12-12 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management

2. Click System Snapshots, which is located on the Navigation - Environment

menu. Click Open. 3. Click Load From File. 4. Enter the following information: ■ Name : Default Snapshot ■ Notes : Default Snapshot Select Backup Current System Now. Click Continue.

5. Click OK to acknowledge backup creation.

6. Click Choose File.

7. Select the file oaam_base_snapshot.zip which is located in: IAM_ORACLE_HOME oaaminit

8. Click Load.

You will see a message that says that the snapshot file was loaded successfully. Acknowledge this message by clicking OK.

9. Click Restore near the top right.

10. When loading is complete, a message is displayed. Click OK.

12.7 Backing Up the Application Tier Configuration

It is an Oracle best practices recommendation to create a backup after successfully completing the installation and configuration of each tier, or at another logical point. Create a backup after verifying that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps. The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process. For more details, see the Oracle Fusion Middleware Administrators Guide. For information on database backups, refer to the Oracle Database Backup and Recovery Users Guide. To back up the installation to this point, follow these steps: 1. Back up the web tier as described in Section 5.5, Backing up the Web Tier Configuration. 2. Back up the database. This is a full database backup, either hot or cold. The recommended tool is Oracle Recovery Manager. 3. Back up the Administration Server domain directory as described in Section 6.15, Backing Up the WebLogic Domain. 4. Back up the Oracle Internet Directory as described in Section 7.7, Backing up the Oracle Internet Directory Configuration. 5. Back up the Oracle Virtual Directory as described in Section 9.10, Backing Up the Oracle Virtual Directory Configuration. Extending the Domain with Oracle Adaptive Access Manager 12-13 For information about backing up the application tier configuration, see Section 20.4, Performing Backups and Recoveries. 12-14 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 13 Extending the Domain with Oracle Identity Navigator 13-1 13 Extending the Domain with Oracle Identity Navigator This chapter covers the following topics: ■ Section 13.1, Extending the Domain with Oracle Identity Navigator ■ Section 13.2, Backing Up the Application Tier Configuration

13.1 Extending the Domain with Oracle Identity Navigator

Oracle Identity Navigator is an administrative portal designed to act as a launch pad for Oracle Identity Management components. It enables you to access the Oracle Identity Management consoles from one site. It is installed with other Oracle Identity Management components, and enables you access other components by product discovery. Oracle Identity Navigator is a Java EE application deployed on a Oracle WebLogic Administration Server. It uses Oracle Metadata Service. The Oracle Identity Navigator report feature relies on Oracle Business Intelligence Publisher. This section contains the following topics: ■ Section 13.1.1, Prerequisites ■ Section 13.1.2, Configuring Oracle Identity Navigator on IDMHOST1 ■ Section 13.1.3, Stopping and Starting the Administration Server IDMHOST1 ■ Section 13.1.4, Provisioning Oracle Identity Navigator on IDMHOST1 ■ Section 13.1.5, Configuring Oracle HTTP Servers to Access OIN Console ■ Section 13.1.6, Validating Oracle Identity Navigator

13.1.1 Prerequisites

Install the following software on IDMHOST1 and IDMHOST2 as described in Chapter 4 . Note: You may skip this section if you already have Oracle Identity Navigator as part of your domain or if you have already extended the domain with Oracle Adaptive Access Manager. Oracle Identity Navigator is selected by default when you extend the domain with Oracle Adaptive Access Manager. 13-2 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 1. Oracle WebLogic Server 2. Oracle Identity Management

13.1.2 Configuring Oracle Identity Navigator on IDMHOST1

Start the configuration wizard by executing the command: MW_HOME oracle_commoncommonbinconfig.sh Then proceed as follows:

1. On the Welcome Screen, select Extend an Existing WebLogic Domain. Click Next

2. On the screen Select a WebLogic Domain, using the Navigator, select the domain

home of the Administration Server, for example: u01apporacleplusadminIDMDomainaserverIDMDomain Click Next 3. On the Select Extension Source screen, select Oracle Identity Navigator. Click Next 4. The Configure RAC Multi Datasources screen shows the Multi Datasources for previously configured components in your domain. Do not make any changes. Click Next. 5. On the Select Optional Configuration screen, do not make any selections. Click Next

6. On the Configuration Summary screen, click Extend to extend the domain.

7. On the Extending Domain screen, click Done to exit the Configuration Wizard.

13.1.3 Stopping and Starting the Administration Server IDMHOST1

Stop and Start WebLogic Administration Server on IDMHOST1 as described in Section 20.1, Starting and Stopping Oracle Identity Management Components.

13.1.4 Provisioning Oracle Identity Navigator on IDMHOST1

In this Enterprise Deployment Topology, Oracle Identity Navigator is deployed to the Administration Server in an active-passive model. Since Oracle Identity Navigator is failed over along with the Administration Server, there is no need to provision Oracle Identity Navigator on IDMHOST2. Follow the steps in Section 6.14, Manually Failing Over the WebLogic Administration Server .

13.1.5 Configuring Oracle HTTP Servers to Access OIN Console

On each of the web servers on WEBHOST1 and WEBHOST2, a file called admin.conf was created in the directory ORACLE_ INSTANCE configOHScomponentmoduleconf. See Section 6.9, Configuring Oracle HTTP Server for the WebLogic Administration Server . Edit admin.conf and add the following lines in the virtual host definition: Location oinav SetHandler weblogic-handler WebLogicHost ADMINVHN WebLogicPort 7001 Extending the Domain with Oracle Identity Navigator 13-3 Location After editing the file should look like this: NameVirtualHost :80 VirtualHost :80 ServerName admin.mycompany.com:80 ServerAdmin youyour.address RewriteEngine On RewriteOptions inherit Admin Server and EM Location console SetHandler weblogic-handler WebLogicHost ADMINVHN WeblogicPort 7001 Location Location consolehelp SetHandler weblogic-handler WebLogicHost ADMINVHN WeblogicPort 7001 Location Location em SetHandler weblogic-handler WebLogicHost ADMINVHN WeblogicPort 7001 Location Location apm SetHandler weblogic-handler WebLogicHost ADMINVHN WebLogicPort 7001 Location Location oinav SetHandler weblogic-handler WebLogicHost ADMINVHN WebLogicPort 7001 Location VirtualHost Restart the Oracle HTTP Server, as described in Section 20.1, Starting and Stopping Oracle Identity Management Components.

13.1.6 Validating Oracle Identity Navigator

Validate the implementation using the Oracle Identity Navigator Console at http:admin.mycompany.comoinav. The Oracle Identity Navigator login page is displayed. Log in using the WebLogic administrators credentials.

13.2 Backing Up the Application Tier Configuration

It is an Oracle best practices recommendation to create a backup after successfully completing the installation and configuration of each tier, or at another logical point. 13-4 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management Create a backup after verifying that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps. The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process. For more details, see the Oracle Fusion Middleware Administrators Guide. For information on database backups, refer to the Oracle Database Backup and Recovery Users Guide. To back up the installation to this point, follow these steps: 1. Back up the web tier as described in Section 5.5, Backing up the Web Tier Configuration. 2. Back up the database. This is a full database backup, either hot or cold. The recommended tool is Oracle Recovery Manager. 3. Back up the Administration Server domain directory as described in Section 6.15, Backing Up the WebLogic Domain. 4. Back up the Oracle Internet Directory as described in Section 7.7, Backing up the Oracle Internet Directory Configuration. 5. Back up the Oracle Virtual Directory as described in Section 9.10, Backing Up the Oracle Virtual Directory Configuration. For information about backing up the application tier configuration, see Section 20.4, Performing Backups and Recoveries. 14 Extending the Domain with Oracle Identity Manager 14-1 14 Extending the Domain with Oracle Identity Manager This chapter describes how to install and configure Oracle Identity Manager 11.1.1 for use in the Oracle Identity Management Enterprise Deployment Topology. This chapter contains the following topics: ■ Section 14.1, Prerequisites ■ Section 14.2, Enabling Virtual IP Addresses on OIMHOST1 and OIMHOST2 ■ Section 14.3, Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite on IDMHOST1 ■ Section 14.4, Configuring Oracle Identity Manager on IDMHOST1 ■ Section 14.5, Propagating the Oracle Identity Manager and SOA Managed Servers to OIMHOST1 and OIMHOST2 ■ Section 14.6, Post-Installation Steps on OIMHOST1 ■ Section 14.7, Post-Installation Steps on OIMHOST2 ■ Section 14.8, Modifying the Oracle Identity Manager Default System Properties for UserName Generation ■ Section 14.9, Configuring Oracle Identity Manager to Reconcile from ID Store ■ Section 14.10, Configuring Oracle Identity Manager to Work with the Oracle Web Tier ■ Section 14.11, Configuring a Default Persistence Store for Transaction Recovery ■ Section 14.12, Configuring an IT Resource Instance for Email ■ Section 14.13, Enabling Oracle Identity Manager to Connect to SOA Using the Administrative Users Provisioned in LDAP ■ Section 14.14, Updating the Username Generation Policy for Active Directory ■ Section 14.15, Update Oracle Identity Manager JMS Queues ■ Section 14.16, Tuning Oracle Platform Security ■ Section 14.17, Provisioning Users to the Enterprise Identity Store in a Multidirectory Scenario. ■ Section 14.18, Backing Up the Application Tier Configuration Oracle Identity Manager is a user provisioning and administration solution that automates the process of adding, updating, and deleting user accounts from applications and directories. It also improves regulatory compliance by providing 14-2 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management granular reports that attest to who has access to what. Oracle Identity Manager is available as a standalone product or as part of Oracle Identity Management. Automating user identity provisioning can reduce Information Technology IT administration costs and improve security. Provisioning also plays an important role in regulatory compliance. Key features of Oracle Identity Manager include password management, workflow and policy management, identity reconciliation, reporting and auditing, and extensibility through adapters. Oracle Identity Manager provides the following key functionalities: ■ User Administration ■ Workflow and Policy ■ Password Management ■ Audit and Compliance Management ■ Integration Solutions ■ User Provisioning ■ Organization and Role Management For details about Oracle Identity Manager, see the Oracle Fusion Middleware Administrators Guide for Oracle Identity Manager.

14.1 Prerequisites