This appendix describes solutions to common problems that you might encounter when installing Oracle Identity and Access Management.
It contains the following topics:
If you encounter an error during installation:
Consult the Oracle Fusion Middleware 11g Release 2 (11.1.2.3.0) Release Notes. You can access the Release Notes on the Oracle Technology Network (OTN) Documentation Web site. To access this Web site, go to the following URL:
http://www.oracle.com/technetwork/indexes/documentation/index.html
Verify your system and configuration is certified. See Section 2.1, "Reviewing System Requirements and Certification" for more information.
Verify your system meets the minimum system requirements. See Section 2.1, "Reviewing System Requirements and Certification" for more information.
Verify you have satisfied the dependencies for the deployment you are attempting. Each deployment documented in this guide contains a "Dependencies" section.
If you entered incorrect information on one of the installation screens, return to that screen by clicking Back until you see the screen.
If an error occurred while the Installer is copying or linking files:
Note the error and review the installation log files.
Remove the failed installation. See Appendix F, "Deinstalling and Reinstalling Oracle Identity and Access Management" for more information.
Correct the issue that caused the error.
Restart the installation.
If an error occurred while configuring Oracle Identity Manager using the Oracle Identity Manager Configuration Wizard:
Note the error and review the configuration log files.
Verify whether the dependencies are met. For example, Administration Server and Database should be up and running.
Correct the issue that caused the error.
Restart the Oracle Identity Manager Configuration Wizard.
The Installer writes log files to the ORACLE_INVENTORY_LOCATION
/logs
directory on Linux or UNIX systems and to the ORACLE_INVENTORY_LOCATION
\logs
directory on Windows systems.
On Linux or UNIX systems, if you do not know the location of your Oracle Inventory directory, you can find it in the ORACLE_HOME
/oraInst.loc
file.
On Microsoft Windows systems, the default location for the inventory directory is C:\Program Files\Oracle\Inventory\logs
.
The server log files are created in the DOMAIN_HOME
/server/
servername
/logs
directory.
The following install log files are written to the log directory:
installDATE-TIME_STAMP
.log
installDATE-TIME_STAMP
.out
installActionsDATE-TIME_STAMP
.log
installProfileDATE-TIME_STAMP
.log
oraInstallDATE-TIME_STAMP
.err
oraInstallDATE-TIME_STAMP
.log
The default password lifetime used for a user created on a newly installed Oracle Database 11g database is 180 days. After 180 days, the password automatically expires. When the Oracle Access Manager (OAM) schema password expires, the OAM environment will become inoperable.
To avoid this problem, you can do one of the following:
Solution 1: Change the default password policy for the database by configuring the password settings in the DEFAULT
database profile (or in another relevant profile assigned to the OAM schema) so that the current OAM schema password will never expire.
To do this, you can use the ALTER PROFILE
statement to set the PASSWORD_LIFE_TIME
and PASSWORD_GRACE_TIME
parameters to UNLIMITED
in the OAM schema user's profile.
For more information about the password-related settings and how to configure them, see "Configuring Password Settings in the Default Profile" in the Oracle Database Security Guide.
See Oracle Database SQL Language Reference for more information about using ALTER PROFILE
to modify the default password settings.
or
Solution 2: Reset the password before it expires.
To reset the OAM schema password on an Oracle Database 11g database, you must update the password for both the OPSS schema and OAM schema in the WebLogic Server Administration Console and then update the passwords in the database.
Update the password for OPSS in the WebLogic Server Administration Console:
From the Domain Structure menu, expand Services and click Data Sources.
Select the opss-DBDS data source in the Data Sources table.
Select the Configuration > Connection Pool sub tab.
Click Lock & Edit in the Change Center.
Enter a new password for the OPSS schema in the Password and Confirm Password fields.
Click Save to save the new password.
Update the password for OAM in the WebLogic Server Administration Console:
From the Domain Structure menu, expand Services and click Data Sources.
Select the oamDS data source in the Data Sources table.
Select the Configuration > Connection Pool sub tab.
Enter a new password for the OAM schema in the Password and Confirm Password fields.
Click Save to save the new password, and then click Activate Changes in the Change Center.
Stop the servers in your environment.
Log on to sqlplus as the SYS
database user, and update the schema passwords in the database:
SQL> ALTER USER OAM_SCHEMA_USER IDENTIFIED BY NEW_PASSWORD; SQL> ALTER USER OPSS_SCHEMA_USER IDENTIFIED BY NEW_PASSWORD;
For example:
SQL> ALTER USER DEV_OAM IDENTIFIED BY password; SQL> ALTER USER DEV_OPSS IDENTIFIED BY password;
Start WLST from the MW_HOME
/oracle_common/common/bin
directory. For example:
cd MW_HOME/oracle_common/common/bin
./wlst.sh
Run the WLST modifyBootStrapCredentia
l command as follows:
modifyBootStrapCredential(jpsConfigFile='DOMAIN_HOME/config/fmwconfig/jps-config.xml', username='prefix_OPSS', password='new_password')
Exit WLST:
exit()
Start the servers in your environment.
In this scenario, you have created and loaded the appropriate Oracle Identity Manager (OIM) schema, installed and configured Oracle Identity Manager in a new or existing WebLogic domain. During domain configuration, you have configured JDBC Component Schemas by using the Oracle Fusion Middleware Configuration Wizard.
If you want to configure Oracle Identity Manager in a second WebLogic domain against the existing Oracle Identity Manager 11g schemas, you must complete the following steps when you try to configure Oracle Identity Manager using the Oracle Identity Manager Configuration Wizard:
When prompted, you must copy the .xldatabasekey
file from the first WebLogic domain directory (/<MW_HOME>/user_projects/domains/<name_of_your_first_oim_domain>/config/fmwconfig/
) to the second WebLogic domain directory (/<MW_HOME>/user_projects/domains/<name_of_your_second_oim_domain>/config/fmwconfig/
). Proceed with the Oracle Identity Manager configuration.
After configuring Oracle Identity Manager using the Oracle Identity Manager Configuration Wizard, copy the cwallet.so
, default_keystore.jks
, and xlserver.crt
files from the first WebLogic domain directory (/<MW_HOME>/user_projects/domains/<name_of_your_first_oim_domain>/config/fmwconfig/
) to the second domain Home directory (/<MW_HOME>/user_projects/domains/<name_of_your_second_oim_domain>/config/fmwconfig/
).
After copying the files, start the Oracle Identity Manager Managed Server, as described in Appendix C, "Starting the Stack".
After completing your installation and domain configuration, you must start the Oracle WebLogic Administration Server to get your deployments up and running, as described in Appendix C, "Starting the Stack." The following scenarios describe error and warning messages you might encounter when trying to start the Administration Server and what to do to resolve these issues.
Symptom: After configuring Oracle Access Management 11g Release 2 (11.1.2.3.0) in a WebLogic domain, you might encounter the following warning when starting the Administration Server:
<Warning><oracle.oam.config><BEA-000000><Unsupported configuration store version detected. Required "11.1.2.3.0" but found "11.1.2.1.0".>
Cause: This warning message appears only when you start the Administration Server for the first time because the value of ProductRelease
is not set to 11.1.2.3.0
in the oam-config.xml
file:
<Setting Name="ProductRelease" Type="xsd:string">11.1.2.1.0</Setting>
The oam-config.xml
file (located in the DOMAIN_HOME
/config/fmwconfig
directory) stores the system configuration data for Oracle Access Management. When you start the Administration Server for the first time, ProductRelease
is set to 11.1.2.1.0
, and the server is started with the 11.1.2.1.0 version of the Oracle Access Management configuration.
Solution: Restart the WebLogic Administration Server, as described in Appendix C, "Starting or Stopping the Oracle Stack." Restarting the Administration Server automatically updates the value of ProductRelease
to the correct version. Then, the warning will no longer appear.
You can open the DOMAIN_HOME
/config/fmwconfig
/oam-config.xml
file to verify that the value of ProductRelease
shows 11.1.2.3.0
:
<Setting Name="ProductRelease" Type="xsd:string">11.1.2.3.0</Setting>
For more information about the oam-config.xml
file, see "About the oam-config.xml Configuration Data File" in the Administrator's Guide for Oracle Access Management.
If you cannot solve a problem using the information in this appendix, look for additional information in My Oracle Support at
If you cannot find a solution to your problem, open a service request.