2 Oracle Access Manager Server

This chapter contains these topics:

2.1 Understanding Oracle Access Manager

Oracle Access Manager 11g provides a full range of Web perimeter security functions that include Web single sign-on, authentication and authorization, policy administration, auditing, and more.

Single sign-on (SSO) enables users and groups of users to access multiple applications after authentication. SSO eliminates multiple sign-on requests. Oracle Access Manager 11g is the Oracle Fusion Middleware 11g single sign-on solution.

Oracle Access Manager 11g is a Java Platform, Enterprise Edition (Java EE) based enterprise-level security application that provides restricted access to confidential information and centralized authentication and authorization services.

A web server, application server, or any third-party application must be protected by a webgate that is registered with Oracle Access Manager as an agent. To enforce policies, the agent acts as a filter for HTTP requests. Oracle Access Manager enables administrators to define authentication and authorization policies.

Prerequisites

  • Create local user ID and password credentials.

  • Log into the machine that will contain your OAM components.

  • Install a supported database level. For example: 11.2.0.1

    Note:

    Check the EnterpriseOne Minimum Technical Requirements for supported database level if this database is also used for EnterpriseOne.
  • Create database schemas using Repository Creation Utility (RCU) 11.1.1.5.0. See Create Database Schemas with Repository Creation Utility.

  • Install Oracle WebLogic Server 10.3.5 with a 64-bit JDK. You do not need to create a domain. You create a domain during the OAM/OID installation. See Installing WebLogic Server.

  • Install the base version of Oracle Internet Directory 11.1.1.2; Oracle Internet Directory 11.1.1.5 is a patchset installer. You must install Oracle Internet Directory prior to installing Oracle Access Manager 11g.

2.2 Installing Oracle Internet Directory

Before installing Oracle Access Manager 11g, you must have Oracle WebLogic Server and Oracle Internet Directory 11.1.1.5 installed and configured.

First, you install Oracle Internet Directory (OID), version 11.1.1.2. After you install this version, you upgrade to version 11.1.1.5. After installing and upgrading OID to the appropriate version, you verify the installation.

2.2.1 Installing Oracle Internet Directory 11.1.1.2.0

Use these steps to install OID 11.1.1.2.0.

  1. Download and unzip ofm_idm_<platform>_11.1.1.2.0_64_disk1_1of1.zip.

  2. Open the OID download directory.

  3. Launch the installer:

  4. Select Install and Configure type.

    This image is described in surrounding text
    Description of the illustration image005.gif

  5. Click Next.

  6. The installer performs prerequisite checks. Be sure to correct any failures before continuing.

    This image is described in surrounding text
    Description of the illustration image006.gif

  7. Click Next.

  8. Select Create New Domain and enter the Domain Name, User Name, and Password.

    This image is described in surrounding text
    Description of the illustration image007.gif

  9. Click Next.

  10. Specify the installation location.

    This image is described in surrounding text
    Description of the illustration image008.gif

  11. Click Next.

  12. Specify the Security Update option. Oracle recommends enabling this option to receive any security updates.

    This image is described in surrounding text
    Description of the illustration image009.gif

  13. Click Next.

  14. Clear any components that you do not want the installer to configure.

    This image is described in surrounding text
    Description of the illustration image010.gif

  15. Click Next.

  16. Select Auto Port Configuration.

    This image is described in surrounding text
    Description of the illustration image011.gif

  17. Click Next.

  18. On Specify Schema Database page, enter the appropriate information for the following fields:

    • Database connect String

    • Schema Name = Default to ODS

    • Password

    This image is described in surrounding text
    Description of the illustration image012.gif

  19. Click Next.

  20. In the Realm field, enter the domain address of your Oracle Internet Directory.

  21. Enter Oracle Internet Directory Administrator User Password. The default administrator user is cn=orcladmin.

    This image is described in surrounding text
    Description of the illustration image013.gif

  22. Click Next.

  23. Enter the Federation Details if you have selected this component to be configured.

    This image is described in surrounding text
    Description of the illustration image014.gif

  24. Click Next.

  25. Accept the default values on the following page.

    This image is described in surrounding text
    Description of the illustration image015.gif

  26. Click Next.

  27. Review the Install Summary.

    This image is described in surrounding text
    Description of the illustration image016.gif

  28. Click Install.

  29. Click Next when the installation process is completed.

    This image is described in surrounding text
    Description of the illustration image017.gif

  30. The Configuration Progress begins.

    This image is described in surrounding text
    Description of the illustration image018.gif

  31. Click Next.

  32. On Installation Complete, you can click Save to create an Installation Summary for future reference.

    Also ensure you have noted all of the passwords you entered during the installation.

  33. Click Finish.

    This image is described in surrounding text
    Description of the illustration image019.gif

2.2.2 Upgrading to Oracle Internet Directory 11.1.1.5

After you successfully install Oracle Internet Directory version 11.1.1.2, run Patch to upgrade Oracle Internet Directory to version 11.1.1.5. Use these steps to upgrade OID 11.1.1.2.0. to OID 11.1.1.5.

  1. Stop the Oracle Process Manager using OPMN:

    • On Windows, open the Windows Services and stop the OID process.

    • On Unix/Linux, go to <MW_Home>/<oid_instance_name>/bin and enter this command:

      ./opmnctl stopall

    This image is described in surrounding text
    Description of the illustration image020.gif

  2. Download and unzip p12395123_oim_111150_<Platform>.zip.

  3. Open the Oracle Internet Directory 11.1.1.5 directory.

  4. Double click setup.exe (with Run as administrator) or runInstaller.

    This action starts the Oracle Universal Installer.

  5. On Oracle Universal Installer Welcome, click Next.

    This image is described in surrounding text
    Description of the illustration image021.gif

  6. Specify the existing Middleware Home and Oracle Internet Directory Home.

    This image is described in surrounding text
    Description of the illustration image022.gif

  7. Click Next.

  8. Specify the Security Updates information.

    This image is described in surrounding text
    Description of the illustration image023.gif

  9. Click Next.

  10. Review the Installation Summary.

    This image is described in surrounding text
    Description of the illustration image024.gif

  11. Click Install.

  12. Click Next when the Installation process is completed.

    This image is described in surrounding text
    Description of the illustration image025.gif

  13. Review the install process or save the installation summary.

    This image is described in surrounding text
    Description of the illustration image026.gif

  14. Click Finish to exit the installer.

  15. Stop and restart the Oracle Process Manager using OPMN:

    • On Windows, open the Windows Services and stop and restart the OID process.

    • On Unix/Linux, go to <MW_Home>/<oid_instance_name>/bin and enter these commands:

      ./opmnctl stopall

      ./opmnctl startall

2.2.3 Verifying Oracle Internet Directory Installation

After you upgrade Oracle Internet Directory to 11.1.1.5, use these steps to verify the installation.

  1. Verify the Oracle Directory Server Manager (ODSM) is active:

    1. Open the WebLogic Administration Console.

    2. Navigate to Servers.

    3. Verify wls_ods1 is in a running status.

    This image is described in surrounding text
    Description of the illustration image027.gif

  2. Open an Internet Browser and enter the ODSM URL:

    http://server:port/odsm
    

    For example:

    http://denptw23.mlab.jdedwards.com:7005/odsm
    
    This image is described in surrounding text
    Description of the illustration image028.gif

  3. Click Connect to a directory to create a new connection.

  4. Click Create A New Connection.

    This image is described in surrounding text
    Description of the illustration image029.gif

  5. Enter the Admin user and password.

    This image is described in surrounding text
    Description of the illustration image030.gif

  6. The Oracle Directory Server Manager appears.

    This image is described in surrounding text
    Description of the illustration image031.gif

  7. Select the Data Browser tab to view user information.

    This image is described in surrounding text
    Description of the illustration image032.gif

  8. Upon successful installation verification, close Directory Manager.

2.3 Installing Oracle Access Manager 11g

Use these steps to install the Oracle Access Manager (OAM) 11.1.1.5.

  1. Download and unzip ofm_iam_generic_11.1.1.5.0.zip file.

  2. Change directory to Disk 1.

  3. Execute this command:

    • On Windows, run setup.exe with the Run as Administrator option.

    • On UNIX/Linux, run runInstaller.

  4. Enter the JRE/JDK location.

    This image is described in surrounding text
    Description of the illustration image033.gif

  5. On the Welcome page, click Next.

    This image is described in surrounding text
    Description of the illustration image034.gif

  6. Select Skip Software Updates option.

    This image is described in surrounding text
    Description of the illustration image035.gif

  7. Click Next.

  8. The install performs Prerequisite Checks.

    This image is described in surrounding text
    Description of the illustration image036.gif

  9. Specify the Oracle Middleware Home and the Oracle Access Directory Home. The default home is Oracle_OAM.

    This image is described in surrounding text
    Description of the illustration image037.gif

  10. Click Next.

  11. Review the Installation Summary.

    This image is described in surrounding text
    Description of the illustration image038.gif

  12. Click Install.

  13. Wait for the installation process to complete.

    This image is described in surrounding text
    Description of the illustration image039.gif

  14. Click Next.

  15. Review the installation location.

    This image is described in surrounding text
    Description of the illustration image040.gif

  16. Click Finish to exit the installer.

  17. Run the domain configure from <MW_Home>/Oracle_OAM/common/bin

    • On Windows = config.cmd

    • On UNIX = config.sh

  18. The Fusion Middleware Configuration Wizard screen appears.

  19. Select Create a new WebLogic domain option.

    This image is described in surrounding text
    Description of the illustration image041.gif

  20. Click Next.

  21. Select the components to configure.

    For OAM Server, you need Oracle Access Manager with Database Policy Store and Oracle Enterprise Manager. Oracle JRF - 11.1.1.0 is selected by default.

    This image is described in surrounding text
    Description of the illustration image042.gif

  22. Click Next.

  23. Enter a domain name and accept the default locations.

    This image is described in surrounding text
    Description of the illustration image043.gif

  24. Click Next.

  25. Enter the Administrator User Name and Password.

    This image is described in surrounding text
    Description of the illustration image044.gif

  26. Click Next.

  27. Select Production Mode and verify the JDK version and location.

    This image is described in surrounding text
    Description of the illustration image045.gif

  28. Click Next.

  29. Enter the JDBC Component Schema, complete these fields:

    • DBMS/Service

    • Host Name and Port

    • Schema Password

    • Schema Owner

    If you are not using the default schema prefix (Dev), you must select each schema component individually and modify the prefix only.

    This image is described in surrounding text
    Description of the illustration image046.gif

  30. Click Next.

  31. The installer verifies all of the component schema connections.

    This image is described in surrounding text
    Description of the illustration image047.gif

  32. Click Next.

  33. Select Administration Server and Managed Servers, Clusters and Machines options.

    This image is described in surrounding text
    Description of the illustration image048.gif

  34. Click Next.

  35. Enter the Administration Server Name; for example, AdminServerOAM

    Do not accept the default listen port (7001) if you have Oracle Internet Directory Server already installed because it might have used the default port. Enter a unique listen port for this OAM server. For example, port 8001.

    This image is described in surrounding text
    Description of the illustration image049.gif

  36. Click Next.

  37. Accept the default values on the Configure Managed Servers page.

    This image is described in surrounding text
    Description of the illustration image050.gif

  38. Click Next.

  39. The Configure Clusters page appears.

    This image is described in surrounding text
    Description of the illustration image051.gif

  40. Click Next.

  41. Select the Machine Type:

    • On Windows select the Machine tab.

    • On UNIX and Linux, select the UNIX Machine tab.

  42. Select the Add tab.

  43. Enter a logical machine name.

    This image is described in surrounding text
    Description of the illustration image052.gif

  44. Click Next.

  45. Assign the servers to this logical machine.

    This image is described in surrounding text
    Description of the illustration image053.gif

  46. Click Next.

  47. Review the Configuration Summary.

    This image is described in surrounding text
    Description of the illustration image054.gif

  48. Click Create.

  49. Click Done once the domain creation is completed.

    This image is described in surrounding text
    Description of the illustration image055.gif

  50. Start the Admin Server:

    • On Windows, open a command window, change the directory to <MW_Home>\user_projects\domains\OAMdomain\bin

      Run startWebLogic.cmd

    • On UNIX, run startWebLogic.sh from <MW_Home>/user_projects/domains/OAMdomain/bin

  51. Connect to the OAM Domain Administration console

    http://full-qualified-oamserver:domain-port/console
    
  52. Select the Servers and start the oam_server1 managed server.

    This image is described in surrounding text
    Description of the illustration image056.gif

  53. Verify the OAM installation by opening the OAM Admin Console

    http://full-qualified-oamserver:oamport/oamconsole
    

    Note:

    The oamport is the same as the WebLogic Console port.
    This image is described in surrounding text
    Description of the illustration image057.gif

2.4 Configuring Oracle Access Manager to Use the External LDAP Server

Oracle Access Manager 11g by default uses the Oracle WebLogic embedded LDAP Server. You must create a custom User Identity Store to use the external LDAP Server.

  1. Log on to the OAM Administration Console.

  2. Select the Data Sources from the System Configuration tab.

  3. Open the UsereIdentityStore1 from User Identity Stores.

    This is the default embedded LDAP server.

    This image is described in surrounding text
    Description of the illustration image058.gif

  4. To create a new user identity store, focus on User Identity Stores and click the Create button.

    This image is described in surrounding text
    Description of the illustration image059.gif

  5. Enter your LDAP information, and then click Test Connection.

    This image is described in surrounding text
    Description of the illustration image060.gif

  6. Set this newly created store to the Default and System Store.

    This image is described in surrounding text
    Description of the illustration image061.gif

    Also you might want to add the additional system administrators.

  7. Restart the OAM Server.