19 Configuring Oracle Identity Governance
You need to perform certain tasks in order to extend the enterprise deployment domain with the Oracle Identity Governance. This includes installing the Oracle Identity and Access Management, extending the domain for Oracle Identity Governance and completing post-configuration and verification tasks.
This chapter provides information on installing the Oracle Identity and Access Management, extending the domain for Oracle Identity Governance and completing post-configuration and verification tasks.
- Variables Used When Configuring Oracle Identity Governance
While extending the domain with Oracle SOA Suite, you will be referencing the directory variables listed in this section. - Starting and Validating the Oracle Identity Governance Managed Servers
Now that you have extended the domain, started the Administration Server, and propagated the domain to the other hosts, you can start the newly configured Oracle Identity Governance Managed Servers. - Analyzing the Bootstrap Report
When you start the Oracle Identity Governance server, the bootstrap report is generated atMSERVER_HOME/servers/WLS_OIM1/logs/BootStrapReportPreStart.html
. - Configuring the Web Tier for the Domain
Configure the web server instances on the web tier so that the instances route requests for both public and internal URLs to the proper clusters in the extended domain. - Managing the Notification Service
- Configuring the Messaging Drivers
- Increasing Database Connection Pool Size
The default database connection pool size needs to be increased when Oracle Identity Governance is used in conjunction with a connector that allows interactions with an LDAP directory. - Forcing Oracle Identity Governance to use Correct Multicast Address
- Integrating Oracle Identity Governance with LDAP
- Integrating Oracle Identity Governance and Oracle Access Manager
- Restarting the IAMGovernanceDomain
- Enabling OIM to Connect to SOA Using LDAP User
- Configuring OIM Workflow Notifications to be Sent by Email
- Adding the wsm-pm Role to the Administrators Group
After you configure a new LDAP-based Authorization Provider and restart the Administration Server, add the enterprise deployment administration LDAP group (OIMAdministrators) as a member to thepolicy.Updater
role in thewsm-pm
application stripe. - Restarting the IAMGovernanceDomain
- Integrating Oracle Identity Manager with Oracle Business Intelligence Publisher
Oracle Identity Manager comes with a number of prebuilt reports that can be used to provide information about Oracle Identiy and Access Management. - Enabling Exalogic Optimizations
Parent topic: Configuring the Enterprise Deployment
Variables Used When Configuring Oracle Identity Governance
While extending the domain with Oracle SOA Suite, you will be referencing the directory variables listed in this section.
The values for several directory variables are defined in File System and Directory Variables Used in This Guide.
-
IGD_ORACLE_HOME
-
IGD_ASERVER_HOME
-
IGD_MSERVER_HOME
-
APPLICATION_HOME
-
DEPLOY_PLAN_HOME
-
JAVA_HOME
-
DOMAIN_HOME
-
IDSTORE_DIRECTORYTYPE
-
IDSTORE_SEARCHBASE
-
IDSTORE_USERSEARCHBASE
-
IDSTORE_GROUPSEARCHBASE
-
IDSTORE_OIMADMINUSERDN
-
IDSTORE_OIMADMINUSER_PWD
-
IDSTORE_EMAIL_DOMAIN
-
OIM_HOST
-
OIM_PORT
-
WLS_OIM_SYSADMIN_USER
-
WLS_OIM_SYSADMIN_USER_PWD
-
OIM_WLS_HOST
-
OIM_WLS_PORT
-
OIM_WLS_ADMIN
-
OIM_SERVER_NAME
-
WL_HOME
-
OAM_HOST
-
OAM_PORT
-
ACCESS_SERVER_HOST
-
ACCESS_SERVER_PORT
-
ACCESS_GATE_ID
-
SSO_ACCESS_GATE_PASSWORD
-
COOKIE_DOMAIN
-
OAM_TRANSFER_MODE
-
OIM_LOGINATTRIBUTE
-
OAM11G_WLS_ADMIN_HOST
-
OAM11G_WLS_ADMIN_PORT
-
OIM_WLSHOST
-
OIM_WLSPORT
-
OIM_WLSADMIN
-
OIM_WLSADMIN_PWD
-
OIM_SERVER_NAME
-
IDSTORE_OAMADMINUSER
-
IDSTORE_OAMADMINUSER_PWD
-
OAM11G_WLS_ADMIN_USER
-
OAM11G_WLS_ADMIN_PASSWD
-
IDSTORE_HOST
-
IDSTORE_PORT
-
IDSTORE_BINDDN
-
IDSTORE_BINDPWD
In addition, you'll be referencing the following virtual IP (VIP) address defined in Reserving the Required IP Addresses for an Enterprise Deployment:
-
ADMINVHN
Actions in this chapter will be performed on the following host computers:
-
OIMHOST1
-
OIMHOST2
-
WEBHOST1
-
WEBHOST2
Parent topic: Configuring Oracle Identity Governance
Starting and Validating the Oracle Identity Governance Managed Servers
Now that you have extended the domain, started the Administration Server, and propagated the domain to the other hosts, you can start the newly configured Oracle Identity Governance Managed Servers.
This process involves three tasks as described in the following sections.
- Starting the Oracle Identity Governance Managed Servers and Bootstrapping the Domain
Unlike previous releases you no longer need to run the Oracle Identity Governance configuration wizard to deploy the OIM artifacts into the domain. However, you are required to boot strap the domain. This automatically performs many of the actions that used to be performed by the OIM configuration wizard in previous releases. - Starting the WLS_SOA1 and WLS_OIM1 Managed Servers
- Validating the Managed Server by Logging in to the Identity Console
- Starting and Validating WLS_SOA2, WLS_OIM2, and WLS_WSM2 Managed Servers
After validating the successful configuration and startup of the WLS_SOA1 and WLS_OIM1 Managed Servers, you can start and validate the WLS_SOA2, WLS_OIM2, and WLS_WSM2 Managed Servers.
Parent topic: Configuring Oracle Identity Governance
Starting the Oracle Identity Governance Managed Servers and Bootstrapping the Domain
Unlike previous releases you no longer need to run the Oracle Identity Governance configuration wizard to deploy the OIM artifacts into the domain. However, you are required to boot strap the domain. This automatically performs many of the actions that used to be performed by the OIM configuration wizard in previous releases.
IGD_ASERVER_HOME
directory. However, the Node Manager that runs out of the IGD_ASERVER_HOME
communicates using the igdadmin
address. Rather than temporarily reconfiguring the Managed Servers to use this address, the Managed Servers can be started outside of Node Manager for the bootstrap process. Once the process is complete, the Managed Servers will be moved to local storage and Node Manager configured will be able to start and stop them.
IGD_ASERVER_HOME
/bin
:
-
Command for starting the Oracle SOA Suite Managed Server:
./startManagedWeblogic.sh WLS_SOA1
-
Command for starting the Oracle Identity Governance Managed Server:
./startManagedWeblogic.sh WLS_OIM1
When you execute these commands, you will be prompted to enter the WebLogic username and password. These commands run interactively, that is, after starting a Managed Server, control will not be returned to the command line. This does not matter as it is a one time operation.
Note:
You cannot perform these actions using Node Manager at this time.Starting the WLS_SOA1 and WLS_OIM1 Managed Servers
To start the WLS_SOA1 and WLS_OIM1 Managed Servers:
Validating the Managed Server by Logging in to the Identity Console
Validate the Oracle Identity Manager Server instance by bringing up the Oracle Identity Manager Console in a Web browser at:
http://OIMHOST1.example.com:14000/identity/
http://OIMHOST11.example.com:14000/sysadmin/
Log in using the xelsysadm username and password.
Validate the SOA configuration.
http://OIMHOST1.example.com:8001/soa-infra
Starting and Validating WLS_SOA2, WLS_OIM2, and WLS_WSM2 Managed Servers
After validating the successful configuration and startup of the WLS_SOA1 and WLS_OIM1 Managed Servers, you can start and validate the WLS_SOA2, WLS_OIM2, and WLS_WSM2 Managed Servers.
To start and validate the WLS_SOA2 Managed Server, use the procedure in Starting and Validating the WLS_SOA1 Managed Serverfor WLS_SOA2 Managed Server. Use the procedure to start and validate the WLS_OIM2 and WLS_WSM2 Managed Servers too.
For the validation URL, enter the following URL in your web browser and log in using the enterprise deployment administrator user:
http://OIMHOST2:14000/identity
http://OIMHOST2:14001/identity
Analyzing the Bootstrap Report
When you start the Oracle Identity Governance server, the bootstrap report is generated at MSERVER_HOME/servers/WLS_OIM1/logs/BootStrapReportPreStart.html
.
BootStrapReportPreStart.html
is an html file that contains information about the topology that you have deployed, the system level details, the connection details like the URLs to be used, the connectivity check, and the task execution details. You can use this report to check if the system is up, and also to troubleshoot the issues, post-configuration.
Every time you start the Oracle Identity Governance server, the bootstrap report is updated.
Sections in the Bootstrap Report
-
Topology Details
This section contains information about your deployment. It shows whether you have configured a cluster setup, SSL enabled, or upgraded an Oracle Identity Manager environment from 11g to 12c.
-
System Level Details
This section contains information about the JDK version, Database version, JAVA_HOME, DOMAIN_HOME, OIM_HOME, and MIDDLEWARE_HOME.
-
Connection Details
This section contains information about the connect details like the Administration URL, OIM Front End URL, SOA URL, and RMI URL.
This also shows whether the Administration Server, Database, and SOA server is up or not.
-
Execution Details
This section lists the various tasks and their statuses.
Parent topic: Configuring Oracle Identity Governance
Configuring the Web Tier for the Domain
Configure the web server instances on the web tier so that the instances route requests for both public and internal URLs to the proper clusters in the extended domain.
For additional steps in preparation for possible scale-out scenarios, see Updating Cross Component Wiring Information.
- Configuring Oracle Traffic Director for the Domain
- Integrating Oracle Identity Governance with Oracle SOA Suite
If you wish to integrate Oracle Identity Governance with Oracle SOA Suite, use the Enterprise Manager console to do the same. - Validating the Oracle SOA Suite URLs Through the Load Balancer
Parent topic: Configuring Oracle Identity Governance
Configuring Oracle Traffic Director for the Domain
If you have configured Oracle Traffic Director for this domain, you might be required to add additional origin server pools, virtual servers, or routes to the Oracle Traffic Director configuration. To understand the Oracle Traffic Director requirements for each Oracle Fusion Middleware product and for instructions on adding origin server pools, virtual servers, and routes, see Defining Oracle Traffic Director Virtual Servers for an Enterprise Deployment.
Parent topic: Configuring the Web Tier for the Domain
Integrating Oracle Identity Governance with Oracle SOA Suite
If you wish to integrate Oracle Identity Governance with Oracle SOA Suite, use the Enterprise Manager console to do the same.
Parent topic: Configuring the Web Tier for the Domain
Validating the Oracle SOA Suite URLs Through the Load Balancer
To validate the configuration of the Oracle HTTP Server virtual hosts and to verify that the hardware load balancer can route requests through the Oracle HTTP Server instances to the application tier:
Parent topic: Configuring the Web Tier for the Domain
Managing the Notification Service
An event is an operation that occurs in Oracle Identity Manager, such as user creation, request initiation, or any custom event created by the user. These events are generated as part of the business operations or through generation of errors. Event definition is the metadata that describes the event. To define metadata for events, it is important to identify all event types supported by a functional component. For example, as a part of the scheduler component, metadata is defined for a scheduled job execution failed and shutting down of the scheduler. Every time a job fails or the scheduler is shut down, the events are raised and notifications associated with that event are sent.
The data available in the event is used to create the content of the notification. The different parameters defined for an event help the system to select the appropriate notification template. The different parameters that are defined for an event help the system decide which event variables can be made available at template design time.
A notification template is used to send notifications. These templates contain variables that refer to available data to provide more context to the notifications. The notification is sent through a notification provider. Examples of such channels are e-mail, Instant Messaging (IM), Short Message Service (SMS), and voice. To use these notification providers, Oracle Identity Manager uses Oracle User Messaging Service (UMS).
At the backend, the notification engine is responsible for generating the notification, and utilizing the notification provider to send the notification.
Using SMTP for Notification
Using SMTP for notification involves configuring the SMTP email notification provider properties and adding the CSF key.
Configuring the SMTP Email Notification Provider Properties
To configure SMTP Email Notification Provider properties by using the EmailNotificationProviderMBean MBean :
Parent topic: Managing the Notification Service
Configuring the Messaging Drivers
Overview
Each messaging driver needs to be configured. For information on configuring the drivers refer to:
For sending SMS messages, refer to the install and configure the driver.
You need to configure this service id you are enabling OAM's forgotten password functionality.
Configuring the Email Driver
To configure the driver to send and emails then you need to perform the following steps:
Parent topic: Configuring the Messaging Drivers
Increasing Database Connection Pool Size
The default database connection pool size needs to be increased when Oracle Identity Governance is used in conjunction with a connector that allows interactions with an LDAP directory.
Parent topic: Configuring Oracle Identity Governance
Forcing Oracle Identity Governance to use Correct Multicast Address
Oracle Identity Governance uses multicast for certain functions. By default, the managed servers communicate using the multi cast address assigned to the primary host name. If you wish multicast to use a different network, for example, of the internal network, you must complete the following additional steps:
Parent topic: Configuring Oracle Identity Governance
Integrating Oracle Identity Governance with LDAP
Integrating Oracle Identity Governance includes the following topics:
Parent topic: Configuring Oracle Identity Governance
Update Connector Version
-
Download the Connector bundle from the artifactory: Download Connector Bundle
-
For OID or OUD, download the Connector bundle corresponding to Oracle Internet Directory.
Note:
For all directory types, the required Connector version for OIG-OAM integration is 12.2.1.3.0. -
-
Unzip the Connector bundle to the desired connector path under
$ORACLE_HOME/idm/server/ConnectorDefaultDirectory
.For example:
$IGD_ORACLE_HOME/idm/server/ConnectorDefaultDirectory
-
In case of integration with OID or OUD, update connector version and bundle version in the template XML files.
-
Remove the existing
For example, if the LDAP connector bundle is extracted toauth-template
,pre-config
andtarget-template xml
files available out-of-box in LDAP Connector version 12.2.1.3.0./u01/oracle/products/identity/idm/server/ConnectorDefaultDirectory/OID-12.2.1.3.0
, move the following files located at/u01/oracle/products/identity/idm/server/ConnectorDefaultDirectory/OID-12.2.1.3.0/xml/
:-
Move
ODSEE-OUD-LDAPV3-pre-config.xml
toODSEE-OUD-LDAPV3-pre-config.xml_bak
-
Move
ODSEE-OUD-LDAPV3-target-template.xml
toODSEE-OUD-LDAPV3-target-template.xml_bak
-
Move
ODSEE-OUD-LDAPV3-auth-template.xml
toODSEE-OUD-LDAPV3-auth-template.xml_bak
-
Move
OID-pre-config.xml
toOID-pre-config.xml_bak
-
Move
OID-target-template.xml
toOID-target-template.xml_bak
-
Move
OID-auth-template.xml
toOID-auth-template.xml_bak
-
-
Update the Connector and bundle versions in the target template as follows:
<connectorVersion>12.2.1.3.0</connectorVersion> <advanceConfig name="Bundle Version" value="12.3.0" required="false"/>
Note:
-
If directory type is OUD, update
${IGD_ORACLE_HOME}/idm/server/ssointg/connector/oud/OUD-OAM-Target-Template.xml
-
-
Update the Connector and bundle versions in the authoritative template as follows:
<connectorVersion>12.2.1.3.0</connectorVersion> <advanceConfig name="Bundle Version" value="12.3.0" required="false"/>
Note:
-
If directory type is OUD, update
${IGD_ORACLE_HOME}/idm/server/ssointag/connector/oud/OUD-auth-template.xml
-
-
Update bundle version in
pre-config
template as follows:<LookupValue id="LKV2341" repo-type="RDBMS"> <LKV_COUNTRY>US</LKV_COUNTRY> <LKV_DECODED>12.3.0</LKV_DECODED> <LKV_DISABLED>0</LKV_DISABLED> <LKV_ENCODED>Bundle Version</LKV_ENCODED> <LKV_LANGUAGE>en</LKV_LANGUAGE> <LKV_UPDATE>1334606670000</LKV_UPDATE> </LookupValue>
Note:
-
If directory type is OUD, update
${IGD_ORACLE_HOME}/idm/server/ssointg/connector/oud/OUD-OAM-pre-config.xml
In case of OUD, update the maxSize to 100 for NsuniqueID attribute definition inOUD-OAM-pre-config.xml
:<AttributeDefinition repo-type="API" name="NsuniqueID" subtype="User Metadata"> ... <maxSize>100</maxSize> ... </AttributeDefinition>
-
Important:
Post OIG-OAM integration, if the LDAP Connector bundle or the Active Directory Connector bundle is used for creating target application instances for other IT resources, then thepre-config.xml
corresponding to the directory type must be manually imported from Sysadmin UI before proceeding to create application instance.-
For OUD/ODSEE/LDAPV3:
XML name: ODSEE-OUD-LDAPV3-pre-config.xml Location (example): $ORACLE_HOME/idm/server/ConnectorDefaultDirectory/OID-12.2.1.3.0/xml/ODSEE-OUD-LDAPV3-pre-config.xml
For importing
pre-config.xml
, see Importing Connector XML File. -
Parent topic: Integrating Oracle Identity Governance with LDAP
Configuring the Oracle Connector for LDAP
The Oracle Connector for LDAP allows you to store users and passwords in a certified LDAP directory. Configure the connector before using it. Perform the following steps to configure the connector:
-
Change directory to IGD_ORACLE_HOME/idm/server/ssointg/config
-
Edit the file
configureLDAPConnector.config
updating the properties as shown below:##-----------------------------------------------------------## ## [configureLDAPConnector] IDSTORE_DIRECTORYTYPE=OUD IDSTORE_HOST=idstore.example.com IDSTORE_PORT=1389 IDSTORE_BINDDN=cn=oudadmin IDSTORE_OIMADMINUSERDN=cn=oimLDAP,cn=systemids,dc=example,dc=com IDSTORE_OIMADMINUSER_PWD=<password> IDSTORE_BINDPWD=<password> IDSTORE_SEARCHBASE=dc=example,dc=com IDSTORE_USERSEARCHBASE=cn=Users,dc=example,dc=com IDSTORE_GROUPSEARCHBASE=cn=Groups,dc=example,dc=com IDSTORE_USERSEARCHBASE_DESCRIPTION=Default user container IDSTORE_GROUPSEARCHBASE_DESCRIPTION=Default group container IDSTORE_EMAIL_DOMAIN=example.com OIM_HOST=OIMHOST1.example.com OIM_PORT=14000 WLS_OIM_SYSADMIN_USER=xelsysadm WLS_OIM_SYSADMIN_USER_PWD=<password> OIM_WLSHOST=IGDADMINVHN.example.com OIM_WLSPORT=7101 OIM_WLSADMIN=weblogic OIM_SERVER_NAME=oim_server1 CONNECTOR_MEDIA_PATH=IGD_ORACLE_HOME/idm/server/ConnectorDefaultDirectory/OID-12.2.1.3.0
Save the file when done.
Where:
Table 19-4 Configure LDAPConnector Properties
Attribute Description IDSTORE_HOST
It is the Load Balancer name for the LDAP directory for example: idstore.example.com
IDSTORE_PORT
It is the LDAP port on the load balancer for example 1389 for OUD.
IDSTORE_DIRECTORYTYPE
It is the type of LDAP directory you are using OUD.
IDSTORE_BINDDN
It is the credential used to connect to the directory to perform administrative actions, for example, oudadmin for OUD.
IDSTORE_BINDPWD
It is the password or the IDSTORE_BINDDN account.
IDSTORE_SEARCHBASE
It is the root directory tree in the directory.
IDSTORE_USERSEARCHBASE
It is the location in the directory where users are stored.
IDSTORE_GROUPSEARCHBASE
It is the location in the directory where groups are stored.
IDSTORE_OIMADMINUSERDN
It is the name of the user that OIM will use to connect to LDAP.
IDSTORE_OIMADMINUSER_PWD
It is the password of the above account.
IDSTORE_EMAIL_DOMAIN
It is the email domain.
OIM_HOST
This the the hostname that the OIM Managed server WLS_OIM1 is listening on, for example OIMHOST1.
OIM_PORT
It is the port number of the WLS_OIM1 managed server.
WLS_OIM_SYSADMIN_USER
It is the OIM administrator account for example xelsysadm.
WLS_OIM_SYSADMIN_USER_PWD
It is the password of the WLS_OIM_SYSADMIN_USER
OIM_WLSHOST
It is the listen address of the IAMGovernanceDomain administration server, for example IGDADMINVHN
OIM_WLSPORT
It is the administration servers port for example 7101.
OIM_WLSADMIN
It is the name of the IAMGovernance Domain administration user.
For example weblogic CONNECTOR_MEDIA_PATH is the location that you installed the connector.
OIM_SERVER_NAME
It is the name of the OIM Managed server that is running. For example; wls_oim1.
Note:
You should use the same values as you specified for these parameters in Creating a Configuration File. -
Locate the properties file,
ssointg-config.properties
, available atIGD_ORACLE_HOME/idm/server/ssointg/config/
and set the configureLDAPConnector value to true. All other values should be set to false.##-----------------------------------------------------------## generateIndividualConfigFiles=false prepareIDStore=false configOAM=false addMissingObjectClasses=false populateOHSRules=false configureWLSAuthnProviders=false configureLDAPConnector=true ## configureLDAPConnector takes care of updating container rules ## Additional option is provided in case rules need to be updated again updateContainerRules=false configureSSOIntegration=false enableOAMSessionDeletion=false
-
Execute the script OIGOAMIntegration for configuring the connector.
-
For example:
cd IGD_ORACLE_HOME/idm/server/ssointg/bin export JAVA_HOME=JAVA_HOME export ORACLE_HOME=IGD_ORACLE_HOME export WL_HOME=IGD_ORACLE_HOME/wlserver ./OIGOAMIntegration.sh -configureLDAPConnector
Parent topic: Integrating Oracle Identity Governance with LDAP
Add Missing Object Classes
If any users existed in LDAP prior to enabling the Oracle Identity Manager, then these new users may be missing the object classes used to control OIM/OAM integration. To add these missing object classes to these users run the following commands:
-
Change directory to IGD_ORACLE_HOME/idm/server/ssointg/config
-
Edit the file
addMissingObjectClasses.config
updating the properties as shown below:IDSTORE_DIRECTORYTYPE: OUD IDSTORE_HOST: idstore.example.com IDSTORE_PORT: 1389 IDSTORE_BINDDN: cn=orcladmin IDSTORE_BINDDN_PWD: <password> IDSTORE_USERSEARCHBASE: cn=Users,dc=example,dc=com
Save the file when done.
Table 19-5 Properties of
addMissingObjectClasses.config
Attribute Description IDSTORE_HOST
It is the Load Balancer name for the LDAP directory. For example; idstore.example.com
IDSTORE_PORT
It is the LDAP port on the load balancer. For example; 1389 for OUD.
IDSTORE_DIRECTORYTYPE
It is the type of LDAP directory you are using (OUD).
IDSTORE_BINDDN
It is the credential used to connect to the directory to perform administrative actions, for example, oudadmin for OUD.
IDSTORE_BINDPWD
It is the password for the IDSTORE_BINDDN account.
IDSTORE_USERSEARCHBASE
It is the location in the directory where user information is stored.
-
Execute the script OIGOAMIntegration.
-
For example:
cd IGD_ORACLE_HOME/idm/server/ssointg/bin export JAVA_HOME=JAVA_HOME export ORACLE_HOME=IGD_ORACLE_HOME export WL_HOME=IGD_ORACLE_HOME/wlserver ./OIGOAMIntegration.sh -addMissingObjectClasses
You will be prompted to enter the password of the LDAP directory administrator account.
Restart Domains
Restart both the IAMAccessDomain and the IAMGovernanceDomain.
Parent topic: Integrating Oracle Identity Governance with LDAP
Integrating Oracle Identity Governance and Oracle Access Manager
Integrating Oracle Identity Governance and Oracle Access Manager includes the following topics:
- Configuring SSO Integration in the IAMGovernanceDomain
- Enable OAM Notifications
- Update oam-config.xml
- Update TapEndpoint URL
Parent topic: Configuring Oracle Identity Governance
Configuring SSO Integration in the IAMGovernanceDomain
Having deployed the connector the next step in the process is the configuration of SSO in the domain. In order to do this you need to perform the following steps:
-
Change directory to
IGD_ORACLE_HOME/idm/server/ssointg/config
-
Edit the file
configureSSOIntegration.config
updating the properties in the section configureSSOIntegration as shown below:##-----------------------------------------------------------## ## [configureSSOIntegration] OAM_HOST: OAMHOST1.example.com OAM_PORT:14100 ACCESS_SERVER_HOST:OAMHOST1.example.com ACCESS_SERVER_PORT:5557 ACCESS_GATE_ID:Webgate_IDM SSO_ACCESS_GATE_PASSWORD:<password> COOKIE_DOMAIN:example.com OAM_TRANSFER_MODE:Simple OIM_LOGINATTRIBUTE:uid OAM11G_WLS_ADMIN_HOST:IADADMINVHN.example.com OAM11G_WLS_ADMIN_PORT:7001 OAM11G_WLS_ADMIN_USER:weblogic OAM11G_WLS_ADMIN_PASSWD:<password> IDSTORE_OAMADMINUSER:oamadmin IDSTORE_OAMADMINUSER_PWD:<password> OIM_WLSHOST:IGDADMINVHN.example.com OIM_WLSPORT:7101 OIM_WLSADMIN:weblogic IM_WLSADMIN_PWD:<password> OIM_SERVER_NAME:wls_oim1 SSO_KEYSTORE_JKS_PASSWORD:<password> SSO_GLOBAL_PASSPHRASE:<password> OIM_SERVER_NAME:oim_server1
Save the file when done.
Where:
Table 19-6 Configure SSOIntegration Properties
Attribute Description OAM_HOST
It is the listen address of the managed server WLS_OAM1 in the domain IAMAccessDomain
OAM_PORT
It is the port that the managed server WLS_OAM1 is listening on.
ACCESS_SERVER_HOST
It is always the same as the OAM_HOST.
ACCESS_SERVER_PORT
It is the port number of the OAM PROXY PORT.
ACCESS_GATE_ID
It is the name of the webgate agent created in Creating a Configuration File.
SSO_ACCESS_GATE_PASSWORD
It is the value assigned to the parameter OAM11G_OIM_WEBGATE_PASSWD in Creating a Configuration File.
COOKIE_DOMAIN
It is the value assigned in Creating a Configuration File.
OAM_TRANSFER_MODE
It is the value assigned in Creating a Configuration File.
OIM_LOGINATTRIBUTE
It is the LDAP field containing the users login attribute usually uid or cn.
OAM11G_WLS_ADMIN_HOST
It is the listen address of the Administration server in the domain IAMAccessDomain for example IADADMINVHN
OAM11G_WLS_ADMIN_PORT
It is the listen port of the Administration server in the domain IAMAccessDomain for example 7001.
OIM_WLSHOST
The listen address of the OIM Administration server for example
IGDADMINVHN.example.com
OIM_WLSPORT
The listen port of the OIM Administration server. For example, 7101.
OIM_WLSADMIN
The administration user of the OIM Administration Server. For example, weblogic.
OIM_WLSADMIN_PWD
Password for the OIM_WLSADMIN account.
OIM_SERVER_NAME
It is the name of the OIM Managed server that is running. For example; WLS_OIM1.
IDSTORE_OAMADMINUSER
The value assigned to IDSTORE_OAMADMINUSER in Creating a Configuration File.
IDSTORE_OAMADMINUSER_PWD
Password for the IDSTORE_OAMADMINUSER account.
-
Locate the properties file,
ssointg-config.properties
, available atIGD_ORACLE_HOME/idm/server/ssointg/config/
and set the configureSSOIntegration value to true. All other values should be set to false.##-----------------------------------------------------------## generateIndividualConfigFiles=false prepareIDStore=false configOAM=false addMissingObjectClasses=false doPopulateOHSRules=false configureWLSAuthnProviders=false configureLDAPConnector=false ## configureLDAPConnector takes care of updating container rules ## Additional option is provided in case rules need to be updated again updateContainerRules=false configureSSOIntegration=true enableOAMSessionDeletion=false
-
Execute the script OIGOAMIntegration for configuring SSO Integration.
-
For example:
cd IGD_ORACLE_HOME/idm/servers/ssointg/bin export JAVA_HOME=JAVA_HOME export ORACLE_HOME=IGD_ORACLE_HOME export WL_HOME=IGD_ORACLE_HOME/wlserver ./OIGOAMIntegration.sh -configureSSOIntegration
-
Restart the Domain IAMGovernanceDomain.
Enable OAM Notifications
Having deployed the connector the next step in the process is to tell OIM how to interact with OAM for terminating a user session after a user has been expired or terminated. In order to do this you need to perform the following steps:
-
Change directory to IGD_ORACLE_HOME/idm/server/ssointg/config.
-
Edit the file
enableOAMSessionDeletion.config
updating the properties in the section enableOAMNotifications as shown below:##-----------------------------------------------------------## ## [enableOAMNotifications] OIM_WLSHOST=IGDADMINVHN.example.com OIM_WLSPORT=7101 OIM_WLSADMIN=weblogic OIM_WLSADMIN_PWD=<password> IDSTORE_DIRECTORYTYPE: OUD IDSTORE_HOST=idstore.example.com IDSTORE_PORT=1389 IDSTORE_BINDDN=cn=oudadmin IDSTORE_BINDPWD=<password> IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com IDSTORE_SYSTEMIDBASE: cn=systemids,dc=example,dc=com IDSTORE_OAMADMINUSER: oamAdmin IDSTORE_OAMSOFTWAREUSER: oamLDAP IDSTORE_USERSEARCHBASE: cn=Users,dc=example,dc=com OIM_SERVER_NAME=WLS_OIM1
Where:
Table 19-7 Properties of enableOAMSessionDeletion
Attribute Description OIM_WLSHOST
It is the listen address of the administration server in the domain IAMGovernanceDomain for example IGDADMINVHN.example.com
OIM_WLSPORT
It is the port of the administration server in the domain IAMGovernanceDomain for example 7101
OIM_WLSADMIN
It is the name of the weblogic administrator in the IAMGovernanceDomain for example weblogic.
OIM_WLSADMIN_PWD
It is the password for the OIM_WLSADMIN account.
IDSTORE_HOST
It is the Load Balancer name for the LDAP directory for example: idstore.example.com
IDSTORE_PORT
It is the LDAP port on the load balancer for example 1389 for OUD.
IDSTORE_BINDDN
It is the credential used to connect to the directory to perform administrative actions, for example, oudadmin for OUD.
IDSTORE_BINDPWD
It is the password or the IDSTORE_BINDDN account.
IDSTORE_GROUPSEARCHBASE
It is the location in the directory where Groups are Stored.
IDSTORE_SYSTEMIDBASE
It is the location of a container in the directory where system users can be placed when you do not want them in the main user container.
IDSTORE_OAMADMINUSER
It is the name of the user you want to create as your Access Manager Administrator.
IDSTORE_OAMSOFTWAREUSER
A user that gets created in LDAP that is used when Access Manager is running to connect to the LDAP server.
IDSTORE_USERSEARCHBASE
It is the location in the directory where users are stored.
OIM_SERVER_NAME
The name of the OIM server, for example;
oim_server1
. -
Locate the properties file,
ssointg-config.properties
, available atIGD_ORACLE_HOME/idm/server/ssointg/config/
and set the enableOAMSessionDeletion value to true. All other values should be set to false.##-----------------------------------------------------------## generateIndividualConfigFiles=false prepareIDStore=false configOAM=false addMissingObjectClasses=false doPopulateOHSRules=false configureWLSAuthnProviders=false configureLDAPConnector=false ## configureLDAPConnector takes care of updating container rules ## Additional option is provided in case rules need to be updated again updateContainerRules=false configureSSOIntegration=false enableOAMSessionDeletion=true
-
Execute the script OIGOAMIntegration for enabling notifications.
-
For example:
cd IGD_ORACLE_HOME/idm/servers/sointg/bin export JAVA_HOME=JAVA_HOME export ORACLE_HOME=IGD_ORACLE_HOME export WL_HOME=IGD_ORACLE_HOME/wlserver ./OIGOAMIntegration.sh -enableOAMSessionDeletion
Update oam-config.xml
In Oracle 12c all the configuration artifacts are stored within the database, this includes the oam configuration file oam-config.xml
. In order to modify this file you must export it from the database, edit it and then import it. The steps below describe how to do this:
Export oam-config.xml
Create a file called oamdb.props
on OAMHOST1 with the following values:
oam.entityStore.ConnectString=jdbc:oracle:thin:@//db-scan.example.com:1521/oam.example.com
oam.entityStore.schemaUser=IAD_OAM
oam.entityStore.schemaPassword=Password
oam.importExportDirPath=/tmp
oam.frontending=params=OAMHOST1.example.com;14100;http
Save the file.
Table 19-8 Properties of oamdb.props
String | Description |
---|---|
|
It is the string used to connect to the database hosting the oam schema. |
|
It is the name of the schema which was created when you ran the Repository Creation Utility |
|
It is the password of the schema. |
|
It is the location where you want the extracted file to be placed. |
|
It is the host:port:protocol of one of the oam managed servers. This managed server must be running. |
Use the following command to extract the oam-config.xml
file.
$JAVA_HOME/bin/java -cp $IAD_ORACLE_HOME/idm/oam/server/tools/config-utility/config-utility.jar:$IAD_ORACLE_HOME/oracle_common/modules/oracle.jdbc/ojdbc8.jar oracle.security.am.migrate.main.ConfigCommand $IAD_ASERVER_HOME export /tmp/oamdb.props
Modify oam-config.xml
Edit the extracted oam-config.xml
. Search for MatchLDAPAttribute and set the value to uid. For example:
<Setting Name="MAPPERCLASS" Type="xsd:string">oracle.security.am.engine.authn.internal.executor.DAPAttributeMapper</Setting>
<Setting Name="MatchLDAPAttribute" Type="xsd:string">uid</Setting>
<Setting Name="name" Type="xsd:string">DAP</Setting>
Note:
Do not increment the Version tag in the file by +1.Import oam-config.xml
Now that the file has been modified it needs to be saved back to the oam database. You can use the same property file you used above for this. Execute the following command:
$JAVA_HOME/bin/java -cp $IAD_ORACLE_HOME/idm/oam/server/tools/config-utility/config-utility.jar:$IAD_ORACLE_HOME/oracle_common/modules/oracle.jdbc/ojdbc8.jar oracle.security.am.migrate.main.ConfigCommand $IAD_ASERVER_HOME import /tmp/oamdb.props
Update TapEndpoint URL
For OAM/OIM integration to work you must update the OAM TapEndpoint URL you do this by performing the following steps.
-
Log in to Oracle Fusion Middleware Control using the following URL:
http://igdadmin.example.com/em
OR
http://IGDADMINVHN.example.com:7101/em
The Administration Server host and port number were in the URL on the End of Configuration screen (Writing Down Your Domain Home and Administration Server URL). The default Administration Server port number is 7101.
-
Click WebLogic Domain, and click System MBean Browser.
In the search box, enter SSOIntegrationMXBean, and click Search. The mbean is displayed.
-
Set the value of TapEndpointURL to
https://login.example.com/oam/server/dap/cred_submit
-
Click Apply.
Restarting the IAMGovernanceDomain
For the above changes to take effect you must restart the domain.
Parent topic: Configuring Oracle Identity Governance
Enabling OIM to Connect to SOA Using LDAP User
Oracle Identity Manager connects to SOA as SOA administrator, with the username weblogic
by default. As mentioned in the previous sections, a new administrator user is provisioned in the central LDAP store to manage Identity Management Weblogic Domain.
Perform the following post installation steps to enable Oracle Identity Manager to work with the Oracle WebLogic Server administrator user provisioned in the central LDAP store. This enables Oracle Identity Manager to connect to SOA:
Note:
For the SOAConfig Mbean to be visible, at least one OIM Managed Server must be running.
-
Run the reconciliation process to enable the Oracle WebLogic Server administrator, weblogic_iam, to be visible in the OIM Identity Console. Follow these steps:
-
Log in to the OIM System Administration Console as the user
xelsysadm
. -
Click Scheduler under System Configuration.
-
Enter
SSO*
in the search box. -
Click the arrow for the Search Scheduled Jobs to list all the schedulers.
-
Select SSO User Full Reconcilliation.
-
Click Run Now to run the job.
-
Repeat for SSO Group Create And Update Full Reconciliation .
-
Log in to the OIM Identity Console and verify that the user weblogic_iam is visible.
-
-
Log in to Enterprise Manager Fusion Middleware Control of the IAMGovernanceDomain, as the
weblogic
user -
Click WebLogic Domain, and click System MBean Browser.
-
Select Search, enter
SOAConfig
, and click Search. -
Change the username attribute to the Oracle WebLogic Server administrator username provisioned in Preparing the Identity Store. For example:
weblogic_iam
Click Apply.
-
Select Weblogic Domain > Security > Credentials from the drop-down menu.
-
Expand the key oim.
-
Click SOAAdminPassword and click Edit.
-
Change the username to
weblogic_iam
and set the password to the accounts password and click OK. -
From the navigator, click WebLogic Domain and select Application Roles from the Security menu.
-
Set the application stripe to soa-infra by selecting from the drop-down list. Click Search.
-
Click SOAAdmin. Ensure that you see Administrators in the membership box.
-
Click Edit. The Edit page is displayed.
-
Click Add in the Members box. The Add principal search box is displayed.
Enter the following:
-
Type: Group
-
Principal Name: starts with: WLS
Click Search.
-
-
Select WLSAdministrators from the results box and click OK.
You will be redirected to the Edit screen. Ensure that the members are Administrators and WLSAdministrators.
Click Ok.
-
Log in to the OIM Self service Console as the user
xelsysadm
.If prompted, set up challenge questions. This happens on your first login to Oracle Identity Manager Identity Console.
-
Click Manage > Roles and Access Policies > Roles .
-
Search for the Administrators role.
Enter
Administrators
in the Display Name search box and click Search. -
Click Administrators Role.
That Role's Properties page appears.
-
Click Organizations tab
-
Click Add. Search and select the organization to which
xelsysadm
belongs, example, Xellerate Users. -
Click Add Selected. Click Select.
-
Click the Members tab and click Add.
-
Search and Select for the user weblogic_iam.
-
Click Add Selected.
-
Click Select, and then Apply.
Parent topic: Configuring Oracle Identity Governance
Configuring OIM Workflow Notifications to be Sent by Email
OIM uses human workflow that are integrated with the SOA workflow. The SOA server configures the e-mail to receive the notifications that are delivered to the user mailbox. The user is allowed to either accept or reject the notifications.
Both incoming and outgoing email addresses and mailboxes dedicated to the portal workflow are required for the full functionality. See, Configuring Human Workflow Notification Properties in the Administering Oracle SOA Suite and Oracle Business Process Management Suite.
- Log in to the Fusion Middleware Control by using the administrators account. For example,
weblogic_iam
. - Expand the Target Navigation panel and navigate to SOA > soa-infra (WLS_SOA1) service.
- From the SOA infrastructure drop-down, select SOA Administration > Workflow Properties.
- Set the Notification mode to Email. Provide the correct e-mail address for the notification service.
- Click Apply and confirm when prompted.
- Verify the changes.
- Click Go to the Messaging Driver page link.
- In the Associated Drivers section, click Configure Driver for the User Messaging Email Driver.
- Click Create if the email driver does not exist already.
- Click Test and verify the changes.
- Click OK to save the email driver configuration.
- Restart the SOA cluster. No configuration or restart is required for OIM.
Parent topic: Configuring Oracle Identity Governance
Adding the wsm-pm Role to the Administrators Group
After you configure a new LDAP-based Authorization Provider and restart the Administration Server, add the enterprise deployment administration LDAP group (OIMAdministrators) as a member to the policy.Updater
role in the wsm-pm
application stripe.
Parent topic: Configuring Oracle Identity Governance
Restarting the IAMGovernanceDomain
For the above changes to take effect you must restart the domain.
Parent topic: Configuring Oracle Identity Governance
Integrating Oracle Identity Manager with Oracle Business Intelligence Publisher
Oracle Identity Manager comes with a number of prebuilt reports that can be used to provide information about Oracle Identiy and Access Management.
Oracle Identity Manager reports are classified based on the functional areas like, Access Policy Reports, Request and Approval Reports, Password Reports, and so on. It is no longer named Operational and Historical. These reports are not generated via Oracle Identity Manager but by the Oracle Business Intelligence Publisher (BIP). Oracle Identity Manager reports provide a restriction for Oracle BI Publisher.
The setup of a highly available enterprise deployment of Oracle BI Publisher is beyond the scope of this document. For more information, see Understanding the Business Intelligence Enterprise Deployment Topology in the Enterprise Deployment Guide for Business Intelligence for 12.2.1.3.0.
- Configuring Oracle Identity Manager to use BI Publisher
You can set up Oracle BI Publisher to generate Oracle Identity Manager reports. - Assigning the BIServiceAdministrator Role to xelsysadm
If you are using LDAP as your identity store in the Business Intelligence (BI) domain, then you must have created an LDAP authenticator in the BI domain, and you can view the Users and Groups stored within LDAP. The Oracle Identity Manager (OIM) system administration account (for example,xelsysadm
) needs to be assigned the BIServiceAdministrator role, to generate reports. - Storing the BI Credentials in Oracle Identity Governance
- Creating OIM and BPEL Data Sources in BIP
Oracle BIP must be connected to the OIM and SOA database schemas to run a report. - Deploying Oracle Identity Governance Reports to BI
- Deploying Oracle Identity Governance Reports on the OBIEE Environment
- Enable Certification Reports
- Validating the Reports
Parent topic: Configuring Oracle Identity Governance
Configuring Oracle Identity Manager to use BI Publisher
You can set up Oracle BI Publisher to generate Oracle Identity Manager reports.
Assigning the BIServiceAdministrator Role to xelsysadm
If you are using LDAP as your identity store in the Business Intelligence (BI) domain, then you must have created an LDAP authenticator in the BI domain, and you can view the Users and Groups stored within LDAP. The Oracle Identity Manager (OIM) system administration account (for example, xelsysadm
) needs to be assigned the BIServiceAdministrator role, to generate reports.
Storing the BI Credentials in Oracle Identity Governance
Creating OIM and BPEL Data Sources in BIP
Oracle BIP must be connected to the OIM and SOA database schemas to run a report.
Create OIM Datasource
In order to do this you need to create BIP datasources using the following procedure:
-
Login to the BI Publisher Home page using the URL
https://bi.example.com/xmlpserver
-
Click the Administration link on the top of the BI Publisher Home page. The BI Publisher Administration page is displayed.
-
Under Data Sources, click JDBC Connection link. The Data Sources page is displayed.
-
In the JDBC tab, click Add Data Source to create a JDBC connection to your database. The Add Data Source page is displayed.
-
Enter values in the following fields:
Table 19-10 OIM Add Data Source Attributes
Attributes Value Data Source Name
Specify the Oracle Identity Governance JDBC connection name. For example, OIM JDBC.
Driver Type
Select Oracle 11g for an 11g database and Oracle 12c for a 12c database
Database Driver Class
Specify a driver class to suit your database, such as
oracle.jdbc.OracleDriver
Connection String
Specify the database connection details in the format jdbc:oracle:thin:@HOST_NAME:PORT_NUMBER:SID.
For example, jdbc:oracle:thin:@igddbscan:1521:oim.example.com
User name
Specify the Oracle Identity Governance database user name for example IGD_OIM
Password
Specify the Oracle Identity Governance database user password.
-
Click Test Connection to verify the connection.
-
Click Apply to establish the connection.
-
If the connection to the database is established, a confirmation message is displayed indicating the success.
-
Click Apply.
In the JDBC page, you can see the newly defined Oracle Identity Governance JDBC connection in the list of JDBC data sources.
Create BPEL Datasource
-
Login to the BI Publisher Home page using the URL
https://bi.example.com/xmlpserver
. -
Click the Administration link on the BI Publisher home page. The BI Publisher Administration page is displayed.
-
-
Under Data Sources, click JDBC Connection link. The Data Sources page is displayed.
-
-
In the JDBC tab, click Add Data Source to create a JDBC connection to your database. The Add Data Source page is displayed.
-
Enter values in the following fields:
Table 19-11 JDBC Add Data Source Attributes
Attributes Value Data Source Name
Specify the Oracle Identity Governance JDBC connection name. For example, BPEL JDBC.
Driver Type
Oracle 12c
Database Driver Class
Specify a driver class to suit your database, such as
oracle.jdbc.OracleDriver
Connection String
Specify the database connection details in the format jdbc:oracle:thin:@HOST_NAME:PORT_NUMBER:SID.
For example, jdbc:oracle:thin:@igddbscan:1521:oim.example.com
User name
Specify the Oracle Identity Governance database user name for example IGD_SOAINFRA.
Password
Specify the Oracle Identity Governance database user password.
-
Click Test Connection to verify the connection.
-
Click Apply to establish the connection.
-
If the connection to the database is established, a confirmation message is displayed indicating the success.
-
Click Apply.
In the JDBC page, you can see the newly defined Oracle Identity Governance JDBC connection in the list of JDBC data sources.
Deploying Oracle Identity Governance Reports to BI
Deploying Oracle Identity Governance Reports on the OBIEE Environment
Enable Certification Reports
- Log in to the Oracle Identity Self Service using the url:
https://prov.example.com/identity
. - Click the Compliance tab.
- Click the Identity Certification box.
- Select Certification Configuration. The Certification Configuration page is displayed.
- Select the Enable Certification Reports.
- Click Save.
Validating the Reports
We need to create the sample data source to generate reports against the sample data source.
Creating the Sample Reports
To view an example report data without running a report against the production JDBC Data Source, generate a sample report against the Sample Data Source. Create the Sample Data Source before you can generate the sample reports.
Generating the Reports against the Sample Data Source
- Login to Oracle BI Publisher using the url :
https://bi.example.com/xmlpserver
. - Click Shared Folders.
- Click Oracle Identity Manager Reports.
- Select Sample Reports.
- Click View for the sample report you want to generate.
- Select an output format for the sample report and click View.
The sample report is generated.
Parent topic: Validating the Reports
Generating Reports Against the Oracle Identity Manager JDBC Data Source
Parent topic: Validating the Reports
Generating Reports Against the BPEL-Based JDBC Data Source
Reports With Secondary Data Source
The following four reports have a secondary data source, which connects to the BPEL database to retrieve the BPEL data:
-
Task Assignment History
-
Request Details
-
Request Summary
-
Approval Activity
These reports have a secondary data source (BPEL-based JDBC Data Source) called BPEL JDBC. To generate reports against the BPEL-based JDBC data source:
Parent topic: Validating the Reports
Enabling Exalogic Optimizations
This section describes the tasks specific to Exalogic optimization. This sections contains the following topics:
- Configuring Oracle Identity Governance Servers to Listen on EoIB
- Enabling Cluster-Level Session Replication Enhancements for Oracle Identity Manager and SOA
Parent topic: Configuring Oracle Identity Governance
Configuring Oracle Identity Governance Servers to Listen on EoIB
This section is only required if the Oracle Identity Governance servers need to be accessed directly from outside the Exalogic machine. This is the case when external Oracle HTTP Servers are part of the configuration.
Create a new network channel as follows:
Repeat the preceding steps, substituting WLS_OIM2 and OIMHOST2-EXT
for the Server and Listen Address.
Parent topic: Enabling Exalogic Optimizations
Enabling Cluster-Level Session Replication Enhancements for Oracle Identity Manager and SOA
You can enable session replication enhancements for Managed Servers in a WebLogic cluster to which you deploy a Web application at a later time.
To enable session replication enhancements for oim_cluster
in the domain IAMGovernanceDomain, use the values in Table 19-12.
Table 19-12 Network Channel Properties
Managed Server | Name | Protocol | Listen Address | Listen Port | Additional Channel Ports |
---|---|---|---|---|---|
WLS_OIM1 |
|
t3 |
OIMHOST1.example.com |
7005 |
7006 to 7014 |
WLS_OIM2 |
|
t3 |
OIMHOST2.example.com |
7005 |
7006 to 7014 |
WLS_SOA1 |
|
t3 |
OIMHOST1.example.com |
7005 |
7006 to 7014 |
WLS_SOA2 |
|
t3 |
OIMHOST2.example.com |
7005 |
7006 to 7014 |
Proceed as follows:
-
Log in to the WebLogic Administration console at:
http://IGDADMIN.example.com/console
-
Ensure that Managed Servers in the
oim_cluster
cluster are up and running, as described in configuring-infrastructure-oracle-identity-governance.html#GUID-EB131B7B-1013-4043-839C-0CD933851C4A__BABGJJFC. -
To set replication ports for a Managed Server, use the values in Table 19-12.
To set the values for
WLS_OIM1
, for example, complete the following steps:-
Under Domain Structure, click Environment and Servers. The Summary of Servers page is displayed.
-
Click Lock & Edit.
-
Click
WLS_OIM1
on the list of servers. The Settings for WLS_OIM1 are displayed. -
Click the Cluster tab.
-
In the Replication Ports field, enter a range of ports for configuring multiple replication channels. For example, replication channels for Managed Servers in
oim_cluster
can listen on ports starting from7005
to7015
. To specify this range of ports, enter7005-7015
. -
Repeat Steps a through e for each of the other managed servers in Table 19-12.
-
-
The following steps show how to create a network channel for the managed server WLS_OIM1.
-
Log in to the Oracle WebLogic Server Administration Console.
-
If you have not already done so, click Lock & Edit in the Change Center.
-
In the left pane of the Console, expand Environment and select Servers.
The Summary of Servers page is displayed.
-
In the Servers table, click WLS_OIM1 Managed Server instance.
-
Select Protocols, and then Channels.
-
Click New.
-
Enter ReplicationChannel as the name of the new network channel and select t3 as the protocol, then click Next.
-
Enter the following information:
Listen address: OIMHOST1
Note:
This is the WLS_OIM1 floating IP assigned to WebLogic Server.
Listen port: 7005
-
Click Next, and in the Network Channel Properties page, select Enabled and Outbound Enabled.
-
Click Finish.
-
Click Save.
-
Under the Network Channels table, select ReplicationChannel, the network channel you created for the WLS_OIM1 Managed Server.
Expand Advanced, select Enable SDP Protocol, and click Save.
-
To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
You must repeat the above steps to create a network channel each for the remaining Managed Servers in the cluster. Enter the required properties, as described in Table 19-12.
-
-
After creating the network channel for each of the Managed Servers in your cluster, click Environment > Clusters. The Summary of Clusters page is displayed.
-
Click oim_cluster. The Settings for oim_cluster page is displayed.
-
Click the Replication tab.
-
In the Replication Channel field, ensure that
ReplicationChannel
is set as the name of the channel to be used for replication traffic. -
In the Advanced section, select the Enable One Way RMI for Replication option.
-
Click Save.
-
Repeat these steps for the SOA cluster.
-
To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
-
Manually add the system property
-Djava.net.preferIPv4Stack=true
to the startWebLogic.sh script, which is located in thebin
directory ofIGD_ASERVER_HOME
, using a text editor as follows:-
Locate the following line in the
startWebLogic.sh
script:. ${DOMAIN_HOME}/bin/setDomainEnv.sh $*
-
Add the following property immediately after the above entry:
JAVA_OPTIONS="${JAVA_OPTIONS} -Djava.net.preferIPv4Stack=true"
-
Save the file and close.
-
-
Restart the Administration Server of the IAMGovernanceDomain and the Managed Servers - WLS_OIM1, WLS_OIM2, WLS_SOA1, WLS_SOA2, WLS_WSM1, WLS_WSM2.
Parent topic: Enabling Exalogic Optimizations