After you create the deployment response file, you use it to deploy the Oracle Identity and Access Management environment. This chapter describes how to deploy Oracle Identity and Access Management.
This chapter contains the following sections:
Section 5.2, "Performing Deployment on Multiple Hosts Using the Command Line Deployment Tool."
Section 5.3, "Deploying Identity and Access Management Without a Common LCM_HOME."
Section 5.4, "Additional Information on Oracle HTTP Server Configuration Files."
Single-node deployment is accomplished by using either the command line or the Oracle Identity and Access Management Deployment Wizard.
Note:
You must reboot the host before performing Oracle Identity and Access Management deployment.This section contains the following topics:
This section contains the following topics:
After you create the deployment response file, you use it to deploy the Oracle Identity and Access Management environment.
There are eight stages to deployment. These stages must be run in the following order:
preverify
install
preconfigure
configure
configure-secondary
postconfigure
startup
validate
Note:
Each new phase must run sequentially; that is, each stage must be completed before the next stage can begin. Failure of a stage will necessitate a cleanup and restart.The tasks that are performed in each stage of Deployment, depend on the option that you selected on the Select IAM Products screen. This screen appears when you create the deployment response file using the Oracle Identity and Access Management Deployment Wizard.
Based on the products that you selected for Deployment, refer to one of the sections below:
Oracle Identity Manager (OIM) Only
Table 5-1 describes the order of execution of the Deployment stages, and the tasks that are performed in each stage for the Oracle Identity Manager (OIM) Only option.
Table 5-1 Tasks Performed for Oracle Identity Manager (OIM) Only
Order of Execution | Stage | Tasks Performed |
---|---|---|
1. |
preverify |
Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured. |
2. |
install |
Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository. |
3. |
preconfigure |
|
4. |
configure |
|
5. |
configure-secondary |
|
6. |
postconfigure |
Configures UMS Mail Server |
7. |
startup |
Starts up all components in the topology |
8. |
validate |
Verifies the deployed environment. |
Oracle Access Manager (OAM) Suite Only
Table 5-2 describes the order of execution of the Deployment stages, and the tasks that are performed in each stage for the Oracle Access Manager (OAM) Suite Only option.
Table 5-2 Tasks Performed for Oracle Access Manager (OAM) Suite Only
Order of Execution | Stage | Tasks Performed |
---|---|---|
1. |
preverify |
Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured. |
2. |
install |
Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository. |
3. |
preconfigure |
|
4. |
configure |
|
5. |
configure-secondary |
|
6. |
postconfigure |
|
7. |
startup |
Starts up all components in the topology |
8. |
validate |
Verifies the deployed environment. |
OIM-OAM Integrated and Oracle Unified Directory (OUD)
Table 5-3 describes the order of execution of the Deployment stages, and the tasks that are performed in each stage for the OIM-OAM Integrated and Oracle Unified Directory (OUD) option.
Table 5-3 Tasks Performed for OIM-OAM Integrated and Oracle Unified Directory (OUD)
Order of Execution | Stage | Tasks Performed |
---|---|---|
1. |
preverify |
Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured. |
2. |
install |
Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository. |
3. |
preconfigure |
|
4. |
configure |
|
5. |
configure-secondary |
|
6. |
postconfigure |
|
7. |
startup |
Starts up all components in the topology |
8. |
validate |
Verifies the deployed environment. |
To use the command line deployment tool, you must run the runIAMDeployment.sh
script a number of times, specifying the deployment stage with the -target
option. You MUST complete each command, in order, before running the next command.
Before running the deployment tool, ensure that the environment variable JAVA_HOME
is set to REPOS_HOME
/jdk6
.
The command syntax for the deployment tool on UNIX is:
runIAMDeployment.sh -responseFile RESPONSE_FILE -target STAGE
Where:
RESPONSE_FILE
is the complete path to the location of the deployment response file. You specified the file name and directory on the Summary Page when you ran the wizard to create the deployment response file. The default value is IDMLCM_HOME
/provisioning/bin/provisioning.rsp
on UNIX.
STAGE
is one of the stages listed in Section 5.1.1.1, "Oracle Identity and Access Management Deployment Stages."
Example:
runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preverify runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target install runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preconfigure runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure-secondary runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target postconfigure runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target startup runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target validate
If you want to use the Oracle Identity and Access Management Deployment Wizard to perform deployment, follow these steps:
Before running the Oracle Identity and Access Management Deployment Wizard, ensure that the environment variable JAVA_HOME
is set to REPOS_HOME
/jdk6
.
Start the Oracle Identity and Access Management Deployment Wizard, as follows:
cd IDMLCM_HOME/provisioning/bin
./iamDeploymentWizard.sh
The Welcome screen is displayed. Click Next, and proceed as described in the following sections.
Note:
In the Prerequisite Checks, Installation, Preconfigure, Configure, Configure Secondary, Postconfigure, and Startup pages, the Status of each build is indicated by one of these icons:Block: Processing has not yet started for the named phase.
Clock: Performing the build for a phase.
Check mark: The build was completed successfully.
x mark: The build has failed for this phase. You must correct the errors before you can continue.
Click x to display information about failures. Click a build Log file to see details specific to that build.
In case of errors, you must manually clean up everything. Kill all running processes, delete the directories, rerun RCU, and start over from the beginning. For more information, see Section 8.1.2, "Recovering From Oracle Identity and Access Management Deployment Failure".
Select Deploy an Identity and Access Management Environment to use an existing deployment response file to deploy the environment.
In the Response File field, specify the path name of the file you want to use, either by typing it in the field or by clicking the Browse button, navigating to the desired file, and selecting it. This is the deployment response file that you created in Chapter 4, "Creating a Deployment Response File."
Click Next to continue.
Use the Describe Response File screen to review the information about the response file, that you had provided when creating the Deployment Profile.
For more information, see Section 4.4.1.5, "Describe Response File".
Use the Select Installation and Configuration Locations screen to review the information about the Oracle Identity and Access Management installation and configuration directories, that you had provided when creating the Deployment Profile.
For more information, see Section 4.4.1.8, "Select Installation and Configuration Locations".
The Review Deployment Configuration screen enables you to select configurations you want to review. This is optional. If you want to view or modify the configuration details of any component, then select that component and click Next. Based on the options that you select, the corresponding configuration screens are displayed.
OUD Configuration
OHS Configuration
SOA Configuration
OIM Configuration
OAM Configuration
OIM DB Configuration
OAM DB Configuration
Click Next to continue.
Use the Summary screen to view a summary of your selections and enter additional information.
Review the information displayed to ensure that the installation details are what you intend.
Click Next to continue.
For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".
See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.
Click Next to continue.
For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".
See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.
Click Next to proceed.
For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".
See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.
Click Next. The Oracle Identity and Access Management Deployment Wizard starts the configure phase and displays the Configure screen.
For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".
See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.
Click Next. The Oracle Identity and Access Management Deployment Wizard starts the Configure-secondary phase and displays the Configure Secondary screen.
For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".
See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.
Click Next. The Oracle Identity and Access Management Deployment Wizard starts the Postconfigure phase and displays the Postconfigure screen.
For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".
See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.
Click Next. The Oracle Identity and Access Management Deployment Wizard starts the Startup phase and displays the Startup screen.
For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".
See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.
Click Next. The Oracle Identity and Access Management Deployment Wizard starts the Validate phase and displays the Validation screen.
For information about the tasks that are performed during this stage, refer to Section 5.1.1.2, "Tasks Performed During Deployment Stages".
See the note at the beginning of Section 5.1.3, "Performing Deployment Using the Oracle Identity and Access Management Deployment Wizard" for information about viewing build status on this page.
Click Next. The Oracle Identity and Access Management Deployment Wizard displays the Install Complete screen.
This screen appears after deployment has completed successfully. It shows a summary of the products that have been installed.
Click Finish to save the summary and exit the Oracle Identity and Access Management Deployment Wizard.
This section describes the procedure for performing deployment on multiple hosts. It contains the following sections:
This section contains the following topics:
Section 5.2.1.2, "Tasks Performed During OIM-Only Deployment"
Section 5.2.1.3, "Tasks Performed During OAM-Only Deployment"
There are eight stages to deployment. These stages must be run in the following sequence:
preverify
install
preconfigure
configure
-secondary
postconfigure
startup
validate
Each new phase must run sequentially; that is, each stage must be completed before the next stage can begin. Stage failures require a cleanup and restart.
Table 5-4 describes the order of execution of the deployment stages, and the tasks that are performed in each stage for the Oracle Identity Manager (OIM) Only option.
Table 5-4 Deployment Stages (OIM-Only)
Order of Execution | Stage | Tasks Performed | Sequence |
---|---|---|---|
1 |
preverify |
Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured. |
In the |
2 |
install |
Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository. |
In the |
3 |
preconfigure |
Creates the WebLogic Domain and extends it to all the necessary components and creates OHS instance. |
In the |
4 |
configure |
Starts managed servers, as necessary. Configures OIM. |
In the |
5 |
configure-secondary |
Integrates Weblogic domains with the Web tier, and registers the Web tier with the domains. |
In the |
6 |
postconfigure |
Configures UMS Mail Server. |
In the |
7 |
startup |
Starts up all components in the topology. |
In the |
8 |
validate |
Verifies the deployed environment. |
In the |
Table 5-5 describes the order of execution of the deployment stages, and the tasks that are performed in each stage for the Oracle Access Management Suite (OAM-Only) option.
Table 5-5 Deployment Stages (OAM-Only)
Order of Execution | Stage | Tasks Performed | Sequence |
---|---|---|---|
1 |
preverify |
Checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured. |
In the |
2 |
install |
Installs all of the software and related patches present in Oracle Identity and Access Management deployment repository. |
In the |
3 |
preconfigure |
Creates the WebLogic Domain and extends it to all the necessary components and creates OHS instance. |
In the |
4 |
configure |
Starts managed servers, as necessary. Configures OAM to enable SSO. |
In the |
5 |
configure-secondary |
Integrates Weblogic domains with the Web tier, and registers the Web tier with the domains. |
In the |
6 |
postconfigure |
Generates OAM keystore and configures WebGate agents. |
In the |
7 |
startup |
Starts up all components in the topology. |
In the |
8 |
validate |
Verifies the deployed environment. |
In the |
The following sections describe the procedure for performing Deployment.
Note:
Before you start the deployment process, reboot all hosts.After creating the required deployment response profile based on your installation scenario, you must perform deployment by running the command runIAMDeployment.sh
a number of times on each host in the topology.
Before embarking on the Deployment process, read this entire section. There are extra steps detailed below which must be performed during the process.
You must run each command on each host in the topology before running the next command.
Before running the Deployment tool, set the following environment variable:
Set JAVA_HOME
to: REPOS_HOME
/jdk6
The commands you must run are:
runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preverify runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target install runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preconfigure runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure-secondary runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target postconfigure runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target startup runIAMDeployment.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target validate
Note:
Run same phase on each host, in order. Wait for a phase to finish before starting the same phase on the next host. You cannot run these phases in parallel. Repeat this for each phase.It is important that you take a backup of the file systems and databases at the following points:
Prior to starting Deployment.
At the end of the installation phase.
Upon completion of Deployment
It is not supported to restore a backup at any phase other than those three.
The previous deployment instructions assume that the LCM_HOME
directory is shared across every host in the topology for the duration of the deployment process.
If your organization does not permit this sharing, you can still run the deployment by making LCM_HOME
available locally on every host. The following extra manual steps are required.
Create a local version of the LCM_HOME
directory, including the software repository.
Copy the Deployment Response File, responsefilename
_data
folder, and Summary created in Section 4.4.2.15, "Summary" to the same location on each of the hosts.
If LCM_HOME
is not mounted on WEBHOST1 and WEBHOST2, before execution of the postconfigure phase on WEBHOST1, copy LCM_HOME
/keystores/webgate_artifacts
from OAMHOST1 to WEBHOST1 and WEBHOST2
LCM_HOME
/keystores/webgate_artifacts
is created after the configure phase on OAMHOST1.
When you perform an Oracle Identity And Access Management deployment, Oracle HTTP Server is setup in the reverse proxy mode. The modules for Oracle HTTP Server are contained in files with a .conf
extension. These files are located at:
config/instances/ohs1/config/OHS/ohs1/moduleconf
If you had selected the Enable Local Configuration Location option on the Select Installation and Configuration Locations screen when creating the deployment response file, then config
is the local configuration location. If you had not selected the Enable Local Configuration Location option on the Select Installation and Configuration Locations screen when creating the deployment response file, then config
is the location of shared configuration.