This chapter includes the following topics:
Table 3-1 lists the general installation and configuration tasks that apply to Oracle Identity and Access Management 11g Release 1 (11.1.1.7.0) products.
Table 3-1 Installation and Configuration Flow for Oracle Identity and Access Management
No. | Task | Description |
---|---|---|
1 |
Review installation concepts in the Installation Planning Guide. |
Read the Oracle Fusion Middleware Installation Planning Guide, which describes the process for various users to install or upgrade to Oracle Fusion Middleware 11g Release 1 (11.1.1.7.0) depending on the user's existing environment. |
2 |
Review the system requirements and certification documents to ensure that your environment meets the minimum installation requirements for the components you are installing. |
For more information, see Section 2.1, "Reviewing System Requirements and Certification". |
3 |
Obtain the Oracle Fusion Middleware Software. |
For more information, see Section 3.2.1, "Obtaining the Oracle Fusion Middleware Software" |
4 |
Review the Database requirements. |
For more information, see Section 3.2.2, "Reviewing Database Requirements". |
5 |
Run Oracle Fusion Middleware Repository Creation Utility (RCU) to create and load the appropriate schemas for Oracle Identity and Access Management products. |
For more information, see Section 3.2.3, "Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU)". |
6 |
Review WebLogic Server and Middleware Home requirements. |
For more information, see Section 3.2.4, "Reviewing WebLogic Server and Middleware Home Requirements". |
7 |
For Oracle Identity Manager users only: Install Oracle SOA Suite 11g Release 1 (11.1.1.7.0). |
For more information, see Section 3.2.5, "Installing Oracle SOA Suite (Oracle Identity Manager Users Only)". |
8 |
Start the Oracle Identity and Access Management Installer. |
For more information, see Section 3.2.6, "Starting the Oracle Identity and Access Management Installer". |
9 |
Install the Oracle Identity and Access Management 11g software. |
For more information, see Section 3.2.7, "Installing Oracle Identity and Access Management (11.1.1.7.0)". |
10 |
Run the Oracle Fusion Middleware Configuration Wizard to configure your Oracle Identity and Access Management products in a new or existing WebLogic domain. |
For more information, see Section 3.2.8, "Configuring Oracle Identity and Access Management Products". Note: If you are using Oracle Identity Manager, you must perform additional configuration after configuring Oracle Identity and Access Management in a WebLogic domain. For more information, see Chapter 5, "Configuring Oracle Identity Manager". |
11 |
Start the servers. |
You must start the Administration Server and all Managed Servers. For more information, see Section C.1, "Starting the Stack". |
Follow the instructions in this section to install and configure the latest Oracle Identity and Access Management software.
Installing and configuring the latest version of Oracle Identity and Access Management 11g components involves the following steps:
Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU)
Installing Oracle SOA Suite (Oracle Identity Manager Users Only)
Starting the Oracle Identity and Access Management Installer
Installing Oracle Identity and Access Management (11.1.1.7.0)
For installing Oracle Identity and Access Management, you must obtain the following software:
Oracle WebLogic Server 11g Release 1 (10.3.6) or Oracle WebLogic Server 11g Release 1 (10.3.5)
Oracle Database
Oracle Repository Creation Utility
Oracle Identity and Access Management Suite
Oracle SOA Suite 11g Release 1 (11.1.1.7.0)
Note:
Oracle SOA Suite is required only for Oracle Identity Manager.
For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
Some Oracle Identity and Access Management components require an Oracle Database. Ensure that you have an Oracle Database installed on your system before installing Oracle Identity and Access Management. The database must be up and running to install the relevant Oracle Identity and Access Management component. The database does not have to be on the same system where you are installing the Oracle Identity and Access Management component.
Note:
For information about certified databases, see the "Certified Databases" topic in the Oracle Fusion Middleware System Requirements and Specifications 11g Release 1 (11.1.1) document.
For information about RCU requirements for Oracle Databases, see the "RCU Requirements for Oracle Databases" topic in the Oracle Fusion Middleware System Requirements and Specifications 11g Release 1 (11.1.1) document.
To identify the patches required for Oracle Identity Manager 11.1.1.7.0 configurations that use Oracle Database 11.1.0.7, refer to the Oracle Identity Manager section of the 11g Release 1 Oracle Fusion Middleware Release Notes.
You must create and load the appropriate Oracle Fusion Middleware schema in your database before installing the following Oracle Identity and Access Management components and configurations:
Oracle Identity Manager
Oracle Access Manager
Oracle Adaptive Access Manager
Oracle Entitlements Server
You create and load Oracle Fusion Middleware schema in your database using the Oracle Fusion Middleware Repository Creation Utility (RCU), which is available on the Oracle Technology Network (OTN) web site. You can access the OTN web site at:
http://www.oracle.com/technetwork/index.html
For more information on obtaining Oracle Fusion Middleware Repository Creation Utility, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
Notes:
For information on RCU requirements, refer to the "Repository Creation Utility (RCU) Requirements" topic in the Oracle Fusion Middleware System Requirements and Specifications document.
For information about launching and running RCU, see the "Launching RCU with a Variety of Methods" and "Running Oracle Fusion Middleware Repository Creation Utility (RCU)" topics in the guide Oracle Fusion Middleware Repository Creation Utility User's Guide.
For information on creating schemas, see the "Creating Schemas" topic in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
Before running RCU, ensure that you have the database connection string, port, administrator credentials, and service name ready.
When you run RCU, create and load only the following schema for the Oracle Identity and Access Management component you are installing—do not select any other schema available in RCU:
For Oracle Identity Manager, select the Identity Management - Oracle Identity Manager schema. The SOA Infrastructure schema, the User Messaging Service schema, and the Metadata Services schema are also selected, by default.
For Oracle Adaptive Access Manager, select the Identity Management - Oracle Adaptive Access Manager schema. By default, the AS Common Schemas - Metadata Services schema is also selected.
For Oracle Adaptive Access Manager with partition schema support, select the Identity Management - Oracle Adaptive Access Manager (Partition Supp...) schema. By default, the AS Common Schemas - Metadata Services schema is also selected.
Note:
For information about Oracle Adaptive Access Manager schema partitions, see Section H, "OAAM Partition Schema Reference".
For Oracle Access Manager, select the Identity Manager - Oracle Access Manager schema. By default, the AS Common Schema - Audit Services schema is also selected.
For Oracle Entitlements Server, select the Identity Management - Oracle Entitlements Server schema. By default, the AS Common Schemas - Metadata Services schema is also selected.
Note:
When you create a schema, be sure to remember the schema owner and password that is shown in RCU.
If you are creating schemas on databases with Oracle Database Vault installed, note that statements such as CREATE USER
, ALTER USER
, DROP USER
, CREATE PROFILE
, ALTER PROFILE
, and DROP PROFILE
can only be issued by a user with the DV_ACCTMGR
role. SYSDBA can issue these statements by modifying the Can Maintain Accounts/Profiles rule set only if it is allowed.
Before you can install Oracle Identity and Access Management 11g Release 1 (11.1.1.7.0) components, you must ensure that you have installed Oracle WebLogic Server 11g Release 1 (10.3.6) or Oracle WebLogic Server 11g Release 1 (10.3.5), and created a Middleware Home directory.
Note:
On 64-bit platforms, when you install Oracle WebLogic Server using the generic jar file, JDK is not installed with Oracle WebLogic Server. You must install JDK separately, before installing Oracle WebLogic Server.
Ensure that the JDK version you select is Java SE 6 Update 24 or higher.
For more information, see "Install Oracle WebLogic Server" in Oracle Fusion Middleware Installation Planning Guide. In addition, see Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server for complete information about installing Oracle WebLogic Server.
Note:
By default, WebLogic domains are created in a directory named domains
located in the user_projects
directory under your Middleware Home. After you configure any of the Oracle Identity and Access Management products in a WebLogic administration domain, a new directory for the domain is created in the domains
directory. In addition, a directory named applications
is created in the user_projects
directory. This applications
directory contains the applications deployed in the domain.
If you are installing Oracle Identity Manager, you must install Oracle SOA Suite 11g Release 1 (11.1.1.7.0). Note that only Oracle Identity Manager requires Oracle SOA Suite. This step is required because Oracle Identity Manager uses process workflows in Oracle SOA Suite to manage request approvals.
For more information about installing Oracle SOA Suite, see Oracle Fusion Middleware Installation Guide for Oracle SOA Suite and Oracle Business Process Management Suite.
Note:
If you have already created a Middleware Home before installing Oracle Identity and Access Management components, do not create a new Middleware Home again. You must use the same Middleware Home for installing Oracle SOA Suite.
This topic explains how to start the Oracle Identity and Access Management Installer.
Notes:
If you are installing on an IBM AIX operating system, you must run the rootpre.sh
script from the Disk1
directory before you start the installer.
Starting the Installer as the root
user is not supported.
Start the Installer by executing one of the following commands:
UNIX: <full path to the runInstaller directory>/runInstaller -jreLoc <full path to the JRE directory>
Windows: <full path to the setup.exe directory>\setup.exe -jreLoc <full path to the JRE directory>
Note:
The installer prompts you to enter the absolute path of the JRE that is installed on your system. When you install Oracle WebLogic Server, the jrockit_1.6.0_29
directory is created under your Middleware Home. You must enter the absolute path of the JRE folder located in this JDK when launching the installer. For example, on Windows, if the JDK is located in D:\oracle\Middleware\jrockit_1.6.0_29
, then launch the installer from the command prompt as follows:
D:\setup.exe -jreLoc D:\oracle\Middleware\jrockit_1.6.0_29\jre
If you do not specify the -jreLoc
option on the command line when using the Oracle JRockit JDK, the following warning message is displayed:
-XX:MaxPermSize=512m is not a valid VM option. Ignoring
This warning message does not affect the installation. You can continue with the installation.
On 64 bit platforms, when you install Oracle WebLogic Server using the generic jar file, the jrockit_1.6.0_29
directory will not be created under your Middleware Home. You must enter the absolute path of the JRE folder from where your JDK is located.
This topic describes how to install the Oracle Identity and Access Management 11g software, which includes Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Identity Navigator, and Oracle Entitlements Server.
It includes the following sections:
Performing the installation in this section installs the following products:
Oracle Identity Manager
Oracle Access Manager
Note:
When you are installing Oracle Access Manager, Oracle Secure Token Service will also be installed. For more information on Oracle Secure Token Service, see Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service.
Oracle Adaptive Access Manager
Note:
For Oracle Identity and Access Management 11.1.1.7.0, Oracle Adaptive Access Manager includes two components
Oracle Adaptive Access Manager (Online)
Oracle Adaptive Access Manager (Offline)
Oracle Identity Navigator
Oracle Entitlements Server
Note:
When you are installing Oracle Identity and Access Management, only the Administration Server of Oracle Entitlements Server is installed.
To install and configure Oracle Entitlements Server Client, see Installing Oracle Entitlements Server Client.
The installation in this section depends on the following:
Oracle WebLogic Server 11g Release 1 (10.3.6) or Oracle WebLogic Server 11g Release 1 (10.3.5)
Oracle Database and any required patches
Oracle SOA Suite 11g Release 1 (11.1.1.7.0)
Note:
Oracle SOA Suite is required only for Oracle Identity Manager.
JDK (Java SE 6 Update 24 or higher) or JRockit
Complete the following steps to install the Oracle Identity and Access Management suite that contains Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Identity Navigator, and Oracle Entitlements Server:
Start your installation by performing all the steps in Section 3.2.6, "Starting the Oracle Identity and Access Management Installer". After you complete those steps, the Welcome screen appears.
Click Next on the Welcome screen. The Install Software Updates screen appears. Select whether or not you want to search for updates. Click Next.The Prerequisite Checks screen appears. If all prerequisite checks pass inspection, click Next. The Specify Installation Location screen appears.
On the Specify Installation Location screen, enter the path to the Oracle Middleware Home installed on your system. Ensure that Oracle WebLogic Server is already installed on the system in the same Middleware Home. This directory is the same as the Oracle Home created in the Oracle WebLogic Server installation.
Note:
If you do not specify a valid Middleware Home directory on the Specify Installation Location screen, the Installer displays a message and prompts you to confirm whether you want to proceed with the installation of only Oracle Identity Manager Design Console and Oracle Identity Manager Remote Manager. These two components of Oracle Identity Manager do not require a Middleware Home directory.
If you want to install only Oracle Identity Manager Design Console or Remote Manager, you do not need to install Oracle WebLogic Server or create a Middleware Home directory on the machine where Design Console or Remote Manager is being configured.
Before using Oracle Identity Manager Design Console or Remote Manager, you must configure Oracle Identity Manager Server on the machine where the Administration Server is running. When configuring Design Console or Remote Manager on a different machine, you can specify the Oracle Identity Manager Server host and URL information.
In the Oracle Home Directory field, enter a name for the Oracle Home folder that will be created under your Middleware Home. This directory is also referred to as IAM_Home
in this book.
Note:
The name that you provide for the Oracle Home for installing the Oracle Identity and Access Management suite should not be same as the Oracle Home name given for the Oracle Identity Management suite.
Oracle Identity Management 11g Release 1 is part of Oracle Fusion Middleware and includes components like Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, and Oracle Identity Federation.
Click Next. The Installation Summary screen appears.
The Installation Summary screen displays a summary of the choices that you made. Review this summary and decide whether to start the installation. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing Oracle Identity and Access Management, click Install. The Installation Progress screen appears. Click Next.
Note:
If you cancel or abort when the installation is in progress, you must manually delete the IAM_Home
directory before you can reinstall the Oracle Identity and Access Management software.
To invoke online help at any stage of the installation process, click the Help button on the installation wizard screens.
The Installation Complete screen appears. On the Installation Complete screen, click Finish.
This installation process copies the Identity Management software to your system and creates an IAM_Home directory under your Middleware Home.
After installing the Oracle Identity and Access Management software, you must proceed to Section 3.2.8, "Configuring Oracle Identity and Access Management Products," to configure Oracle Identity and Access Management products in a new or existing WebLogic domain.
This section describes the directory structure after installation of Oracle WebLogic Server and Oracle Identity and Access Management. It also shows the structure of directories created after the Oracle Identity and Access Management software is installed.
After you install the Oracle Identity and Access Management suite, an Oracle Home directory for Oracle Identity and Access Management, such as Oracle_IDM1
, is created under your Middleware Home. This home directory is also referred to as IAM_Home
in this guide.
For more information about identifying installation directories, see Section 2.3, "Identifying Installation Directories".
After Oracle Identity and Access Management 11g is installed, you are ready to configure the WebLogic Server Administration Domain for Oracle Identity and Access Management components. A domain includes a special WebLogic Server instance called the Administration Server, which is the central point from which you configure and manage all resources in the domain.
When you configure an Oracle Identity and Access Management 11.1.1.7.0 component, you can choose one of the following configuration options:
You can use the Oracle Fusion Middleware Configuration Wizard to create a WebLogic domain or extend an existing domain.
Select the Create a new WebLogic domain option on the Welcome screen in the Oracle Fusion Middleware Configuration Wizard to create a new WebLogic Server domain.
Select the Extend an existing WebLogic domain option on the Welcome screen in the Oracle Fusion Middleware Configuration Wizard to add Oracle Identity and Access Management components in an existing Oracle WebLogic Server administration domain.
See:
The "Understanding Oracle WebLogic Server Domains" chapter in the Oracle Fusion Middleware Understanding Domain Configuration for Oracle WebLogic Server guide for more information about Oracle WebLogic Server administration domains.
In addition, see the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide for complete information about how to use the Configuration Wizard to create or extend WebLogic Server domains. This guide also provides the Oracle Fusion Middleware Configuration Wizard Screens.
For component-specific configuration information about Oracle Identity and Access Management products, see the following chapters:
If you are configuring Oracle Identity Manager, you must run the Oracle Identity Manager Configuration Wizard after configuring a domain, to configure Oracle Identity Manager Server, Oracle Identity Manager Design Console, and Oracle Identity Manager Remote Manager as described in "Section 5.5, "Starting the Oracle Identity Manager 11g Configuration Wizard"". For more information, see the following sections:
After installing and configuring Oracle Identity and Access Management, you must run the Oracle WebLogic Administration Server and various Managed Servers, as described in Section C.1, "Starting the Stack".