Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 1 (11.1.1.5.0) Part Number E21032-01 |
|
|
View PDF |
This chapter contains the following topics:
This chapter describes the software installations required for Oracle Identity Management. The installation is divided in two sections. In the first one, the WebTier required installations are addressed. In the second, the required Oracle Fusion Middleware components are installed. Later chapters describe the configuration steps to create the Oracle Identity Management topology.
Different topologies use different servers. Before moving on to the detail of creating your topology, you must install the Oracle Software onto the hosts in your topology.
Table 4-1, "Software Versions Used" shows, for each topology, which software should be installed into each host.
The subsequent sections explain how to do this.
Note:
Each topology requires the same software to be installed at least twice on two different servers. To achieve this, follow the instructions for installing the appropriate software on each of the servers concerned.Where two different pieces of Oracle binary software are installed onto the same host (for example OIM11g and OAM11g), this software is installed in the same Middleware home location, but in different Oracle homes.
All software uses the same Middleware home location.
Notes:
If you are using shared storage, ensure that users and groups used in the installation have the same ID on all hosts that use the storage. If you fail to do this, some hosts might not be able to see or execute some all the files.
Some products, such as Oracle Internet Directory and Oracle Virtual Directory, require you to run a script that sets the permissions of some files to root
.
Table 4-1 Software Versions Used
Abbreviation | Product | Version |
---|---|---|
OHS11G |
Oracle HTTP Server |
11.1.1.5.0 |
JRockit |
Oracle JRockit |
jrockit_160_24_D1.1.2-4 |
WLS |
Oracle WebLogic Server |
10.3.5.0 |
IAM |
Oracle Identity and Access Management |
11.1.1.5.0 |
SOA |
Oracle SOA Suite |
11.1.1.5.0 |
IDM |
Oracle Identity Management |
11.1.1.5.0 |
Different topologies require different software to be installed. The installation process is the same for each product. Install the software shown in Table 4-1, "Software Versions Used" and Table 4-2, "Software to be Installed for Different Topologies" for the desired topology, according to the instructions in this chapter
Table 4-2 Software to be Installed for Different Topologies
Topology | Hosts | OHS 11g | WLS | IAM | SOA | IDM |
---|---|---|---|---|---|---|
All |
WEBHOST1 |
X |
||||
WEBHOST2 |
X |
|||||
OAM11g/OIM11g |
IDMHOST1 |
X |
X |
X |
X |
|
IDMHOST2 |
X |
X |
X |
X |
||
OIMHOST1 |
X |
X |
X |
X |
||
OIMHOST2 |
X |
X |
X |
X |
||
OIDHOST1 |
X |
|||||
OIDHOST2 |
X |
|||||
OVDHOST1 |
X |
|||||
OVDHOST2 |
X |
|||||
OIF11g/OAM11g |
IDMHOST1 |
X |
X |
X |
X |
|
IDMHOST2 |
X |
X |
X |
X |
||
OIFHOST1 |
X |
X |
X |
X |
||
OIFHOST2 |
X |
X |
X |
X |
||
OIDHOST1 |
X |
|||||
OIDHOST2 |
X |
|||||
OVDHOST1 |
X |
|||||
OVDHOST2 |
X |
Oracle Identity Management products are bundled as two product sets: Oracle Identity Management and Oracle Identity and Access Management.(see Table 4-1, "Software Versions Used".) The relevant Identity Management software is installed into separate Oracle homes.
This section explains how to install Oracle HTTP Server on WEBHOST1
and WEBHOST2
(Enterprise Deployments only).
This section contains the following topics:
Prior to installing the Oracle HTTP server, check that your machines meet the following requirements:
Ensure that the system, patch, kernel, and other requirements are met as specified in Oracle Fusion Middleware Installation Guide for Oracle Web Tier.
Ensure that port 7777 is not in use, as described in Section 4.4.1.1.
On Linux platforms, if the /etc/oraInst.loc
file exists, check that its contents are correct, as described in Section 4.4.1.2.
Because Oracle HTTP Server is installed by default on port 7777, you must ensure that port 7777 is not used by any other service on the nodes. To check if this port is in use, run the following command before installing Oracle HTTP Server. You must free the port if it is in use.
netstat -an | grep 7777
Check that the inventory directory is correct and that you have write permissions for that directory. If the /etc/oraInst.loc
file does not exist, you can skip this step.
The contents of the oraInst.loc
file are shown in this example:
inventory_loc=/u01/app/oraInventory inst_group=oinstall
As described in Section 2.4, "Shared Storage and Recommended Directory Structure," you install the Oracle HTTP Server onto a local disk. You can install it on shared storage, but if you do that, you must allow access from the Web Tier DMZ to your shared disk array, which is undesirable. If you decide to install onto shared disk then please see the Release Notes for further configuration information.
Start the Oracle Universal Installer as follows:
On UNIX, issue the command
runInstaller
On Windows, double-click setup.exe
.
Before Starting the install, ensure that the following environment variables are not set on UNIX and Linux platforms.
LD_ASSUME_KERNEL
ORACLE_INSTANCE
On the Specify Inventory Directory screen, do the following:
Enter HOME
/oraInventory
, where HOME is the home directory of the user performing the installation (this is the recommended location).
Enter the OS group for the user performing the installation.
Click Next.
Follow the instructions on screen to execute createCentralInventory.sh
as root
.
Click OK.
Proceed as follows:
On the Specify Oracle Inventory Directory screen, enter HOME
/oraInventory
, where HOME
is the home directory of the user performing the installation. (This is the recommended location).
Enter the OS group for the user performing the installation.
Click Next.
On the Welcome screen, click Next.
On the Select Installation Type screen, select Install–Do Not Configure
Click Next.
On the Prerequisite Checks screen, click Next.
On the Specify Installation Location screen, specify the following values:
Fusion Middleware Home Location (Installation Location) For example:
/u01/app/oracle/product/fmw
Oracle Home Location Directory: web
On the Specify SecurityUpdates screen, choose whether to receive security updates from Oracle support.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
Follow these steps to upgrade the Oracle HTTP Server from 11.1.1.2 to 11.1.1.5 on WEBHOST1
and WEBHOST2
:
Start the WebTier Patchset Installer by running ./runInstaller
.
On the Welcome screen, click Next.
On the Specify Install Location screen, provide the path to the Oracle Middleware home and the name of the Oracle home directory.
Oracle Middleware Home: Select the previously installed Middleware Home from the list, for example: /u01/app/oracle/product/fmw
Oracle Home Directory: Enter web
as the Oracle home directory. This Oracle home contains the Oracle Identity Management binaries that will be upgraded from 11.1.1.2 to 11.1.1.5.
Click Next.
On the Specify Security Updates screen, enter these values:
Email Address: The email address for your My Oracle Support account.
Oracle Support Password: The password for your My Oracle Support account.
Select I wish to receive security updates via My Oracle Support.
Click Next.
The Installation Progress screen shows the progress of the installation. Once the installation is complete, click Next.
On the Installation Complete Screen, click Finish to exit.
This section describes how to install Oracle Fusion Middleware.
This section contains the following topics:
Section 4.5.1, "Installing Oracle Fusion Middleware Components"
Section 4.5.5, "Upgrading the Oracle Homes for Oracle Identity Management from 11.1.1.2 to 11.1.1.5"
Section 4.5.7, "Installing Oracle Identity and Access Management"
Note:
Oracle Identity Management products are bundled as two product sets: Oracle Identity Management and Oracle Identity and Access Management.This section describes how to install the required binaries to create the Middleware home (MW_HOME
), the Oracle WebLogic Server home (WL_HOME
), the Oracle homes for Oracle Identity Management Release 11.1.1.5.0 (IDM_ORACLE_HOME
), the Oracle SOA Suite (SOA_ORACLE_HOME
) and Oracle Identity and Access Management Release 11.1.1.5.0 (IAM_ORACLE_HOME
). A summary of these homes is provided in Table 4-3, "Summary of Homes".
Table 4-3 Summary of Homes
Home Name | Home Description | Products Installed |
---|---|---|
|
Consists of the Oracle WebLogic Server home and, optionally, one or more Oracle homes. |
|
|
This is the root directory in which Oracle WebLogic Server is installed. The WL_HOME directory is a peer of Oracle home directory and resides with the MW_HOME |
|
|
Contains the binary and library files for the Oracle Identity Management Release 11.1.1.5.0. Resides within the directory structure of the Middleware Home |
|
|
Contains the binary and library files required for Oracle Identity and Access Management Release 11.1.1.5.Resides within the directory structure of the Middleware home |
|
|
Contains the binary and library files required for the Oracle SOA Suite.Required only when creating topologies with OIM.Resides within the directory structure of the Middleware home. |
|
|
Contains the generic Oracle home files. This Oracle home is created automatically by any product installation and is located in |
Generic commands |
Oracle strongly recommends that you read the release notes for any additional installation and deployment considerations prior to starting the setup process.
As described in Section 2.4, "Shared Storage and Recommended Directory Structure," you install Oracle Fusion Middleware software in at least two storage locations for redundancy.
You must install the following components of Oracle Fusion Middleware to create a Middleware home (MW_HOME
):
Oracle WebLogic Server: Section 4.5.3, "Installing Oracle WebLogic Server"
One or more of the Oracle Fusion Middleware components
Oracle Fusion Middleware for Identity Management
This section describes how to install Oracle WebLogic Server.
Prior to installing the Oracle WebLogic Server, ensure that your machines meet the system, patch, kernel, and other requirements as specified in Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
The following prerequisites are required only if you are installing the 64-bit version of Oracle WebLogic Server.
Install Jrockit 64 bit
Download Jrockit 64 bit from:
http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html
Add execute permissions to Jrockit
chmod +x jrockit-jdk1.6.0_24-R28.1.3-4.0.1-linux-x64.bin
Start the Jrockit installer by issuing the command:
./jrockit-jdk1.6.0_20-R28.1.0-4.0.1-linux-x64.bin
Click Next.
Enter the Product Installation Directory. This is inside your Middleware home. For example:
/u01/app/oracle/product/fmw/jrockit-jdk1.6.0_20
If you are installing on Windows, you are prompted whether you want to install the JRE for public use. If you want all users to have access to the JRE, select Yes otherwise select No.
Click Next.
Click Next on the Optional Components Screen.
Click Done when finished.
Additional 64-Bit Prerequisites
Download Oracle WebLogic Server Generic from: http://download.oracle.com/otn/nt/middleware/11g/wls/wls1035_generic.jar
Add Jrockit to your path for example on Linux issue the command:
export PATH=$MW_HOME/jrockit_160_20_R28.1.0-4.0.1/bin;$PATH
Check the version of java by issuing the command:
java -version
Ensure that the 64 bit version is displayed.
The first step in the installation procedure is to install Oracle WebLogic Server. The procedure for invoking the Oracle WebLogic installer depends on whether you are installing the 32-bit or 64-bit versions.
Invoking the 32-Bit Installer:
On UNIX/Linux, issue the command:
./wls_linux32.bin
On Windows, execute the command:
wls_win32.exe
Invoking the 64-Bit Installer
Start the WebLogic installer.
On UNIX or Linux, use the command:
java -d64 -jar wls1035_generic.jar
On Windows, use the command:
java -jar wls1035_generic.jar
Once you have invoked the installer, proceed as follows.
On the Welcome screen, click Next.
On the Choose Middleware Home Screen, select Create a New Middleware Home. For the Middleware Home directory enter:
MW_HOME/fmw
Click Next.
Note:
ORACLE_BASE
is the base directory under which Oracle products are installed. The recommended value is /u01/app/oracle
. See Section 2.4, "Shared Storage and Recommended Directory Structure," for more information.A warning is displayed, indicating that the directory is not empty and asking if you want to proceed. Click Yes.
On the Register for Security Updates screen, enter your My Oracle Support user name and password so that you can be notified of security updates.
Click Next.
On the Choose Install Type screen, select Typical.
Note:
Oracle WebLogic Server and Oracle Coherence are installed.Click Next.
This step is specific to 64-bit installations. On the JDK selection screen, select the JRockit 64bit JDK that you installed earlier. It should be listed by default.
On the Choose Product Installation Directories screen, accept the following:
Middleware Home Directory: ORACLE_BASE
/product/fmw
Product Installation Directories for WebLogic Server: ORACLE_BASE
/product/fmw/wlserver_10.3
Oracle Coherence: ORACLE_BASE
/product/fmw/coherence_3.6
Click Next.
On the Installation Summary screen, click Next to start the install process.
On the Installation complete screen, deselect run Quickstart.
Click Done to exit the WebLogic Server Installer
Perform these steps to install Oracle Identity Management 11.1.1.5 on the hosts identified in Table 4-2, "Software to be Installed for Different Topologies".
Oracle Identity Management consists of:
Oracle Internet Directory
Oracle Virtual Directory
Oracle Directory Integration Platform
Oracle Directory Services Manager (ODSM)
Oracle Identity Federation
Note:
Because the installation is performed on shared storage, the twoMW_HOME
installations are accessible and used by the remaining servers in that tier of the topology.
When provisioning the software on the local hard disk of the machine, ensure you complete the steps on all the hosts in the tier.
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management in the Oracle Fusion Middleware documentation library for the platform and version you are using.
Start the Oracle Fusion Middleware 11g Oracle Identity Management Installer as follows:
HOST1> runInstaller
Then proceed as follows:
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:
Specify the Inventory Directory: /u01/app/oraInventory
Operating System Group Name: oinstall
A dialog box appears with the following message:
Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
Log in as root
and run:
/u01/app/oraInventory/createCentralInventory.sh
This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, ensure that the following are true:The /etc/oraInst.loc
file exists.
The Inventory directory listed is valid.
The user performing the installation has write permissions for the Inventory directory.
On the Welcome screen, click Next.
On the Install Software Updates screen, choose whether to register with Oracle Support for updates or search for updates locally.
Click Next.
On the Select Installation Type screen, select Install Software - Do Not Configure, and then click Next.
On the Prerequisite Checks screen, verify that the checks complete successfully, then click Next.
On the Specify Installation Location screen, enter the following values:
Oracle Middleware Home: Select the previously installed Middleware home from the list for MW_HOME
, for example:
/u01/app/oracle/product/fmw
Oracle Home Directory: Enter idm
as the Oracle home directory name.
Click Next.
On the Installation Summary screen, click Install.
On the Installation Progress screen, on Linux and UNIX systems, a dialog box appears that prompts you to run the oracleRoot.sh
script. Open a window and run the oracleRoot.sh
script, as the root
user.
On the Installation Complete screen, click Finish.
The Oracle home for Oracle Identity Management 11.1.1.2 (IDM_ORACLE_HOME
) must be upgraded to Release 11.1.1.5 before creating the Identity Management domain. This section provides the steps to upgrade the IDM_ORACLE_HOME
.
Follow the steps in this section to upgrade the IDM_ORACLE_HOME
from Release 11.1.1.2 to 11.1.1.5 using Oracle Universal Installer. Complete these step on IDMHOST1
and IDMHOST2
. Ensure that your machines meet all the prerequisites listed in the Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management. Start the Oracle Identity Management Patch Set installer as follows:
HOST1> ./runInstaller
Then proceed as follows
On the Welcome screen, click Next.
On the Specify Installation Location screen, enter the following values:
Oracle Middleware Home: Select the previously installed Middleware Home from the list, for example:/u01/app/oracle/product/fmw
Oracle Home Directory: Enter IDM
as the Oracle home directory. This Oracle home contains the Oracle Identity Management binaries that will be upgraded from 11.1.1.2 to 11.1.1.5.
Click Next.
On the Specify Security Updates screen, enter these values:
Email Address: The email address for your My Oracle Support account.
Oracle Support Password: The password for your My Oracle Support account.
Select I wish to receive security updates via My Oracle Support.
Click Next.
On the Installation Summary screen, click Install.
On Installation Progress Screen click Next.
On Linux and UNIX systems, you are prompted to execute oracleRoot.sh
as the root
user. During the running of this script, you will be asked:
Do you want to run oidRoot.sh to configure OID for privileged ports? (yes/no)
Reply yes
, as the Oracle Internet Directory port is 389
, which is a privileged port. Execute oracleRoot.sh
as the root
user.
On the Installation Complete screen, click Finish.
Perform these steps to install the Oracle SOA Suite on IDMHOST1
, IDMHOST2
, OIMHOST1
, and OIMHOST2
.
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle SOA Suite in the Oracle Fusion Middleware documentation library for the platform and version you are using.
On UNIX and Linux systems, start the Oracle Fusion Middleware 11g SOA Suite Installer as follows:
HOST1>./runInstaller
On Windows, the command is:
setup.exe
When the installer prompts you for a JRE/JDK location, enter the Oracle SDK location created in the Oracle WebLogic Server installation, for example:
/u01/app/oracle/product/fmw/jrockit_version
Then perform these installation steps:
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:
Specify the Inventory Directory: /u01/app/oraInventory
Operating System Group Name: oinstall
A dialog box appears with the following message:
Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
Log in as root
and run:
/u01/app/oraInventory/createCentralInventory.sh
This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, check the following:The /etc/oraInst.lo
c file exists.
The Inventory directory listed is valid.
The user performing the installation has write permissions for the Inventory directory.
On the Welcome screen, click Next.
On the Install Software Updates screen, choose whether to register with Oracle Support for updates or to search for updates locally.
On the Prerequisite Checks screen, verify that the checks complete successfully, and then click Next.
On the Specify Installation Location screen, enter the following values:
Oracle Middleware Home: Select a previously installed Middleware Home from the drop-down list. For example: /u01/app/oracle/product/fmw
Oracle Home Directory: Enter SOA
as the Oracle home directory name.Click Next.
On the Application Server screen, choose your Application Server, for example: Web Logic Server.
Click Next.
On the Installation Summary screen, click Install.
On the Installation Process screen, click Next.
On the Installation Complete screen, click Finish.
Oracle Identity and Access Management consists of the following products:
Oracle Access Manager 11g
Oracle Identity Manager
Perform the steps in this section to install Oracle Identity and Access Management on the hosts identified in Table 4-1, "Software Versions Used".
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management in the Oracle Fusion Middleware documentation library for the platform and version you are using.
Start the Oracle Fusion Middleware 11g Installer for Oracle Identity and Access Management as follows:
HOST1>./ runInstaller
When the installer prompts you for a JRE/JDK location, enter the Oracle SDK location created in the Oracle WebLogic Server installation, for example:
/u01/app/oracle/product/fmw/jrockit_version
Then perform these installation steps:
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:
Specify the Inventory Directory: /u01/app/oraInventory
Operating System Group Name: oinstall
A dialog box appears with the following message:
Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
Log in as root
and run:
/u01/app/oraInventory/createCentralInventory.sh
This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, check the following:The /etc/oraInst.loc
file exists.
The Inventory directory listed is valid.
The user performing the installation has write permissions for the Inventory directory.
On the Welcome screen click Next.
On the Install Software Updates screen, choose whether to register with Oracle Support for updates or search for updates locally.
Click Next.
On the Prerequisite Checks screen, verify that the checks complete successfully, then click Next.
On the Specify Installation Location screen, enter the following values:
Oracle Middle Ware Home: Select a previously installed Middleware Home from the drop-down list. For example: /u01/app/oracle/product/fmw
Oracle Home Directory: Enter iam
as the Oracle home directory name.
Click Next.
On the Installation Summary screen, click Install.
On the Installation Progress screen, click Next.
On the Installation Complete screen, click Finish.
This section describes how to apply patches after installing the software. For a complete list of patches, see the Oracle Fusion Middleware Release Notes for your platform and operating system.
This section contains the following topics:
Due to issues with versions of the configuration wizard, some environmental variables are not added to the DOMAIN_HOME
/bin/setDomainenv.sh
script. This causes certain install sequences to fail. This section is a temporary workaround for that problem. The steps in this section must be performed on all the hosts in application tier (IDMHOST1
, IDMHOST2
, OIMHOST1
, OIMHOST2
, OIFHOST1
, and OIFHOST2
).
Apply the following steps across all the WebLogic Server homes in the domain.
Copy the OIMAuthenticator.jar
, oimmbean.jar
, oimsigmbean.jar
and oimsignaturembean.jar
files located under the IAM_ORACLE_HOME
/server/loginmodule/wls
directory to the MW_HOME
/wlserver_10.3/server/lib/mbeantypes
directory.
cp $IAM_ORACLE_HOME/server/loginmodule/wls/* $MW_HOME/wlserver_10.3/server/lib/mbeantypes/.
Change directory to MW_HOME
/wlserver_10.3/server/lib/mbeantypes/
.
cd $MW_HOME/wlserver_10.3/server/lib/mbeantypes
Change the permissions on these files to 750 by using the chmod
command.
chmod 750 *
Oracle Identity Manager uses the wlfullclient.jar
library for certain operations. Oracle does not ship this library, so you must create this library manually. Oracle recommends creating this library under the MW_HOME
/wlserver_10.3/server/lib
directory on all the machines in the application tier of your environment. You do not need to create this library on directory tier machines such as OIDHOST1
, OIDHOST2
, OVDHOST1
and OVDHOST2
.
Follow these steps to create the wlfullclient.jar
file:
Navigate to the MW_HOME
/wlserver_10.3/server/lib
directory
Set your JAVA_HOME
environment variable t and ensure that the JAVA_HOME/bin
directory is in your path.
Create the wlfullclient.jar
file by running:
java -jar wljarbuilder.jar
It is a best practice recommendation to back up the Middleware Home and the Oracle Homes. On Linux, to create a backup of the MW_HOME
and the ORACLE_HOME
s, as the root
user, type:
tar -cvpf fmwhomeback.tar ORACLE_BASE/product/fmw
This creates a backup of the installation files for any products installed in the Oracle Fusion Middleware home.