This chapter provides information you should review before installing Oracle Identity Management 11g Release 1 (11.1.1.9.0) components.
This chapter discusses the following topics:
Understanding Oracle Fusion Middleware Support of 64-bit JDK
Installing and Configuring Java Access Bridge (Windows Only)
Executing the oracleRoot.sh Script on Linux or UNIX Platforms
Configuring Oracle Internet Directory with Privileged Ports on Linux Operating Systems
Optional: Configuring the Minimum Amount for Oracle WebLogic Server's Maximum Heap Size
Before performing any installation, you should read the system requirements and certification documents to ensure that your environment meets the minimum installation requirements for the products you are installing.
Oracle Fusion Middleware System Requirements and Specifications
This document contains information related to hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches.
Oracle Fusion Middleware Supported System Configurations
This document contains information related to supported installation types, platforms, operating systems, databases, JDKs, and third-party products.
For interoperability and compatibility issues that may arise when installing, refer to Oracle Fusion Middleware Interoperability and Compatibility Guide.
This document contains important information regarding the ability of Oracle Fusion Middleware products to function with previous versions of other Oracle Fusion Middleware, Oracle, or third-party products. This information is applicable to both new Oracle Fusion Middleware users and existing users who are upgrading their existing environment.
If you are using a 64-bit JVM in your environment, ensure that all your Oracle Fusion Middleware components are using the 64-bit JVM. You cannot mix components using a 32-bit JVM with those using a 64-bit JVM.
For more information, refer to the System Requirements and Supported Platforms for Oracle Fusion Middleware 11gR1 document, available at the following page:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html
If your Oracle Fusion Middleware components are running in a 64-bit JVM environment, ensure that WebLogic Server is installed with the 64-bit JDK. For 32-bit JVM support, refer to the Oracle Fusion Middleware Release Notes for information on how to configure your environment for 32-bit JVM support for your platform.
If you are installing Oracle Identity Management on a Windows system, you have the option of installing and configuring Java Access Bridge for Section 508 Accessibility. This is only necessary if you require Section 508 Accessibility features:
Download Java Access Bridge from the following Web site:
http://java.sun.com/javase/technologies/accessibility/accessbridge/
Install Java Access Bridge.
Copy access-bridge.jar and access-1_4.jar from your installation location to the jre\lib\ext directory.
Copy the WindowsAccessBridge.dll, JavaAccessBridge.dll, and JAWTAccessBridge.dll files from your installation location to the jre\bin directory.
Copy the accessibility.properties file to the jre\lib directory.
During installation on Linux or UNIX platforms, the installer prompts you to log in as the root user and run the oracleRoot.sh script. You must log in as the root user because the script creates files, edits files, and changes the permissions of certain Oracle executable files in the Oracle_HOME/bin directory.
If the oracleRoot.sh script finds files of the same name, it prompts you to indicate whether or not to override the existing files. Back up the existing files (you can do this from another window), then overwrite them.
This topic describes optional environment-specific tasks you may want to perform before installing Oracle Identity Management 11g Release 1 (11.1.1.9.0). This topic includes the following sections:
Note:
If the environment variableLD_ASSUME_KERNEL is set, it needs to be unset.If you want to install Oracle Identity Management using symbolic links, you must create them before installation. For example, you could create symbolic links for the installation by executing the following commands:
prompt> mkdir /home/basedir prompt> ln -s /home/basedir /home/linkdir
Then, when you run the Installer to install Oracle Identity Management, you can specify /home/linkdir as the Oracle Home.
After installation, you cannot create symbolic links to the Oracle Home. Also, you cannot move the Oracle Home to a different location and create a symbolic link to the original Oracle Home.
If you plan to install Oracle Identity Management components on a DHCP server, you must ensure the Installer can resolve host names. This may require editing the /etc/hosts file on UNIX systems, and installing a loopback adapter on Windows systems. The following information provides general examples, you should alter these examples to make them specific to your environment.
Configure the host to resolve host names to the loopback IP address by modifying the /etc/hosts file to contain the following entries. Replace the variables with the appropriate host and domain names:
127.0.0.1 hostname.domainname hostname 127.0.0.1 localhost.localdomain localhost
Confirm the host name resolves to the loopback IP address by executing the following command:
ping hostname.domainname
Install a loopback adapter on the DHCP host and assign it a non routable IP address.
After installing the adapter, add a line to the %SYSTEMROOT%\system32\drivers\etc\hosts file immediately after the localhost line and using the following format, where IP_address represents the local IP address of the loopback adapter:
IP_address hostname.domainname hostname
You can install Oracle Identity Management components on a multihomed system. A multihomed system is associated with multiple IP addresses, typically achieved by having multiple network cards on the system. Each IP address is associated with a host name and you can create aliases for each host name.
The Installer retrieves the fully qualified domain name from the first entry in /etc/hosts file on UNIX, or the %SYSTEMROOT%\system32\drivers\etc\hosts file on Windows. For example, if your file looks like the following, the Installer retrieves myhost1.mycompany.com for configuration:
127.0.0.1 localhost.localdomain localhost 10.222.333.444 myhost1.mycompany.com myhost1 20.222.333.444 devhost2.mycompany.com devhost2
For specific network configuration of a system component, refer to the individual component's documentation listed in "Related Documents"for more information.
This topic describes directories you must identify in most Oracle Identity Management installations and configurations—it does not describe one particular Installer screen. During installation, you will have to identify other component-specific directories not described in this topic.
The common directories described in this section include the following:
Identify the location of your Oracle Middleware Home directory. The Installer creates an Oracle Home directory for the component you are installing under the Oracle Middleware Home that you identify in this field. The Installer also creates an Oracle Common Home directory under the Oracle Middleware Home. The Oracle Common Home contains the binary and library files required for Oracle Enterprise Manager Fusion Middleware Control and Oracle Java Required Files (JRF). There can be only one Oracle Common Home within each Oracle Middleware Home.
The Oracle Middleware Home directory is commonly referred to as MW_HOME.
Note:
To install Oracle Identity Management components in an existing Oracle WebLogic Server administration domain, each Oracle Middleware Home directory in the domain must have identical directory paths and names.Enter a name for the component's Oracle Home directory. The Installer uses the name you enter in this field to create the Oracle Home directory under the location you enter in the Oracle Middleware Home Location field. The Installer installs the files (such as binaries and libraries) required to host the component in the Oracle Home directory.
The Oracle Home directory is commonly referred to as ORACLE_HOME.
Note:
To install Oracle Identity Management components in an existing Oracle WebLogic Server administration domain, each Oracle Home directory in the domain must have identical directory paths and names.Enter the path to your Oracle WebLogic Server Home directory. This directory contains the files required to host the Oracle WebLogic Server. It is commonly referred to as WL_HOME.
Note:
To install Oracle Identity Management components in an existing Oracle WebLogic Server administration domain, each Oracle WebLogic Server Home directory in the domain must have identical directory paths and names.Enter the path to the location where you want to create the Oracle Instance directory. The Installer creates the Oracle Instance directory using the location you enter in this field and using the name you enter in the Oracle Instance Name field. Do not enter a path to an existing directory that contains files—if you enter a path to an existing directory, that directory must be empty.
The Installer installs the component's configuration files and runtime components in the Oracle Instance directory. Runtime components will write only to this directory. You can identify any location on your system for the Oracle Instance directory—it does not have to reside inside the Oracle Middleware Home directory.
Enter a name for the Oracle Instance directory. The Installer uses the name you enter in this field to create the Oracle Instance directory at the location you specify in the Oracle Instance Location field. This directory is commonly referred to as ORACLE_INSTANCE.
Instance names are important because Oracle Fusion Middleware uses them to uniquely identify instances. If you install multiple Oracle Fusion Middleware instances on the same computer, for example, an Oracle Identity Management instance and an Oracle WebLogic Server instance, you must give them different names.
The name you enter for the Oracle Instance directory must:
Contain only alphanumeric and underscore (_) characters
Begin with an alphabetic character (a-z or A-Z)
Consist of 4-30 characters
Not contain the host name or IP address of the computer
Note:
You cannot change the Oracle Instance name after installation.If you want to install an Oracle Identity Management 11g Release 1 (11.1.1) component against an existing Oracle Identity Management 11g Release 1 (11.1.1) component, you may need to identify the ports for the existing component. For example, if you want to install Oracle Directory Integration Platform 11g Release 1 (11.1.1) against an existing Oracle Internet Directory 11g Release 1 (11.1.1) component, you must identify its port when you install Oracle Directory Integration Platform.
You can get information about ports using the following:
WebLogic Server Administration Console.
Log in to the Administration Console. Click on Servers under Environment to see what ports are in use for the Administration Server and Managed Servers.
ORACLE_INSTANCE/config/OPMN/opmn/ports.prop
Note:
If you change a component's port number after installation, theports.prop file is not updated.The ORACLE_INSTANCE/bin/opmnctl status -l command to see port numbers of components managed by OPMN.
By default, the Oracle Identity Management 11g Installer does not assign privileged ports to Oracle Internet Directory; however, you can override the default by using the staticports.ini file. (See Section 4.2.8, "Installing and Configuring Oracle Identity Management 11g Release 1 (11.1.1.9.0) Software.")
If you want to configure Oracle Internet Directory to run on privileged ports on a Linux operating system, then perform the following steps:
Complete only an installation of Oracle Identity Management 11g Release 1 (11.1.1.9.0), as described in Chapter 4, "Installing and Configuring Oracle Identity Management (11.1.1.9.0)."
As the root user, execute ORACLE_HOME/oracleRoot.sh.
For more information, see Section 2.4, "Executing the oracleRoot.sh Script on Linux or UNIX Platforms."
As the root user, execute ORACLE_HOME/oidRoot.sh.
Change .apachectl permissions.
To do this, run the following as root user:
/bin/chown root ORACLE_HOME/ohs/bin/.apachectl /bin/chmod 6750 ORACLE_HOME/ohs/bin/.apachectl
Configure Oracle Internet Directory with the privileged ports using the staticports.ini file.
After installing Oracle Identity Management 11g Release 1 (11.1.1), if you want to configure the minimum (lowest) level of maximum heap size (-Xmx) required for Oracle WebLogic Server to host Oracle Identity Management components, perform the steps in this section.
Note:
This is an optional step, typically performed only for test, development, or demonstration environments.The minimum (lowest) levels for maximum heap size are:
Oracle WebLogic Administration Server: 512 MB
Oracle WebLogic Managed Server: 256 MB
Perform the following steps to configure the heap size for Oracle WebLogic Administration Servers and Oracle WebLogic Managed Servers:
Open the setDomainEnv script (.sh or .bat) in the MW_HOME/user_projects/domains/DOMAIN_NAME/bin/ directory.
Locate the last occurrence of the EXTRA_JAVA_PROPERTIES entry.
In the last occurrence of the EXTRA_JAVA_PROPERTIES entry, locate the last occurrence of heap size parameters: -Xmx, -Xms, and so on.
Note:
These are the heap size parameters for the Oracle WebLogic Administration Server.Set the heap size parameters (-Xms and -Xmx) for the Oracle WebLogic Administration Server as desired, for example: -Xms256m and -Xmx512m
To set the heap size parameters for the Oracle WebLogic Managed Server, enter the text in Example 2-1 immediately below the last occurrence of the EXTRA_JAVA_PROPERTIES entry and:
Set the heap size parameters (-Xms and -Xmx) as desired, for example: -Xms256m -Xmx256m
Replace wls_ods1 with the name of the Oracle WebLogic Managed Server hosting Oracle Directory Services Manager.
Replace wls_oif1 with the name the Oracle WebLogic Managed Server hosting Oracle Identity Federation.
Save and close the setDomainEnv script.
Restart the Oracle WebLogic Administration Server and the Oracle WebLogic Managed Server by referring to Appendix B, "Starting or Stopping the Oracle Stack."
Note:
On UNIX systems, if you execute theps -ef command and grep for AdminServer or the name of the Oracle WebLogic Managed Server (for example, ps -ef | grep AdminServer or ps -ef | grep wls_oif1), the output contains multiple occurrences of heap size parameters (-Xmx and -Xms).
Be aware that the last occurrence of the heap size parameters in the output are effective and have precedence over the preceding occurrences.
Oracle Directory Integration Platform (ODIP) and Oracle Identity Federation (OIF) are configured with a WebLogic domain. Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD) can be configured with or without a WebLogic domain. If you want to use the Oracle WebLogic Server Node Manager Utility for Oracle Identity Management products that require a WebLogic domain, you must configure Node Manager.
To configure Node Manager, you must perform the following steps after installing Oracle WebLogic Server and before installing Oracle Identity Management:
Verify the Oracle WebLogic Server Node Manager utility is stopped. If it is running, kill the process. Use the following commands to identify running process and kill the same:
For example, on UNIX:
1) ps -ef | egrep weblogic.NodeManager | egrep -v egrep
This will return the Process Id of the Node Manager Process.
2) kill -9 <Process Id of the Node Manager Process>
On Windows:
Use the Windows Task Manager to identify running Node Manager processes and kill the same.
Determine if the nodemanager.properties file is present in the WL_HOME/common/nodemanager/ directory.
If the nodemanager.properties file is not present, then follow the instructions below:
On UNIX:
Run startNodeManager.sh (Located at <WL_HOME>/server/bin directory) to start Node Manager.
On Windows:
Run startNodeManager.cmd (Located at <WL_HOME>\server\bin directory) to start Node Manager.
If the nodemanager.properties file does exist, open it and verify that the ListenPort parameter is included and that it is set. If the ListenPort parameter is not included or set, edit the nodemanager.properties file so that it is similar to the following, where NODE_MANAGER_LISTEN_PORT represents the port the Node Manager listens on, such as 5556:
ListenPort=NODE_MANAGER_LISTEN_PORT
Also, verify that the StartScriptEnabled parameter is included in this file and that it is set to true. If the StartScriptEnabled parameter is not included or set to true, edit the nodemanager.properties file as follows:
StartScriptEnabled=true
Note:
You must start the Node Manager with Java Secure Socket Extension (JSSE) enabled if you have applied the following Oracle WebLogic Server patches to your Middleware home:13964737 (YVDZ)
14174803 (IMWL)
These patches are available from My Oracle Support. For information on how to start the Node Manager with JSSE enabled, see the "Set the Node Manager Environment Variables" topic in the Node Manager Administrator's Guide for Oracle WebLogic Server.
The Installer writes log files to the ORACLE_INVENTORY_LOCATION/logs directory on UNIX systems and to the ORACLE_INVENTORY_LOCATION\logs directory on Windows systems.
On UNIX systems, if you do not know the location of your Oracle Inventory directory, you can find it in the ORACLE_HOME/oraInst.loc file.
On Microsoft Windows systems, the default location for the inventory directory is C:\Program Files\Oracle\Inventory\logs.
The following install log files are written to the log directory:
installDATE-TIME_STAMP.log
installDATE-TIME_STAMP.out
installActionsDATE-TIME_STAMP.log
installProfileDATE-TIME_STAMP.log
oraInstallDATE-TIME_STAMP.err
oraInstallDATE-TIME_STAMP.log
opatchDATE-TIME_STAMP.log