12 Creating a Response File

This chapter describes the process of creating a response file for a new Oracle Fusion Applications environment using the Provisioning Wizard interview process.

This chapter includes the following sections:

12.1 Introduction to Creating a Response File

Oracle Fusion Applications Provisioning orchestrates the physical installation and configuration of the product offerings that you choose and deploys those offerings and their dependent middleware components to a predetermined Oracle WebLogic Server Domain. To perform the installation tasks, Provisioning requires the provisioning repository of installers, the provisioning framework, and a response file.

When you create a response file, you choose provisioning configurations and specify the configuration details for the product offerings and their dependent middleware components. You save the response file and specify its location when you are ready to use it to provision a new environment.

12.1.1 How Does the Response File Work?

You must have downloaded the provisioning repository, installed the provisioning framework, and installed a database and the identity management components before you can create a response file. See Section 5.3.2, "Preparing the Oracle Fusion Applications Server" for provisioning prerequisites.

After the prerequisite setup is complete, you run the Provisioning Wizard and select the Create a New Applications Environment Response File option. During the interview process, you choose product offerings to install. The wizard "knows" which middleware dependencies must be installed for each product offering, and which host must be provisioned first. It detects common products that each offering relies on, as well as the presence of the transaction database and identity-related components, and prompts for the appropriate configuration parameters.

Using a question and answer interview format, the wizard collects information about:

  • Provisioning configurations (product offerings)

  • Node Manager credentials and installation and configuration directories

  • Database connections and schema passwords

  • Host names and ports for the offerings and their middleware dependencies

  • Common configuration details for components, such as web tier, virtual hosts, email, and identity management

After you complete the response file, save it. Then, when you are ready to perform the physical installation, choose the Provision a New Environment option from the Provisioning Wizard and indicate the location of the response file. The wizard uses the details in the response file as a guide to what must be retrieved from the provisioning repository.

12.1.2 Selecting Product Offerings

An installation of Oracle Fusion Applications is logically broken up into groups of features known as product offerings, which represent the highest-level collection of functionality that you can license and implement. A provisioning configuration is a collection of one or more product offerings.

Product offerings have interdependencies on companion applications (for example Oracle Fusion Human Capital Management relies on Oracle Financials payroll), as well as middleware dependencies (for example, Oracle SOA Suite) required for runtime execution. The wizard prompts for applications and middleware configuration details at the domain level during Domain Topology Configuration.

When you select individual product offerings within a configuration instead of selecting all offerings within the configuration, the wizard starts the Managed Servers only for the offerings that you selected. However, because the interdependent details for the entire configuration are included in the response file, you can activate additional functionality later by using the Oracle Fusion Applications Functional Setup Manager to start the other Managed Servers. See Oracle Fusion Functional Setup Manager User's Guide.

The provisioning configurations are as follows:

  • Oracle Fusion Customer Relationship Management (Sales and Marketing)

  • Oracle Fusion Financials (Financials, Oracle Fusion Procurement, and Oracle Fusion Projects)

  • Oracle Fusion Human Capital Management (Workforce Deployment, Workforce Development, and Compensation Management)

  • Oracle Fusion Supply Chain Management (Product Management, Order Orchestration, Material Management and Logistics)

You can also choose several standalone product offerings. For this group of offerings, only the direct dependencies are installed, configured, and deployed:

  • Customer Data Hub

  • Enterprise Contracts

  • Oracle Fusion Accounting Hub

  • Oracle Fusion Incentive Compensation

12.1.3 Wizard Actions for Oracle Identity Management Components

During the Provisioning Wizard interview process, the wizard collects information that is necessary to connect to the Oracle Identity Management components you have previously installed and configured. This information includes:

  • The user designated as the Super User. This user must already exist in the policy store.

  • The existence of the system administrators group. This information determines if the group was created during the Oracle Identity Management component installation and configuration process, or if it must be created during provisioning.

  • The distinguished name (DN) of the system administrators group (if it exists).

  • The authenticator that will serve as the LDAP identity store: Oracle Internet Directory (OIDAuthenticator) or Oracle Virtual Directory (OVDAuthenticator).

12.1.4 Creating Installation-Specific Response Files

There are numerous scenarios for the environments you can create — from a small demonstration system, to a full production system provisioned on multiple hosts. The Provisioning Wizard can accommodate the creation of response files for specific environments so that you can create a separate response file for each type of environment. Note that all occurrences of a hostname should use the same name in the response file.

12.1.5 Updating a Response File

Frequently, details for a response file are not final, and so cannot be specified during a single pass through the Provisioning Wizard interview. Or, a completed response file has not been implemented, and requires changes before it is. The wizard options include the choice to save a partially completed response file and update it later. Note that a response file is not complete or available for provisioning until you click Finish on the Summary screen.

However, after you select product offerings and save them in a response file, regardless of whether it is partially or fully complete, you cannot update or change the product offerings in that response file. To add or change the mix of offerings, you must create a new response file and specify the new or additional offerings.

12.2 Prerequisites to Creating a Response File

Before you create a response file, you must have completed the following tasks:

  1. Read and understand the concepts in Chapter 1.

  2. Perform the prerequisite tasks outlined in Chapter 5.

  3. Install a transaction database as described in Chapter 8.

  4. Complete Oracle Identity Management provisioning. See Chapter 10.

  5. If you plan to enable load balancer as described in Section 12.3.9, "Load Balancer Configuration", ensure that you complete the load balancer configuration as described in Section 4.1.3, "Planning Load Balancer Requirements" before proceeding.

12.3 Creating a Response File

Complete the wizard interview screens and save the response file in a location that is accessible to the various installers. Record the location, as you must supply it when you provision the environment. Note that you should create your response file on the Primordial host, which is the host that contains the Administration Server of the Common domain.

Note:

The wizard warns if it cannot connect to the database or any of the hosts specified in the response file and if any of the passwords are not valid. If this warning represents an exception, you can ignore it and continue creating the response file. However, you must fix all issues flagged in the warnings before you start to provision an environment. You cannot successfully run provisioning until all validations have passed.

12.3.1 Start the Provisioning Wizard

The Provisioning Wizard supports the following command line options:

Table 12-1 Provisioning Wizard Command Line Options

Command Line Option Description Default Value

-invPtrLoc [inventory pointer file name]

Location of the oraInst.loc file.

/etc/oraInst.loc

-ignoreSysPrereqs [true|false]

Disables validation for database, schema and hosts. Most validation errors will be ignored.

Note: -ignoreSysPrereqs true is the same as -ignoreSysPrereqs with no value specified.

false

-help

Displays help text.

Note: The -multitenant option is displayed when you use the -help option. This option is not available for 11g Release 8 (11.1.8) and is reserved for future use.

 

Usage:

provisioningWizard.sh -invPtrLoc <inventory pointer location file>

-ignoreSysPrereqs {true|false}

-help

Example 12-1

provisioningWizard.sh -invPtrLoc /oracle/oraInst.loc
-ignoreSysPrereqs

To start the Provisioning Wizard, do the following on the primordial host:

  1. Set the JAVA_HOME environment variable to point to the JDK location in the provisioning repository, for example:

    UNIX:

    export JAVA_HOME=repository_location/jdk6

    export PATH=$JAVA_HOME/bin:$PATH

    AIX:

    export JAVA_HOME=repository_location/jdk6

    export PATH=$JAVA_HOME/bin:$PATH

    export SKIP_ROOTPRE=TRUE

    Note:

    This environment variable is not required while creating a response file. However, it is required for provisioning an environment. See Section 13.5.1, "Starting the Wizard and Preparing to Install" for details.

    Windows:

    set JAVA_HOME=repository_location\jdk6

    set PATH=%JAVA_HOME%\bin;%PATH%

  2. Verify that the LIBPATH value is null.

  3. On UNIX systems, set the DISPLAY environment variable to an active and authorized display.

  4. Run the following command on the primordial host. For more information, see Section 1.5.1, "Types of Hosts in a Multiple-Host Environment".

    UNIX:

    cd framework_location/provisioning/bin

    ./provisioningWizard.sh

    Solaris:

    cd framework_location/provisioning/bin

    bash provisioningWizard.sh

    Windows:

    cd framework_location\provisioning\bin

    provisioningWizard.bat

Note:

Ensure that provisioning on Microsoft Windows platforms is performed from a Run as Administrator console. By default, the command prompt has the necessary privilege set. If not, you can run the Run as Administrator option by right clicking the Command Prompt from the Start menu.

12.3.2 Wizard Screens and Instructions

Table 12-2 shows the steps necessary to create a response file using the Provisioning Wizard. For help with any of the screens, click Help on any Provisioning Wizard screen.

Note:

If you do not input the correct values required, the error and warning messages are displayed at the bottom of the screen.

Table 12-2 Creating a Response File

Screen Description and Action Required

Welcome

No action is required on this read-only screen.

Click Next to continue.

Specify Central Inventory Directory

This screen displays only if one or more of the following conditions are not met:

  • The -invPtrLoc option is used to specify the central inventory location on non-Windows platforms, so the default value for your platform is not used. Note that the default for Linux and AIX platforms is /etc/oraInst.loc and for Solaris, it is /var/opt/oracle/oraInst.loc.

  • The Central Inventory Pointer File is readable.

  • The Central Inventory Pointer File contains a value for inventory_loc.

  • The inventory_loc directory is writable.

  • The inventory_loc directory has at least 150K of space.

  • inventory_loc is not a file.

Specify the location of the Central Inventory Directory that meets the previous criteria. The inventory_loc directory can be created by the createCentralInventory.sh script and does not have to exist at the time you specify its location.

For non-Windows platforms, in the Operating System Group ID field, select or enter the group whose members will be granted access to the inventory directory. All members of this group can install products on this host. Click OK to continue.

The Inventory Location Confirmation dialog prompts you to run the inventory_directory/createCentralInventory.sh script as root, to confirm that all conditions are met and to create the default inventory location file, such as /etc/oraInst.loc. After this script runs successfully, return to the interview and click OK to proceed with the installation.

If you do not have root access on this host but want to continue with the installation, select Continue installation with local inventory and click OK to proceed with the installation.

For Windows platforms, this screen displays if the inventory directory does not meet requirements.

For more information about inventory location files, see "Oracle Universal Installer Inventory" in the Oracle Universal Installer and OPatch User's Guide.

Click Next to continue.

Installation Options

Presents the list of valid installation actions that you can perform using the wizard. Select Create a New Applications Environment Response File.

Click Next to continue.

Specify Security Updates

Set up a notification preference for security-related updates and installation-related information from My Oracle Support. You can receive the notifications in two ways:

  • Email: Enter your email address to have updates sent by email.

  • I wish to receive security updates via My Oracle Support: Select this option to have updates sent directly to your My Oracle Support account. You must enter your My Oracle Support Password if you select this option.

    Note: If you provide invalid My Oracle Support (MOS) credentials, a dialog box is displayed informing that you will be anonymously registered. You must complete the following steps before you continue with provisioning the new environment:

    1. Cancel and exit the Provisioning Wizard.

    2. Obtain the correct MOS credentials.

    3. Restart the Provisioning Wizard to update the provisioning response file with the correct MOS credentials or uncheck the checkbox next to I wish to receive security updates via My Oracle Support. Save the provisioning response file and then exit the Provisioning Wizard.

    4. Restart the Provisioning Wizard to provision the Oracle Fusion Applications environment.

Click Next to continue.

Provisioning Configurations

Select one or more offerings, either within a configuration, or from the list of standalone product offerings.

Tip: This value is available in the Oracle Fusion Applications Installation Workbook - Provisioning tab -> Fusion Applications Offerings.

Click Details in the message pane to see a breakdown of servers for each offering.

After you click Next, you cannot change the selections on this screen. To make changes, click Cancel, open a new wizard session, and create a new response file.

Response File Description

Enter information to describe this response file. This description is not associated in any way with the executable plan file, or the summary file, that you save when you finish creating this response file.

  • Response File Name: Specify a name to identify this response file.

  • Response File Version: Assign a version number to this response file. The version is intended for documentation only.

  • Created By: Defaults to the operating system user who invoked the wizard. Set when the response file is initially created and cannot be modified for the current response file.

  • Created Date: Defaults to the date that the response file was initially created and saved. Set when the response file was initially created and cannot be modified for the current response file.

  • Response File Description: Provide a description of this response file.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Installation Location

Specify credentials for the Node Manager and supply the location of the various directories required for installation and configuration actions.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

System Port Allocation

Accept the default values or set a custom value for the Applications Base Port. The application domain port ranges are derived from this value. If you change the base port value, the domain port ranges adjust accordingly. Ranges must not overlap and must be set in ascending order.

Ports listed under Other Ports are not derived from the Applications Base Port value. These "individual" ports can be defined using custom port values.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Database Configuration

Enter the database parameters that you established when you installed Oracle Database. The wizard validates whether the database you installed is a single instance of Oracle Database or Oracle Real Application Clusters (Oracle RAC). If a Single Instance Database, enter:

  • User Name (SYSDBA Role): The user name of the sysdba role. This user name is used to upgrade schemas during the configuration phase. Note that the sysdba fields are not validated, so ensure that you enter the correct values.

  • Password: The password of the sysdba role.

  • Host Name: The name of the host where the database is installed.

  • Port: The listening port for the database.

  • Service Name: The global database name for the database that you installed. Used to distinguish this database instance from other instances of Oracle Database running on the same host.

If you have installed Oracle RAC, select Real Application Clusters Database and enter the Service Name that you specified when you installed this database.

Click Add to create a new row in the table for each instance. Select a row and click Remove to delete it. Enter the following values for the previously installed database:

  • User Name (SYSDBA Role): The user name of the sysdba role. This user name is used to upgrade schemas during the configuration phase. Note that the sysdba fields are not validated, so ensure that you enter the correct values.

  • Password: The password of the sysdba role.

  • Host Name: The name of the host for each Oracle RAC instance.

  • Port: The listening port of the database.

  • Instance Name: The name of the Oracle RAC instance used to manage this database. Due to a limitation in the Oracle Data Integrator (ODI) installer, if you select Real Application Clusters Database, you must enter at least two rows in the table. See Section 14.6.2.

Tip: This value is available in the Oracle Fusion Applications Installation Workbook - Database tab -> FA Transactional Database.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Schema Passwords

The database that you installed contains preloaded schemas required for runtime execution. Select one of the following options and enter the database schema passwords set up when you ran the Oracle Fusion Applications Repository Creation Utility. For more information, see Table 10–1, " Running the Oracle Fusion Applications Repository Creation Utility".

  • Use the same password for all accounts: Select this option if you set up a single password for all accounts. Enter the value in the Password field. This option is the default.

  • Use a different password for each account: Select this option if you set up individual passwords for each Account. Password values were set up for Oracle Fusion Applications and AS Common Schemas. Enter those values in the Password field.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

ODI Password Configuration

Enter and confirm your ODI Supervisor Password. The ODI Supervisor Password is the Supervisor Password that you entered on the Custom Variables page during execution of Oracle Fusion Applications RCU under the Master and Work Repository component.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Domain Topology Configuration

To determine the flow for the remaining wizard interview screens, choose one of the options.

The types of possible topologies are:

  • Basic Topology: One host for all domains

  • Medium Topology: One host per domain

  • Advanced Topology: One host per application and middleware component

Note that all hosts must use the same operating system; that is, you cannot install "domain1" on Windows and "domain2" on Linux. Note that you should not use any of the Oracle Identity Management hosts as the host in the Domain Topology Configuration because installing Oracle Identity Management and Oracle Fusion Applications on the same host is not a supported topology.

See Section 12.3.5, "Domain Topology Configuration" for details.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Common Domain

Note: Individual domain screens appear only if you selected the One host per application and middleware component option on the Domain Topology Configuration screen.

Specify values for this domain and its middleware dependencies. All hosts must use the same operating system and share a common mount point for network storage. The host specified for the Admin Server is the default for all servers. You can change the default.

  • Host Name: Specify the host where you want to install and configure the Managed Servers for this domain. Note that this host cannot be the same Oracle Identity Management host.

  • Port: Port for internal communications only. The wizard assigns values based on values on the System Port Allocation screen. You can edit port values. However, they must be unique within the domain and fall within the range previously specified. For example, in a range of 7401 to 7800, a value of 8444 generates an error.

  • UCM Intradoc Server Port: Port where the Universal Content Management Server listens.

  • InBound Refinery Server Port: Used for calling top-level services.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Product Family Domains

Note: Individual domain screens appear based on which options you select on the Domain Topology Configuration screen. For example, the Incentive Compensation Domain screen does not appear unless you selected that product offering for installation. All product family domain screens prompt for the same types of values.

Specify values for this domain and its middleware dependencies. All hosts must use the same operating system and share a common mount point for network storage. The host specified for the Admin Server is the default for all servers. You can change the default.

  • Host Name: Specify the host where you want to install and configure the Managed Servers for this domain. Note that this host cannot be the same Oracle Identity Management host.

  • Port: Port for internal communications only. The wizard assigns values based on values on the System Port Allocation screen. You can edit port values. However, they must be unique within the domain and fall within the range previously specified. For example, in a range of 7401 to 7800, a value of 8444 generates an error.

Note: See Section 12.3.6, "Oracle Business Intelligence Configuration" for Oracle Business Intelligence configuration requirements.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Web Tier Configuration

Use this screen to configure Oracle HTTP Server and choose a virtual host type. You can deploy the web tier to a host inside the firewall, or outside the firewall (demilitarized zone, known as DMZ).

See Section 12.3.7, "Web Tier Configuration" for the list of parameters.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Virtual Hosts Configuration

Provisioning determines the application domains to be deployed based on your product offering choices and lists them on this screen. Specify domain-specific values for the type of virtual host mode that you selected on the Web Tier Configuration screen.

See Section 12.3.8, "Virtual Hosts Configuration" for the list of parameters.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Load Balancer Configuration

Load balancing enables you to distribute a workload evenly across two or more hosts, network links, CPUs, hard drives, or other resources. Check Load Balancing Enabled to take advantage of this feature, and specify:

  • Internal Load Balancer Configuration: The host and port for the internal Virtual IP (VIP).

  • External Load Balancer Configuration: The host and port for external Virtual IP (VIP). It must have a publicly available address to be usable.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Web Proxy Configuration

Create Proxy Settings to enable users who want to use a proxy server to connect to the Internet. See Section 12.3.10, "Web Proxy Configuration" for details. Take note of the special instructions for Oracle Customer Relationship Management customers.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

IDM Properties File

When you are creating a response file or updating an incomplete response file without updates to this page, you will be able to select the IDM properties file to load IDM configuration data. After you select the file, you can review the content and decide if you want to proceed with this file.

WARNING: You can review the file and select a different file if required on this screen. You cannot select an IDM properties file after you click Next, as the screen will display read-only fields.

Do not load IDM Configuration from IDM Properties file: Select this option if you do not want to load the IDM configuration data from the IDM properties file.

Load IDM Configuration from IDM Properties file: Select this option if you want the values on the Identity Management Configuration screen and the Access and Policy Management Configuration screen to default to the values in the IDM properties file (for example, idmsetup.properties).

IDM Properties file: Enter the location of the file, for example, SHARED_CONFIG_DIR/fa/idmsetup.properties, where SHARED_CONFIG_DIR is the shared configuration location that you selected in the Install Location Configuration page of the Oracle Identity Management Provisioning Wizard.

IDM Properties file contents: If you have selected a valid IDM properties file, the contents will be displayed. This field is read-only and cannot be modified.

Click Next to continue.

Identity Management Configuration

Provisioning loads roles, policies, and application IDs that you created during the prerequisite Oracle Identity Management installation. To share the identity management environment across multiple Oracle Fusion Applications installations, and make the policies and roles accessible to all environments, you must populate identity management configuration details during the first installation.

See Section 12.3.13, "Identity Management Configuration" for the list of parameters. See also Section 12.3.11, "Distinguished Names" for information about Distinguished Names conventions.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Access and Policy Management Configuration

Configure Oracle Fusion Applications for integration with existing Oracle Access Manager components.

See Section 12.3.14, "Access and Policy Management Configuration" for the list of parameters.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

IDM Database Configuration

Enter the configuration details that you specified when you installed the database for Oracle Identity Manager.

See Section 12.3.15, "IDM Database Configuration" for the list of parameters.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

Summary

Displays the applications and middleware components that will be installed when you perform a physical installation using this response file. Includes details such as required disk space and the installation locations.

See Section 12.3.16, "Summary" for a description of the parameters.

Click Finish to save the response file. The response file is complete and can be used as the basis for provisioning of a new environment.


12.3.3 Oracle WebLogic Server Node Manager Credentials and Installation Locations

Specify credentials for the Node Manager and supply the location of the various directories required for installation and configuration actions on the Installation Location screen. The credentials provided will be used to configure the NodeManager, secure WebLogic Server and OWSM keystores and wallets on the file system.

Ensure that you use the specified user name and password to connect to the NodeManager for starting and stopping servers.

Node Manager Credentials

  • User Name: Specify a user name for the Node Manager role.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> Identity Store / Policy Store -> FA Node Manager Username.
  • Password: Specify a password for the Node Manager and retype it in the Confirm Password field.

Installation and Configuration

Provide locations of various directories that the administrator needs access to. For non-Windows platforms, you must enter the full file path in the Provisioning Wizard UI when asked to provide any file path, such as Oracle Fusion Applications Home, Applications Configuration Directory, and so on. Using symbolic link paths will cause provisioning to fail in later phases.

  • Installers Directory Location: Enter the path to the repository_location directory where you extracted the Oracle Fusion Applications software obtained from the media pack downloaded from the Oracle Software Delivery Cloud Portal. For Windows, the location must be a symbolically linked directory. See Section 5.3.2.21 for additional details. Note that a symbolic link is not necessary if the repository and the database are on the same node.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Storage tab -> Temporary Shared Storage -> Installers Directory Location.
  • Applications Base: Enter the directory path to the applications base directory. The top-level directory for the Oracle Fusion Applications binaries is the applications base and is referred to as the APPLICATIONS_BASE directory (net/mount1/appbase). See Section 2.3.7.2 for additional details.

    The applications base directory must not be set to the system root directory or set to the root directory of a logical drive. Some lifecycle management tools compute directory names by backing up one directory level from the applications base directory and then appending the appropriate subdirectory name. These tools will fail if the applications base directory is set to the system root directory or set to the root directory of a logical drive because it is not possible to back up one directory level from the system root directory or from the root directory of a logical drive.

    During creation of a provisioning plan in a UNIX environment, ensure that the absolute file path of the APPLICATIONS_BASE directory does not exceed 59 characters before provisioning a new application environment.

    In a Windows environment, this name cannot exceed eight characters, and must be a symbolically linked directory. See Section 5.3.2.21 for additional details.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Storage tab -> Install Directories -> FA Applications Base.
  • Applications Configuration: This directory is automatically populated based on the value you specify in the Applications Base field. It is the path to the directory where the configuration files for the domain will be written. You can specify a different location of your choice instead of using the location automatically populated by the UI. This directory must be empty.

    For Windows, the location must be a symbolically linked directory. See Section 5.3.2.21 for additional details.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Storage tab -> Install Directories -> FA Applications Configuration Location.
  • Enable Local Applications Configuration: Select this checkbox to run the Managed Servers from a non-networked (local) disk on the host, visible only to the processes running on that host. If you enable this option, the wizard copies the domain configuration from the shared location and places it on the local disk you specify. This configures all Managed Servers to run from the non-networked location.

  • Local Applications Configuration: Specify the location for the local domain directory you want to set up. This field is required if you selected Enable Local Applications Configuration. The specified directory must exist and initially be empty on every host that participates in the domain topology. You must ensure the directory has sufficient disk space. During the Preverify phase, provisioning displays an error if the local configuration directory does not have sufficient disk space.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Storage tab -> Install Directories -> FA Local Applications Configuration Location.

Middleware Dependencies

  • Font Directory: Appears only if you have selected Oracle Sales, Oracle Marketing, or Oracle Financials offerings. Enter the directory where the TrueType fonts are installed. The location varies on different operating systems, but is typically found here:

    • Microsoft Windows x64 (64-bit): C:\WINDOWS\Fonts

    • Linux x86-64: /usr/X11R6/lib/X11/fonts/TTF

    • Oracle Solaris: /usr/X11R6/lib/X11/fonts/TrueType

    • IBM AIX on POWER Systems (64-bit): /usr/X11R6/lib/X11/fonts/TrueType

    Some systems may not have TrueType fonts installed. If you cannot locate the fonts on your system, verify that they have been installed. In addition, you can use the fonts directory shipped as part of the JRE installed in the repository. Regardless of which path you specify, you must have access to.ttf files.

Oracle Business Intelligence Repository Password

RPD Password: Specify and Confirm a password to allow access to the metadata repository (RPD) for both Oracle Business Intelligence Applications and Oracle Transactional Business Intelligence. The password must be between 8 and 30 characters and contain at least one digit. It can include letters, numbers, pound sign (#), dollar sign ($), or underscore (_). If you want to include two consecutive dollar signs ($$) in the RPD password, enter one additional dollar sign ($) as the escape character before the second dollar sign in the password. This means you need to enter three dollar signs ($$$) for this field in the Provisioning Wizard to indicate two consecutive dollar signs. Provisioning sets up this password, but does not actually access the repository.

If the environment created is Windows-based, the wizard prompts for these values:

  • Windows Domain\Windows User Name: Specify a user name to use for running provisioning.

  • Windows Domain Password: Specify a password for running provisioning. Retype the password to Confirm it.

12.3.4 System Port Allocation

Accept the default values or set a custom value for the Applications Base Port. The application domain port ranges are derived from this value. If you change the base port value, the domain port ranges adjust accordingly. Ranges must not overlap and must be set in ascending order.

Tip:

This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Fusion Applications Port Numbers -> Fusion Applications Base.

Ports listed under Other Ports are not derived from the Applications Base Port value. These "individual" ports can be defined using custom port values.

Tip:

Node Manager: This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Fusion Applications Port Numbers -> FA Node Manager.

Informatica Identity Resolution License Server: This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Fusion Applications Port Numbers -> Informatica Identity Resolution License Server.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment. Click Next to continue.

If you have other software running on the provisioning hosts, ensure that the system port allocation value in the provisioning response file is not a port already used by other software. The system port allocation cannot be changed after you start provisioning a new Oracle Fusion Applications environment. If a port conflict is detected during provisioning phases, you have to restart provisioning from the beginning with a correct set of system port allocation. See Section 13.2, "Installation Phases and Types of Hosts in a Multiple-Host Environment" for more information.

To display a list of network connections including the port numbers and process identifier holding the ports, run these commands:

UNIX: netstat -anp

Windows: netstat

12.3.5 Domain Topology Configuration

To determine the flow for the remaining wizard interview screens, choose one of the topology types. Note that all occurrences of a hostname should use the same name in the response file. A machine name could be a logical or virtual host name. It can either be in fully qualified form, mymachine.mycompany.com, or short form, myMachine, if it is consistent throughout the response file. For more information, see Section 5.3.2.11, "Edit Host Names (UNIX)".

The types of possible topologies are:

  • Basic Topology: One host for all domains

  • Medium Topology: One host per domain

  • Advanced Topology: One host per application and middleware component

Note:

You must install Oracle Identity Management and Oracle Fusion Applications on different hosts. Installing Oracle Identity Management and Oracle Fusion Applications on the same host is not a supported topology.
  • One host for all domains: Select this option to specify the Host Name to provision all applications domains and their middleware dependencies on a single host. The wizard continues the interview at the Web Tier Configuration screen when you click Next.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Environment tab -> Environment Info -> FA Topology Type:

    For Basic topology, Select One Host For All Domains.

    This value is available in the Oracle Fusion Applications Installation Workbook - Topology tab -> Component Assignment:

    All Components below must have the same node # in the Oracle Fusion Applications Installation Workbook, use the abstract hostname (or real hostname if absract is blank) that corresponds to that node # in the Topology table:

    • FA Common Domain

    • FA CRM Domain

    • FA Financials Domain

    • FA HCM Domain

    • FA IC Domain

    • FA Procurement Domain

    • FA Projects Domain

    • FA Supply Chain Domain

    • FA Business Intelligence Domain

  • One host per domain: Select this option and then select a Host Name for each domain to be created. Provisioning installs and configures the Managed Servers for each Application Domain and the middleware dependencies on the host that you specify. The wizard continues the interview at the Web Tier Configuration screen when you click Next.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Environment tab -> Environment Info -> FA Topology Type:

    For Enterprise topology, select One Host Per Domain.

    This value is available in the Oracle Fusion Applications Installation Workbook - Topology tab -> Component Assignment:

    Use the abstract hostname (or real hostname if abstract is blank) that corresponds to the node # for the following components in the Topology table:

    • FA Common Domain

    • FA CRM Domain

    • FA Financials Domain

    • FA HCM Domain

    • FA IC Domain

    • FA Procurement Domain

    • FA Projects Domain

    • FA Supply Chain Domain

    • FA Business Intelligence Domain

  • One host per application and middleware component: Select this option to specify the host for each application and middleware component individually. The wizard displays the Common Domain screen when you click Next, and includes all domain-specific screens in the interview.

    Note:

    This topology is not covered in the Oracle Fusion Applications Installation Workbook by default, but you can use it as part of an Enterprise or Enterprise HA example topology.

If you select the last option, you cannot change the selections on this screen after you click Next. You must click Cancel, open a new wizard session, and create a new response file to change the configuration domain topology later.

12.3.6 Oracle Business Intelligence Configuration

Oracle Business Intelligence products are integrated with, and accessible from, Oracle Fusion Applications. Products include:

  • Oracle Business Intelligence Enterprise Edition

  • Oracle Business Intelligence Applications

  • Oracle Transactional Business Intelligence

  • Oracle Essbase

  • Oracle Business Intelligence Publisher

  • Oracle Real-Time Decisions

Enter the Host where you want Oracle Business Intelligence products to be installed. You specified an RPD password on the Installation Location screen. Provisioning creates this password and makes it available so that Oracle Business Intelligence Applications and Oracle Transactional Business Intelligence can access the metadata repository in your new environment.

Note:

The Oracle Fusion Applications installation and provisioning process installs the Oracle BI Applications software components in the Business Intelligence Oracle home but does no further setup. To finish setting up Oracle BI Applications, you must follow the instructions in the "Setting Up Oracle Business Intelligence Applications" chapter of the Oracle Business Intelligence Applications Installation Guide.

12.3.7 Web Tier Configuration

You can create virtual hosts on a single web tier. There are three options (IP-based, name-based, and port-based) for each domain that is created during installation. The values assigned during installation are derived from the default HTTP port that you name on this screen. Note that all occurrences of a hostname should use the same name in the response file. A machine name could be a logical or virtual host name. It can either be in fully qualified form, mymachine.mycompany.com, or short form, myMachine, if it is consistent throughout the response file. For more information, see Section 5.3.2.11, "Edit Host Names (UNIX)".

Web Tier

  • Install Web Tier in DMZ: Select this option if you set up a separate host for web tier installation as a demilitarized zone (DMZ). This host does not have access to the shared file system. It cannot be used for any other host deployed, regardless of domain. See Section 6.4.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Topology tab: Verify if the DMZ(Yes/No) column has the value Yes for the node that corresponds to the component FA WebTier.
  • Host: Enter the name of the host where Oracle HTTP Server will be installed and configured.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Topology tab: Use the abstract hostname (or real hostname if abstract is blank) for the node that corresponds to the component FA WebTier.
  • Virtual Host Mode: Select one of the following:

    • IP Based: Created on the basis of an IP or IP:host combination (the default).

    • Name Based: Create new DNS entries, such as fin.example.com and crm.example.com to use as virtual hosts.

    • Port Based: Created based on the internal and external port for each domain.

    Note:

    In the Provisioning Wizard, do not choose the Name Based virtual host mode if you are planning to specify Load Balancer Configuration details on the next page. This combination is not recommended as it requires manual changes during Oracle Fusion Applications Provisioning. Setting up Name Based virtual hosts is not recommended if you are using a Load Balancer.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Virtual Hosts tab -> WebTier Virtual Host Mode -> FA WebTier -> Mode.
  • Domain Name: Specify a domain name (using the format my.example.com) to configure the domain in which Oracle Fusion Applications will receive requests. This value is also used as the default domain name for name-based virtual hosts.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Environment tab -> Environment Info -> Domain name.
  • HTTP Port: The default port for the web tier. UNIX: Do not specify a port that requires operating system administrator privileges.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Fusion Applications Port Numbers -> FA Oracle HTTP Server.
  • HTTPS (SSL) Port: Secure port for the web tier. UNIX: Do not specify a port that requires operating system administrator privileges.

    Note:

    On UNIX platforms, using a port below 1024 requires root privileges and Provisioning is not run as root user, so you should not specify a HTTP/HTTPS port below 1024.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Fusion Applications Port Numbers -> FA Oracle HTTP Server SSL.

SMTP Server

  • Host: Specify the host for email marketing. This field appears only if you selected the Oracle Fusion Customer Relationship Management offering.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Environment tab -> Email Server -> SMTP Server Host.
  • Port: Default port for the SMTP server.

12.3.8 Virtual Hosts Configuration

Specify the configuration parameters for the domains to be installed on the virtual hosts that you selected on the Web Tier Configuration page. Note that all occurrences of a hostname should use the same name in the response file. A machine name could be a logical or virtual host name. It can either be in fully qualified form, mymachine.mycompany.com, or short form, myMachine, if it is consistent throughout the response file.

If you selected IP Based, specify the following information for each application domain listed:

Tip:

These values are available in the Oracle Fusion Applications Installation Workbook - Network - Virtual Hosts tab -> FA WebTier Virtual Hosts.
  • Internal Name: The host name where the web tier listens on the internal virtual host for this domain. The host name can consist of letters A through Z (upper or lower case), digits 0 through 9, minus sign (-) and period (.). The first character must be a letter and the last character must not be a minus sign or a period.

  • Internal Port: The port for this internal virtual host. Visible only from inside the firewall.

  • External Name: The host name for the external virtual host for this domain or middleware dependency. The host name can consist of letters A through Z (upper or lower case), digits 0 through 9, minus sign (-) and period (.). The first character must be a letter and the last character must not be a minus sign or a period. The host:port should be visible from outside the firewall.

  • External Port: The port to be used for this external virtual host. The host:port should be visible from outside the firewall.

If you selected Name Based, specify the following information for each domain listed:

  • Internal.Name: The DNS name for this internal virtual host. For example, for Oracle Fusion Financials, the name might be fin-internal.

  • External.Name: The DNS name for this external virtual host. For example, for Oracle Fusion Financials, the name might be fin.

If you selected Port Based, specify the following information for each domain listed:

  • Internal Port: The port that is visible only from inside the firewall for this domain.

  • External Port: The port that is visible from outside the firewall for this domain.

12.3.9 Load Balancer Configuration

Load balancing enables you to distribute a workload evenly across two or more hosts, network links, CPUs, hard drives, or other resources.

Load Balancing Enabled: This checkbox is selected by default. Keep it checked if you use load balancer in front of the Oracle Fusion Applications environment. Ensure that you have completed the load balancer configuration as described in Section 4.1.3, "Planning Load Balancer Requirements" before proceeding and then specify the following:

  • Internal Load Balancer Configuration: The host and port for the internal Virtual IP (VIP).

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Virtual Hosts tab -> HTTP LBR Endpoints.
  • External Load Balancer Configuration: The host and port for external Virtual IP (VIP). It must have a publicly available address to be usable.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Virtual Hosts tab -> HTTP LBR Endpoints.

To stop creating this response file and resume later, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.

Click Next to continue.

12.3.10 Web Proxy Configuration

Create Proxy Settings to enable users who want to use a proxy server to connect to the Internet.

Tip:

These values are available in the Oracle Fusion Applications Installation Workbook - Environment tab -> Web Proxy.
  • Enable Web Proxy: Select to enable proxy-related values to set up access to the Internet. Note: If you are a Oracle Fusion CRM customer and have a web proxy for external HTTP(S) traffic, you must select Enable Web Proxy on this screen and specify your web proxy configuration.

  • Web Proxy Host: Enter the name of the host where the proxy server is installed.

  • Web Proxy Port: The listening port assigned to the proxy server.

  • Enable Secure Web Proxy: Select to have the proxy server SSL-enabled. If you select this checkbox, the Secure Web Proxy Host and Secure Web Proxy Port fields are enabled and become mandatory.

  • Secure Web Proxy Host: Enter the SSL host used for secure communications.

  • Secure Web Proxy Port: Enter the SSL port used for internal communications.

  • No Proxy Hosts: Defaults to hosts that are connected directly. If there are multiple hosts, they are listed and separated by a vertical bar (|). You can use a wildcard character (*) to specify hosts that should be bypassed. For example, *.example.com would bypass all hosts whose name ends with .example.com.

  • Proxy Server Requires Authentication: To enable authentication for the proxy server, select this option.

  • User Name: Enter the user name that you set up for accessing the proxy server.

  • Password: Enter the password that you set up for accessing the proxy server.

12.3.11 Distinguished Names

A Distinguished Name (DN) identifies an entry in a Lightweight Directory Access Protocol (LDAP) directory. Because directories are hierarchical, DNs identify the entry by its location as a path in a hierarchical tree (much as a path in a file system identifies a file). Generally, a DN begins with a specific common name, and proceeds with increasingly broader areas of identification until the country name is specified.

Table 18–3 provides definitions for distinguished name components (defined in the X.520 standard).

Table 12-3 Distinguished Name Components

Component Definition

Common Name (CN)

Identifies the person or object defined by the entry. For example, cn=John Doe. Or cn=corpDirectory.example.com.

Organizational Unit (OU)

Identifies a unit within the organization. For example, ou=scm.

Organization (O)

Identifies the organization where the entry resides. For example, o=My Corporation.

Locality (L)

Identities the place where the entry resides. The locality can be a city, county, township, or any other geographic region. For example, l=Your City.

State of Province Name (ST)

Identifies the state or province in which the entry resides. For example, st=Your State.

Country (C)

Identifies the name of the country where the entry resides. For example, c=US

Domain Component (DC)

Identifies the components of a domain. For example, if the domain is example.com, the domain components would be: dc=example, dc=com.


12.3.12 Oracle Identity Management Properties File

When you are creating a response file or updating an incomplete response file without updates to this page, you will be able to select the IDM properties file to load Oracle Identity Management configuration data. After you select the file, you can review the content and decide if you want to proceed with this file.

WARNING:

You can review the file and select a different file if required on this screen. You cannot select an IDM properties file after you click Next, as the screen will display read-only fields.

  • Do not load IDM Configuration from IDM Properties file: Select this option if you do not want to load the IDM configuration data from the IDM properties file.

  • Load IDM Configuration from IDM Properties file: Select this option if you want the values on the Identity Management Configuration screen and the Access and Policy Management Configuration screen to default to the values in the IDM properties file (for example, idmsetup.properties). For more information about the IDM properties file, see Section 10.7.2, "Passing Configuration Properties File to Oracle Fusion Applications".

  • IDM Properties file: Enter the location of the file, for example, SHARED_CONFIG_DIR/fa/idmsetup.properties, where SHARED_CONFIG_DIR is the shared configuration location that you selected on the Install Location Configuration page of the Oracle Identity Management Provisioning Wizard.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> IDM Provisioning Files -> IDM Properties File Location.
  • IDM Properties file contents: If you have selected a valid IDM properties file, the contents will be displayed. This field is read-only and cannot be modified.

12.3.13 Identity Management Configuration

Enter the parameters necessary to integrate applications with a previously installed Oracle Identity Management infrastructure. If you chose to use the values in the IDM properties file (for example,idmsetup.properties) on the IDM Properties File screen, they appear as defaults in the corresponding fields. You can replace the default values if your original configuration has changed.

  • Super User Name: Enter the name of an existing user that should be granted administrator and functional setup privileges. The uid attribute must be set to be the same as the cn attribute.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> Identity Store / Policy Store -> FA Super User Name.
  • Create Administrators Group: Indicate whether you created an "Administrators" group, whose members have specialized privileges for all Oracle Fusion Middleware components. If you do not already have this group present in the identity store, this box should be checked.

  • Create Monitors Group: Indicate whether you created a "Monitors" group, whose members have read-only administrative privileges to Oracle WebLogic Server domains. If you do not already have this group present in the identity store, this box should be checked.

  • Create Operators Group: Indicate whether you created an "Operators" group, whose members have Monitors privileges to Oracle WebLogic Server domains. If you do not already have this group present in the identity store, this box should be checked.

  • Identity Store Server Type: Indicate the type of identity store that you set up: OID (Oracle Internet Directory) or OVD (Oracle Virtual Directory). If you select OVD, then the Default to Identity Store checkbox in Oracle Platform Security Services Configuration must be unchecked and the policy store cannot be the same instance as the identity store (they must be different instances in this case). Using OVD for policy store is not currently supported.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> Identity Store / Policy Store -> ID Store type (OID/OVD).
  • Use SSL to Communicate With Identity Store: This feature is not enabled in this release.

  • Identity Store Host: Enter the host or DNS name for your identity store LDAP service. This can be the host name of the identity server or the host name for the load balancer endpoint load balancing multiple identity servers.

  • Identity Store Port: The port assigned to the identity store. This can be the port of the identity server or the port for the load balancer endpoint load balancing multiple identity servers.

    Tip:

    The value for the Identity Store Port is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Identity Management Port Numbers and will depend on the Identity Store Server Type defined previously (OID or OVD).
  • Identity Store Secure Port: The SSL port assigned to the identity store. This feature is not enabled for this release. This can be the secure port of the identity server or the secure port for the load balancer endpoint load balancing multiple identity servers.

  • Identity Store User DN: Enter the Distinguished Name of the user that you set up with read-write access to the LDAP.

  • Identity Store Password: Enter the password that you set up for the user with read-write access to the LDAP.

  • Identity Store Read-only User DN: Enter the Distinguished Name (DN) of the user that you set up with read-only access to the Identity Store LDAP.

  • Identity Store Read-only Password: Enter the password that you set up for the identity store read-only user.

  • Identity Store User Name Attribute: Choose the type of user name attribute that you configured in the identity store. Valid values are: user ID (uid), common name (CN), or email address.

  • Identity Store User Base DN: Enter the root Distinguished Name assigned to the upload of applications user data. This is the root for all the user data in your identity store.

  • Identity Store Group Base DN: Enter the root Distinguished Name for all the group data in your identity store.

  • OIM Admin Server Host: Enter the name of the host where the OIM Administration Server is installed.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook:

    For Basic topology: Topology tab -> Topology -> Abstract Hostname (or Real if abstract is blank) for node that corresponds the IDM Identity and Access component.

    For Enterprise/ Enterprise HA topology: Network - Virtual Hosts tab -> AdminServer Virtual Hosts/VIPs -> IDMDomain AdminServer.

  • OIM Admin Server Port: The port where the Oracle Identity Management Administration Server listens.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Identity Management Port Numbers ->IDMDomain AdminServer.
  • OIM Administrator User Name: Enter the name you set up as the Oracle Identity Management Domain administrator.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> Identity Store / Policy Store -> IDM Super User Name.
  • OIM Administrator Password: Enter the password you set up for the Oracle Identity Management Domain administrator.

  • OIM Managed Server Host: Enter the virtual or real host name of the Oracle Identity Manager Managed Server where SPML callback and other OIM services are running.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Topology tab -> Topology -> Abstract Hostname (or Real if abstract is blank) for node that corresponds to the IDM Identity and Access component.
  • OIM Managed Server Port: Enter the virtual or real port where the Oracle Identity Manager Managed Server listens.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Identity Management Port Numbers -> IDMDomain OIM.
  • OIM HTTP Internal Endpoint URL: The internal access point on the Oracle HTTP Server for Oracle Identity Manager services in an Oracle Identity Management enterprise deployment, or the Oracle Identity Manager Managed Server access point for a non-enterprise deployment. This URL is used for HTTP communication between Oracle Fusion Applications and Oracle Identity Manager.

    Enter the HTTP termination address of Oracle Identity Manager, using the following format: http://host:port. It terminates at either a load balancer or the Oracle HTTP Server or the Oracle Identity Manager Managed Server.

  • OIM HTTP(S) External Endpoint URL: The access point to use for accessing the Oracle Identity Manager application using a browser. Note that a non-secure URL is used unless you provide an HTTPS URL.

    Enter the HTTP(S) termination address of Oracle Identity Manager, using the following format: http(s)://host:port. It terminates at either a load balancer or the Oracle HTTP Server or the Oracle Identity Management Managed Server.

Note: The wizard warns if the Identity Store credentials are not valid and do not allow a connection to the database. If this warning represents an exception, you can ignore it and continue creating the response file. However, you must fix all issues before you start to provision an environment. You cannot successfully run provisioning until all validations have passed.

Tip:

This value is available in the Oracle Fusion Applications Installation Workbook:

For Basic topology: Topology tab -> Topology -> Abstract Hostname (or real if abstract is blank) for node corresponding to the IDM Identity and Access component.For Enterprise/Enterprise HA: Network - Virtual Hosts tab -> HTTP LBR Endpoints -> IDM.

12.3.14 Access and Policy Management Configuration

Enter the parameters necessary to integrate applications with a previously installed Oracle Identity Management infrastructure. If you chose to use the values in the IDM properties file (for example, idmsetup.properties) on the IDM Properties File screen, they appear as defaults in the corresponding fields. You can replace the default values if your original configuration has changed.

Oracle Access Manager Configuration

  • OAM Admin Server Host: Enter the name of the host where the Administration Server for Oracle Access Manager exists.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook:

    For Basic topology: Topology tab -> Topology -> Abstract Hostname (or real if abstract is blank) for node corresponding to the IDM Identity and Access component.For Enterprise/Enterprise HA: Network -Virtual Hosts tab -> AdminServer Virtual Hosts/VIPs ->IDMDomain AdminServer.

  • OAM Admin Server Port: Enter the port number for the Oracle Access Manager Administration Server.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Identity Management Port Numbers -> IDMDomain AdminServer.
  • OAM Administrator User Name: Enter the name you assigned this user when you installed Oracle Access Manager.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> OAM -> OAM Administrator User Name.
  • OAM Administrator Password: Enter the password you assigned this user when you installed Oracle Access Manager.

  • OAM AAA Server Host: Enter the name of the proxy host where the Oracle Access Manager is installed.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Topology tab -> Topology -> Abstract Hostname (or Real if abstract is blank) for node corresponding to the IDM Identity and Access component.
  • OAM AAA Server Port: The port number for the Oracle Access Manager listener on the OAM proxy host.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Network - Ports tab -> Identity Management Port Numbers -> IDMDomain OAM AAA Server Port.
  • Access Server Identifier: Name used to identify the Oracle Access Server.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> OAM -> Access Server Identifier.
  • Enable Second Primary Oracle Access Manager: Select this checkbox to name a second Primary Oracle Access Manager for high availability.

  • Second Access Server Identifier: This defaults to aaa2, the name of the second Primary Oracle Access Manager Server.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> OAM -> Second Access Server Identifier.
  • Webgate Password: Specify a password for the Resource WebGate. It must contain at least eight alphanumeric characters and at least one digit or punctuation mark. Retype to Confirm the password. If seeding of security data is disabled, the password must be the existing WebGate password.

Oracle Platform Security Services Configuration

  • Default to Identity Store: The default values of this section depend on whether this field is enabled. If the checkbox is unchecked, which is the default, the OPSS Policy Store Host, OPSS Policy Store Read-Write User Name and OPSS Policy Store Password fields are empty by default and do not inherit values from your identity store. OPSS Policy Store Port defaults to 3060 and OPSS Policy Store Secure Port defaults to 3131.

    Note:

    If you check this checkbox, the Identity Store Server Type cannot be OVD and must be OID. Using OVD for policy store is currently not supported.

    If you check this checkbox, the following fields inherit values from your identity store: OPSS Policy Store Host, OPSS Policy Store Port, and OPSS Policy Store Secure Port.

    A description of related fields follows:

    • Use SSL to communicate with OPSS Policy Store: This feature is not enabled in this release.

    • OPSS Policy Store Host: Enter the host name for the OID where Oracle Platform Security Services (OPSS) policies are to be seeded if Default to Identity Store is unchecked. If Default to Identity Store is checked, this value defaults from your identity store. This can be the host name of the policy server or the host name for the load balancer endpoint load balancing multiple policy servers.

    • OPSS Policy Store Port: The number of the OID port for the OPSS policy store defaults to 3060 if Default to Identity Store is unchecked. If Default to Identity Store is checked, this value defaults from your identity store. This can be the port of the policy server or the port for the load balancer endpoint load balancing multiple policy servers.

    • OPSS Policy Store Secure Port: The number of the secure port for OID defaults to 3131 if Default to Identity Store is unchecked. If Default to Identity Store is checked, this value defaults from your identity store. This feature is not enabled for this release. This can be the secure port of the policy server or the secure port for the load balancer endpoint load balancing multiple policy servers.

  • OPSS Policy Store Read-Write User Name: Enter the Distinguished Name of the user that you set up with write privileges to the OPSS policy store. Check if the common name, cn=PolicyRWUser, has already been seeded into Identity Management. If so, enter 'cn=PolicyRWUser,replace_your_choice_of_identity_store_user_base_distinguish_name_here'.

  • OPSS Policy Store Password: Enter the password that you set up for the OPSS policy store user with read-write privileges.

  • OPSS Policy Store JPS Root Node: This is the Distinguished Name of the node to be used as the OPSS policy root for Oracle Fusion Applications. This field is read-only and the default value is set as cn=FAPolicies.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Identity Management tab -> LDAP -> FA JPS Root DN.
  • Create OPSS Policy Store JPS Root Node: Select this option to create the OPSS JPS Root Node. For this release, this option must be enabled.

Identity Management Keystore Configuration

The IDM Keystore file and password value fields are enabled if either the Identity Store, the OPSS Store, or the OIM endpoint is SSL-enabled. These fields are populated by the values from the IDM properties file (for example,idmsetup.properties), if you have this file that contains these values. You can also edit these values if the fields are enabled.

  • IDM Keystore File: Enter the location of the JKS keystore containing the certificates for the Oracle Identity Management components.

  • IDM Keystore Password: Enter the password that you set up for the IDM Keystore File.

Note: The wizard warns if the OPSS Policy Store LDAP connection and the Keystore connection information is not valid and does not allow a connection to the database. If this warning represents an exception, you can ignore it and continue creating the response file. However, you must fix all issues before you start to provision an environment. You cannot successfully run provisioning until all validations have passed.

12.3.15 IDM Database Configuration

Enter the database parameters you established when you installed Oracle Database for the Oracle Identity Manager (OIM). The wizard validates whether the database you installed is a single instance of Oracle Database or Oracle Real Application Clusters (Oracle RAC). For a Single Instance Database, enter:

Tip:

These values are available in the Oracle Fusion Applications Installation Workbook - Database tab -> IDM Database.
  • Host Name: The name of the host where the OIM database is installed.

  • Port: The listening port for the database.

  • Service Name: A unique Oracle Fusion Applications name for the OIM database.

If you have installed Oracle RAC, select Real Application Clusters Database and enter the Service Name that you specified when you installed this database.

Click Add to create a new row for each instance. Select a row and click Remove to delete the row. Enter the following information for each instance:

  • Host Name: The name of the host for each Oracle RAC instance.

  • Port: The listening port of the database.

  • Instance Name: The name of the Oracle RAC instance used to manage this database.

Enter the database schema owner and password that you set up to store the Oracle Metadata Services (MDS) Repository data for the Oracle Web Services Policy Manager.

  • Schema Owner: The owner of the MDS schema in the OIM database that is to be used by the Oracle Web Services Policy Manager.

    Tip:

    This value is available in the Oracle Fusion Applications Installation Workbook - Database tab -> IDM Database -> IDM DB Prefix (Value is made up of prefix + _MDS).
  • Schema Owner Password: The password for the MDS schema.

12.3.16 Summary

Verify that the installation represented on this screen is what you expect. Click Back to return to the interview screens that require changes. If you are satisfied with the details presented here, complete the following information:

  • Response File Name: Specify a unique file name for this response file. This is the executable file that you supply to the wizard when prompted.

  • Provisioning Summary: Specify a unique name for the summary details file. You cannot use this file to execute the response file.

  • Directory: Enter the directory where you want to save this response file and the summary file. Choose a location that is visible to all servers accessing shared storage. Ensure that the location is not read-only.

Record the name of the response file and its location. You may want to supply it to your system administrator to use when performing system maintenance tasks.

12.4 Updating an Existing Response File

During the response file creation process, you can create a partial response file, which contains an incomplete set of configuration details. To create a partial response file, click Save at any point during the interview. When you are ready to continue with the creation of the response file, start the wizard and select Update an Existing Response File from the Installation Options screen. Page through the screens and continue where you left off.

Clicking Cancel is another way to create a partial response file, or, alternatively, exit the wizard without saving any response file details:

  1. Start the Provisioning Wizard and choose Create a New Applications Environment Response File from the Installation Options screen.

  2. Begin the interview process and continue to the point where you want to end the session. Click Cancel.

  3. Choose one of the following options:

    • Save and Exit: Save the details that you have created for this response file. Creates a partial response file.

    • Exit: Exits the wizard without saving any details. Does not create a partial response file.

    • Cancel: Does not exit the wizard and keeps you on the page that you are. You can continue with the interview by returning to the Welcome screen in the wizard interview. Does not save the details that you entered and does not create a partial response file.

  4. Choose Save and Exit. The partial response file is saved in the directory where you started the wizard.

  5. When you are ready to add more details to the response file, start the Provisioning Wizard and choose Update an Existing Response File. Specify the Response File location, or click Browse to navigate to the partial response file.

  6. Page through the interview screens until you come to the point where you stopped the last session and move through the rest of the interview as described in Table 12-2 until you finish the process.

You can save a partial response file and return to the wizard as many times as necessary to complete it. The wizard does not recognize a response file as being complete or valid until you have clicked Finish on the Summary screen.

You can also update a completed response file if it has not been implemented. Note that after you select product offerings for a partial or completed response file, you cannot change the mix by updating the response file. You must start a new wizard session and create a new response file.

12.5 What to Do Next

After you have saved the response file, you can return to the Installation Options screen and select the Provision an Applications Environment option to perform the physical installation. Or, you can create another response file to use for another type of installation, for example, to create a test or demonstration environment.