Extending the Domain with Oracle Access Manager 11g 11-5 ■ Name : The name of the host. Best practice is to use the DNS name. For example: idmhost1.mycompany.com and idmhost2.mycompany.com for the first and second nodes respectively. ■ Node Manager Listen Address : The DNS name of the machine. For example: idmhost1.mycompany.com and idmhost2.mycompany.com for the first and second nodes respectively. ■ Node Manager Port : A port for Node Manager to use. If you have already configured Oracle Directory Integration Platform or ODSM, machines already exist for those hosts. Click Next. 13. On the Assign Servers to Machines screen, indicate which Managed Servers to run on each of the machines you created. Click a machine in the right pane. Click the Managed Servers you want to run on that machine in the left pane. Click the arrow to assign the Managed Servers to the machines. Repeat until all Managed Servers are assigned to machines. For example: IDMHOST1 : WLS_OAM1 IDMHOST2 : WLS_OAM2 Click Next to continue. 14. On the Configuration Summary screen, click Extend to extend the domain.

15. On the Installation Complete screen, click Done.

16. Restart WebLogic Administration Server as described in Section 20.1, Starting and Stopping Oracle Identity Management Components.

11.3.2 Removing IDM Domain Agent

By default, the IDMDomain Agent provides single sign-on capability for administration consoles. In enterprise deployments, WebGate handles single sign-on, so you must remove the IDMDomain agent. Remove the IDMDomain Agent as follows: Log in to the WebLogic console using the URL: http:admin.mycompany.comconsole Then:

1. Select Security Realms from the Domain Structure Menu

2. Click myrealm.

Note: If you receive a warning that says: CFGFWK: Server listen ports in your domain configuration conflict with ports in use by active processes on this host Click OK. This warning appears if Managed Servers have been defined as part of previous installs and can safely be ignored. 11-6 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management

3. Click the Providers tab.

4. Click Lock and Edit from the Change Center.

5. In the list of authentication providers, select IAMSuiteAgent.

6. Click Delete.

7. Click Yes to confirm the deletion.

8. Click Activate Changes from the Change Center.

9. Restart WebLogic Adminisration Server and ALL running Managed Servers, as described in Section 20.1, Starting and Stopping Oracle Identity Management Components. 10. Start the WebLogic Managed Server WLS_OAM1 as described in Section 20.1, Starting and Stopping Oracle Identity Management Components.

11.3.3 Propagating the Domain Changes to the Managed Server Domain Directory

To propagate the start scripts and classpath configuration from the Administration Servers domain directory to the Managed Server domain directory, proceed as follows: 1. Run the pack command on IDMHOST1 to create a template pack. Type the following commands: IDMHOST1 cd MW_HOMEoracle_commoncommonbin IDMHOST1 .pack.sh -managed=true -domain=ORACLE_ BASE adminIDMDomainaserverIDMDomain -template=MW_ HOMEtemplatesIDMDomain.jar -template_name=IDMDomain_Template

2. Run the unpack command on IDMHOST1 to unpack the propagated template to

the domain directory of the Managed Server. Type the following command: IDMHOST1 .unpack.sh -domain=ORACLE_BASEadminIDMDomainmserverIDMDomain -template=MW_HOMEtemplatesIDMDomain.jar -overwrite_domain=true -app_ dir=ORACLE_BASEadminIDMDomainmserverapplications

3. Restart Managed Server WLS_OAM1.

11.4 Configuring Oracle Access Manager on IDMHOST2