Planning Oracle Identity Federation Deployment 2-31 Repository Specify repository for the user data and federation persistent data. LDAP server hostname for example, ldap.mydomain.com LDAP server port number for example, 389 LDAP server access credentials for example, Bind DN = {cn=orcladmin}, Password = {mysecret} Base DN for example, dc=mydomain,dc=com federation record context for example, cn=fed,dc=mydomain ,dc=com federation schema update 1 This information must be provided at the time of installation. transient data store Specify repository for transient data: RDBMS or in-memory. Configuration data store Specify repository for transient data: RDBMS or File IdP Profiles Bindings Use a row for each combination enabled. SP Profiles Bindings Use a row for each combination enabled. SSL Encryption EnabledDisabled Java keystore for SSL For information about setting up SSL, see Section 8.1, Configuring SSL for Oracle Identity Federation . Certificates signing Specify location of PKCS 12 wallet for signing key pair. encryption Specify location of PKCS 12 wallet for encryption key pair. Table 2–4 Cont. Implementation Checklist Planning Item Recommended Proposed Value Notes 2-32 Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation Performance Planning Topology, Reference Server Footprint For performance tips and recommendations, see Oracle Fusion Middleware Performance and Tuning Guide. 1 For the federation schema update, collect the Connection URL, the Bind DN, password, User Federation Record Context, the LDAP Container Object Class Microsoft Active Directory, and Unique Federation ID Attribute. Table 2–4 Cont. Implementation Checklist Planning Item Recommended Proposed Value Notes 3 Deploying Oracle Identity Federation 3-1 3 Deploying Oracle Identity Federation This chapter describes key deployment scenarios, including integration with identity and access management systems, Web servers, and back-end data stores. It contains these topics: ■ Introduction ■ Deployment Scenarios ■ Post-Upgrade Administration

3.1 Introduction

Oracle Identity Federation operates in a heterogeneous environment and is interoperable with a wide variety of platforms and applications. It supports multiple options for data stores and authentication providers. To resolve deployment issues and questions, refer to Chapter 2, Planning Oracle Identity Federation Deployment which provides extensive background information to help you plan your deployment: ■ Section 2.1, Architecture Options provides details about supported protocols and profiles, and what to consider when evaluating deployment options. ■ Section 2.6, Sizing Guidelines explains performance factors and provides topology recommendations. ■ Section 2.7, Implementation Checklist provides a deployment checklist. The next section describes different deployment scenarios and provides step-by-step instructions for configuring Oracle Identity Federation to work with key components of the federation environment.

3.2 Deployment Scenarios

This section describes the steps needed to implement common Oracle Identity Federation deployment scenarios. It contains these sections: ■ Deploying Oracle Identity Federation with Oracle HTTP Server ■ Deploying Oracle Identity Federation with Oracle Single Sign-On ■ Deploying Oracle Identity Federation with Oracle Access Manager 10g ■ Deploying Oracle Identity Federation with Oracle Access Manager 11g ■ Oracle Identity FederationSP Authenticating to Oracle Access Manager 3-2 Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation ■ Deploying Oracle Identity Federation with Oracle Directory Server Enterprise Edition ■ Using the Test SP Engine

3.2.1 Deploying Oracle Identity Federation with Oracle HTTP Server

HTTP Servers are deployed in the Web tier. Most Identity Management components can function without the Web tier, but for most enterprise deployments, the Web tier is desirable. To support enterprise level single sign-on using products such as Oracle Single Sign-On and Oracle Access Manager, the Web tier is required. This section describes the steps needed to install and deploy Oracle Identity Federation so that it is integrated with Oracle HTTP Server OHS. ■ Install Oracle HTTP Server ■ Manage the Oracle HTTP Server Instance ■ Associate Oracle HTTP Server with Managed Server ■ Update Oracle Identity Federation Configuration

3.2.1.1 Install Oracle HTTP Server

When installing the IdM suite, select Oracle HTTP Server in the Select Components screen. This will install Oracle HTTP Server. After installation, issue the following command-line instruction to create the instance: AS_INSTbinopmnctl createcomponent -componentType OHS -componentName OHS_NAME where AS_INST represents the application server instance home, and OHS_NAME is the name of the new OHS component.

3.2.1.2 Manage the Oracle HTTP Server Instance

The commands to start, stop, and restart Oracle HTTP Server respectively are as follows: AS_INSTbinopmnctl startproc process-type=OHS AS_INSTbinopmnctl stopproc process-type=OHS AS_INSTbinopmnctl restartproc process-type=OHS where AS_INST represents the application server instance home.

3.2.1.3 Associate Oracle HTTP Server with Managed Server

Next, take these steps to link Oracle HTTP Server to the managed server where Oracle Identity Federation is running: 1. Open AS_INSTconfigOHSOHS_NAMEmoduleconfoif.conf Note: When Oracle HTTP Server is installed, only the HTTP protocol is enabled. To enable SSL between Oracle HTTP Server and the managed server running Oracle Identity Federation, you must configure HTTPS post-install. For details, refer to Oracle Fusion Middleware Administrators Guide.