This chapter explains how to configure Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM) with other Oracle Identity and Access Management components, such as Oracle Identity Manager (OIM) and Oracle Identity Navigator (OIN), in a new or existing WebLogic domain. It includes the following topics:
The following are the prerequisites for installing and configuring Oracle Identity and Access Management 11g Release 1 (11.1.1) products:
Installing Oracle Database, as described in Installing Oracle Database.
Installing Oracle WebLogic Server and creating a Middleware Home, as described in Installing Oracle WebLogic Server and Creating the Oracle Middleware Home.
For Oracle Identity Manager users only: Installing Oracle SOA Suite 11g Release 1 (11.1.1.5.0), as described in Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only).
Creating and loading schemas using Oracle Fusion Middleware Repository Creation Utility (RCU), as described in Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).
Installing the Oracle Identity and Access Management 11g Release 1 (11.1.1.5.0) suite, as described in Installing Oracle Identity and Access Management (11.1.1.5.0). The Oracle Identity and Access Management suite contains Oracle Identity Manager (OIM), Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), Oracle Entitlements Server (OES), and Oracle Identity Navigator (OIN).
Before you start installing and configuring Oracle Identity and Access Management products in any of the scenarios discussed in this chapter, keep the following points in mind:
It is assumed that you are installing Oracle Internet Directory, Oracle Virtual Directory, Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator on the same machine.
Note:
In this chapter, two IDM_Home directories are mentioned in descriptions and procedures. For example, the first one, IDM_Home can be the IDM_Home directory for Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, and Oracle Identity Federation. The second one, IAM_Home can be the IDM_Home directory for Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, and Oracle Identity Navigator.However, note that IDM_Home and IAM_Home are used as examples in this document. You can specify any name for either of your IDM_Home directories. In addition, you can install the two Oracle Identity Management suites (one containing Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, and Oracle Identity Federation; another containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, and Oracle Identity Navigator) in any order on your machine.
If you choose to use the default names, the first installation creates an Oracle_IDM1 directory, and the second installation creates an Oracle_IDM2 directory.
If you have not installed Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, or Oracle Identity Federation on the same machine where you are installing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, and Oracle Identity Navigator, then you will see a single IDM_Home directory, such as Oracle_IDM1 (which is the default name), under your MW_HOME directory.
For more information, see Overview and Structure of Oracle Identity Management 11g Installation.
You can use the Oracle Identity and Access Management 11g Installer to install the Oracle Identity and Access Management 11g Release 1 (11.1.1) suite that contains Oracle Access Manager (OAM), Oracle Identity Manager (OIM), Oracle Adaptive Access Manager (OAAM), Oracle Entitlements Server (OES), and Oracle Identity Navigator (OIN). For more information, see Preparing to Install and Installing Oracle Identity and Access Management (11.1.1.5.0).
This topic describes how to configure Oracle Access Manager (OAM), Oracle Identity Manager (OIM), and Oracle Identity Navigator (OIN) in a new WebLogic administration domain. It includes the following sections:
Perform the configuration in this topic if you want to install Oracle Access Manager, Oracle Identity Manager, and Oracle Identity Navigator together in an environment. You can also set up integration between Oracle Identity Manager and Oracle Access Manager, as described in "Integrating Oracle Access Manager and Oracle Identity Manager" in the Oracle Fusion Middleware Integration Guide for Oracle Access Manager.
Performing the installation and configuration in this section deploys the following:
Administration Server
Managed Servers for Oracle Access Manager and Oracle Identity Manager
Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server
Oracle Access Manager Console and Oracle Identity Navigator application on the Administration Server
The installation and configuration in this section depends on the following:
Oracle WebLogic Server.
Complete installation of the Oracle Identity and Access Management 11g software.
Installation of Oracle SOA Suite
Database schemas for Oracle Identity Manager, Oracle SOA Suite, and Oracle Access Manager. For more information about schemas specific to Oracle Identity Manager and Oracle Access Manager, see Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).
Perform the following steps to install and configure Oracle Access Manager, Oracle Identity Manager, and Oracle Identity Navigator in a new WebLogic administration domain:
Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Begin.
Run the <Oracle_IDM2>/common/bin/config.sh script. (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Oracle Fusion Middleware Configuration Wizard appears.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen is displayed.
On the Select Domain Source screen, select the Generate a domain configured automatically to support the following products: option.
Select the following domain configuration options:
Oracle Access Manager with Database Policy Store - 11.1.1.4.0 [Oracle_IDM2]
Note:
When you select the Oracle Access Manager with Database Policy Store - 11.1.1.4.0 [Oracle_IDM2] option, the Oracle JRF - 11.1.1.0 [oracle_common] option is also selected, by default.Oracle Identity Navigator - 11.1.1.3.0 [Oracle_IDM2]
Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2]
Note:
When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2] option, the following options are also selected, by default: Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], Oracle Enterprise Manager - 11.1.1.0 [oracle_common], and Oracle WSM Policy Manager - 11.1.1.0 [oracle_common].After selecting the domain configuration options, click Next. The Specify Domain Name and Location screen is displayed.
On the Specify Domain Name and Location screen, enter a name and location for the domain to be created. In addition, enter a location to store applications for the domain. Click Next. The Configure Administrator User Name and Password screen is displayed.
Configure a user name and a password for the administrator. The default user name is weblogic. Click Next. The Configure Server Start Mode and JDK screen is displayed.
Choose JRockit SDK 1.6.0_24 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The Configure JDBC Data Sources Screen is displayed. Configure the oamDS data source, as required. After the test succeeds, the Configure JDBC Component Schema screen is displayed.
On the Configure JDBC Component Schema screen, select a component schema, such as the OIM Infrastructure Schema, the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, or the SOA MDS Schema, that you want to modify.
You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.
On the Select Optional Configuration screen, you can configure Administration Server, Managed Servers, Clusters, and Machines, Deployments and Services, JMS File Store, and RDBMS Security Store. Select the relevant check boxes and click Next.
Optional: Configure Administration Server, as required.
Optional: Configure Managed Servers, as required.
Optional: Configure Clusters, as required.
For more information about configuring clusters for Oracle Identity and Access Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.
Optional: Assign Managed Servers to Clusters, as required.
Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.
Tip:
Before configuring a machine, use theping command to verify whether the machine or host name is accessible.Optional: Assign the Administration Server to a machine.
Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.
Optional: Configure JMS File Store, as required.
Optional: Configure RDBMS Security Store, as required.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
A new WebLogic domain to support Oracle Identity Manager, Oracle Access Manager, and Oracle Identity Navigator is created in the <MW_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <MW_HOME>/user_projects/domains directory.
Start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.
Configure Oracle Identity Manager Server, as described in Configuring OIM Server.
Follow the wizard and the steps described in Configuring OIM Server to complete the Oracle Identity Manager Server configuration. Similarly, follow the wizard to configure Oracle Identity Manager Design Console (Windows only) and to configure Oracle Identity Manager Remote Server, as described in Configuring OIM Design Console, and Configuring OIM Remote Manager.
This topic describes how to configure Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), and Oracle Identity Navigator (OIN) together in a new WebLogic administration domain. It includes the following sections:
Perform the configuration in this topic if you want to install Oracle Access Manager, Oracle Access Manager, and Oracle Identity Navigator together in an environment.
Performing the installation and configuration in this section deploys the following:
Administration Server
Managed Servers for Oracle Access Manager and Oracle Adaptive Access Manager
Oracle Access Manager Console, Oracle Adaptive Access Manager Console, and Oracle Identity Navigator application on the Administration Server
The installation and configuration in this section depends on the following:
Oracle WebLogic Server.
Complete installation of the Oracle Identity and Access Management 11g software.
Database schemas for Oracle Access Manager and Oracle Adaptive Access Manager. For more information about schemas specific to Oracle Adaptive Access Manager and Oracle Access Manager, see Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).
Perform the following steps to install and configure Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator in a new WebLogic administration domain:
Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Begin.
Run the <Oracle_IDM2>/common/bin/config.sh script. (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Oracle Fusion Middleware Configuration Wizard appears.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen is displayed.
On the Select Domain Source screen, select the Generate a domain configured automatically to support the following products: option.
Select the following domain configuration options:
Oracle Access Manager with Database Policy Store - 11.1.1.4.0 [Oracle_IDM2]
Note:
When you select the Oracle Access Manager with Database Policy Store - 11.1.1.4.0 [Oracle_IDM2] option, the Oracle JRF - 11.1.1.0 [oracle_common] option is also selected, by default.Oracle Identity Navigator - 11.1.1.3.0 [Oracle_IDM2]
Oracle Adaptive Access Manager Admin Server - 11.1.1.3.0 [Oracle_IDM2], which is mandatory.
and
Optionally, Oracle Adaptive Access Manager - Server - 11.1.1.3.0 [Oracle_IDM2]
Note:
When you select the Oracle Adaptive Access Manager - Server - 11.1.1.30 [Oracle_IDM2] option, the Oracle WSM Policy Manager - 11.1.1.0 [oracle_common] option is also selected, by default.When you select the Oracle Adaptive Access Manager Admin Server - 11.1.1.3.0 [Oracle_IDM2} option, the Oracle Identity Navigator - 11.1.1.3.0 [Oracle_IDM2] option is also selected, by default.
After selecting the domain configuration options, click Next. The Specify Domain Name and Location screen is displayed.
On the Specify Domain Name and Location screen, enter a name and location for the domain to be created. Click Next. The Configure Administrator User Name and Password screen is displayed.
Configure a user name and a password for the administrator. The default user name is weblogic. Click Next. The Configure Server Start Mode and JDK screen is displayed.
Choose JRockit SDK 1.6.0_24 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The Configure JDBC Data Sources Screen is displayed. Configure the oamDS data source, as required. After the test succeeds, the Configure JDBC Component Schema screen is displayed.
On the Configure JDBC Component Schema screen, select a component schema, such as the OAAM Admin Server Schema, the OAAM Admin MDS Schema, that you want to modify.
You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.
On the Select Optional Configuration screen, you can configure Administration Server, Managed Servers, Clusters, and Machines, Deployments and Services, and RDBMS Security Store. Select the relevant check boxes and click Next.
Optional: Configure Administration Server, as required.
Optional: Configure Managed Servers, as required.
Optional: Configure Clusters, as required.
For more information about configuring clusters for Oracle Identity and Access Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.
Optional: Assign Managed Servers to Clusters, as required.
Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.
Tip:
Before configuring a machine, use theping command to verify whether the machine or host name is accessible.Optional: Assign the Administration Server to a machine.
Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.
Optional: Configure RDBMS Security Store, as required.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
A new WebLogic domain to support Oracle Adaptive Access Manager, Oracle Access Manager, and Oracle Identity Navigator is created in the <MW_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <MW_HOME>/user_projects/domains directory.
After installing and configuring Oracle Access Manager and Oracle Adaptive Access Manager, you must run the Oracle WebLogic Administration Server and various Managed Servers, as described in Starting or Stopping the Oracle Stack.
After installing Oracle Access Manager (OAM), refer to the "Getting Started with Administering Oracle Access Manager" chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager.
After installing Oracle Adaptive Access Manager (OAAM), refer to the Oracle Fusion Middleware Administrator's Guide for Oracle Adaptive Access Manager.