A Using the idmConfigTool Command

The idmConfigTool is located at:

IAM_ORACLE_HOME/idmtools/bin

You use the idmConfigTool to automate the following tasks:

• Preconfiguring the Identity Store components (Oracle Internet Directory and Oracle Virtual Directory) for installing the other Identity Management components, including Oracle Access Manager and Oracle Identity Manager

• Postconfiguring the Identity Store components Oracle Access Manager, Oracle Identity Manager and wiring of Oracle Access Manager and Oracle Identity Manager

• Extracting the configuration of the Identity Management components Oracle Internet Directory, Oracle Virtual Directory, Oracle Access Manager and Oracle Identity Manager

• Validating the configuration parameters representing the Identity Management components Oracle Internet Directory, Oracle Virtual Directory, Oracle Access Manager and Oracle Identity Manager.

A.1 Syntax

The tool has the following syntax on Linux:

idmConfigTool.sh -command  input_file=filename log_file=logfileName log_level=log_level

The tool has the following syntax on Windows:

idmConfigTool.bat -command  input_file=filename log_file=logfileName log_level=log_level

Values for command are as follows:

Command	Component name	Description
preConfigIDStore		Configure the Identity Store and Policy store by creating the groups and setting ACIs to the various containers.
prepareIDStore		Configure the identity store by adding necessary users and associating users with groups. Modes are available to enable you to configure for a specific component.
configPolicyStore		Configures policy store by creating read-write user and associates them to the groups.
configOAM		Prepares Oracle Access Manager for integration with Oracle Identity Manager.
configOIM		Sets up wiring between Oracle Access Manager and Oracle Identity Manager.
validate	IDSTORE POLICYSTORE OAM10g OIM	Validates the set of input parameters.

The validate command requires a component name.

You must run this tool as a user with orcladmin privileges on Oracle Internet Directory.

A.2 Parameters

The following sections list the parameters for the commands.

A.2.1 preConfigIDStore

Parameter	Value
IDSTORE_HOST	identity store hostname, for example mynode.us.mycompany.com
IDSTORE_PORT	identity store port, for example 1234
IDSTORE_BINDDN	cn:orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_USERSEARCHBASE	cn:Users, dc:test
IDSTORE_GROUPSEARCHBASE	cn:Groups, dc:test
IDSTORE_SEARCHBASE	dc:test
IDSTORE_SYSTEMIDBASE	cn:system, dc:test
IDSTORE_READONLYUSER	readOnlyUser
IDSTORE_READWRITEUSER	readWriteUser
IDSTORE_SUPERUSER	FAAdmin
IDSTORE_OAMSOFTWAREUSER	oamSoftwareUser
IDSTORE_OAMADMINUSER	oamAdminUser
IDSTORE_OIMADMINUSER	oimAdminUser
IDSTORE_OIMADMINGROUP	oimAdminGroup
POLICYSTORE_SHARES_IDSTORE	true

A.2.2 prepareIDStore Parameters

The prepareIDStore option takes "mode" as an argument to perform tasks for the specified component. The syntax for specifying the mode is:

prepareIDStore mode=mode
input_file=filename_with_ConfigParameters

where mode must be one of:

• fusion

• OAM

• OIM

• OAAM

• WLS

• all (performs all the tasks of the above modes combined)

prepareIDStore mode=fusion

The following are created in this mode:

• Create a Readonly User

• Create a ReadWrite User

• Create a Super User

• Add the readOnly user to the groups orclFAGroupReadPrivilegeGroup and orclFAUserWritePrefsPrivilegeGroup

• Add the readWrite user to the groups orclFAUserWritePrivilegeGroup and orclFAGroupWritePrivilegeGroup

Table A-1 prepareIDStore mode=fusion Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com
IDSTORE_READONLYUSER	readOnlyUser
IDSTORE_READWRITEUSER	readWriteUser
IDSTORE_SUPERUSER	superUser

prepareIDStore mode=OAM

The following are created in this mode:

• Perform schema extensions as required by the OAM component

• Add the oblix schema

• Create the OAMSoftware User

• Create OblixAnonymous User

• Optionally create the OAM Admin User

• Associate these users to their respective groups

• Create the group "orclFAOAMUserWritePrivilegeGroup"

Table A-2 prepareIDStore mode=OAM Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com
IDSTORE_OAMSOFTWAREUSER	oamSoftwareUser
IDSTORE_OAMADMINUSER	oamAdminUser

prepareIDStore mode=OIM

The following are created in this mode:

• Create OIM Admin User under SystemID container

• Create OIM Admin Group

• Add OIM Admin User to OIM Admin Group

• Add ACIs to OIM Admin Group

• Create reserve container

• Create xelsysadmin user

Table A-3 prepareIDStore mode=OIM Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com
IDSTORE_OIMADMINUSER	oimAdminUser
IDSTORE_OIMADMINGROUP	oimAdminGroup
IDSTORE_SYSTEMIDBASE	cn=system,dc=us,dc=oracle,dc=com

prepareIDStore mode=OAAM

The following are created in this mode:

• Create OAAM Admin User

• Create OAAM Groups

• Add the OAAM Admin User as a member of OAAM Groups

Table A-4 prepareIDStore mode=OAAM Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com

prepareIDStore mode=WLS

The following are created in the WLS (Oracle WebLogic Server) mode:

• Create Weblogic Admin User

• Create Weblogic Admin Group

• Add the Weblogic Admin User as a member of Weblogic Admin Group

Table A-5 prepareIDStore mode=WLS Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com

prepareIDStore mode=all

The mode performs all the tasks that are performed in the modes fusion, OAM, OIM, WLS and OAAM.

Table A-6 prepareIDStore mode=WLS Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com
IDSTORE_SYSTEMIDBASE	cn=system,dc=us,dc=oracle,dc=test
IDSTORE_READONLYUSER	readOnlyUser
IDSTORE_READWRITEUSER	readWriteUser
IDSTORE_SUPERUSER	superUser
IDSTORE_OAMSOFTWAREUSER	oamSoftwareUser
IDSTORE_OAMADMINUSER	oamAdminUser
IDSTORE_OIMADMINUSER	oimAdminUser
IDSTORE_OIMADMINGROUP	oimAdminGroup

A.2.3 configPolicyStore Parameters

Parameter	Value
POLICYSTORE_HOST	policy store hostname, for example mynode.us.mycompany.com
POLICYSTORE_PORT	policy store port, for example 1234
POLICYSTORE_BINDDN	cn:orcladmin
POLICYSTORE_SEARCHBASE	dc:test
POLICYSTORE_READONLYUSER	PolStoreROUser
POLICYSTORE_READWRITEUSER	PolStoreRWUser
POLICYSTORE_CONTAINER	cn:jpsroot

A.2.4 configOAM Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname, for example mynode.us.mycompany.com
IDSTORE_PORT	identity store port, for example 1234
POLICYSTORE_HOST	policy store hostname, for example abc
POLICYSTORE_PORT	policy store port, for example 1110
POLICYSTORE_OAMDN	cn:oamsoftware,cn:users,dc:us,dc:oracle,dc:com
POLICYSTORE_PWD	password
OAM_POLICYSEARCHBASE	(required only for non-OID directory)
OAM_POLICYSEARCHBASE	dc:us,dc:oracle,dc:com
OAM_WEBGATE_URL	WebGate URL, for example http://mynode.us.mycompany.com:1010
OAM_CONSENTFORM_URL	/cgi-bin/consentredirect.pl
OAM_IMPERSONATION_PATH	impersonation path, for example /mydir/lib/authz_impersonate.so
OIM_OHS_URL	OHS URL, for example http://mynode.us.mycompany.com:1234
App_agent_password	password
Oam_aaa_mode	open
Oam_aaa_passphrase	password
Primary_oam_servers	ACCSERVEROAS
MAX_OAM_CONNECTIONS	4

A.2.5 configOIM Parameters

Parameter	Value
ACCESS_SERVER_HOST	Access Server hostname, for example mynode.us.mycompany.com
ACCESS_GATE_ID	IdentityManagerAccessGate
ACCESS_SERVER_PORT	5575
COOKIE_DOMAIN	.us.oracle.com
COOKIE_EXPIRY_INTERVAL	120
WEBGATE_TYPE	javaWebgate | ohsWebgate10g | ohsWebgate11g
SSO_ENABLED_FLAG	true | false
IDSTORE_PORT
IDSTORE_HOST
IDSTORE_ADMIN_USER
IDSTORE_USERSEARCHBASE
IDSTORE_GROUPSEARCHBASE
MDS_DB_URL
MDS_DB_URL
MDS_DB_SCHEMA_USERNAME
WLSHOST
WLSPORT
WLSADMIN
DOMAIN_NAME
OIM_MANAGED_SERVER_NAME
DOMAIN_LOCATION
OIM_MANAGED_SERVER_HOST
OIM_MANAGED_SERVER_PORT

A.2.6 postProv Parameters

Same as preConfigIDStore parameters.

A.2.7 Validate IDStore parameters

Parameter	Value
IDSTORE_TYPE	OID | OVD
IDSTORE_HOST	adcxyx
IDSTORE_PORT	3060
IDSTORE_SSLPORT	3031
IDSTORE_SSL_ENABLED	true
IDSTORE_SUPER_USER	faadmin
IDSTORE_READ_WRITE_USER	cn=rou,cn=users,dc=mycompany,dc=com
IDSTORE_READ_WRITE_PASSWORD	password
IDSTORE_READ_ONLY_USER	cn=rwu,cn=users,dc=mycompany,dc=com
IDSTORE_READ_ONLY_PASSWORD	password
IDSTORE_USER_CONTAINER	cn=users,dc=mycompany,dc=com
IDSTORE_GROUP_CONTAINER	cn=users,dc=mycompany,dc=com
IDSTORE_SEEDING	true
IDSTORE_ADMIN_GROUP	cn=administrators,cn=groups,dc=mycompany,dc=com
IDSTORE_ADMIN_GROUP_EXISTS	true

A.2.8 PolicyStore parameters

Parameter	Value
POLICYSTORE_HOST	POLICYSTORE.host
POLICYSTORE_PORT	POLICYSTORE.port
POLICYSTORE_SECURE_PORT	POLICYSTORE.sslport
POLICYSTORE_IS_SSL_ENABLED	POLICYSTORE.ssl.enabled
POLICYSTORE_READ_WRITE_USERNAME	POLICYSTORE.username
POLICYSTORE_PASSWORD	POLICYSTORE.password
POLICYSTORE_SEEDING	POLICYSTORE.seeding
POLICYSTORE_JPS_ROOT_NODE	POLICYSTORE.jps.root
POLICYSTORE_DOMAIN_NAME	POLICYSTORE.domain.name
POLICYSTORE_CREATED_BY_CUSTOMER	POLICYSTORE.created.by.customer
POLICYSTORE_JPS_CONFIG_DIR	idm.jpsconfig.filesdir
POLICYSTORE_CRED_MAPPING_FILE_LOCATION	idm.credentials.mapping.filelocation
POLICYSTORE_ADF_CRED_FILE_LOCATION	idm.common.adfcreds.file
POLICYSTORE_STRIPE_FSCM	fscm
POLICYSTORE_STRIPE_CRM	crm
POLICYSTORE_STRIPE_HCM	hcm
POLICYSTORE_STRIPE_SOA_INFRA	soa-infra
POLICYSTORE_STRIPE_APM	oracle.security.apm
POLICYSTORE_STRIPE_ESSAPP	ESSAPP
POLICYSTORE_STRIPE_B2BUI	b2bui
POLICYSTORE_STRIPE_OBI	obi
POLICYSTORE_STRIPE_WEBCENTER	webcenter
POLICYSTORE_STRIPE_IDCCS	IDCCS
POLICYSTORE_CRED_STORE	POLICYSTORE.credential.store
IDM_KEYSTORE_FILE	idm.keystore.file
IDM_KEYSTORE_PASSWORD	idm.keystore.password

A.2.9 Validate OAM Configuration

Parameter	Value	Notes
OAM10g_MODE
OAM10g_NOPROMPT		Query for password is suppressed when true.
OAM10g_POLICY_HOST
OAM10g_POLICY_PORT
OAM10g_POLICY_USERDN	ldap_userdn
OAM10g_POLICY_USERPWD	ldap_userpassword
OAM10g_AAA_MODE	oam_aaa_mode
OAM10g_AAA_PASSPHRASE	oam_aaa_passphrase
OAM10g_PRIMARY_SERVERS	primary_oam_servers
OAM10g_SECONDARY_SERVERS	secondary_oam_servers
OAM10g_RUNTIME_USER	oam_runtime_user	User used to configure Oracle Access Manager 10g components. This user has read/write privileges to the Oracle Access Manager Policy store, for example: cn=OAMSoftware

A.2.10 Validate OIM

Parameter	Value	Notes
ADMIN_SERVER_HOST	admin_server_host	Domain Admin Server Constant
ADMIN_SERVER_PORT	admin_server_port	Domain Admin Server Constant
ADMIN_SERVER_USER	admin_server_user	Domain Admin Server Constant
ADMIN_SERVER_USER_PASSWORD	admin_server_user_password	Domain Admin Server Constant
ACCESS_SERVER_HOST
ACCESS_SERVER_PORT
ACCESS_SERVER_ID

A.3 Examples

The following reference contains examples of idmConfigTool usage:

• "Integrating Oracle Access Manager and Oracle Identity Manager" in the Oracle Fusion Middleware Integration Guide for Oracle Access Manager.