9 Postinstallation Configuration for Oracle Identity Manager and Oracle WebLogic Server

After you install Oracle Identity Manager, you may have to perform certain postinstallation tasks before you can use the application. Some of the postinstallation tasks are optional, depending on your deployment and requirement.

This chapter discusses the following topics:

Starting Oracle Identity Manager
Stopping Oracle Identity Manager
Accessing the Administrative and User Console
Using the Diagnostic Dashboard to Verify Installation
Increasing the Memory and Setting the Java Option
Changing Keystore Passwords
Setting the Compiler Path for Adapter Compilation
Removing Backup xlconfig.xml Files After Starting or Restarting (Optional)
Configuring Proxies to Access Web Application URLs (Optional)
Setting Log Levels (Optional)
Enabling Single Sign-On (SSO) for Oracle Identity Manager (Optional)
Configuring Custom Authentication (Optional)
Protecting the JNDI Namespace (Optional)
Deploying the SPML Web Service (Optional)
Configuring Database-Based HTTP Session Failover (Optional)

Perform the following procedures if you upgrade from Oracle WebLogic Server release 10.3.0 to release 10.3.1 or later:

Upgrading the weblogic.xml File
Changing the Memory Settings
Updating the JDK and JRockit Installation

9.1 Starting Oracle Identity Manager

This section describes how to start Oracle Identity Manager on Microsoft Windows and UNIX.

To start Oracle Identity Manager:

Verify that your database is up and running.
Start Oracle Identity Manager by running one of the following scripts. Running the Oracle Identity Manager start script also starts Oracle WebLogic Server.

To start an Administrative Server on Microsoft Windows, run the OIM_HOME\xellerate\bin\xlStartServer.bat script.

To start an Administrative Server on UNIX, run the OIM_HOME/xellerate/bin/xlStartServer.sh script.

Note:

If you are using Microsoft SQL Server as the database, then before starting Oracle Identity Manager (Administrative Server) on UNIX, ensure that you copy the sqljdbc.jar file from the SQL2005_JDBC_DRIVER_HOME/sqljdbc_1.2/enu to the BEA_HOME/user_projects/domains/DOMAIN_NAME/lib directory and add the driver location to the CLASSPATH environment variable. For example:
```
export CLASSPATH=/opt/sql_driver_location/sqljdbc.jar
```
In a clustered environment, start the Administrative Server by running the xlStartWLS.bat or xlStartWLS.sh script, and then start the managed servers in the cluster by using the WebLogic Administration Console if you are using WebLogic Node Manager. Otherwise, you can start the managed servers by using the DOMAIN_HOME/bin/xlStartManagedServer script as follows:
```
xlStartManagedServer.cmd/sh MANAGEDSERVERNAME http://ADMINSERVERHOST:ADMINPORT
```
For example:
```
xlStartManagedServer.cmd/sh OIM_SERVER1 http://ADMIN_SERVER_HOST:7001
```

9.2 Stopping Oracle Identity Manager

T his section describes how to stop Oracle Identity Manager on Microsoft Windows and UNIX. To stop an Administrative Server or Managed Server:

Log in to the WebLogic Server Administration Console by using the following URL:
```
http://hostname:port/console
```
In this URL, hostname represents the name of the computer hosting the application server and port refers to the port on which the server is listening. The default port number for Oracle WebLogic Server is 7001.
In the Domain Structure tree on the left pane, expand Environment and then select Servers.
On the right pane, select the Control tab.
Select the check box for the server that you would want to shut down.
From the Shutdown list (at the top or bottom of the table), select either When work completes or Force Shutdown Now.

Note:

In a clustered environment, first stop the Managed servers and then stop the Administrative Server.

9.3 Accessing the Administrative and User Console

After starting the Oracle WebLogic Server and Oracle Identity Manager, you can access the Administrative and User Console by performing the following steps:

Navigate to the following URL by using a Web browser:
```
http://hostname:port/xlWebApp
```
In this URL, hostname represents the name of the computer hosting the application server and port refers to the port on which the server is listening. The default port number for Oracle WebLogic Server is 7001.

Note:
The application name, xlWebApp, is case-sensitive.

For example:
```
http://localhost:7001/xlWebApp
```
After the Oracle Identity Manager login page is displayed, log in with your user name and password.

9.4 Using the Diagnostic Dashboard to Verify Installation

The Diagnostic Dashboard verifies each component in your postinstallation environment by testing for:

A trusted store
Single sign-on configuration
Messaging capability
A task scheduler
A Remote Manager

The Diagnostic Dashboard also checks for all supported versions of components along with their packaging.

9.5 Increasing the Memory and Setting the Java Option

This section describes how to increase the JVM memory settings when Oracle Identity Manager is:

Deployed on WebLogic Admin Server
Deployed on WebLogic Managed Servers

9.5.1 Deployed on WebLogic Admin Server

When Oracle Identity Manager is deployed on WebLogic admin server, to increase the JVM memory settings:

Use the WebLogic Server Administration Console to shut down the application server gracefully.
Navigate to WebLogic DOMAIN_HOME/bin. For example, C:\bea103\user_projects\domains\base_domain\bin or /opt/bea103/user_projects/domains/base_domain/bin.
Open xlStartWLS.cmd for Microsoft Windows. For UNIX, open xlStartWLS.sh.

For Microsoft Windows:

Before "SET JAVA_OPTIONS=....", add any one of the following lines depending on the type of JVM:
- For Sun and HP JVMs, add: set USER_MEM_ARGS=-Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m
- For JRockit JVMs, add: set USER_MEM_ARGS=-Xms1280m -Xmx1280m -XnoOpt
- For IBM JVMs, add: set USER_MEM_ARGS=-Xms1280m -Xmx1280
For UNIX:
1. Before "JAVA_OPTIONS=...", add any one of the following lines depending on the type of JVM:
  
  For Sun and HP JVMs, add: USER_MEM_ARGS=-Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m
  
  For JRockit JVMs, add: USER_MEM_ARGS=-Xms1280m -Xmx1280 -XnoOpt
  
  For IBM JVMs, add: USER_MEM_ARGS=-Xms1280m -Xmx1280
2. Add the following line:
```
export USER_MEM_ARGS
```

9.5.2 Deployed on WebLogic Managed Servers

You can deploy Oracle Identity Manager on WebLogic managed servers. This is the only option for clustered installation. Depending on how you start the managed server, such as by using WebLogic admin console or Node Manager, or by running the scripts, changes must be made in different locations.

9.5.2.1 Starting the Server By Using the xlStartManagedServer script

When managed servers are started by running the xlStartManagedServer script, repeat the steps for increasing the JVM memory settings when Oracle Identity Manager is deployed on WebLogic admin server for script DOMAIN_HOME/bin/xlStartManagedServer.sh or DOMAIN_HOME/bin/xlStartManagedServer.cmd. For more information, see "Deployed on WebLogic Admin Server".

9.5.2.2 Starting the Server By Using Admin Console or Node Manager

When Managed Servers are started by using the Admin console or Node Manager, to increase the JVM memory settings:

Open the WebLogic Server Administration Console.
Click Environment, Servers, SERVER_NAME, for example OIM_SERVER1.
Click the Server Start tab.
Change the JVM Memory values as shown in the procedure when Oracle Identity Manager is deployed on WebLogic admin server.

9.6 Changing Keystore Passwords

During installation, the passwords for the Oracle Identity Manager keystores are set to xellerate. The Installer scripts and installation log contain this default password. It is strongly recommended that you change the keystore passwords for all production installations.

To change the keystore passwords, you must change the storepass of .xlkeystore and the keypass of the xell entry in .xlkeystore. These two values must be identical. Use the keytool utility to change the keystore passwords as follows:

Open a command prompt on the Oracle Identity Manager host computer.
Navigate to the OIM_HOME\xellerate\config directory.

Run the keytool utility with the following options to change the storepass:

JAVA_HOME\jre\bin\keytool -storepasswd -new new_password -storepass xellerate -keystore .xlkeystore -storetype JKS

Run the keytool with the following options to change the keypass of the xell entry in .xlkeystore:

JAVA_HOME\jre\bin\keytool -keypasswd -alias xell -keypass xellerate -new new_password -keystore .xlkeystore -storepass new_password

Note:

Replace new_password with the same password entered in Step 3.

Table 9-1 lists the options used in the preceding example of keytool usage.

Table 9-1 Command Options for the keytool Utility

Option	Description
`JAVA_HOME`	Location of the Java directory associated with the application server
`new_password`	New password for the keystore
`-keystore` `option`	Keystore whose password you are changing (.xlkeystore for Oracle Identity Manager or .xldatabasekey for the database)
`-storetype` `option`	JKS for .xlkeystore and JCEKS for .xldatabasekey

In a text editor, open the OIM_HOME\xellerate\config\xlconfig.xml file.

Edit the <xl-configuration>.<Security>.<XLPKIProvider>.<KeyStore> section, <xl-configuration>.<Security>.<XLPKIProvider>.<Keys> section and the <RMSecurity>.<KeyStore> section to specify the keystore password as follows:

Note:

Change the <XLSymmetricProvider>.<KeyStore> section of the configuration file to update the password for the database keystore (.xldatabasekey).

Change the password tag to encrypted="false".

Enter the password, for example:

<Security>
<XLPKIProvider>
<KeyStore>
      <Location>.xlkeystore</Location>
      <Password encrypted="false">new_password</Password>
      <Type>JKS</Type>
      <Provider>sun.security.provider.Sun</Provider>
</KeyStore>
<Keys> 
<PrivateKey> 
<Alias>xell</Alias> 
<Password encrypted="false">new_password</Password> 
</PrivateKey> 
</Keys> 
<RMSecurity> 
<KeyStore> 
<Location>.xlkeystore</Location> 
<Password encrypted="false">new_password</Password> 
<Type>JKS</Type> 
<Provider>sun.security.provider.Sun</Provider> 
</KeyStore>

Save and close the xlconfig.xml file.
Note:
When you perform the procedures described in the "Starting Oracle Identity Manager" and "Stopping Oracle Identity Manager" sections, a backup of the configuration file is created. The configuration file with the new password is read in, and the password is encrypted in the file. If all of the preceding steps succeed, then you can delete the backup file.
On UNIX, you might also want to clear the command history of the shell by using the following command:
```
history -c
```

9.7 Setting the Compiler Path for Adapter Compilation

To compile adapters or import Deployment Manager XML files that have adapters, you must set the compiler path. To set the compiler path for adapter compilation, you must first install the Design Console. Refer to Chapter 8, "Installing and Configuring the Oracle Identity Manager Design Console" for instructions on installing the Design Console and then setting the compiler path for adapter compilation.

9.8 Removing Backup xlconfig.xml Files After Starting or Restarting (Optional)

After you start any Oracle Identity Manager component for the first time, or after you change any passwords in the xlconfig.xml file, Oracle Identity Manager encrypts and saves the passwords. Oracle Identity Manager also creates a backup copy of the xlconfig.xml file before saving changes to the file. These backup files contain old passwords in plaintext. The backup files are named xlconfig.xml.x, where x is the latest available number, for example, xlconfig.xml.0, xlconfig.xml.1, and so on.

Note:

You must remove these backup files after starting any Oracle Identity Manager component for the first time, or on restarting after changing any passwords in xlconfig.xml once you have established that the new password is working properly.

9.9 Configuring Proxies to Access Web Application URLs (Optional)

By default, Oracle Identity Manager uses the following Web application URLs. You may have to configure proxies to allow access to the following URLs:

/xlWebApp
/xlScheduler
/Nexaweb
/spmlws

9.10 Setting Log Levels (Optional)

Oracle Identity Manager uses log4j for logging. Logging levels are configured in the logging properties file, OIM_HOME/xellerate/config/log.properties.

The following is a list of the supported log levels, appearing in descending order of information logged. DEBUG logs the most information and FATAL logs the least information:

DEBUG
INFO
WARN
ERROR
FATAL

By default, Oracle Identity Manager is configured to provide output at the WARN level except for DDM, which is configured to provide output at the DEBUG level. You can change the log level universally for all components or for one or more individual component.

Oracle Identity Manager components are listed in the OIM_HOME\xellerate\config\log.properties file in the XELLERATE section. For example:

log4j.logger.XELLERATE=WARN
log4j.logger.XELLERATE.DDM=DEBUG
log4j.logger.XELLERATE.ACCOUNTMANAGEMENT=DEBUG
log4j.logger.XELLERATE.SERVER=DEBUG
log4j.logger.XELLERATE.RESOURCEMANAGEMENT=DEBUG
log4j.logger.XELLERATE.REQUESTS=DEBUG
log4j.logger.XELLERATE.WORKFLOW=DEBUG
log4j.logger.XELLERATE.WEBAPP=DEBUG
log4j.logger.XELLERATE.SCHEDULER=DEBUG
log4j.logger.XELLERATE.SCHEDULER.Task=DEBUG
log4j.logger.XELLERATE.ADAPTERS=DEBUG
log4j.logger.XELLERATE.JAVACLIENT=DEBUG
log4j.logger.XELLERATE.POLICIES=DEBUG
log4j.logger.XELLERATE.RULES=DEBUG
log4j.logger.XELLERATE.DATABASE=DEBUG
log4j.logger.XELLERATE.APIS=DEBUG
log4j.logger.XELLERATE.OBJECTMANAGEMENT=DEBUG
log4j.logger.XELLERATE.JMS=DEBUG
log4j.logger.XELLERATE.REMOTEMANAGER=DEBUG
log4j.logger.XELLERATE.CACHEMANAGEMENT=DEBUG
log4j.logger.XELLERATE.ATTESTATION=DEBUG
log4j.logger.XELLERATE.AUDITOR=DEBUG

To set Oracle Identity Manager log levels, edit the logging properties in the OIM_HOME\xellerate\config\log.properties file as follows:

Note:

For a clustered installation, perform this procedure on all the nodes of the cluster.

Open the OIM_HOME\xellerate\config\log.properties file in a text editor.

This file contains a general setting for Oracle Identity Manager and specific settings for the components and modules that comprise Oracle Identity Manager.

By default, Oracle Identity Manager is configured to provide output at the WARN level:
```
log4j.logger.XELLERATE=WARN
```
This is the general value for Oracle Identity Manager. Individual components and modules are listed following the general value in the properties file. You can set individual components and modules to different log levels. The log level for a specific component overrides the general setting.
Set the general value to the required log level.
Set other component log levels according to your requirement.

Individual components or modules can have different log levels. For example, the following values set the log level for the Account Management module to INFO, whereas the server is at DEBUG, and the rest of Oracle Identity Manager is at the WARN level:
```
log4j.logger.XELLERATE=WARN
log4j.logger.XELLERATE.ACCOUNTMANAGEMENT=INFO
log4j.logger.XELLERATE.SERVER=DEBUG
```
Save your changes.

9.11 Enabling Single Sign-On (SSO) for Oracle Identity Manager (Optional)

The following procedure describes how to enable Single Sign-On with ASCII character logins. To enable Single Sign-On with non-ASCII character logins, use the following procedure, but include the additional configuration setting described in Step 4.

9.12 Configuring Custom Authentication (Optional)

This section describes how to use custom authentication solutions with Oracle Identity Manager.

Oracle Identity Manager deploys a Java Authentication and Authorization Service (JAAS) module to authenticate users. For unattended logins, which require offline message processing and scheduled task execution, Oracle Identity Manager uses signature-based authentication. Although you should use JAAS to handle signature-based authentication, you can create a custom authentication solution to handle standard authentication requests.

Note:

The Oracle Identity Manager JAAS module must be deployed on the application server and must be the first invoked authenticator.

To enable custom authentication on Oracle WebLogic Server, you use the WebLogic Server Console, which allows you to add multiple authentication providers and invoke them in a specific order. The custom authentication provider that you specify will handle standard authentication requests, and the Oracle Identity Manager JAAS module will continue to handle signature-based authentication.

Note:

The custom authentication provider that you specify must appear after the Oracle Identity Manager JAAS module in the WebLogic Server Console's list of authentication providers.

To specify a custom authentication provider for Oracle WebLogic Server:

Start the WebLogic Server Console and open the Authentication Providers page from domain/Security/Realms/realm name/Providers/Authentication.
On the Authentication Providers page, select Oracle Identity Manager Authenticator from the table at the bottom of the page. The Oracle Identity Manager Authenticator page is displayed.
On the Oracle Identity Manager Authenticator page, select the Allow Custom Authentication option on the Details tab, and then click Apply.
On the Authentication Providers page, configure a new authentication provider by clicking the Configure a new link for the custom authentication provider that you want to add.
When you finish configuring the new authentication provider, confirm that it is listed after Oracle Identity Manager Authenticator (which is the Oracle Identity Manager JAAS module) in the list of authentication providers. If the Oracle Identity Manager Authenticator is not listed above your custom authentication provider, then click Reorder the Configured Authentication Providers.

9.13 Protecting the JNDI Namespace (Optional)

When you specify a custom authentication solution, you should also protect the Java Naming and Directory Interface (JNDI) namespace to ensure that only designated users have permission to view resources. The primary purpose of protecting the JNDI namespace is to protect Oracle Identity Manager from any malicious applications that might be installed in the same application server instance. Even if no other applications, malicious or otherwise, are installed in the same application server instance as Oracle Identity Manager, you should protect your JNDI namespace as a routine security measure.

To protect your JNDI namespace and configure Oracle Identity Manager to access it:

From the WebLogic Server Console:
1. Click Environment, Servers, and then AdminServer.
2. Click the View JNDI Tree link.
3. On the page that is displayed, click the Security tab.
4. On the Security tab, click the Policies tab.
5. Click Add Conditions in the Policy Conditions section. The Choose a Predicate page is displayed.
6. From the Predicate List list, you must select a predicate to create a security condition policy. For Oracle Identity Manager, select User from the list and click Next.
7. In the User Argument Name field, enter Internal or xelsysadm based on your requirements and click Add.
8. Click Finish.
Note:
For a clustered installation, repeat the steps for all the available servers in the domain where Oracle Identity Manager is installed.
Open the OIM_HOME/config/xlconfig.xml file in a text editor and add the following elements to the <Discovery> element:
```
<java.naming.security.principal>user</java.naming.security.principal>
<java.naming.security.credentials>user_password</java.naming.security.credentials>
```
For user, specify Internal. For user_password, enter the password for Internal.
To optionally encrypt the JNDI password, add an encrypted attribute that is assigned a value of true to the <java.naming.security.credentials> element, and assign the password as the element's value, as follows:
```
<java.naming.security.credentials
  encrypted="true">password</java.naming.security.credentials>
```
Note:
To protect the plain password, it is strongly recommended that you add the encrypted="true" attribute.

Add the following elements to the <Scheduler> element:

<CustomProperties>
  <org.quartz.dataSource.OracleDS.java.naming.security.principal>user
  </org.quartz.dataSource.OracleDS.java.naming.security.principal>
 <org.quartz.dataSource.OracleDS.java.naming.security.credentials>user_password
  </org.quartz.dataSource.OracleDS.java.naming.security.credentials></CustomProperties>

Restart the server.

9.14 Deploying the SPML Web Service (Optional)

Organizations can have multiple provisioning systems that exchange information about the modification of user records. In addition, there can be applications that interact with multiple provisioning systems. The SPML Web Service provides a layer over Oracle Identity Manager to interpret SPML requests and convert them to Oracle Identity Manager calls.

The SPML Web Service is packaged in a deployable Enterprise Archive (EAR) file. This file is generated when you install Oracle Identity Manager.

Because the EAR file is generated while you install Oracle Identity Manager, a separate batch file in the Oracle Identity Manager home directory runs the scripts that deploy the SPML Web Service on the application server on which Oracle Identity Manager is running. You must run the batch file to deploy the SPML Web Service.

For more information, see Chapter 12, "The SPML Web Service" in Oracle Identity Manager Tools Reference.

9.15 Configuring Database-Based HTTP Session Failover (Optional)

Oracle Identity Manager on Oracle WebLogic Server cluster is by default configured to provide memory-to-memory session replication and failover. However, it is possible to use database-based replication.To enable database-based replication:

Edit the profile WebLogic.profile in OIM_HOME/Profiles on the application server host, and change the replication mechanism from InMemory to Database.
Delete the OIM_HOME\xellerate\OIMApplications directory.
To patch the application, run the patch_weblogic script, which is located in the OIM_HOME\xellerate\setup directory.

Note:
The database tables required for holding the sessions must be created manually. Refer to Oracle WebLogic Server documentation for information about creating these tables.

It is possible to use other types of failover mechanisms in Oracle WebLogic Server. To use them, change the deployment descriptor (weblogic.xml) in the OIM_HOME/DDTemplates/xlWebApp directory, then insert the settings for the Web application descriptor. After the change, run the patch_weblogic script to fix the existing application.

Note:
If the deployment descriptor is changed (for example, during an upgrade), then you must perform the same changes again on the deployment descriptor.

9.16 Upgrading the weblogic.xml File

If you upgrade from Oracle WebLogic Server release 10.3.0 to release 10.3.1 or later, then upgrade the weblogic.xml file as follows:

Note:

In a clustered environment, perform this procedure on all the nodes.

Open the OIM_HOME/xellerate/DDTemplates/xlWebApp/weblogic.xml file in a text editor.

In this file, search for the following block of code:

<XDtConfig:ifConfigParamEquals paramName="clustering" value="true"> 
<XDtConfig:ifConfigParamEquals paramName="replication" value="InMemory"> 
<session-descriptor> 
<persistent-store-type>replicated</persistent-store-type> 
</session-descriptor> 
</XDtConfig:ifConfigParamEquals> 
 
<XDtConfig:ifConfigParamEquals paramName="replication" value="Database"> 
<session-descriptor> 
<persistent-store-type>jdbc</persistent-store-type> 
<persistent-data-source-jndi-name>xlDS</persistent-data-source-jndi-name> 
</session-descriptor> 
</XDtConfig:ifConfigParamEquals> 
</XDtConfig:ifConfigParamEquals>

Replace that block of code with the following:

<XDtConfig:ifConfigParamEquals paramName="replication" value="InMemory"> 
<session-descriptor>
<persistent-store-type>replicated_if_clustered</persistent-store-type> 
<cookie-http-only>false</cookie-http-only> 
</session-descriptor> 
</XDtConfig:ifConfigParamEquals> 
 
<XDtConfig:ifConfigParamEquals paramName="replication" value="Database"> 
<session-descriptor> 
<persistent-store-type>jdbc</persistent-store-type> 
<persistent-data-source-jndi-name>xlDS</persistent-data-source-jndi-name> 
</session-descriptor> 
</XDtConfig:ifConfigParamEquals>

Save and close the file.

Run the patch_weblogic script as follows:

OIM_HOME/xellerate/setup/patch_weblogic.sh (or patch_weblogic.cmd) WEBLOGIC_ADMIN_PASSWORD OIM_DB_USER_PASSWORD

9.17 Changing the Memory Settings

If you upgrade from Oracle WebLogic Server release 10.3.0 to release 10.3.1 or later, then change the memory settings as follows:

For Microsoft Windows:

In a text editor, open the DOMAIN_HOME\bin\setDomainEnv.cmd file.

In this file, search for the following line:

set MEM_MAX_PERM_SIZE_32BIT=-XX:MaxPermSize=128m

Change this line to the following:

set MEM_MAX_PERM_SIZE_32BIT=-XX:MaxPermSize=256m

Save and close the file.
Restart Oracle WebLogic Server.

For UNIX:

In a text editor, open the DOMAIN_HOME/bin/setDomainEnv.sh file.

In this file, search for the following lines:

MEM_MAX_PERM_SIZE_32BIT="-XX:MaxPermSize=128m"
export MEM_MAX_PERM_SIZE_32BIT

Change these lines to the following:

MEM_MAX_PERM_SIZE_32BIT="-XX:MaxPermSize=256m"
export MEM_MAX_PERM_SIZE_32BIT

Save and close the file.
Restart Oracle WebLogic Server.

9.18 Updating the JDK and JRockit Installation

If you upgrade from Oracle WebLogic Server release 10.3.0 to release 10.3.1 or later, then update the JDK and JRockit installation as follows:

Navigate to the DOMAIN_HOME/bin directory.

Sample path for Microsoft Windows:

C:\bea103\user_projects\domains\base_domain\bin

Sample path for UNIX:

/opt/bea103/user_projects/domains/base_domain/bin
Open one of the following files:

For Microsoft Windows: xlStartWLS.cmd

For UNIX: xlStartWLS.sh
Set the Java memory options as follows:
- For Microsoft Windows:
  
  Before the SET JAVA_OPTIONS=.... line, add any one of the following lines depending on the type of JVM:
  - For Sun and HP JVMs, add the following line:
```
set USER_MEM_ARGS=-Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m
```
  - For JRockit JVMs, add the following line:
```
set USER_MEM_ARGS=-Xms1280m -Xmx1280m -XnoOpt
```
- For UNIX:
  
  Before the JAVA_OPTIONS=... line, add any one of the following lines depending on the type of JVM:
  - For Sun and HP JVMs, add the following line:
```
USER_MEM_ARGS=-Xms1280m -Xmx1280m -XX:PermSize=128m -XX:MaxPermSize=256m
```
  - For JRockit JVMs, add the following lines:
```
USER_MEM_ARGS=-Xms1280m -Xmx1280 -XnoOpt
```
Start Oracle WebLogic Server by using xlStartWLS.cmd for Microsoft Windows and xlStartWLS.sh for UNIX.
Log in to the Oracle WebLogic Server Admin console by using WebLogic credentials.
Select Lock and Edit.
Click Environment, Servers, and then Admin Server.
On the Server Start tab, provide inputs about the Java home directory:

JDK: jdk160_14_R27.6.5-32

JRocket: jrockit_160_14_R27.6.5-32

Java vendor: Enter either Sun or BEA.

BEA Home: Enter the full path of the ORACLE_HOME directory in which you install Oracle WebLogic Server.

WebLogic User ID and password
Select Activate Changes.
Restart the server.