This chapter describes the software installations required for an Oracle Identity and Access Management enterprise deployment.
This chapter contains the following topics:
Section 7.1, "Assembling Information for Identity and Access Management Deployment"
Section 7.2, "Creating an Oracle Identity and Access Management Software Repository"
Assemble the following information prior to deployment. You can print out the tables from the PDF version of this guide and record your own values.
This guide repeatedly uses the following host names to make it easier to follow:
WEBHOST1/2
OAMHOST1/2
OIMHOST1/2
LDAPHOST1/2
The actual values you use depend on the type of deployment topology you are using. The values in Table 7-1 are translations of how these hosts refer to the hosts listed in the topologies.
In addition to the host names, you may see some of the hosts in the document have a VHN suffix. This is used to identity virtual host names.
Notes:
Do not use host names that contain the hyphen (-
) character. See Section 15.10.1.1, "Deployment Fails with Error: Incorrect Host or Domain Name Format for Attribute."
Do not use privileged ports (< 1024) for the Identity and Access Management deployment.
Table 7-1 Hosts–Distributed Topology
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Management Host 1 |
|
|
|
Access Management Host 2 |
|
|
|
Identity Governance Host 1 |
|
|
|
Identity Governance Host 2 |
|
|
|
Directory Host 1 |
|
|
|
Directory Host 2 |
|
|
|
First Web Tier host |
|
|
|
Second Web Tier host |
|
|
Table 7-2 Hosts–Consolidated Topology
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Management Host 1 |
|
|
|
Access Management Host 2 |
|
|
|
Identity Governance Host 1 |
|
|
|
Identity Governance Host 2 |
|
|
|
Directory Host 1 |
|
|
|
Directory Host 2 |
|
|
|
First Web Tier host |
|
|
|
Second Web Tier host |
|
|
Table 7-3 Installation Locations
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Software Repository Location |
|
|
|
Software Installation Location |
|
|
|
Shared Configuration Location |
|
|
|
Local Configuration Location |
|
|
|
Lifecycle Management Store Location |
|
|
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Management WLS Server Port |
|
|
|
Identity Governance WLS Port |
|
|
|
Oracle Identity Manager Port, Second Oracle Identity Manager Port |
|
|
|
SOA Ports, Hosts 1 and 2 |
|
|
|
Access Manager Port, Second Access Manager Port |
|
|
|
Access Manager Proxy Port |
|
|
|
Web Server HTTP Port |
|
|
|
Web Server HTTPS Port |
|
|
|
LDAP Port |
|
|
|
LDAP SSL Port |
|
|
|
LDAP Administration Port |
|
|
|
LDAP Replication Port |
|
|
|
Node Manager Port |
|
|
|
OAAM Port |
|
14300 |
|
OAAM Administration Port |
|
14200 |
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Access Domain Administration Server Virtual Host |
|
|
|
Governance Domain Administration Server Virtual Host |
|
|
|
First Oracle Identity Manager Server virtual host |
|
|
|
Second Oracle Identity Manager Server virtual host |
|
|
|
First SOA Server virtual host |
|
|
|
Second SOA Server virtual host |
|
|
Table 7-6 Database Information
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
SCAN Address |
|
|
|
SCAN Listener Port |
|
|
|
Oracle Identity Manager DB Service Name |
|
|
|
Access Manager DB Service Name |
|
|
|
OAAM DB Service Name |
|
|
|
Oracle Identity Manager DB Schema Password |
|
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
LDAP Realm DN, |
|
|
|
Identity Store Bind DN |
|
|
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Load Balancer end point used to access the IAMAccessDomain Administration functions |
|
|
|
Load Balancer end point used to access the IAMGovernanceDomain Administration functions |
|
|
|
Load Balancer Administration Port |
|
|
|
Load Balancer Administration Port is SSL? |
|
||
Load Balancer Internal Callbacks Virtual Host Name |
|
|
|
Load Balancer Internal Callbacks Port |
|
|
|
Load Balancer SSL Port |
|
|
|
Load Balancer ID Store Virtual Host Name |
|
|
|
Load Balancer ID Store Port |
|
|
|
Load Balancer ID Store SSL Port |
|
|
|
SSO main application entry point |
|
|
Table 7-9 Email Server (Optional)
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Outgoing Email Server Name |
|
|
|
Outgoing Email Server Port |
|
|
|
Outgoing Email Security |
|
|
|
Email Username |
|
||
Email Password |
|
Note:
Internal call backs are always unencrypted (HTTP). The main entry point sso.mycompany.com
is always encrypted (HTTPS)
Description | Variable | Documented Value | Customer Value |
---|---|---|---|
Common IAM Password for IAM Deployment Wizard |
|
||
Identity Store Access Manager Administrative User |
|
|
|
Identity Store Access Manager Software User |
|
|
|
Identity Store Oracle Identity Manager Administrative User |
|
|
The software required by Oracle Identity and Access Management is located in the Oracle Fusion Middleware Deployment Repository. If you have not already done so then you must create an Oracle Fusion Middleware Provisioning Repository as described in Oracle Fusion Middleware Deployment Guide for Oracle Identity and Access Management.
If you have not already done so, unzip the RCU zip file REPOS_HOME
/installers/fmw_rcu/linux/rcuHome.zip
to:
REPOS_HOME
/installers/rcu
Make sure that your Deployment Repository contains Java. It should reside in a directory called jdk6
.
You can verify that Java is installed and working as follows:
Set JAVA_HOME
to: JAVA_HOME
Run these commands:
JAVA_HOME/bin/java -version JAVA_HOME/bin/javac -version
The IAM Deployment Wizard must be visible to each host in the topology during provisioning and subsequent patching.
The installation script for the IAM Lifecycle Tools (IAM Deployment Wizard and IAM Patching Tools) resides in the directory:
REPOS_HOME
/installers/idmlcm/Disk1
To begin installing the tools, change to that directory and start the script.
cd REPOS_HOME/installers/idmlcm/idmlcm/Disk1 ./runInstaller -jreLoc REPOS_HOME/jdk6
Then proceed as follows:
On the Welcome screen, click Next.
If you are running the Wizard on a UNIX platform, you are prompted for the location of the Inventory Directory, which is used to keep track of all Oracle products installed on this host.
In the Operating System Group ID field, select the group whose members you want to grant access to the inventory directory. All members of this group can install products on this host. Click OK to continue.
The Inventory Location Confirmation dialog prompts you to run the inventory_directory
/createCentralInventory.sh
script as root
to create the /etc/oraInst.loc
file. This file is a pointer to the central inventory and must be present for silent installations. It contains two lines:
inventory_loc=
path_to_central_inventory
inst_group=
install_group
The standard location for this file is /etc/oraInst.loc
, but it can be created anywhere. If you create it in a directory other than /etc
, you must include the -invPtrLoc
argument and enter the location of the inventory when you run the Identity and Access Management Deployment Wizard or the runIAMDeployment
script.
If you do not have root
access on this host but want to continue with the installation, select Continue installation with local inventory.
Click OK to continue.
On the Prerequisite Checks screen, verify that checks complete successfully, then click Next.
On the Specify Install Location screen, enter the following information:
Oracle Middleware Home - This is the parent directory of the directory where the Identity and Access Management Deployment Wizard will be installed. This must be on shared storage for example:
/u01/lcm/tools
Oracle Home Directory - This is a subdirectory of the above directory where the wizard will be installed. For example:
idmlcm
Click Next.
On the Installation Summary screen, click Install.
On the Installation Progress screen, click Next.
On the Installation Complete screen, click Finish.
Before starting to deploy your environment, you must ensure that none of the ports you intend to use is already in use.
To do this, perform the following steps:
Log on to the machine that the component will run on.
Check that no process is running using that port using the command:
netstat -an | grep port
where port
is the port number you are checking for.
For example, for Oracle HTTP server the command is:
netstat -an | grep 7777
For a full list of the default ports, see Chapter 3, "Ports Used in the Oracle Identity and Access Management Enterprise Deployment Topology."