4-20 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management

4.6.3 Provisioning the OIM Login Modules Under the WebLogic Server Library Directory

Due to issues with versions of the configuration wizard, some environmental variables are not added to the DOMAIN_HOMEbinsetDomainenv.sh script. This causes certain install sequences to fail. This section is a temporary workaround for that problem. The steps in this section must be performed on all the hosts in application tier IDMHOST1, IDMHOST2, OIMHOST1, OIMHOST2, OAAMHOST1, OAAMHOST2, OIFHOST1, and OIFHOST2. Apply the following steps across all the WebLogic Server homes in the domain. 1. Copy the OIMAuthenticator.jar, oimmbean.jar, oimsigmbean.jar and oimsignaturembean.jar files located under the IAM_ORACLE_ HOME serverloginmodulewls directory to the MW_HOMEwlserver_ 10.3serverlibmbeantypes directory. cp IAM_ORACLE_HOMEserverloginmodulewls MW_HOMEwlserver_ 10.3serverlibmbeantypes. 2. Change directory to MW_HOMEwlserver_10.3serverlibmbeantypes. cd MW_HOMEwlserver_10.3serverlibmbeantypes 3. Change the permissions on these files to 750 by using the chmod command. chmod 750

4.6.4 Creating the wlfullclient.jar File

Oracle Identity Manager uses the wlfullclient.jar library for certain operations. Oracle does not ship this library, so you must create this library manually. Oracle recommends creating this library under the MW_HOMEwlserver_ 10.3serverlib directory on all the machines in the application tier of your environment. You do not need to create this library on directory tier machines such as OIDHOST1, OIDHOST2, OVDHOST1 and OVDHOST2. Follow these steps to create the wlfullclient.jar file: 1. Navigate to the MW_HOMEwlserver_10.3serverlib directory 2. Set your JAVA_HOME environment variable and ensure that the JAVA_HOMEbin directory is in your path. 3. Create the wlfullclient.jar file by running: java -jar wljarbuilder.jar

4.7 Backing Up the Installation

It is a best practice recommendation to back up the Middleware Home and the Oracle Homes. On Linux, to create a backup of the MW_HOME and the ORACLE_HOMEs, as the root user, type: tar -cvpf fmwhomeback.tar ORACLE_BASEproductfmw This creates a backup of the installation files for any products installed in the Oracle Fusion Middleware home. 5 Configuring the Web Tier 5-1 5 Configuring the Web Tier This chapter describes how to configure the Oracle Web Tier. Follow these steps to configure the Oracle HTTP Server on Webhost1 and Webhost2. This chapter includes the following topics: ■ Section 5.1, Configuring the Oracle Web Tier ■ Section 5.2, Configuring Virtual Hosts ■ Section 5.3, Configuring Oracle HTTP Server to Run as Software Owner ■ Section 5.4, Validating the Installation ■ Section 5.5, Backing up the Web Tier Configuration

5.1 Configuring the Oracle Web Tier

The steps for configuring the Oracle Web Tier are the same for WEBHOST1 and WEBHOST2. This section contains the following topics: ■ Section 5.1.1, Configuring the HTTP Server ■ Section 5.1.2, Validating the Installation

5.1.1 Configuring the HTTP Server

Perform these steps to configure the Oracle web tier: 1. Change the directory to the location of the Oracle Fusion Middleware Configuration Wizard: WEBHOST1 cd WEB_ORACLE_HOMEbin 2. Start the Configuration Wizard: WEBHOST1 .config.sh Enter the following information into the configuration wizard:

1. On the Welcome screen, click Next.

2. On the Configure Component screen, select: Oracle HTTP Server.

Ensure that Associate Selected Components with WebLogic Domain is NOT selected. Ensure Oracle Web Cache is NOT selected. 5-2 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management Click Next. 3. On the Specify Component Details screen, specify the following values: Enter the following values for WEBHOST1: ■ Instance Home Location: u01apporacleadminohs_inst1 ■ Instance Name: ohs_inst1 ■ OHS Component Name: ohs1 Enter the following values for WEBHOST2: ■ Instance Home Location: u01apporacleadminohs_inst2 ■ Instance Name: ohs_inst2 ■ OHS Component Name: ohs2 Click Next. 4. On the Configure Ports screen, use a file to specify the ports to be used so that you can bypass automatic port configuration. You do this to have all of the ports used by the various components synchronized across hosts, which is advisable but not mandatory in High Availability implementations, Select a file name and then click ViewEdit . Enter the following port numbers into the file: You can find a sample staticports.ini file on installation Disk1 in the stageResponse directory. Click Save, then click Next. 5. On the Specify Security Updates screen, specify these values: ■ Email Address : The email address for your My Oracle Support account. ■ Oracle Support Password : The password for your My Oracle Support account. Select: I wish to receive security updates via My Oracle Support. Click Next.

6. On the Installation Summary screen, review the selections to ensure that they are

correct. If they are not, click Back to modify selections on previous screens. Click Configure. On the Configuration screen, the wizard launches multiple configuration assistants. This process can be lengthy. When it completes, click Next. On the Installation Complete screen, click Finish to confirm your choice to exit.

5.1.2 Validating the Installation

After the installation is completed, check that you can access the Oracle HTTP Server home page using the following URLs: http:webhost1.mycompany.com:7777 Port Value Listen Port for OHS Component 7777 OPMN Local Port 6700 Configuring the Web Tier 5-3 http:webhost2.mycompany.com:7777

5.2 Configuring Virtual Hosts

In order for Oracle Identity Management to work with the load balancer, you must create two virtual hosts. To do so, create a file called virtual_hosts.conf in ORACLE_ INSTANCE configOHScomponentmoduleconf. On WEBHOST1 and WEBHOST2, add the following entries to the file: NameVirtualHost :7777 VirtualHost :7777 ServerName https:sso.mycompany.com:443 RewriteEngine On RewriteOptions inherit UseCanonicalName On VirtualHost VirtualHost :7777 ServerName http:oiminternal.mycompany.com:80 RewriteEngine On RewriteOptions inherit UseCanonicalName On VirtualHost

5.3 Configuring Oracle HTTP Server to Run as Software Owner

By default, the Oracle HTTP server runs as the user nobody. In the Identity Management installation, the Oracle HTTP server should run as the Software owner and group. To cause it to run as the appropriate user and group, edit the file httpd.conf, which is located in ORACLE_INSTANCEconfigOHScomponent_name. Find the section in httpd.conf where User is defined. Change this section to read: User User_who_installed_the_software Group Group_under_which_the_HTTP_server_runs Group is typically the default user group, for example: oinstall. For example: IfModule mpm_winnt_module If you wish httpd to run as a different user or group, you must run httpd as root initially and it will switch. UserGroup: The name or number of the usergroup to run httpd as. . On SCO ODT 3 use User nouser and Group nogroup. . On HPUX you may not be able to use shared memory as nobody, and the suggested workaround is to create a user www and use that user. NOTE that some kernels refuse to setgidGroup or semctlIPC_SET when the value of unsignedGroup is above 60000; dont use Group -1 on these systems User oracle Group oinstall 5-4 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management IfModule Restart the Oracle HTTP Server, as described in Section 20.1, Starting and Stopping Oracle Identity Management Components.

5.4 Validating the Installation