6 Installing and Configuring Oracle Identity Governance Using Simplified Installation Process

You can install and configure Oracle Identity Governance using a simplified process, where a quickstart installer can be used to install Oracle Infrastructure, Oracle SOA Suite, and Oracle Identity Governance at once. You do not have to install them separately.

Note:

The product Oracle Identity Manager is referred to as Oracle Identity Manager (OIM) and Oracle Identity Governance (OIG) interchangeably in the guide.

Topics

About the Simplified Installation Process

The simplified installation process allows you to install Oracle Fusion Middleware Infrastructure, Oracle SOA Suite, and Oracle Identity and Access Management using the quickstart installer.

To install and configure Oracle Identity Governance, the following products are required:

  • Oracle Fusion Middleware Infrastructure

  • Oracle SOA Suite

  • Oracle Identity and Access Management

All of the above products are integrated with one installer, and hence you do not have to install these products separately.

Roadmap for Installing and Configuring Oracle Identity Governance Using Simplified Installation

Use the roadmap provided in this section to install and configure Oracle Identity Governance (OIG) using the simplified installation process.

This table provides the high-level steps for installing and configuring Oracle Identity Governance.

Table 6-1 Task Roadmap for Installing and Configuring Oracle Identity Governance Using Simplified Installation

Task Description

Verify if your system meets the minimum hardware and software requirements.

See, Roadmap for Verifying Your System Environment

Install Oracle Fusion Middleware Infrastructure, Oracle SOA Suite, and Oracle Identity and Access Management 12.2.1.4.0 using the quickstart installer.

This task involves obtaining the quickstart installer, starting the installation program, and navigating the installer screens.

See, Installing Oracle Identity Governance Using Quickstart Installer

Create the database schemas using Repository Creation Utility (RCU).

See, Creating Database Schemas

Configure the Oracle Identity Governance domain using the Configuration Wizard.

See, Configuring and Updating the Oracle Identity Governance Domain

Perform the necessary post-configuration tasks. This includes, running the offline configuration command for Oracle Identity Governance and updating the system properties for SSL configuration.

See, Performing Post-Configuration Tasks

Start the Node Manager, Administration Server, Oracle SOA Suite Managed Server, and the OIG Managed Server.

See, Starting the Servers

Integrate Oracle Identity Governance with Oracle SOA Suite, if required.

See, Integrating Oracle Identity Governance with Oracle SOA Suite

Verify the configuration.

See, Verifying the Configuration

Refer to the bootstrap report for the configuration details and for any issues or warnings thrown during the installation process.

See, Analyzing the Bootstrap Report

Access the Oracle Identity Governance Design Console, if required.

See, Accessing the Oracle Identity Governance Design Console (Optional)

Installing Oracle Identity Governance Using Quickstart Installer

Download the quickstart installer and install Oracle Identity and Access Management and other dependant applications like Oracle Fusion Middleware Infrastructure and Oracle SOA Suite.

Topics:

Obtaining the Quickstart Installer

You can obtain the quickstart installer distribution on the Oracle Technology Network (OTN), which can be used to install Oracle Fusion Middleware Infrastructure, Oracle SOA Suite, and Oracle Identity and Access Management 12.2.1.4.0.

See Obtaining Product Distributions in Planning an Installation of Oracle Fusion Middleware.

Starting the Quickstart Installation Program

Start the quickstart installation program by running the java executable from the JDK directory.

Run the following command from the JDK directory:
  • On UNIX:

    $JAVA_HOME/bin/java —jar fmw_12.2.1.4.0_idmquickstart.jar

  • On Windows:

    $JAVA_HOME\bin\java —jar fmw_12.2.1.4.0_idmquickstart.jar

Navigating the Quickstart Installation Screens

The quickstart installer shows a series of screens where you verify or enter information.

The following table lists the order in which installer screens appear. If you need additional help with an installation screen, click Help.

Table 6-2 Oracle Identity Governance Quickstart Install Screens

Screen Description

Welcome

Review the information to make sure that you have met all the prerequisites, then click Next.

Auto Updates

Select to skip automatic updates, select patches, or search for the latest software updates, including important security updates, through your My Oracle Support account.

Installation Location

Specify your Oracle home directory location.

You can click View to verify and ensure that you are installing the products in the correct Oracle home.

Prerequisite Checks

This screen verifies that your system meets the minimum necessary requirements.

To view the list of tasks that gets verified, select View Successful Tasks. To view log details, select View Log. If any prerequisite check fails, then an error message appears at the bottom of the screen. Fix the error and click Rerun to try again. To ignore the error or the warning message and continue with the installation, click Skip (not recommended).

Installation Summary

Use this screen to verify installation options you selected. If you want to save these options to a response file, click Save Response File and enter the response file location and name. The response file collects and stores all the information that you have entered, and enables you to perform a silent installation (from the command line) at a later time.

Click Install to begin the installation.

Installation Progress

This screen shows the installation progress.

When the progress bar reaches 100% complete, click Finish to dismiss the installer, or click Next to see a summary.

Installation Complete

This screen displays the Installation Location and the Feature Sets that are installed. Review this information and click Finish to close the installer.

Verifying the Installation

After you complete the installation, verify whether it was successful by completing a series of tasks.

Reviewing the Installation Log Files

Review the contents of the installation log files to make sure that the installer did not encounter any problems.

By default, the installer writes logs files to the Oracle_Inventory_Location/logs (on UNIX operating systems) or Oracle_Inventory_Location\logs (on Windows operating systems) directory.

For a description of the log files and where to find them, see Installation Log Files in Installing Software with the Oracle Universal Installer.

Checking the Directory Structure

The contents of your installation vary based on the options that you selected during the installation.

See What Are the Key Oracle Fusion Middleware Directories? in Understanding Oracle Fusion Middleware.

Viewing the Contents of the Oracle Home

You can view the contents of the Oracle home directory by using the viewInventory script.

See Viewing the Contents of an Oracle Home in Installing Software with the Oracle Universal Installer.

Creating Database Schemas

Before you configure the Oracle Identity Governance domain, you must create necessary database schemas using Repository Creation Utility (RCU).

To create database schemas, complete the following steps:
  1. Ensure that you have installed and configured a certified database, and verify that the database is up and running.
  2. Ensure that the JAVA_HOME environment variable is set to the location of the certified JDK. For example:
    • (UNIX) setenv JAVA_HOME /home/Oracle/Java/jdk1.8.0_211
    • (Windows) set JAVA_HOME=C:\home\Oracle\Java\jdk1.8.0_211
  3. Start the RCU by running the following command from the ORACLE_HOME/oracle_common/bin directory
    • (UNIX) ./rcu
    • (Windows) rcu.bat
  4. Navigate the screens by specifying the required information. The following table provides the description for each of the RCU screens:

    Table 6-3 RCU Screens

    Screen Description

    Welcome

    This is the welcome page. Click Next.

    Create Repository

    If you have the necessary permissions and privileges to perform DBA activities on your database, select System Load and Product Load. This procedure assumes that you have SYSDBA privileges.

    If you do not have the necessary permissions or privileges to perform DBA activities in the database, select Prepare Scripts for System Load on this screen. This option generates a SQL script that you can give to your database administrator. See About System Load and Product Load in Creating Schemas with the Repository Creation Utility.

    If the DBA has already run the SQL script for System Load, select Perform Product Load.

    Click Next.

    Database Connection Details

    Provide the database connection details. For example:

    • Database Type: Oracle Database

    • Name: examplehost.exampledomain.com

    • Port: 1521

    • Service NameOrcl.exampledomain.com

    • User Name: sys

    • Password: ******

    • Role: SYSDBA

    Click Next.

    Select Components

    Select Create new prefix and select Oracle Identity Manager in the Component list.

    Click Next to proceed, then click OK on the dialog window confirming that prerequisite checking for schema creation was successful.

    Schema Passwords

    Specify the schema password, and confirm by re-entering it.

    Click Next.

    Custom Variables

    Specify custom variables for the schema.

    Click Next.

    Map Tablespaces

    On this screen, the Encrypt Tablespace check box appears only if you enabled Transparent Data Encryption (TDE) in the database (Oracle or Oracle EBR) when you start the RCU. Select the Encrypt Tablespace check box if you want to encrypt all new tablespaces that the RCU creates.

    Click Next.

    Completion Summary

    Click Close to dismiss the RCU.

Configuring and Updating the Oracle Identity Governance Domain

Use the Configuration Wizard to configure and update the Oracle Identity Governance (OIG) domain.

To configure and update the Oracle Identity Governance domain, complete the following steps:
  1. Start the Configuration Wizard by running the following command from the ORACLE_HOME/oracle_common/common/bin directory:
    • (UNIX) ./config.sh
    • (Windows) config.cmd
    Here, ORACLE_HOME refers to your 12c (12.2.1.4.0) Oracle home.
  2. Use the Configuration Wizard to configure the domain. For information, see Navigating the Configuration Wizard Screens to Create and Configure the Domain.
  3. Update the domain. For information, see Additional Domain Configuration.

Performing Post-Configuration Tasks

After you configure the Oracle Identity Governance domain, perform the necessary post-configuration tasks.

Topics

Running the Offline Configuration Command

After you configure the Oracle Identity Governance domain, run the offlineConfigManager script to perform post configuration tasks.

Ensure that you run this command before you start any server. To run the offlineConfigManager command, do the following:
  1. Set the following environment variables to the right values:
    • DOMAIN_HOME
    • JAVA_HOME
  2. Ensure that you have execute permissions for the file OIM_HOME/server/bin/offlineConfigManager.sh.
  3. Run the following command from the location OIM_HOME/server/bin/:
    • On Unix: ./offlineConfigManager.sh
    • On Windows: offlineConfigManager.bat

    Note:

    OIM_HOME refers to ORACLE_HOME/idm.

Updating the System Properties for SSL Enabled Servers

For SSL enabled servers, you must set the required properties in the setDomainEnv file in the domain home.

Set the following properties in the DOMAIN_HOME/bin/setDomainEnv.sh (for UNIX) or DOMAIN_HOME\bin\setDomainEnv.cmd (for Windows) file before you start the servers:
  • -Dweblogic.security.SSL.ignoreHostnameVerification=true

  • -Dweblogic.security.TrustKeyStore=DemoTrust

Starting the Servers

After a successful configuration, start all processes and servers, including the Administration Server and any Managed Servers.

The components may be dependent on each other so they must be started in the correct order.

Note:

The procedures in this section describe how to start servers and process using the WLST command line or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager in Administering Oracle Fusion Middleware.

To start your Fusion Middleware environment, follow the steps below.

Step 1: Start Node Manager

To start Node Manager, use the startNodeManager script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/startNodeManager.sh

  • (Windows) EXISTING_DOMAIN_HOME\bin\startNodeManager.cmd

Step 2: Start the Administration Server

When you start the Administration Server, you also start the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

To start the Administration Server, use the startWebLogic script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/startWebLogic.sh

  • (Windows) EXISTING_DOMAIN_HOME\bin\startWebLogic.cmd

When prompted, enter your user name, password, and the URL of the Administration Server.

Step 3: Start the Managed Servers

Start the Oracle SOA Suite Managed Server first and then the Oracle Identity Governance Managed Server.

To start a WebLogic Server Managed Server, use the startManagedWebLogic script:

  • (UNIX) EXISTING_DOMAIN_HOME/bin/startManagedWebLogic.sh managed_server_name admin_url

  • (Windows) EXISTING_DOMAIN_HOME\bin\startManagedWebLogic.cmd managed_server_name admin_url

When prompted, enter your user name and password.

Note:

The startup of a Managed Server will typically start the applications that are deployed to it. Therefore, it should not be necessary to manually start applications after the Managed Server startup.

Integrating Oracle Identity Governance with Oracle SOA Suite

If you wish to integrate Oracle Identity Governance with Oracle SOA Suite, use the Enterprise Manager console to do the same.

To integrate Oracle Identity Governance with Oracle SOA Suite, do the following:
  1. Log in to Oracle Fusion Middleware Control:
    http://administration_server_host:administration_server_port/em
    

    The Administration Server host and port number were in the URL on the End of Configuration screen (Writing Down Your Domain Home and Administration Server URL). The default Administration Server port number is 7001.

    The login credentials were provided on the Administrator Account screen (Configuring the Administrator Account).

  2. Click weblogic_domain and then click System Mbean Browser.
  3. In the search box, enter OIMSOAIntegrationMBean, and click Search. The mbean is displayed.

    Note:

    If Oracle Identity Governance is still starting (coming up) or is just started (RUNNING MODE), the Enterprise Manager does not show any Mbeans defined by OIG. Wait for two minutes for the server to start, and then try searching for the Mbean in System Mbean Browser of the Enterprise Manager,.

  4. Go to the Operations tab of mbean, and select integrateWithSOAServer.
  5. Enter the required attributes and click Invoke.

Verifying the Configuration

After completing all configuration steps, you can perform additional steps to verify that your domain is properly configured.

To verify that the domain is configured properly, see Performing Additional Domain Configuration Tasks.

Analyzing the Bootstrap Report

When you start the Oracle Identity Governance server, the bootstrap report is generated at DOMAIN_HOME/servers/oim_server1/logs/BootStrapReportPreStart.html.

The bootstrap report BootStrapReportPreStart.html is an html file that contains information about the topology that you have deployed, the system level details, the connection details like the URLs to be used, the connectivity check, and the task execution details. You can use this report to check if the system is up, and also to troubleshoot the issues, post-configuration.

Every time you start the Oracle Identity Governance server, the bootstrap report is updated.

Sections in the Bootstrap Report

  • Topology Details

    This section contains information about your deployment. It shows whether you have configured a cluster setup, SSL enabled, or upgraded an Oracle Identity Manager environment from 12c (12.2.1.3.0) to 12c (12.2.1.4.0).

  • System Level Details

    This section contains information about the JDK version, Database version, JAVA_HOME, DOMAIN_HOME, OIM_HOME, and ORACLE_HOME.

  • Connection Details

    This section contains information about the connect details like the Administration URL, OIM Front End URL, SOA URL, and RMI URL.

    This also shows whether the Administration Server, Database, and SOA server is up or not.

  • Execution Details

    This section lists the various tasks and their statuses.

Accessing the Oracle Identity Governance Design Console (Optional)

After you configure Oracle Identity Governance (OIG) 12c (12.2.1.4.0), if you wish to access the Oracle Identity Governance Design Console, you can do so by invoking the xlclient command from the new Oracle Home.

To access the Oracle Identity Governance Design Console, do the following:
  1. Ensure that the JAVA_HOME environment variable is set to the location of the certified JDK. For example:
    • (UNIX) setenv JAVA_HOME /home/Oracle/Java/jdk1.8.0_211
    • (Windows) set JAVA_HOME=C:\home\Oracle\Java\jdk1.8.0_211
  2. Invoke the Design Console by running the following command from the location ORACLE_HOME\idm\designconsole:
    • (UNIX) ./xlclient.sh
    • (Windows) xlclient.cmd
    Enter the following details when prompted:
    • Server url: Enter the Oracle Identity Governance server URL in the format t3://oim_server_hostname:oimport.

    • User ID: Enter the OIG Administrator user login. For example, xelsysadm.

    • Password: Enter the OIG Administrator user password. For example, xelsysadm_password.

If you wish to set up only the Oracle Identity Governance Design Console on Windows, without configuring the server, you must install Oracle Identity and Access Management 12c (12.2.1.4.0) in standalone mode, on the Windows machine, and then invoke the Design Console using the instructions in this section.