14-2 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management granular reports that attest to who has access to what. Oracle Identity Manager is available as a standalone product or as part of Oracle Identity Management. Automating user identity provisioning can reduce Information Technology IT administration costs and improve security. Provisioning also plays an important role in regulatory compliance. Key features of Oracle Identity Manager include password management, workflow and policy management, identity reconciliation, reporting and auditing, and extensibility through adapters. Oracle Identity Manager provides the following key functionalities: ■ User Administration ■ Workflow and Policy ■ Password Management ■ Audit and Compliance Management ■ Integration Solutions ■ User Provisioning ■ Organization and Role Management For details about Oracle Identity Manager, see the Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager.

14.1 Prerequisites

Before extending the domain with Oracle Identity Manager, ensure that the following tasks have been performed: 1. Ensure that the virtual IP addresses for the Oracle Identity Manager and SOA managed servers have been provisioned. See Section 2.2.3, Virtual IP Addresses for details 2. Install and upgrade the following software on IDMHOST1, IDMHOST2, OIMHOST1 and OIMHOST2: ■ WebLogic Server: See Section 4.5.4 . ■ Oracle Identity Management: See Section 4.5.5 and Section 4.5.6 . ■ Oracle SOA Suite: See Section 4.5.7 . ■ Oracle Identity and Access Management: See Section 4.5.8 . 3. Ensure that you have created the wlfullclient.jar file, as described in Section 4.6.4, Creating the wlfullclient.jar File. 4. Install and configure the Oracle Internet Directory instances, as described in Chapter 7 . 5. If you are using Oracle Virtual Directory, ensure you have extended the domain with Oracle Virtual Directory as described in Chapter 9 . 6. Provision the Oracle Identity Management users as described in Section 10.4.4, Creating Users and Groups for Oracle Identity Manager. 7. On IDMHOST1, edit the file DOMAIN_ HOME configfmwconfigjps-config.xml. Locate the entry that looks like this: serviceInstance location=Path_to_Domainconfigfmwconfigdefault-keystore.jks Extending the Domain with Oracle Identity Manager 14-3 provider=keystore.provider name=keystore.ldap Remove the Path from the keystore location so that the final entry looks like this: serviceInstance location=.default-keystore.jks provider=keystore.provider name=keystore.ldap Save the file. 8. Stop all the managed servers running in your domain before extending the domain with Oracle Identity Manager.

14.2 Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2

The Identity Management domain uses virtual host names as the listen addresses for the Oracle Identity Manager and SOA managed servers. You must enable two virtual IP addresses mapping each of these host names on each of the two Oracle Identity Manager machines. Specifically, enable OIMVHN1 and SOAVHN1 on OIMHOST1 and enable OIMVHN2 and SOAVHN2 on OIMHOST2. These virtual addresses must correctly resolve to the virtual host names in the network system used by the topology, either by DNS Server or by hosts resolution. To enable the virtual IP addresses, follow the steps described in Section 6.1, Enabling ADMINVHN on IDMHOST1. These virtual IP addresses and virtual host names are required to enable server migration for the Oracle Identity Manager and SOA servers. Server migration must be configured for the Oracle Identity Manager and SOA managed servers for high availability purposes.

14.3 Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite on IDMHOST1