This chapter describes the software installations required for an Oracle Identity and Access Management enterprise deployment.
This chapter contains the following topics:
Section 11.1, "Assembling Information for Identity and Access Management Deployment"
Section 11.2, "Creating an Oracle Identity and Access Management Software Repository"
Assemble the following information prior to deployment. You can print out the tables from the PDF version of this guide and record your own values.
This guide repeatedly uses the following host names to make it easier to follow:
WEBHOST1/2
OAMHOST1/2
OIMHOST1/2
LDAPHOST1/2
The actual values you use depend on the type of deployment topology you are using. These values are translations of how these hosts refer to the hosts listed in the topologies.
In addition to the host names, you may see some of the hosts with an EXT suffix (generally used in the OHS topology). The EXT suffix is used to denote that the external EoIB network interface is used.
In addition to the host names, you may see some of the hosts in the document have a VHN suffix. This is used to identity virtual host names.
In certain circumstances you may see hosts with a suffix of EXTVHN. In this scenario this suffix is referring to a virtual hostname configured on the EoIB network.
Notes:
Do not use host names that contain the hyphen (-
) character. See Section 20.10.2.1, "Deployment Fails with Error: Incorrect Host or Domain Name Format for Attribute."
Do not use privileged ports (< 1024) for the Identity and Access Management deployment.
Table 11-1 Hosts–Virtual Exalogic
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Management Host 1 |
|
|
|
Access Management Host 2 |
|
|
|
Identity Governance Host 1 |
|
|
|
Identity Governance Host 2 |
|
|
|
Directory Host 1 |
|
|
|
Directory Host 2 |
|
|
|
First Web Tier host |
|
|
|
Second Web Tier host |
|
|
Table 11-2 Hosts–Physical Exalogic
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Management Host 1 |
|
|
|
Access Management Host 2 |
|
|
|
Identity Governance Host 1 |
|
|
|
Identity Governance Host 2 |
|
|
|
Directory Host 1 |
|
|
|
Directory Host 2 |
|
|
|
First Web Tier host |
|
|
|
Second Web Tier host |
|
|
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Management Host 1 |
|
|
|
Access Management Host 2 |
|
|
|
Identity Governance Host 1 |
|
|
|
Identity Governance Host 2 |
|
|
|
Directory Host 1 |
|
|
|
Directory Host 2 |
|
|
|
First Web Tier host |
|
|
|
Second Web Tier host |
|
|
Table 11-4 Installation Locations
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Software Repository Location |
|
|
|
Software Installation Location |
|
|
|
Shared Configuration Location |
|
|
|
Local Configuration Location |
|
|
|
Lifecycle Management Store Location |
|
|
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Management WLS Server Port |
|
|
|
Identity Governance WLS Port |
|
|
|
Oracle Identity Manager Port, Second Oracle Identity Manager Port |
|
|
|
SOA Ports, Hosts 1 and 2 |
|
|
|
Access Manager Port, Second Access Manager Port |
|
|
|
Access Manager Proxy Port |
|
|
|
Web Server HTTP Port |
|
|
|
Web Server HTTPS Port |
|
|
|
LDAP Port |
|
|
|
LDAP SSL Port |
|
|
|
LDAP Administration Port |
|
|
|
LDAP Replication Port |
|
|
|
Node Manager Port |
|
|
|
OAAM Port |
|
14300 |
|
OAAM Administration Port |
|
14200 |
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Domain Administration Server Virtual Host |
|
|
|
Governance Domain Administration Server Virtual Host |
|
|
|
First Oracle Identity Manager Server virtual host |
|
|
|
Second Oracle Identity Manager Server virtual host |
|
|
|
First SOA Server virtual host |
|
|
|
Second SOA Server virtual host |
|
|
Table 11-7 Database Information
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
SCAN Address |
|
|
|
SCAN Listener Port |
|
|
|
Oracle Identity Manager DB Service Name |
|
|
|
Access Manager DB Service Name |
|
|
|
OAAM DB Service Name |
|
|
|
Oracle Identity Manager DB Schema Password |
|
||
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
LDAP Realm DN, |
|
|
|
Identity Store Bind DN |
|
|
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Load Balancer end point used to access the IAMAccessDomain Administration functions |
|
|
|
Load Balancer end point used to access the IAMGovernanceDomain Administration functions |
|
|
|
Load Balancer Administration Port |
|
|
|
Load Balancer Administration Port is SSL? |
|
||
Load Balancer Internal Callbacks Virtual Host Name |
|
|
|
Load Balancer Internal Callbacks Port |
|
|
|
Load Balancer SSL Port |
|
|
|
Load Balancer ID Store Virtual Host Name |
|
|
|
Load Balancer ID Store Port |
|
|
|
Load Balancer ID Store SSL Port |
|
|
|
SSO main application entry point |
|
|
Table 11-10 Email Server (Optional)
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Outgoing Email Server Name |
|
|
|
Outgoing Email Server Port |
|
|
|
Outgoing Email Security |
|
|
|
Email Username |
|
||
Email Password |
|
Note:
Internal call backs are always unencrypted (HTTP). The main entry pointsso.mycompany.com
is always encrypted (HTTPS)Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Common IAM Password for IAM Deployment Wizard |
|
||
Identity Store Access Manager Administrative User |
|
|
|
Identity Store Access Manager Software User |
|
|
|
Identity Store Oracle Identity Manager Administrative User |
|
|
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Manager Transfer Mode |
|
|
|
Access Manager Cookie Domain |
|
|
The software required by Oracle Identity and Access Management is located in the Oracle Fusion Middleware Deployment Repository. If you have not already done so then you must create an Oracle Fusion Middleware Provisioning Repository as described in Oracle Fusion Middleware Deployment Guide for Oracle Identity and Access Management.
If you have not already done so, unzip the RCU zip file REPOS_HOME
/installers/fmw_rcu/linux/rcuHome.zip
to:
REPOS_HOME
/installers/rcu
Oracle Traffic Director and Oracle WebGate for Traffic Director are not supplied as part of the software repository.
You must download these separately. It is recommended that you extract these to the Software Repository for consistency.
Extract OTD to REPOS_HOME
/installers/otd
Extract OTD WebGate to REPOS_HOME
/installers/webgate_otd
Make sure that your Deployment Repository contains Java. It should reside in a directory called jdk6
.
You can verify that Java is installed and working as follows:
Set JAVA_HOME
to: JAVA_HOME
Run these commands:
JAVA_HOME/bin/java -version JAVA_HOME/bin/javac -version
The IAM Deployment Wizard must be visible to each host in the topology during provisioning and subsequent patching.
The installation script for the IAM Lifecycle Tools (IAM Deployment Wizard and IAM Patching Tools) resides in the directory:
REPOS_HOME
/installers/idmlcm/Disk1
To begin installing the tools, change to that directory and start the script.
cd REPOS_HOME/installers/idmlcm/idmlcm/Disk1 ./runInstaller -jreLoc REPOS_HOME/jdk6
Then proceed as follows:
On the Welcome screen, click Next.
If you are running the Wizard on a UNIX platform, you are prompted for the location of the Inventory Directory, which is used to keep track of all Oracle products installed on this host.
In the Operating System Group ID field, select the group whose members you want to grant access to the inventory directory. All members of this group can install products on this host. Click OK to continue.
The Inventory Location Confirmation dialog prompts you to run the inventory_directory
/createCentralInventory.sh
script as root
to create the /etc/oraInst.loc
file. This file is a pointer to the central inventory and must be present for silent installations. It contains two lines:
inventory_loc=
path_to_central_inventory
inst_group=
install_group
The standard location for this file is /etc/oraInst.loc
, but it can be created anywhere. If you create it in a directory other than /etc
, you must include the -invPtrLoc
argument and enter the location of the inventory when you run the Identity and Access Management Deployment Wizard or the runIAMDeployment
script.
If you do not have root
access on this host but want to continue with the installation, select Continue installation with local inventory.
Click OK to continue.
On the Prerequisite Checks screen, verify that checks complete successfully, then click Next.
On the Specify Install Location screen, enter the following information:
Oracle Middleware Home - This is the parent directory of the directory where the Identity and Access Management Deployment Wizard will be installed. This must be on shared storage for example:
/u01/lcm/tools
Oracle Home Directory - This is a subdirectory of the above directory where the wizard will be installed. For example:
idmlcm
Click Next.
On the Installation Summary screen, click Install.
On the Installation Progress screen, click Next.
On the Installation Complete screen, click Finish.
Before starting to deploy your environment, you must ensure that none of the ports you intend to use is already in use.
To do this, perform the following steps:
Log on to the machine that the component will run on.
Check that no process is running on that port using the following command:
netstat -an | grep port
where port
is the port number you are checking for. See ports listed in Table 11-5.
For example, for Oracle HTTP server the command is:
netstat -an | grep 7777
For a full list of the default ports, see Chapter 4, "Ports Used in the Exalogic Reference Topology."