Go to main content
1/45
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in This Guide
New and Changed Features for 11
g
Release 2 (11.1.2.3)
New LDAP Directory Options
New Oracle Identity and Access Management Life Cycle Management Tools
Newly Added Manual Deployment Procedure
New Product Support
Deployment Procedure on Exalogic
Other New Features
Part I Understanding an Enterprise Deployment
1
Understanding a Typical Enterprise Deployment
1.1
Diagram of a Typical Enterprise Deployment
1.2
Understanding the Typical Enterprise Deployment Topology Diagram
1.2.1
Understanding the Firewalls and Zones of a Typical Enterprise Deployment
1.2.2
Understanding the Tiers of a Typical Enterprise Deployment Topology
1.2.3
Processing Requests
1.2.3.1
Purpose of the Hardware Load Balancer (LBR)
1.2.3.1.1
Requests from the Internet to the Web server instances in the Web tier
1.2.3.1.2
Specific internal-only communications between the components of the Application tier
1.2.3.2
Summary of the Typical Load Balancer Virtual Server Names
1.2.3.3
HTTPS versus HTTP Requests to the External Virtual Server Name
1.2.4
Understanding Storage
1.2.5
Understanding the Web Tier
1.2.5.1
Benefits of Using Oracle HTTP Server Instances to Route Requests
1.2.5.2
Alternatives to Using Oracle HTTP Server in the Web Tier
1.2.5.3
About the WebLogic Proxy Plug-In
1.2.6
Understanding the Application Tier
1.2.6.1
Configuration of the Administration Server and Managed Servers Domain Directories
1.2.6.2
Best Practices and Variations on the Configuration of the Clusters and Hosts on the Application Tier
1.2.6.3
About the Node Manager Configuration in a Typical Enterprise Deployment
1.2.6.4
About Using Unicast for Communications Within the Application Tier
1.2.6.5
Understanding OPSS and Requests to the Authentication and Authorization Stores
1.2.7
About the Data Tier
2
Understanding the IAM Enterprise Deployment
2.1
Understanding the Primary and Build-Your-Own Enterprise Deployment Topologies
2.2
Diagrams of the Primary Oracle Identity and Access Management Topology
2.2.1
Diagram of Oracle Identity and Access Management on Consolidated Hardware
2.2.2
Diagram of Oracle Identity and Access Management on Distributed Hardware
2.3
Understanding the Primary Oracle Identity and Access Management Topology Diagrams
2.3.1
Product Separation
2.3.2
Understanding the Directory Tier
2.3.3
Understanding Oracle Unified Directory Assured Replication
2.3.4
Summary of Oracle Identity and Access Management Load Balancer Virtual Server Names
2.3.5
Summary of the Managed Servers and Clusters on the Application Tier Hosts
2.3.6
Understanding Mobile Security Access Server
2.4
Using the Identity and Access Management Deployment Wizard
2.5
Roadmap for Implementing the Primary IAM Suite Topologies
2.6
Building your Own Oracle Identity and Access Management Topology
2.7
About Using Server Migration to Enable High Availability of the Oracle Identity and Access Management Enterprise Topology
3
Understanding the IAM Exalogic Enterprise Deployment
3.1
Why Install Oracle IAM on Exalogic
3.2
Understanding the Primary and Build your Own Enterprise Deployment Topologies on Exalogic
3.3
Diagrams of the Primary Oracle Identity and Access Management Exalogic Enterprise Topologies
3.3.1
Diagram of Oracle Identity and Access Management on Physical Exalogic
3.3.2
Diagram of Oracle Identity and Access Management on Virtual Exalogic
3.3.3
Diagram of Oracle Identity and Access Management with an External Web Tier
3.3.4
Understanding the Primary Oracle Identity and Access Management Topology Diagrams
3.3.4.1
About Product Separation
3.3.4.2
Understanding the Directory Tier
3.3.5
Differences Between an Exalogic Deployment and a Platform Deployment
3.4
Oracle Identity and Access Management and Exalogic Networking
3.4.1
Considerations for Choosing your Exalogic Network
3.4.2
Typical IAM Network Usage
3.4.2.1
Physical Exalogic
3.4.2.2
Virtual Exalogic
3.4.2.3
Physical Exalogic with External Web Tier
3.4.3
Summary of Oracle Identity and Access Management Load Balancing Virtual Server Names
3.5
Summary of the Managed Servers and Clusters on the Application Tier Hosts
3.6
Understanding Oracle Traffic Director
3.6.1
About Oracle Traffic Director in a Standard Exalogic Deployment
3.6.2
About Oracle Traffic Director in a Deployment with Oracle HTTP Server
3.6.3
About Oracle Traffic Director Failover Groups
3.6.4
About Oracle Traffic Director and the Load Balancer
3.6.5
About Oracle Traffic Director and Identity and Access Management
3.7
About Exalogic Optimizations for WebLogic
3.8
Roadmap for Implementing the Primary Oracle Identity and Access Management Topologies
3.9
Building your Own Oracle Identity and Access Management Topology
3.10
About Installing and Configuring a Custom Enterprise Topology
3.11
About Using Server Migration to Enable High Availability of the Oracle Identity and Access Management Enterprise Topology
Part II Preparing for an Enterprise Deployment
4
Using the Enterprise Deployment Workbook
4.1
Introduction to the Enterprise Deployment Workbook
4.2
Typical Use Case for Using the Workbook
4.3
Who Should Use the Enterprise Deployment Workbook?
4.4
Using the Oracle Identity and Access Management Enterprise Deployment Workbook
4.4.1
Locating the Oracle Identity and Access Management Enterprise Deployment Workbook
4.4.2
Understanding the Contents of the Oracle Identity and Access Management Enterprise Deployment Workbook
4.4.2.1
Using the Start Tab
4.4.2.2
Using the Hardware - Host Computers Tab
4.4.2.3
Using the Network - Virtual Hosts & Ports Tab
4.4.2.4
Using the Load Balancer Tab
4.4.2.5
Using the Storage - Directory Variables Tab
4.4.2.6
Using the Database - Connection Details Tab
4.4.2.7
Using the LDAP - Users and Groups Tab
4.4.2.8
Using the Exalogic Tab
5
Procuring Resources for an Enterprise Deployment
5.1
Hardware and Software Requirements for an Enterprise Deployment
5.1.1
Hardware Load Balancer Requirements
5.1.2
Host Computer Hardware Requirements
5.1.2.1
General Considerations for Enterprise Deployment Host Computers
5.1.2.2
Reviewing the Oracle Fusion Middleware System Requirements
5.1.2.3
Typical Memory, File Descriptors, and Processes Required for an Oracle Identity and Access Management Enterprise Deployment
5.1.2.4
Typical Disk Space Requirements for an Oracle Identity and Access Management
5.1.3
Operating System Requirements for the Enterprise Deployment Topology
5.2
Exalogic Requirements for an Enterprise Deployment
5.2.1
Exalogic Virtual Server Requirements
5.2.1.1
Virtual Servers Required for IAM on Exalogic
5.2.1.2
About Distribution Groups
5.2.2
About Private Networks
5.2.3
About Exalogic Elastic Cloud Networks
5.2.4
About Virtual Server Templates
5.3
Reserving the Required IP Addresses for an Enterprise Deployment
5.3.1
What Is a Virtual IP (VIP) Address?
5.3.2
Why Use Virtual Host Names and Virtual IP Addresses?
5.3.3
Physical and Virtual IP Addresses Required by the Enterprise Topology
5.4
Identifying and Obtaining Software Downloads for an Enterprise Deployment
5.4.1
Obtaining the LCM Tools and Oracle Identity and Access Management Software Repository for an Automated Deployment
5.4.2
Obtaining Required Patches for an Automated Deployment with the LCM Tools
5.4.3
Applying Patches Automatically as Part of the LCM Tools Automated Deployment Process
5.4.4
Obtaining the Oracle Identity and Access Management Software for a Manual Deployment
5.4.5
Obtaining Patches for a Manual Deployment
6
Preparing the Load Balancer and Firewalls for an Enterprise Deployment
6.1
Configuring Virtual Hosts on the Hardware Load Balancer
6.1.1
Overview of the Hardware Load Balancer
6.1.2
Typical Procedure for Configuring the Hardware Load Balancer
6.1.3
Load Balancer Health Monitoring
6.1.4
Summary of the Virtual Servers Required for an Oracle Identity and Access Management Deployment
6.1.5
Summary of the Virtual Servers Required for an Oracle Identity and Access Management Exalogic Deployment
6.2
Configuring Firewalls and Ports for an Oracle Identity and Access Management Deployment
6.3
Configuring the Firewalls and Ports for an Exalogic Enterprise Deployment
7
Preparing Storage for an Enterprise Deployment
7.1
Overview of Preparing Storage for Enterprise Deployment
7.2
Terminology for Directories and Directory Variables
7.3
Overview of Enterprise Deployment Storage
7.4
About File Systems
7.5
Understanding the Enterprise Deployment Directory Structure
7.5.1
Recommendations for Binary (Middleware Home) Directories
7.5.1.1
About the Binary (Middleware Home) Directories
7.5.1.2
About Sharing a Single Middleware Home
7.5.1.3
About Using Redundant Binary (Middleware Home) Directories
7.5.2
About the Lifecycle Repository
7.5.3
Recommendations for Domain Configuration Files
7.5.3.1
About Oracle WebLogic Server Administration and Managed Server Domain Configuration Files
7.5.3.2
Shared Storage Requirements for Administration Server Domain Configuration Files
7.5.3.3
Local Storage Requirements for Managed Server Domain Configuration Files
7.5.4
Shared Storage Recommendations for Runtime Files
7.5.5
Recommended Directory Locations
7.5.5.1
Life Cycle Management and Deployment Repository
7.5.5.2
Shared Storage
7.5.5.3
Private Storage
8
Preparing Exalogic for an Oracle Identity and Access Management Deployment
8.1
Summary of Virtual IP Addresses Required
8.2
Summary of Storage Requirements
8.2.1
Summary of the Storage Appliance Directories and Corresponding Mount Points for Physical Exalogic
8.2.2
Summary of the Storage Appliance Directories and Corresponding Mount Points for Virtual Exalogic
9
Configuring the Host Computers for an Enterprise Deployment
9.1
Overview of Configuring the Hosts
9.2
Verifying Your Host and Operating System
9.3
Meeting the Minimum Hardware Requirements
9.4
Meeting Operating System Requirements
9.4.1
Configuring Kernel Parameters
9.4.2
Setting the Open File Limit
9.4.3
Setting Shell Limits
9.4.4
Validating Local Hosts File
9.4.5
Increasing Huge Page Allocation for Exalogic Deployments
9.5
Enabling Unicode Support
9.6
Setting the DNS Settings
9.7
Configuring Users and Groups
9.8
Configuring a Host to Use an NTP (time) Server
9.9
Configuring a Host to Use an NIS/YP Host
9.10
Enabling Virtual IP Addresses
9.10.1
Summary of the Required Virtual IP Addresses
9.10.2
Enabling a Virtual IP Address on a Network Interface
9.10.3
Verifying the Required Virtual IP Addresses on the Network
9.11
Mounting Shared Storage onto the Host
9.11.1
Mounting Shared Storage
9.11.2
Validating the Shared Storage Configuration
10
Preparing the Database for an Enterprise Deployment
10.1
Overview of Preparing the Databases for an Identity and Access Management Enterprise Deployment
10.2
Verifying the Database Requirements for an Enterprise Deployment
10.2.1
Databases Required
10.2.2
Database Host Requirements
10.2.3
Database Versions Supported
10.2.4
Patch Requirements for Oracle Database 11g (11.2.0.2.0)
10.2.5
Oracle Database Minimum Requirements
10.2.5.1
General Database Characteristics
10.2.5.2
Minimum Initialization Parameters
10.3
Installing the Database for an Enterprise Deployment
10.4
Creating Database Services
10.4.1
Creating Database Services for 12
c
Databases
10.4.2
Creating a Database Service for Oracle Internet Directory
10.5
Using SecureFiles for Large Objects (LOBs) in an Oracle Database
10.6
Database Tuning
10.7
Loading the Identity and Access Management Schemas in the Oracle RAC Database Using RCU
10.7.1
Schemas Required by Identity and Access Management
10.7.2
Creating the Database Schemas Manually
10.8
Backing up the Database
Part III Configuring an Oracle Identity and Access Management Enterprise Deployment Manually
11
Installing Oracle Fusion Middleware in Preparation for an Enterprise Deployment
11.1
Overview of the Software Installation Process
11.1.1
Software to Install
11.1.2
Summary of Homes
11.2
Installing the Web Tier
11.2.1
Installing Oracle HTTP Server
11.2.1.1
Running the Installer
11.2.1.2
Backing Up the Installation
11.2.2
Installing Oracle Traffic Director
11.2.3
Installing Oracle Mobile Security Access Server
11.3
Creating an Oracle Fusion Middleware Home
11.3.1
Installing a Supported JDK
11.3.1.1
Identifying and Downloading the JDK Software
11.3.1.2
Installing JDK
11.3.2
Installing Oracle WebLogic Server
11.4
Installing the Directory Tier
11.4.1
Installing Oracle Unified Directory
11.4.2
Installing Oracle Internet Directory
11.5
Installing the Application Tier
11.5.1
Installing Oracle Identity and Access Management
11.5.2
Installing Oracle SOA Suite
11.5.3
Creating the wlfullclient.jar File
11.6
Backing Up the Installation
11.7
Creating a Redundant Middleware Home
12
Configuring Oracle LDAP for an Identity and Access Manager Enterprise Deployment
12.1
Configuring Oracle Unified Directory
12.1.1
Prerequisites for Configuring Oracle Unified Directory Instances
12.1.2
Configuring the Oracle Unified Directory Instances
12.1.2.1
Configuring Oracle Unified Directory on LDAPHOST1
12.1.2.2
Validating Oracle Unified Directory on LDAPHOST1
12.1.2.3
Configuring Oracle Unified Directory Instance on LDAPHOST2
12.1.2.4
Validating Oracle Unified Directory on LDAPHOST2
12.1.2.5
Validating Oracle Unified Directory Through the Load Balancer
12.1.2.6
Relaxing Oracle Unified Directory Object Creation Restrictions
12.1.2.7
Configuring a Password Policy on Oracle Unified Directory
12.1.3
Creating Access Control Lists in Non-Oracle Directories
12.1.4
Backing Up the Oracle Unified Directory installation
12.2
Configuring Oracle Internet Directory
12.2.1
Overview of Creating an Internet Directory
12.2.2
Using Oracle Internet Directory in an Enterprise Deployment
12.2.3
Configuring the Oracle Internet Directory
12.2.3.1
Configuring the First Oracle Internet Directory
12.2.3.2
Validating the OID installation on LDAPHOST1
12.2.3.3
Configuring Oracle Internet Directory on LDAPHOST2
12.2.3.4
Validating the Installation of OID on LDAPHOST2
13
Preparing The Identity Store
13.1
Introduction to Preparing an Existing LDAP Directory
13.2
Creating a Configuration File
13.2.1
Oracle Internet Directory Example
13.2.2
Oracle Unified Directory Example
13.2.3
Explanation of Property Values
13.2.3.1
LDAP Properties
13.2.3.2
OUD Properties
13.2.3.3
OAM Properties
13.2.3.4
OIM Properties
13.2.3.5
WebLogic Properties
13.2.3.6
Miscellaneous Properties
13.3
Preparing a Password File
13.4
Preparing an Existing LDAP Directory for LCM
13.5
Preparing OID and OUD as the Identity Store
13.5.1
Configuring Oracle Internet Directory and Oracle Unified Directory
13.5.2
Creating Users and Groups
13.5.3
Granting OUD changelog Access
13.5.4
Updating Oracle Unified Directory ACIs for LDAP Synchronization
13.5.5
Creating OUD Indexes
13.5.6
Creating Access Control Lists in Non-Oracle Directories
13.6
Preparing an Existing Microsoft Active Directory Instance for Use with Oracle Identity and Access Management
13.6.1
Adding the Required Schemas to the Active Directory Instance
13.6.2
Creating the Required Containers in the Active Directory Instance
13.6.3
Adding Access Control Lists (ACLs) to the Containers in Active Directory
13.6.4
Creating Users in the Active Directory Instance
13.6.5
Adding User Memberships to Groups in an Active Directory Instance
13.6.5.1
Summary of the Groups and Users for an OAM and OMSS Deployment
13.6.5.2
Summary of the Groups and Users for an Integrated OIM, OAM, and OMSS Deployment
13.6.6
Assigning Administrator Privileges to the OIMAdministrators Group
13.6.7
Resetting User Passwords in an Active Directory Instance
13.6.8
Enabling User Accounts for in an Active Directory Instance
13.6.9
Setting the LockoutThreshold in Active Directory
14
Configuring the Oracle Web Tier
14.1
Configuring Oracle HTTP Server
14.1.1
Running the Configuration Wizard to Configure the HTTP Server
14.1.2
Configuring Virtual Hosts
14.1.2.1
Configuring Virtual Hosts
14.1.2.2
Configuring Oracle HTTP Server to Run as Software Owner
14.1.2.3
Updating Oracle HTTP Server Runtime Parameters
14.1.2.4
Validating the Configuration
14.1.2.5
Backing Up the Web Tier Configuration
14.2
Configuring Oracle Traffic Director
14.2.1
Creating and Starting the Traffic Director Administration Server
14.2.2
Registering WEBHOST2 with the Administration Node
14.2.3
Creating a Configuration
14.2.4
Starting, Stopping, and Restarting Oracle Traffic Director
14.2.5
Defining the Required Oracle Traffic Director Virtual Servers for an Enterprise Deployment
14.2.5.1
Creating OTD Origin Server Pools
14.2.5.2
Creating Virtual Servers
14.2.5.3
Creating a TCP Proxy and Listener for idstore.example.com
14.2.6
Creating Routes
14.2.7
Enabling SSL Passthrough
14.2.8
Workaround for Issues caused by TMPWATCH cleanup
14.2.9
Deploying the Configuration and Testing the Virtual Server Addresses
14.2.10
Creating a Failover Group for Virtual Hosts
14.3
Backing up the Web Tier Configuration
15
Creating Domains for an Enterprise Deployment
15.1
Choosing Which Domains to Create
15.2
Domains and URLs
15.3
Running the Configuration Wizard to Create a Domain
15.4
Post-Configuration and Verification Tasks
15.4.1
Associating the Domain with the OPSS policy Store
15.4.2
Forcing the Managed Servers to use IPv4 Networking
15.4.3
Setting IAMAccessDomain Memory Parameters
15.4.4
Creating boot.properties for the WebLogic Administration Servers
15.4.5
Perform Initial Node Manager Configuration
15.4.5.1
Starting Node Manager
15.4.5.2
Updating the Node Manager Credentials
15.4.5.3
Disabling Host Name Verification
15.4.5.4
Restart the Administration Server via Node Manager
15.4.5.5
Validating the WebLogic Administration Server
15.4.6
Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server
15.4.7
Propagating Changes to Remote Servers
15.4.8
Starting Node Manager on Remote Servers
15.4.9
Configuring the Web Tier
15.4.9.1
Registering Oracle HTTP Server with Oracle WebLogic Server
15.4.9.2
Setting the Front End URL for the Administration Console
15.4.9.3
Enabling WebLogic Plug-in
15.4.9.4
Validating Access to Domains
15.4.10
Using JDBC Persistent Stores for TLOGs and JMS in an Enterprise Deployment
15.4.10.1
About JDBC Persistent Stores for JMS and TLOGs
15.4.10.2
Performance Impact of the TLOGs and JMS Persistent Stores
15.4.10.3
Roadmap for Configuring a JDBC Persistent Store for TLOGs
15.4.10.4
Roadmap for Configuring a JDBC Persistent Store for JMS
15.4.10.5
Creating a User and Tablespace for TLOGs
15.4.10.6
Creating a User and Tablespace for JMS
15.4.10.7
Creating GridLink Data Sources for TLOGs and JMS Stores
15.4.10.8
Assigning the TLOGs JDBC Store to the Managed Servers
15.4.10.9
Creating a JMS JDBC Store
15.4.10.10
Assigning the JMS JDBC Store to the JMS Servers
15.4.10.11
Creating the Required Tables for JMS JDBC Store
15.4.11
Manually Failing over the WebLogic Administration Server
15.4.12
Backing up the WebLogic Domain
15.4.13
Adding a Load Balancer Certificate to JDK Trust Stores
15.4.14
Enabling Exalogic Optimizations
15.4.14.1
Enabling WebLogic Domain Exalogic Optimization
16
Setting Up Node Manager for an Enterprise Deployment
16.1
Recreating WebLogic Demo Certificates
16.2
Overview of the Node Manager
16.3
Moving Node Manager to a Separate Directory
16.4
Changing the Location of the Node Manager Log
16.5
Enabling Host Name Verification Certificates for Node Manager
16.5.1
Generating Self-Signed Certificates Using the utils.CertGen Utility
16.5.2
Creating an Identity Keystore Using the utils.ImportPrivateKey Utility
16.5.3
Creating a Trust Keystore Using the Keytool Utility
16.5.4
Adding a Load Balancer Certificate to Trust Store
16.5.5
Configuring Node Manager to Use the Custom Keystores
16.5.6
Configuring the Managed WebLogic Servers to Use Custom Keystores
16.5.7
Changing the Host Name Verification Setting for the Managed Servers
17
Configuring Oracle Access Management
17.1
About Domain URLs
17.2
Post-Installation Tasks
17.2.1
Setting the Front End URL for the Administration Console
17.2.2
Removing IDM Domain Agent
17.2.3
Configuring and Integrating with LDAP
17.2.3.1
Setting a Global Passphrase
17.2.3.2
Configuring Access Manager to use the LDAP Directory
17.2.3.2.1
Creating a Configuration File
17.2.3.2.2
Integrating Access Manager and LDAP Using the idmConfigTool
17.2.3.2.3
Validating the OAM LDAP Configuration
17.2.3.3
Adding LDAP Groups to WebLogic Administrators
17.2.4
Updating WebGate Agents
17.2.5
Updating Host Identifiers
17.2.6
Adding Missing Policies to OAM
17.3
Validating Access Manager
17.4
Creating Access Manager Key Store
17.5
Updating Idle Timeout Value
17.6
Updating the ESSO IDS Repository
17.7
Enabling Exalogic Optimizations
17.7.1
Enabling OAM Persistence Optimizations
17.8
Backing Up the Application Tier Configuration
18
Configuring Oracle Mobile Security Services
18.1
Creating the Configuration Files
18.2
Configuring Oracle Mobile Security Manager
18.3
Performing Additional Task for Oracle Unified Directory
18.4
Verifying Oracle Mobile Security Manager Configuration
18.5
Configuring MSAS Gateway Instances
18.6
Integrating MSAS with the Identity Store
18.7
Adding Load Balancer Alias to MSAS Certificate
18.8
Starting MSAS Instances
18.9
Verifying Oracle Mobile Security Suite Configuration
19
Configuring Oracle Identity Manager
19.1
Configuring Oracle Coherence for Oracle SOA Suite
19.1.1
Enabling Communication for Deployment Using Unicast Communication
19.1.2
Specifying the Host Name Used by Oracle Coherence
19.2
Configuring Oracle Identity Manager
19.3
Copying SOA Composites to Managed Server Directory
19.4
Modifying the Oracle Identity Manager Properties to Support Active Directory
19.5
Starting and Validating Oracle Identity Manager on OIMHOST1
19.6
Starting and Validating Oracle Identity Manager on OIMHOST2
19.7
Configuring Oracle Identity Manager to Reconcile from ID Store
19.8
Configuring Default Persistence Store for Transaction Recovery
19.9
Configuring UMS Email
19.10
Changing Host Assertion in WebLogic
19.11
Restarting the Administration Server, Oracle Identity Manager, and Oracle SOA Suite Servers
19.12
Validating Oracle Identity Manager Instance from the WebTier
19.13
Integrating Identity Manager with Access Manager
19.13.1
Copying OAM Keystore Files to OIMHOST1 and OIMHOST2
19.13.2
Updating Existing LDAP Users with Required Object Classes
19.13.3
Importing OIM certificates into Mobile Security Suite
19.13.3.1
Obtaining JPS Credential Store Password for IAMAccessDomain
19.13.3.2
Exporting IAMGovernanceDomain Certificate
19.13.3.3
Importing Certificate into IAMAccessDomain
19.13.4
Integrating Access Manager and Mobile Security Suite with Oracle Identity Manager 11
g
19.13.5
Creating OMSS Helpdesk User and Roles
19.13.6
Managing the Password of the xelsysadm User
19.13.7
Validating Integration
19.14
Enabling OIM to Connect to SOA Using LDAP User
19.15
Updating OIM LDAP Reconciliation Jobs
19.16
Updating the Username Generation Policy for Active Directory
19.17
Excluding Users from Oracle Identity Manager Reconciliation
19.18
Closing Failed Reconciliation Events Using OIM Console
19.19
Using JDBC Persistent Stores for TLOGs and JMS
19.20
Enabling Exalogic Optimizations
19.20.1
Configuring Oracle Identity Manager Servers to Listen on EoIB
19.20.2
Enabling Cluster-Level Session Replication Enhancements for Oracle Identity Manager and SOA
19.21
Forcing OIM to use Correct Multicast Address
19.22
Backing Up the Application Tier Configuration
20
Configuring BI Publisher
20.1
Moving Reports to a Shared Directory
20.1.1
Starting BI Publisher Managed Servers
20.1.2
Validating the BI Server
20.1.3
Validating BI Server Configuration
20.2
Configuring BI Scheduler
20.2.1
Setting Scheduler Configuration Options
20.2.2
Configuring JMS for BI Publisher
20.2.3
Configuring Default Persistence Store for Transaction Recovery
20.2.4
Using JDBC Persistent Stores for TLOGs and JMS
20.2.5
Updating the JMS Configuration of BIP Scheduler
20.3
Validating BI Instance From the Web Tier
20.4
Verifying the Integration of BI Publisher with Oracle Identity Manager
20.5
Backing Up the Application Tier Configuration
20.6
Enabling Cluster-Level Session Replication Enhancements for Oracle BI Publisher
21
Configuring Server Migration for an Enterprise Deployment
21.1
Overview of Server Migration for an Enterprise Deployment
21.2
Setting Up a User and Tablespace for the Server Migration Leasing Table
21.3
Creating a GridLink Data Source for Leasing Using the Oracle WebLogic Administration Console
21.4
Editing Node Manager's Properties File
21.5
Setting Environment and Superuser Privileges for the wlsifconfig.sh Script
21.6
Configuring Server Migration Targets
21.7
Testing the Server Migration
21.8
Backing Up the Server Migration Configuration
22
Configuring Single Sign-On
22.1
Overview of Configuring Single Sign-On
22.2
Configuring WebLogic Security Providers
22.3
Updating the boot.properties File
22.4
Installing and Configuring WebGate for Oracle HTTP Server
22.4.1
Installing Oracle WebGate on WEBHOST1 and WEBHOST2
22.4.2
Deploying WebGate to WEBHOST1 and WEBHOST2
22.5
Installing and Configuring WebGate for Oracle Traffic Director 11
g
22.5.1
Prerequisites
22.5.2
Installing Oracle WebGate on WEBHOST1 and WEBHOST2
22.5.3
Adding LD_LIBRARY_PATH to OTD Start Scripts
22.5.4
Restarting the Oracle Traffic Director Instance
22.5.5
Updating OTD Configuration Repository with WebGate Changes
22.6
Validating Oracle Access Management Single Sign-On Setup
Part IV Configuring an Enterprise Deployment Using Life Cycle Management (LCM) Tools
23
Introduction to the Life Cycle Management (LCM) Tools
23.1
About the Automated Deployment of Oracle Identity and Access Management
23.1.1
Purpose of the Automation Tools for 11
g
Release 2 (11.1.2.3)
23.1.2
Packaging and Distribution of the Automation Tools
23.1.3
Obtaining and Applying Required Patches
23.1.4
Deployment Capabilities of the LCM Tools for Oracle Identity and Access Management
23.1.5
Patching Capabilities of the LCM Tools for Oracle Identity and Access Management
23.1.6
Upgrade Capabilities of the LCM Tools for Oracle Identity and Access Management
23.2
Overview of Deploying Oracle Identity and Access Management With the LCM Tools
24
Installing Oracle Identity and Access Management Life Cycle Management Tools
24.1
About the Deployment Repository and LCM Tools Directory Structure
24.2
Locating the Required Java Development Kit (JDK)
24.3
Installing the Oracle Identity and Access Management Life Cycle Tools
24.3.1
Locating and Starting the LCM Tools Installer
24.3.2
Summary of the LCM Tools Installer Screens
24.3.3
Specifying an Inventory Directory
24.3.4
Applying the Patch for LCM Tools
25
Creating a Deployment Response File
25.1
What is a Deployment Response File?
25.2
Starting the Deployment Wizard and Navigating the Common Screens
25.3
Creating a Deployment Response File for Oracle Identity Manager (OIM) Only Topology
25.4
Creating a Deployment Response File for Oracle Access Manager (OAM) Only Topology
25.5
Creating a Deployment Response File for a Fully Integrated Topology
26
Deploying Identity and Access Management
26.1
Introduction to the Deployment Process
26.1.1
Deployment Stages
26.1.2
Processing Order
26.2
Prerequisites for Deployment on Exalogic
26.3
Deployment Procedure
26.3.1
Running the Deployment Commands Automatically
26.3.1.1
Preparing the Hosts for Automated Deployment
26.3.1.2
Deploying Identity and Access Management Automatically
26.3.2
Running the Deployment Commands Manually
26.3.3
Creating Backups
26.4
Check List
26.5
Deploying Identity and Access Management Without a Common LCM_HOME
27
Performing Post-Deployment Configuration
27.1
Post Deployment Steps for Exalogic Implementations
27.1.1
Enabling Oracle Traffic Director as Web Server
27.1.1.1
Stopping the OHS Servers
27.1.1.2
Stopping the OHS Servers from Starting and Stopping Automatically
27.1.1.3
De-registering OHS servers from Domain
27.1.1.4
Resetting the Oracle Traffic Director Listen Port
27.1.2
Reverting Host Name changes
27.1.3
Enabling WebLogic Domain Exalogic Optimization
27.1.4
Enabling Cluster-Level Session Replication Enhancements for Oracle Identity Manager, SOA, and BI
27.1.5
Forcing Oracle Identity Manager to use the Correct Multicast Address
27.1.6
Enabling Oracle Access Manager Persistence Optimizations
27.1.7
Configuring Oracle Identity Manager Servers to Listen on EoIB
27.1.8
Configuring Single Sign-on for Administration Consoles in an Enterprise Deployment
27.1.8.1
Installing and Configuring WebGate for OTD
27.2
Post-Deployment Steps for Oracle Unified Directory
27.2.1
Updating Oracle Unified Directory ACIs for LDAP Synchronization
27.2.2
Granting OUD changelog Access
27.2.3
Creating OUD Indexes
27.3
Post-Deployment Steps for Oracle Identity Manager
27.3.1
Configuring Oracle Identity Manager to use a Database Persistence Store
27.3.2
Modifying Oracle Identity Manager Properties to Support Active Directory
27.3.3
Setting Memory Parameters
27.3.4
Configuring Server Migration
27.3.5
Updating OIM LDAP Reconciliation Jobs
27.4
Post Deployment Steps for Oracle BI Publisher
27.4.1
Configuring Oracle BI Publisher to use a Database Persistence Store
27.5
Post Deployment Steps for Oracle Mobile Security Suite
27.5.1
Creating OMSS Helpdesk User and Roles
27.6
Post-Deployment Steps for Access Manager
27.6.1
Updating WebGate Agents
27.6.2
Adding Missing Policies to OAM
27.6.3
Updating the ESSO IDS Repository
27.7
Adding a Load Balancer Certificate to Trust Stores
27.8
Creating a Redundant Middleware Home
27.9
Restarting All Components
28
Cleaning up an Environment Before Rerunning IAM Deployment
28.1
Cleaning up an Environment
Part V Managing an Enterprise Deployment
29
Scaling Enterprise Deployments
29.1
Scaling the Topology
29.2
Scaling the LDAP Directory
29.2.1
Mounting the Middleware Home when Scaling Out
29.2.2
Scaling Oracle Unified Directory
29.2.2.1
Assembling Information for Scaling Oracle Unified Directory
29.2.2.2
Configuring an Additional Oracle Unified Directory Instance
29.2.2.3
Validating the New Oracle Unified Directory Instance
29.2.2.4
Adding the New Oracle Unified Directory Instance to the Load Balancers
29.2.3
Scaling Oracle Internet Directory
29.2.3.1
Configuring Oracle Internet Directory on LDAPHOST3
29.2.3.2
Validating the installation of OID on LDAPHOST3
29.3
Scaling Identity and Access Management Applications
29.3.1
Gathering Information
29.3.1.1
Assembling Information for Scaling Access Manager
29.3.1.2
Assembling Information for Scaling Oracle Identity Manager
29.3.1.3
Assembling Information for Scaling Oracle Adaptive Access Manager
29.3.2
Mounting Middleware Home and Creating a New Machine when Scaling Out
29.3.3
Creating a New Node Manager when Scaling Out
29.3.4
Running Pack/Unpack
29.3.5
Performing Application-Specific Steps
29.3.5.1
Cloning an Existing Managed Server
29.3.5.2
Scaling Oracle Access Management Access Manager
29.3.5.2.1
Running Pack/Unpack
29.3.5.2.2
Register Managed Server with Oracle Access Management Access Manager
29.3.5.2.3
Updating WebGate Profiles
29.3.5.2.4
Updating the Web Tier
29.3.5.3
Scaling Oracle Identity Manager
29.3.5.3.1
Configuring New JMS Servers
29.3.5.3.2
Performing Pack/Unpack When Scaling Out
29.3.5.3.3
Configuring Oracle Coherence for Deploying Composites
29.3.5.3.4
Enabling Communication for Deployment Using Unicast Communication
29.3.5.3.5
Specifying the Host Name Used by Oracle Coherence
29.3.5.3.6
Completing the Oracle Identity Manager Configuration Steps
29.3.5.4
Updating Oracle Adaptive Access Manager Integration
29.3.6
Adding New WebLogic Managed Server to Oracle HTTP Server Configuration Files
29.4
Scaling the Web Tier
29.4.1
Assembling Information for Scaling the Web Tier
29.4.2
Mounting Middleware Home and Copying Oracle HTTP Server Files when Scaling Out
29.4.3
Running the Configuration Wizard to Configure the HTTP Server
29.4.4
Registering Oracle HTTP Server with WebLogic Server
29.4.5
Reconfiguring the Load Balancer
29.4.6
Scaling Up Oracle Traffic Director
29.4.7
Scaling Oracle Mobile Security Access Server
29.4.7.1
Installing Oracle Mobile Security Access Server
29.4.7.2
Configuring MSAS Gateway Instance
29.4.7.3
Creating an MSAS Configuration Property File
29.4.7.4
Configuring the MSAS Instance Using configMSAS.sh
29.4.7.5
Validating the MSAS Configuration
29.4.7.6
Integrating MSAS with the Identity Store
29.4.7.7
Starting MSAS Instances on OHSHOST1 and OHSHOST2
29.5
Post-Scaling Steps for All Components
29.5.1
Adding a New Managed Server to the Oracle Traffic Director Server Pool
29.5.2
Updating the Topology Store
29.5.3
Updating Stop/Start Scripts
29.5.4
Updating Node Manager Configuration
29.5.4.1
Starting and Stopping Node Manager
30
Topology Tool Commands for Scaling
30.1
Overview of Topology Tool Commands for Scaling
30.2
Syntax of the Topology Tool
30.2.1
Commands
30.2.2
Command-Line Options Used with Add
30.2.3
Command-Line Options Used with Modify for Updating Load Balancer Mappings
30.3
Commonly-Used Command Line Operations
30.4
Steps and Command-Line Examples
30.4.1
Scaling Out / Scaling Up of Directory Tier
30.4.1.1
Directory Tier Notes
30.4.1.2
Topology Tool Steps for Scaling Oracle Unified Directory
30.4.1.3
Scale Out Commands for Oracle Unified Directory
30.4.1.4
Scale Up Commands for Oracle Unified Directory
30.4.2
Scaling Out / Scaling Up of Application Tier
30.4.2.1
Application Tier Notes
30.4.2.2
Topology Tool Steps for OAM
30.4.2.3
Scale Out Commands for OAM
30.4.2.4
Scale Up Commands for OAM
30.4.2.5
Topology Tool Steps for OIM
30.4.2.6
Scale Out commands for OIM
30.4.2.7
Scale Up commands for OIM
30.4.2.8
Topology Tool Steps for SOA
30.4.2.9
Scale Out commands for SOA
30.4.2.10
Scale Up Commands for SOA
30.4.2.11
Steps for Adding Node Manager Steps for OAM/OIM/SOA Scale Out Only
30.4.2.12
Commands for Adding NodeManager for Scale Out of OAM
30.4.2.13
Commands for Adding NodeManager for Scale Out of OIM
30.4.2.14
Commands for Adding NodeManager for Scale Out of SOA
30.4.3
Scaling Out / Scaling Up of Web Tier
30.4.3.1
Web Tier Notes
30.4.3.2
Topology Tool Steps for Scaling OHS
30.4.3.3
Scale Out Commands for Web
30.4.3.4
Scale Up Commands for OHS
30.4.3.5
Steps for Adding OPMN for Webtier Scale Up and Scale Out
30.4.3.6
Commands for Adding OPMN Instance for WEB Tier for Scale Out and Scale Up
31
Managing the Topology for an Enterprise Deployment
31.1
Starting and Stopping Enterprise Deployment Components
31.1.1
Startup and Shutdown Order
31.1.2
Stopping and Starting Exalogic vServers
31.1.2.1
Stopping vServers
31.1.2.2
Starting vServers
31.1.3
Starting and Stopping Directory Services
31.1.3.1
Starting and Stopping Oracle Unified Directory
31.1.3.1.1
Starting Oracle Unified Directory
31.1.3.1.2
Stopping Oracle Unified Directory
31.1.3.2
Starting and Stopping Oracle Internet Directory
31.1.3.2.1
Starting Oracle Internet Directory
31.1.3.2.2
Stopping Oracle Internet Directory
31.1.3.3
Starting and Stopping Oracle Active Directory
31.1.4
Starting and Stopping Node Manager
31.1.4.1
Starting Node Manager
31.1.4.2
Stopping Node Manager
31.1.5
Starting and Stopping IAMAccessDomain Services
31.1.5.1
Starting and Stopping a WebLogic Administration Server
31.1.5.1.1
Starting a WebLogic Administration Server
31.1.5.1.2
Stopping a WebLogic Administration Server
31.1.5.2
Starting and Stopping Oracle Access Manager Weblogic Managed Servers
31.1.5.2.1
Starting Oracle Access Manager WebLogic Managed Servers
31.1.5.2.2
Stopping Oracle Access Manager WebLogic Managed Servers
31.1.5.3
Starting and Stopping Policy Manager Weblogic Managed Servers
31.1.5.3.1
Starting Policy Manager WebLogic Managed Servers
31.1.5.3.2
Stopping Policy Manager WebLogic Managed Servers
31.1.5.4
Starting and Stopping Mobile Security Manager Weblogic Managed Servers
31.1.5.4.1
Starting Mobile Security Manager WebLogic Managed Servers
31.1.5.4.2
Stopping Mobile Security Manager WebLogic Managed Servers
31.1.6
Starting and Stopping IAMGovernanceDomain Services
31.1.6.1
Starting and Stopping a WebLogic Administration Server
31.1.6.1.1
Starting a WebLogic Administration Server
31.1.6.1.2
Stopping a WebLogic Administration Server
31.1.6.2
Starting and Stopping Oracle SOA Suite Weblogic Managed Servers
31.1.6.2.1
Starting Oracle SOA Suite WebLogic Managed Servers
31.1.6.2.2
Stopping Oracle SOA Suite WebLogic Managed Servers
31.1.6.3
Starting and Stopping Oracle Identity Manager Weblogic Managed Servers
31.1.6.3.1
Starting Oracle Identity Manager WebLogic Managed Servers
31.1.6.3.2
Stopping Oracle Identity Manager WebLogic Managed Servers
31.1.6.4
Starting and Stopping Oracle BI Publisher Weblogic Managed Servers
31.1.6.4.1
Starting Oracle BI Publisher WebLogic Managed Servers
31.1.6.4.2
Stopping Oracle BI Publisher WebLogic Managed Servers
31.1.7
Starting and Stopping Web Servers
31.1.7.1
Starting and Stopping Oracle HTTP Server
31.1.7.1.1
Starting Oracle HTTP Server
31.1.7.1.2
Stopping Oracle HTTP Server
31.1.7.2
Starting the Oracle Traffic Director Instances
31.1.7.2.1
Starting and Stopping Oracle Traffic Director Administration Instances
31.1.7.2.2
Starting Oracle Traffic Director Instances
31.1.7.2.3
Starting Oracle Traffic Director Failover groups
31.1.7.3
Starting and Stopping Oracle Mobile Access Server
31.1.7.3.1
Starting Oracle Mobile Access Server
31.1.7.3.2
Stopping Oracle Mobile Access Server
31.2
About Identity and Access Management Console URLs
31.3
Monitoring Enterprise Deployments
31.3.1
Monitoring Oracle Unified Directory
31.3.2
Monitoring WebLogic Managed Servers
31.4
Auditing Identity and Access Management
31.5
Performing Backups and Recoveries
31.5.1
Performing Baseline Backups
31.5.2
Performing Runtime Backups
31.5.3
Performing Backups During Installation and Configuration
31.5.3.1
Backing Up Middleware Home
31.5.3.2
Backing Up LDAP Directories
31.5.3.2.1
Backing Up Oracle Unified Directory
31.5.3.2.2
Backing Up Third-Party Directories
31.5.3.3
Backing Up the Database
31.5.3.4
Backing Up the WebLogic Domain IAMGovernanceDomain
31.5.3.5
Backing Up the WebLogic Domain IAMAccessDomain
31.5.3.6
Backing Up the Web Tier
31.5.3.6.1
Backing Up Oracle HTTP Server
31.6
Patching Enterprise Deployments
31.7
Preventing Timeouts for SQL
31.8
Manually Failing Over the WebLogic Administration Server
31.8.1
Failing Over the Administration Server to OAMHOST2
31.8.2
Starting the Administration Server on OAMHOST2
31.8.3
Validating Access to OAMHOST2 Through Oracle HTTP Server
31.8.4
Failing the Administration Server Back to OAMHOST1
31.9
Changing Startup Location
31.10
Troubleshooting
31.10.1
Troubleshooting Oracle Traffic Director
31.10.1.1
OTD Failover Groups Show as Started, but IP Address Cannot be Pinged
31.10.1.2
Error When Accessing SSL Terminated URL
31.10.1.3
Error When Creating Failover Groups
31.10.2
Troubleshooting Identity and Access Management Deployment When Using IDMLCM
31.10.2.1
Deployment Fails
31.10.2.2
Deployment Fails with Error: Incorrect Host or Domain Name Format for Attribute
31.10.2.3
Connection to Directory Failed Exception
31.10.2.4
Deployment Fails on Install Phase with Permission Denied Error
31.10.2.5
Deployment Fails While Configuring MSAS
31.10.2.6
Deployment Fails with Error: DiskSpaceCheck SEVERE Disk space check has failed
31.10.2.7
Preverify Inappropriately Fails with Insufficient Space
31.10.2.8
General Troubleshooting
31.10.3
Troubleshooting IDMLCM Start/Stop Scripts
31.10.3.1
Start/Stop Scripts Fail to Start or Stop a Managed Server
31.10.4
Troubleshooting Oracle Access Management Access Manager 11
g
31.10.4.1
Access Manager Runs out of Memory
31.10.4.2
User Reaches the Maximum Allowed Number of Sessions
31.10.4.3
Policies Do Not Get Created When Oracle Access Management Access Manager is First Installed
31.10.4.4
You Are Not Prompted for Credentials After Accessing a Protected Resource
31.10.4.5
Cannot Log In to Access Management Console
31.10.4.6
Oracle Coherence Cluster Startup Errors in WLS_AMA Server Logs
31.10.4.7
Errors in log File when Starting OAM Servers
31.10.5
Troubleshooting Oracle Identity Manager
31.10.5.1
java.io.FileNotFoundException When Running Oracle Identity Manager Configuration
31.10.5.2
ResourceConnectionValidationxception When Creating User in Oracle Identity Manager
31.10.5.3
Oracle Identity Manager Reconciliation Jobs Fail
31.10.5.4
OIM Reconciliation Jobs Fail When Running Against Oracle Unified Directory
31.10.5.5
Cannot Open Reports from OIM Self Service Console
31.10.6
Troubleshooting Oracle SOA Suite
31.10.6.1
Transaction Timeout Error
31.10.7
General Troubleshooting
31.10.7.1
Cannot Start Managed Server from WebLogic Console
31.10.7.2
Proxy Settings are Reset
A
Creating a Redundant Middleware Home
A.1
Creating a Duplicate Middleware Home
B
Sanity Checks
B.1
Sanity Checks for Oracle Access Management
B.1.1
Verifying LDAP Authentication for OAM Agent Protected Application for Valid User
B.1.2
Verifying LDAP Authentication Failure for OAM Agent Protected Application for Invalid Password
B.1.3
Verifying LDAP Authentication Failure for OAM Agent Protected Application for Invalid Username
B.1.4
Verifying Access of OAM Agent Protected Unavailable Resource
B.1.5
Verifying Access of Resource that was Recently Deleted or Replaced from the Policy
B.2
Sanity Checks for Oracle Identity Manager
B.2.1
Creating Organization
B.2.2
Creating User
B.2.3
Creating Role
B.2.4
Self-Registering a User
B.2.5
Adding User Defined Field (UDF) in User
B.2.6
Creating Disconnected Application and Provision
B.2.7
Importing and Configuring DB User Management
B.2.8
Creating Access Policy and Provision
B.2.9
Creating End User Request for Accounts, Entitlements, and Roles
B.2.10
Resetting Account Password
B.2.11
Creating Certification and Approving
B.2.12
Creating Identity Audit Scan Definitions and Viewing its Results
B.2.13
Testing Identity Audit
C
Configuring External Access to an Internal Exalogic IAM Deployment
C.1
Creating New OAM Server Instances Listening on the External Network
C.2
Creating a New SSO Agent
C.3
Creating a Test Resource in OAM
C.4
Configuring the External Oracle HTTP Server
C.5
Validating the Installation
Scripting on this page enhances content navigation, but does not change the content in any way.