15-2 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management especially important in Windows environments where the path including drive letter must be the same as that on IDMHOST1. 2. Install and upgrade the software on OIFHOST1 and OIFHOST2 as described in Section 4.5.4, Installing Oracle WebLogic Server and Section 4.5.5, Installing Oracle Identity Management. 3. Run the Repository Creation Utility RCU to create and configure the collection of schemas used by Oracle Identity Federation as described in Chapter 3, Configuring the Database Repositories. 4. Create the Identity Management domain as described in Chapter 6, Creating the WebLogic Server Domain for Identity Management. 5. Install and configure Oracle Internet Directory as described in Chapter 7, Extending the Domain with Oracle Internet Directory. .Oracle Fusion Middleware Administrators Guide for Oracle Internet Directory is used as the User Store and the Federation Store 6. Install and configure Oracle HTTP Server on WEBHOST1 and WEBHOST2 as described in Chapter 5, Configuring the Web Tier. 7. Associate the Identity Management domain created with an External LDAP Store as described in Section 10.3.2, Reassociating the Policy and Credential Store. This is required because Oracle Identity Federation is being extended on a node where the Administration Server is not running.

15.2 Configuring Oracle Identity Federation on OIFHOST1

Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using. If you plan on provisioning the Instance Home or the Managed Server domain directory on shared storage, ensure that the appropriate shared storage volumes are mounted on IDMHOST1 as described in Section 2.4, Shared Storage and Recommended Directory Structure. On UNIX: 1. Ensure that port 7499 is not in use by any service on the computer by issuing these commands for the operating system you are using. If a port is not in use, no output is returned from the command. On UNIX: netstat -an | grep 7499 If the port is in use if the command returns output identifying the port, you must free it. On UNIX: Remove the entries for port 7499 in the etcservices file and restart the services, as described in Section 20.1, Starting and Stopping Oracle Identity Management Components, or restart the computer. 2. Copy the staticports.ini file from the Disk1stageResponse directory to a temporary directory. 3. Edit the staticports.ini file that you copied to the temporary directory to assign the following custom port: Extending the Domain with Oracle Identity Federation 15-3

4. Start the Oracle Identity Management 11g Configuration Assistant located under

the IDM_ORACLE_HOMEbin directory as follows: On UNIX, issue this command: .config.sh On Windows, double-click config.exe

5. On the Welcome screen, click Next.

6. On the Select Domain screen, select Extend Existing Domain and specify these values: ■ HostName : adminvhn.mycompany.com ■ Port : 7001 ■ UserName : weblogic ■ User Password : weblogic_user_password Click Next. 7. A dialog box with the following message appears: The selected domain is not a valid Identity Management domain or the installer cannot determine if it is a valid domain. If you created the domain using the Identity Management installer, you can ignore this message and continue. If you did not create the domain using the Identity Management installer, refer to the Identity Management documentation for information on how to verify the domain is valid. This is a benign warning that you can ignore. Click Yes to continue. 8. On the Specify Installation Location screen, specify the following values: ■ Oracle Middleware Home Location : u01apporacleproductfmw This value is prefilled and cannot be updated. ■ Oracle Home Directory : idm This value is prefilled and cannot be updated ■ WebLogic Server Directory : u01apporacleproductfmwwlserver_10.3 ■ Oracle Instance Location : u01apporacleadmininstancesoif_ inst1 ■ Instance Name : oif_inst1 Click Next. 9. On the Specify Security Updates screen, specify the values shown in this example: ■ Email Address : Provide the email address for your My Oracle Support account. Port Value Oracle Identity Federation Server Port 7499 15-4 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management ■ Oracle Support Password : Provide the password for your My Oracle Support account. ■ Select I wish to receive security updates via My Oracle Support. Click Next. 10. On the Configure Components screen, de-select all the components except Oracle Identity Federation components. Select only Oracle Identity Federation from the Oracle Identity Federation components. Do not select Oracle HTTP Server. Select Clustered . Click Next. 11. On the Configure Ports screen, select Specify Ports using Configuration File. Provide the path to the staticports.ini file that you copied to the temporary directory. Click Next. 12. On the Specify OIF Details screen, specify these values: ■ PKCS12 Password : password ■ Confirm Password : Confirm the password ■ Server Id : WLS_OIF1 Click Next. 13. On the Select OIF Advanced Flow Attributes screen, specify these values: ■ Authentication Type : LDAP ■ User Store : LDAP ■ Federation Store : LDAP ■ User Session Store : RDBMS default selection, which cannot be changed for a cluster ■ Message Store : RDBMS default selection, which cannot be changed for a cluster ■ Configuration Store : RDBMS default selection, which cannot be changed for a cluster Click Next. 14. On the Authentication LDAP Details screen, specify the following values: ■ LDAP Type : Select Oracle Internet Directory if you have an Oracle Internet Directory only topology without Oracle Virtual Directory. Otherwise select Oracle Virtual Directory. ■ LDAP URL : The LDAP URL to connect to your LDAP store in the format: ldaps:host:port. For example: ldaps:idstore.mycompany.com:636 Note: When you choose RDBMS for the session, message, and configuration data stores during an Advanced installation, the installer creates one data source for all three data stores. If you want to have separate databases for each of these stores, you must configure this after the installation by using the OUI Config Wizard. Extending the Domain with Oracle Identity Federation 15-5 ■ LDAP Bind DN : cn=orcladmin ■ LDAP Password : orcladmin_password ■ User Credential ID Attribute : uid ■ User Unique ID Attribute : uid ■ Person Object Class : inetOrgPerson ■ Base DN : dc=mycompany,dc=com Click Next. 15. On the LDAP Attributes for User Data Store screen, specify the following values: ■ LDAP Type : Select Oracle Internet Directory if you have an Oracle Internet Directory only topology without Oracle Virtual Directory. Otherwise select Oracle Virtual Directory . ■ LDAP URL : The LDAP URL to connect to your LDAP store in the format: ldaps:host:port. For example: ldaps:idstore.mycompany.com:636 ■ LDAP Bind DN : cn=orcladmin ■ LDAP Password : orcladmin_password ■ User Description Attribute : uid ■ User ID Attribute : uid ■ Person Object Class : inetOrgPerson ■ Base DN : dc=mycompany,dc=com Click Next. 16. On the LDAP Attributes for Federation Data Store screen, specify the following values. ■ LDAP Type : Select the directory type that matches the directory where your identity information is stored. If you have more than one directory type, select one that is highly available. ■ LDAP URL : Provide the LDAP URL to connect to your LDAP store in the format: ldaps:host:port. For example: ldaps:oididstore.mycompany.com:636 ■ LDAP Bind DN : Enter the bind DN of an administrator in the user directory, for example: cn=orcladmin ■ LDAP Password : orcladmin_password ■ User Federation Record Context : cn=myfed,dc=mycompany,dc=com Note: The Federation Data Store is used to store identity provider information referencing the user and the local user account identity. This information should be stored with the user information in the Identity Store directory. If you are using multiple Identity Store directories, select one of them. You cannot select Oracle Virtual Directory, as the configuration assistant must add object classes directly to the LDAP directory. 15-6 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management ■ Container Object Class : The type of User Federation Record Context that Oracle Identity Federation should use when creating the LDAP container, if it does not exist already. If that field is empty, its value is set to applicationprocess. For Microsoft Active Directory this field must be set to container. Click Next. 17. On the Transient Store Database Details screen, specify the values shown in this example: ■ Host Name : The connect string to your database. For example: oiddbhost1-vip.mycompany.com:1521:idmdb1oiddbhost2-vip.my company.com:1521:idmdb2oidedg.mycompany.com ■ UserName : The username for the OIF Schema. For example: edg_oif ■ Password : oif_user_password Click Next. 18. On the Installation Summary screen, review the selections to ensure that they are correct. If they are not correct, click Back to modify selections on previous screens. Then click Configure. 19. On the Configuration Progress screen, view the progress of the configuration.

20. On the Configuration Complete screen, click Finish to confirm your choice to exit.

15.3 Configuring Oracle Identity Federation on OIFHOST2