1. Integration Guide for Oracle Identity Management Suite
  2. Appendices
  3. Using the idmConfigTool Command

C Using the idmConfigTool Command

The IdM configuration tool (idmConfigTool) performs a number of tasks to assist in installing, configuring, and integrating Oracle identity management (IdM) components. This appendix explains how to use the tool.

Note:

  • This appendix does not contain actual integration procedures; rather, it contains idmConfigTool command syntax and related details. Use this appendix as a reference whenever you are executing idmConfigTool as directed by your integration procedure or task.

  • Ensure that the LDAP server, as well as the admin servers hosting OAM, OIM are up before you run idmConfigTool

This appendix contains these sections:

C.1 About idmConfigTool

This section contains these topics:

C.1.1 What is idmConfigTool?

The idmConfigTool helps you to perform the following tasks efficiently:

  • To validate configuration properties representing the Identity Management components Oracle Internet Directory (OID), Oracle Virtual Directory (OVD), Oracle Unified Directory (OUD), Oracle Access Management Access Manager (OAM) and Oracle Identity Governance (OIG).

  • To pre-configure the Identity Store components (OID, OVD, and OUD) to install the other Identity Management components, including OAM, OIG, and Oracle Access Management Mobile and Social.

  • To post-configure the OAM, OIG components and wiring of those components.

  • To extract the configuration of the Identity Management components OID, OVD, OUD, OAM, and OIG.

See Also:

idmConfigTool Command Syntax.

C.1.2 Components Supported by idmConfigTool

idmConfigTool supports these 11g components:

  • Oracle Internet Directory

  • Oracle Virtual Directory

  • Oracle Access Management Access Manager

  • Oracle Identity Management

  • Oracle Unified Directory (OUD)

  • Oracle Access Management Mobile and Social

C.1.3 When to Use idmConfigTool

Use idmConfigTool in these situations:

  • Prior to installing Oracle Identity Management and Oracle Access Management Access Manager

  • After installing Oracle Identity Management and Oracle Access Management Access Manager

  • After installing Oracle Access Management Mobile and Social

  • When dumping the configuration of IdM components Oracle Internet Directory, Oracle Unified Directory, Oracle Virtual Directory, Oracle Identity Management, and Oracle Access Manager

  • When validating the configuration parameters for Oracle Internet Directory, Oracle Virtual Directory, Oracle Identity Management, and Oracle Access Manager

What is idmConfigTool? explains the tasks the tool performs in each situation.

C.1.4 Location of idmConfigTool

The idmConfigTool is located at:

IAM_ORACLE_HOME/idmtools/bin

where IAM_ORACLE_HOME is the directory in which OIM and OAM are installed.

To execute idmConfigTool on Linux

cd <IAM_ORACLE_HOME>/idmtools/bin
./idmConfigTool.sh

To execute idmConfigTool on Windows

cd <IAM_ORACLE_HOME>\idmtools\bin
idmConfigTool.cmd

C.1.5 Webgate Types Supported by idmConfigTool

The idmConfigTool supports OAM 11g Webgates by default. It also supports 10g Webgates.

C.1.6 idmConfigTool in Single- and Cross-Domain Scenarios

The tool supports two types of scenarios with regard to Weblogic domains:

  • A single-domain configuration in which both Access Manager and Oracle Identity Management servers are configured in the same Weblogic domain

  • A dual or cross-domain configuration in which Access Manager and Oracle Identity Management servers are configured on separate Weblogic domains

C.2 Set Up Environment Variables for OIG-OAM Integration

You must configure the environment before running the 'idmConfigTool.

Set the following variables:

Table C-1 Environment Variables for OIGOAMIntegration script.

Variable Description

WL_HOME

Not mandatory. It is set to MW_HOME/wlserver_10.3 by default, and this setting is used.

See MW_HOME for an example.

JAVA_HOME

This is the full path of the JDK directory.

If running on IBM WebSphere, this variable must point to the IBM JDK. Set the value to the full path of the JDK. For example:

/WASSH/WebSphere/AppServer/java

Important: On IBM WebSphere, do not use a JDK other than the IBM JDK.

ORACLE_HOME

Set to the full path of the Oracle home. For IdM integrations, set to IAM_ORACLE_HOME.

C.3 idmConfigTool Syntax and Usage

This section contains these topics:

C.3.1 idmConfigTool Command Syntax

The tool has the following syntax on Linux:

idmConfigTool.sh -command   input_file=filename log_file=logfileName log_level=log_level

The tool has the following syntax on Windows:

idmConfigTool.bat -command   input_file=filename log_file=logfileName log_level=log_level

Values for command are as follows:

Command Component name Description

preConfigIDStore

Identity Store

Configures the identity store and policy store by creating the groups and setting ACIs to the various containers.

prepareIDStore mode=    OAM   OIM   WLS    WAS   FUSION   OAAM   APM   all

Identity Store

Configures the identity store by adding necessary users and associating users with groups. Modes enable you to configure for a specific component.

You can run this command on Oracle WebLogic Server (mode=WLS) or IBM WebSphere (mode=WAS).

configPolicyStore

Policy Store

Configures policy store by creating read-write user and associates them to the groups.

configOAM

Oracle Access Manager

Oracle Identity Management

Prepares Access Manager for integration with Oracle Identity Governance.

configOIM

Oracle Access Manager

Oracle Identity Management

Sets up wiring between Access Manager and Oracle Identity Governance.

configOMSS

Oracle Access Management Mobile and Social

Performs post-install configuration for Oracle Access Management Mobile and Social

configOVD

Oracle Virtual Directory

Creates OVD adapters.

disableOVDAccessConfig

Oracle Virtual Directory

Disables anonymous access to the OVD server. Post-upgrade command. Note: configOVD performs this task automatically when run.

postProvConfig

Identity Store

Performs post-provisioning configuration of the identity store.

validate   IDSTORE   POLICYSTORE   OAM11g   OAM10g   OIM

Various

Validates the set of input properties for the named entity.

ovdConfigUpgrade

Oracle Virtual Directory

Updates the configuration for an upgraded OVD with split profile.

upgradeLDAPUsersForSSO

Oracle Identity Management

Access Manager

Updates existing users in OID by adding certain object classes which are needed for Oracle Identity Management-Access Manager integration.

upgradeOIMTo11gWebgate

Oracle Identity Management

Access Manager

Upgrades an existing configuration consisting of integrated Oracle Identity Management-Access Manager, using Webgate 10g, to use Webgate 11g

C.3.2 Requirements for Running idmConfigTool

You must run this tool as a user with administrative privileges when configuring the identity store or the policy store.

The validate command requires a component name.

Caution:

The commands cannot be run in isolation. Run them in the context of explicit integration procedures; use this appendix only as a command reference.

C.3.3 Files Generated by idmConfigTool

idmConfigTool creates or updates certain files upon execution.

  • Parameter File

    When you run the idmConfigTool, the tool creates or appends to the file idmDomainConfig.param in the directory from which you run the tool. To ensure that the same file is appended to each time the tool is run, always run idmConfigTool from the directory: 

    IAM_ORACLE_HOME/idmtools/bin

  • Log File

    You can specify a log file using the log_file attribute of idmConfigTool.

    If you do not explicitly specify a log file, a file named automation.log is created in the directory where you run the tool.

    Check the log file for any errors or warnings and correct them.

C.3.4 Using the Properties File for idmConfigTool

This section describes the properties file that can be used with idmConfigTool.

C.3.4.1 About the idmConfigTool properties File

A properties file provides a convenient way to specify command properties and enable you to save properties for reference and later use. You can specify a properties file, containing execution properties, as input command options. The properties file is a simple text file which must be available at the time the command is executed.

For security you are advised not to insert passwords into the properties file. The tool prompts you for the relevant passwords at execution.

C.3.4.2 List of idmConfigTool Properties

Table C-2 lists the properties used by integration command options in the idmConfigTool command. The properties are listed in alphabetical order.

WARNING:

For security, do not put password values in your properties files. idmConfigTool prompts for passwords upon execution.

Table C-2 Properties Used in IdMConfigtool properties Files

Parameter Example Value Description

ACCESS_GATE_ID

IdentityManagerAccessGate

The Access Manager access gate ID with which Oracle Identity Management needs to communicate.

ACCESS_SERVER_HOST

mynode.us.example.com

Access Manager Access Server host name

ACCESS_SERVER_PORT

5575

Access Manager NAP port.

APNS_FILE

/scratch/silent_omsm/keystores/APNS.p12

Apple Push Notification Service (APNS) keystore file; used to establish secure connection to Apple server to send notifications.

APNS_KEYSTORE_PASSWD

APNS keystore password.

APPLE_CACERT_FILE

/scratch/omss/keystores/applerootca.crt

File location of Apple root CA. Required during iOS device enrollment in Oracle Mobile Security Suite (OMSS).

AUTOLOGINURI

/obrar.cgi

URI required by Oracle Platform Security Services (OPSS). Default value is /obrar.cgi

COOKIE_DOMAIN

.us.example.com

Web domain on which the Oracle Identity Management application resides. Specify the domain in the format .cc.example.com.

COOKIE_EXPIRY_INTERVAL

-1

Cookie expiration period. Set to -1 to denote that the cookie expires when the session is closed.

DB_PASSWD

Database password, used in conjunction with JDCB_URL.

DOMAIN_LOCATION

ORACLE_BASE /admin/IDMDomain/aserver/IDMDomain

The location of the Oracle Identity Governance domain (and OMSM, if applicable).

DOMAIN_NAME

IDM_Domain

The Oracle Identity Governance domain name.

EMAIL_ADMIN_USER

admin@example.com

E-mail admin user; must be an e-mail address.

EMAIL_ADMIN_PASSWD

Email admin user's password

EXCHANGE_DOMAIN_NAME

example.com

Domain name of the exchange server.

EXCHANGE_SERVER_URL

http://testuri.com

URL of the exchange server.

EXCHANGE_LISTENER_URL

http://testuri.com

URL of the exchange listener.

EXCHANGE_SERVER_VERSION

2.0

The version of the exchange server.

EXCHANGE_ADMIN_USER

serviceuser

Admin user of the exchange server.

EXCHANGE_ADMIN_PASSWD

Password of the exchange server's admin user.

GCM_API_KEY

AIzaSyCh_JALj5Y

GCM notification API key.

GCM_SENDER_ID

6.10046E+11

GCM notification sender ID.

IDSTORE_ADMIN_PORT

4444

The admin port for an Oracle Unified Directory (OUD) identity store.

idmConfigTool needs to connect on the OUD admin port for all operations changing OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_HOST

idstore.example.com

Host name of the LDAP identity store directory (corresponding to the IDSTORE_DIRECTORYTYPE).

If your identity store is in Oracle Internet Directory or Oracle Unified Directory, then IDSTORE_HOST points directly to the Oracle Internet Directory or Oracle Unified Directory host. If the Identity Store is fronted by Oracle Virtual Directory, then IDSTORE_HOST points to the Oracle Virtual Directory host, which is IDSTORE.example.com.

IDSTORE_PORT

1389

Port number of the LDAP identity store (corresponding to the IDSTORE_DIRECTORYTYPE).

IDSTORE_BINDDN

cn=orcladmin

Administrative user in the identity store directory.

IDSTORE_USERNAMEATTRIBUTE

cn

Username attribute used to set and search for users in the identity store.

Set to part of the user DN. For example, if the user DN is cn=orcladmin,cn=Users,dc=us,dc=example,dc=com, this property is set to cn.

IDSTORE_LOGINATTRIBUTE

uid or email

Login attribute of the identity store which contains the user's login name. This is the attribute the user uses for login.

IDSTORE_USERSEARCHBASE

cn=Users,dc=us,dc=example,dc=com

Location in the directory where users are stored. This property tells the directory where to search for users.

IDSTORE_SEARCHBASE

dc=us,dc=example,dc=com

Search base for users and groups contained in the identity store.

Parent location that contains the USERSEARCHBASE and the GROUPSEARCHBASE.

For example:

IDSTORE_SEARCHBASE: cn=oracleAccounts, dc=example,dc=com
IDSTORE_USERSEARCHBASE: cn=Users,cn=oracleAccounts,dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,cn=oracleAccounts,dc=example,dc=com

IDSTORE_GROUPSEARCHBASE

cn=Groups,dc=us,dc=example,dc=com

The location in the directory where groups (or roles) are stored. This property tells the directory where to search for groups or roles.

IDSTORE_OAMSOFTWAREUSER

oamLDAP

The username used to establish the Access Manager identity store connection. This user is created by the idmconfigtool.

IDSTORE_OAMADMINUSER

oamadmin

The identity store administrator you want to create for Access Manager. Required only if the identity store is set as the system identity store. The administrator is created by the idmconfigtool.

IDSTORE_OAAMADMINUSER

oaamadmin

The identity store administrator for Oracle Adaptive Access Manager.

IDSTORE_PROFILENAME

idsprofile

Name of the identity store profile.

IDSTORE_SYSTEMIDBASE

cn=system, dc=test

Location of a container in the directory where system operations users are stored so that they are kept separate from enterprise users stored in the main user container. There are only a few system operations users. One example is the Oracle Identity Management reconciliation user which is also used for the bind DN user in Oracle Virtual Directory adapters.

IDSTORE_READONLYUSER

User with read-only permissions to the identity store.

IDSTORE_READWRITEUSER

User with read-write permissions to the identity store.

IDSTORE_SUPERUSER

The Oracle Fusion Applications superuser in the identity store.

IDSTORE_XELSYSADMINUSER

The administrator of the xelsysadm system account.

IDSTORE_OIMADMINUSER

The identity store administrator for Oracle Identity Governance. User that Oracle Identity Governance uses to connect to the identity store

IDSTORE_OIMADMINGROUP

The Oracle Identity Governance administrator group you want to create to hold your Oracle Identity Governance administrative users.

IDSTORE_SSL_ENABLED

Whether SSL to the identity store is enabled.

Valid values: true | false

IDSTORE_KEYSTORE_FILE

OUD_ORACLE_INSTANCE /OUD/config/admin-keystore

Location of the keystore file containing identity store credentials.

Applies to and required for Oracle Unified Directory identity stores.

IDSTORE_KEYSTORE_PASSWORD

4VYGtJLG61V5OjDWKe94e601x7tgLFs

Password of the identity store directory administrator. Not plain-text.

Applies to and required for Oracle Unified Directory identity stores.

This value can be found in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin.

IDSTORE_NEW_SETUP

Used for identity store validation.

Used in Oracle Fusion Applications environment.

IDSTORE_DIRECTORYTYPE

OVD

Directory type of the identity store for which the authenticator must be created.

Set to OVD if you are using Oracle Virtual Directory server to connect to either a non-OID directory, Oracle Internet Directory or Oracle Unified Directory.

Set it to OID if your identity store is in Oracle Internet Directory and you are accessing it directly rather than through Oracle Virtual Directory.

Set to OUD if your identity store is Oracle Unified Directory and you are accessing it directly rather than through Oracle Virtual Directory.

Valid values: OID, OVD, OUD, AD

IDSTORE_ADMIN_USER

cn=systemids,dc=example,dc=com

The administrator of the identity store directory. Provide the complete LDAP DN of the same user specified for IDSTORE_OAMSOFTWAREUSER. The username alone is not sufficient.

IDSTORE_WLSADMINUSER

weblogic_idm

The identity store administrator for Oracle WebLogic Server; usually weblogic_idm.

IDSTORE_WLSADMINUSER_PWD

The password of the identity store administrator for Oracle WebLogic Server.

IDSTORE_WLSADMINGROUP

WLS Administrators

The identity store administrator group for Oracle WebLogic Server.

IDSTORE_WASADMINUSER

The "wasadmin" user (IBM WebSphere).

JDBC_URL

jdbc:oracle:thin:@example.com:5521:msmdb

JDBC URL used to seed APNS/GCM data.

LDAPn_HOST

.

The host name of the LDAP server

LDAPn_PORT

The LDAP server port number.

LDAPn_BINDDN

.

The bind DN for the LDAP server

LDAPn_SSL

Indicates whether the connection to the LDAP server is over SSL.

Valid values are True or False

LDAPn_BASE

The base DN of the LDAP server.

LDAPn_OVD_BASE

The OVD base DN of the LDAP server.

LDAPn_TYPE

The directory type for the LDAP server. n is 1, 2, and so on. For a single-node configuration specify LDAP1.

LOGINURI

/${app.context}/adfAuthentication

URI required by OPSS. Default value is /${app.context}/adfAuthentication

LOGOUTURI

/oamsso/logout.html

URI required by OPSS. Default value is /oamsso/logout.html

MDS_DB_URL

jdbc:oracle:thin:@DBHOST:1521:SID

URL of the MDS database.

It represents a single instance database. The string following the '@' symbol must have the correct values for your environment. SID must be the actual SID, not a service name. If you are using a single instance database, then set MDS_URL to: jdbc:oracle:thin:@DBHOST:1521:SID.

MDS_DB_SCHEMA_USERNAME

edg_mds

Username of the MDS schema user. MDS schema which Oracle Identity Governance is using.

MSM_SCHEMA_USER

DEV87_OMSM

Mobile Security Manager (MSM) database schema username.

MSM_SERVER_KEY_LENGTH

2048

Key length for the self-signed CA and generated keys for the MSM server. Defaults to 2048.

MSM_SERVER_NAME

omsm_server1

Name of the MSM server. Provide this only if the MSM server is renamed to a different value during domain configuration.

MSAS_SERVER_HOST

server1.example.com

MSAS server host name.

MSAS_SERVER_PORT

11001

MSAS server's SSL port.

OAM_SERVER_VERSION

10g

Set to 10g if using Oracle Access Manager 10g, or 11g if using Access Manager 11g.

Required when Access Manager server does not support 11g webgate in Oracle Identity Management-Access Manager integration. In that case, provide the value as '10g'.

Valid values are 10g, 11g.

OAM_TRANSFER_MODE

SIMPLE

The transfer mode for the Access Manager agent being configured. If your access manager servers are configured to accept requests using the simple mode, set OAM_TRANSFER_MODE to SIMPLE.

Valid values are OPEN, SIMPLE or CERT.

OAM11G_OAM_SERVER_TRANSFER_MODE

OPEN

The security model in which the Access Manager 11g server functions.

Valid values: OPEN or SIMPLE.

OAM11G_SSO_ONLY_FLAG

false

Configures Access Manager 11g as authentication only mode or normal mode, which supports authentication and authorization. Default value is true (OAM performs no authorization).

If set totrue, the Access Manager 11g server operates in authentication only mode, where all authorizations return true by default without any policy validations. In this mode, the server does not have the overhead of authorization handling. This is recommended for applications which do not depend on authorization policies and need only the authentication feature of the Access Manager server.

If the value is false, the server runs in default mode, where each authentication is followed by one or more authorization requests to the OAM Server. WebGate allows the access to the requested resources or not, based on the responses from the OAM server.

OAM11G_IDSTORE_ROLE_SECURITY_ADMIN

OAMAdministrators

Name of the group that is used to allow access to the Oracle Access Management Console to administer role security in identity store.

OAM11G_OIM_INTEGRATION_REQ

false

Specifies whether to integrate with Oracle Identity Governance or configure Access Manager in stand-alone mode. Set to true for integration.

Valid values: true (integration) | false

OAM11G_SERVER_LBR_HOST

sso.example.com

Host name of the load balancer to the Oracle HTTP (OHS) server front-ending the Access Manager server. This and the following two parameters are used to construct your login URL.

OAM11G_SERVER_LBR_PORT

443

Port number of the load balancer to the OHS server front-ending the Access Manager server.

OAM11G_SERVER_LBR_PROTOCOL

https

Protocol of the load balancer to the OHS server front-ending the Access Manager server.

Valid values: HTTP, HTTPS

OAM11G_SERVER_LOGIN_ATTRIBUTE

uid

At a login attempt, the username is validated against this attribute in the identity store. Setting to uid ensures that when users log in their username is validated against the uid attribute in LDAP.

OAM11G_SERVER_GLOBAL_SESSION_TIMEOUT

The global session timeout for sessions in the Access Manager server.

OAM11G_SERVER_GLOBAL_SESSION_EXPIRY_TIME

Global session expiry time for a session in the Access Manager server.

OAM11G_SERVER_GLOBAL_MAX_SESSION_PER_USER

Global maximum sessions per user in the Access Manager server.

OAM11G_IDSTORE_NAME

The identity store name. If you already have an identity Store in place which you wish to reuse (rather than allowing the tool to create a new one for you), set this parameter to the name of the Identity Store.

The default value is "OAMIDStore".

OAM11G_IMPERSONATION_FLAG

Enable or disable impersonation in Access Manager server.

Applicable to Oracle Fusion Applications environment.

Valid values: true (enable) | false

The default is false. If you are using impersonalization, you must manually set this value to true.

OAM11G_IDM_DOMAIN_OHS_HOST

sso.example.com

Host name of the load balancer which is in front of OHS in a high-availability configuration.

OAM11G_IDM_DOMAIN_OHS_PORT

443

Port number on which the load balancer specified as OAM11G_IDM_DOMAIN_OHS_HOST listens.

OAM11G_IDM_DOMAIN_OHS_PROTOCOL

https

Protocol for IDM OHS. Protocol to use when directing requests to the load balancer.

Valid values: HTTP | HTTPS

OAM11G_OIM_OHS_URL

https://sso.example.com:443/test

URL of the load balancer or OHS fronting the OIG server.

OAM11G_WG_DENY_ON_NOT_PROTECTED

true

Deny on protected flag for 10g webgate

Valid values: true | false

OAM11G_OAM_SERVER_TRANSFER_MODE

simple

Transfer mode for the IDM domain agent.

Valid values: OPEN | SIMPLE | CERT

OAM11G_IDM_DOMAIN_LOGOUT_URLS

/console/jsp/common/logout.jsp,/em/targetauth/emaslogout.jsp

Comma-separated list of Access Manager logout URLs.

OAM11G_WLS_ADMIN_HOST

myhost.example.com

On WebLogic Server: Host name of the Access Manager domain admin server.

On IBM WebSphere: The Access Manager application server host.

OAM11G_WLS_ADMIN_PORT

7001

On WebLogic Server: Port on which the Access Manager domain admin server is running.

On IBM WebSphere: Deployment Manager bootstrap port for Access Manager cell.

OAM11G_WLS_ADMIN_USER

wlsadmin, wasadmin

On WebLogic Server: The username of the Access Manager domain administrator.

On IBM WebSphere: Primary administrative user name for Access Manager cell.

OAM_ADMIN_WAS_DEFAULT_PORT

1443

On IBM WebSphere, OAM node's OracleAdminServer default port number

OAM_POLICY_MGR_SERVER_NAME

oam_policy_mgr1

Name of the Access Manager policy manager server. Provide this only if the policy manager server is renamed to a different value during domain configuration.

OIM_DB_URL

The URL needed to connect to the Oracle Identity Management database.

OIM_DB_SCHEMA_USERNAME

The schema user for the Oracle Identity Management database.

OIM_FRONT_END_HOST

host123.example.com

The host name of the LBR server front-ending Oracle Identity Governance.

OIM_FRONT_END_PORT

7011

The port number of the LBR server front-ending Oracle Identity Governance.

OIM_MANAGED_SERVER_NAME

WLS_OIM1

The name of the Oracle Identity Governance managed server. If clustered, any of the managed servers can be specified.

OIM_MANAGED_SERVER_HOST

The host name of the Oracle Identity Governance managed server.

OIM_MANAGED_SERVER_PORT

The port number of the Oracle Identity Governance managed server.

OIM_MSM_REST_SERVER_URL

https://msm.example.com:1234/

The URL of the Oracle Mobile Security Manager server. Required only if MSM URL needs to be seeded in Oracle Identity Governance and the system property OMSS Enabled set. OIM_MSM_REST_SERVER_URL enables the Mobile Security Manager task flows in the Oracle Identity Governance console. If not set, configOIM will continue the configuration without configuring the Mobile Security Manager. The prerequisite for OMSS Enabled is that the Oracle Identity Governance server should be up.

OIM_T3_HOST

The host name for the Oracle Identity Governance T3 server.

OIM_T3_PORT

The port number of the Oracle Identity Governance T3 server.

OIM_WAS_CELL_CONFIG_DIR

The location of the fmwconfig directory within the Oracle Identity Management cell on IBM WebSphere.

OMSS_KEYSTORE_PASSWORD

Password used to generate OMSM keystores and keys

OMSM_IDSTORE_ROLE_SECURITY_ADMIN

MSMAdmin

Name of the admin group whose members have admin privileges for OMSM operations.

Default is "IDM Administrators".

OMSM_IDSTORE_ROLE_SECURITY_HELPDESK

MSMHelpDeskUsers

Name of the msm helpdesk group, whose members get helpdesk privileges for OMSM operations.

Default is "MSMHelpdeskUsers".

ovd.host

OVD Server host name

ovd.port

OVD Server port number

ovd.binddn

OVD Server bind DN

ovd.ssl

Indicates whether the connection is over SSL.

Valid values are True or False

ovd.oamenabled

Indicates whether Oracle Access Manager is enabled.

Valid values are True or False

POLICYSTORE_SHARES_IDSTORE

true

Denotes whether the policy store and identity store share the directory. Always true in Release 11g.

Valid values: true, false

POLICYSTORE_HOST

mynode.us.example.com

The host name of your policy store directory.

POLICYSTORE_PORT

1234

The port number of your policy store directory.

POLICYSTORE_BINDDN

cn=orcladmin

Administrative user in the policy store directory.

POLICYSTORE_SEARCHBASE

dc=example,dc=com

The location in the directory where users and groups are stored.

POLICYSTORE_SYSTEMIDBASE

cn=systemids, dc=example,dc=com

The read-only and read-write users for policy store are created in this location.

Default value is cn=systemids, policy_store_search_base

POLICYSTORE_READONLYUSER

PolStoreROUser

A user with read privileges in the policy store.

POLICYSTORE_READWRITEUSER

PolStoreRWUser

A user with read and write privileges in the policy store.

POLICYSTORE_CONTAINER

cn=jpsroot

The name of the container used for OPSS policy information

POLICYSTORE_SSL_ENABLED

Whether the policy store is SSL-enabled.

POLICYSTORE_KEYSTORE_FILE

The location of the keystore file for an SSL-enabled policy store.

PROXY_SERVER_HOST

www-proxy.example.com

Proxy server's host name.

PROXY_SERVER_PORT

80

Proxy server's port.

PROXY_USER

proxyuserA

User for proxy.

PROXY_PASSWD

Password for proxy user.

SCEP_DYNAMIC_CHALLENGE_USER

OMSM uses a Simple Certificate Enrollment Protocol (SCEP) dynamic challenge for external SCEP authentication during the enrollment phase. This user account is used for authentication.

SCEP_DYNAMIC_CHALLENGE_PASSWD

SCEP dynamic challenge user's password

SPLIT_DOMAIN

true

Flag to force configOAM to create security providers in the domain against which it is run.

Valid values are true, false.

Setting to true is required to suppress the double authentication of Oracle Access Management Console in a split domain scenario.

SSO_ENABLED_FLAG

false

Flag to determine if SSO should be enabled.

Valid values are true, false.

WEBGATE_TYPE

javaWebgate

The type of WebGate agent you want to create. Set to:

  • ohsWebgate10g if using Webgate version 10

  • ohsWebgate11g if using Webgate version 11

PRIMARY_OAM_SERVERS

idmhost1.example.com:5575,idmhost2.example.com:5575

A comma-separated list of your Access Manager servers and their proxy ports.

To determine the proxy ports your Access Manager servers:

  1. Log in to the Oracle Access Management Console at http://admin.example.com:7001/oamconsole

  2. At the top of the Oracle Access Management Console, click Configuration.

  3. In the Configuration console, click Server Instances.

  4. In the page that appears, click Search, then double-click the target instance to display its configuration. For example, WLS_OAM1.

    The proxy port is shown as Port.

SMTP_HOST

exchangeurl.us.example.com

E-mail host.

SMTP_PORT

80

E-mail port.

TOPIC

com.apple.mgmt.External.2544264e-aa8a-4654-bfff-9d897ed39a87

Topic used in Apple's APNS certificate; used to send APNS notification.

The value should match the UID of the APNS key.

USE_PROXY

true

Indicates whether to use a proxy. Valid values are true, false.

WLSHOST

node01.example.com

WebLogic Server host name (host name of your administration server).

WLSPORT

7001

The WebLogic Server port number

WLSADMIN

wlsadmin

The administrator login, depending on the application server context.

WLSPASSWD

The WebLogic Server administrator password.

C.3.5 Working with the idmConfigTool Log File

idmConfigTool logs execution details to a file called automation.log, which is helpful in verifying the results of a run.

C.3.5.1 Searching the idmConfigTool Log File

The log file contains initialization and informational messages:

Feb 18, 2015 8:38:14 PM oracle.idm.automation.util.Util setLogger
WARNING: Logger initialized in warning mode
Feb 18, 2015 8:38:19 PM oracle.idm.automation.impl.oim.handlers.OIMPreIntegrationHandler <init>
INFO: Appserver type: null
Feb 18, 2015 8:38:20 PM oracle.idm.automation.impl.oim.handlers.OIMPreIntegrationHandler <init>
WARNING: Cannot connect to the OUD Admin connector
Feb 18, 2015 8:38:29 PM oracle.idm.automation.impl.oim.handlers.OIMPreIntegrationHandler createOIMAdminUser
INFO: OIM Admin User has been created
Feb 18, 2015 8:38:29 PM oracle.idm.automation.impl.oim.handlers.OIMPreIntegrationHandler addPwdResetPrivilegeToOIMAdminUser
INFO: Password reset privilege added

Checking for WARNING messages after a run can help you identify potential problems with the run.

C.3.5.2 Maintaining the idmConfigTool Log File

idmConfigTool appends to the log file upon each run. The presence of older entries can lead to a misunderstanding if you see an error in the log and correct it, since the original error detail is present in the log even after you rectify the error.

WARNING:

Back up existing log files frequently to avoid confusion caused by old log entries.

C.4 Additional Tasks for OUD Identity Store in an HA Environment

This section explains additional tasks you may need to perform when using idmConfigTool for a target Oracle Unified Directory (OUD) identity store in a high-availability environment. Topics include:

C.4.1 Creating the Global ACI for Oracle Unified Directory

Global ACI and indexes are not replicated when you use idmConfigTool for an Oracle Unified Directory (OUD) identity store in a high availability (HA) environment that contains replicas. Global ACI and indexes are created ONLY in the instance(s) specified in the property file. You must manually re-create (remove then create) them on all other OUD instances of the replication domain.

Consequently you must first grant access to the change log, and then create the ACIs. Take these steps:

  1. Create a file called mypassword which contains the password you use to connect to OUD.
  2. Remove the existing change log on one of the replicated OUD hosts. The command syntax is:
    OUD_ORACLE_INSTANCE/bin/dsconfig set-access-control-handler-prop \
--remove \
global-aci:"(target=\"ldap:///cn=changelog\")(targetattr=\"*\")(version 3.0;
acl \"External changelog access\"; deny (all) userdn=\"ldap:///anyone\";)"
--hostname OUD Host \
--port OUD Admin Port \
--trustAll ORACLE_INSTANCE/config/admin-truststore \
--bindDN cn=oudadmin \
--bindPasswordFile mypassword \
--no-prompt

    For example:

    OUD_ORACLE_INSTANCE/bin/dsconfig set-access-control-handler-prop \
--remove
global-aci:"(target=\"ldap:///cn=changelog\")(targetattr=\"*\")(version 3.0;
acl \"External changelog access\"; deny (all) userdn=\"ldap:///anyone\";)"
--hostname OUDHOST1.example.com \
--port 4444 \
--trustAll /u01/app/oracle/admin/oud1/OUD/config/admin-truststore \
--bindDN cn=oudadmin \
--bindPasswordFile mypassword \
--no-prompt
  3. Add the new ACI for the changelog:
    OUD_ORACLE_INSTANCE/bin/dsconfig set-access-control-handler-prop \
--add global-aci:"(target=\"ldap:///cn=changelog\")(targetattr=\"*\")(version
3.0; acl \"External changelog access\"; allow
(read,search,compare,add,write,delete,export)
groupdn=\"ldap:///cn=oimAdminGroup,cn=groups,dc=example,dc=com\";)" \
--hostname OUD Host \
--port OUD Admin Port \
--trustAll \
--bindDN cn=oudadmin \
--bindPasswordFile password
--no-prompt

    For example:

    OUD_ORACLE_INSTANCE/bin/dsconfig set-access-control-handler-prop \
--add
--add global-aci:"(target=\"ldap:///cn=changelog\")(targetattr=\"*\")(version
3.0; acl \"External changelog access\"; allow
(read,search,compare,add,write,delete,export)
groupdn=\"ldap:///cn=oimAdminGroup,cn=groups,dc=example,dc=com\";)" \
--hostname OUDHOST1 \
--port 4444 \
--trustAll \
--bindDN cn=oudadmin \
--bindPasswordFile password
--no-prompt
  4. Then add the ACI:
    OUD_ORACLE_INSTANCE/bin/dsconfig set-access-control-handler-prop \
--add global-aci:"(targetcontrol=\"1.3.6.1.4.1.26027.1.5.4 || 1.3.6.1.4.1.26027.2.3.4\")(version 3.0; acl \"OIMAdministrators control access\"; allow(read)  groupdn=\"<ldap:///cn=OIMAdministrators,cn=groups,dc=mycompany,dc=com\";)" \
        --hostname OUD_HOST \
        --port OUD_ADMIN_PORT \
        --trustAll \
        --bindDN cn=oudadmin \
        --bindPasswordFile passwordfile \
        --no-prompt

    For example:

    OUD_ORACLE_INSTANCE/bin/dsconfig set-access-control-handler-prop \
--add global-aci:"(targetcontrol=\"1.3.6.1.4.1.26027.1.5.4 || 1.3.6.1.4.1.26027.2.3.4\")(version 3.0; acl \"OIMAdministrators control access\"; allow(read) groupdn=\"ldap:///cn=OIMAdministrators,cn=groups,dc=mycompany,dc=com\";)" \
        --hostname IDMHOST1.mycompany.com \
        --port 4444 \
        --trustAll \
        --bindDN cn=oudadmin \
        --bindPasswordFile mypasswordfile \
        --no-prompt
  5. Finally add the ACI:
    OUD_ORACLE_INSTANCE/bin/dsconfig set-access-control-handler-prop \
--add global-aci:"(target=\"ldap:///\")(targetscope=\"base\")(targetattr=\"lastExternalChangelogCookie\")(version 3.0; acl \"User-Visible lastExternalChangelog\"; allow (read,search,compare) groupdn=\"ldap:///cn=OIMAdministrators,cn=groups,dc=mycompany,dc=com\";)" \
        --hostname OUD_HOST \
        --port OUD_ADMIN_PORT \
        --trustAll \
        --bindDN cn=oudadmin \
        --bindPasswordFile passwordfile \
        --no-prompt

    For example:

    OUD_ORACLE_INSTANCE/bin/dsconfig set-access-control-handler-prop \
--add global-aci:"(target=\"ldap:///\")(targetscope=\"base\")(targetattr=\"lastExternalChangelogCookie\")(version 3.0; acl \"User-Visible lastExternalChangelog\"; allow (read,search,compare) groupdn=\"ldap:///cn=OIMAdministrators,cn=groups,dc=mycompany,dc=com\";)" \
        --hostname IDMHOST1.mycompany.com \
        --port 4444 \
        --trustAll \
        --bindDN cn=oudadmin \
        --bindPasswordFile mypasswordfile \
        --no-prompt
  6. Repeat Steps 1 through 5 for each OUD instance.

C.4.2 Creating Indexes on Oracle Unified Directory Replicas

When idmConfigTool prepares the identity store, it creates a number of indexes on the data. However in a high availability (HA) environment that contains replicas, global ACI and indexes are created only in the instance(s) specified in the property file; the replicas are not updated with the indexes which need to be added manually.

The steps are as follows (with LDAPHOST1.example.com representing the first OUD server, LDAPHOST2.example.com the second server, and so on):

  1. Create a file called mypassword which contains the password you use to connect to OUD.
  2. Configure the indexes on the second OUD server:
    ORACLE_INSTANCE/OUD/bin/ldapmodify -h LDAPHOST2.example.com -Z -X -p 4444
-a -D "cn=oudadmin" -j mypassword -c -f
/u01/app/oracle/product/fmw/iam/oam/server/oim-intg/ldif/ojd/schema/ojd_user_index_generic.ldif

    and

    ORACLE_INSTANCE/OUD/bin/ldapmodify -h LDAPHOST2.example.com -Z -X -p 4444
-a -D "cn=oudadmin" -j  mypassword -c -f
/u01/app/oracle/product/fmw/iam/idmtools/templates/oud/oud_indexes_extn.ldif

    Note:

    • Repeat both commands for all OUD servers for which idmConfigTool was not run.

    • Execute the commands on one OUD instance at a time; that instance must be shut down while the commands are running.

  3. Rebuild the indexes on all the servers:
    ORACLE_INSTANCE/OUD/bin/bin/rebuild-index -h localhost -p 4444 -X -D
"cn=oudadmin" -j mypassword --rebuildAll -b "dc=example,dc=com"

    Note:

    You must run this command on all OUD servers, including the first server (LDAPHOST1.example.com) for which idmConfigTool was run.

C.5 IdmConfigTool Options and Properties

This section lists the properties for each command option. Topics include:

Note:

  • The command options show the command syntax on Linux only. See idmConfigTool Command Syntax for Windows syntax guidelines.

  • The tool prompts for passwords.

C.6 preConfigIDStore Command

Syntax

On Linux, the command syntax is:

idmConfigTool.sh -preConfigIDStore input_file=input_properties

On Windows, the command syntax is:

idmConfigTool.bat -preConfigIDStore input_file=input_properties

For example:

idmConfigTool.sh -preConfigIDStore input_file=extendOAMPropertyFile

Note:

The -preConfigIDStore command option supports Oracle Internet Directory, Oracle Unified Directory, and Oracle Virtual Directory.

Properties

Table C-3 lists the properties for this mode:

Table C-3 Properties of preConfigIDStore

Property Required?

IDSTORE_HOST

YES

IDSTORE_HOST and IDSTORE_PORT are the host and port, respectively, of your identity store directory. If your identity store is in Oracle Unified Directory or Oracle Internet Directory, then IDSTORE_HOST should point directly to the Oracle Unified Directory or Oracle Internet Directory host. If your Identity Store is fronted by Oracle Virtual Directory, then IDSTORE_HOST should point to the Oracle Virtual Directory host, which should be IDSTORE.example.com.

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_DIRECTORYTYPE

YES (if target identity store is an instance of Oracle Unified Directory (OUD).)

IDSTORE_LOGINATTRIBUTE

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_USERSEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_SYSTEMIDBASE

POLICYSTORE_SHARES_IDSTORE

IDSTORE_ADMIN_PORT

YES (if target identity store is an instance of Oracle Unified Directory (OUD).)

This property is required to connect to and configure OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_KEYSTORE_FILE

YES, if target identity store is OUD.

Use the format: OUD-instance-path/OUD/config/admin-keystore

where OUD-instance-path is the path to the directory instance.

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

IDSTORE_KEYSTORE_PASSWORD

YES, if target identity store is OUD. Not plain-text. Resides in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin.

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

Example properties File

Here is a sample properties file for this option:

IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=example,dc=com

If you are using Oracle Unified Directory as the identity store, include the additional properties indicated in the properties table. The sample properties file then contains the additional properties:

IDSTORE_DIRECTORYTYPE: OUD
IDSTORE_ADMIN_PORT : 4444
IDSTORE_KEYSTORE_FILE : /u01/config/instances/oud1/OUD/config/admin-keystore
IDSTORE_KEYSTORE_PASSWORD : K8BYCoOFHBwDYa1F6vUBgcGr1TK1Rz26W9Bz7OF0UwsZ5XLGOb

Note:

When using prepareIDStore for Oracle Unified Directory, global ACI and indexes are re-created only in the instance(s) specified in the property file; they are not replicated by Oracle Unified Directory. You must manually re-create (remove, then create) the global ACI and indexes on all other Oracle Unified Directory instances of the replication domain.

For details, see Additional Tasks for OUD Identity Store in an HA Environment.

C.7 prepareIDStore Command

Syntax

The prepareIDStore command takes mode as an argument to perform tasks for the specified component. 

idmConfigTool.sh -prepareIDStore mode=mode
input_file=filename_with_Configproperties

where mode must be one of the following:

  • OAM

  • OIM

  • OAAM

  • WLS

  • FUSION

  • WAS

  • APM

  • all (performs all the tasks of the above modes combined)

Note:

WLS mode must be run before OAM.

See Also:

Table C-2 for details of the properties.

C.7.1 prepareIDStore mode=OAM

The following are created in this mode:

  • Perform schema extensions as required by the Access Manager component

  • Add the oblix schema

  • Create the OAMSoftware User

  • Create OblixAnonymous User

  • Optionally create the Access Manager Administration User

  • Associate these users to their respective groups

  • Create the group "orclFAOAMUserWritePrivilegeGroup"

Syntax

On Linux, the command syntax is:

idmConfigTool.sh -prepareIDStore mode=OAM input_file=filename_with_Configproperties

On Windows, the command syntax is:

idmConfigTool.bat -prepareIDStore mode=OAM input_file=filename_with_Configproperties

For example:

idmConfigTool.sh -prepareIDStore mode=OAM input_file=preconfigOAMPropertyFile

Properties

Table C-4 lists the properties for this mode:

Table C-4 prepareIDStore mode=OAM Properties

Parameter Required?

IDSTORE_HOST

YES

IDSTORE_HOST and IDSTORE_PORT are the host and port, respectively, of your Identity Store directory. If your Identity Store is in Oracle Internet Directory or Oracle Unified Directory, then IDSTORE_HOST should point to Oracle Internet Directory or Oracle Unified Directory, even if you are fronting Oracle Internet Directory with Oracle Virtual Directory.

If you are using a directory other than Oracle Internet Directory or Oracle Unified Directory, specify the Oracle Virtual Directory host.

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_LOGINATTRIBUTE

OAM11G_IDSTORE_ROLE_SECURITY_ADMIN

IDSTORE_USERSEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_OAMSOFTWAREUSER

IDSTORE_OAMADMINUSER

IDSTORE_SYSTEMIDBASE

IDSTORE_ADMIN_PORT

YES (if target identity store is an instance of Oracle Unified Directory (OUD).)

This property is required to connect to and configure OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_KEYSTORE_FILE

YES, if target identity store is OUD.

Use the format: OUD-instance-path/OUD/config/admin-keystore

where OUD-instance-path is the path to the directory instance.

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

IDSTORE_KEYSTORE_PASSWORD

YES, if target identity store is OUD. Not plain-text. Resides in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin.

Example properties File

Here is a sample properties file for this option. This parameter set would result in OAMADMINUSER and OAMSOFTWARE user being created in the identity store: 

IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
POLICYSTORE_SHARES_IDSTORE: true
OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators
IDSTORE_OAMSOFTWAREUSER:oamLDAP
IDSTORE_OAMADMINUSER:oamadmin
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=example,dc=com

See Also:

Table C-2 for details of the properties.

C.7.2 prepareIDStore mode=OIM

The following are created in this mode:

  • Create Oracle Identity Management Administration User under SystemID container

  • Create Oracle Identity Management Administration Group

  • Add Oracle Identity Management Administration User to Oracle Identity Management Administration Group

  • Add ACIs to Oracle Identity Management Administration Group

  • Create reserve container

  • Create xelsysadmin user

Syntax

On Linux, the command syntax is:

idmConfigTool.sh -prepareIDStore mode=OIM input_file=filename_with_Configproperties

On Windows, the command syntax is:

idmConfigTool.bat -prepareIDStore mode=OIM input_file=filename_with_Configproperties

For example:

idmConfigTool.sh -prepareIDStore mode=OIM input_file=preconfigOIMPropertyFile

Properties

Table C-5 lists the properties in this mode:

Table C-5 prepareIDStore mode=OIM Properties

Parameter Required?

IDSTORE_HOST

YES

IDSTORE_HOST and IDSTORE_PORT are the host and port, respectively, of your Identity Store directory. If your Identity Store is in Oracle Internet Directory or Oracle Unified Directory, then IDSTORE_HOST should point directly to the Oracle Internet Directory or Oracle Unified Directory host. If your Identity Store is fronted by Oracle Virtual Directory, then IDSTORE_HOST should point to the Oracle Virtual Directory host, which should be IDSTORE.example.com.

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_LOGINATTRIBUTE

IDSTORE_USERSEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_OIMADMINUSER

IDSTORE_OIMADMINGROUP

IDSTORE_SYSTEMIDBASE

IDSTORE_ADMIN_PORT

YES (if target identity store is an instance of Oracle Unified Directory (OUD).)

This property is required to connect to and configure OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_KEYSTORE_FILE

YES (if target identity store is an instance of OUD)

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

IDSTORE_KEYSTORE_PASSWORD

YES (if target identity store is an instance of OUD.) Not plain-text. Resides in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin..

OIM_DB_URL

Required on IBM WebSphere.

OIM_DB_SCHEMA_USERNAME

Required on IBM WebSphere.

OIM_WAS_CELL_CONFIG_DIR

Required on IBM WebSphere.

Example properties File

Here is a sample properties file for this option:

IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE:cn=Users,dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
POLICYSTORE_SHARES_IDSTORE: true
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=example,dc=com
IDSTORE_OIMADMINUSER: oimadmin
IDSTORE_OIMADMINGROUP:OIMAdministrators
OIM_DB_URL: jdbc:oracle:thin:@xyz5678.us.example.com:5522:wasdb1
OIM_DB_SCHEMA_USERNAME: dev_oim
OIM_WAS_CELL_CONFIG_DIR: /wassh/WebSphere/AppServer/profiles/Dmgr04/config/cells/xyz5678Cell04/fmwconfig

See Also:

Table C-2 for details of the properties.

C.7.3 prepareIDStore mode=OAAM

This mode:

  • Creates Oracle Adaptive Access Manager Administration User

  • Creates Oracle Adaptive Access Manager Groups

  • Adds the Oracle Adaptive Access Manager Administration User as a member of Oracle Adaptive Access Manager Groups

Syntax

idmConfigTool.sh -prepareIDStore mode=OAAM
input_file=filename_with_Configproperties

Properties

Table C-6 shows the properties in this mode:

Table C-6 prepareIDStore mode=OAAM Properties

Parameter Required?

IDSTORE_HOST

YES

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_LOGINATTRIBUTE

YES

IDSTORE_USERSEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_OAAMADMINUSER

YES

IDSTORE_ADMIN_PORT

YES (if target identity store is an instance of Oracle Unified Directory (OUD).)

This property is required to connect to and configure OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_KEYSTORE_FILE

YES, if target identity store is OUD.

Use the format: OUD-instance-path/OUD/config/admin-keystore

where OUD-instance-path is the path to the directory instance.

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

IDSTORE_KEYSTORE_PASSWORD

YES, if target identity store is OUD. Not plain-text. Resides in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin.

Example properties File

Here is a sample properties file for this option:

IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE:cn=Users,dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
IDSTORE_OAAMADMINUSER: oaamadmin
POLICYSTORE_SHARES_IDSTORE: true

See Also:

Table C-2 for details of the properties.

C.7.4 prepareIDStore mode=WLS

This mode:

  • Creates Weblogic Administration User

  • Creates Weblogic Administration Group

  • Adds the Weblogic Administration User as a member of Weblogic Administration Group

Syntax

On Linux, the command syntax is:

idmConfigTool.sh -prepareIDStore mode=WLS input_file=filename_with_Configproperties

On Windows, the command syntax is:

idmConfigTool.bat -prepareIDStore mode=WLS input_file=filename_with_Configproperties

For example:

idmConfigTool.sh -prepareIDStore mode=WLS input_file=preconfigWLSPropertyFile

Properties

Table C-7 lists the properties in this mode:

Table C-7 prepareIDStore mode=WLS Properties

Parameter Required?

IDSTORE_HOST

YES

IDSTORE_HOST and IDSTORE_PORT are the host and port, respectively, of your Identity Store directory. If your Identity Store is in Oracle Internet Directory or Oracle Unified Directory, then IDSTORE_HOST should point to the Oracle Internet Directory or Oracle Unified Directory host, even if you are fronting Oracle Internet Directory with Oracle Virtual Directory.

If you are using a directory other than Oracle Internet Directory or Oracle Unified Directory, specify the Oracle Virtual Directory host (which should be IDSTORE.example.com.)

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_LOGINATTRIBUTE

YES

IDSTORE_USERSEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_WLSADMINUSER

YES.

Do not set any default, out-of-the-box users such as weblogic/xelsysadm for this property.

IDSTORE_WLSADMINGROUP

YES

IDSTORE_ADMIN_PORT

YES (if target identity store is an instance of Oracle Unified Directory (OUD).)

This property is required to connect to and configure OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_KEYSTORE_FILE

YES, if target identity store is OUD.

Use the format: OUD-instance-path/OUD/config/admin-keystore

where OUD-instance-path is the path to the OUD instance.

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

IDSTORE_KEYSTORE_PASSWORD

YES, if target identity store is OUD. Not plain-text. Resides in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin.

Example properties File

Here is a sample properties file for this option. With this set of properties, the IDM Administrators group is created.

IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users, dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
POLICYSTORE_SHARES_IDSTORE: true
IDSTORE_WLSADMINUSER: weblogic_idm
IDSTORE_WLSADMINGROUP: wlsadmingroup

See Also:

Table C-2 for details of the properties.

C.7.5 prepareIDStore mode=WAS

This mode:

  • Creates WebSphere Administration User

  • Creates WebSphere Administration Group

  • Adds the WebSphere Administration User as a member of WebSphere Administration Group

Syntax

idmConfigTool.sh -prepareIDStore mode=WAS
input_file=filename_with_Configproperties

Properties

Table C-8 lists the properties in this mode:

Table C-8 prepareIDStore mode=WAS Properties

Parameter Required?

IDSTORE_HOST

YES

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_LOGINATTRIBUTE

IDSTORE_USERSEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_WASADMINUSER

YES (wsadmin user)

IDSTORE_ADMIN_PORT

YES (if target identity store is an instance of Oracle Unified Directory (OUD).

This property is required to connect to and configure OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_KEYSTORE_FILE

YES, if target identity store is OUD.

Use the format: OUD-instance-path/OUD/config/admin-keystore

where OUD-instance-path is the path to the OUD instance.

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

IDSTORE_KEYSTORE_PASSWORD

YES, if target identity store is OUD. Not plain-text. Resides in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin.

Example properties File

Here is a sample properties file for this option, which creates the IDM Administrators group.

IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users, dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
POLICYSTORE_SHARES_IDSTORE: true
IDSTORE_WASADMINUSER: websphere_idm

See Also:

Table C-2 for details of the properties.

C.7.6 prepareIDStore mode=APM

This mode:

  • Creates Oracle Privileged Account Manager Administration User

  • Adds the Oracle Privileged Account Manager Administration User as a member of Oracle Privileged Account Manager Groups

You are prompted to enter the password of the account that you are using to connect to the identity store.

Syntax

idmConfigTool.sh -prepareIDStore mode=APM
input_file=filename_with_Configproperties

Properties

Table C-9 shows the properties in this mode:

Table C-9 prepareIDStore mode=APM Properties

Parameter Required?

IDSTORE_HOST

YES

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_USERNAMEATTRIBUTE

IDSTORE_LOGINATTRIBUTE

IDSTORE_USERSEARCHBASE

IDSTORE_GROUPSEARCHBASE

IDSTORE_SEARCHBASE

POLICYSTORE_SHARES_IDSTORE

YES

IDSTORE_APMUSER

YES

Example properties File

Here is a sample properties file for this option:

IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
POLICYSTORE_SHARES_IDSTORE: true
IDSTORE_APMUSER: opamadmin

See Also:

Table C-2 for details of the properties.

C.7.7 prepareIDStore mode=fusion

This mode:.

  • Creates a Readonly User

  • Creates a ReadWrite User

  • Creates a Super User

  • Adds the readOnly user to the groups orclFAGroupReadPrivilegeGroup and orclFAUserWritePrefsPrivilegeGroup

  • Adds the readWrite user to the groups orclFAUserWritePrivilegeGroup and orclFAGroupWritePrivilegeGroup

Syntax

idmConfigTool.sh -prepareIDStore mode=fusion
input_file=filename_with_Configproperties

Properties

Table C-10 lists the properties in this mode:

Table C-10 prepareIDStore mode=fusion Properties

Parameter Required?

IDSTORE_HOST

YES

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_LOGINATTRIBUTE

IDSTORE_USERSEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_READONLYUSER

IDSTORE_READWRITEUSER

IDSTORE_SUPERUSER

IDSTORE_SYSTEMIDBASE

POLICYSTORE_SHARES_IDSTORE

IDSTORE_ADMIN_PORT

YES (if target identity store is an instance of Oracle Unified Directory (OUD).)

This property is required to connect to and configure OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_KEYSTORE_FILE

YES, if target identity store is OUD.

Use the format: OUD-instance-path/OUD/config/admin-keystore

where OUD-instance-path is the path to the OUD instance.

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

IDSTORE_KEYSTORE_PASSWORD

YES, if target identity store is OUD. Not plain-text. Resides in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin.

Example properties File

Here is a sample properties file for this option, which creates IDSTORE_SUPERUSER: 

IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_READONLYUSER: IDROUser
IDSTORE_READWRITEUSER: IDRWUser
IDSTORE_USERSEARCHBASE:cn=Users,dc=example,dc=com 
IDSTORE_SEARCHBASE: dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=mycomapny,dc=com
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=example,dc=com
IDSTORE_SUPERUSER: weblogic_fa
POLICYSTORE_SHARES_IDSTORE: true

See Also:

Table C-2 for details of the properties.

C.7.8 prepareIDStore mode=all

The mode performs all the tasks that are performed in the modes OAM, OIM, WLS, WAS, OAAM, and FUSION.

Syntax

idmConfigTool.sh -prepareIDStore mode=all
input_file=filename_with_Configproperties

Properties

Table C-11 lists the properties in this mode:

Table C-11 prepareIDStore mode=all Properties

Parameter Required?

IDSTORE_HOST

YES

IDSTORE_PORT

YES

IDSTORE_BINDDN

YES

IDSTORE_USERSEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_LOGINATTRIBUTE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_SYSTEMIDBASE

IDSTORE_READONLYUSER

YES

IDSTORE_READWRITEUSER

YES

IDSTORE_SUPERUSER

YES

IDSTORE_OAMSOFTWAREUSER

YES

IDSTORE_OAMADMINUSER

YES

IDSTORE_OIMADMINUSER

YES

IDSTORE_OIMADMINGROUP

YES

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_OAAMADMINUSER

YES

IDSTORE_WLSADMINUSER

YES

IDSTORE_WLSADMINGROUP

YES

IDSTORE_ADMIN_PORT

YES (if target identity store is an instance of Oracle Unified Directory (OUD).)

This property is required to connect to and configure OUD configuration structures:

  • creation of global ACIs

  • creation of indexes

IDSTORE_KEYSTORE_FILE

YES, if target identity store is OUD.

Use the format: OUD-instance-path/OUD/config/admin-keystore

where OUD-instance-path is the path to the OUD instance.

IDSTORE_KEYSTORE_FILE and IDSTORE_KEYSTORE_PASSWORD must be set to establish the connection to the OUD identity store.

IDSTORE_KEYSTORE_PASSWORD

YES, if target identity store is OUD. Not plain-text. Resides in the file OUD_ORACLE_INSTANCE/OUD/config/admin-keystore.pin.

OAM11G_IDSTORE_ROLE_SECURITY_ADMIN

POLICYSTORE_SHARES_IDSTORE

OIM_DB_URL

Required on IBM WebSphere

OIM_DB_SCHEMA_USERNAME

Required on IBM WebSphere

OIM_WAS_CELL_CONFIG_DIR

Required on IBM WebSphere

IDSTORE_WASADMINUSER

Required on IBM WebSphere

Example properties File

Here is a sample properties file for this option:

IDSTORE_HOST: node01.example.com
IDSTORE_PORT: 2345
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=example,dc=com
IDSTORE_READONLYUSER: IDROUser
IDSTORE_READWRITEUSER: IDRWUser
IDSTORE_SUPERUSER: weblogic_fa
IDSTORE_OAMSOFTWAREUSER:oamSoftwareUser
IDSTORE_OAMADMINUSER:oamAdminUser
IDSTORE_OIMADMINUSER: oimadminuser
POLICYSTORE_SHARES_IDSTORE: true
OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators
IDSTORE_OIMADMINGROUP: OIMAdministrators
IDSTORE_WLSADMINUSER: weblogic_idm
IDSTORE_WLSADMINGROUP: wlsadmingroup
IDSTORE_OAAMADMINUSER: oaamAdminUser
OIM_DB_URL: jdbc:oracle:thin:@xyz5678.us.example.com:5522:wasdb1
OIM_DB_SCHEMA_USERNAME: dev_oim
OIM_WAS_CELL_CONFIG_DIR: /wassh/WebSphere/AppServer/profiles/Dmgr04/config/cells/xyz5678Cell04/fmwconfig
IDSTORE_WASADMINUSER: websphere_idm

See Also:

Table C-2 for details of the properties.

C.8 configOAM Command

Prerequisite

Ensure that the administration server for the domain hosting Oracle Access Manager is running before you execute this command.

Restart all servers on the OIM domain after running configOIM.

Syntax

On Linux, the command syntax is:

idmConfigTool.sh -configOAM input_file=input_properties

On Windows, the command syntax is:

idmConfigTool.bat -configOAM input_file=input_properties

For example:

idmConfigTool.sh -configOAM input_file=OAMconfigPropertyFile

Properties

Table C-12 lists the command properties.

Table C-12 Properties of configOAM

Property Required?

WLSHOST

YES

WLSHOST and WLSPORT are, respectively, the host and port of your administration server, this will be the virtual name.

WLSPORT

YES

WLSADMIN

YES

IDSTORE_BINDDN

YES

IDSTORE_HOST

YES

IDSTORE_HOST and IDSTORE _PORT are, respectively, the host and port of your Identity Store directory.

If using a directory server other than Oracle Internet Directory or Oracle Unified Directory, specify the Oracle Virtual Directory host and port.

IDSTORE_PORT

YES

IDSTORE_DIRECTORYTYPE

YES

IDSTORE_BINDDN

YES

IDSTORE_BINDDN is an administrative user in Oracle Internet Directory or Oracle Unified Directory.

If using a directory server other than Oracle Internet Directory or Oracle Unified Directory, specify an Oracle Virtual Directory administrative user.

IDSTORE_USERNAMEATTRIBUTE

YES

IDSTORE_LOGINATTRIBUTE

YES

IDSTORE_USERSEARCHBASE

YES

IDSTORE_SEARCHBASE

YES

IDSTORE_GROUPSEARCHBASE

YES

IDSTORE_OAMSOFTWAREUSER

YES

IDSTORE_OAMADMINUSER

YES

IDSTORE_SYSTEMIDBASE

YES

PRIMARY_OAM_SERVERS

YES

WEBGATE_TYPE

YES

Default is ohsWebgate11g

WEBGATE_TYPE is the type of WebGate agent you want to create. Valid values are ohsWebgate11g if WebGate version 11 is used, or ohsWebgate10g if WebGate version 10 is used.

ACCESS_GATE_ID

YES

ACCESS_GATE_ID is the name you want to assign to the WebGate. Do not change the property value shown in the example.

OAM_TRANSFER_MODE

YES

Default is OPEN

OAM_TRANSFER_MODE is the security model in which the access servers function.

COOKIE_DOMAIN

YES

COOKIE_EXPIRY_INTERVAL

YES

OAM11G_WG_DENY_ON_NOT_PROTECTED

YES

OAM11G_IDM_DOMAIN_OHS_HOST

YES

OAM11G_IDM_DOMAIN_OHS_PORT

YES

OAM11G_IDM_DOMAIN_OHS_PROTOCOL

YES

default is http

OAM11G_IDM_DOMAIN_OHS_PROTOCOL is the protocol to use when directing requests to the load balancer.

OAM11G_OAM_SERVER_TRANSFER_MODE

YES

OAM11G_OAM_SERVER_TRANSFER_MODE is the security model for the Access Manager servers.

Access Manager must be configured for SIMPLE as the mode of communication.

OAM11G_IDM_DOMAIN_LOGOUT_URLS

OAM11G_OIM_WEBGATE_PASSWD

YES

OAM11G_IDSTORE_ROLE_SECURITY_ADMIN

YES

OAM11G_SSO_ONLY_FLAG

YES

Default is TRUE

OAM11G_SSO_ONLY_FLAG configures Access Manager 11g as authentication only mode or normal mode, which supports authentication and authorization. Default value is true.

If OAM11G_SSO_ONLY_FLAG is true, the Access Manager 11g server operates in authentication only mode, where all authorizations return true by default without any policy validations. In this mode, the server does not have the overhead of authorization handling. This is recommended for applications which do not depend on authorization policies and need only the authentication feature of the Access Manager server.

If the value is false, the server runs in default mode, where each authentication is followed by one or more authorization requests to the Access Manager server. WebGate allows the access to the requested resources or not, based on the responses from the Access Manager server.

OAM11G_OIM_INTEGRATION_REQ

YES

OAM11G_IMPERSONATION_FLAG

YES

OAM11G_IMPERSONATION_FLAG enables or disables the impersonation feature in the OAM Server. Valid values are true (enable) and false (disable). The default is false. If you are using impersonalization, you must manually set this value to true.

OAM11G_SERVER_LBR_HOST

YES

OAM11G_SERVER_LBR_PORT

YES

OAM11G_SERVER_LBR_PROTOCOL

YES

Default is http

OAM11G_SERVER_LBR_PROTOCOL is the URL prefix to use.

OAM11G_SERVER_LOGIN_ATTRIBUTE

YES

OAM11G_IDSTORE_NAME

YES

POLICYSTORE_SHARES_IDSTORE

YES

OAM11G_OIM_OHS_URL

http://sso.example.com:443/

OAM11G_OIM_OHS_URL is the URL of the load balancer or OHS fronting the OIM server.

SPLIT_DOMAIN

Set to true for cross-domain deployment. Omit for single-domain deployment.

SPLIT_DOMAIN set to true is required to suppress the double authentication of Oracle Access Management Console in a split domain scenario.

Example properties File

Here is a sample properties file for this option, which creates an entry for webgate in Access Manager: 

WLSHOST: adminvhn.example.com
WLSPORT: 7001
WLSADMIN: weblogic
IDSTORE_HOST: idstore.example.com
IDSTORE_PORT: 389
IDSTORE_BINDDN: cn=orcladmin 
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=example,dc=com
IDSTORE_SEARCHBASE: dc=example,dc=com
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=example,dc=com
IDSTORE_OAMSOFTWAREUSER: oamLDAP
IDSTORE_OAMADMINUSER: oamadmin
PRIMARY_OAM_SERVERS: oamhost1.example.com:5575,oamhost2.example.com:5575
WEBGATE_TYPE: ohsWebgate11g
ACCESS_GATE_ID: Webgate_IDM
OAM11G_IDM_DOMAIN_OHS_HOST:sso.example.com
OAM11G_IDM_DOMAIN_OHS_PORT:443
OAM11G_IDM_DOMAIN_OHS_PROTOCOL:https
OAM11G_OAM_SERVER_TRANSFER_MODE:simple
OAM11G_IDM_DOMAIN_LOGOUT_URLS: /console/jsp/common/logout.jsp,/em/targetauth/emaslogout.jsp
OAM11G_WG_DENY_ON_NOT_PROTECTED: false
OAM11G_SERVER_LOGIN_ATTRIBUTE: uid 
OAM_TRANSFER_MODE: simple
COOKIE_DOMAIN: .example.com
OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
OAM11G_SSO_ONLY_FLAG: false
OAM11G_OIM_INTEGRATION_REQ: true or false
OAM11G_IMPERSONATION_FLAG:true
OAM11G_SERVER_LBR_HOST:sso.example.com
OAM11G_SERVER_LBR_PORT:443
OAM11G_SERVER_LBR_PROTOCOL:https
COOKIE_EXPIRY_INTERVAL: -1
OAM11G_OIM_OHS_URL:https://sso.example.com:443/
SPLIT_DOMAIN: true
OAM11G_IDSTORE_NAME: OAMIDStore
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=example,dc=com

Usage Notes

When you execute this command, the tool prompts you for:

  • Password of the identity store account to which you are connecting

  • Access Manager administrator password

  • Access Manager software user password

In the IBM WebSphere environment:

  • Run idmconfigtool from the Oracle Access Manager WebSphere cell.

  • Provide details of the IBM WebSphere server by specifying the following in the properties file:

    • WLSHOST - The WebSphere Application Server host

    • WLSPORT - The WebSphere Application Server bootstrap port

    • WLSADMIN - Login ID for the Oracle Access Management Console.

See Also:

Table C-2 for details of the properties.