8-132 Oracle Fusion Middleware High Availability Guide ■ Section 8.8.4.14, Configuring Oracle Coherence to Keep Configuration Files in Sync ■ Section 8.8.4.15, Scaling Up and Scaling Out the Oracle Access Manager Topology

8.8.4.1 Prerequisites for Oracle Access Manager Configuration

Before you configuring Oracle Access Manager for high availability, you must: ■ Run the Repository Creation Utility to create the OAM schemas in a database. See Section 8.8.4.2, Run the Repository Creation Utility to Create the OAM Schemas in a Database for instructions on running the Repository Creation Utility to create the OAM schemas. ■ Install Oracle WebLogic Server on OAMHOST1 and OAMHOST2. Follow the steps in Section 8.8.4.3, Installing Oracle WebLogic Server to install Oracle WebLogic Server on OAMHOST1 and OAMHOST2. ■ Install the Oracle Identity Management executables on OAMHOST1 and OAMHOST2. Follow the steps in Section 8.8.4.4, Install and Configure the Oracle Access Manager Application Tier to install the Oracle Identity Management executables on OAMHOST1 and OAMHOST2. ■ Ensure that a highly available LDAP implementation is available. For information about installing and configuring Oracle Internet Directory, see Section 8.3.3, Oracle Internet Directory High Availability Configuration Steps. For information about installing and configuring Oracle Virtual Directory, see Section 8.4.3, Oracle Virtual Directory High Availability Configuration Steps.

8.8.4.2 Run the Repository Creation Utility to Create the OAM Schemas in a Database

See Section 8.2.4.1, Executing the Repository Creation Utility for instructions on running the Repository Creation Utility to create the OAM schemas in your database repository.

8.8.4.3 Installing Oracle WebLogic Server

Prior to installing the Oracle WebLogic Server, ensure that your machines meet the system, patch, kernel, and other requirements as specified in Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server. Start the installer, then proceed as follows:

1. On the Welcome screen, click Next.

2. On the Choose Middleware Home Directory screen, select Create a New

Middleware Home . For Middleware Home Directory, enter: ORACLE_BASEproductfmw Note: ORACLE_BASE is the base directory under which Oracle products are installed. The recommended value is u01apporacle. Configuring High Availability for Identity Management Components 8-133 Click Next. 3. On the Register for Security Updates screen, enter your contact information so that you can be notified of security updates. Click Next. 4. On the Choose Install Type screen, select Custom. Click Next.

5. On the Choose Products and Components screen, select only Oracle JRockit SDK,

and click Next. 6. On the Choose Product Installation Directories screen, accept the directory ORACLE_BASEproductfmwwlserver_10.3. Click Next. 7. On the Installation Summary screen, click Next. 8. On the Installation Complete screen, deselect Run Quickstart. Click Done.

8.8.4.4 Install and Configure the Oracle Access Manager Application Tier

This section describes how to install Oracle Fusion Middleware components on OAMHOST1 and OAMHOST2.

8.8.4.4.1 Install Oracle Fusion Middleware for Identity Management This section includes the

steps for installing the Oracle Identity Management software into the previously created Middleware Home directory. The steps should be performed on OAMHOST1 and OAMHOST2. On Linux platforms, if the etcoraInst.loc file exists, verify that its contents are correct. Specifically, check that the inventory directory is correct and that you have write permissions for that directory. If the etcoraInst.loc file does not exist, you can skip this step. Start the installer for Oracle Fusion Middleware as follows: OAMHOST1 runInstaller When the installer prompts you for a JREJDK location, enter the Oracle SDK location created in the Oracle WebLogic Server installation, for example, ORACLE_ BASEproductfmwjrockit_160_14_R27.6.5-32. Then proceed as follows:

1. On the Welcome screen, click Next.

2. On the Prerequisite Checks screen, verify that the checks complete successfully, then click Next. 3. On the Specify Installation Location screen, enter the following values: ■ Oracle Middleware Home: Select the previously installed Middleware home from the list for MW_HOME, for example: u01apporacleproductfmw ■ Oracle Home Directory: Enter idm. Click Next. 8-134 Oracle Fusion Middleware High Availability Guide

4. On the Installation Summary screen, click Install.

When prompted, on Linux and UNIX installations, execute the script oracleRoot.sh as the root user.

5. On the Installation Complete screen, click Finish.

8.8.4.4.2 Configure Oracle Identity Management on OAMHOST1 This section creates the

Oracle Identity Management domain on OAMHOST1. Start the configuration wizard by running the command: MW_HOME oracle_commoncommonbinconfig.sh Then proceed as follows:

1. In the Welcome screen, select Create a New WebLogic Domain, and then click

Next . 2. In the Select Domain Source Screen: Select Generate a domain configured automatically to support the following products : And select the following products: ■ Oracle Enterprise Manager ■ Oracle JRF selected by default ■ Oracle Access Manager with Database Policy Store Click Next. 3. In the Specify Domain and Location screen enter: ■ Domain name : IDM_Domain ■ Domain Location : Accept the default. ■ Application Directory : Accept the default. Click Next. 4. In the Configure Administrator Username and Password screen, enter the username and password to be used for the domains administrator, and click Next. 5. In the Configure Server Start Mode and JDK screen, make the following selections: ■ WebLogic Domain Startup Mode : Select Production Mode. ■ JDK Selection : Select JROCKIT SDK1.6.0_17 SDK. 6. In the Configure JDBC Component Schema screen, select all of the data sources, then select Configure selected data sources as RAC multi data sources. Click Next. 7. In the Configure RAC Multi Data Source Component Schema screen, select the first data source, OAM Admin Server, and enter the following: ■ Data source : OAM ■ Service Name : oam.mycompany.com ■ User Name : OAM_OAM assuming OAM was used as the RCU prefix ■ Password : The password for above account Configuring High Availability for Identity Management Components 8-135 In the top right box, click Add to add an Oracle RAC host. Enter the following information: ■ Host Name : OAMDBHOST1 ■ Instance Name : oamdb1 ■ Port : 1521 Click Add again to add the second database host and enter the following information: ■ Host Name : OAMDBHOST2 ■ Instance Name : oamdb2 ■ Port : 1521 Click Next. 8. In the Test Component Schema screen, the configuration wizard attempts to validate the data source. If the data source validation succeeds, click Next. If it fails, click Previous, correct the issue, and try again. 9. In the Select Optional Configuration screen, select: ■ Administration Server ■ Managed Server Clusters and Machines Click Next.

10. In the Customize Server and Cluster Configuration screen, select Yes, and click

Next . 11. In the Configure the Administration Server screen, enter the following values: ■ Name : AdminServer ■ Listen Address : OAMHOST1.mycompany.com ■ Listen Port : 7001 ■ SSL listen port : Not applicable ■ SSL enabled : leave unchecked Click Next. 12. On the Configure Managed Servers screen, create an entry for each OAMHOST in the topology, that is, one for the OAM Server running on OAMHOST1 and one for the OAM Server running on OAMHOST2. Select the OAM_SERVER entry and change the entry to the following values: ■ Name : WLS_OAM1 ■ Listen Address : OAMHOST1.mycompany.com ■ Listen Port : 14100 For the second OAM_SERVER, click Add and supply the following information: ■ Name : WLS_OAM2 ■ Listen Address : OAMHOST2.mycompany.com ■ Listen Port : 14100 8-136 Oracle Fusion Middleware High Availability Guide Click Next. 13. In the Configure Clusters screen, create a cluster by clicking Add. Enter name: OAM_Cluster Leave all other fields at the default settings. Click Next. 14. On the Assign Servers to Clusters screen, associate the managed servers with the cluster, as follows: ■ Click the cluster name OAM_Cluster in the right window. ■ Click the managed server WLS_OAM1, then click the arrow to assign it to the cluster. ■ Repeat for managed server WLS_OAM2. Click Next. 15. On the Configure Machines screen, create a machine for each host in the topology. Click the UNIX tab if your hosts use a UNIX-based operating system. Otherwise, click the Machines tab. Supply the following information: ■ Name : Name of the host. The best practice is to use the DNS name OAMHOST1 ■ Node Manager Listen Address : The DNS name of the machine OAMHOST1.mycompany.com ■ Node Manager Port : A port for Node Manager to use. Repeat the steps for OAMHOST2: ■ Name : Name of the host. The best practice is to use the DNS name OAMHOST2 ■ Node Manager Listen Address : The DNS name of the machine OAMHOST2.mycompany.com ■ Node Manager Port : A port for Node Manager to use. Click Next. 16. In the Assign Servers to Machines screen, indicate which managed servers will run on the machines just created. ■ Click the machine OAMHOST1 in the right window. ■ Click the managed server WLS_OAM1 in the left window. ■ Click the arrow to assign the managed server to the host OAMHOST1. ■ Click the machine OAMHOST2 in the right window. ■ Click the managed server WLS_OAM2 in the left window. ■ Click the arrow to assign the managed server to the host OAMHOST2. Click Next.

17. On the Configuration Summary screen, click Create to begin the creation process.

When prompted, on Linux and UNIX installations, execute the script oracleRoot.sh as the root user. Configuring High Availability for Identity Management Components 8-137

8.8.4.5 Creating boot.properties for the Administration Server on OAMHOST1

This section describes how to create a boot.properties file for the Administration Server on OAMHOST1. The boot.properties file enables the Administration Server to start without prompting for the administrator username and password. Follow these steps to create the boot.properties file:

1. On OAMHOST1, go the following directory:

MW_HOME user_projectsdomainsdomainNameserversAdminServersecurity For example: cd u01apporacleproductfmwuser_ projectsdomainsIDMDomainserversAdminServersecurity

2. Use a text editor to create a file called boot.properties under the security

directory. Enter the following lines in the file: username=adminUser password=adminUserPassword 3. Stop the Administration Server if it is running. See the Starting and Stopping Oracle Fusion Middleware chapter of the Oracle Fusion Middleware Administrators Guide for information on starting and stopping WebLogic Servers. 4. Start the Administration Server on OAMHOST1 using the startWebLogic.sh script located under the MW_HOMEuser_projectsdomainsdomainNamebin directory. 5. Validate that the changes were successful by opening a web browser and accessing the following pages: ■ WebLogic Server Administration Console at: http:oamhost1.mycompany.com:7001console ■ Oracle Enterprise Manager Fusion Middleware Control at: http:oamhost1.mycompany.com:7001em Log into these consoles using the weblogic user credentials. Note: You cannot run the config.sh script twice to make configuration changes. You must use another tool to make additional configuration changes such as using the MBeans Browser in Fusion Middleware Control Note: When you start the Administration Server, the username and password entries in the file get encrypted. For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, you should start the server as soon as possible so that the entries get encrypted. 8-138 Oracle Fusion Middleware High Availability Guide

8.8.4.6 Start OAMHOST1

Now you will start OAMHOST1. This section describes the steps for starting OAMHOST1.

8.8.4.6.1 Create the Node Manager Properties File on OAMHOST1 Before you can start

managed servers from the console, you must create a Node Manager property file. You do this by running the script setNMProps.sh, which is located in the MW_ HOMEoracle_commoncommonbin directory. For example: OAMHOST1 MW_HOMEoracle_commoncommonbinsetNMProps.sh

8.8.4.6.2 Start Node Manager Start Node Manager by issuing the following command:

OAMHOST1 MW_HOMEwlserver_10.3serverbinstartNodeManager.sh

8.8.4.6.3 Start Oracle Access Manager on OAMHOST1 To start Oracle Access Manager on

OAMHOST1, follow these steps: 1. Log into the WebLogic Administration Console using this URL: http:oamhost1.mycompany.com:7001console

2. Supply the WebLogic administrator username and password.

3. Select Environment - Servers from the Domain Structure menu.

4. Click the Control tab.

5. Click the server WLS_OAM1.

6. Click Start.

7. Click OK to confirm that you want to start the server.

8.8.4.7 Validating OAMHOST1

Validate the implementation by connecting to the OAM Console at the following URL: http:OAMHOST1.mycompany.com:7001oamconsole The implementation is valid if the OAM Admin console login page is displayed and you can login using the WebLogic administrator account.

8.8.4.8 Configure OAM on OAMHOST2

Once the configuration has succeeded on OAMHOST1, you can propagate it to OAMHOST2. You do this by packing the domain using the pack script on OAMHOST1, and unpacking the domain using the unpack script on OAMHOST2. Both scripts reside in the MW_HOMEoracle_commoncommonbin directory. On OAMHOST1, enter: pack.sh -domain=MW_HOMEuser_projectsdomainsIDM_Domain \ -template=tmpidm_domain.jar -template_name=OAM Domain -managed=true This creates a file called idm_domain.jar in the tmp directory. Copy this file to OAMHOST2. On OAMHOST2, enter: unpack.sh -domain=MW_HOMEuser_projectsdomainsIDM_Domain \ Configuring High Availability for Identity Management Components 8-139 -template=tmpidm_domain.jar

8.8.4.9 Start OAMHOST2

Now you will start OAMHOST2. This section describes the steps for starting OAMHOST2.

8.8.4.9.1 Create the Node Manager Properties File on OAMHOST2 Before you can start

managed servers from the console, you must create a Node Manager property file. You do this by running the script setNMProps.sh, which is located in the MW_ HOMEoracle_commoncommonbin directory. For example: OAMHOST1 MW_HOMEoracle_commoncommonbinsetNMProps.sh

8.8.4.9.2 Start Node Manager Start Node Manager by issuing the following command:

OAMHOST2 MW_HOMEwlserver_10.3serverbinstartNodeManager.sh

8.8.4.9.3 Start Oracle Access Manager on OAMHOST2 To start Oracle Access Manager on

OAMHOST2, follow these steps:

1. Log into the WebLogic Administration Console using this URL:

http:oamhost2.mycompany.com:7001console 2. Supply the WebLogic administrator username and password.

3. Select Environment - Servers from the Domain Structure menu.

4. Click the Control tab.

5. Click the server WLS_OAM2.

6. Click Start.

7. Click OK to confirm that you want to start the server.

8.8.4.10 Validating OAMHOST2

Validate the implementation by connecting to the OAM server using the following URL: http:OAMHOST2.mycompany.com:14100oam The implementation is valid if the OAM login page is displayed. Note at this point it will show an Action failed error on the page. This is normal because you are accessing the page directly rather than as a login request.

8.8.4.11 Configure Oracle Access Manager to Work with Oracle HTTP Server