This chapter explains how to install and configure Oracle Identity and Access Management.
It includes the following topics:
Table 3-1 lists the general installation and configuration tasks that apply to Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0) products.
Table 3-1 Installation and Configuration Flow for Oracle Identity and Access Management
No. | Task | Description |
---|---|---|
1 |
Review installation concepts in the Installation Planning Guide. |
Read the Oracle Fusion Middleware Installation Planning Guide, which describes the process for various users to install or upgrade to Oracle Fusion Middleware 11g (11.1.2) depending on the user's existing environment. |
2 |
Review the system requirements and certification documents to ensure that your environment meets the minimum installation requirements for the components you are installing. Then, obtain the Oracle Fusion Middleware Software. |
For more information, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe. Also, see Section 3.2.1, "Obtaining the Oracle Fusion Middleware Software." |
3 |
Install a certified JDK. |
For more information, see Section 3.2.2, "Installing a Certified JDK." |
4 |
Review the Database requirements. |
For more information, see Section 3.2.3, "Database Requirements." Note that for Oracle Identity Manager configurations that use Oracle Databases, some of the Oracle Database versions require patches. For more information, see Section 3.2.3.1, "Identity Manager." Also, see Section 3.2.4, "Optional: Enabling TDE in Database for Oracle Access Management." |
5 |
Run Oracle Fusion Middleware Repository Creation Utility (RCU) to create and load the appropriate schemas for Oracle Identity and Access Management products. |
For more information, see Section 3.2.5, "Creating Database Schemas Using the Oracle Fusion Middleware Repository Creation Utility (RCU)". Notes: If you are configuring Oracle Access Management Mobile and Social standalone, skip this step. If you are configuring Oracle Privileged Account Manager, Oracle Privileged Account Manager schema must be created by a Database user with If you are configuring Oracle Entitlements Server, depending on the policy store you choose for Oracle Entitlements Server, complete one of the following:
|
6 |
Install Oracle WebLogic Server and create a Middleware Home. |
For more information, see Section 3.2.6, "Installing Oracle WebLogic Server and Creating a Middleware Home". Also, Oracle WebLogic Server 11g Release 1 (10.3.6) requires some patches that must be applied on the WebLogic Server Middleware home. For more information, see Section 3.2.6.1, "Applying Mandatory Patches for Oracle WebLogic Server." |
7 |
For Oracle Identity Manager users only: Install Oracle SOA Suite 11g Release 1 (11.1.1.9.0). |
For more information, see Section 3.2.7, "Installing Oracle SOA Suite (Oracle Identity Manager Users Only)". |
8 |
Install the Oracle Identity and Access Management 11g software. |
For more information, see Section 3.2.8, "Installing Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0)". |
9 |
Run the Oracle Fusion Middleware Configuration Wizard to configure your Oracle Identity and Access Management products in a new or existing WebLogic domain. |
For more information, see Section 3.2.9, "Configuring Oracle Identity and Access Management (11.1.2.3.0) Products". |
10 |
Configure the Database Security Store. |
For more information, see Section 3.2.10, "Configuring Database Security Store for an Oracle Identity and Access Management Domain." |
11 |
For Oracle Identity Manager users only:
|
For more information, see Section 3.2.11, "Configuring Oracle Identity Manager Server and Design Console". |
12 |
Start the servers. |
You must start the Administration Server and all Managed Servers. For more information, see Section C.1, "Starting the Stack". |
13 |
Run the Oracle Identity and Access Environment Health Check Utility to verify your installation and configuration. |
For more information, see Section 3.2.13, "Verifying Your Environment Using the Environment Health Check Utility." |
Follow the instructions in this section to install and configure the latest Oracle Identity and Access Management software.
Installing and configuring the latest version of Oracle Identity and Access Management 11g components involves the following steps:
Optional: Enabling TDE in Database for Oracle Access Management
Creating Database Schemas Using the Oracle Fusion Middleware Repository Creation Utility (RCU)
Installing Oracle WebLogic Server and Creating a Middleware Home
Installing Oracle SOA Suite (Oracle Identity Manager Users Only)
Installing Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0)
Configuring Oracle Identity and Access Management (11.1.2.3.0) Products
Configuring Database Security Store for an Oracle Identity and Access Management Domain
Configuring Oracle Identity Manager Server and Design Console
Verifying Your Environment Using the Environment Health Check Utility
For installing Oracle Identity and Access Management, you must obtain the following software:
Oracle WebLogic Server 11g Release 1 (10.3.6)
Oracle Database
Oracle Repository Creation Utility 11g Release 1 (11.1.1.9.0)
Oracle Identity and Access Management Suite
Oracle SOA Suite 11g Release 1 (11.1.1.9.0) (required for Oracle Identity Manager only)
Oracle Entitlements Server Client (required for Oracle Entitlements Server only)
Oracle Mobile Security Access Server (required for Oracle Mobile Security Suite only)
For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
Before you can install Oracle Identity and Access Management, you must download and install a supported Java Development Kit (JDK) on your system.
You should always verify the required JDK version by reviewing the certification information on the Oracle Fusion Middleware Supported System Configurations page.
The JDK can be downloaded from the Java SE Development Kit 7 Downloads page on Oracle Technology Network (OTN).
Note:
For more information about JDK version requirements, see the "Oracle WebLogic Server and JDK Considerations " topic in the Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management 11g Release 2 (11.1.2) document.Some Oracle Identity and Access Management components require an Oracle Database. Ensure that you have an Oracle Database installed on your system before installing Oracle Identity and Access Management. The database must be up and running to install the relevant Oracle Identity and Access Management components. The database does not have to be on the same system where you are installing the Oracle Identity and Access Management components.
Notes:
For information about certified databases, see the "Database Requirements" topic in the Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management 11g Release 2 (11.1.2) document.
For information about RCU requirements for Oracle Databases, see "RCU Requirements for Oracle Databases" in the Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management 11g Release 2 (11.1.2) document.
Some of the Oracle Database versions require patches. To identity the patches required for Oracle Identity Manager 11.1.2 configurations that use Oracle Databases, refer to the "Oracle Identity Manager" section of the 11g Release 2 Release Notes for Oracle Identity Management.
Complete the following steps to set up Transparent Data Encryption (TDE) in the database for Oracle Access Management:
Add the ENCRYPTION_WALLET_LOCATION
parameter in the sqlnet.ora
file of the database.
ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=<DB_WALLET_DIRECTORY>)))
Restart the database.
Run the following sql queries as SYSDBA
to create the encrypted tablespace:
ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "<PASSWORD>"
CREATE TABLESPACE <TABLESPACE_NAME> EXTENT MANAGEMENT LOCAL AUTOALLOCATE SEGMENT SPACE MANAGEMENT AUTO DATAFILE '<DATA_FILE_LOCATION>' SIZE 100M AUTOEXTEND ON NEXT 50M MAXSIZE UNLIMITED ENCRYPTION DEFAULT STORAGE(ENCRYPT);
Note:
ForENCRYPTION
parameter, you can choose to use DEFAULT
or specify any other option.After setting up Transparent Data Encryption (TDE) for Oracle Access Management, run the Oracle Fusion Middleware Repository Creation Utility (RCU) to create Oracle Access Management schemas. For more information, see Section 3.2.5, "Creating Database Schemas Using the Oracle Fusion Middleware Repository Creation Utility (RCU)".
Note:
When you create the Oracle Access Management schemas using RCU, in the Map Tablespaces screen, use the tablespace that you created for Oracle Access Management in step 3b.For more information, see "Map Tablespaces" topic in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
You must create and load the appropriate Oracle Fusion Middleware schemas in the database using RCU before installing and configuring the following Oracle Identity and Access Management components:
Oracle Identity Manager
Oracle Access Management
Oracle Mobile Security Suite
Oracle Adaptive Access Manager
Oracle Entitlements Server
Oracle Privileged Account Manager
Notes:
To create database schemas for Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0) components, use the 11g Release 1 (11.1.1.9.0) version of the Oracle Fusion Middleware Repository Creation Utility.
For information on RCU requirements, refer to the "Repository Creation Utility (RCU) Requirements" topic in the Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management 11g Release 2 (11.1.2) document.
For general information about using RCU, use the Oracle Fusion Middleware Repository Creation Utility User's Guide.
For information on creating schemas, see the "Creating Schemas" topic in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
This guide lists the schemas you must install for the Oracle Identity and Access Management software. For information about using RCU, this guide references the RCU documentation in a recent Oracle Fusion Middleware 11g Release 1 (11.1.1) documentation library.
These general instructions for using RCU are valid, as long as you download and use the specific RCU version available as part of the Oracle Identity and Access Management 11g Release 2 (11.1.2) Media Pack on the Oracle Software Delivery Cloud.
Before running RCU, ensure that you have the following information about your database ready:
Database Type
Database Host Name
Database Port
Database Service Name
Database User Name
Database User's Password
Database User's Role
To run RCU and create the required schemas in the database, perform the following steps:
After obtaining the proper version of RCU and downloading the .zip
file, extract the contents to a directory of your choice. This directory will be referred to as the RCU_HOME
directory.
Start RCU from the bin
directory inside the RCU_HOME
directory.
On Linux:
cd RCU_HOME/bin
./rcu
On Windows:
cd RCU_HOME\bin
rcu.bat
On the Welcome screen, click Next.
On the Create Repository screen, select Create to load the component schemas into an existing database, and then click Next.
On the Database Connection Details screen, specify the connection details for your database, and then click Next.
Note:
For more information about the options on this screen, see "Database Connection Details" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.A separate dialog window will appear while RCU checks database connectivity and some database prerequisites. When the database checking has passed without errors, click OK to dismiss the dialog window and go to the next screen.
On the Select Components screen, specify a prefix that you want to use for your schemas and select the components for which you want to create schemas in the database.
Notes:
For more information about the options on this screen, see "Select Components (for Create Operation)" in the Oracle Fusion Middleware Repository Creation Utility User's Guide
For more information about custom prefixes, see "Using Custom Prefixes" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
For Oracle Identity Manager, Oracle Access Manager, and Oracle Adaptive Access Manager schemas on the same database, it is recommended to provide different schema prefixes for these schemas to make sure that the AS Common Schemas - Oracle Platform Security Services and AS Common Schemas - Metadata Services schemas are not shared.
When you run RCU, create and load only the following schemas for the Oracle Identity and Access Management component you are installing—do not select any other schemas available in RCU:
For Oracle Identity Manager, select the Identity Management - Oracle Identity Manager schema. When you select the Identity Management - Oracle Identity Manager schema, the following schemas are also selected, by default:
SOA and BPM Infrastructure - SOA Infrastructure
SOA and BPM Infrastructure - User Messaging Service
AS Common Schemas - Oracle Platform Security Services
AS Common Schemas - Metadata Services
Oracle Business Intelligence - Business Intelligence Platform
For Oracle Adaptive Access Manager, select the Identity Management - Oracle Adaptive Access Manager schema. When you select the Identity Management - Oracle Adaptive Access Manager schema, the following schemas are also selected, by default:
AS Common Schemas - Oracle Platform Security Services
AS Common Schemas - Metadata Services
AS Common Schemas - Audit Services
For Oracle Adaptive Access Manager with partition schema support, select the Identity Management - Oracle Adaptive Access Manager (Partition Supp...) schema. When you select the Identity Management - Oracle Adaptive Access Manager (Partition Supp...) schema, the following schemas are also selected, by default:
AS Common Schemas - Oracle Platform Security Services
AS Common Schemas - Metadata Services
AS Common Schemas - Audit Services
Note:
For information about Oracle Adaptive Access Manager schema partitions, see Appendix H, "Oracle Adaptive Access Manager Partition Schema Reference".For Oracle Access Management only, select the Identity Management - Oracle Mobile Security Manager schema.
By default, Oracle Mobile Security Suite is installed (but not fully configured) with Oracle Access Management. You can choose to configure Oracle Access Management only or configure Oracle Access Management with Oracle Mobile Security Suite. For both configuration options, you must select the Identity Management - Oracle Mobile Security Manager schema.
When you select the Identity Management - Oracle Mobile Security Manager schema, the following schemas are also selected, by default:
AS Common Schemas - Oracle Platform Security Services
AS Common Schemas - Metadata Services
AS Common Schemas - Audit Services
Identity Management - Oracle Access Manager
Notes:
If you want to use Transparent Data Encryption (TDE) for Oracle Access Management, you must set up TDE for Oracle Access Management before creating the Oracle Access Management schema. For more information, see Section 3.2.4, "Optional: Enabling TDE in Database for Oracle Access Management."
If you manually select the Identity Management - Oracle Access Manager schema only, the Identity Management - Oracle Mobile Security Manager schema will not be selected by default. In this case, you must also manually select the Identity Management - Oracle Mobile Security Manager schema because when you install and configure Oracle Access Management in a WebLogic domain, the Oracle Mobile Security Manager server is installed and configured in the domain by default.
For Oracle Entitlements Server, select the AS Common Schemas - Oracle Platform Security Services schema.
For Oracle Privileged Account Manager, select the Identity Management - Oracle Privileged Account Manager schema. By default, the AS Common Schemas - Oracle Platform Security Services schema is also selected.
Note:
Oracle Privileged Account Manager schema must be created by a Database user withSYSDBA
privileges.Click Next.
A separate dialog window will appear while RCU checks component prerequisites. When the component prerequisite checking has passed without errors, click OK to dismiss the dialog window and go to the next screen.
On the Schema Passwords screen, specify how you want to set the schema passwords on your database. Then, enter and confirm your passwords for the main and additional (auxiliary) schema users. Click Next.
Note:
When you create a schema, be sure to remember the schema owner and password that is shown in RCU. You must specify the schema owner and password information when you configure the Oracle Identity and Access Management products.If you are creating schemas on databases with Oracle Database Vault installed, note that statements, such as CREATE USER
, ALTER USER
, DROP USER
, CREATE PROFILE
, ALTER PROFILE
, and DROP PROFILE
can only be issued by a user with the DV_ACCTMGR
role. SYSDBA can issue these statements by modifying the Can Maintain Accounts/Profiles rule set only if it is allowed.
On the Map Tablespaces screen, configure the desired tablespace mapping for the schemas you want to create, and then click Next.
A separate dialog window will appear asking you to confirm that you want to create these tablespaces. Click OK to proceed and dismiss the dialog window.
A second dialog window will appear showing the progress of the tablespace creation. After this is complete, click OK to dismiss this window and go to the next screen.
Review the information on the Summary screen, and click Create to begin schema creation.
A separate dialog window will appear showing the progress of the schema creation. After this is complete, the Completion Summary screen will appear.
On the Completion Summary screen, note the location of the log files, and then click Close to dismiss RCU.
Before you install Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0) components, you must ensure that you have installed Oracle WebLogic Server and created a Middleware Home directory.
Notes:
On 64-bit platforms, when you install Oracle WebLogic Server using the generic jar file, JDK is not installed with Oracle WebLogic Server. You must install JDK separately, before installing Oracle WebLogic Server.
Ensure that you are using a JDK version that is supported and certified with Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0). For more information, see Section 3.2.2, "Installing a Certified JDK."
Before you install Oracle WebLogic Server, ensure that your system environment meets the requirements for the installation. For installation requirements, see "Installation Prerequisites" in the Oracle WebLogic Server Installation Guide.
To install Oracle WebLogic Server, perform the following steps:
Start the Oracle WebLogic Server Installer, as described in "Starting the Installation Program in Graphical Mode" in the Oracle WebLogic Server Installation Guide.
On the Welcome screen, click Next.
On the Choose Middleware Home Directory screen, select Create a New Middleware Home.
Enter a location for the Middleware home directory. Note that it is recommended to create and use a separate Middleware home for each Oracle Identity and Access Management component you are installing.
For example,
ORACLE_BASE/products/fmw_oim
Note:
ORACLE_BASE
is the base directory under which Oracle products are installed. For example, /u01/oracle
.Click Next.
Specify whether you want to register the product installation with My Oracle Support. By registering, Oracle Support notifies you immediately of any security updates that are specific to your installation. Click Next.
If you chose not to register, a separate dialog window appears notifying you that you have not provided an email address. Click Yes to continue. An Are you sure? dialog window appears. Click Yes to continue. A Connection failed window appears. Select the I wish to remain uninformed of security issues in my configuration or this machine has no Internet access check box and click Continue.
On the Choose Install Type screen, select Typical.
Click Next.
On the JDK Selection screen, select the JDK.
Click Next.
On the Choose Product Installation Directories screen, accept the default product installation directories.
Click Next.
On the Installation Summary screen, click Next.
Monitor the progress of your installation.
On the Installation Complete screen, deselect Run Quickstart.
Click Done.
For complete information about installing Oracle WebLogic Server, see the Oracle WebLogic Server Installation Guide.
After installing Oracle WebLogic Server, you must apply mandatory WebLogic Server patches on the Middleware home. For more information, see Section 3.2.6.1, "Applying Mandatory Patches for Oracle WebLogic Server."
Note:
By default, WebLogic domains are created in a directory nameddomains
located in the user_projects
directory under your Middleware Home. After you configure any of the Oracle Identity and Access Management products in a WebLogic administration domain, a new directory for the domain is created in the domains
directory. In addition, a directory named applications
is created in the user_projects
directory. This applications
directory contains the applications deployed in the domain.After you have installed Oracle WebLogic Server 11g Release 1 (10.3.6) and created a Middleware home directory, there are some mandatory patches that you must apply to your WebLogic Server Middleware home to fix specific issues with Oracle WebLogic Server 11g Release 1 (10.3.6).
To identify the required patches that you must apply for Oracle WebLogic Server, see "Downloading and Applying Required Patches" in the Oracle Fusion Middleware Infrastructure Release Notes.
The WebLogic Server patches listed in the release notes are available from My Oracle Support. The patching instructions are mentioned in the README.txt
file that is provided with each patch.
If you are installing Oracle Identity Manager, you must install Oracle SOA Suite 11g Release 1 (11.1.1.9.0). Note that only Oracle Identity Manager requires Oracle SOA Suite. This step is required because Oracle Identity Manager uses process work flows in Oracle SOA Suite to manage request approvals.
For more information about installing Oracle SOA Suite, see Oracle Fusion Middleware Installation Guide for Oracle SOA Suite and Oracle Business Process Management Suite.
Note:
If you have already created a Middleware Home before installing Oracle Identity and Access Management components, do not create a new Middleware Home again. You must use the same Middleware Home for installing Oracle SOA Suite.This topic describes how to install the Oracle Identity and Access Management 11g software, which includes Oracle Identity Manager, Oracle Access Management, Oracle Adaptive Access Manager, Oracle Entitlements Server, Oracle Privileged Account Manager, Oracle Access Management Mobile and Social, and Oracle Mobile Security Suite.
It includes the following sections:
Performing the installation in this section installs the following products:
Oracle Identity Manager
Oracle Access Management
Note:
Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0) contains Oracle Access Management suite which includes the following services:Oracle Access Manager
Oracle Access Management Security Token Service
Oracle Access Management Identity Federation
Oracle Access Management Mobile and Social
Identity Context
For more information about these services, see "Understanding Oracle Access Management Services" in the Administrator's Guide for Oracle Access Management.
For an introduction to the Oracle Access Management Mobile and Social, see "Understanding Mobile and Social" chapter in the Administrator's Guide for Oracle Access Management.
Oracle Adaptive Access Manager
Note:
For Oracle Identity and Access Management 11.1.2.3.0, Oracle Adaptive Access Manager includes two componentsOracle Adaptive Access Manager (Online)
Oracle Adaptive Access Manager (Offline)
Oracle Entitlements Server
Note:
When you are installing Oracle Identity and Access Management, only the Administration Server of Oracle Entitlements Server is installed.To install and configure Oracle Entitlements Server Client, see Section 7.5, "Installing Oracle Entitlements Server Client".
Oracle Privileged Account Manager
Note:
For an introduction to the Oracle Privileged Account Manager, see "Understanding Oracle Privileged Account Manager" in Administering Oracle Privileged Account Manager.Oracle Mobile Security Suite
Note:
When you are installing Oracle Identity and Access Management, only the Oracle Mobile Security Manager component of Oracle Mobile Security Suite is installed.To install and configure Oracle Mobile Security Access Server, see Section 10.12, "Installing Oracle Mobile Security Access Server."
The installation in this section depends on the following:
Oracle WebLogic Server 11g Release 1 (10.3.6)
Oracle Database and any required patches
Oracle SOA Suite 11g Release 1 (11.1.1.9.0) (required for Oracle Identity Manager only)
JDK
Complete the following steps to install the Oracle Identity and Access Management suite that contains Oracle Identity Manager, Oracle Access Management, Oracle Adaptive Access Manager, Oracle Entitlements Server, Oracle Privileged Account Manager, Oracle Access Management Mobile and Social, and Oracle Mobile Security Suite:
Start the Oracle Identity and Access Management Installer by executing one of the following commands:
On Linux or UNIX:
cd unpacked_archive_directory/Disk1 ./runInstaller -jreLoc JRE_LOCATION
On Windows:
cd unpacked_archive_directory\Disk1 setup.exe -jreLoc JRE_LOCATION
Note:
The installer prompts you to enter the absolute path of the JRE that is installed on your system. When you install Oracle WebLogic Server, thejdk
directory is created under your Middleware Home. You must enter the absolute path of the JRE folder located in this JDK when launching the installer. For example, on Windows, if the JDK is located in C:\
MW_HOME
\jdk
, then launch the installer from the command prompt as follows:
full_path_to_setup.exe_directory
\setup.exe -jreLoc C:\
MW_HOME
\jdk
\jre
If you do not specify the -jreLoc
option on the command line when using the Oracle JRockit JDK, the following warning message is displayed:
-XX:MaxPermSize=512m is not a valid VM option. Ignoring
This warning message does not affect the installation. You can continue with the installation.
On 64 bit platforms, when you install Oracle WebLogic Server using the generic jar file, the jdk
directory will not be created under your Middleware Home. You must enter the absolute path of the JRE folder from where your JDK is located.
After you start the Installer, the Welcome screen appears.
Click Next on the Welcome screen. The Install Software Updates screen appears.
On the Install Software Updates screen, select whether or not you want to search for updates. Click Next. The Prerequisite Checks screen appears.
If all prerequisite checks pass inspection, click Next. The Specify Installation Location screen appears.
On the Specify Installation Location screen, enter the path to the Oracle Middleware Home that was created when you installed Oracle WebLogic Server 11g Release 1 (10.3.6) on your system. For example, /u01/oracle/products/fmw_oam.
Note:
If you do not specify a valid Middleware Home directory on the Specify Installation Location screen, the Installer displays a message and prompts you to confirm whether you want to proceed with the installation of only Oracle Identity Manager Design Console and Oracle Identity Manager Remote Manager. These two components of Oracle Identity Manager do not require a Middleware Home directory.If you want to install only Oracle Identity Manager Design Console or Remote Manager, you do not need to install Oracle WebLogic Server or create a Middleware Home directory on the machine where Design Console or Remote Manager is being configured.
Before using Oracle Identity Manager Design Console or Remote Manager, you must configure Oracle Identity Manager Server on the machine where the Administration Server is running. When configuring Design Console or Remote Manager on a different machine, you can specify the Oracle Identity Manager Server host and URL information.
In the Oracle Home Directory field, enter a name for the Oracle Home folder that will be created under your Middleware Home. This directory is also referred to as IAM_HOME
in this book. The default name of the Oracle home directory for Oracle Identity and Access Management is Oracle_IDM1
.
Note:
The name that you provide for the Oracle Home for installing the Oracle Identity and Access Management suite should not be same as the Oracle Home name given for the Oracle Identity Management suite.Oracle Identity Management 11g Release 1 is part of Oracle Fusion Middleware and includes components like Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, and Oracle Identity Federation.
Click Next. The Installation Summary screen appears.
The Installation Summary screen displays a summary of the choices that you made. Review this summary and decide whether to start the installation. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation pane and modify your choices.
Click Save to save the installation response file, which contains your responses to the Installer prompts and fields. You can use this response file to perform silent installations.
To continue installing Oracle Identity and Access Management, click Install.
The Installation Progress screen appears. Monitor the progress of your installation. The location of the installation log file is listed for reference. After the installation progress reaches 100%, click Next.
Note:
If you cancel or abort when the installation is in progress, you must manually delete theIAM_HOME
directory before you can reinstall the Oracle Identity and Access Management software.
To invoke online help at any stage of the installation process, click the Help button on the installation wizard screens.
The Installation Complete screen appears. Click Save to save the installation summary file. This file contains information about the installation, such as locations of install directories, that will help you get started with configuration and administration.
Note:
The installation summary file is not saved, by default—you must click Save to retain it.Click Finish to close and exit the Installer.
Check the directory structure after installing Oracle Identity and Access Management to verify your installation.
This installation process copies the Oracle Identity and Access Management software to your system and creates an Oracle Home directory for Oracle Identity and Access Management, such as Oracle_IDM1
, under your Middleware Home. This home directory is also referred to as IAM_HOME
in this guide.
For more information about identifying installation directories, see Section 2.3, "Identifying Installation Directories".
After installing the Oracle Identity and Access Management software, you must proceed to Section 3.2.9, "Configuring Oracle Identity and Access Management (11.1.2.3.0) Products," to configure Oracle Identity and Access Management products in a new or existing WebLogic domain.
After Oracle Identity and Access Management 11g is installed, you are ready to configure the WebLogic Server Administration Domain for Oracle Identity and Access Management components. A domain includes a special WebLogic Server instance called the Administration Server, which is the central point from which you configure and manage all resources in the domain.
When you configure an Oracle Identity and Access Management 11.1.2.3.0 component, you can choose one of the following configuration options:
Note:
You should not extend the Oracle Identity Management 11g Release 1 (11.1.1.6.0) domain to support Oracle Identity and Access Management 11g Release 2 (11.1.2.3.0) products.You can use the Oracle Fusion Middleware Configuration Wizard to create a WebLogic domain or extend an existing domain.
Start the Oracle Fusion Middleware Configuration Wizard by running the IAM_HOME
/common/bin/config.sh
script (on Linux or UNIX) or IAM_HOME
\common\bin\config.cmd
(on Windows).
Select the Create a new WebLogic domain option on the Welcome screen in the Oracle Fusion Middleware Configuration Wizard to create a new WebLogic Server domain.
Select the Extend an existing WebLogic domain option on the Welcome screen in the Oracle Fusion Middleware Configuration Wizard to add Oracle Identity and Access Management components in an existing Oracle WebLogic Server administration domain.
See:
The "Understanding Oracle WebLogic Server Domains" chapter in the Understanding Domain Configuration for Oracle WebLogic Server guide for more information about Oracle WebLogic Server administration domains.In addition, see the Creating Domains Using the Configuration Wizard guide for complete information about how to use the Configuration Wizard to create or extend WebLogic Server domains. This guide also provides the Oracle Fusion Middleware Configuration Wizard Screens.
For component-specific configuration information about Oracle Identity and Access Management products, see the following chapters:
After configuring the WebLogic Server Administration Domain for Oracle Identity and Access Management components and before starting the Oracle WebLogic Administration Server, you must configure the Database Security Store by running the configureSecurityStore.py
script. For more information, see Chapter 11, "Configuring Database Security Store for an Oracle Identity and Access Management Domain."
If you are configuring Oracle Identity Manager, you must run the Oracle Identity Manager Configuration Wizard to configure the Oracle Identity Manager Server. For more information, see Section 4.7, "Configuring Oracle Identity Manager Server".
You can also configure Oracle Identity Manager Design Console, if required. For more information, see Section 4.8, "Optional: Configuring Oracle Identity Manager Design Console."
After installing and configuring Oracle Identity and Access Management, you must run the Oracle WebLogic Administration Server and various Managed Servers, as described in Section C.1, "Starting the Stack".
Note:
The WebLogic domain will not start unless the Database Security Store has already been configured.After installing and configuring Oracle Identity and Access Management, you can run the Oracle Identity and Access Environment Health Check Utility to perform various validation checks against your environment and verify your installation and configuration. For more information about the Environment Health Check Utility and how to run the utility, see Chapter 12, "Verifying Your Environment Using the Environment Health Check Utility."