Perform the following steps to install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.3.0) against Oracle Internet Directory 11g Release 1 (11.1.1):
Install Oracle Internet Directory 11g Release 1 (11.1.1). Refer to Chapter 6, "Configuring Oracle Internet Directory" for more information.
Execute the inspre11.pl script with -op1. This will enable anonymous bind in Oracle Internet Directory and allow the Oracle OracleAS RepCA to load schema into the database for Oracle Single Sign-On and Oracle Delegated Administration Services. Execute the script as follows:
$OID11gR1_ORACLE_HOME/perl/bin/perl \ $OID11gR1_ORACLE_HOME/ldap/bin/inspre11.pl OID_HOST OID_PORT {-ssl | -nonssl} \ OID_COMPONENT TNS_CONNECT_STRING ODS_PASSWORD ORCLADMIN_PASSWORD -op1
When this command completes successfully, the following message is displayed:
'Use RepCA to load SSO and other schemas against DB before running -op2'
Note:
If desired, you can disable anonymous bind in Oracle Internet Directory in the last step of this procedure.Use the OracleAS RepCA Release 10.1.4.3.1 to create and load Oracle Single Sign-On 10.1.4.0.1 schema in the database. You can get OracleAS RepCA 10.1.4.3.1 from the Oracle Technology Network (OTN) Web site:
http://www.oracle.com/technology/software/products/middleware/htdocs/111110_fmw.html#
You must use only this specific version of MRCA for installing Oracle Single Sign-On (10.1.4.x) against Oracle Internet Directory 11g Release 1 (11.1.1) in an Oracle Fusion Middleware 11g deployment. This MRCA cannot be used as a generic replacement for MRCA 10g in an Application Server 10g deployment because it only carries only a subset of the original MRCA 10g schemas to support Oracle Single Sign-On (10.1.4.x) for Oracle Fusion Middleware 11g deployment.
Note:
While there is no documentation specifically for OracleAS RepCA Release 10.1.4.3.1, you can use the Oracle Application Server Metadata Repository Creation Assistant User's Guide for Release 10g (10.1.4.0.1) for general information on how to use OracleAS RepCA. Be aware that the database requirements listed in this document do not apply to the OracleAS RepCA Release 10.1.4.3.1.You can get the Oracle Application Server Metadata Repository Creation Assistant User's Guide for Release 10g (10.1.4.0.1) from the Oracle Identity Management 10g (10.1.4) Documentation Library located on the OTN Web site.
If an already existing Identity Management 10g (10.1.4 or 10.1.2) option is chosen, a separate Oracle Internet Directory 10g and separate Oracle Database may need to be managed along with other options. See the certification, installation and planning guides for more information.
After MRCA 10.1.4.3.1 is installed, you can perform an Identity Management 10g (10.1.4.0.1) installation and choose SSO+DAS only. For information on performing this installation and installing the required patches, see the note that follows Step 6 in this procedure.
When you run OracleAS RepCA 10.1.4.3.1:
You must register the Oracle Single Sign-On schema with Oracle Internet Directory using its SSL port. This is required for various Oracle Single Sign-On and Oracle Internet Directory interdependencies.
You might receive error messages that some database session parameters do not have appropriate values. If you receive these errors, you should reset the parameters identified by OracleAS RepCA, adhering to the minimum values that are given. After you reset the parameters, exit OracleAS RepCA and start it again. If you used SPFILE as the scope in any of the alter commands, you may also have to restart the database.
Only the schema required for Oracle Single Sign-On will be loaded, not all schema.
Reset the ODS password to the value that was set when Oracle Internet Directory was installed and restart Oracle Internet Directory. You must reset the password because it was randomized when you loaded the Oracle Single Sign-On 10.1.4.0.1 schema in the database.
Perform the following steps:
Use SQL*PLUS to connect the database as the SYS user.
Change the ODS password using alter user ods identified by PASSWORD, where PASSWORD represents the ODS schema password before running the OracleAS RepCA.
Set the TNS_ADMIN environment variable to point to the $ORACLE_INSTANCE/config directory.
Execute the following command, where TNS_CONNECT_STRING represents the Oracle Internet Directory database connect string defined in the ORACLE_INSTANCE/config/tnsnames.ora file. You can set the TNS_ADMIN environment variable if you want to use a different location.
$OID11gR1_ORACLE_HOME/ldap/bin/oidpasswd \ connect=TNS_CONNECT_STRING create_wallet=true
Restart Oracle Internet Directory.
Execute the inspre11.pl script with -op2, which resets the Oracle Internet Directory version and allows you to install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1). The -op2 option will also verify the orcldirectoryversion attribute has a value of OID 10.1.4.0.1.
Execute the script as follows:
$OID11gR1_ORACLE_HOME/perl/bin/perl \ $OID11gR1_ORACLE_HOME/ldap/bin/inspre11.pl OID_HOST OID_PORT {-ssl | -nonssl} \ OID_COMPONENT TNS_CONNECT_STRING ODS_PASSWORD ORCLADMIN_PASSWORD -op2
When this command completes successfully, the following message is displayed:
'Install SSO/DAS against 11g OID before running -op3'
Install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1) in an ORACLE_HOME directory that is different from the ORACLE_HOME where you installed Oracle Internet Directory. Do not install Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1) in the same ORACLE_HOME where you installed Oracle Internet Directory 11g Release 1 (11.1.1).
You can get Oracle Single Sign-On and Oracle Delegated Administration Services Release 10g (10.1.4.0.1) from the Oracle Technology Network (OTN) Web site. To access the OTN Web site, go to the following URL:
http://www.oracle.com/technetwork/index.html
Note:
After MRCA 10.1.4.3.1 is installed, you can perform an Identity Management 10g (10.1.4.0.1) installation and choose SSO+DAS only, rather than a full Infrastructure. This is available in the 10g download location (http://www.oracle.com/technetwork/middleware/ias/downloads/101401-099957.html).
If you are installing Oracle Single Sign-On and Oracle Delegated Administration Services against a Release 11.x database, you must apply Patch 5649850 for release 10.1.0.5 to the Oracle Single Sign-On ORACLE_HOME directory. Patch 5649850 updates the 10.1.0.5 JDBC driver, allowing connectivity to a Release 11.x database. If you are unable to apply this patch due to a prerequisite failure, apply Patch 6880880 for release 1 before applying patch 5649850.
When you install Oracle Single Sign-On and Oracle Delegated Administration Services, apply patch 5649850 when you are prompted to run the root.sh script on UNIX systems. On Windows systems, you should wait for the Configuration Assistant to fail, apply the patch and rerun the Configuration Assistant. Do not shutdown nor restart either OID nor its DB.
You can get Patch 5649850 for release 10.1.0.5 from My Oracle Support (formerly MetaLink), located at:
The 10.1.4.3 Patchset (Patch 7215628) is then applied to the SSO+DAS home. To apply the 10.1.4.3 Patchset with where a 11.2 database is associated, you must first download Patch 6265268, following its readme file. This final 10.1.4.3.0 SSO+DAS home is used in conjunction with the OID 11g and MRCA 10.1.4.3.1 previously installed.
Upgrade Oracle Single Sign-On and Oracle Delegated Administration Services to Release 10g (10.1.4.3.0) by applying the Oracle Identity Management 10g (10.1.4.3.0) Patch Set. You can get the Oracle Identity Management 10g (10.1.4.3.0) Patch Set from My Oracle Support (formerly MetaLink) by searching for Bug or Patch Number 7215628.
You can access My Oracle Support (formerly MetaLink) at:
Execute the inspre11.pl script with -op3, which sets the Oracle Internet Directory version back to 11g Release 1 (11.1.1). For example:
$OID11gR1_ORACLE_HOME/perl/bin/perl \ $OID11gR1_ORACLE_HOME/ldap/bin/inspre11.pl OID_HOST OID_PORT {-ssl | -nonssl} \ OID_COMPONENT TNS_CONNECT_STRING ODS_PASSWORD ORCLADMIN_PASSWORD -op3
When this command completes successfully, the following message is displayed:
'Finished all actions!'
Executing the inspre11.pl script with -op1 in step 2 enables anonymous bind in Oracle Internet Directory. If desired, you can disable anonymous bind in Oracle Internet Directory by referring to "Managing Anonymous Binds" in the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.