Go to main content
1/23
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Overview
1.1
What Is an Enterprise Deployment?
1.2
About the Reference Topology for Exalogic
1.3
Benefits of Oracle Recommendations
1.3.1
Built-in Security
1.3.2
High Availability
2
Introduction and Planning
2.1
Planning Your Deployment
2.1.1
Why the Deployment Topology in This Guide?
2.1.2
Alternative Deployment Topologies
2.1.2.1
Using an External Oracle HTTP Server Web Tier Instead of Oracle Traffic Director
2.1.2.2
Using Oracle Exadata Instead of an Oracle RAC Database
2.1.3
Using a Worksheet to Plan for the Deployment Topology
2.2
Understanding the Oracle Identity Management Deployment Topology on Exalogic
2.3
Understanding the Topology Components
2.3.1
About EoIB and IPoIB Communication
2.3.2
About the Load Balancer
2.3.3
About the Web Tier
2.3.4
About the DMZ
2.3.5
About the Application Tier
2.3.5.1
Architecture Notes
2.3.5.2
High Availability Provisions
2.3.5.3
Security Provisions
2.3.6
About the Identity Stores
2.4
Hardware Requirements for the Identity Management on Exalogic
2.4.1
Hardware Load Balancer Requirements
2.4.2
Exalogic Machine Requirements
2.5
Software Components for an Enterprise Deployment
2.5.1
Software Required for the Oracle Identity Management Deployment Topology on Exalogic
2.5.2
About Obtaining Software
2.5.3
Applying Patches and Workarounds
2.6
Road Map for the Reference Topology Installation and Configuration
2.6.1
Flow Chart of the Oracle Identity Management Enterprise Deployment Process
2.6.2
Steps in the Oracle Identity Management Enterprise Deployment Process
3
Configuring the Network for an Enterprise Deployment
3.1
Overview of Preparing the Network for an Enterprise Deployment
3.2
About the Exalogic Network Configuration for the IDM Enterprise Topology
3.2.1
General Characteristics and Goals of the Exalogic Network Configuration
3.2.2
Map of the Network Interfaces Used by the Components of the IDM Topology on Exalogic
3.2.3
Explanation of the Network Interfaces Map
3.2.3.1
Load Balancer
3.2.3.2
Oracle Traffic Director
3.2.3.3
Compute Node 1
3.2.3.4
Compute Node 2
3.2.3.5
Compute Node 3
3.2.3.6
Compute Node 4
3.3
Hostname and Networking Overview
3.4
Configuring Virtual IP Addresses for IPoIB on Each Compute Node
3.4.1
Summary of the Required IPoIB Virtual IP Addresses
3.4.2
Creating the Virtual IP Addresses for the IPoIB Network on IDMHOST1 and IDMHOST2
3.4.3
Verifying the Required Virtual IP Addresses on the IPoIB Network
3.5
Configuring Virtual IP Addresses for EoIB on Each Compute Node
3.5.1
Summary of the IP Addresses for the EoIB Network Interfaces
3.5.2
Step 1 - Gather Information
3.5.3
Step 2 - Create a Virtual LAN
3.5.4
Step 3 - Create Virtual Network Cards
3.5.5
Step 4 - Configure Compute Node Networking and Assign Physical IP Address
3.5.6
Creating the Virtual IP Addresses for the EoIB network
3.6
Verifying Network Connectivity
3.7
Defining the Required Virtual Server Names
3.7.1
Virtual Server Names Required on the Hardware Load Balancer
3.7.1.1
sso.mycompany.com
3.7.1.2
admin.mycompany.com
3.7.2
Virtual Server Names required on Oracle Traffic Director
3.7.2.1
oudinternal.mycompany.com
3.7.2.2
idminternal.mycompany.com
3.8
About IP Addresses and Virtual IP Addresses
3.9
Configuring the Load Balancer
3.9.1
Load Balancer Requirements
3.9.2
Load Balancer Configuration Procedures
3.9.3
Load Balancer Configuration Details
3.10
Configuring Firewall Ports
4
Configuring Storage for an Enterprise Deployment
4.1
Overview of Preparing Storage for an Enterprise Deployment
4.1.1
General Information About the Enterprise Deployment File System
4.1.2
Specific Information About the Exalogic File System
4.2
Terminology for Directories and Directory Variables
4.3
Shared Storage Recommendations for Enterprise Deployments
4.3.1
Shared Storage Recommendations for Binary (Middleware Home) Directories
4.3.1.1
About the Binary (Middleware Home) Directories
4.3.1.2
About Using Redundant Binary (Middleware Home) Directories
4.3.2
Shared Storage Recommendations for Domain Configuration Files
4.3.2.1
About Oracle WebLogic Server Administration and Managed Server Domain Configuration Files
4.3.2.2
Shared Storage Requirements for Administration and Managed Server Domain Configuration Files
4.3.3
Shared Storage Recommendations for JMS File Stores and Transaction Logs
4.4
Directory Variables for an Oracle Identity Management Enterprise Deployment
4.5
Recommended Directory Locations for an Identity Management Enterprise Deployment
4.5.1
Shared Storage for Identity Management Enterprise Deployment on Exalogic
4.5.2
Private Storage for an Enterprise Deployment
4.6
Configuring Exalogic Storage for Oracle Identity Management
4.6.1
Summary of the Storage Appliance Directories and Corresponding Mount Points
4.6.2
Prerequisite Storage Appliance Configuration Tasks
4.6.3
Creating the IDM Project Using the Storage Appliance Browser User Interface (BUI)
4.6.4
Creating the Shares in the IDM Project Using the BUI
4.7
Allowing Local Root Access to Shares
5
Configuring the Compute Nodes for an Enterprise Deployment
5.1
Overview of Preparing the Compute Nodes
5.2
Meeting Operating System Requirements
5.2.1
Meeting UNIX and Linux Requirements
5.2.1.1
Configure Kernel Parameters
5.2.1.2
Setting the Open File Limit
5.2.1.3
Setting Shell Limits
5.2.1.4
Configuring Local Hosts File
5.2.1.5
Increase Huge Page Allocation
5.3
Enabling Unicode Support
5.4
Configuring an NIS/YP Server
5.5
Configuring Users and Groups
5.6
Mounting Shares onto the Hosts
6
Configuring a Database for an Enterprise Deployment
6.1
Overview of Preparing the Databases for an Identity Management Enterprise Deployment
6.2
Verifying the Database Requirements for an Enterprise Deployment
6.2.1
Databases Required
6.2.2
Database Host Requirements
6.2.3
Database Versions Supported
6.2.4
Patching the Oracle Database
6.2.4.1
Patch Requirements for Oracle Database 11g (11.1.0.7)
6.2.4.2
Patch Requirements for Oracle Database 11g (11.2.0.2.0)
6.2.5
About Initialization Parameters
6.3
Installing the Database for an Enterprise Deployment
6.4
Creating Database Services
6.4.1
Creating Database Services for 10.x and 11.1.x Databases
6.4.2
Creating Database Services for 11.2.x Databases
6.4.3
Database Tuning
6.5
Loading the Identity Management Schemas in the Oracle RAC Database by Using RCU
6.6
Backing up the Database
7
Installing and Configuring Oracle Traffic Director for an Enterprise Deployment
7.1
Overview of Installing and Configuring Oracle Traffic Director for an Enterprise Deployment
7.2
Installing Oracle Traffic Director on WEBHOST1 and WEBHOST2
7.3
Creating and Starting the Traffic Director Administration Server
7.4
Register WEBHOST2 with the Administration Node
7.5
Creating a Configuration
7.6
Starting the Oracle Traffic Director Instances
7.7
Defining the Required Oracle Traffic Director Virtual Servers for an Enterprise Deployment
7.8
Creating Routes
7.9
Enabling SSL Passthrough for sso.mycompany.com
7.10
Deploying the Configuration and Testing the Virtual Server Addresses
7.11
Creating a Failover Group for Virtual Hosts
7.12
Backing Up the Oracle Traffic Director Configuration
8
Installing and Configuring Oracle Unified Directory
8.1
Overview of Installing and Configuring Oracle Unified Directory
8.2
Prerequisites for Configuring Oracle Unified Directory Instances
8.3
Installing Oracle Unified Directory
8.4
Configuring the Oracle Unified Directory Instances
8.4.1
Configuring Oracle Unified Directory on IDMHOST1
8.4.2
Validating Oracle Unified Directory on IDMHOST1
8.4.3
Configuring an Additional Oracle Unified Directory Instance on IDMHOST2
8.4.4
Enable Oracle Unified Directory Assured Replication
8.4.5
Relaxing Oracle Unified Directory Object Creation Restrictions
8.4.6
Validating Oracle Unified Directory on IDMHOST2
8.4.7
Validating the Oracle Unified Directory Virtual IP Address
8.5
Backing Up the Oracle Unified Directory installation
9
Creating a Domain for an Enterprise Deployment
9.1
Overview of Creating a Domain
9.2
Installing Oracle Fusion Middleware Home
9.2.1
Installing Oracle WebLogic Server and Creating the Fusion Middleware Home
9.2.1.1
Installing JRockit
9.2.1.2
Installing WebLogic Server Using the Generic Installer
9.2.2
Installing Oracle Identity and Access Management
9.2.3
Installing the Oracle SOA Suite
9.3
About Console URLs and Domains
9.4
Running the Configuration Wizard to Create a Domain
9.5
Post-Configuration and Verification Tasks
9.5.1
Creating boot.properties for the WebLogic Administration Servers
9.5.2
Associate the Domain with the Existing OPSS Policy Store
9.5.3
Starting Node Manager on IDMHOST1 and IDMHOST2
9.5.4
Updating the Node Manager Credentials
9.5.5
Enabling Exalogic Optimizations
9.5.6
Enabling WebLogic Plug-in
9.5.7
Validating the WebLogic Administration Server
9.5.8
Disabling Host Name Verification for the Oracle WebLogic Administration Server
9.5.9
Stopping and Starting the WebLogic Administration Server
9.6
Testing Manual Failover the WebLogic Administration Server
9.7
Backing Up the WebLogic Domain
10
Preparing Identity Stores
10.1
Overview of Preparing Identity Stores
10.2
Backing up the LDAP Directories
10.3
Prerequisites
10.4
Preparing the Identity Store
10.4.1
Overview of Preparing the Identity Store
10.4.2
Creating the Configuration File
10.4.3
Configuring Oracle Unified Directory for Use with Oracle Access Manager and Oracle Identity Manager
10.4.4
Creating Users and Groups
10.4.5
Add Missing Oracle Unified Directory Permission
10.4.6
Granting Oracle Unified Directory Change Log Access
10.4.7
Creating Oracle Unified Directory Indexes
10.4.8
Backing Up the Identity Stores
11
Extending the Domain to Include Oracle Access Management
11.1
Overview of Extending the Domain to Include Oracle Access Management Access Manager
11.2
About Domain URLs
11.3
Prerequisites
11.4
Extending Domain with Access Manager
11.5
Configuring Access Manager
11.5.1
Removing IDM Domain Agent
11.5.2
Setting a Global Passphrase
11.5.3
Configuring Access Manager by Using the IDM Configuration Tool
11.5.4
Validating the Configuration
11.5.5
Updating Newly-Created Agent
11.5.6
Modifying OAM Resources
11.5.7
Updating the Idle Timeout Value
11.5.8
Updating Existing WebGate Agents
11.5.9
Add Condition to the Admin Role as Workaround
11.6
Deploying Managed Server Configuration to Local Storage
11.7
Starting Managed Servers WLS_OAM1 and WLS_OAM2
11.8
Validating Access Manager
11.9
Creating a Single Keystore for Integrating Access Manager with Other Components
11.10
Backing Up the Application Tier Configuration
12
Extending the Domain to Include Oracle Identity Manager
12.1
Overview of Extending the Domain to Include Oracle Identity Manager
12.2
About Domain URLs
12.3
Prerequisites
12.4
Provisioning the OIM Login Modules Under the WebLogic Server Library Directory
12.5
Creating the wlfullclient.jar File
12.6
Synchronize System Clocks
12.7
Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite
12.8
Deploying Oracle Identity Manager and Oracle SOA to Managed Server Domain Directory on IDMHOST1 and IDMHOST2
12.9
Configuring Oracle Coherence for Deploying Composites
12.9.1
Enabling Communication for Deployment Using Unicast Communication
12.9.2
Specifying the Host Name Used by Oracle Coherence
12.10
Configuring Oracle Identity Manager
12.11
Copy SOA Directory
12.12
Starting SOA and Oracle Identity Manager Managed Servers on IDMHOST1 and IDMHOST2
12.13
Validating Oracle Identity Manager Instance on IDMHOST1 and IDMHOST2
12.14
Configuring Oracle Identity Manager to Reconcile from OUDINTERNAL
12.15
Configuring Oracle Identity Manager to Work with the Oracle Web Tier
12.15.1
Configuring Oracle Traffic Director to Front End the Oracle Identity Manager and SOA Managed Servers
12.15.2
Changing Host Assertion in WebLogic
12.15.3
Updating SOA Endpoints
12.15.4
Validating Web Tier Integration
12.15.4.1
Validating Oracle Identity Manager Instance from the Web Tier
12.15.4.2
Validating Accessing SOA from the Web Tier
12.16
Configuring a Default Persistence Store for Transaction Recovery
12.17
Configuring UMS Email Notification
12.18
Add Load Balancer Certificate to SOA Keystore
12.19
Excluding Users from Oracle Identity Manager Reconciliation
12.19.1
Adding the orclAppIDUser Object Class to the User by Using ODSM
12.19.2
Closing Failed Reconciliation Events by Using the OIM Console
12.20
Backing Up Oracle Identity Manager
12.21
Integrating Oracle Identity Manager and Oracle Access Management Access Manager
12.21.1
Prerequisites
12.21.2
Adding Forgotten Password Links to the OAM Login Page
12.21.3
Copying OAM Keystore Files to IDMHOST1 and IDMHOST2
12.21.4
Integrating Oracle Identity Manager with Oracle Access Manager Using the idmConfigTool
12.21.5
Updating Existing LDAP Users with Required Object Classes
12.21.6
Update TAP Authentication Scheme
12.21.7
Managing the Password of the xelsysadm User
12.21.8
Enabling Cluster-Level Session Replication Enhancements for OIM and SOA
12.21.9
Validating Integration
12.22
Enabling Oracle Identity Manager to Connect to SOA Using the Administrative Users Provisioned in LDAP
13
Setting Up Node Manager for an Enterprise Deployment
13.1
Overview of the Node Manager
13.2
Setting Up Node Manager
13.2.1
Changing the Location of Node Manager Configuration Files
13.2.2
Editing the Node Manager Property File
13.2.3
Starting Node Manager
13.3
Enabling Host Name Verification Certificates for Node Manager
13.3.1
Generating Self-Signed Certificates Using the utils.CertGen Utility
13.3.2
Creating an Identity Keystore Using the utils.ImportPrivateKey Utility
13.3.3
Creating a Trust Keystore Using the Keytool Utility
13.3.4
Configuring Node Manager to Use the Custom Keystores
13.3.5
Using a Common or Shared Storage Installation
13.3.6
Configuring Managed WebLogic Servers to Use the Custom Keystores
13.3.7
Changing the Host Name Verification Setting for the Managed Servers
13.4
Starting Node Manager
14
Configuring Server Migration for an Enterprise Deployment
14.1
Overview of Server Migration for an Enterprise Deployment
14.2
Setting Up a User and Tablespace for the Server Migration Leasing Table
14.3
Creating a GridLink Data Source for Leasing Using the Oracle WebLogic Administration Console
14.4
Editing Node Manager's Properties File
14.5
Setting Environment and Superuser Privileges for the wlsifconfig.sh Script
14.6
Configuring Server Migration Targets
14.7
Testing the Server Migration
14.8
Backing Up the Server Migration Configuration
15
Configuring Single Sign-on for Administration Consoles in an Enterprise Deployment
15.1
Overview of Configuring Single Sign-on for Administration Consoles in an Enterprise Deployment
15.2
Prerequisites
15.3
Configuring WebLogic Security Providers
15.3.1
Updating Oracle Unified Directory Authenticator
15.3.2
Reordering the Security Providers
15.4
Assigning WLSAdmins Group to WebLogic Administration Groups
15.5
Authorize Access Manager Administrators to Access APM Console
15.6
Updating the boot.properties File
15.6.1
Update the Administration Servers on All Domains
15.6.2
Restarting the Servers
15.7
Installing and Configuring WebGate 11
g
15.7.1
Prerequisites
15.7.2
Installing Oracle WebGate on WEBHOST1 and WEBHOST2
15.8
Restarting the Oracle Traffic Director Instance
15.9
Validating WebGate and the Access Manager Single Sign-On Setup
15.10
Backing Up Single Sign-on
16
Managing the Topology for an Enterprise Deployment
16.1
Starting and Stopping Oracle Identity Management Components
16.1.1
Startup Order
16.1.2
Starting and Stopping Oracle Unified Directory
16.1.2.1
Starting Oracle Unified Directory
16.1.2.2
Stopping Oracle Unified Directory
16.1.3
Starting, Stopping, and Restarting Access Manager Managed Servers
16.1.3.1
Starting an Access Manager Managed Server When None is Running
16.1.3.2
Starting an Access Manager Managed Server When Another is Running
16.1.3.3
Stopping Access Manager Managed Servers
16.1.3.4
Restarting Access Manager Managed Servers
16.1.4
Starting, Stopping, and Restarting WebLogic Administration Server
16.1.4.1
Starting WebLogic Administration Server
16.1.4.2
Stopping WebLogic Administration Server
16.1.4.3
Restarting WebLogic Administration Server
16.1.5
Starting and Stopping Node Manager
16.1.5.1
Starting Node Manager
16.1.5.2
Stopping Node Manager
16.1.5.3
Starting Node Manager for an Administration Server
16.1.6
Starting, Stopping, and Restarting Oracle Traffic Director
16.1.7
Starting, Stopping, and Restarting Oracle Identity Manager
16.1.7.1
Starting Oracle Identity Manager
16.1.7.2
Stopping Oracle Identity Manager
16.1.7.3
Restarting Oracle Identity Manager
16.2
About Identity Management Console URLs
16.3
Monitoring Enterprise Deployments
16.3.1
Monitoring WebLogic Managed Servers
16.4
Scaling Enterprise Deployments
16.4.1
Scaling Up the Topology
16.4.1.1
Scaling Up Oracle Unified Directory
16.4.1.2
Scaling Up the Application Tier
16.4.1.3
Scaling Up Oracle Traffic Director
16.4.2
Scaling Out the Topology
16.4.2.1
Scaling Out the Web Tier
16.4.2.2
Scaling Out the Application Tier
16.5
Auditing Identity Management
16.6
Backing Up the Oracle IDM Enterprise Deployment
16.6.1
Backing Up the Database
16.6.2
Backing Up the Administration Server Domain Directory
16.6.3
Backing Up the Web Tier
16.6.4
Backing up the Middleware Home
16.7
Patching Enterprise Deployments
16.7.1
Patching an Oracle Fusion Middleware Source File
16.7.2
Patching Identity and Access Management
16.7.3
Patching Identity Management Components
16.8
Preventing Timeouts for SQL
16.9
Manually Failing Over the WebLogic Administration Server
16.9.1
Failing over the Administration Server to IDMHOST2
16.9.2
Starting the Administration Server on IDMHOST2
16.9.3
Validating Access to IDMHOST2
16.9.4
Failing the Administration Server Back to IDMHOST1
16.10
Troubleshooting
16.10.1
Troubleshooting Access Manager 11g
16.10.1.1
User Reaches the Maximum Allowed Number of Sessions
16.10.1.2
Policies Do Not Get Created When Oracle Access Manager is First Installed
16.10.1.3
You Are Not Prompted for Credentials After Accessing a Protected Resource
16.10.1.4
Cannot Log In to OAM Console
16.10.2
Troubleshooting Oracle Identity Manager
16.10.2.1
java.io.FileNotFoundException When Running Oracle Identity Manager Configuration
16.10.2.2
ResourceConnectionValidationxception When Creating User in Oracle Identity Manager
16.10.3
Troubleshooting Oracle SOA Suite
16.10.3.1
Transaction Timeout Error
16.10.4
Using My Oracle Support for Additional Troubleshooting Information
16.10.5
OIM Reconciliation Jobs Fail
16.10.6
LDAP Reconciliation Jobs Fail with LDAP 32 - USER SEARCH BASE WAS CORRECT ON FILES
A
Worksheet for Identity Management Topology
A.1
Hosts, Virtual Hosts, and Virtual IP Addresses for Identity Management
A.2
Directory Mapping
A.3
Port Mapping
A.4
LDAP Directory Details
A.5
Database Details
A.6
Web Tier Details
A.7
Application Tier Details
A.8
Account Mapping
B
Using Multi Data Sources with Oracle RAC
B.1
About Multi Data Sources and Oracle RAC
B.2
Typical Procedure for Configuring Multi Data Sources for an EDG Topology
C
Enterprise Topology with Oracle HTTP Server
C.1
Viewing the Oracle Identity Management Deployment Topology with Oracle HTTP Server on Exalogic
C.2
Understanding the Oracle Identity Manager with Oracle HTTP Server Topology Components
C.2.1
About the Oracle HTTP Server Instances in the Web Tier
C.2.2
About the Oracle Traffic Director Instances on the Application Tier
Index
Scripting on this page enhances content navigation, but does not change the content in any way.