This topic describes how to configure Oracle Identity Federation (OIF) in a new or existing WebLogic administration domain with RDBMS data stores. It includes the following sections:
Perform the configuration in this topic to quickly deploy Oracle Identity Federation with RDBMS User Store, Federation Store, Session Store, Message Store, and Configuration Store.
Performing the configuration in this section deploys the following components:
If you configure Oracle Identity Federation in a new domain:
WebLogic Administration Server
Fusion Middleware Control
WebLogic Managed Server
Oracle Identity Federation
Optionally, Oracle HTTP Server
If you configure Oracle Identity Federation in an existing domain:
WebLogic Managed Server
Oracle Identity Federation
Optionally, Oracle HTTP Server
The configuration in this section depends on the following:
Oracle WebLogic Server
Oracle Database for User Store, Federation Store, Session Store, Message Store, and Configuration Store.
New Identity Management - Oracle Identity Federation schema existing in the database for Federation Store, Session Store, Message Store, and Configuration Store.
Table for storing user data in the User Store database.
LDAP repository, if using LDAP for Authentication.
Perform the following steps to configure Oracle Identity Federation in a new or existing domain with RDBMS User Store, Federation Store, User Session Store, Message Store, and Configuration Store:
Install the database(s) for the RDBMS User Store, Federation Store, User Session Store, Message Store, and Configuration Store. Refer to Installing Oracle Database for more information.
Create the Identity Management - Oracle Identity Federation schema in the database(s). Refer to Creating Database Schema Using the Repository Creation Utility (RCU) for more information.
Decide if you want to use an LDAP repository for Authentication. If you do, you must install the LDAP repository before you can install Oracle Identity Federation.
Ensure that Oracle Identity Federation is installed, as described in Installation Roadmap and Installing the Latest Version of Oracle Identity Management.
Run <Oracle_Home>/bin/config.sh (On UNIX) or <Oracle_Home>\bin\config.bat to start the Oracle Identity Management Configuration Wizard. Click Next to continue.
On the Select Domain screen, choose whether to install Oracle Identity Federation in a new or existing domain:
To configure Oracle Identity Federation in a new domain:
Select Create New Domain.
Enter the user name for the new domain in the User Name field.
Enter the user password for the new domain in the User Password field.
Enter the user password again in the Confirm Password field.
Enter a name for the new domain in the Domain Name field.
Click Next. The Specify Installation Location screen appears.
Continue the installation by going to step 7 now.
To install Oracle Identity Federation in an existing domain:
Select Extend Existing Domain.
Enter the name of the host that contains the domain in the Host Name field.
Enter the listen port for the WebLogic Administration Server in the Port field.
Enter the user name for the domain in the User Name field.
Enter the password for the domain user in the User Password field.
Click Next. The Specify Installation Location screen appears.
Identify the Homes, Instances, and the WebLogic Server directory by referring to Identifying Installation Directories.
Note:
To install Oracle Identity Management components in an existing Oracle WebLogic Server administration domain, each Oracle WebLogic Server Home, Oracle Middleware Home, and Oracle Home directory in the domain must have identical directory paths and names.After you enter information for each field, click Next. The Specify Security Updates screen appears.
Choose how you want to be notified about security issues:
If you want to be notified about security issues through email, enter your email address in the Email field.
If you want to be notified about security issues through My Oracle Support (formerly MetaLink), select the My Oracle Support option and enter your My Oracle Support Password.
If you do not want to be notified about security issues, leave all fields empty.
Click Next. The Configure Components screen appears.
Select Oracle Identity Federation—and optionally, Oracle HTTP Server. Refer to "Configuring Oracle HTTP Server for OIF" for information about configuring these two components simultaneously.
If you are installing Oracle Identity Federation in a new domain, the Fusion Middleware Control management component is automatically selected for installation.
Ensure no other components are selected and click Next. The Configure Ports screen appears.
Choose how you want the Installer to configure ports:
Select Auto Port Configuration if you want the Installer to configure ports from a predetermined range.
Select Specify Ports using Configuration File if you want the Installer to configure ports using the staticports.ini file. You can click View/Edit File to update the settings in the staticports.ini file.
Click Next. The Select Oracle Identity Federation Configuration Type screen appears.
Select Advanced and click Next. The Specify OIF Details screen appears.
Enter the following information:
PKCS12 Password: Enter the password Oracle Identity Federation will use for encryption and for signing wallets. The Installer automatically generates these wallets with self-signed certificates. Oracle recommends using the wallets only for testing.
Confirm Password: Enter the PKCS12 password again.
Server ID: Enter a string that will be used to identify this Oracle Identity Federation instance. A prefix of oif will be added to the beginning of the string you enter. Each logical Oracle Identity Federation instance within an Oracle WebLogic Server administration domain must have a unique Server ID. Clustered Oracle Identity Federation instances acting as a single logical instance will have the same Server ID.
Click Next. The Select OIF Advanced Flow Attributes screen appears.
Select the following and click Next:
Authentication Type: JAAS or LDAP
Select JAAS to delegate authentication to the application server.
Select LDAP to authenticate against an LDAP repository.
User Store: RDBMS
Federation Store: RDBMS
User Session Store: RDBMS
Message Store: RDBMS
Configuration Store: RDBMS
Note:
The screen that appears next depends on what you selected for Authentication:If you selected LDAP for Authentication Type, the Specify Authentication LDAP Details screen appears. Continue you installation by going to step 14 now.
If you selected JAAS for Authentication Type, the Specify User Store Database Details screen appears. Continue you installation by going to step 15 now.
Enter the following information on the Specify Authentication LDAP Details screen to identify the LDAP repository that will perform authentication:
LDAP Type: Select the appropriate LDAP repository.
LDAP URL: Enter the URL connection string for the LDAP repository in the form: protocol://hostname:port
Note:
If you selected Microsoft Active Directory for the LDAP Type, you must specify an SSL LDAP URL, that is, ldaps://hostname:port.LDAP Bind DN: Enter the bind DN for the LDAP repository.
LDAP Password: Enter the password for the bind DN.
User Credential ID Attribute: Enter the LDAP attribute Oracle Identity Federation will use to authenticate users. For example, if you enter mail and the value of the mail attribute for a user is jane.doe@domain.com, then Jane Doe must enter jane.doe.@domain.com when challenged. Values for the LDAP attribute you identify for User Credential ID Attribute must be unique for all users.
User Unique ID Attribute: Enter the LDAP attribute that will uniquely identify users to Oracle Identity Federation. The value you enter must be identical to the value you enter for the User Data Store's User ID Attribute parameter. For example, if you enter mail for User Unique ID Attribute and you configure the User Data Store's User ID Attribute parameter with a value of EmailAddress, then the value of mail in the authentication engine repository must equal the value of EmailAddress in the User Data Store. Values for the LDAP attribute you identify for User Unique ID Attribute must be unique for all users.
Person Object Class: Enter the LDAP object class that represents a user in the LDAP repository. For example: inetOrgPerson for Oracle Internet Directory and Sun Java System Directory Server, and user for Microsoft Active Directory.
Base DN: Enter the root DN that searches will start from.
Click Next. The Specify User Store Database Details screen appears.
Enter the following information to identify the database that will store user data:
HostName: Enter the connection string to the database host in the form: hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form: hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Username: Enter the database username.
Password: Enter the password for the database user.
Login Table: Enter the name of the table that will store user data. The value you enter must be a valid table name, and the values you enter for User ID Attribute and User Description Attribute must be valid column names in the table you identify.
User ID Attribute: Enter the name of the table column to use for the Oracle Identity Federation user ID. The value you enter must be a valid column name in the table you identified for the Login Table parameter.
User Description Attribute: Enter the name of the table column to use for the user description. The value you enter must be a valid column name in the table you identified for the Login Table parameter.
Click Next. The Specify Federation Store Database Details screen appears.
Enter the following information to identify the database that will store federated user account linking data:
HostName: Enter the connection string to the database host in the form: hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form: hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Username: Enter the name of the schema owner created by RCU, which is of the form PREFIX_OIF.
Password: Enter the password for the database user.
Click Next. The Specify Transient Store Database screen appears.
Enter the following information to identify the database that will store transient runtime session state data, protocol messages, and Oracle Identity Federation configuration data:
HostName: Enter the connection string to the database host in the form: hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form: hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Username: Enter the name of the schema owner created by RCU, which is of the form PREFIX_OIF.
Password: Enter the password for the database user.
Click Next. The Installation Summary screen appears.
Complete the installation by performing all the steps in Completing an Installation.