Validating Oracle Identity Federation Configure the Enterprise Manager Agents Enabling Oracle Identity Federation Integration with LDAP Servers
15.5 Validating Oracle Identity Federation
Validate the configuration of Oracle Identity Federation on OIFHOST1 and OIFHOST2 by accessing the SP and IdP metatadata on each host. Proceed as follows on OIFHOST1: 1. Access the SP metadata by going to: http:oifhost1.mycompany.com:7499fedspmetadata 2. Access the IdP metadata by going to: http:oifhost1.mycompany.com:7499fedidpmetadata Proceed as follows on OIFHOST2: 1. Access the SP metadata by going to: http:oifhost2.mycompany.com:7499fedspmetadata 2. Access the IdP metadata by going to: http:oifhost2.mycompany.com:7499fedidpmetadata15.6 Configure the Enterprise Manager Agents
All the Oracle Fusion Middleware components deployed in this enterprise deployment are managed by using Oracle Enterprise Manager Fusion Middleware Control. To manage Oracle Identity Federation with this tool, you must configure the EM agents with the correct monitoring credentials. Update the credentials for the EM agents associated with OIFHOST1 and OIFHOST2. Follow these steps to complete this task: 1. Use a web browser to access Oracle Enterprise Manager Fusion Middleware Control at http:ADMINVHN.mycompany.com:7001em. Log in as the WebLogic user. Extending the Domain with Oracle Identity Federation 15-11 2. From the Domain Home Page, navigate to the Agent-Monitored Targets page using the menu under Farm - Agent-Monitored Targets. ■ Click the Configure link for the Target Type Identity Federation Server to go to the Configure Target Page. ■ On the Configure Target Page, click Change Agent and choose the correct agent for the host. ■ Update the WebLogic monitoring user name and the WebLogic monitoring password . Enter weblogic as the WebLogic monitoring user name and the password for the weblogic user as the WebLogic monitoring password. ■ Click OK to save your changes.15.7 Enabling Oracle Identity Federation Integration with LDAP Servers
By default, Oracle Identity Federation is not configured to be integrated with LDAP Servers deployed in a high availability configuration. To integrate Oracle Identity Federation with highly available LDAP Servers to serve as user data store, federation data store, or authentication engine, you must configure Oracle Identity Federation based on the LDAP servers function. Proceed as follows to integrate Oracle Identity Federation with an LDAP Server deployed in a high availability configuration 1. On IDMHOST1, set the DOMAIN_HOME and IDM_ORACLE_HOME environment variables to the Administration Server Domain home. 2. On IDMHOST1, set the environment using the setOIFEnv.sh script. This script is located under the IDM_ORACLE_HOMEfedscripts directory. For example: IDMHOST1 export DOMAIN_HOME=u01apporacleadminIDMDomainaserverIDMDomain IDMHOST export IDM_ORACLE_HOME=IDM_ORACLE_HOME IDMHOST1 cd IDM_ORACLE_HOMEfedscripts IDMHOST1 . setOIFEnv.sh 3. On IDMHOST1, run the WLST script located under the ORACLE_COMMON_HOMEbin directory. IDMHOST1 cd ORACLE_COMMON_HOMEcommonbin IDMHOST1 .wlst.sh 4. Connect to one of the Oracle Identity Federation Managed Servers: wls:offline connect Enter the username and password to connect to the Oracle Identity Federation Managed Servers. This is the same as the WebLogic Administration user name and password. Enter the URL to connect to the Oracle Identity Federation Managed Server: t3:OIFHOST1.mycompany.com:7499 5. Then enter the following properties, as needed: ■ To integrate the user data store with a highly available LDAP Server, set the userldaphaenabled boolean property from the datastore group to true: wls:IDMDomainserverConfig setConfigPropertydatastore,userldaphaenabled, true, boolean 15-12 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management Update was successful for: userldaphaenabled ■ Validate the user data store is integrated with a highly available LDAP store by running: wls:IDMDomainserverConfig getConfigPropertydatastore, userldaphaenabled Values for property: true The userldaphaenabled property must return true. ■ To integrate the federation data store with a highly available LDAP Server, set the fedldaphaenabled boolean property from the datastore group to true: wls:IDMDomainserverConfig setConfigPropertydatastore, fedldaphaenabled,true, boolean Update was successful for: fedldaphaenabled ■ Validate the federation data store is integrated with a highly available LDAP store by running: wls:IDMDomainserverConfig getConfigPropertydatastore, fedldaphaenabled Values for property: true The fedldaphaenabled property must return true. ■ To integrate the LDAP authentication engine with a highly available LDAP Server, set the ldaphaenabled boolean property from the authnengines group to true: wls:IDMDomainserverConfig setConfigPropertyauthnengines,ldaphaenabled, true, boolean Update was successful for: ldaphaenabled ■ Validate the LDAP authentication engine is integrated with a highly available LDAP store by running: wls:IDMDomainserverConfig getConfigPropertyauthnengines,ldaphaenabled Values for property: true The ldaphaenabled property for the authnengines group must return true. Note: On IDMHOST1, delete the following directories: ■ ORACLE_ BASE adminIDMDomainaserverIDMDomainconfigfmw configserverswls_oif1applications ■ ORACLE_ BASE adminIDMDomainaserverIDMDomainconfigfmw configserverswls_oif2applications Extending the Domain with Oracle Identity Federation 15-1315.8 Configuring Oracle Identity Federation to work with the Oracle Web Tier
Parts
» Oracle Fusion Middleware Online Documentation Library
» What is an Enterprise Deployment? Terminology
» Understanding the Directory Tier
» Architecture Notes Understanding the Application Tier
» Architecture Notes Security Provisions
» Using This Guide Oracle Fusion Middleware Online Documentation Library
» Hardware Resource Planning Oracle Fusion Middleware Online Documentation Library
» Load Balancers Network Prerequisites
» Configuring Virtual Server Names and Ports on the Load Balancer
» Virtual IP Addresses Managing Oracle Fusion Middleware Component Connections
» Firewall and Port Configuration
» Directory Structure Terminology and Environment Variables
» Recommended Locations for the Different Directories
» WebLogic Domain Considerations Real Application Clusters
» Creating Database Services for 11.2.x Databases Database Tuning
» RCU Example Executing the Repository Creation Utility
» Introduction Using this Guide Software Installation Summary
» Installation Installing Oracle HTTP Server
» Installing Oracle Fusion Middleware Components Installing Oracle Fusion Middleware Home
» Installing JRockit Installing Oracle Identity Management
» Upgrading the Oracle Homes for Oracle Identity Management from 11.1.1.2 to 11.1.1.5
» Installing the Oracle SOA Suite
» Installing Oracle Identity and Access Management
» Validating the Installation Backing up the Web Tier Configuration
» Enabling ADMINVHN on IDMHOST1 Running the Configuration Wizard on IDMHOST1 to Create a Domain
» Failing over the Administration Server to IDMHOST2
» Failing the Administration Server Back to IDMHOST1
» Configuring the First Oracle Internet Directory Instance
» Configuring an Additional Oracle Internet Directory Instance
» Registering Oracle Internet Directory with the WebLogic Server Domain
» Extending the Oracle WebLogic Domain with Oracle Directory Integration Platform and ODSM
» Installing and Configuring Oracle Directory Integration Platform and ODSM on IDMHOST2
» Provisioning the Managed Servers in the Managed Server Directory
» Validating Oracle Directory Services Manager Validating Oracle Directory Integration Platform
» Backing Up the Application Tier Configuration
» Configuring the First Oracle Virtual Directory Instance
» Configuring an Additional Oracle Virtual Directory
» Registering Oracle Virtual Directory with the Oracle WebLogic Server Domain
» Creating Policy Store Users and the Policy Container
» Reassociating the Policy and Credential Store
» Extending Directory Schema for Oracle Access Manager
» Creating Users and Groups for Oracle Access Manager
» Creating Users and Groups for Oracle Adaptive Access Manager
» Creating Users and Groups for Oracle Identity Manager
» Creating Users and Groups for Oracle WebLogic Server
» Creating Access Control Lists in Non-Oracle Internet Directory Directories
» Extending Domain with Oracle Access Manager
» Removing IDM Domain Agent Propagating the Domain Changes to the Managed Server Domain Directory
» Changing Oracle Access Manager Security Model
» Configuring Oracle Access Manager by Using the IDM Automation Tool
» Adding the oamadmin Account to Access System Administrators Validating Oracle Access Manager
» Setting up Keystore with the SSL Certificate and Private Key file of the Access Client
» Extending Domain for Oracle Adaptive Access Manager
» Prerequisites Loading Oracle Adaptive Access Manager Seed Data
» Backing Up the Application Tier Configuration Backing Up the Application Tier Configuration
» Prerequisites Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2
» Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite on IDMHOST1
» Propagating the Oracle Identity Manager and SOA Managed Servers to OIMHOST1 and OIMHOST2
» Prerequisites Configuring Oracle Identity Manager to Work with the Oracle Web Tier
» Configuring an IT Resource Instance for Email
» Creating and Importing New Rules
» Tuning Oracle Platform Security Backing Up the Application Tier Configuration
» Prerequisites Oracle Fusion Middleware Online Documentation Library
» Configuring Oracle Identity Federation on OIFHOST1
» Configuring Oracle Identity Federation on OIFHOST2
» Provisioning the Managed Servers on the Local Disk
» Validating Oracle Identity Federation Backing Up the Application Tier Configuration
» Generating Self-Signed Certificates Using the utils.CertGen Utility
» Configuring Node Manager to Use the Custom Keystores
» Starting Node Manager Configuring Managed WebLogic Servers to Use the Custom Keystores
» Configuring Server Migration Targets Click the Migration tab.
» Updating Existing LDAP Users with Required Object Classes
» Integrating Oracle Access Manager with Oracle Identity Manager by Using idmConfigTool
» Updating Oracle Virtual Directory Authenticator Manually Creating CSF Keys
» Managing the Password of the xelsysadm User Validating Integration
» Validating Oracle Adaptive Access Manager
» Prerequisites Creating Oracle Directory Authenticator
» On the Configure Web Server screen, click Yes to automatically update the web
» Validating WebGate Validating the Oracle Access Manager Single Sign-On Setup
» Monitoring Oracle Virtual Directory
» Monitoring Oracle Directory Integration Platform
» Scaling Up the Directory Tier
» Click the SSL tab. Click Advanced. Set Hostname Verification to None. Click Save.
» Click Save. Oracle Fusion Middleware Online Documentation Library
» Patching an Oracle Fusion Middleware Source File Patching Identity Management Components
» Troubleshooting Oracle Internet Directory
» Troubleshooting Oracle Virtual Directory
» Troubleshooting Oracle Directory Integration Platform
» Troubleshooting Oracle Directory Services Manager
Show more