1/15
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Enterprise Deployment Overview
1.1
What is an Enterprise Deployment?
1.2
Terminology
1.3
Benefits of Oracle Recommendations
1.3.1
Built-in Security
1.3.2
High Availability
1.4
The Enterprise Deployment Reference Topology
1.4.1
Understanding the Directory Tier
1.4.2
Understanding the Application Tier
1.4.3
Understanding the Web Tier
1.4.4
What to Install
1.5
How to Use This Guide
2
Prerequisites for Enterprise Deployments
2.1
Hardware Resource Planning
2.2
Network Prerequisites
2.2.1
Load Balancers
2.2.2
Configuring Virtual Server Names and Ports on the Load Balancer
2.2.3
Administration Server Virtual IP
2.2.4
Managing Oracle Fusion Middleware Component Connections
2.2.5
Oracle Access Manager Communication Protocol and Terminology
2.2.5.1
Oracle Access Manager Protocols
2.2.5.2
Overview of User Request
2.2.6
Firewall and Port Configuration
2.3
WebLogic Domain Considerations
2.4
Shared Storage and Recommended Directory Structure
2.4.1
Directory Structure Terminology and Environment Variables
2.4.2
Recommended Locations for the Different Directories
3
Creating the WebLogic Server Domain for Identity Management
3.1
Installing Oracle WebLogic Server
3.2
Configuring the WebLogic Server Domain on IDMHOST1
3.3
Creating boot.properties for the Administration Server
3.4
Enabling Administration Server High Availability
3.4.1
Enabling a Virtual IP Address on IDMHOST1
3.4.2
Creating a Machine for the Administration Server
3.4.3
Enabling the Administration Server to Listen on the Virtual IP Address
3.4.4
Enabling High Availability for the Administration Server and Fusion Middleware Control
3.5
Backing Up the WebLogic Server Domain Configuration
4
Installing and Configuring OID and OVD
4.1
Directory Tier Considerations
4.1.1
Directory Services-only Topologies
4.1.1.1
Oracle Virtual Directory-only Topology
4.1.1.2
Oracle Internet Directory-only Topology
4.2
Database Prerequisites
4.3
Installing and Configuring the Database Repository
4.3.1
Configuring the Database for Oracle Fusion Middleware 11g Metadata
4.4
Executing the Repository Creation Utility
4.5
Installing the Oracle Internet Directory Instances
4.5.1
Synchronizing the Time on Oracle Internet Directory Nodes
4.5.2
Installing the First Oracle Internet Directory
4.5.3
Installing an Additional Oracle Internet Directory
4.5.4
Registering Oracle Internet Directory with the WebLogic Server Domain
4.6
Installing the Oracle Virtual Directory Instances
4.6.1
Installing the First Oracle Virtual Directory
4.6.1.1
SSL Validation for Oracle Virtual Directory
4.6.2
Installing an Additional Oracle Virtual Directory
4.6.3
Registering Oracle Virtual Directory with the Oracle WebLogic Server Domain
4.6.4
Configuring Oracle Virtual Directory Communication with LDAP
4.7
Validating the Directory Tier Components
4.8
Backing Up the Directory Tier Configuration
5
Installing and Configuring Oracle DIP and ODSM
5.1
Extending the Oracle WebLogic Domain with DIP and ODSM
5.2
Expanding the DIP and ODSM Cluster
5.2.1
Install and Configure DIP and ODSM on IDMHOST2
5.2.2
Post-Installation Steps
5.2.2.1
Copy the DIP Application from IDMHOST1 to IDMHOST2
5.2.2.2
Set the Listen Address for the Managed Servers
5.2.2.3
Start the wls_ods2 Managed Server on IDMHOST2
5.3
Provisioning the Managed Servers on the Local Disk
5.4
Validating the Application Tier Configuration
5.4.1
Validating Oracle Directory Services Manager
5.4.2
Validating Oracle Directory Integration Platform
5.4.3
Failover Administration Server and Oracle Fusion Middleware Control Failover to IDMHOST2
5.4.4
Failback Administration Server and Oracle Fusion Middleware Control Failover to IDMHOST1
5.5
Backing Up the Application Tier Configuration
6
Installing and Configuring the Web Tier
6.1
Prerequisites
6.2
Installing Oracle HTTP Server on WEBHOST1 and WEBHOST2
6.3
Validating the Installations of Oracle HTTP Server
6.4
Configuring Oracle HTTP Server with the Load Balancer
6.5
Configuring Oracle HTTP Server for Virtual Hosts
6.6
Configuring mod_wl_ohs for Oracle WebLogic Server Clusters
6.7
Setting the Frontend URL for the Administration Console
6.8
Validating the Web Tier Configuration
6.9
Backing up the Web Tier Configuration
7
Installing and Configuring Oracle Access Manager
7.1
Introduction to Installing Oracle Access Manager
7.1.1
Using 10
g
Oracle Single Sign-On and Delegated Administration Services
7.1.2
Using Different LDAP Directory Stores
7.1.2.1
Using Oracle Virtual Directory as the Identity Store
7.2
Prerequisites
7.3
Identity System Installation and Configuration
7.3.1
Installing Identity Servers on OAMHOST1 and OAMHOST2
7.3.1.1
Installing the First Identity Server on OAMHOST1
7.3.1.2
Installing the Second Identity Server on OAMHOST2
7.3.2
Installing Oracle HTTP Server on OAMADMINHOST
7.3.2.1
Installing Oracle HTTP Server
7.3.2.2
Validating the Installation of Oracle HTTP Server
7.3.3
Installing WebPass on OAMADMINHOST
7.3.3.1
Validating the WebPass Installation
7.3.4
Configuring Identity Servers Using WebPass
7.3.4.1
Configuring the First Identity Server
7.3.4.2
Configuring the Second Identity Server
7.4
Access System Installation and Configuration
7.4.1
Installing the Policy Manager on OAMADMINHOST
7.4.1.1
Configuring the Policy Manager
7.4.2
Installing the Access Server on OAMHOST1 and OAMHOST2
7.4.2.1
Creating an Access Server Instance
7.4.2.2
Starting the Access Server Installation
7.4.3
Installing WebGate on OAMADMINHOST, WEBHOST1, and WEBHOST2
7.4.3.1
About the Oracle Access Manager Configuration Tool
7.4.3.2
Collecting the Information for the OAM Configuration Tool
7.4.3.3
Running the OAM Configuration Tool
7.4.3.4
Update the Host Identifier
7.4.3.5
Update the WebGate Profile
7.4.3.6
Assigning an Access Server to the WebGate
7.4.3.7
Installing the WebGate
7.5
Backing Up the Oracle Access Manager Configuration
8
Configuring Single Sign-On for Administration Consoles
8.1
Prerequisites for Configuring Single Sign-On
8.2
Update the Form Authentication for Delegated Administration
8.3
Validating the Policy Domain and AccessGate Configurations
8.3.1
Validating the Policy Domain Configuration
8.3.2
Validating the AccessGate Configuration
8.4
Setting Up the WebLogic Authenticators
8.4.1
Setting Up the Oracle Internet Directory Authenticator
8.4.2
Setting Up the OAM ID Asserter
8.4.3
Reorder OAM Identity Asserter, OID Authenticator, and Default Authenticator
8.4.4
Stop and Start the WebLogic Administration Servers and Managed Servers
8.5
Creating WebLogic Administrative Users in an LDAP Directory
8.5.1
Provisioning Admin Users and Groups in an LDAP Directory
8.5.2
Assigning the Admin Role to the Admin Group
8.5.3
Updating the boot.properties File on IDMHOST1 and IDMHOST2
8.6
Policy and Credential Store Migration
8.6.1
JPS Root Creation
8.6.2
Reassociate the Policy and Credential Store
8.7
Validate the Oracle Access Manager Single Sign-On Setup
9
Managing Enterprise Deployments
9.1
Monitoring Enterprise Deployments
9.1.1
Monitoring Oracle Internet Directory
9.1.1.1
Oracle Internet Directory Component Names Assigned by Oracle Identity Management Installer
9.1.2
Monitoring Oracle Virtual Directory
9.1.3
Monitoring Oracle Directory Integration Platform
9.1.4
Monitoring Oracle Access Manager
9.2
Auditing Identity Management
9.3
Scaling Enterprise Deployments
9.3.1
Scaling Up the Topology
9.3.1.1
Scaling Up the Directory Tier
9.3.1.1.1
Scaling Up Oracle Internet Directory
9.3.1.1.2
Scaling Up Oracle Virtual Directory
9.3.1.2
Scaling Up the Application Tier
9.3.1.2.1
Scaling Up Oracle Directory Integration Platform and Oracle Directory Services Manager
9.3.1.3
Scaling Up Oracle Access Manager
9.3.1.4
Scaling Up the Web Tier
9.3.2
Scaling Out the Topology
9.3.2.1
Scaling Out the Directory Tier
9.3.2.1.1
Scaling Out Oracle Internet Directory
9.3.2.1.2
Scaling Out Oracle Virtual Directory
9.3.2.2
Scaling Out the Application Tier
9.3.2.2.1
Scaling Out Oracle Directory Integration Platform and Oracle Directory Services Manager
9.3.2.2.2
Scaling Out Oracle Access Manager
9.3.2.3
Scaling Out the Web Tier
9.4
Performing Backups and Recoveries
9.5
Patching Enterprise Deployments
9.5.1
Patching an Oracle Fusion Middleware Source File
9.5.2
Patching Identity Management Components
9.6
Troubleshooting
9.6.1
Troubleshooting Oracle Internet Directory
9.6.2
Troubleshooting Oracle Virtual Directory
9.6.3
Troubleshooting Oracle Directory Integration Platform
9.6.4
Troubleshooting Oracle Directory Services Manager
9.6.5
Troubleshooting Oracle Access Manager
9.6.5.1
User is Redirected to the Login Screen After Activating Some Administration Console Changes
9.6.5.2
User is Redirected to the Administration Console's Home Page After Activating Some Changes
9.6.5.3
OAM Configuration Tool Does Not Remove Invalid URLs
9.7
Other Recommendations
9.7.1
Preventing Timeouts for SQL*Net Connections
Index
Scripting on this page enhances content navigation, but does not change the content in any way.