6 Installing the Software for an Enterprise Deployment

This chapter describes the software installations required for an Oracle Identity Management enterprise deployment.

This chapter contains the following topics:

• Section 6.1, "Overview of the Software Installation Process"

• Section 6.2, "Installing Oracle HTTP Server"

• Section 6.3, "Installing Oracle Fusion Middleware"

6.1 Overview of the Software Installation Process

The installation is divided in two sections. In the first one, the WebTier required installations are addressed. In the second, the required Oracle Fusion Middleware components are installed. Later chapters describe the configuration steps to create the Oracle Identity Management topology.

See Also:

The Oracle Fusion Middleware 11g Release 1 Download, Installation, and Configuration Readme for this release, at: http://docs.oracle.com/cd/E23104_01/download_readme.htm

6.1.1 Obtaining the Software

Oracle groups its software releases by product area. A Product Media Pack refers to those groupings. Each media pack may also include a zipped file containing electronic documentation files or "Quick Install" files, which facilitate the initial installation of the software.

Note:

For installations of Oracle Fusion Applications, you must have available the complete set of software contained in the product media pack. You cannot install from individual pieces. Therefore, if you need to install from media that is no longer available on Oracle Software Delivery Cloud, contact My Oracle Support to obtain the complete media pack.

Once you have completed the software licensing agreements, you can obtain the Oracle Fusion Applications software using one of these two methods:

• Oracle Software Delivery Cloud Portal: Provides you with a readme document that helps you to determine which media you need to fulfill the license you have purchased. You download only the media you need. This is the default delivery method.

• Oracle Store: Provides a complete set of the software in DVD format. You use only the DVDs covered by your software licensing agreement.

Using either method, you can obtain the Oracle Fusion Applications Provisioning repository and gain access to the Oracle Fusion Applications documentation library.

After you download the archive file, extract the archive file into a directory of your choice on the machine where you are performing the installation.

For more information, see the Preparing for an Installation chapter in Oracle Fusion Applications Installation Guide.

6.1.2 Software to Install

Different topologies use different servers and require different software to be installed. Table 6-1, "Software to be Installed on Different Hosts"shows, for each topology, which software should be installed into each host. The subsequent sections explain how to do this. Also see Table 2-2, "Software Versions Used" a

Where two different pieces of Oracle binary software are installed onto the same host (for example OIM11g and SOA11g), this software is installed in the same Middleware home location, but in different Oracle homes.

All software uses the same Middleware home location.

Notes:

• When using shared storage, ensure that users and groups used in the installation have the same ID on all hosts that use the storage. If you fail to do this, some hosts might not be able to see or execute some all the files.

• Some products, such as Oracle Internet Directory and Oracle Virtual Directory, require you to run a script that sets the permissions of some files to root.

Table 6-1 Software to be Installed on Different Hosts

Hosts	OHS 11g	JRockit	WLS	IAM	SOA	IDM
WEBHOST1	X
WEBHOST2	X
IDMHOST1		X	X	X	X	X
IDMHOST2		X	X	X	X	X
LDAPHOST1		X	X			X
LDAPHOST2		X	X			X

Oracle Identity Management products are bundled as two product sets: Oracle Identity Management and Oracle Identity and Access Management. (See Table 2-2, "Software Versions Used".) The relevant Identity Management software is installed into separate Oracle homes.

6.2 Installing Oracle HTTP Server

This section explains how to install Oracle HTTP Server on WEBHOST1 and WEBHOST2.

This section contains the following topics:

• Section 6.2.1, "Verifying Prerequisites"

• Section 6.2.2, "Running the Installer"

• Section 6.2.3, "Backing Up the Installation"

6.2.1 Verifying Prerequisites

Prior to installing the Oracle HTTP server, check that your machines meet the following requirements:

1. Check that the inventory directory is correct and that you have write permissions for that directory. If the /etc/oraInst.loc file does not exist, you can skip this step.

   The following is an example of oraInst.loc file contents:

   inventory_loc=/u02/oracle/oraInventory
   inst_group=oinstall
   

2. Ensure that the system, patch, kernel, and other requirements are met as specified in Oracle Fusion Middleware Installation Guide for Oracle Web Tier.

3. On Linux platforms, if the /etc/oraInst.loc file exists, check that its contents are correct, as described in Section 6.2.1, "Verifying Prerequisites"

6.2.2 Running the Installer

As described in Section 4.3, "About Recommended Locations for the Different Directories," you install the Oracle HTTP Server onto a local disk. You can install it on shared storage, but if you do that, you must allow access from the Web Tier DMZ to your shared disk array, which is undesirable. If you decide to install onto shared disk then please see the Release Notes for further configuration information.

Before Starting the install, ensure that the following environment variables are not set on Linux platforms.

• LD_ASSUME_KERNEL

• ORACLE_INSTANCE

To start Oracle Universal Installer on Linux, change directory to Disk 1 of the installation media and issue the command

./runInstaller

To start Oracle Universal Installer on Windows, navigate to Disk 1 of the installation media in Windows Explorer and double-click setup.exe.

On the Specify Inventory Directory screen, do the following:

• Enter HOME/oraInventory, where HOME is the home directory of the user performing the installation (this is the recommended location).

• Enter the OS group for the user performing the installation.

• Click Next.

Follow the instructions on screen to execute createCentralInventory.sh as root.

Click OK.

Proceed as follows:

1. On the Specify Oracle Inventory Directory screen, enter HOME/oraInventory, where HOME is the home directory of the user performing the installation. (This is the recommended location).

   Enter the OS group for the user performing the installation.

   Click Next.

2. On the Welcome screen, click Next.

3. On the Install Software Updates screen, choose whether to skip updates, check with Oracle Support for updates or search for updates locally.

   Click Next.

4. On the Select Installation Type screen, select Install Software –> Do Not Configure

   Click Next.

5. On the Prerequisite Checks screen, click Next.

6. On the Specify Installation Location screen, specify the following values:

   • Fusion Middleware Home Location (Installation Location): WEB_MW_HOME. For example: /u02/local/oracle/products/web

   • Oracle Home Location Directory: web

7. On the Specify Security Updates screen, choose whether to receive security updates from Oracle support.

   Click Next.

8. On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.

6.2.3 Backing Up the Installation

Back up the Web Tier binaries now, as described in Section 21.6.3, "Performing Backups During Installation and Configuration."

6.3 Installing Oracle Fusion Middleware

This section describes how to install Oracle Fusion Middleware.

You must install the required binaries to create the Middleware home (MW_HOME), the Oracle WebLogic Server home (WL_HOME), the Oracle homes for Oracle Identity Management (IDM_ORACLE_HOME), the Oracle SOA Suite (SOA_ORACLE_HOME) and Oracle Identity and Access Management (IAM_ORACLE_HOME). A summary of these homes is provided in Table 6-2, "Summary of Homes".

Oracle strongly recommends that you read the release notes for any additional installation and deployment considerations prior to starting the setup process.

This section contains the following topics:

• Section 6.3.1, "Oracle Fusion Middleware Homes"

• Section 6.3.2, "Installing Oracle Fusion Middleware Home"

• Section 6.3.3, "Installing Oracle WebLogic Server and Creating the Fusion Middleware Home"

• Section 6.3.4, "Installing Oracle Identity Management"

• Section 6.3.5, "Installing the Oracle SOA Suite"

• Section 6.3.6, "Installing Oracle Identity and Access Management"

• Section 6.3.7, "Applying Patches and Workarounds"

• Section 6.3.8, "Backing Up the Installation"

Note:

Oracle Identity Management products are bundled as two product sets: Oracle Identity Management and Oracle Identity and Access Management.

6.3.1 Oracle Fusion Middleware Homes

Table 6-2 Summary of Homes

Home Name	Home Description	Products Installed
MW_HOME	Consists of the Oracle WebLogic Server home and, optionally, one or more Oracle homes.
WL_HOME	This is the root directory in which Oracle WebLogic Server is installed. The WL_HOME directory is a peer of Oracle home directory and resides within the MW_HOME.	Oracle WebLogic Server
IDM_ORACLE_HOME	Contains the binary and library files for Oracle Identity Management and is located in: MW_HOME/idm	Oracle Internet Directory Oracle Virtual Directory Oracle Directory Services Manager Oracle Identity Federation
IAM_ORACLE_HOME	Contains the binary and library files required for Oracle Identity and Access Management and is located in MW_HOME/iam.	Oracle Access Manager Oracle Identity Management
WEB_ORACLE_HOME	Contains the binary and library files required for OHS and is located in MW_HOME/web.
SOA_ORACLE_HOME	Contains the binary and library files required for the Oracle SOA Suite.Required only when creating topologies with OIM and is located in MW_HOME/soa.	Oracle SOA Suite
ORACLE_COMMON_HOME	Contains the generic Oracle home files. This Oracle home is created automatically by any product installation and is located in MW_HOME/oracle_common.	Generic commands

For a list of directory variables used in this guide, see Section 4.2, "Terminology for Directories and Directory Variables."

6.3.2 Installing Oracle Fusion Middleware Home

As described in Section 4.3, "About Recommended Locations for the Different Directories," you install Oracle Fusion Middleware software in at least two storage locations for redundancy.

You must install the following components of Oracle Fusion Middleware to create a Middleware home (MW_HOME):

1. Oracle WebLogic Server: Section 6.3.3, "Installing Oracle WebLogic Server and Creating the Fusion Middleware Home"

2. One or more of the Oracle Fusion Middleware components

   1. Section 6.3.4, "Installing Oracle Identity Management"

   2. Section 6.3.6, "Installing Oracle Identity and Access Management"

   3. Section 6.3.5, "Installing the Oracle SOA Suite"

3. Oracle Fusion Middleware for Identity Management

6.3.3 Installing Oracle WebLogic Server and Creating the Fusion Middleware Home

This section describes how to obtain and install Oracle WebLogic Server.

This section describes how to obtain and install Oracle WebLogic Server.

6.3.3.1 Installing JRockit

1. Download the version of JRockit for your platform from:

   http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html
   

2. Add execute permissions to JRockit. For example:

   chmod +x jrockit-1.6.0_29-R28.2.0-4.0.1-linux-x64.bin
   

3. Start the JRockit installer by issuing the command:

   ./jrockit-version.bin
   

   For example:

   ./jrockit-1.6.0_29-R28.2.0-4.0.1-linux-x64.bin
   

4. On the Welcome Screen, click Next.

5. On the Choose Product Installation Directories screen, enter the Product Installation Directory, which is inside your Middleware Home.

6. On the Optional Components Screen, click Next.

7. On the Installation Complete screen, click n the Installation Complete screen - Click Done.

6.3.3.2 Installing WebLogic Server Using the Generic Installer

1. Download the Oracle WebLogic Server Generic Installer from: http://edelivery.oracle.com

2. Add JRockit to your path. For example, on Linux, issue the command:

   export PATH=$MW_HOME/jrockit-jdk1.6.0_29-R28.2.0-4.0.1/bin;$PATH
   

3. Check the version of java by issuing the command:

   java -version
   

   Ensure that the 64-bit version is displayed if you are using a 64-bit operating system.

4. Start the WebLogic installer using the appropriate command:

   64-Bit Operating System

   java -d64 -jar wls1036_generic.jar
   

   32-Bit Operating System

   java -jar wls1036_generic.jar
   

5. On the Welcome screen, click Next.

6. On the Choose Middleware Home screen, select: Create a New Middleware Home

   For the Middleware Home directory enter the path to IAM_MW_HOME, for example:

   /u01/oracle/products/access

   Click Next.

7. A warning is displayed, informing you that the directory is not empty and asking if you want to proceed.

   Click Yes.

8. On the Register for Security Updates screen, enter your My Oracle Support username and password so that you can be notified of security updates.

   Click Next.

9. On the Choose Install Type screen, select Typical.

   Note:

   Oracle WebLogic Server and Oracle Coherence are installed.

10. On the JDK Selection screen, select the JRockit JDK that you installed earlier. It should be listed by default.

11. On the Choose Product Installation Directories screen, accept the following:

    • Middleware Home Directory: IAM_MW_HOME

    • Product Installation Directories for WebLogic Server: IAM_MW_HOME/wlserver_10.3

    • Oracle Coherence: IAM_MW_HOME/wlserver_10.3/coherence_3.6

    Click Next.

12. On the Installation Summary screen, click Next to start the install process

13. On the Installation complete screen, deselect Run Quickstart.

14. Click Done to exit the WebLogic Server Installer.

6.3.4 Installing Oracle Identity Management

Perform these steps to install Oracle Identity Management on the hosts identified in Table 6-1, "Software to be Installed on Different Hosts".

Oracle Identity Management consists of:

• Oracle Internet Directory

• Oracle Virtual Directory

• Oracle Directory Services Manager (ODSM)

• Oracle Identity Federation

Note:

Because the installation is performed on shared storage, the two MW_HOME installations are accessible and used by the remaining servers in that tier of the topology.

When provisioning the software on the local hard disk of the machine, ensure you complete the steps on all the hosts in the tier.

Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management in the Oracle Fusion Middleware documentation library for the platform and version you are using.

To start the Oracle Fusion Middleware 11g Oracle Identity Management Installer, change directory to Disk 1 of the installation media and enter the command:

./runInstaller

Then proceed as follows:

1. On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:

   • Specify the Inventory Directory: /u02/oracle/oraInventory

   • Operating System Group Name: oinstall

     A dialog box appears with the following message:

     Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u02/oracle/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
     

     Log in as root and run:

     /u02/oracle/oraInventory/createCentralInventory.sh
     

     This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.

     Note:

     The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, ensure that the following are true:

     1. The /etc/oraInst.loc file exists.

     2. The Inventory directory listed is valid.

     3. The user performing the installation has write permissions for the Inventory directory.

2. On the Welcome screen, click Next.

3. On the Install Software Updates screen, choose whether to register with Oracle Support for updates or search for updates locally.

   Click Next.

4. On the Select Installation Type screen, select Install Software - Do Not Configure, and then click Next.

5. On the Prerequisite Checks screen, verify that the checks complete successfully, then click Next.

6. On the Specify Installation Location screen, enter the following values:

   • Oracle Middleware Home: Select the previously installed Middleware home from the list for MW_HOME, for example: DIR_MW_HOME

   • Oracle Home Directory: Enter idm as the Oracle home directory name.

   Click Next.

7. On the Installation Summary screen, click Install - Do Not Configure.

8. On the Installation Progress screen, on Linux systems, a dialog box appears that prompts you to run the oracleRoot.sh script. Open a window and run the oracleRoot.sh script, as the root user.

9. On the Installation Complete screen, click Finish.

6.3.5 Installing the Oracle SOA Suite

Perform these steps to install the Oracle SOA Suite.

Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle SOA Suite in the Oracle Fusion Middleware documentation library for the platform and version you are using.

To start the Oracle Fusion Middleware 11g SOA Suite Installer, change directory to Disk 1 of the installation media and enter the appropriate command.

On Linux systems the command is:

./runInstaller

On Windows, the command is:

setup.exe

When the installer prompts you for a JRE/JDK location, enter the Oracle SDK location created in the Oracle WebLogic Server installation, for example:

IAM_MW_HOME/jrockit_version

Then perform these installation steps:

1. On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:

   • Specify the Inventory Directory: /u02/oracle/oraInventory

   • Operating System Group Name: oinstall

   A dialog box appears with the following message:

   Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u02/oracle/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
   

   Log in as root and run:

   /u02/oracle/oraInventory/createCentralInventory.sh
   

   This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.

   Note:

   The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, check the following:

   1. The /etc/oraInst.loc file exists.

   2. The Inventory directory listed is valid.

   3. The user performing the installation has write permissions for the Inventory directory.

2. On the Welcome screen, click Next.

3. On the Install Software Updates screen, choose whether to register with Oracle Support for updates or search for updates locally.

   Click Next.

4. On the Prerequisite Checks screen, verify that the checks complete successfully, and then click Next.

5. On the Specify Installation Location screen, enter the following values:

   • Oracle Middleware Home: Select a previously installed Middleware Home from the drop-down list. For example: IAM_MW_HOME

   • Oracle Home Directory: Enter SOA as the Oracle home directory name.

     Note:

     You must use the same Oracle home directory name for Oracle SOA Suite on all hosts.

6. Click Next.

7. On the Application Server screen, choose your Application Server, for example: Web Logic Server.

   Click Next.

8. On the Installation Summary screen, click Install.

9. On the Installation Process screen, click Next.

10. On the Installation Complete screen, click Finish.

6.3.6 Installing Oracle Identity and Access Management

Oracle Identity and Access Management consists of the following products:

• Oracle Access Manager 11g

• Oracle Identity Manager

Perform the steps in this section to install Oracle Identity and Access Management on the hosts identified in Table 2-2, "Software Versions Used".

Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management in the Oracle Fusion Middleware documentation library for the platform and version you are using.

To start the Oracle Fusion Middleware 11g Installer for Oracle Identity and Access Management, change directory to Disk 1 of the installation media and enter the command:

./runInstaller

When the installer prompts you for a JRE/JDK location, enter the Oracle SDK location created in the Oracle WebLogic Server installation, for example:

IAM_MW_HOME/jrockit_version

Then perform these installation steps:

1. On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:

   • Specify the Inventory Directory: /u02/oracle/oraInventory

   • Operating System Group Name: oinstall

   A dialog box appears with the following message:

   Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u02/oracle/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option.
   

   Log in as root and run:

   /u02/oracle/oraInventory/createCentralInventory.sh
   

   This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.

   Note:

   The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, check the following:

   1. The /etc/oraInst.loc file exists.

   2. The Inventory directory listed is valid.

   3. The user performing the installation has write permissions for the Inventory directory.

2. On the Welcome screen click Next.

3. On the Install Software Updates screen, choose whether to register with Oracle Support for updates or to search for updates locally.

4. On the Prerequisite Checks screen, verify that the checks complete successfully, then click Next.

5. On the Specify Installation Location screen, enter the following values:

   • Oracle Middle Ware Home: Select a previously installed Middleware Home from the drop-down list. For example: IAM_MW_HOME.

   • Oracle Home Directory: Enter iam as the Oracle home directory name.

   Click Next.

6. On the Installation Summary screen, click Install.

7. On the Installation Progress screen, click Next.

8. On the Installation Complete screen, click Finish.

6.3.7 Applying Patches and Workarounds

You must apply the following patches and workarounds to your environment. Patches are available for download from http://support.oracle.com. You can find instructions for deploying each patch in the enclosed README.html file.

For a complete list of patches, see Oracle Fusion Applications Installation Guide.

This section contains the following topics:

• Section 6.3.7.1, "Patches for Fusion Middleware"

• Section 6.3.7.2, "Provisioning the OIM Login Modules Under the WebLogic Server Library Directory"

• Section 6.3.7.3, "Creating the wlfullclient.jar File"

6.3.7.1 Patches for Fusion Middleware

Oracle Fusion Applications Installation Guide for this version of Oracle Fusion Applications contain the list of Oracle Fusion Middleware patches to apply. You must apply the patches to ensure that your software operates as expected.

6.3.7.2 Provisioning the OIM Login Modules Under the WebLogic Server Library Directory

Due to issues with versions of the configuration wizard, some environmental variables are not added to the ASERVER_HOME/bin/setDomainenv.sh script. This causes certain install sequences to fail. This section is a temporary workaround for that problem. The steps in this section must be performed on all the hosts in Application Tier (IDMHOST1 and IDMHOST2).

Apply the following steps across all the WebLogic Server homes in the domain.

1. Copy the OIMAuthenticator.jar, oimmbean.jar, oimsigmbean.jar and oimsignaturembean.jar files located under the IAM_ORACLE_HOME/server/loginmodule/wls directory to the IAM_MW_HOME/wlserver_10.3/server/lib/mbeantypes directory.

   cp $IAM_ORACLE_HOME/server/loginmodule/wls/* $IAM_MW_HOME/wlserver_10.3/server/lib/mbeantypes
   

2. Change directory to IAM_MW_HOME/wlserver_10.3/server/lib/mbeantypes/.

   cd $MW_HOME/wlserver_10.3/server/lib/mbeantypes
   

3. Change the permissions on these files to 750 by using the chmod command.

   chmod 750 *
   

6.3.7.3 Creating the wlfullclient.jar File

Oracle Identity Manager uses the wlfullclient.jar library for certain operations. Oracle does not ship this library, so you must create this library manually. Oracle recommends creating this library under the MW_HOME/wlserver_10.3/server/lib directory on all the machines in the Application Tier of your environment. You do not need to create this library on Directory Tier machines such as LDAPHOST1 and LDAPHOST2.

Follow these steps to create the wlfullclient.jar file:

1. Navigate to the IAM_MW_HOME/wlserver_10.3/server/lib directory

2. Set your JAVA_HOME environment variable and ensure that the JAVA_HOME/bin directory is in your path.

3. Create the wlfullclient.jar file by running:

   java -jar wljarbuilder.jar
   

6.3.8 Backing Up the Installation

Back up everything listed in Table 21-2, "Static Artifacts to Back Up in the Identity Management Enterprise Deployment".