080 as the HTTP port and 8443 as the HTTPS port.
- For clustered JBOSS installations, the value for <ApplicationURL> in OIM_DC_HOME\config\xlconfig.xml can point to one application server URL or it can point to the Web server URL. In the second case, you must trust the Web server certificate from the Web server as described in Step 7 of this procedure.
Restart Oracle Identity Manager for the changes to take effect.

9.7 Removing the Design Console Installation

To remove the Design Console installation:

Stop Oracle Identity Manager and the Design Console if they are running.
Stop all Oracle Identity Manager processes.
Delete the OIM_DC_HOME directory in which you installed the Design Console.