Oracle Identity Federation is a self-contained, standalone federation server that enables single sign-on and authentication in a multiple-domain identity network and supports the broadest set of federation standards. This enables users to federate in heterogeneous environments and business associations, whether they have implemented other Oracle Identity Management products in their solution set or not.
It can be deployed as a multi-protocol hub acting as both an Identity Provider (IdP) and Service Provider (SP).
Acting as an SP, Oracle Identity Federation enables you to manage your resources while off loading actual authentication of users to an IdP, without having to synchronize users across security domains out of band. Once authenticated at the IdP, the SP can allow or deny access to users for the SP's applications depending upon the local access policies.
This chapter contains the following topics:
Section 15.2, "Configuring Oracle Identity Federation on OIFHOST1"
Section 15.3, "Configuring Oracle Identity Federation on OIFHOST2"
Section 15.4, "Provisioning the Managed Servers on the Local Disk"
Section 15.7, "Enabling Oracle Identity Federation Integration with LDAP Servers"
Section 15.8, "Configuring Oracle Identity Federation to work with the Oracle Web Tier"
Section 15.10, "Backing Up the Application Tier Configuration"
Before proceeding with Oracle Identity Federation configuration, ensure that you have done the following.
Create a domain directory on OIFHOST1
and OIFHOST2
, for example: /u01/app/oracle/admin/IDMDomain/aserver/IDMDomain
. This directory must exist before you extend the domain with Oracle Identity Federation. This is especially important in Windows environments where the path (including drive letter) must be the same as that on IDMHOST1
.
Install and upgrade the software on OIFHOST1 and OIFHOST2 as described in Section 4.5.4, "Installing Oracle WebLogic Server" and Section 4.5.5, "Installing Oracle Identity Management."
Run the Repository Creation Utility (RCU) to create and configure the collection of schemas used by Oracle Identity Federation as described in Chapter 3, "Configuring the Database Repositories."
Create the Identity Management domain as described in Chapter 6, "Creating the WebLogic Server Domain for Identity Management."
Install and configure Oracle Internet Directory as described in Chapter 7, "Extending the Domain with Oracle Internet Directory.".Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory is used as the User Store and the Federation Store
Install and configure Oracle HTTP Server on WEBHOST1
and WEBHOST2
as described in Chapter 5, "Configuring the Web Tier."
Associate the Identity Management domain created with an External LDAP Store as described in Section 10.3.2, "Reassociating the Policy and Credential Store." This is required because Oracle Identity Federation is being extended on a node where the Administration Server is not running.
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
If you plan on provisioning the Instance Home or the Managed Server domain directory on shared storage, ensure that the appropriate shared storage volumes are mounted on IDMHOST1 as described in Section 2.4, "Shared Storage and Recommended Directory Structure."
On UNIX:
Ensure that port 7499 is not in use by any service on the computer by issuing these commands for the operating system you are using. If a port is not in use, no output is returned from the command.
On UNIX:
netstat -an | grep "7499"
If the port is in use (if the command returns output identifying the port), you must free it.
On UNIX:
Remove the entries for port 7499
in the /etc/services
file and restart the services, as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components," or restart the computer.
Copy the staticports.ini
file from the Disk1/stage/Response
directory to a temporary directory.
Edit the staticports.ini
file that you copied to the temporary directory to assign the following custom port:
Port | Value |
---|---|
Oracle Identity Federation Server Port |
|
Start the Oracle Identity Management 11g Configuration Assistant located under the IDM_ORACLE_HOME
/bin directory
as follows:
On UNIX, issue this command:
./config.sh
On Windows, double-click config.exe
On the Welcome screen, click Next.
On the Select Domain screen, select Extend Existing Domain and specify these values:
HostName: adminvhn.mycompany.com
Port: 7001
UserName: weblogic
User Password: weblogic_user_password
Click Next.
A dialog box with the following message appears:
The selected domain is not a valid Identity Management domain or the installer cannot determine if it is a valid domain. If you created the domain using the Identity Management installer, you can ignore this message and continue. If you did not create the domain using the Identity Management installer, refer to the Identity Management documentation for information on how to verify the domain is valid.
This is a benign warning that you can ignore.
Click Yes to continue.
On the Specify Installation Location screen, specify the following values:
Oracle Middleware Home Location: /u01/app/oracle/product/fmw
This value is prefilled and cannot be updated.
Oracle Home Directory: idm
This value is prefilled and cannot be updated
WebLogic Server Directory: /u01/app/oracle/product/fmw/wlserver_10.3
Oracle Instance Location: /u01/app/oracle/admin/instances/oif_inst1
Instance Name: oif_inst1
Click Next.
On the Specify Security Updates screen, specify the values shown in this example:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Select I wish to receive security updates via My Oracle Support.
Click Next.
On the Configure Components screen, de-select all the components except Oracle Identity Federation components. Select only Oracle Identity Federation from the Oracle Identity Federation components. Do not select Oracle HTTP Server. Select Clustered.
Click Next.
On the Configure Ports screen, select Specify Ports using Configuration File. Provide the path to the staticports.ini file that you copied to the temporary directory.
Click Next.
On the Specify OIF Details screen, specify these values:
PKCS12 Password: password
Confirm Password: Confirm the password
Server Id: WLS_OIF1
Click Next.
On the Select OIF Advanced Flow Attributes screen, specify these values:
Authentication Type: LDAP
User Store: LDAP
Federation Store: LDAP
User Session Store: RDBMS
(default selection, which cannot be changed for a cluster)
Message Store: RDBMS
(default selection, which cannot be changed for a cluster)
Configuration Store: RDBMS
(default selection, which cannot be changed for a cluster)
Note:
When you choose RDBMS
for the session, message, and configuration data stores during an Advanced installation, the installer creates one data source for all three data stores. If you want to have separate databases for each of these stores, you must configure this after the installation by using the OUI Config Wizard.
Click Next.
On the Authentication LDAP Details screen, specify the following values:
LDAP Type: Select Oracle Internet Directory if you have an Oracle Internet Directory only topology without Oracle Virtual Directory. Otherwise select Oracle Virtual Directory.
LDAP URL: The LDAP URL to connect to your LDAP store in the format: ldaps://host:port
. For example: ldaps://idstore.mycompany.com:636
LDAP Bind DN: cn=orcladmin
LDAP Password: orcladmin_password
User Credential ID Attribute: uid
User Unique ID Attribute: uid
Person Object Class: inetOrgPerson
Base DN: dc=mycompany,dc=com
Click Next.
On the LDAP Attributes for User Data Store screen, specify the following values:
LDAP Type: Select Oracle Internet Directory if you have an Oracle Internet Directory only topology without Oracle Virtual Directory. Otherwise select Oracle Virtual Directory.
LDAP URL: The LDAP URL to connect to your LDAP store in the format: ldaps://host:port
. For example: ldaps://idstore.mycompany.com:636
LDAP Bind DN: cn=orcladmin
LDAP Password: orcladmin_password
User Description Attribute: uid
User ID Attribute: uid
Person Object Class: inetOrgPerson
Base DN: dc=mycompany,dc=com
Click Next.
On the LDAP Attributes for Federation Data Store screen, specify the following values.
Note:
The Federation Data Store is used to store identity provider information referencing the user and the local user account identity.
This information should be stored with the user information in the Identity Store directory. If you are using multiple Identity Store directories, select one of them.
You cannot select Oracle Virtual Directory, as the configuration assistant must add object classes directly to the LDAP directory.
LDAP Type: Select the directory type that matches the directory where your identity information is stored. If you have more than one directory type, select one that is highly available.
LDAP URL: Provide the LDAP URL to connect to your LDAP store in the format: ldaps://host:port
. For example: ldaps://oididstore.mycompany.com:636
LDAP Bind DN: Enter the bind DN of an administrator in the user directory, for example: cn=orcladmin
LDAP Password: orcladmin_password
User Federation Record Context: cn=myfed,dc=mycompany,dc=com
Container Object Class: The type of User Federation Record Context that Oracle Identity Federation should use when creating the LDAP container, if it does not exist already. If that field is empty, its value is set to applicationprocess
. For Microsoft Active Directory this field must be set to container
.
Click Next.
On the Transient Store Database Details screen, specify the values shown in this example:
Host Name: The connect string to your database. For example:
oiddbhost1-vip.mycompany.com:1521:idmdb1^oiddbhost2-vip.mycompany.com:1521:idmdb2@oidedg.mycompany.com
Notes:
The Oracle RAC database connect string information must be provided in the format:
host1
:
port1
:
instance1
^
host2
:
port2
:
instance2
@
servicename
During this installation, it is not required for all the Oracle RAC instances to be up. If one Oracle RAC instance is up, the installation can proceed.
It is required that the information provided is complete and accurate. Specifically, the correct host, port, and instance name must be provided for each Oracle RAC instance, and the service name provided must be configured for all the specified Oracle RAC instances.
Any incorrect information entered in the Oracle RAC database connect string has to be corrected manually after the installation.
If you are using Oracle Database 11.2, replace the vip
address and port with the 11.2 SCAN address and port.
UserName: The username for the OIF Schema. For example: edg_oif
Password: oif_user_password
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct. If they are not correct, click Back to modify selections on previous screens. Then click Configure.
On the Configuration Progress screen, view the progress of the configuration.
On the Configuration Complete screen, click Finish to confirm your choice to exit.
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management in the Oracle Fusion Middleware documentation library for the platform and version you are using.
If you plan to provision the Instance Home or the Managed Server domain directory on shared storage, ensure that the appropriate shared storage volumes are mounted on IDMHOST1 as described in Section 2.4, "Shared Storage and Recommended Directory Structure."
Ensure that port 7499
is not in use by any service on the computer by issuing these commands for the operating system you are using. If a port is not in use, no output is returned from the command.
On UNIX:
netstat -an | grep "7499"
If the port is in use (if the command returns output identifying the port), you must free it.
On UNIX:
Remove the entries for port 7499
in the /etc/services
file and restart the services, as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components," or restart the computer.
Copy the staticports.ini
file from the Disk1/stage/Response directory to a temporary directory.
Edit the staticports.ini file that you copied to the temporary directory to assign the following custom port:
Port | Value |
---|---|
Oracle Identity Federation Server Port |
|
Start the Oracle Identity Management 11g Configuration Assistant located under the IDM_ORACLE_HOME
/bin
directory as follows:
On UNIX, issue this command:
./config.sh
On Windows, double-click config.exe
On the Welcome screen, click Next.
On the Select Domain screen, select the Expand Cluster option and specify these values:
HostName: ADMINVHN.mycompany.com
Port: 7001
UserName: weblogic
User Password: weblogic_user_password
Click Next.
A dialog box with the following message appears:
The selected domain is not a valid Identity Management domain or the installer cannot determine if it is a valid domain. If you created the domain using the Identity Management installer, you can ignore this message and continue. If you did not create the domain using the Identity Management installer, refer to the Identity Management documentation for information on how to verify the domain is valid.
This is a benign warning that you can ignore.
Click Yes to continue.
On the Specify Installation Location screen, specify the following values:
Oracle Middleware Home Location: /u01/app/oracle/product/fmw
(This value is prefilled and cannot be updated.)
Oracle Home Directory: idm
(This value is prefilled and cannot be updated.)
WebLogic Server Directory: /u01/app/oracle/product/fmw/wlserver_10.3
Oracle Instance Location: /u01/app/oracle/admin/instances/oif_inst2
Instance Name: oif_inst2
Click Next.
On the Specify Oracle Configuration Manager Details screen, specify the following values:
Email Address: The email address for your My Oracle Support account
Oracle Support Password: The password for your My Oracle Support account
Select: I wish to receive security updates via My Oracle Support
Click Next.
On the Configure Components screen, de-select all the components except for Oracle Identity Federation components. Select only Oracle Identity Federation from the Oracle Identity Federation components. Do not select Oracle HTTP Server.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct. If they are not correct, click Back to modify selections on previous screens. Then click Configure.
On the Configuration Progress screen, view the progress of the configuration.
On the Installation Complete screen, click Finish to confirm your choice to exit.
Due to certain limitations, the Oracle Configuration Wizard creates the domain configuration under the Identity Management Oracle home. In this deployment guide, the Oracle home is on shared disk and it is a best practice recommendation to separate the domain configuration from the Oracle home. This section provides the steps to separate the domain. Proceed as follows:
From OIFHOST1
, copy the applications directory under the MW_HOME
/admin/
IDMDomain
/aserver/
IDMDomain
/config/fmwconfig/servers/wls_oif1
directory to the MW_HOME
/admin/
IDMDomain
/aserver/
IDMDomain
/config/fmwconfig/servers/wls_oif1
directory and to the MW_HOME
/admin/
IDMDomain
/aserver/
IDMDomain
/config/fmwconfig/servers/wls_oif2
directories on IDMHOST1
.
scp -rp MW_HOME/admin/IDMDomain/aserver/IDMDomain/config/fmwconfig/servers/wls_oif1/applications user@IDMHOST1:/ORACLE_BASE/admin/IDMDomain/aserver/IDMDomain/config/fmwconfig/servers/wls_oif1/ scp -rp MW_HOME/admin/IDMDomain/aserver/IDMDomain/config/fmwconfig/servers/wls_oif1/applications user@IDMHOST1:/ORACLE_BASE/admin/IDMDomain/aserver/IDMDomain/config/fmwconfig/servers/wls_oif2/
On IDMHOST1
, pack the Managed Server domain using the pack command located under the ORACLE_COMMON_HOME
/common/bin
directory. Make sure to pass the -managed=true
flag to pack the Managed Server. Type:
ORACLE_COMMON_HOME/common/bin/pack.sh -managed=true \
-domain=path_to_adminServer_domain -template=templateName.jar \
-template_name=templateName
For example
ORACLE_COMMON_HOME/common/bin/pack.sh -managed=true \ -domain=/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain \ -template=/u01/app/oracle/product/fmw/templates/managedServer.jar \ -template_name=ManagedServer_Template
Copy the Managed Server template directory from IDMHOST1
to both OIFHOST1
and OIFHOST2
. For Example:
Copy to OIFHOST1
:
scp -rp /u01/app/oracle/products/fmw/templates user@OIFHOST1:/u01/app/oracle/products/fmw/templates
Copy to OIFHOST2
:
scp -rp /u01/app/oracle/products/fmw/templates user@OIFHOST2:/u01/app/oracle/products/fmw/templates
Unpack the Managed Server to the local disk on OIFHOST1
using the unpack
command located under the ORACLE_COMMON_HOME
/common/bin
directory.
ORACLE_COMMON_HOME/common/bin/unpack.sh -domain=path_to_domain_on_localdisk \
-template=templateName.jar -app_dir=path_to_appdir_on_localdisk
For example:
ORACLE_COMMON_HOME/common/bin/unpack.sh \-domain=/u01/app/oracle/admin/IDMDomain/mserver/IDMDomain \ -template=/u01/app/oracle/product/fmw/templates/managedServer.jar \ -app_dir=/u01/app/oracle/admin/IDMDomain/mserver/applications
Unpack the Managed Server to the local disk on OIFHOST2
using the unpack
command located under the ORACLE_COMMON_HOME
/bin
directory.
ORACLE_COMMON_HOME/common/bin/unpack.sh -domain=path_to_domain_on_localdisk \
-template=templateName.jar -app_dir=path_to_appdir_on_localdisk \
-overwrite_domain=true
For example:
ORACLE_COMMON_HOME/common/bin/unpack.sh \ -domain=/u01/app/oracle/admin/IDMDomain/mserver/IDMDomain \ -template=/u01/app/oracle/product/fmw/templates/managedServer.jar \ -app_dir=/u01/app/oracle/admin/IDMDomain/mserver/applications \ -overwrite_domain=true
Run the setNMProps.sh
command on both OIFHOST1
and OIFHOST2
.:
cd MW_HOME/oracle_common/common/bin
./setNMProps.sh
Restart the Node Manager on OIFHOST1
and OIFHOST2
by following the steps in Section 20.1, "Starting and Stopping Oracle Identity Management Components."
Restart the Administration server by following the steps in Section 20.1, "Starting and Stopping Oracle Identity Management Components."
Validate that the Administration Server started up successfully by opening a browser accessing the Administration Console at http://ADMINVHN.mycompany.com:7001/console
.
Also validate Enterprise Manager by opening a browser and accessing Oracle Enterprise Manager Fusion Middleware Control at http://ADMINVHN.mycompany.com:7001/em
.
Restart the Managed Servers on OIFHOST1
and OIFHOST2
by using the Administration Console as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."
Delete the MW_HOME
/admin/IDMDomain/aserver
directory on OIFHOST1
and OIFHOST2
. This directory is created by the Oracle Universal Installer when the domain is originally configured and is no longer required after the provisioning the Managed Server to the local disk.
Validate the configuration of Oracle Identity Federation on OIFHOST1
and OIFHOST2
by accessing the SP and IdP metatadata on each host.
Proceed as follows on OIFHOST1:
Access the SP metadata by going to:
http://oifhost1.mycompany.com:7499/fed/sp/metadata
Access the IdP metadata by going to:
http://oifhost1.mycompany.com:7499/fed/idp/metadata
Proceed as follows on OIFHOST2:
Access the SP metadata by going to:
http://oifhost2.mycompany.com:7499/fed/sp/metadata
Access the IdP metadata by going to:
http://oifhost2.mycompany.com:7499/fed/idp/metadata
All the Oracle Fusion Middleware components deployed in this enterprise deployment are managed by using Oracle Enterprise Manager Fusion Middleware Control. To manage Oracle Identity Federation with this tool, you must configure the EM agents with the correct monitoring credentials. Update the credentials for the EM agents associated with OIFHOST1
and OIFHOST2
. Follow these steps to complete this task:
Use a web browser to access Oracle Enterprise Manager Fusion Middleware Control at http://
ADMINVHN
.mycompany.com:7001/em
. Log in as the WebLogic user.
From the Domain Home Page, navigate to the Agent-Monitored Targets page using the menu under Farm -> Agent-Monitored Targets.
Click the Configure link for the Target Type Identity Federation Server to go to the Configure Target Page.
On the Configure Target Page, click Change Agent and choose the correct agent for the host.
Update the WebLogic monitoring user name and the WebLogic monitoring password. Enter weblogic
as the WebLogic monitoring user name and the password for the weblogic user as the WebLogic monitoring password.
Click OK to save your changes.
By default, Oracle Identity Federation is not configured to be integrated with LDAP Servers deployed in a high availability configuration. To integrate Oracle Identity Federation with highly available LDAP Servers to serve as user data store, federation data store, or authentication engine, you must configure Oracle Identity Federation based on the LDAP server's function.
Proceed as follows to integrate Oracle Identity Federation with an LDAP Server deployed in a high availability configuration
On IDMHOST1
, set the DOMAIN_HOME
and IDM_ORACLE_HOME
environment variables to the Administration Server Domain home.
On IDMHOST1
, set the environment using the setOIFEnv.sh
script. This script is located under the IDM_ORACLE_HOME
/fed/scripts
directory.
For example:
IDMHOST1> export DOMAIN_HOME=/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain IDMHOST> export IDM_ORACLE_HOME=IDM_ORACLE_HOME IDMHOST1> cd $IDM_ORACLE_HOME/fed/scripts IDMHOST1> . setOIFEnv.sh
On IDMHOST1
, run the WLST
script located under the ORACLE_COMMON_HOME
/bin directory.
IDMHOST1> cd ORACLE_COMMON_HOME/common/bin
IDMHOST1> ./wlst.sh
Connect to one of the Oracle Identity Federation Managed Servers:
wls:/offline> connect()
Enter the username and password to connect to the Oracle Identity Federation Managed Servers. This is the same as the WebLogic Administration user name and password.
Enter the URL to connect to the Oracle Identity Federation Managed Server:
t3://OIFHOST1.mycompany.com:7499
Then enter the following properties, as needed:
To integrate the user data store with a highly available LDAP Server, set the userldaphaenabled
boolean property from the datastore
group to true
:
wls:/IDMDomain/serverConfig> setConfigProperty('datastore','userldaphaenabled', 'true', 'boolean')
Update was successful for: userldaphaenabled
Validate the user data store is integrated with a highly available LDAP store by running:
wls:/IDMDomain/serverConfig> getConfigProperty('datastore', 'userldaphaenabled')
Value(s) for property: true
The userldaphaenabled property must return true
.
To integrate the federation data store with a highly available LDAP Server, set the fedldaphaenabled
boolean property from the datastore
group to true
:
wls:/IDMDomain/serverConfig> setConfigProperty('datastore', 'fedldaphaenabled','true', 'boolean') Update was successful for: fedldaphaenabled
Validate the federation data store is integrated with a highly available LDAP store by running:
wls:/IDMDomain/serverConfig> getConfigProperty('datastore', 'fedldaphaenabled') Value(s) for property: true
The fedldaphaenabled
property must return true
.
To integrate the LDAP authentication engine with a highly available LDAP Server, set the ldaphaenabled
boolean property from the authnengines
group to true
:
wls:/IDMDomain/serverConfig> setConfigProperty('authnengines','ldaphaenabled', 'true', 'boolean') Update was successful for: ldaphaenabled
Validate the LDAP authentication engine is integrated with a highly available LDAP store by running:
wls:/IDMDomain/serverConfig> getConfigProperty('authnengines','ldaphaenabled') Value(s) for property: true
The ldaphaenabled
property for the authnengines
group must return true
.
Note:
On IDMHOST1
, delete the following directories:
ORACLE_BASE
/admin/
IDMDomain
/aserver/
IDMDomain
/config/fmwconfig/servers/wls_oif1/applications
ORACLE_BASE
/admin
/IDMDomain
/aserver/
IDMDomain
/config/fmwconfig/servers/wls_oif2/applications
This section describes how to configure Oracle Access Manager to work with the Oracle Web Tier.
This section contains the following topics:
Before proceeding, ensure that the following tasks have been performed:
Oracle Web Tier has been installed on WEBHOST1 and WEBHOST2.
Oracle Access Manager has been installed and configured on IDMHOST1 and IDMHOST2.
The load balancer has been configured with a virtual host name (sso.myconpany.com
) pointing to the web servers on WEBHOST1 and WEBHOST2.
The load balancer has been configured with a virtual host name (admin.mycompany.com
) pointing to web servers WEBHOST1 and WEBHOST2.
To configure the Oracle Identity Federation application to use the load balancer VIP, follow these steps:
Log in to the Oracle Enterprise Manager Fusion Middleware Control console using the credentials of the Administrative user (for example: weblogic)
.
Navigate to an OIF node in Oracle Enterprise Manager Fusion Middleware Control. the OIF nodes are under Identity and Access in the navigation tree.
From the OIF menu, select Administration, and then Server Properties.
Change the host name to sso.mycompany.com
and the port to 443
.
Select SSL Enabled.
Click Apply.
From the OIF menu in Oracle Enterprise Manager Fusion Middleware Control, select Administration, and then Identity Provider.
Change the URL to https://sso.mycompany.com:443/fed/idp
.
Click Apply.
From the OIF menu in Oracle Enterprise Manager Fusion Middleware Control, select Administration, and then Service Provider.
Change the URL to https://sso.mycompany.com:443/fed/sp
.
Click Apply.
On each of the web servers on WEBHOST1
and WEBHOST2
, create a file called oif.conf
in the directory ORACLE_INSTANCE
/config/OHS/component/moduleconf
. Edit this file and add the following lines:
<Location /fed> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicCluster oifhost1.mycompany.com:7499,oifhost2.mycompany.com:7499 </Location>
Restart the Oracle HTTP Server, as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."
If the configuration is correct, you can access the following URLs from a web browser:
https://sso.mycompany.com/fed/sp/metadata
https://sso.mycompany.com/fed/idp/metadata
You should see metadata.
It is an Oracle best practices recommendation to create a backup after successfully completing the installation and configuration of each tier, or at another logical point. Create a backup after verifying that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps. The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process. For more details, see the Oracle Fusion Middleware Administrator's Guide.
For information on database backups, refer to the Oracle Database Backup and Recovery User's Guide.
To back up the installation to this point, follow these steps:
Back up the web tier as described in Section 5.5, "Backing up the Web Tier Configuration."
Back up the database. This is a full database backup, either hot or cold. The recommended tool is Oracle Recovery Manager.
Back up the application tier instances by following these steps:
Shut down the instance using opmnctl
located under the ORACLE_INSTANCE
/bin
directory:
ORACLE_INSTANCE/bin/opmnctl stopall
Create a backup of the Middleware home on the application tier. On Linux, as the root
user, type:
tar -cvpf BACKUP_LOCATION/apptier.tar MW_HOME
Create a backup of the Instance home on the application tier as the root
user:
tar -cvpf BACKUP_LOCATION/instance_backup.tar ORACLE_INSTANCE
Start up the instance using opmnctl
located under the ORACLE_INSTANCE
/bin
directory:
ORACLE_INSTANCE/bin/opmnctl startall
Back up the Administration Server domain directory as described in Section 6.15, "Backing Up the WebLogic Domain."
Back up the Oracle Internet Directory as described in Section 7.7, "Backing up the Oracle Internet Directory Configuration."
Back up the Oracle Virtual Directory as described in Section 9.10, "Backing Up the Oracle Virtual Directory Configuration."