Part I Preparing to Install Identity Manager

Complete the steps in this part of the Installation guide prior to installing Sun^TM Identity Manager.

Chapters in this part include:

• Chapter 1, Planning Your Installation

• Chapter 2, Install and Ready Your Application Server

• Chapter 3, Install and Ready Your Database

Chapter 1 Planning Your Installation

The following sections describe the Identity Manager installation process and provide information on how to plan your installation.

---

Note –

For information about upgrading to Sun Identity Manager 8.1, refer to the Sun Identity Manager 8.1 Upgrade guide.

---

Installation Task Flow

This guide is organized into parts to help guide you through the installation process. For example, you only need to read the chapters that apply to your choice of application server and database.

Part I, Preparing to Install Identity Manager

• Install and configure an application server

• Install the JDK (if necessary)

• Install and configure a database

Part II, Installing Identity Manager

• Install the Identity Manager software using the installer application and deploy it to your application server

Part III, Installing Optional Components

• Optionally install the Identity Manager Gateway

• Optionally install PasswordSync

Part IV, Starting, Configuring, and Registering Identity Manager

• Start Identity Manager and log on to the Administrator interface using a web browser

• Verify that Identity Manager is working properly and perform some simple configuration tasks

• Register Identity Manager with Sun Microsystems

Part V, Appendices

• Manually install Identity Manager and configure the database connection (if you did not use the installer application in Part II)

• Uninstall the Identity Manager software (if necessary)

• Other topics

Supported Software and Environments

Refer to Supported Software and Environments in Sun Identity Manager 8.1 Release Notes for detailed information about software and environments that are compatible with Identity Manager.

Installing in a Cluster Configuration

Refer to Chapter 3, Clustering and High Availability, in Sun Identity Manager Overview for information on clustering.

Installing Sun Identity Manager Service Provider

These installation instructions apply to Sun Identity Manager and Sun Identity Manager Service Provider.

Chapter 2 Install and Ready Your Application Server

Follow the steps in this chapter to prepare your application server for Identity Manager.

This chapter includes the following sections:

• General Requirements

• Install an Application Server

• Configure the Locale

• Decide Where to Store Application Files

• Set Up a Java Virtual Machine and Java Compiler

• Memory Requirements

General Requirements

When installing Identity Manager on UNIX® or Linux systems, the /var/opt/sun/install directory must exist and be writable by the user running the installer.

Install an Application Server

For a list of supported application server versions, see Application Servers in Sun Identity Manager 8.1 Release Notes

Sun GlassFish Enterprise Server Installation Notes

You may need to perform one or more of these general steps when installing the software:

• Use the Sun GlassFish^TM Enterprise Server typical installation.

• Specify the location for the Installation directory.

• Specify the administrator name and password for Application Server administration.

Tomcat Installation Notes

Install the Tomcat software according to the instructions included with Tomcat. You may find helpful information at the Jakarta Project site: http://jakarta.apache.org/tomcat/

To Install Tomcat on Windows

1. Specify the Tomcat installation location.

2. Select to start Tomcat as a service, and then select the port to run on. The default port is 8080.

To Install Tomcat on UNIX

1. After downloading and unpacking the Tomcat installation bundle, modify the Tomcat startup script by using this procedure:

   In the setclasspath.sh file in the $TOMCAT_HOME/bin directory, add these lines to the top of the file:

   JAVA_HOME=Location of a JDK BASEDIR=Location of your unpacked Tomcat export JAVA_HOME BASEDIR

2. When configuring Tomcat to support UTF-8, add the URIEncoding="UTF-8" attribute to the connector element in the TomcatDir/conf/server.xml file, for example:

   <!-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified during installation --> <Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8" />

3. When configuring Tomcat to support UTF-8, also add -Dfile.encoding=UTF-8 in your Java VM options.

WebLogic Installation Notes

Install WebLogic using the instructions provided with the software. To configure WebLogic before installing Identity Manager, see Step 1: Configure the WebLogic Software.

WebSphere Installation Notes

Install WebSphere using the instructions provided with the software. To configure WebSphere before installing Identity Manager, see Step 1: Configure WebSphere.

JBoss Installation Notes

Install JBoss using the instructions provided with the software. You may find helpful information at the JBoss Project site, at http://labs.jboss.com/portal/jbossas .

You may need to perform one or more of these general steps when installing the software:

• Install the full JBoss application server.

• Ensure that the JBoss installation path does not contain spaces.

• Specify the administrator name and password for Application Server administration.

• When configuring JBoss to support UTF-8, add the URIEncoding="UTF-8" attribute to the Connector element in the InstallDir\server\default\deploy\jbossweb-tomcat55.sar\server.xml file, for example:

  <!-- A HTTP/1.1 Connector on port 8080 -->
  <Connector port="17001" address="${jboss.bind.address}"
     maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"
     emptySessionPath="true" enableLookups="false" redirectPort="8443"
     acceptCount="100" connectionTimeout="20000"
     disableUploadTimeout="true" URIEncoding="UTF-8" />

• When configuring JBoss to support UTF-8, also add -Dfile.encoding=UTF-8 in your Java VM options.

• Increase the JBoss PermGen space to avoid out-of-memory errors. For example, add the following arguments in your JAVA_OPTS environment variable to increase the space to 128 MB:

  -XX:PermSize=128m -XX:MaxPermSize=128m

Oracle Application Server Installation Notes

Follow these general steps when installing the software. For details, see the documentation provided by Oracle®.

• Use the Oracle Enterprise Manager 10g Application Server typical installation.

• Specify the location for the installation directory.

• Specify the administrator name and password for Application Server administration.

Configure the Locale

The application server should be configured to use the same locale or encoding as the database and the Java^TM Virtual Machine (JVM^TM).

Inconsistent encodings may introduce certain globalization issues, such as incorrect handlings of multibyte characters. In globalized environments, UTF-8 should be implemented on all products.

Refer to your application server documentation for information about setting the locale/encoding. Also, when loading or unloading data via CSV or XML files, ensure that their encodings are consistent with Identity Manager’s deployment environment encoding to retain data integrity. For enabling localization support see Enabling Language Support.

Decide Where to Store Application Files

You must create the directory where you will store application files before launching the installation program. You can store application files in a staging directory, or you can install into your application server’s Web application directory.

Using a Staging Directory

Because Identity Manager applications are based on J2EE^TM Web, you can store them in a staging directory. This staging directory is used to deploy the application into your specific application server. Typically, a Web Application Archive (.war) file is created for use in the deployment steps.

Using a Web Application Directory

You may choose to install directly into an application server’s Web application directory. In this case, you will specify the Web application directory during installation. The installation program will place the Identity Manager files in a folder named idm in that location by default.

---

Note –

If you use a localfiles repository instead of a database, set the localfiles repository to a location outside of the Identity Manager directory on the application server. See If You Are Not Using a Database for more information.

---

Set Up a Java Virtual Machine and Java Compiler

The application server requires a Java compiler and a Java Virtual Machine (JVM) to run the Java classes that perform actions within Identity Manager. Both of these can be found in a Java SDK. (The JRE^TM packages do not include a Java compiler.)

---

Note –

• Many application servers include a JDK bundled with their installation. The JDK version that is shipped with the application server is always preferred to any other JDK installed on your server.

• You can run Identity Manager on BEA WebLogic application servers with all WebLogic-supported 1.5 JVMs.

• You should add JAVA_HOME to your list of system environment variables and to your system path. To do this, add JAVA_HOME to your system environment and JAVA_HOME\bin to your path, making sure to list it before any other Java variables. While adding JAVA_HOME to your list of system environment variables is helpful for Identity Manager, it may affect other applications.

• The JVM should be configured to use the same locale or encoding as the application server and the database.

---

Memory Requirements

You should determine your memory needs and set values in your application server’s JVM. Do this by adding maximum and minimum heap size to the Java command line; for example:

java -Xmx512M -Xms512M

---

Note –

For best performance, set these values to the same size. Depending on your specific implementation, you may need to increase these recommended values if you run reconciliation.

---

For performance tuning purposes, you may also set the following in the waveset.property file:

max.post.memory.size value

---

Note –

The property max.post.memory.size specifies the maximum number of bytes that a posted file may contain without being spooled to the disk. For cases where you do not have permission to write to temp files, you should increase max.post.memory.size to avoid having to spool to the disk. The default value is 8 Kbytes.

---

For additional system requirements and information, refer to the Sun Identity Manager 8.1 Release Notes.

Chapter 3 Install and Ready Your Database

Follow the steps in this chapter to prepare a database for use with Identity Manager. A database is required for production environments and QA/test environments. If you are installing Identity Manager in a development environment, or if you are simply evaluating Identity Manager, you can use regular files to store Identity Manager data. See If You Are Not Using a Database for more information.

This chapter is organized into the following sections:

• If You Are Not Using a Database

• Preparing a Database

• Set Up an Identity Manager Service Provider Transaction Database

• Configure the Database Locale

If You Are Not Using a Database

If you plan to use your local file system to store Identity Manager data, select a location outside of the application or Web server directory structure. The dynamic directories created for Identity Manager data cannot be protected from intruders who might use a Web browser to scan directories serviced by the Web server. Note that a database is required for production environments and QA/test environments.

Preparing a Database

For a list of supported database versions, see Repository Database Servers in Sun Identity Manager 8.1 Release Notes.

You should use an approved third-party relational database to store system data. Do not host the Identity Manager repository on a virtual platform such as a VMware virtual machine because performance (transactions per second) will be adversely affected.

Use the general procedures in this section when setting up the database. Your database administrator may choose to customize the provided scripts to suit your site-specific configuration and standards. Later, during the installation of Identity Manager on your application server, you may need to install a JAR file that contains either a JDCB^TM driver or a JNDI InitialContextFactory for your database.

---

Note –

You must configure your database with a character set that will support the characters that you want to store. If you need to store multi-byte characters, you should use a character set (such as UTF-8) that supports Unicode.

---

About the Sample Database Scripts

Identity Manager provides sample database scripts that you can modify and use to create tables and indexes. You may choose to use an alternate method to create equivalent tables and indexes, but these requirements must be met:

• Tables (or views) must exist with the names specified in the sample DDL

• Each named table (or view) must be owned by (or aliased to) the proxy user that is represented as “waveset” in the sample DDL

• Each named table (or view) must contain all the columns specified for that table in the sample DDL

• Each named column must have a data type that is consistent with the data type specified for that column in the sample DDL

You can modify the sample scripts to suit your environment.

Common changes include:

• Specifying a different proxy user

• Specifying different tablespaces, or separate tablespaces for tables and indexes

• Changing a data type. This is acceptable if a view or the JDBC driver makes the change transparent.

• Adding columns. This is acceptable if each column is nullable or defaulted.

• Removing or renaming columns. This is acceptable if a view makes this transparent.

• Renaming indexes

---

Note –

If you make changes to the sample scripts, then you must make equivalent changes to any sample database upgrade scripts that you receive in the future.

---

Preparing MySQL

---

Note –

See the Sun Identity Manager 8.1 Release Notes for supported database server versions.

---

To Prepare MySQL for Use with Identity Manager

1. Install the MySQL^TM software. Start the MySQL process (if it does not start automatically).

2. Create the database. To do this:

   1. Copy the create_waveset_tables.mysql script to a temporary location. This script is located in the db_scripts directory in the Identity Manager installation package, and also in the idm\sample directory if Identity Manager is already installed.

   2. Modify the create_waveset_tables.mysql script to change the database user password.

   3. Create the new tables by using one of the following commands:

      On Windows

      c:\mysql\bin\mysql -u root < create_waveset_tables.mysql

      On UNIX

      $MYSQL/bin/mysql -u root < create_waveset_tables.mysql

3. Download a version of MySQL Connector/J to use with MySQL.

   See Notes on Configuring Databases and Downloading Supporting JAR Files for more information.

   Later, during the Identity Manager installation process, you will install the MySQL Connector/J driver to the $WSHOME/WEB-INF/lib directory on your application server.

Preparing Oracle

---

Note –

See the Sun Identity Manager 8.1 Release Notes for supported database server versions.

---

To Prepare Oracle for Use with Identity Manager

1. Install Oracle or confirm the connection to an Oracle database.

2. Connect to the Oracle instance as a user with privileges to create users and tables.

3. Create the database. To do this:

   1. Copy the create_waveset_tables.oracle script to a temporary location. This script is located in the db_scripts directory in the Identity Manager installation package, and also in the idm\sample directory if Identity Manager is already installed.

   2. Modify the create_waveset_tables.oracle script:

      1. Change the user password.

      2. Change the path for DATAFILE to point to the location for your waveset.dbf data file.

      Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.

   3. Create the new tables by using the following command:

      On Windows

      sqlplus dbausername/dbapassword @create_waveset_tables.oracle

      On UNIX

      sqlplus dbausername/dbapassword @create_waveset_tables.oracle

4. Download the JDBC driver to use with your version of Oracle.

   See Notes on Configuring Databases and Downloading Supporting JAR Files for more information.

   Later, during the Identity Manager installation process, you will install the JDBC driver to the $WSHOME/WEB-INF/lib directory on your application server.

Configuring lh setup for Oracle RAC

If you are using Oracle RAC as your Identity Manager repository and you are connecting with the thin driver, use the following URL parameter format in lh setup:

jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)
(ADDRESS=(PROTOCOL=TCP)(HOST=host01)(PORT=1521))(
ADDRESS=(PROTOCOL=TCP)(HOST=host02)(PORT=1521))
(ADDRESS=(PROTOCOL=TCP)(HOST=host03)(PORT=1521))
(CONNECT_DATA=(SERVICE_NAME=PROD)))

Preparing DB2

Before setting up DB2, you should decide how DB2 will provide JDBC access.

JDBC Access Considerations

DB2 offers two types of JDBC access, each of which requires a different URL format. The setup process allows you to select a preferred driver and automatically displays the corresponding URL template.

The application driver (COM.ibm.db2.jdbc.app.DB2Driver) requires local client software and a local database instance. Since DB2 runs on a separate (often dedicated) host in most production environments, the local database instance usually contains an alias to the remote database instance. In this configuration, the local database instance uses a DB2-specific protocol to communicate with the remote database instance.

The Type 2 network driver (COM.ibm.db2.jdbc.net.DB2Driver) does not require local client software or a local database. It does require that the DB2 Java daemon (db2jd) be running on the target server. (In most production environments, the target server is a separate host, but the network driver works as well with a local database instance.) This daemon is not started by default, but the database administrator can start it manually or configure it to start automatically when the database instance starts.

The Type 4 network driver (COM.ibm.db2.jcc.DB2Driver) connects directly to the DB2 database.

---

Note –

When using the type 4 driver (in a direct connection) with at least DB2 8.1.2, download the following driver:

com.ibm.db2.jcc.DB2Driver

Later, during the Identity Manager installation process, you will need to copy the following files to the $WSHOME/WEB-INF/lib directory on your application server:

db2jcc

db2jcc_license_cisuz.jar or db2jcc_license_cu.jar

See Notes on Configuring Databases and Downloading Supporting JAR Files for more information.

---

Preparing DB2 for Use with Identity Manager

Follow these steps to set up DB2.

---

Note –

See the Sun Identity Manager 8.1 Release Notes for supported database server versions.

---

To Prepare DB2 for Use with Identity Manager

1. Install DB2 or confirm the connection to a DB2 database.

2. Connect to the DB2 instance as a user with privileges to create users and tables.

3. Create the database. To do this:

   1. Copy the create_waveset_tables.db2 script to a temporary location. This script is located in the db_scripts directory in the Identity Manager installation package, and also in the idm\sample directory if Identity Manager is already installed.

   2. Modify the create_waveset_tables.db2 script:

      • Change the user password.

      • Change the path for the CREATE_TABLESPACE command to a location appropriate for your environment.

      Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.

      Create the new tables by using the following command:

      On Windows

      db2 -tvf create_waveset_tables.db2

      On UNIX

      db2 -tvf create_waveset_tables.db2

Preparing SQL Server

---

Note –

See the Sun Identity Manager 8.1 Release Notes for supported database server versions.

---

To Prepare SQL Server for Use with Identity Manager

1. Install Microsoft SQL Server or confirm the connection to a SQL Server installation.

2. Create the database. To do this:

   1. Copy the create_waveset_tables.sqlserver script to a temporary location. This script is located in the db_scripts directory in the Identity Manager installation package, and also in the idm\sample directory if Identity Manager is already installed.

   2. Modify the create_waveset_tables.sqlserver script to change the login password.

      ---

      Note –

      Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.

      ---

   3. Create the new tables by executing the create_waveset_tables.sqlserver script, located on the installation CD; for example:

      osql -E -i PathToFile\create_waveset_tables.sqlserver

      ---

      Note –

      You must have privileges to create databases and logins.

      ---

3. Download the Microsoft SQL Server 2005 Driver for JDBC.

   ---

   Note –

   Identity Manager version 8.1 supports SQL Server 2008 using the SQL Server 2005 JDBC drivers.

   ---

   1. Go to the Microsoft downloads website. http://www.microsoft.com/downloads

   2. In the Search for a Download area, enter “SQL Server JDBC” in the keywords field, and then click Go.

   3. Download the correct version of the driver for your installation.

      Later, during the Identity Manager installation process, you will install the SQL Server driver to the $WSHOME/WEB-INF/lib directory on your application server.

      See Notes on Configuring Databases and Downloading Supporting JAR Files for more information.

Set Up an Identity Manager Service Provider Transaction Database

If you are installing Sun Identity Manager Service Provider, then you must set up a database in which to store transaction data.

Use one of the following sample scripts as a starting point for creating your transaction database:

• create_spe_tables.oracle

• create_spe_tables.db2

Use the procedures outlined in Preparing a Database to guide you through the process of creating a transaction database.

---

Note –

You must configure your database with a character set that supports the characters that you want to store. If you need to store multi-byte characters, you should use a character set (such as UTF-8) that supports Unicode.

---

Configure the Database Locale

The database should be configured to use the same locale or encoding as the application server and the Java Virtual Machine (JVM).

Inconsistent encodings may introduce certain globalization issues, such as incorrect handlings of multibyte characters. In globalized environments, UTF-8 should be implemented on all products.

Refer to your database documentation for information about setting the locale/encoding. Also, when loading or unloading data using CSV or XML files, ensure that their encodings are consistent with Identity Manager’s deployment environment encoding to retain data integrity. For enabling localization support see Enabling Language Support.