5 Performing Oracle Identity Management Provisioning

This chapter describes how to perform provisioning.

This chapter contains the following sections:

• Section 5.1, "Introduction to Performing Oracle Identity Management Provisioning"

• Section 5.2, "Performing Provisioning."

5.1 Introduction to Performing Oracle Identity Management Provisioning

After you create the provisioning response file, you use it to provision the Identity Management Environment.

There are eight stages to provisioning. These stages must be run in the following order:

1. preverify - This checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured.

2. install - This installs all of the software and related patches present in Provisioning Repository.

3. preconfigure - This does the following:

   • Creates OID and seeds it with Users/Groups.

   • Creates OVD

   • Configures ODSM

   • Creates the WebLogic Domain

   • Creates OHS instance

4. configure - This does the following:

   • Associates the Policy Store to OID

   • Starts managed servers as necessary

   • Associates OAM with OID

   • Configure OIM

5. configure-secondary - This does the following:

   • Integrates Weblogic Domain with Webtier

   • Register webtier with domain

   • Integrate OAM and OIM

6. postconfigure - This does the following:

   • Register OID with Weblogic Domain

   • SSL Enable OID and OVD

   • Tune OID

   • Run OIM Reconciliation

   • Configure UMS Mail Server

   • Generate OAM Keystore

   • Configure OIF

   • Configure Webgates

7. startup - This starts up all components in the topology

8. validate - This performs a number of checks on the built topology to ensure that everything is working as it should be.

You specify the stage using the -target option to the runIDMProvisioning.sh or runIDMProvisioning.bat command. Each stage must be completed before the next stage can begin. Failure of a stage will necessitate a cleanup and restart.

5.2 Performing Provisioning

Provisioning is accomplished by using either the command line or the Oracle Identity Management Provisioning Wizard.

This section contains the following topics:

• Section 5.2.1, "Performing Provisioning by Running the Provisioning Commands"

• Section 5.2.2, "Monitoring Provisioning Using the Identity Management Provisioning Wizard"

5.2.1 Performing Provisioning by Running the Provisioning Commands

To use the command line, you must run the command runIDMProvisioning.sh or runIDMProvisioning.bat a number of times, specifying the provisioning stage with the -target option. You MUST complete each command, in order, before running the next command.

Before running the provisioning tool, set the following environment variables:

• Set ANT_HOME to: repository_location/provisioning/ant

• Set JAVA_HOME to: repository_location/jdk6

The command syntax for the provisioning tool on UNIX is:

runIDMProvisioning.sh -responseFile RESPONSE_FILE -target STAGE

The command syntax on Windows is:

runIDMProvisioning.bat -responseFile RESPONSE_FILE -target STAGE

Where:

RESPONSE_FILE is the provisioning response file. You specified the file name and directory on the Summary Page when you ran the wizard to create the file. See Section 4.2.22, "Summary Page." The default value is IDMLCM_HOME/provisioning/bin/provisioning.rsp on UNIX and IDMLCM_HOME\provisioning\bin\provisioning.rsp on Windows.

STAGE is one of the stages listed in Section 5.1, "Introduction to Performing Oracle Identity Management Provisioning."

5.2.2 Monitoring Provisioning Using the Identity Management Provisioning Wizard

If you want to use the Identity Management Provisioning Wizard to monitor the progress of provisioning, follow these steps:

1. Set ANT_HOME to: repository_location/provisioning/ant

2. Set JAVA_HOME to: repository_location/jdk6

3. Invoke idmProvisioningWizard.sh (on Linux or UNIX) or idmProvisioningWizard.bat (on Windows).

4. When you get to the Identity Management Installation Options Page, select Provision an Identity Management Environment and specify the provisioning.rsp file you created in Chapter 4, "Creating a Provisioning Profile."

Then proceed as described in the following sections.

Note:

In the Prerequisite Checks, Installation, Preconfigure, Configure, Configure Secondary, Postconfigure, and Startup pages, the Status of each build is indicated by one of these icons:

• Block: Processing has not yet started for the named phase.

• Clock: Performing the build for a phase.

• Check mark: The build was completed successfully.

• x mark: The build has failed for this phase. You must correct the errors before you can continue.

Click an x to display information about failures. Click the host-level Log file for details about this phase. Click a build Log file to see details specific to that build.

In case of errors, you must manually clean up everything. Kill all running processes, delete the directories, rerun RCU, and start over from the beginning.

• Section 5.2.2.1, "Identity Management Installation Options Page"

• Section 5.2.2.2, "Install Location Configuration Page"

• Section 5.2.2.3, "Review Provisioning Configuration Page"

• Section 5.2.2.4, "Summary Page"

• Section 5.2.2.5, "Prerequisite Checks Page"

• Section 5.2.2.6, "Installation Page"

• Section 5.2.2.7, "Preconfigure Page"

• Section 5.2.2.8, "Configure Page"

• Section 5.2.2.9, "Configure Secondary Page"

• Section 5.2.2.10, "Postconfigure Page"

• Section 5.2.2.11, "Startup Page"

• Section 5.2.2.12, "Validation Page"

• Section 5.2.2.13, "Install Complete"

5.2.2.1 Identity Management Installation Options Page

Select Provision an Identity Management Environment to use an existing provisioning response file to provision the environment.

In the Response File field, specify the path name of the file you want to use, either by typing it in the field or by clicking the Browse button, navigating to the desired file, and selecting it.

Click Next to continue.

5.2.2.2 Install Location Configuration Page

Use the Install Location Configuration Page to specify Oracle Identity Management installation and configuration directories.

Installation and Configuration.

• Software Repository Location: Specify the location of the software repository, either by typing it in the field or by clicking the Browse button, navigating to the desired location, and selecting it.

• Software Installation Location: Specify the location on shared storage where you want the Middleware Home to be placed, either by typing it in the field or by clicking the Browse button, navigating to the desired location, and selecting it.

• Shared Configuration Location: Specify the shared configuration location, either by typing it in the field or by clicking the Browse button, navigating to the desired location, and selecting it.

• Enable Local Configuration Location: Do not select this check box if you are provisioning a single host environment.

5.2.2.3 Review Provisioning Configuration Page

The Review Provisioning Configuration Page enables you to select configurations you want to review. Select a configuration and click Next to view the corresponding configuration page.

• Node Topology Configuration

• Virtual Hosts Configuration

• Common Passwords

• OID: Oracle Internet Directory Configuration

• ODSM: Oracle Directory Services Manager Configuration

• OHS: Oracle HTTP Server Configuration

• OAM: Oracle Access Manager Configuration

• OIM: Oracle Identity Manager Configuration

• Load Balancer Configuration

Click Next to continue.

5.2.2.4 Summary Page

Use the Summary Page to view a summary of your selections and enter additional information.

Review the information displayed to ensure that the installation details are what you intend. To make changes, click Back to return to previous screens in the interview.

Click Next to continue.

5.2.2.5 Prerequisite Checks Page

Use the Prerequisite Checks Page to observe the progress of the preverification steps. During this stage, the Identity Management Provisioning Wizard checks for the basic prerequisites, such as free disk space, port availability, and Database connections.

See the note at the beginning of Section 5.2.2 for information about viewing build status on this page.

Click Next to continue.

5.2.2.6 Installation Page

Use the Installation Page to install the Oracle Fusion Middleware products. The host is marked with a Home symbol in the Host column. The Domains column lists the domains deployed in the new environment.

During this stage, the Identity Management Provisioning Wizard installs the software bits and applies the patches present in the repository.

See the note at the beginning of Section 5.2.2 for information about viewing build status on this page.

Click Next to proceed.

5.2.2.7 Preconfigure Page

During this stage, the Identity Management Provisioning Wizard configures Oracle Internet Directory, Oracle Virtual Directory, and Oracle Directory Services Manager. It also creates the domain and extends it for all the necessary components.

Note: Each new phase must run sequentially; that is, you cannot start a new phase until the previous phase has been completed successfully.

See the note at the beginning of Section 5.2.2 for information about viewing build status on this page.

Click Next. The Identity Management Provisioning Wizard starts the configure phase and displays the Configure screen.

5.2.2.8 Configure Page

During this stage, the Identity Management Provisioning Wizard performs OIM configuration.

See the note at the beginning of Section 5.2.2 for information about viewing build status on this page.

Click Next. The Identity Management Provisioning Wizard starts the Configure-secondary phase and displays the Configure Secondary screen.

5.2.2.9 Configure Secondary Page

During this stage, the Identity Management Provisioning Wizard performs Oracle Identity Manager-Oracle Access Manager integration.

See the note at the beginning of Section 5.2.2 for information about viewing build status on this page.

Click Next. The Identity Management Provisioning Wizard starts the Postconfigure phase and displays the Postconfigure screen.

5.2.2.10 Postconfigure Page

During this stage, the Identity Management Provisioning Wizard performs tuning and enables the environment for SSL communication. Oracle Identity Federation is configured in this stage.

See the note at the beginning of Section 5.2.2 for information about viewing build status on this page.

Click Next. The Identity Management Provisioning Wizard starts the Startup phase and displays the Startup screen.

5.2.2.11 Startup Page

During this stage, the Identity Management Provisioning Wizard starts or restarts all the services except for Oracle Identity Federation. You must start Oracle Identity Federation after provisioning is complete, as described in Section 6.8.1, "Start OIF Managed Server."

The Domains column lists the domains deployed in the new environment.

See the note at the beginning of Section 5.2.2 for information about viewing build status on this page.

Click Next. The Identity Management Provisioning Wizard starts the Validate phase and displays the Validation screen.

5.2.2.12 Validation Page

During this stage, the Identity Management Provisioning Wizard performs the basic validations, such as server status and Oracle Internet Directory connectivity.

The host is marked with a Home symbol in the Host column. The Domains column lists the domains deployed in the new environment.

See the note at the beginning of Section 5.2.2 for information about viewing build status on this page.

Click Next. The Identity Management Provisioning Wizard starts the Validate phase on the host and displays the Validation screen.

5.2.2.13 Install Complete

This page appears after provisioning has completed successfully. It shows a summary of the products that have been installed.

Click Finish to save the summary and exit the Identity Management Provisioning Wizard.