The Deployment process includes several validation checks to ensure that everything is working correctly. This chapter describes additional checks that you can perform for additional sanity checking.
This chapter contains the following sections:
Validate the WebLogic Administration Server as follows.
Verify that you can access the WebLogic Administration Console by accessing the following URLs and logging in as the user weblogic_idm
:
http://IADADMIN.mycompany.com/console
http://IGDADMIN.mycompany.com/console
Verify that all managed servers are showing a status of Running.
Verify that you can access Oracle Enterprise Manager Fusion Middleware Control by accessing the URLs and logging in as the user weblogic_idm
:
http://IADADMIN.mycompany.com/em
http://IGDADMIN.mycompany.com/em
Test failover of the Access Administration server to OAMHOST2, and then fall back to OAMHOST1 as described in Section 20.8, "Manually Failing Over the WebLogic Administration Server."
Test failover of the Identity Governance Administration server to OIMHOST2, and then fall back to OIMHOST1 as described in Section 20.8, "Manually Failing Over the WebLogic Administration Server."
To Validate that this has completed correctly.
Access the Access Management Console at: http://IADADMIN.mycompany.com/oamconsole
Log in as the oamadmin
user or the user identified by the entry in Section 13.9, "Set User Names and Passwords."
Click the System Configuration tab
Click SSO Agents in the Access Manager section.
Click Search.
You should see the WebGate agents Webgate_IDM
, Webgate_IDM_11g
, IAMSuiteAgent
, and accessgate-oic
.
Validate the Oracle Identity Manager Server Instance by bringing up the Oracle Identity Self Service in a Web browser at the following URL:
https://SSO.mycompany.com:443/identity
https://igdadmin.mycomapany.com/identity
Log in using the xelsysadm
username and password.
Validate SOA by accessing the URL:
http://IDMINTERNAL.mycompany.com:7777/soa-infra
and logging in using the xelsysadm
username and password.
Note:
You may need to add soa-infra as an excluded resource in OAM.After configuration, you can validate that Oracle Unified Directory is working by performing a simple search. To do this issue the following commands:
OUD_ORACLE_INSTANCE/OUD/bin/ldapsearch -h LDAPHOST1.mycompany.com -p 1389 -D cn=oudadmin -b "" -s base "(objectclass=*)" supportedControl OUD_ORACLE_INSTANCE/OUD/bin/ldapsearch -h LDAPHOST2.mycompany.com -p 1389 -D cn=oudadmin -b "" -s base "(objectclass=*)" supportedControl OUD_ORACLE_INSTANCE/OUD/bin/ldapsearch -h IDSTORE.mycompany.com -p 389 -D cn=oudadmin -b "" -s base "(objectclass=*)" supportedControl
If Oracle Unified Directory is working correctly, you will see a list supportedControl entries returned.
To check that Oracle Unified Directory replication is enabled, issue the command:
OUD_ORACLE_INSTANCE/OUD/bin/status
If you are asked how you wish to trust the server certificate, valid options are:
Automatically trust
Use a truststore
Manually validate
Select your choice.
You are then prompted for the Administrator bind DN (cn=oudadmin
) and its password.
Next, you see output similar to the following example. Replication will be set to enable.
--- Server Status --- Server Run Status: Started Open Connections: 2 --- Server Details --- Host Name: ldaphost1 Administrative Users: cn=oudadmin Installation Path: /u01/oracle/products/dir/oud Instance Path: /u02/private/oracle/config/instances/oud1/OUD Version: Oracle Unified Directory 11.1.2.2.0 Java Version: 1.6.0_29 Administration Connector: Port 4444 (LDAPS) --- Connection Handlers --- Address:Port : Protocol : State -------------:-------------:--------- -- : LDIF : Disabled 8989 : Replication : Enabled 0.0.0.0:161 : SNMP : Disabled 0.0.0.0:1389 : LDAP : Enabled 0.0.0.0:1636 : LDAPS : Enabled 0.0.0.0:1689 : JMX : Disabled --- Data Sources --- Base DN: dc=mycompany,dc=com Backend ID: userRoot Entries: 1 Replication: Enabled Missing Changes: 0 Age Of Oldest Missing Change: <not available>
To validate that WebGate is functioning correctly, open a web browser and go the Access Management Console at: http://IADADMIN.mycompany.com/oamconsole
You now see the Access Manager Login page displayed. Enter your Access Manager administrator user name (for example, oamadmin
) and password and click Login. The Access Management console appears.
To validate the single sign-on setup, open a web browser and go the WebLogic Administration Console at http://IADADMIN.mycompany.com/console
and to Oracle Enterprise Manager Fusion Middleware Control at: http://IADADMIN.mycompany.com/em
Single Sign-On login page displays. Provide the credentials for the weblogic_idm
user to log in.
The following is a series of tests which you can perform to gain extra confidence in the deployment.
Login to the Oracle Identity Self Service using the URL as the user xelsysadm
:
https://sso.mycompany.com/identity
as xelsysadmn
Now try logging into the OIM System Administration console using the following URL:
http://igdadmin.mycompany.com/sysadmin
You should not be prompted to enter xelsysadm
credentials again as you have already logged into the Oracle Identity Self Service in the previous step.
Creating a New User in OUD to be Used by OAM
To create a new user in OUD:
Log in to the Oracle Identity Self Service as xelsysadmin
using the following URL:
http://sso.mycompany.com:443/identity
Click on Users under Administration
Select Create from the Actions menu
Complete the information about the user on the displayed form and click Submit.
Click Sign Out.
Log in to the Oracle Identity Self Service as the newly created user using the following URL:
http://sso.mycompany.com:443/identity
You are to set challenge questions at the first login. This indicates that the user was added to OUD and that you can log into OIM using OAM.
Testing the SOA workflow for approvals
To test the SOA workflow for approvals:
Access a protected resource, such as:
http://igdadmin.mycompany.com/sysadmin
Click Register New Account.
Complete information about the new account and click Register
Click Return, then make a note of the request number.
Log in to the Oracle Identity Self Service as the user xelsysadm
.
Click Inbox.
You request appears in the list of Pending approvals.
Click on the request and select Approve from the Actions menu.
Log out of the Oracle Identity Self Service.
Log back in as the newly created user.