Integrating Components 18-19

18.2.4 Adding Password to IAMSuiteAgent Profile

When Oracle Access Manager is installed, a default agent profile called IAMSuiteAgent is created. This profile is used by OAAM when integrating with OAM. When the IAMSutieAgent profile is first created, it has no password. You must set a password before the profile can be used by OAAM for integration. To do this, proceed as follows:

1. Log in to the OAM console at:

http:admin.mycompany.comoamconsole

2. Click the System Configuration tab.

3. Expand Access Manager Settings - SSO Agents.

4. Click OAM Agents and click Open.

5. In the search window, click Search.

6. Click IAMSuiteAgent in the search results. The Agent Properties are displayed.

7. In the Primary Server list, click + and add any missing Oracle Access Manager servers.

8. Enter a password into the Access Client Password Field and click Apply.

18.2.5 Validation

To ensure that this integration has been completed successfully, launch the OAM test tool as described in Section 11.10, Validating Oracle Access Manager. Then proceed as follows: 1. Connect using the following values: ■ Primary OAM Host : OAMHOST1 ■ Port : 5575 ■ Agent ID : IAMSuiteAgent ■ Agent Password : Password you assigned to the IAMSuiteAgent profile ■ Mode : Choose OAM security Mode ■ Global Passphrase : OAM Pass phrase, if simple mode is used. 2. Provide Protected Resource URI ■ Scheme : http ■ Host : IAMSuiteAgent ■ Port : Leave blank ■ Resource : oamTAPAuthenticate Click Validate. 3. Provide User Identity oamadmin and the password for oamadmin. Note: Also check that the security setting matches that of your OAM servers. 18-20 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management Click Authenticate. If the authentication is successful, integration has been completed successfully. Perform the same validation on OAMHOST2.

18.2.6 Setting OAAM properties for Oracle Access Manager

Follow these steps on IDMHOST1: 1. Copy IAM_ORACLE_HOMEoaamcli to a temporary location. For example: cp -r IAM_ORACLE_HOMEoaamcli u01apporacleoaam

2. Edit the file oaam_cli.properties, which is located in the directory:

u01apporacleoaamconfbharosa_properties. Set the following property values in the file: Parameter Value oaam.adminserver.hostname ADMINVHN.mycompany.com oaam.adminserver.port 7001 oaam.adminserver.username weblogic oaam.adminserver.password Password for the weblogic user oaam.db.url The DBC URL for the OAAM Database. Format: jdbc:oracle:thin:DESCRIPTION=LOAD_ BALANCE=onADDRESS=PROTOCOL=TCPHOST=h ost1 PORT=1521ADDRESS=PROTOCOL=TCPHOST= host2 PORT=1521CONNECT_ DATA=SERVICE_NAME=service oaam.uio.oam.tap.keystoreFile The location of the keystore that was created in Section 18.2.3, Registering OAAM as a Third Party Application. For example: IAM_ORACLE_ HOME TAPTapKeyStoremykeystore.jks On Windows, you must escape the path. For example: C:\\oam-oaam\\tap\keystore\mystore.jks oaam.uio.oam.tap.partnername OAAMTAPPartner oaam.uio.oam.host idmhost1.mycompany.com oaam.uio.oam.port The Oracle Access Manager server proxy port. For example: 5575. oaam.uio.oam.webgate_id IAMSuiteAgent oaam.uio.oam.secondary.host idmhost2.mycompany oaam.uio.oam.secondary.host.port The Oracle Access Manager server proxy port on the second Oracle Access Manager server. For example: 5575. oaam.uio.oam.security.mode This depends on the OAM security transport mode in use. The value can be 1 for Open, 2 for Simple, or 3 for Cert. The default, if not specified, is 1 Open. Integrating Components 18-21 Save the file 3. Execute the OAAM CLI tool by issuing the command setupOAMTapIntegration.sh, which is located in the directory: u01apporacleoaam export ORACLE_MW_HOME=u01apporacleproductfmw export JAVA_HOME=MW_HOMEjrockit_version chmod +x u01apporacleoaamsetupOAMTapIntegration.sh u01apporacleoaamsetupOAMTapIntegration.sh u01apporacleoaamconfbharosa_propertiesoaam_cli.properties When the command runs, it prompts you for the following information: ■ OAAM database username: EDG_OAAM. ■ OAAM database password: Password for the OAAM database user. ■ OAM Webgate Credentials to be stored in CSF: Enter WebGate password. ■ OAM TAP Key store file password: The password you assigned when you generated the third-party application in Section 18.2.3, Registering OAAM as a Third Party Application. ■ OAM Private Key certificate Key store file password: The password you assigned to the Private keystore file in Section 18.2, Integrating Oracle Adaptive Access Manager with Oracle Access Manager 11g. ■ OAM Global Pass phrase: If you are using the OAAM Simple security model then this is the OAM global passphrase.

18.2.7 Updating Secondary Host Parameter