Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 1 (11.1.2) Part Number E21032-03 |
|
|
PDF · Mobi · ePub |
This chapter describes how to install and configure the database repositories. It contains the following topics:
Before beginning to install and configure the Identity Management components, you must perform the following steps:
Install and configure the Oracle database repositories. See the installation guides listed in the "Related Documents" section of the Preface and Section 3.2, "Configuring the Database for Oracle Fusion Middleware 11g Metadata."
Create the required Oracle schemas in the database using the Repository Creation Utility (RCU). See Section 3.3, "Executing the Repository Creation Utility."
Databases Required
For Oracle Identity management, a number of separate databases are recommended. A summary of these databases is provided in Table 3-1. Which database or databases you use is dependent on the topology that you are implementing.
The Oracle Metadata Services (MDS) Repository is a particular type of repository that contains metadata for some Oracle Fusion Middleware components. It can also include custom Java EE applications developed by your organization.
Table 3-1 Mapping between Topologies, Databases and Schemas
Topology Type | Database Names | Database Hosts | Service Names | Schemas in Database |
---|---|---|---|---|
Oracle Access Manager 11g and Oracle Identity Manager 11g ( |
|
|
|
|
|
|
|
|
|
Oracle Identity Federation 11g ( |
|
|
|
|
|
|
|
|
Footnote 1 The SOA and Oracle Identity Manager components share the MDS repository.
Notes:
If you are using Oracle Internet Directory to store both your identity and policy information, and separating this information across two Oracle Internet Directory instances, then two databases are required for the ODS schema.
The following sections apply to all the databases listed in Table 3-1.
Database Versions Supported
To check if your database is certified or to see all certified databases, refer to the "Certified Databases" section in the Certification Document:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
To determine the version of your installed Oracle Database, execute the following query at the SQL prompt:
select version from sys.product_component_version where product like 'Oracle%';
The database used to store the metadata repository should be highly available in its own right, for maximum availability Oracle recommends the use of an Oracle Real Application Clusters (RAC) database.
Ideally the database should use Oracle Automatic Storage Management (ASM) for the storage of data, however this is not necessary.
If using ASM, then ASM should be installed into its own Oracle home and have two disk groups:
One for the Database Files
One for the Flash Recovery Area
If you are using Oracle ASM, best practice is to also use Oracle Managed Files.
Install and configure the database repository as follows.
Oracle Clusterware
For 10g Release 2 (10.2), see the Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for your platform, listed in "Related Documents".
For 11g Release 1 (11.1), see Oracle Clusterware Installation Guide.
Automatic Storage Management
For 10g Release 2 (10.2), see Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for your platform, listed in "Related Documents".
For 11g Release 1 (11.1), see Oracle Clusterware Installation Guide.
When you run the installer, select the Configure Automatic Storage Management option in the Select Configuration screen to create a separate Automatic Storage Management home.
Oracle Real Application Clusters
For 10g Release 2 (10.2), see Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for your platform, listed in "Related Documents".
For 11g Release 1 (11.1), see Oracle Real Application Clusters Installation Guide.
This section describes how to configure the database for Oracle Fusion Middleware 11g metadata. It contains the following topics:
Section 3.2.1, "Creating a Real Applications Clusters Database"
Section 3.2.2, "Creating Database Services for 10.x and 11.1.x Databases"
Section 3.2.3, "Creating Database Services for 11.2.x Databases"
Create a Real Applications Clusters Database with the following characteristics:
Database must be in archive log mode to facilitate backup and recovery.
Optionally, enable the Flashback database.
Create UNDO tablespace of sufficient size to handle any rollback requirements during the Oracle Identity Manager reconciliation process.
Database is created with ALT32UTF8 character set.
In addition the database must have the following minimum initialization parameters defined:
Table 3-2 Minimum Initialization Parameters for Oracle RAC Databases
Parameter | Value |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Footnote 1 OAM requires a minimum of 800 open cursors in the database. When OIM and OAM are available, the number of open cursors should be 1500.
If the database is being used for Oracle Internet Directory, it must have the following minimum initialization parameters defined:
Table 3-3 Minimum Initialization Parameters for Oracle RAC Oracle Internet Directory Databases
Parameter | Value |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2G |
|
|
|
|
|
|
Note:
For guidelines on setting up optimum parameters for the Database, see Oracle Fusion Applications Performance Tuning Guide.
Oracle recommends using the Oracle Enterprise Manager Cluster Managed Services page to create database services that client applications use to connect to the database. For complete instructions on creating database services, see the chapter on Workload Management in the Oracle Database Oracle Clusterware and Oracle Real Application Clusters Administration and Deployment Guide. Oracle recommends that a specific database service be used for a product suite, even when product suites share the same database. It is also recommended that the database service used is different than the default database service.
Use the CREATE_SERVICE
subprogram to create the database services for the components in your topology. The lists of services to be created are listed in Table 3-1, "Mapping between Topologies, Databases and Schemas".S
Log on to SQL*Plus as the sysdba
user and run the following command to create a service called oamedg.mycompany.com for Oracle Access Manager:
SQL> EXECUTE DBMS_SERVICE.CREATE_SERVICE (SERVICE_NAME => 'oamedg.mycompany.com', NETWORK_NAME => 'oamedg.mycompany.com',);
Add the service to the database and assign it to the instances using srvctl:
prompt> srvctl add service -d oamadb -s oamedg.mycompany.com -r idmdb1,idmdb2
Start the service using srvctl:
prompt> srvctl start service -d idmdb -s oamedg.mycompany.com
When creating a service in the database for Oracle Internet Directory, ensure that the service is enabled for high-availability notifications and configured with the proper server-side Transparent Application Failover (TAF) settings. Use the DBMS_SERVICE
package to create the service to enable high availability notification to be sent through Advanced Queuing (AQ) by setting the AQ_HA_NOTIFICATIONS
attribute to TRUE
and configure server-side Transparent Application Failover (TAF) settings, as follows:
Use the CREATE_SERVICE subprogram to both create the database service and enable high-availability notification and configure server-side Transparent Application Failover (TAF) settings:
prompt> sqlplus "sys/password as sysdba" SQL> EXECUTE DBMS_SERVICE.CREATE_SERVICE( SERVICE_NAME => 'oidedg.mycompany.com', NETWORK_NAME => 'oidedg.mycompany.com', AQ_HA_NOTIFICATIONS => TRUE, FAILOVER_METHOD => DBMS_SERVICE.FAILOVER_METHOD_BASIC, FAILOVER_TYPE => DBMS_SERVICE.FAILOVER_TYPE_SELECT, FAILOVER_RETRIES => 5, FAILOVER_DELAY => 5);
Note:
The EXECUTE
DBMS_SERVICE
command shown must be entered on a single line to execute properly.
For more information about the DBMS_SERVICE
package, see the Oracle Database PL/SQL Packages and Types Reference.
Add the service to the database and assign it to the instances using srvctl:
prompt> srvctl add service -d oiddb -s oidedg.mycompany.com -r oiddb1,oiddb2
Start the service using srvctl:
prompt> srvctl start service -d oiddb -s oidedg.mycompany.com
Note:
For more information about the SRVCTL command, see the Oracle Real Application Clusters Administration and Deployment Guide.
Use srvctl
to create the database services for the components in your topology. The lists of services to be created are listed in Table 3-1, "Mapping between Topologies, Databases and Schemas".
Create service using the command srvctl add service
, as follows.
srvctl add service -d idmdb -s oidedg.mycompany.com -r idmdb1,idmdb2 -q TRUE -m BASIC -e SELECT -w 5 -z 5
The meanings of the command-line arguments are as follows:
Option | Argument |
---|---|
-d |
Unique name for the database |
-s |
Service name |
-r |
Comma separated list of preferred instances |
-q |
AQ HA notifications (TRUE or FALSE) |
-e |
Failover type (NONE, SESSION, or SELECT) |
-m |
Failover method (NONE or BASIC) |
-w |
Failover delay (integer) |
-z |
Failover retries (integer) |
Note:
Transparent Application Failover (TAF) settings are only required when creating a service for Oracle Internet Directory.
Start the Service using srvctl start service
srvctl start service -d idmdb -s oidedg.mycompany.com
Validate the service started by using srvctl status service
, as follows:
srvctl status service -d idmdb -s oidedg.mycompany.com Service oidedg.mycompany.com is running on instance(s) idmdb1,idmdb2
Validate that the service was created correctly by using srvctl config service
:
srvctl config service -d idmdb -s oidedg.mycompany.com Service name: oidedg.mycompany.com Service is enabled Server pool: oiddb_oidedg.mycompany.com Cardinality: 2 Disconnect: false Service role: PRIMARY Management policy: AUTOMATIC DTP transaction: false AQ HA notifications: true Failover type: SELECT Failover method: BASIC TAF failover retries: 5 TAF failover delay: 5 Connection Load Balancing Goal: LONG Runtime Load Balancing Goal: NONE TAF policy specification: NONE Edition: Preferred instances: idmdb1,idmdb2 Available instances:
Note:
For more information about the SRVCTL command, see the Oracle Real Application Clusters Administration and Deployment Guide.
The database parameters defined in Section 3.2.1, "Creating a Real Applications Clusters Database" are only a guide. You might need to perform additional tuning after the system is in use. For more information, see Database Performance Tuning Guide.
Refresh the database statistics after you initially load the database, and on an ongoing basis. To do that, issue the following SQL*Plus command:
exec DBMS_STATS.GATHER_SCHEMA_STATS(OWNNAME=> '<OIM_SCHEMA>', ESTIMATE_PERCENT=>DBMS_STATS.AUTO_SAMPLE_SIZE, DEGREE=>8, OPTIONS=>'GATHER AUTO', NO_INVALIDATE=>FALSE);
You run RCU to create the collection of schemas used by Identity Management and Management Services.
This section contains the following topics:
Start RCU by issuing this command:
prompt> RCU_HOME/bin/rcu &
On the Welcome screen, click Next.
On the Create Repository screen, select the Create operation to load component schemas into a database. Then click Next.
On the Database Connection Details screen, provide the information required to connect to an existing database. For example:
Database Type: Oracle Database
Host Name: Enter one of the Oracle RAC nodes. Specify the Virtual IP name. For example: oiddbhost1-vip.mycompany.com
.
Port: The port number for the database listener. For example: 1521
Service Name: The service name of the database. For example oidedg.mycompany.com
Username: sys
Password: The sys user password
Role: SYSDBA
Click Next.
On the Check Prerequisites screen, click OK
after the prerequisites have been validated.
On the Select Components screen, provide the following values:
Create a New Prefix: Enter a prefix to be added to the database schemas. Note that all schemas except for the ODS schema are required to have a prefix For example, enter EDG
.
Components: The components specified here depend on the topology being installed. Select the appropriate schemas, as shown in the following table:
Product | RCU Option | Comments |
---|---|---|
Oracle Internet Directory |
Identity Management–Oracle Internet Directory |
|
Oracle Access Manager |
Identity Management–Oracle Access Manager |
Audit Services will also be selected. |
Oracle Identity Manager |
Identity Management–Oracle Identity Manager |
Metadata Services, SOA infrastructure, and User Messaging will also be selected. |
Oracle Identity Federation |
Identity Management–Oracle Identity Federation |
Click Next.
Notes:
If your topology requires more than one database, the following important considerations apply:
Be sure to install the correct schemas in the correct database.
You might have to run the RCU more than once to create all the schemas for a given topology.
Table 3-1 in this chapter provides the recommended mapping between the schemas and their corresponding databases. Refer to this table to ensure that the correct details are entered in this screen.
On the Check Prerequisites screen, click OK
after the prerequisites have been validated.
On the Schema Passwords screen, enter the passwords for the schemas. You can choose to use either the same password for all the schemas or different passwords for each of the schemas. Oracle recommends choosing different passwords for different schema's to enhance security
Click Next.
On the Map Tablespaces screen, accept the defaults and click Next.
On the Create Tablespaces screen, click OK to allow the creation of the tablespaces.
On the Creating tablespaces screen, click OK to acknowledge creation of the tablespaces.
On the Summary screen, the summary and verify that the details provided are accurate. Click Create to start the schema creation process.
On the Completion summary screen, verify that the schemas were created.
Click Close to exit.
This example illustrates the steps to create the required schemas in the OIDDB
and OIMDB
databases for the topology with OAM11g and OIM11g.
Start RCU as described in Section 3.3.1, "Procedure for Executing RCU."
On the Welcome Screen, click Next.
On the Connection Details screen, provide the details to connect to the OIDDB
database running on OIDDBHOST1
and OIDDBHOST2
. Enter the following values:
Host: oiddbhost1-vip.mycompany.com
Port: 1521
Service Name: oidedg.mycompany.com
Username: sys
Password: password
Role: SYSDBA
Click Next.
On the Select Components screen, select the appropriate schemas by referring to Table 3-1, "Mapping between Topologies, Databases and Schemas".
Click Next.
Follow the remaining steps in Table 3-3, "Minimum Initialization Parameters for Oracle RAC Oracle Internet Directory Databases" to create the schemas.
Verify that the schemas for the OIDDB
database were successfully created.
Start RCU again to create the schemas for the OIMDB
database.
On the Connection Details screen, provide the details to connect to the OIMDB
database running on IDMDBHOST1
and IDMDBHOST2
. Enter the following values:
Host: idmdbhost1-vip.mycompany.com
Port: 1521
Service Name: oimedg.mycompany.com
Username: sys
Password: password
Role: SYSDBA
Click Next.
On the Select Components screen, select the appropriate schemas by referring to Table 3-3, "Minimum Initialization Parameters for Oracle RAC Oracle Internet Directory Databases"
Complete the schema creation by following the remaining steps in Section 3.3.1, "Procedure for Executing RCU."