Skip Headers
Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition)
11g Release 6 (11.1.6)

Part Number E21032-18
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

9 Creating the Domain for an Enterprise Deployment

This chapter describes how to create a domain using the Configuration Wizard, Oracle WebLogic Server Administration Console and Oracle Enterprise Manager Fusion Middleware Control. The topology you are creating dictates the number of domains you need to create. Once the initial domain has been created, it can be extended with other products as described later on in this book.

Note:

Oracle strongly recommends that you read the release notes for any additional installation and deployment considerations prior to starting the setup process.

This chapter contains the following sections.

9.1 Overview of Creating a Domain

Table 9-1 lists the steps for creating a WebLogic domain, including post-configuration tasks.

Table 9-1 Steps for Creating a WebLogic Domain

Step Description More Information

Create a WebLogic Domain

Run the Configuration Wizard to create WebLogic domain.

Section 9.4, "Running the Configuration Wizard to Create a Domain with Oracle Access Manager, Oracle SOA Suite, and Oracle Identity Manager"

Post-Configuration and Verification Tasks

Follow the instructions for post-configuration and validation tasks.

Section 9.5, "Post-Configuration and Verification Tasks"

Configure the Oracle HTTP Server with the WebLogic domain

Configure the Oracle HTTP Server with the WebLogic domain and validate the configuration.

Section 9.6, "Configuring Oracle HTTP Server for the WebLogic Domain"

Back Up the Domain

Back up the newly configured WebLogic domain.

Section 9.8, "Backing Up the WebLogic Domain"


Once this domain is created and configured you can extend the domain to include other Identity Management components, as described in the next chapters.

9.2 About Console URLs and Domains

The component URLs related to the domain and the user names used to access them, are listed in the following two tables. Table 9-2 lists the URLs available prior to Web Tier integration. Table 9-3 lists the URLs available after Web Tier integration.

Table 9-2 URL Available Prior to Web Tier Integration

Component URL

WebLogic Console

http://ADMINVHN.mycompany.com:7001/consoleFoot 1 

Fusion Middleware Control

http://ADMINVHN.mycompany.com:7001/em


Footnote 1 where 7001 is WLS_ADMIN_PORT, as described in Section A.3.

After you have completed the tasks in Section 9.6, "Configuring Oracle HTTP Server for the WebLogic Domain," the URLs listed in Table 9-3 will be available.

Table 9-3 URLs Available After Web Tier Integration

Component URL User

WebLogic Console

http://ADMIN.mycompany.com/console

weblogic

Fusion Middleware Control

http://ADMIN.mycompany.com/em

weblogic


9.3 Synchronize System Clocks

Oracle SOA uses Quartz to maintain its jobs and schedules in the database. Synchronize the system clocks for the SOA WebLogic cluster to enable proper functioning of jobs, adapters, and Oracle B2B.

9.4 Running the Configuration Wizard to Create a Domain with Oracle Access Manager, Oracle SOA Suite, and Oracle Identity Manager

Run the Configuration Wizard from the Oracle common home directory to create a domain containing the Administration Server and managed servers. This domain supports Oracle Identity Manager and Oracle Access Manager. Later, you will extend the domain to contain other components.

You run the Configuration Wizard on IDMHOST1 to create the IDMDomain.

To create IDMDomain, proceed as follows:

  1. Ensure that the database where you installed the repository is running. For Oracle RAC databases, all instances should be running, so that the validation check later in the procedure is more reliable.

  2. Change directory to the location of the Configuration Wizard. This is within the Oracle Common Home directory (created in Chapter 6, "Installing the Software for an Enterprise Deployment").

    cd  IAM_MW_HOME/oracle_common/common/bin
    
  3. Start the Oracle Fusion Middleware Configuration Wizard

    On Linux, type:

    ./config.sh
    

    On Windows, type:

    config.cmd
    
  4. On the Welcome screen, select Create a New WebLogic Domain, and click Next.

  5. On the Select Domain Source screen, do the following:

    • Select Generate a domain configured automatically to support the following products.

    • Select the following products:

      • Oracle Identity Manager 11.1.1.3.0 [iam]

      • Oracle SOA Suite - 11.1.1.0 [soa]

      • Oracle Enterprise Manager [oracle_common]

      • Oracle Access Manager with Database Policy Store - 11.1.1.3.0 [iam]

      • Oracle WSM Policy Manager - 11.1.1.0 [oracle_common]

      • Oracle JRF [oracle_common] (This should be selected automatically.)

    Click Next.

  6. On the Specify Domain Name and Location screen, enter the domain name, IDMDomain.

    Ensure that the domain directory matches the directory and shared storage mount point recommended in Section 4.3, "About Recommended Locations for the Different Directories."

    Enter

    /u01/oracle/config/domains
    

    for the domain directory and

    ASERVER_HOME/applications 
    

    for the application directory. The application directory should be in shared storage.

  7. Click Next.

  8. On the Configure Administrator Username and Password screen, enter the username (default is weblogic) and password to be used for the domain's administrator. For example:

    • Name: weblogic

    • User Password: password for weblogic user

    • Confirm User Password: password for weblogic user

    • Description:This user is the default administrator.

    Click Next.

  9. On the Configure Server Start Mode and JDK screen, do the following:

    • For WebLogic Domain Startup Mode, select Production Mode.

    • For JDK Selection, select JRockit SDK

    Click Next.

  10. On the Configure JDBC Component Schemas screen, select all the data sources listed on the page.

    • SOA Infrastructure

    • User Messaging Service

    • OIM MDS Schema

    • OWSM MDS Schema

    • SOA MDS Schema

    • OAM Infrastructure

    • OIM Schema

    Under RAC configuration for component schemas, select Convert to RAC multi data source.

    Click Next.

  11. On the Configure RAC Multi Data Source Component Schema page, select each of the schemas for your components, one by one. (Do not select schemas listed for previously configured components.) After you select a schema, enter its information into the appropriate fields, based on the following table:

    Schema Name Service Name Host Names Instance Names Port Schema Owner Password

    SOA Infrastructure

    OIMEDG.mycompany.com

    IDMDBHOST1-VIP.mycompany.com

    oimedg1

    1521

    EDG_SOAINFRA

    password

       

    IDMDBHOST2-VIP.mycompany.com

    oimedg2

    1521

       

    User Messaging Service

    OIMEDG.mycompany.com

    IDMDBHOST1-VIP.mycompany.com

    oimedg1

    1521

    EDG_ORASDPM

    password

       

    IDMDBHOST2-VIP.mycompany.com

    oimedg2

    1521

       

    OIM MDS Schema

    OIMEDG.mycompany.com

    IDMDBHOST1-VIP.mycompany.com

    oimedg1

    1521

    EDG_MDS

    password

       

    IDMDBHOST2-VIP.mycompany.com

    oimedg2

    1521

       

    OWSM MDS Schema

    OIMEDG.mycompany.com

    IDMDBHOST1-VIP.mycompany.com

    oimedg1

    1521

    EDG_MDS

    password

       

    IDMDBHOST2-VIP.mycompany.com

    oimedg2

    1521

       

    SOA MDS Schema

    OIMEDG.mycompany.com

    IDMDBHOST1-VIP.mycompany.com

    oimedg1

    1521

    EDG_MDS

    password

       

    IDMDBHOST2-VIP.mycompany.com

    oimedg2

    1521

       

    OIM Schema

    OIMEDG.mycompany.com

    IDMDBHOST1-VIP.mycompany.com

    oimedg1

    1521

    EDG_OIM

    password

       

    IDMDBHOST2-VIP.mycompany.com

    oimedg2

    1521

       

    If you are using Oracle Database 11.2, replace the vip address and port with the 11.2 SCAN address and port.

    Click Next.

  12. On the Test JDBC Component Schema screen, the Configuration Wizard attempts to validate the data sources. If the data source validation succeeds, click Next. If it fails, click Previous, correct the problem, and try again.

    Click Next.

  13. On the Select Optional Configuration screen, select the following:

    • Administration Server

    • JMS Distributed Destination (required only on the domain that has OIM)

    • Managed Servers, Clusters and Machines

    • JMS File Store (required only on the domain that has OIM)

    Click Next.

  14. On the Configure the Administration Server screen, enter the following values:

    • Name: AdminServer

    • Listen Address: ADMINVHN.mycompany.com.

    • Listen Port: 7001 (WLS_ADMIN_PORT)

    • SSL listen port: N/A

    • SSL enabled: unchecked

    Click Next.

  15. On the JMS Destination screen, ensure that all the JMS system resources listed on the screen are uniform distributed destinations. If they are not, select UDD from the drop down box. Ensure that the entries look like this:

    JMS System Resource Uniform/Weighted Distributed Destination

    UMSJMSSystemResource

    UDD

    BPMJMSModule

    UDD

    SOAJMSModule

    UDD

    OIMJMSModule

    UDD


    Click Next.

    An Override Warning box with the following message is displayed:

    CFGFWK-40915: At least one JMS system resource has been selected for conversion to a Uniform Distributed Destination (UDD). This  conversion will take place only if the JMS System resource is assigned to a cluster
    

    Click OK on the Override Warning box.

  16. The next screen is the Configure Managed Servers screen.

    If you are creating IDMDomain for a single domain topology, when you first enter the Configure Managed Servers screen, three managed servers called oam_server1, oim_server1 and soa_server1 are created automatically. Rename oam_server to WLS_OAM1, soa_server1 to WLS_SOA1, and oim_server1 to WLS_OIM1 and update their attributes as shown in the following table.

    Then, add three new managed servers called WLS_OAM2, WLS_OIM2 and WLS_SOA2 with the following attributes.

    Name Listen Address Listen Port Port VariableFoot 1  SSL Listen Port SSL Enabled

    WLS_OAM1

    IDMHOST1

    14100

    OAM_PORT

    N/A

    No

    WLS_OAM2

    IDMHOST2

    14100

    OAM_PORT

    N/A

    No

    WLS_SOA1

    SOAHOST1VHN

    8001

    SOA_PORT

    N/A

    No

    WLS_SOA2

    SOAHOST2VHN

    8001

    SOA_PORT

    N/A

    No

    WLS_OIM1

    OIMHOST1VHN

    14000

    OIM_PORT

    N/A

    No

    WLS_OIM2

    OIMHOST2VHN

    14000

    OIM_PORT

    N/A

    No


    Footnote 1 Port variables are listed in Section A.3

    Leave all the other fields at the default settings.

    Notes:

    • Do not change the configuration of the managed servers that were configured as a part of previous deployments.

    • Do not delete the default managed servers that are created. Rename them as described.

  17. The next screen is the Configure Clusters screen.

    Create clusters by clicking Add. The clusters you create depend on the topology, as shown in the following table:

    Name Cluster Messaging Mode Multicast Address Multicast Port Cluster Address

    oam_cluster

    unicast

    n/a

    n/a

     

    oim_cluster

    unicast

    n/a

    n/a

     

    soa_cluster

    unicast

    n/a

    n/a

    SOAHOST1VHN:8001,SOAHOST2VHN:8001Foot 1 


    Footnote 1 Where 8001 is the SOA_PORT from Section A.3.

    Note:

    Do not change the configuration of the clusters that were configured as a part of previous deployments.

  18. On the Assign Servers to Clusters screen, associate the managed servers with the cluster. Click the cluster name in the right pane. Click the managed server under Servers, then click the arrow to assign it to the cluster.

    Cluster Server

    oam_cluster

    WLS_OAM1

     

    WLS_OAM2

    oim_cluster

    WLS_OIM1

     

    WLS_OIM2

    soa_cluster

    WLS_SOA1

     

    WLS_SOA2


    Click Next.

    Note:

    Do not make any changes to clusters that already have entries defined.

  19. On the Configure Machines screen, click the Unix Machine tab (Machines tab on Windows) and then click Add to add the following machine. The machine name does not need to be a valid host name or listen address, it is just a unique identifier of a node manager location.

    Then create a machine for each host in the topology

    1. Name: Name of the host. Best practice is to use the DNS name.

    2. Node Manager Listen Address: DNS name of the machine.

    3. Node Manager Port: Port for Node Manager

    Provide the information shown in the following table.

    Name Node Manager Listen Address Node Manager Listen Port

    IDMHOST1

    IDMHOST1

    5556

    IDMHOST2

    IDMHOST2

    5556

    ADMINHOST

    LOCALHOST

    5556


    Leave the default values for all other fields.

    Delete the default local machine entry under the Machines tab.

    Click Next.

  20. Click Next.

  21. On the Assign Servers to Machines screen, assign servers to machines as shown in the table:

    Machine Server

    ADMINHOST

    AdminServer

    IDMHOST1

    WLS_OAM1, WLS_OIM1, WLS_SOA1

    IDMHOST2

    WLS_OAM2, WLS_OIM2, WLS_SOA2


    Click Next to continue.

  22. On the Configure JMS File Stores screen, update the directory locations for the JMS file stores. Provide the following information.

    Name Directory

    UMSJMSFileStore_auto_1

    /ASERVER_HOME/jms/UMSJMSFileStore_auto_1
    

    UMSJMSFileStore_auto_2

    /ASERVER_HOME/jms/UMSJMSFileStore_auto_2
    

    BPMJMSServer_auto_1

    /ASERVER_HOME/jms/BPMJMSServer_auto_1
    

    BPMJMSServer_auto_2

    /ASERVER_HOME/jms/BPMJMSServer_auto_2
    

    SOAJMSFileStore_auto_1

    /ASERVER_HOME/jms/SOAJMSFileStore_auto_1
    

    SOAJMSFileStore_auto_2

    /ASERVER_HOME/jms/SOAJMSFileStore_auto_2
    

    OIMJMSFileStore_auto_1

    /ASERVER_HOME/jms/OIMJMSFileStore_auto_1
    

    OIMJMSFileStore_auto_2

    /ASERVER_HOME/jms/OIMJMSFileStore_auto_2
    

    Click Next.

    Notes:

    • Use ASERVER_HOME/jms/ as the directory location for the UMSJMSFileStore_auto_1, UMSJMSFileStore_auto_2, BPMJMSServer_auto_1, BPMJMSServer_auto_2, SOAJMSFileStore_auto_1, and SOAJMSFileStore_auto_2 JMS file stores

    • Use ASERVER_HOME/jms/ as the directory location for the OIMJMSFileStore_auto_1 and OIMJMSFileStore_auto_2 JMS file stores

    • The location ASERVER_HOME/jms/ must be on shared storage and must be accessible from IDMHOST1 and IDMHOST2

  23. On the Configuration Summary screen, validate that your choices are correct, then click Create.

  24. On the Create Domain screen, click Done.

9.5 Post-Configuration and Verification Tasks

After configuring the domain with the configuration Wizard, follow these instructions for post-configuration and verification.

This section includes the following topics:

9.5.1 Creating boot.properties for the WebLogic Administration Server on IDMHOST1

Create a boot.properties file for the Administration Server on IDMHOST1. If the file already exists, edit it. The boot.properties file enables the Administration Server to start without prompting you for the administrator username and password.

For the Administration Server:

  1. Create the following directory structure.

    mkdir -p ASERVER_HOME/servers/AdminServer/security
    
  2. In a text editor, create a file called boot.properties in the last directory created in the previous step, and enter the username and password in the file. For example:

    username=weblogic
    password=password for weblogic user
    
  3. Save the file and close the editor.

Note:

The username and password entries in the file are not encrypted until you start the Administration Server, as described in Section 9.5.4, "Updating the Node Manager Credentials." For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, start the server as soon as possible so that the entries are encrypted.

9.5.2 Starting Node Manager

Perform these steps to start Node Manager on the administration host:

  1. Run the startNodeManager.sh script located under the WL_HOME/server/bin/ directory.

  2. Run the setNMProps.sh script to set the StartScriptEnabled property to true:

    cd MW_HOME/oracle_common/common/bin
    ./setNMProps.sh
    

    Note:

    You must use the StartScriptEnabled property to avoid class loading failures and other problems.

  3. Stop the Node Manager by killing the Node Manager process, or stop the service in Windows.

  4. Start Node Manager for the Administration Server as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components."

9.5.3 Removing IDM Domain Agent on IDMHOST1

By default, the IDMDomain Agent provides single sign-on capability for administration consoles. In enterprise deployments, WebGate handles single sign-on, so you must remove the IDMDomain agent. Remove the IDMDomain Agent as follows:

Log in to the WebLogic console at the URL listed in Table 9-2.

Then:

  1. Select Security Realms from the Domain Structure Menu

  2. Click myrealm.

  3. Click the Providers tab.

  4. Click Lock and Edit from the Change Center.

  5. In the list of authentication providers, select IAMSuiteAgent.

  6. Click Delete.

  7. Click Yes to confirm the deletion.

  8. Click Activate Changes from the Change Center.

  9. Restart WebLogic Administration Server, as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components."

9.5.4 Updating the Node Manager Credentials

You start the Administration server by using WLST and connecting to Node Manager. The first start of the Administration Server with Node Manager, however, requires that you change the default username and password that the Configuration Wizard sets for Node Manager. Therefore you must use the start script for the Administration Server for the first start. Follow these steps to start the Administration Server using Node Manager. Steps 1-4 are required for the first start operation, but subsequent starts require only Step 4.

  1. Start the Administration Server using the start script in the domain directory.

    cd ASERVER_HOME/bin
    ./startWebLogic.sh
    
  2. Use the Administration Console to update the Node Manager credentials on IDMDomain.

    1. In a browser, go to the listen address for the domain. For example:

      http://ADMINVHN.mycompany.com:7001/console where 7001 is WLS_ADMIN_PORT, as described in Section A.3.

    2. Log in as the administrator.

    3. Click Lock and Edit.

    4. Click IDMDomain.

    5. Select Security tab then General tab.

    6. Expand Advanced Options.

    7. Enter a new username for Node Manager or make a note of the existing one and update the Node Manager password.

    8. Click Save.

    9. Click Activate Changes.

    Update the Node Manager credentials on the domain.

  3. Stop the WebLogic Administration Server by issuing the command stopWebLogic.sh located under the ASERVER_HOME/bin directory.

  4. Start WLST and connect to the Node Manager with nmconnect and the credentials you just updated. Then start the WebLogic Administration Server using nmStart.

    cd ORACLE_COMMON_HOME/common/bin
    ./wlst.sh
    

    On Windows, the command is:

    wlst.cmd
    

    Once in the WLST shell, execute the following commands:

    nmConnect('Admin_User','Admin_Pasword', 'ADMINHOST1','NMGR_PORT',
      IDMDomain','ASERVER_HOME')
    nmStart('AdminServer')
    

    where NMGR_PORT is your value in Section A.3, domain_name is the name of the domain and Admin_user and Admin_Password are the Node Manager username and password you entered in Step 2. For example:

    nmConnect('weblogic','password', 'OAMHOST1','5556',
      'IDMDomain','/u01/oracle/config/domains/IDMDomain')
    nmStart('AdminServer')
    

9.5.5 Validating the WebLogic Administration Server

Perform these steps to ensure that the Administration Server is properly configured:

  1. In a browser, go to the Oracle WebLogic Server Administration Console at the URL listed in Table 9-2, for example:

    http://ADMINVHN.mycompany.com:7001/console

  2. Log in as the WebLogic administrator, for example: weblogic.

  3. Check that you can access Oracle Enterprise Manager Fusion Middleware Control at http://ADMINVHN.mycompany.com:7001/em.

  4. Log in to Oracle Enterprise Manager Fusion Middleware Control as the WebLogic administrator, for example: weblogic.

9.5.6 Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server

Use the pack and unpack commands to separate the domain directory used by the Administration Server from the domain directory used by the managed server in IDMHOST1, as recommended in Chapter 4, "Preparing Storage for an Enterprise Deployment."

Before running the unpack script, be sure the following directory exists as explained in Chapter 4, "About Recommended Locations for the Different Directories."

MSERVER_HOME

To create a separate domain directory on IDMHOST1:

  1. Run the pack command to create a template pack as follows:

    cd ORACLE_COMMON_HOME/common/bin
     
    ./pack.sh -managed=true -domain=ASERVER_HOME -template=domaintemplate.jar -template_name=domain_template
    
  2. Run the unpack command to unpack the template in the managed server domain directory as follows:

    cd ORACLE_COMMON_HOME/common/bin
    
    ./unpack.sh -domain=MSERVER_HOME
    -template=domaintemplate.jar -app_dir=MSERVER_HOME/applications
    

Notes:

  • You must have write permissions to the parent directory of ASERVER_HOME before running the unpack command.

  • The configuration steps provided in this enterprise deployment topology are documented with the assumption that a local (per node) domain directory is used for each managed server.

9.5.7 Propagate Changes to Remote Servers

Before you can start managed servers on remote hosts, you must first perform an unpack on those servers. Proceed as follows.

Using the file domaintemplate.jar created in Section 9.5.6, "Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server," perform an unpack on the host IDMHOST2 by using the following commands:

cd ORACLE_COMMON_HOME/common/bin
./unpack.sh -domain=MSERVER_HOME -template=domaintemplate.jar -app_dir=MSERVER_HOME/applications

9.5.8 Copy SOA Composites to Managed Server Directory

When SOA first starts, it automatically deploys a number of applications that are located in the DOMAIN_HOME/soa directory. Performing pack and unpack does not populate this directory, so you must create it manually.

Copy the soa directory from ASERVER_HOME/soa to MSERVER_HOME on IDMHOST1 and IDMHOST2.

For example:

scp -rp ASERVER_HOME/soa user@IDMHOST1:MSERVER_HOME/soa

9.5.9 Start Node Manager on Remote Hosts

Perform this step on the host IDMHOST2.

If the Node Manager is not already started, perform the following steps to start it:

Start the Node Manager to create the nodemanager.properties file by using the startNodemanager.sh script located under the MW_HOME/wlserver_10.3/server/bin directory.

Before you can start the Managed Servers by using the console, node manager requires that you set the property StartScriptEnabled to true. You set it by running the setNMProps.sh script located under the MW_HOME/oracle_common/common/bin directory, as follows.

cd ORACLE_COMMON_HOME/common/bin
./setNMProps.sh

Stop and Start the Node Manager as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components" so that the properties take effect.

9.5.10 Disabling Host Name Verification for the Oracle WebLogic Administration Server

This step is required if you have not set up the appropriate certificates to authenticate the different nodes with the Administration Server. (See Chapter 17, "Setting Up Node Manager for an Enterprise Deployment.") If you have not configured the server certificates, you will receive errors when managing the different WebLogic Servers. To avoid these errors, disable host name verification while setting up and validating the topology, and enable it again once the EDG topology configuration is complete as described in Chapter 17, "Setting Up Node Manager for an Enterprise Deployment."

Perform these steps to disable host name verification:

  1. Go to the Oracle WebLogic Server Administration Console at the URL listed in Table 9-2.

  2. Log in as the user weblogic, using the password you specified during the installation.

  3. Click Lock and Edit.

  4. Expand the Environment node in the Domain Structure window.

  5. Click Servers. The Summary of Servers page appears.

  6. Select AdminServer(admin) in the Name column of the table. The Settings page for AdminServer(admin) appears.

  7. Click the SSL tab.

  8. Click Advanced.

  9. Set Hostname Verification to None.

  10. Click Save.

  11. Click Activate Changes.

9.5.11 Stopping and Starting the WebLogic Administration Server

  1. Stop the Administration Server as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components"

  2. Start WLST and connect to the Node Manager with nmconnect and the credentials set previously described. Then start the Administration Server using nmStart.

    cd ORACLE_COMMON_HOME/common/bin
    ./wlst.sh
    

    Once in the WLST shell, execute the following commands:

    IDMDomain

    nmConnect('Admin_User','Admin_Pasword', 'IDMHOST1','5556',  'IDMDomain','/u01/oracle/config/domains/IDMDomain')
    nmStart('AdminServer')
    

    where Admin_user and Admin_Password are the Node Manager username and password you entered in Step 2 of Section 9.5.4, "Updating the Node Manager Credentials."

Note:

Admin_user and Admin_Password are only used to authenticate connections between Node Manager and clients. They are independent from the server administration ID and password and are stored in the ASERVER_HOME/config/nodemanager/nm_password.properties file.

9.6 Configuring Oracle HTTP Server for the WebLogic Domain

This section describes tasks for configuring Oracle HTTP Server for the WebLogic Domain, and for verifying the configuration.

This section includes the following topics:

9.6.1 Registering Oracle HTTP Server with WebLogic Server

For Oracle Enterprise Manager Fusion Middleware Control to be able to manage and monitor the Oracle HTTP server, you must register the Oracle HTTP server with IDMDomain. To do this, you must register Oracle HTTP Server with WebLogic Server using the following command:

cd WEB_ORACLE_INSTANCE/bin
./opmnctl registerinstance -adminHost ADMINVHN.mycompany.com \
   -adminPort 7001 -adminUsername weblogic

You must also run this command from WEBHOST2 for ohs2.

9.6.2 Setting the Front End URL for the Administration Console

Oracle WebLogic Server Administration Console tracks changes that are made to ports, channels and security using the console. When changes made through the console are activated, the console validates its current listen address, port and protocol. If the listen address, port and protocol are still valid, the console redirects the HTTP request, replacing the host and port information with the Administration Server's listen address and port. When the Administration Console is accessed using a load balancer, you must change the Administration Server's front end URL so that the user's browser is redirected to the appropriate load balancer address. To make this change, perform the following steps:

  1. Log in to Oracle WebLogic Server Administration Console at the URL listed in Table 9-2, for example:

    http://ADMINVHN.mycompany.com:7001/console

  2. Click Lock and Edit.

  3. Expand the Environment node in the Domain Structure window.

  4. Click Servers to open the Summary of Servers page.

  5. Select Admin Server in the Names column of the table. The Settings page for AdminServer(admin) appears.

  6. Click the Protocols tab.

  7. Click the HTTP tab.

  8. Set the Front End Host field to your load balancer address, ADMIN.mycompany.com for IDMDomain.

  9. Set FrontEnd HTTP Port to 80 (HTTP_PORT)

  10. Save and activate the changes.

To eliminate redirections, best practice is to disable the Administration console's Follow changes feature. To do this, log in to the administration console and click Preferences->Shared Preferences. Deselect Follow Configuration Changes and click Save.

9.6.3 Enabling WebLogic Plug-in

In Enterprise deployments, Oracle WebLogic Server is fronted by Oracle HTTP servers. The HTTP servers are, in turn, fronted by a load balancer, which performs SSL translation. In order for internal loopback URLs to be generated with the https prefix, Oracle WebLogic Server must be informed that it receives requests through the Oracle HTTP Server WebLogic plug-in.

The plug-in can be set at either the domain, cluster, or Managed Server level. Because all requests to Oracle WebLogic Server are through the Oracle OHS plug-in, set it at the domain level.

To do this perform the following steps:

  1. Log in to the Oracle WebLogic Server Administration Console at the URL listed in Table 9-2.

  2. Click Lock and Edit.

  3. Click IDMDomain in the Domain Structure Menu.

  4. Click the Configuration tab.

  5. Click the Web Applications sub tab.

  6. Select WebLogic Plugin Enabled.

  7. Click Save and Activate the Changes.

  8. Restart WebLogic Administration Server, as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components."

9.6.4 Validating Access to Domains

Verify that the server status is reported as Running in the Administration Console. If the server is shown as Starting or Resuming, wait for the server status to change to Started. If another status is reported (such as Admin or Failed), check the server output log files for errors. See Section 21.10, "Troubleshooting" for possible causes.

Validate Administration Console and Oracle Enterprise Manager Fusion Middleware Control through Oracle HTTP Server using the console URL: http://ADMINVHN.mycompany.com:7001/console and the em URL: http://ADMINVHN.mycompany.com:7001/em

where 7001 is WLS_ADMIN_PORT in Section A.3.

For information on configuring system access through the load balancer, see Section 3.4, "Configuring the Load Balancers."

Note:

After registering the Oracle HTTP Server as described in Section 9.6.1, "Registering Oracle HTTP Server with WebLogic Server," the Oracle HTTP Server should appear as a manageable target in Oracle Enterprise Manager Fusion Middleware Control. To verify this, log in to Fusion Middleware Control. The WebTier item in the navigation tree should show that Oracle HTTP Server has been registered.

9.7 Validating Failover

Test failover of the Administration Server to IDMHOST2 and then fail back to IDMHOST1, as described in Section 21.9, "Manually Failing Over the WebLogic Administration Server."

9.8 Backing Up the WebLogic Domain

Back up the Database, WebLogic Domain, and Web Tier, as described in Section 21.6.3, "Performing Backups During Installation and Configuration."