1/24
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in This Guide
New and Changed Features for 11
g
Release 2 (11.1.2.2)
1
Enterprise Deployment Overview
1.1
About the Enterprise Deployment Guide
1.2
Enterprise Deployment Guide Conventions
1.3
Enterprise Deployment Terminology
1.4
Benefits of Oracle Recommendations
1.4.1
Built-in Security
1.4.2
High Availability
2
Introduction and Planning
2.1
Planning Your Deployment
2.1.1
Deployment Topology
2.1.1.1
The Web Tier
2.1.1.2
The Application Tier
2.1.1.3
The Data Tier
2.1.1.4
The Load Balancer
2.1.1.5
Firewalls
2.1.2
Benefits of Using the Split Domain Topology
2.2
About Oracle Directory Services Manager
2.3
Understanding the Topology
2.3.1
About the Web Tier
2.3.1.1
Architecture Notes
2.3.1.2
High Availability Provisions
2.3.1.3
Security Provisions
2.3.2
About the Application Tier
2.3.2.1
About WebLogic Domains
2.3.2.2
About LDAP Directories
2.3.2.3
Architecture Notes
2.3.2.4
High Availability Provisions
2.3.2.5
Security Provisions
2.3.3
About the Optional Directory Tier
2.3.4
About the Database Tier
2.4
Hardware Requirements for an Enterprise Deployment
2.5
Software Components for an Enterprise Deployment
2.5.1
Software Versions
2.5.2
About Obtaining Software
2.5.3
Summary of Oracle Homes
2.5.4
Applying Patches and Workarounds
2.6
Road Map for the Reference Topology Installation and Configuration
2.6.1
Flow Chart of the Oracle Identity and Access Management Enterprise Deployment Process
2.6.2
Steps in the Oracle Identity and Access Management Enterprise Deployment Process
2.7
Additional Documentation
3
Preparing the Network for an Enterprise Deployment
3.1
Overview of Preparing the Network for an Enterprise Deployment
3.2
Planning Your Network
3.3
Virtual Server Names Used by the Topology
3.3.1
IDSTORE.mycompany.com
3.3.2
IADADMIN.mycompany.com
3.3.3
IGDADMIN.mycompany.com
3.3.4
IDMINTERNAL.mycompany.com
3.3.5
SSO.mycompany.com
3.4
Configuring the Hardware Load Balancers
3.4.1
Load Balancer Requirements
3.4.2
Load Balancer Configuration Procedures
3.4.3
Load Balancer Configuration
3.5
About IP Addresses and Virtual IP Addresses
3.6
Configuring Firewalls and Ports
3.7
Managing Access Manager Communication Protocol
3.7.1
Access Manager Protocols
3.7.2
Overview of Integration Requests
3.7.3
Overview of User Request
3.7.4
About the Multicast Requirement for Communication
3.7.5
Verifying Network Connectivity
4
Preparing Storage for an Enterprise Deployment
4.1
Overview of Preparing Storage for Enterprise Deployment
4.2
Terminology for Directories and Directory Variables
4.3
About File Systems
4.4
About Recommended Locations for the Different Directories
4.4.1
Recommendations for Binary (Middleware Home) Directories
4.4.1.1
About the Binary (Middleware Home) Directories
4.4.1.2
About Sharing a Single Middleware Home
4.4.1.3
About Using Redundant Binary (Middleware Home) Directories
4.4.1.4
About the Lifecycle Repository
4.4.2
Recommendations for Domain Configuration Files
4.4.2.1
About Oracle WebLogic Server Administration and Managed Server Domain Configuration Files
4.4.2.2
Shared Storage Requirements for Administration Server Domain Configuration Files
4.4.2.3
Local Storage Requirements for Managed Server Domain Configuration Files
4.4.3
Shared Storage Recommendations for JMS File Stores and Transaction Logs
4.4.4
Recommended Directory Locations
4.4.4.1
Lifecycle Management and Deployment Repository
4.4.4.2
Shared Storage
4.4.4.3
Private Storage
5
Configuring the Servers for an Enterprise Deployment
5.1
Overview of Configuring the Servers
5.2
Verifying Your Server and Operating System
5.3
Meeting the Minimum Hardware Requirements
5.4
Meeting Operating System Requirements
5.4.1
Configure Kernel Parameters
5.4.2
Setting the Open File Limit
5.4.3
Setting Shell Limits
5.4.4
Configuring Local Hosts File
5.5
Enabling Unicode Support
5.6
Enabling Virtual IP Addresses
5.6.1
Summary of the Required Virtual IP Addresses
5.6.2
Enabling a Virtual IP Address on a Existing Network Interface
5.7
Mounting Shared Storage onto the Host
5.7.1
Shared Storage Overview
5.7.2
Mounting Shared Storage
5.7.3
Validating the Shared Storage Configuration
5.8
Configuring Users and Groups
6
Preparing the Database for an Enterprise Deployment
6.1
Overview of Preparing the Databases for an Identity and Access Management Enterprise Deployment
6.2
Verifying the Database Requirements for an Enterprise Deployment
6.2.1
Databases Required
6.2.2
Database Host Requirements
6.2.3
Database Versions Supported
6.2.4
Patch Requirements for Oracle Database 11g (11.2.0.2.0)
6.2.5
Oracle Database Minimum Requirements
6.2.5.1
General Database Characteristics
6.2.5.2
Minimum Initialization Parameters
6.3
Installing the Database for an Enterprise Deployment
6.4
Creating Database Services
6.4.1
Creating Database Services for 10.x and 11.1.x Databases
6.4.2
Creating Database Services for 11.2.x Databases
6.4.3
Database Tuning
6.5
Loading the Identity and Access Management Schemas in the Oracle RAC Database by Using RCU
6.6
Backing up the Database
7
Preparing for Deployment
7.1
Assembling Information for Identity and Access Management Deployment
7.2
Creating an Oracle Identity and Access Management Software Repository
7.3
Verifying Java
7.4
Installing the IAM Deployment Wizard
7.5
Checking Port Availability
8
Creating a Deployment Profile
8.1
Welcome
8.2
IAM Installation Options
8.3
Specify Security Updates
8.4
Describe Response File
8.5
Select IAM Products
8.6
Select Topology
8.7
Select Installation and Configuration Locations
8.8
Configure Virtual Hosts
8.9
Set User Names and Passwords
8.10
Configure Oracle Unified Directory
8.11
Configure Oracle HTTP Server
8.12
Configure Oracle Identity Manager
8.13
Configure Oracle Identity Manager Database
8.14
Configure SOA
8.15
Configure Oracle Access Manager
8.16
Configure Oracle Access Manager Database
8.17
Configure HTTP/HTTPS Load Balancer
8.18
Summary
9
Deploying Identity and Access Management
9.1
Introduction to the Deployment Process
9.1.1
Deployment Stages
9.1.2
Processing Order
9.2
Deployment Procedure
9.2.1
Running the Deployment Commands
9.2.2
Creating Backups
9.3
Check List
9.4
Deploying Identity and Access Management Without a Common LCM_HOME
10
Performing Post-Deployment Configuration
10.1
Post-Deployment Steps for OPSS
10.2
Post-Deployment Steps for Oracle Unified Directory
10.2.1
Update Oracle Unified Directory Change Log Access
10.2.2
Update Oracle Unified Directory ACIs for LDAP Synchronization
10.3
Post-Deployment Steps for Oracle Identity Manager
10.3.1
Post Deployment Steps to Address Known Issue
10.3.2
Update Server Start Parameters
10.4
Post-Deployment Steps for the Email Server
10.5
Post-Deployment Steps for Access Manager
10.5.1
Update Idle Timeout Value
10.5.2
Update WebGate Agents
10.6
Adding a Load Balancer Certificate to Trust Stores
10.7
Restarting All Components
11
Validating Deployment
11.1
Validating the Administration Server
11.1.1
Verify Connectivity
11.1.2
Validating Failover
11.2
Validating the Access Manager Configuration
11.3
Validating Oracle Identity Manager
11.4
Validating SOA Instance from the WebTier
11.5
Validating Oracle Unified Directory
11.6
Validating WebGate and the Access Manager Single Sign-On Setup
11.7
Validating the Deployment
12
Extending the Domain to Include Oracle Adaptive Access Manager
12.1
Overview of Extending the Domain to Include OAAM
12.2
OAAM Details
12.3
Prerequisites
12.3.1
Creating a Highly Available Database
12.3.2
Creating OAAM Users and Groups in LDAP
12.4
Extending Domain for Oracle Adaptive Access Manager
12.5
Restarting Administration Server on OAMHOST1
12.6
Deploying Managed Server Configuration to Local Storage
12.7
Adding OAAM Servers to Start and Stop Scripts
12.8
Starting and Validating OAAM on OAMHOST1
12.8.1
Starting Oracle Adaptive Access Manager on OAMHOST1
12.8.2
Validating OAAM on OAMHOST1
12.9
Starting and Validating OAAM on OAMHOST2
12.9.1
Starting Oracle Adaptive Access Manager on OAMHOST2
12.9.2
Validating OAAM on OAMHOST2
12.10
Configuring OAAM to Work with Web Tier
12.10.1
Configuring Access from Oracle HTTP Server
12.10.1.1
Updating IADADMIN.mycompany.com
12.10.1.2
Updating sso.mycompany.com
12.10.1.3
Restarting Oracle HTTP Servers and OAAM Managed Servers
12.10.2
Changing Host Assertion in WebLogic
12.10.3
Validating Oracle Adaptive Access Manager
12.11
Loading Oracle Adaptive Access Manager Seed Data
12.12
Integrating Oracle Adaptive Access Manager with Oracle Access Management Access Manager
12.12.1
Retrieving the Global Passphrase for Simple Mode
12.12.2
Registering OAAM as a Third Party Application
12.12.3
Validation
12.12.4
Setting OAAM properties for Access Manager
12.12.5
Creating a Test Resource
12.12.5.1
Creating Oracle Adaptive Access Manager Policies
12.12.5.2
Creating a Resource in Access Manager
12.12.6
Validating Oracle Adaptive Access Manager
12.12.7
Moving TAP Resource to LDAP Policy
12.13
Integrating Oracle Adaptive Access Manager 11
g
with Oracle Identity Manager 11
g
12.13.1
Configuring Oracle Identity Manager Encryption Keys in CSF
12.13.2
Configuring Cross Domain Trust Between Oracle Identity Manager and Oracle Adaptive Access Manager
12.13.3
Setting Oracle Adaptive Access Manager Properties for Oracle Identity Manager
12.13.4
Setting Oracle Identity Manager Properties for OAAM
12.13.5
Restarting IAMAccessDomain and IAMGovernanceDomain
12.13.6
Validating OAAM - Oracle Identity Manager Integration
12.13.7
Validating Oracle Identity Manager-OAAM Integration
12.14
Changing Domain to Oracle Adaptive Access Manager Protection
12.15
Backing Up the Application Tier Configuration
13
Configuring Server Migration for an Enterprise Deployment
13.1
Overview of Server Migration for an Enterprise Deployment
13.2
Setting Up a User and Tablespace for the Server Migration Leasing Table
13.3
Creating a GridLink Data Source for Leasing Using the Oracle WebLogic Administration Console
13.4
Editing Node Manager's Properties File
13.5
Setting Environment and Superuser Privileges for the wlsifconfig.sh Script
13.6
Configuring Server Migration Targets
13.7
Testing the Server Migration
13.8
Backing Up the Server Migration Configuration
14
Scaling Enterprise Deployments
14.1
Scaling the Topology
14.2
Scaling the LDAP Directory
14.2.1
Mounting the Middleware Home when Scaling Out
14.2.2
Scaling Oracle Unified Directory
14.2.2.1
Assembling Information for Scaling Oracle Unified Directory
14.2.2.2
Configuring an Additional Oracle Unified Directory Instance
14.2.2.3
Validating the New Oracle Unified Directory Instance
14.2.2.4
Adding the New Oracle Unified Directory Instance to the Load Balancers
14.3
Scaling Identity and Access Management Applications
14.3.1
Gathering Information
14.3.1.1
Assembling Information for Scaling Access Manager
14.3.1.2
Assembling Information for Scaling Oracle Identity Manager
14.3.1.3
Assembling Information for Scaling Oracle Adaptive Access Manager
14.3.2
Mounting Middleware Home and Creating a New Machine when Scaling Out
14.3.3
Creating a New Node Manager when Scaling Out
14.3.4
Running Pack/Unpack
14.3.5
Performing Application-Specific Steps
14.3.5.1
Clone an Existing Managed Server
14.3.5.2
Scaling Oracle Access Management Access Manager
14.3.5.2.1
Run Pack/Unpack
14.3.5.2.2
Register Managed Server with Oracle Access Management Access Manager
14.3.5.2.3
Update WebGate Profiles
14.3.5.2.4
Update the Web Tier
14.3.5.3
Scaling Oracle Identity Manager
14.3.5.3.1
Configuring New JMS Servers
14.3.5.3.2
Performing Pack/Unpack When Scaling Out
14.3.5.3.3
Configuring Oracle Coherence for Deploying Composites
14.3.5.3.4
Enabling Communication for Deployment Using Unicast Communication
14.3.5.3.5
Specifying the Host Name Used by Oracle Coherence
14.3.5.3.6
Completing the Oracle Identity Manager Configuration Steps
14.3.5.4
Updating Oracle Adaptive Access Manager Integration
14.3.6
Adding New WebLogic Managed Server to Oracle HTTP Server Configuration Files
14.4
Scaling the Web Tier
14.4.1
Assembling Information for Scaling the Web Tier
14.4.2
Mounting Middleware Home and Copying Oracle HTTP Server Files when Scaling Out
14.4.3
Running the Configuration Wizard to Configure the HTTP Server
14.4.4
Registering Oracle HTTP Server with WebLogic Server
14.4.5
Reconfiguring the Load Balancer
14.5
Post-Scaling Steps for All Components
14.5.1
Updating the Topology Store
14.5.2
Updating Stop/Start Scripts
14.5.3
Updating Node Manager Configuration
14.5.3.1
Starting and Stopping Node Manager
14.5.3.2
Setting Up Node Manager for an Enterprise Deployment
14.5.3.2.1
Enabling Host Name Verification Certificates for Node Manager
14.5.3.2.2
Generating Self-Signed Certificates Using the utils.CertGen Utility
14.5.3.2.3
Creating an Identity Keystore Using the utils.ImportPrivateKey Utility
14.5.3.2.4
Creating a Trust Keystore Using the Keytool Utility
14.5.3.2.5
Configuring Node Manager to Use the Custom Keystores
14.5.3.2.6
Configuring Managed WebLogic Servers to Use the Custom Keystores
14.5.3.2.7
Changing the Host Name Verification Setting for the Managed Servers
14.5.3.2.8
Starting Node Manager
15
Managing the Topology for an Enterprise Deployment
15.1
Starting and Stopping Components
15.1.1
Startup Order
15.1.2
Starting and Stopping All Servers by Using a Script
15.1.2.1
Starting All Servers
15.1.2.2
Stopping All Servers:
15.1.3
Manually Starting and Stopping Identity and Access Management Components
15.1.3.1
Starting and Stopping Oracle Unified Directory
15.1.3.1.1
Starting Oracle Unified Directory
15.1.3.1.2
Stopping Oracle Unified Directory
15.1.3.2
Starting an Oracle Access Manager Managed Servers When None is Running
15.1.3.3
Starting and Stopping a WebLogic Administration Server
15.1.3.3.1
Starting a WebLogic Administration Server
15.1.3.3.2
Stopping a WebLogic Administration Server
15.1.3.4
Starting and Stopping WebLogic Managed Servers
15.1.3.4.1
Starting WebLogic Managed Servers
15.1.3.4.2
Stopping WebLogic Managed Servers
15.1.3.5
Starting and Stopping Node Manager
15.1.3.5.1
Starting Node Manager
15.1.3.5.2
Stopping Node Manager
15.2
About Identity and Access Management Console URLs
15.3
Monitoring Enterprise Deployments
15.3.1
Monitoring Oracle Unified Directory
15.3.2
Monitoring WebLogic Managed Servers
15.4
Auditing Identity and Access Management
15.5
Performing Backups and Recoveries
15.5.1
Peforming Baseline Backups
15.5.2
Performing Runtime Backups
15.5.3
Performing Backups During Installation and Configuration
15.5.3.1
Backing Up Middleware Home
15.5.3.2
Backing Up LDAP Directories
15.5.3.2.1
Backing Up Oracle Unified Directory
15.5.3.2.2
Backing Up Third-Party Directories
15.5.3.3
Backing Up the Database
15.5.3.4
Backing Up the WebLogic Domain IAMGovernanceDomain
15.5.3.5
Backing Up the WebLogic Domain IAMAccessDomain
15.5.3.6
Backing Up the Web Tier
15.5.3.6.1
Backing Up Oracle HTTP Server
15.6
Patching Enterprise Deployments
15.7
Preventing Timeouts for SQL
15.8
Manually Failing Over the WebLogic Administration Server
15.8.1
Failing Over the Administration Server to OAMHOST2
15.8.2
Starting the Administration Server on OAMHOST2
15.8.3
Validating Access to OAMHOST2 Through Oracle HTTP Server
15.8.4
Failing the Administration Server Back to OAMHOST1
15.9
Changing Startup Location
15.10
Troubleshooting
15.10.1
Troubleshooting Identity and Access Management Deployment
15.10.1.1
Deployment Fails with Error: Incorrect Host or Domain Name Format for Attribute
15.10.1.2
Deployment Fails
15.10.2
Troubleshooting Start/Stop Scripts
15.10.2.1
Preverify Inappropriately Fails with Insufficient Space
15.10.2.2
Start/Stop Scripts Fail to Start or Stop a Managed Server
15.10.3
Troubleshooting Oracle Oracle Access Management Access Manager 11g
15.10.3.1
Access Manager Runs out of Memory
15.10.3.2
User Reaches the Maximum Allowed Number of Sessions
15.10.3.3
Policies Do Not Get Created When Oracle Access Management Access Manager is First Installed
15.10.3.4
You Are Not Prompted for Credentials After Accessing a Protected Resource
15.10.3.5
Cannot Log In to Access Management Console
15.10.4
Troubleshooting Oracle Identity Manager
15.10.4.1
java.io.FileNotFoundException When Running Oracle Identity Manager Configuration
15.10.4.2
ResourceConnectionValidationxception When Creating User in Oracle Identity Manager
15.10.4.3
Oracle Identity Manager Reconciliation Jobs Fail
15.10.5
Troubleshooting Oracle SOA Suite
15.10.5.1
Transaction Timeout Error
A
Automation of the Process
A.1
setenv.sh
A.2
setlocalenv.sh
A.3
deploy.sh
A.4
Using the Scripts
B
Cleaning Up an Environment Before Rerunning IAM Deployment
C
Topology Tool Commands for Scaling
C.1
Syntax of the Topology Tool
C.1.1
Commands
C.1.2
Command-Line Options Used with Add
C.1.3
Command-Line Options Used with Modify for Updating Load Balancer Mappings
C.2
Commonly-Used Command Line Operations
C.3
Steps and Command-Line Examples
C.3.1
Scaling Out / Scaling Up of Directory Tier
C.3.1.1
Directory Tier Notes
C.3.1.2
Topology Tool Steps for Scaling Oracle Unified Directory
C.3.1.3
Scale Out Commands for Oracle Unified Directory
C.3.1.4
Scale Up Commands for Oracle Unified Directory
C.3.2
Scaling Out / Scaling Up of Application Tier
C.3.2.1
Application Tier Notes
C.3.2.2
Topology Tool Steps for OAM
C.3.2.3
Scale Out Commands for OAM
C.3.2.4
Scale Up Commands for OAM
C.3.2.5
Topology Tool Steps for OIM
C.3.2.6
Scale Out commands for OIM
C.3.2.7
Scale Up commands for OIM
C.3.2.8
Topology Tool Steps for SOA
C.3.2.9
Scale Out commands for SOA
C.3.2.10
Scale Up Commands for SOA
C.3.2.11
Steps for Adding Node Manager Steps for OAM/OIM/SOA Scale Out Only
C.3.2.12
Commands for Adding NodeManager for Scale Out of OAM
C.3.2.13
Commands for Adding NodeManager for Scale Out of OIM
C.3.2.14
Commands for Adding NodeManager for Scale Out of SOA
C.3.3
Scaling Out / Scaling Up of Web Tier
C.3.3.1
Web Tier Notes
C.3.3.2
Topology Tool Steps for Scaling OHS
C.3.3.3
Scale Out Commands for Web
C.3.3.4
Scale Up Commands for OHS
C.3.3.5
Steps for Adding OPMN for Webtier Scale Up and Scale Out
C.3.3.6
Commands for Adding OPMN Instance for WEB Tier for Scale Out and Scale Up
Scripting on this page enhances content navigation, but does not change the content in any way.