This chapter explains how to configure Oracle Access Manager. It includes the following topics:
Before you start installing and configuring Oracle Identity and Access Management products in any of the scenarios discussed in this chapter, note that IAM_Home is used to refer to the Oracle Home directory that includes Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, and Oracle Identity Navigator. You can specify any name for this Oracle Home directory.
When configuring Oracle Access Manager in a new or existing WebLogic administration domain, you must choose Oracle Access Manager with Database Policy Store - 18.104.22.168.0 [Oracle_IDM2] as the domain configuration template on the Select Domain Source screen in the Oracle Fusion Middleware Configuration Wizard.
A database policy store offers more security measures that can be layered based on the storage, thereby ensuring higher resiliency to corruption and better high availability.
To configure Oracle Access Manager with a database policy store, choose the Oracle Access Manager with Database Policy Store - 22.214.171.124.0 [Oracle_IDM2] option on the Select Domain Source screen in the Oracle Fusion Middleware Configuration Wizard.
It is recommended that you use a database policy store in production environments.
This topic describes how to configure Oracle Access Manager in a new WebLogic domain.
It includes the following sections:
Perform the configuration in this topic if you want to install only Oracle Access Manager in an environment where you may add other Oracle Identity and Access Management 11g components, such as Oracle Identity Navigator, Oracle Identity Manager, and Oracle Adaptive Access Manager at a later time in the same domain.
Performing the configuration in this section deploys the following:
WebLogic Administration Server
Managed Server for Oracle Access Manager
Oracle Access Manager Console on the Administration Server
The configuration in this section depends on the following:
Oracle WebLogic Server 11g Release 1 (10.3.6) or Oracle WebLogic Server 11g Release 1 (10.3.5).
Installation of the Oracle Identity and Access Management 11g Release 1 (126.96.36.199.0) software.
Database schemas for Oracle Access Manager. For more information, see Section 3.2.3, "Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU)".
Perform the following steps to configure Oracle Access Manager in a new WebLogic domain:
Start the Oracle Fusion Middleware Configuration Wizard by running the
<IAM_Home>/common/bin/config.sh script (on UNIX), or
<IAM_Home>\common\bin\config.cmd (on Windows). The Welcome screen of the Oracle Fusion Middleware Configuration Wizard appears.
IAM_Home is used as an example here. You must run this script from your Oracle Identity and Access Management Home directory that contains Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlements Server, and Oracle Identity Navigator.
On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen appears.
On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected. Select Oracle Access Manager with Database Policy Store - 188.8.131.52.0 [Oracle_IDM2], and click Next. The Select Domain Name and Location screen appears.
When you select the Oracle Access Manager with Database Policy Store - 184.108.40.206.0 [Oracle_IDM2] option, the Oracle JRF 220.127.116.11 [Oracle_Common] option is also selected, by default.
Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.
Configure a user name and a password for the administrator. The default user name is
weblogic. Click Next.
The Configure Server Start Mode and JDK screen appears. Choose a JDK from the Available JDKs and select a WebLogic Domain Startup Mode. Click Next.
On the Configure JDBC Component Schema screen, select a component schema, such as the OAM Infrastructure Schema that you want to modify.
You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.
On the Select Optional Configuration screen, you can configure the Administration Server and Managed Servers, Clusters, and Machines. Click Next.
Optional: Configure the following Administration Server parameters:
SSL listen port
SSL enabled or disabled
Optional: Configure Managed Servers, as required.
If you want to configure the Managed Server on the same machine, ensure that the port is different from that of the Administration Server.
Optional: Configure Clusters, as required.
For more information about configuring clusters for Oracle Identity and Access Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.
Optional: Assign Managed Servers to clusters, as required.
Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.
Before configuring a machine, use the
ping command to verify whether the machine or host name is accessible.
If the Administration Server is not assigned to a machine, you can assign it to a machine.
Note that deployments, such as applications and libraries, and services that are targeted to a particular cluster or server are selected, by default.
Assign the newly created Managed Server, such as
oam_server1, to a machine.
On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.
A new WebLogic domain to support Oracle Access Manager is created in the
<MW_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the
After configuring Oracle Access Manager in a new or existing domain, you must start the Oracle WebLogic Administration Server and various Managed Servers, as described in Appendix C, "Starting the Stack".
After installing and configuring Oracle Access Manager, you can perform the following optional tasks:
Configure your own LDAP to use instead of the default embedded LDAP, which comes with Oracle WebLogic Server.
Configure a policy store to protect resources.
Add more Managed Servers to the existing domain.
Add a Managed Server instance.
For more information, see the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service.
After completing the installation process, including post-installation steps, you can verify the installation and configuration of Oracle Access Manager as follows:
Ensure that the Administration Server and the Managed Server are up and running.
Log in to the Administration Console for Oracle Access Manager using the URL:
When you access this Administration Console running on the Administration Server, you are prompted to enter a user name and password. Note that you must have Administrator's role and privileges.
Verify the Oracle WebLogic Server Administration Console. If the installation and configuration of Oracle Access Manager is successful, this console shows the Administration Server (for example,
oam_admin) and the Managed Server (for example, oam_server) in the running mode. In addition, if you check Application Deployments in this console, both
oam_admin and oam_server must be in active state.
For information about setting up Oracle Access Manager agents, see Oracle Fusion Middleware Installing Webgates for Oracle Access Manager.
For information about setting up integration between Oracle Access Manager and Oracle Identity Manager, see "Integrating Oracle Access Manager and Oracle Identity Manager" in the Oracle Fusion Middleware Integration Guide for Oracle Access Manager.
After installing Oracle Access Manager, refer to the "Getting Started with Administering Oracle Access Manager" chapter in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager.