Moving from a Test to a Production Environment 21-17 12. From the Access System Console, select the Access System Configuration tab, then select Authentication Management. Select the authentication scheme for which Challenge redirect is set. Modify Challenge Redirect to specify the host and port of the new Web server, if the new authentication WebGate is installed. 13. From the Access System Console, select the Access System Configuration tab, then select Authentication Management. Select the authentication scheme for which a password policy is configured. Change the obWebPassURLprefix if it exists to accommodate the new host and port of the production Web server on which WebPass is installed, if WebPass and WebGate reside on different Web servers. For more information, see Configuring Password Policies in the Oracle Access Manager Identity and Common Administration Guide. Task 7 Move Oracle Identity Federation to a New Production Environment To move Oracle Identity Federation to a new production environment: 1. If you are using Oracle Access Manager with Oracle Identity Federation, update the Oracle Coherence host name and port on the production environment: a. Stop the Administration Server and stop all Managed Servers on the test environment, if they are running. b. Update the Coherence host under the CoherenceConfiguration sections in the following file to reflect the target host. DOMAIN_HOMEconfigfmwconfigoam-config.xml 2. Update the host name, port, and SOAP port to reflect the values on the production environment: a. In Fusion Middleware Control, navigate to the Oracle Identity Federation instance. b. from the target menu on the OIF page, choose Administration, then Server Properties. c. Change the Host, Port, and SOAP port to reflect the values on the production environment. If you are using a load balancer or proxy server, use their values. Otherwise use the values for the Managed Server that is serving the requests. d. Click Apply. 3. Update the service provider ID URL: a. In Fusion Middleware Control, from the target menu on the OIF page, choose Administration, then Server Provider. Select the Common tab. b. Update the Provider ID with the value for the production environment. c. If the Default SSO Identity Provider is not the same on the production environment as on the test environment, update the Default SSO Identity Provider. d. If the SSO Authentication Mechanism to identity provider mapping needs to be updated, click Configure. Then, click Add to select the mechanism name and the identity provider. Click OK. e. Click Apply. 4. Update the identity provider ID URL: 21-18 Oracle Fusion Middleware Administrators Guide a. In Fusion Middleware Control, from the target menu on the OIF page, choose Administration, then Identity Provider. Select the Common tab. b. Update the Provider ID with the value for the production environment. c. Click Apply. 5. Update the data stores: a. In Fusion Middleware Control, from the target menu on the OIF page, choose Administration, then Data Stores. b. In each Data Store section, click Edit. c. For LDAP Directory or Database, update the connection information with the values for the production environment. d. Click Apply. 6. Update the authentication engine: a. In Fusion Middleware Control, from the target menu on the OIF page, choose Administration, then Authentication Engines. The changes you make depend on the authentication engine you are using: – If you are using an LDAP directory, select the LDAP Directory tab. Update Connection URLS with the value for the LDAP backend or database for the production environment. – If you are using a database, select the Database Security tab. Update JDBC URL. – If you are using Oracle Single Sign-On or Oracle Access Manager, you do not need to change the Oracle Identity Federation configuration, but you need to change the Oracle HTTP Server, Oracle Access Manager, or Oracle Single Sign-On information. See Configure Authentication Engines in the Oracle Fusion Middleware Integration Guide for Oracle Access Manager. – If you are using a custom authentication engine, you do not need to change the Oracle Identity Federation configuration, but you must redeploy the .war file that was deployed in the test environment to the production environment. b. Click Apply. 7. Update the Service Provider Integration Modules: a. In Fusion Middleware Control, from the target menu on the OIF page, choose Administration, then Service Provider Integration Modules. The changes you make depend on the authentication engine you are using: – If you are using Oracle Single Sign-On, select the Oracle Single Sign-On tab. Update the Login URL and the Logout URL. – If you are using Oracle Access Manager, select the Oracle Access Manager tab. Update the following fields: Access Server SDK Directory In the Oracle Access Manager Properties section, update Admin Username, Admin Password, Confirm Admin Password, Host ID, Policy Domain, and Authorization Result for Unprotected Resources. Then, click Configure Oracle Access Manager.