Skip Headers
Oracle® Identity Manager Installation and Configuration Guide for Oracle WebLogic Server

Part Number E14047-04
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
View PDF

8 Installing and Configuring the Oracle Identity Manager Design Console

This chapter explains how to install the Oracle Identity Manager Design Console, which is a Java client. You can install the Design Console on the same computer as Oracle Identity Manager or on a different computer.

This chapter discusses the following topics:

8.1 Requirements for Installing the Design Console

Verify that the following requirements are met for the Design Console installation:

8.2 Installing the Design Console

The following procedure describes how to install the Design Console.


All Oracle Identity Manager components must be installed in different home directories. If you are installing the Design Console on a computer that is hosting another Oracle Identity Manager component, such as Oracle Identity Manager or the Remote Manager, then you must specify a different installation directory for the Design Console.

To install the Design Console on a Microsoft Windows host:

  1. Insert the Oracle Identity Manager Installation CD into your CD-ROM drive.

  2. Using Microsoft Windows Explorer, navigate to the installServer directory on the installation CD.

  3. Double-click the setup_client.exe file.

  4. Specify a language from the list on the Installer page.

    The Welcome page is displayed.

  5. On the Welcome page, click Next.

  6. On the target directory page, perform one of the following steps:

    • The default directory for the Design Console is C:\oracle. To install the Design Console into this directory, click Next.

    • To install the Design Console in another directory, specify the path of the directory in the Directory field, and then click Next.


      If the directory path that you specified does not exist, then the Base Directory settings field is displayed. Click OK. This directory is automatically created. If you do not have write permission to create the default directory for Oracle Identity Manager, then a message is displayed informing you that the installer could not create the directory. Click OK to close the message, and then contact your system administrator to obtain the appropriate permissions.
  7. On the Application Server page, select Oracle WebLogic, then click Next.

    The Application Client Location page is displayed.

  8. Specify an existing JRE. Then, click Next. The Application Server configuration page is displayed.


    Select the JRE for the application server that is in use.
  9. On the Application Server configuration page, enter the information appropriate for the application server hosting Oracle Identity Manager:

    1. In the first field, enter the host name or IP address.


      The host name is case-sensitive.
    2. In the second field, enter the naming port for the application server on which Oracle Identity Manager is deployed.

    3. Click Next.

  10. On the Graphical Workflow Rendering Information page, enter the Application server configuration information. To do so:

    1. Enter the Oracle Identity Manager server (host) IP address.

    2. Enter the port number.

    3. Select Yes or No to specify whether or not the Design Console must use Secure Sockets Layer (SSL).

    4. Click Next.

  11. On the Shortcut page, select or clear the check boxes for the shortcut options according to your preferences:

    1. Select the option to create a shortcut to the Design Console on the Start Menu.

    2. Select the option to create a shortcut to the Design Console on the desktop.

    Click Next to move to the next page.

  12. On the Summary page, click Install to initiate the Design Console installation.

  13. Click Finish to complete the installation process.

8.3 Postinstallation Requirements for the Design Console

Perform the following steps after installing the Design Console:

  1. If you are pointing the Design Console to a clustered server installation, edit the OIM_DC_HOME\xlclient\Config\xlconfig.xml file to add the cluster members in the URL under the <Discovery> section, and point the Application URL for Workflow Visualization to the Web server to access the cluster.

    For example:

    • <ApplicationURL>http://webserver/xlWebApp/</ApplicationURL>

    • <Discovery>.<CoreServer>.<java.naming.provider.url>t3://, </java.naming.provider.url>

  2. In the configuration XML file, change the multicast address to match that of Oracle Identity Manager:

    1. Open the following file:

    2. Search for the <MultiCastAddress> element, and copy the value assigned to this element.

    3. Open the following file:

    4. Search for the <Cache> element, and replace the value of the <MultiCastAddress> element inside this element with the value that you copy in Step b.

8.4 Starting the Design Console

To start the Design Console, double-click OIM_DC_HOME\xlclient\xlclient.cmd or select Design Console from the Microsoft Windows Start menu or desktop.

8.5 Setting the Compiler Path for Adapter Compilation

In the System Configuration form of the Design Console, you must set the XL.CompilerPath system property to include the path of the bin directory inside the JDK directory (JDK_HOME\bin) that is used by the application server on which Oracle Identity Manager is deployed.

Then, restart Oracle Identity Manager.

See Also:

The "Rule Elements, Variables, Data Types, and System Properties" section in Oracle Identity Manager Reference

8.6 Enabling SSL Communication (Optional)

The following topics provide information required for enabling SSL communication between the Design Console and Oracle WebLogic Server:

8.6.1 Prerequisites or Assumptions

The following are the prerequisites or assumptions for enabling SSL communication:

  • Oracle WebLogic Server is installed.

  • The WebLogic Domain directory is C:\bea\user_projects\domains\oim.

  • The Oracle WebLogic Server home (WL_HOME) directory is C:\bea\wlserver_10.3.

  • The identity store is support.jks and the password is support.

  • The certificate request is made for host and for Oracle Identity Management Group.

  • The self-sign certificate is named supportcert.pem.

  • The private key alias is support, and the password is weblogic.

  • The setEnv.cmd or script is run to set up PATH, CLASSPATH, and other variables.

8.6.2 SSL Certificate Setup

This section discusses the following topics: Generating Keys

Generate private/public certificate pairs by using the keytool command provided. The following command creates an identity keystore (support.jks). Change the parameter values passed to the keytool command according to your requirements. Ensure that there is no line break in the keytool argument.

keytool -genkey
        -alias support
        -keyalg RSA
        -keysize 1024
        -dname ", OU=Identity, O=Oracle Corporation, 
L=RedwoodShores, S=California, C=US"
        -keypass weblogic
        -keystore C:\bea\user_projects\domains\oim\support.jks
        -storepass support


Use the same host name that you would use in the xlconfig.xml file. For example, if you use and t3s:// in the xlconfig.xml file, then the value of CN in the keytool command must be Oracle recommends that you generate an SSL certificate by using the domain name (for example, instead of the IP address. Signing the Certificates

Use the following command to sign the certificates that you created.

keytool -selfcert -alias support 
        -sigalg MD5withRSA 
        -validity 2000 
        -keypass weblogic 
        -keystore C:\bea\user_projects\domains\oim\support.jks 
        -storepass support


Oracle recommends that you use trusted certificate authorities, for example, VeriSign or Thawte, for signing the certificates. Exporting the Certificate

Use the following command to export the certificate from the identity keystore to a file, for example, supportcert.pem:

keytool -export -alias support 
        -file C:\bea\user_projects\domains\oim\supportcert.pem 
        -keypass weblogic 
        -keystore C:\bea\user_projects\domains\oim\support.jks 
        -storepass support Configuring the Trust Store

To configure the trust store:

  1. Copy the supportcert.pem file to the following location on the Design Console: OIM_DC_HOME\java\lib\security.

  2. Open a command prompt at OIM_DC_HOME\java\lib\security and run the following command:

    cd OIM_DC_HOME\java\lib\security
    keytool -import 
            -alias support 
            -file supportcert.pem 
            -keystore cacerts 
            -storepass changeit


    For a clustered installation, repeat all of the steps for each of the participating nodes in the cluster. However, you do not generate keys or sign and export certificates if the other server in the cluster is located on the same host.

8.6.3 Configuration Changes

The following sections provide information related to the configuration changes required for a successful SSL connection. Changes to the Design Console

Perform the following steps:

  1. On the computer in which the Design Console is installed, go to OIM_DC_HOME\xlclient\Config\xlconfig.xml.

  2. Modify the xlconfig.xml file to use HTTPS and T3S protocol and SSL port to connect to the server, as shown in the following element:


    For a clustered installation, you can send an https request to only one of the servers in the cluster, as shown in the following element:


    Alternatively, you can point to the Web server SSL URL based on the Web server configuration. If you want to use the Web server URL, then repeat the steps in the "Configuring the Trust Store" section with the Web server certificate.

    For a clustered installation, ensure that you add the participating nodes to the corresponding SSL port as comma-delimited values in the URL for java.naming.provider.url, as follows:

    <java.naming.provider.url>t3s://node1:7002,node2:7002</java.naming.provider.url> Changes to Oracle WebLogic Server

Perform the following steps:

  1. In the WebLogic Server Administration Console, click Environment, Servers, Server_Name, Configuration, and then General.

  2. Click Lock & Edit.

  3. Select SSL listen port enabled. The default port is 7002.

  4. Click the Keystores tab

  5. From the Keystore list, select Custom Identity and Java Standard Trust.

  6. In the Custom Identity Keystore field, specify C:\bea\user_projects\domains\oim\support.jks as the custom identity keystore file name.

  7. Specify JKS as the custom identity keystore type.

  8. Enter the password in the Custom Identity Keystore Passphrase and Confirm Custom Identity Keystore Passphrase fields.

  9. Click Save.

  10. Click the SSL tab.

  11. Enter support as the private key alias.

  12. Enter the password (for example, support) in the Private Key Passphrase and Confirm Private Key Passphrase fields.

  13. Click Save.

  14. Click Activate changes.

  15. Restart the server for the changes to take effect.


For a clustered installation, repeat all the steps for each of the participating nodes in the cluster, and then restart the cluster. Copying the Oracle WebLogic Server License

To copy the Oracle WebLogic Server license:

  1. Copy license.bea from WL_HOME in the computer on which Oracle WebLogic Server is installed to OIM_DC_HOME in the computer on which the Design Console is installed.

  2. Open the OIM_DC_HOME/classpath.bat file and add OIM_DC_HOME to the classpath at the end of the file.

  3. Copy *webserviceclient+ssl.jar, wlcipher.jar*, and *jsafeFIPS.jar* from WL_HOME\server\lib to OIM_DC_HOME\ext.

    Add *webserviceclient+ssl.jar*, *wlcipher.jar*, and *jsafeFIPS.jar* in the classpath.bat file.

8.7 Removing the Design Console Installation

To remove the Design Console installation:

  1. Stop Oracle Identity Manager and the Design Console if they are running.

  2. Stop all Oracle Identity Manager processes.

  3. Delete the OIM_DC_HOME directory in which you installed the Design Console.