This chapter describes tasks you must perform after deployment using LCM tools.
Once the deployment using LCM tools is complete, you can perform the basic functions in the system. Connect to each Administration Server and ensure that all of the Managed Servers are up and running. After you verify that the servers are up and running, perform the following post-deployment tasks specific to various components to make the system fully ready:
This section describes post-deployment steps for Exalogic Implementations.
This section contains the following topics:
Section 27.1.1, "Enabling Oracle Traffic Director as Web Server"
Section 27.1.3, "Enabling WebLogic Domain Exalogic Optimization"
Section 27.1.5, "Forcing Oracle Identity Manager to use the Correct Multicast Address"
Section 27.1.6, "Enabling Oracle Access Manager Persistence Optimizations"
Section 27.1.7, "Configuring Oracle Identity Manager Servers to Listen on EoIB"
Section 27.1.8, "Configuring Single Sign-on for Administration Consoles in an Enterprise Deployment"
This Section describes how to enable OTD as a web server. If you are using external Oracle HTTP servers, skip this section, as the Oracle HTTP Servers are providing the web server functionality.
This section includes the following topics:
Section 27.1.1.2, "Stopping the OHS Servers from Starting and Stopping Automatically"
Section 27.1.1.4, "Resetting the Oracle Traffic Director Listen Port"
Stop the Oracle HTTP servers that the provisioning wizard created by executing the opmnctl
command, which is located in the directory OHS_ORACLE_INSTANCE
/bin
, as follows:
opmnctl stopall
Run this command on both WEBHOST1
and WEBHOST2
.
To stop the OHS servers starting and stopping automatically, proceed as follows:
Edit the file serverInstancesInfo.txt
which is located at SHARED_CONFIG_DIR
/scripts
.
Comment out the following lines by placing a #
at the beginning of the line:
webhost1 OHS /u02/private/oracle/config/instances/ohs1
webhost2 OHS /u02/private/oracle/config/instances/ohs2
Repeat on each WEBHOST
.
IDMLCM registers the Oracle HTTP Servers with the Access Domain. As you are no longer using OHS, you need to de-register the instances to prevent log files getting filled unnecessarily. You can do this by running the following command:
OHS_ORACLE_INSTANCE
/bin/opmnctl unregisterinstance
Enter the WebLogic Administration password when prompted.
Now that provisioning is complete and the Oracle HTTP server is disabled, the OTD configuration must be updated with the OHS Listen Port. To do this, complete the following steps:
Login to the OTD administration server using the URL:
https://OTDADMINVHN:8800
Click Configurations, which is at the upper left corner of the page.
A list of the available configurations is displayed.
Select the configuration which you want to amend. For example, sso.mycompany.com.
Expand Listeners in the navigation pane.
Click http-listener-1.
Set the port to WEB_HTTP_PORT
. For example, 7777
.
Click Save.
Click Deploy Changes.
Before starting a deployment on Exalogic using LCM you created a dummy entry in the /etc/hosts file for the virtual host iadinternal.example.com
. Now that the deployment is complete, this dummy entry needs to be replaced with the real entry. This change should be made on both the WEBHOSTs.
For example, on WEBHOST1 the /etc/hosts
file looks like:
10.10.10.1 webhost1.example.com 10.10.10.1 iadinternal.example.com
Change this back to:
10.10.10.1 webhost1.example.com 192.168.50.1 iadinternal.example.com
By making this change, MSAS configuration will access the web server on OTD host1 which will then be able to pass on requests to the wls_msm
managed servers. Ensure that you make this change on both WEBHOSTs by assigning the value to the local web host.
After deployment, these dummy entries should be removed.
Enable WebLogic domain Exalogic optimizations by following the instructions described in Section 15.4.14.1, "Enabling WebLogic Domain Exalogic Optimization".
You can enable session replication enhancements for Managed Servers in a WebLogic cluster to which you deploy a Web application at a later time.
For information about enabling session replication enhancements for OIM and SOA, see Section 19.20.2, "Enabling Cluster-Level Session Replication Enhancements for Oracle Identity Manager and SOA".
For information about enabling session replication enhancements for Oracle BI Publisher, see Section 20.6, "Enabling Cluster-Level Session Replication Enhancements for Oracle BI Publisher".
Oracle Identity Manager uses multicast for certain functions. By default, the managed servers communicate using the multi cast address assigned to the primary host name. If you wish multicast to use a different network, for example, of the internal network, complete the steps described in Section 19.21, "Forcing OIM to use Correct Multicast Address".
You can speed up OAM persistence by enabling OAM Exalogic optimizations by adding a new parameter to the server start options for each OAM managed server.
For more information about enabling OPMS optimizations, see Section 17.7.1, "Enabling OAM Persistence Optimizations".
This task is only required if the Oracle Identity Manager servers need to be accessed directly from outside the Exalogic machine. This is the case when external Oracle HTTP Servers are part of the configuration. In such case, you must create a new network channel.
For more information, see Section 19.20.1, "Configuring Oracle Identity Manager Servers to Listen on EoIB".
This section describes how to configure single sign-on (SSO) for administration consoles in an Identity and Access Management Enterprise deployment.
This section includes the following topic:
Install and configure WebGate for Oracle Traffic Director. For more information, see Section 22.5, "Installing and Configuring WebGate for Oracle Traffic Director 11g".
Perform the following steps for Oracle Unified Directory:
When LDAP synchronization is enabled, Oracle Unified Directory operations may fail. As a workaround, you must update ACIs on both instances of Oracle Unified Directory.
For more information, see Section 13.5.4, "Updating Oracle Unified Directory ACIs for LDAP Synchronization".
If you had selected Prepare Directory using IDMLCM option during the deployment, you must grant access to the changelog
. as part of the post-deployment task. For more information, see Section 13.5.3, "Granting OUD changelog Access".
Create Oracle Unified Directory indexes as described in Section 13.5.5, "Creating OUD Indexes".
Perform the following post-deployment steps.
Section 27.3.1, "Configuring Oracle Identity Manager to use a Database Persistence Store"
Section 27.3.2, "Modifying Oracle Identity Manager Properties to Support Active Directory"
This task is optional. This section describes how to move the Persistent stores to the database. Moving the persistent stores to the database simplifies Disaster Recovery Setup allowing for JMS messages to be included in the database rather than on the file system.
For more information, see Section 19.19, "Using JDBC Persistent Stores for TLOGs and JMS".
If your Identity Store is in Active Directory, modify the Oracle Identity Manager properties as described in Section 19.4, "Modifying the Oracle Identity Manager Properties to Support Active Directory".
You start the Administration Server using WLST and connecting to the Node Manager. The first start of the Administration Server with Node Manager requires that you change the default username and password that the Configuration Wizard sets for the Node Manager. This is already performed by the IDMLCM provisioning tool, where the Node Manager admin user password is being set to the common IDM password
value provided during response file creation.
For information on updating the Node Manager credentials, see Section 15.4.5.2, "Updating the Node Manager Credentials".
You must set the memory parameters in the setDomainEnv.sh
file and restart the Administration Server. For more information, see Section 15.4.3, "Setting IAMAccessDomain Memory Parameters".
Server Migration is required if one of your OIM hosts goes down partway through a transaction. By configuring server migration, you can ensure that any inflight JMS transactions are processed.
For information about setting up server migration, see Chapter 21, "Configuring Server Migration for an Enterprise Deployment".
As a post-deployment task, update the OIM LDAP reconciliation jobs. For more information, see Section 19.15, "Updating OIM LDAP Reconciliation Jobs".
This section describes the post-deployment tasks for Oracle BI Publisher.
This section contains the following topics:
This task is optional.
This section describes how to move the Persistent stores to the database. Moving the persistent stores to the database simplifies Disaster Recovery Setup allowing for JMS messages to be included in the database rather than on the file system. For more information, see Section 15.4.10, "Using JDBC Persistent Stores for TLOGs and JMS in an Enterprise Deployment".
This section describes the post-deployment tasks for Oracle Mobile Security Suite.
This section contains the following topics:
Once you have integrated OAM and OIM, create a user for Oracle Mobile Security Suite. For more information, see Section 19.13.5, "Creating OMSS Helpdesk User and Roles".
This section contains the following topics
After deployment, update existing WebGate Agents. For more information, see Section 17.2.4, "Updating WebGate Agents".
If you are using Oracle Mobile Security Suite (OMSS), you must add the missing policies to OAM as described in Section 17.2.6, "Adding Missing Policies to OAM".
The ESSO Identity Store Repository is created by default as ssl enabled. If the LDAP connection is not SSL enabled, update the IDS repository to uncheck the ssl flag by completing the steps described in Section 17.6, "Updating the ESSO IDS Repository".
Some IAM Products require that the SSL certificate used by the load balancer be added to the trusted certificates in the JDK used by OPAM. For more information about adding the certificates, see Section 15.4.13, "Adding a Load Balancer Certificate to JDK Trust Stores".
If you wish to create a redundant Middleware Home to protect from binary corruptions, you can do so by following the steps in described in Appendix A, "Creating a Redundant Middleware Home".
Restart all components, as described in Section 31.1, "Starting and Stopping Enterprise Deployment Components."