Oracle Fusion Middleware Online Documentation Library
Oracle® Fusion Middleware
Installation Guide for Oracle Identity Management
11g Release 1 (11.1.1)
E12002-09
July 2011
Oracle Fusion Middleware Installation Guide for Oracle Identity Management, 11g Release 1 (11.1.1)
E12002-09
Copyright © 2001, 2011, Oracle and/or its affiliates. All rights reserved.
Primary Author: Nisha Singh
Contributors: Don Biasotti, Niranjan Ananthapadmanabha, Heeru Janweja, Deepak Ramakrishnan,
Madhu Martin, Sergio Mendiola, Svetlana Kolomeyskaya, Sid Choudhury, Javed Beg, Eswar Vandanapu,
Harsh Maheshwari, Sidhartha Das, Mark Karlstrand, Daniel Shih, Don Bosco Durai, Kamal Singh, Rey Ong,
Gail Flanegin, Ellen Desmond, Priscilla Lee, Vinaye Misra, Toby Close, Ashish Kolli, Ashok Maram, Peter
LaQuerre, Srinivasa Vedam, Vinay Shukla, Sanjeev Topiwala, Shaun Lin, Prakash Hulikere, Debapriya
Dutta, Sujatha Ramesh, Ajay Keni, Ken Vincent
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify,
license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means.
Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data
delivered to U.S. Government customers are "commercial computer software" or "commercial technical
data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental
regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the
restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable
by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial
Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA
94065.
This software is developed for general use in a variety of information management applications. It is not
developed or intended for use in any inherently dangerous applications, including applications which may
create a risk of personal injury. If you use this software in dangerous applications, then you shall be
responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use
of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of
this software in dangerous applications.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks
of their respective owners.
This software and documentation may provide access to or information on content, products, and services
from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all
warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and
its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services.
Contents
Preface .............................................................................................................................................................. xvii
Audience.................................................................................................................................................... xvii
Documentation Accessibility .................................................................................................................. xvii
Related Documents .................................................................................................................................. xvii
Conventions ............................................................................................................................................... xix
Part I
1
Introduction and Preparation
Understanding Oracle Identity Management
1.1
1.1.1
1.2
1.3
1.4
1.5
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
2
What is Oracle Fusion Middleware?........................................................................................ 1-1
What is Oracle Enterprise Manager Fusion Middleware Control? .............................. 1-1
What is Oracle Identity Management? .................................................................................... 1-2
Oracle Identity Management 11g Release 1 (11.1.1.5.0) Components................................. 1-2
Oracle Identity and Access Management 11g Release 1 (11.1.1.5.0) Components ............ 1-2
Special Instructions for Oracle Single Sign-On and Oracle Delegated Administration
Services Users 1-3
What Does This Guide Cover?.................................................................................................. 1-3
Using This Guide ................................................................................................................. 1-3
Upgrading to Oracle Identity Management (11.1.1.5.0)................................................. 1-4
Upgrading to Oracle Identity and Access Management (11.1.1.5.0) ............................ 1-5
Installing Oracle Identity Management (11.1.1.5.0) for High Availability.................. 1-5
Installing Oracle Identity and Access Management (11.1.1.5.0) for High Availability .....
1-5
Understanding the Oracle Identity Management Installation
2.1
2.1.1
2.1.2
2.2
2.2.1
2.2.2
Overview and Structure of Oracle Identity Management 11g Installation ........................ 2-1
Overview............................................................................................................................... 2-1
Structure of the Installation................................................................................................ 2-2
Overview of Oracle Identity Management (11.1.1.5.0) Installation..................................... 2-3
Installation Roadmap .......................................................................................................... 2-3
Installation Types: "Install Software - Do Not Configure" vs. "Install and Configure".....
2-5
2.2.2.1
Understanding the "Install Software - Do Not Configure" Option ....................... 2-6
2.2.2.2
Understanding the "Install and Configure" Option ................................................ 2-6
2.2.3
Understanding Oracle WebLogic Server Administration Domain Options............... 2-6
iii
2.2.3.1
2.2.3.2
2.2.3.3
2.2.3.4
2.2.4
2.2.5
2.2.6
2.2.6.1
2.2.6.2
2.2.6.3
2.3
2.3.1
2.3.2
2.3.3
2.3.3.1
2.3.3.2
2.3.4
2.3.5
2.3.5.1
2.3.5.2
2.3.6
2.3.7
2.3.8
2.3.9
2.3.9.1
2.3.9.2
3
Preparing to Install
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.6.1
3.1.6.2
3.1.6.3
3.2
3.2.1
3.2.2
3.2.2.1
iv
Create New Domain..................................................................................................... 2-7
Extend Existing Domain.............................................................................................. 2-7
Expand Cluster ............................................................................................................. 2-7
Configure Without a Domain ..................................................................................... 2-7
Installing Components on Separate Systems................................................................... 2-8
Executing the oracleRoot.sh Script on UNIX Platforms................................................. 2-8
Understanding the State of Oracle Identity Management Components After
Installation 2-9
Default SSL Configurations ........................................................................................ 2-9
Default Passwords........................................................................................................ 2-9
Ports Assigned Using Auto Port Configuration ...................................................... 2-9
Overview of Oracle Identity and Access Management (11.1.1.5.0) Installation ............. 2-10
Installation Roadmap ....................................................................................................... 2-10
Prerequisite Checks Performed by the Oracle Identity and Access Management
Installer 2-13
Understanding Oracle WebLogic Server Administration Domain Options............ 2-13
Create a New Domain............................................................................................... 2-14
Extend an Existing Domain...................................................................................... 2-14
Additional Configuration Using the Oracle Identity Manager 11g Configuration
Wizard 2-14
Additional 11g Release 1 (11.1.1) Deployment Information....................................... 2-14
Upgrading to 11g Release 1 (11.1.1) ........................................................................ 2-14
Installing 11g Release 1 (11.1.1) for High Availability ......................................... 2-15
Silent Installation .............................................................................................................. 2-15
Installing Components on Separate Systems................................................................ 2-15
Screens in Oracle Fusion Middleware Configuration Wizard................................... 2-15
Understanding the State of Oracle Identity and Access Management Components
After Installation 2-16
Default SSL Configurations ..................................................................................... 2-16
Default Passwords..................................................................................................... 2-16
Before Installing Oracle Identity Management (11.1.1.5.0)................................................... 3-1
System Requirements and Certification ........................................................................... 3-1
Installing and Configuring Java Access Bridge (Windows Only) ................................ 3-2
Managing the Oracle WebLogic Server Node Manager Utility for Oracle Identity
Management Installations 3-2
Installing Oracle Database.................................................................................................. 3-3
Creating Database Schema Using the Oracle Fusion Middleware Repository Creation
Utility (RCU) 3-4
Optional Environment-Specific Preparation ................................................................... 3-5
Using Symbolic Links .................................................................................................. 3-5
Installing Oracle Identity Management on DHCP Hosts ....................................... 3-6
Installing Oracle Identity Management on a Multihomed System....................... 3-6
Before Installing Oracle Identity and Access Management (11.1.1.5.0) ............................. 3-6
Oracle Fusion Middleware Certification.......................................................................... 3-7
System Requirements.......................................................................................................... 3-7
Most Recent Information ............................................................................................. 3-7
3.2.2.2
3.2.2.3
3.2.3
3.2.4
3.2.5
3.2.6
3.2.6.1
3.2.7
3.2.8
3.2.9
3.2.9.1
3.2.9.2
3.2.9.3
4
Installer Startup Requirements................................................................................... 3-7
Memory Requirements ................................................................................................ 3-8
Installing and Configuring Java Access Bridge (Windows Only) ................................ 3-8
Obtaining the Latest Oracle WebLogic Server and Oracle Fusion Middleware 11g
Software 3-9
Installing Oracle WebLogic Server and Creating the Oracle Middleware Home...... 3-9
Installing Oracle Database.................................................................................................. 3-9
Oracle Database 11.1.0.7 Patch Requirements for Oracle Identity Manager .... 3-10
Creating Database Schema Using the Oracle Fusion Middleware Repository Creation
Utility (RCU) 3-10
Upgrading an Existing Database Schema .................................................................... 3-12
Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users
Only) 3-12
Obtaining the Latest Oracle WebLogic Server and Oracle SOA Suite Software.........
3-12
Installing Oracle WebLogic Server and Creating the Middleware Home ........ 3-13
Installing the Latest Version of Oracle SOA Suite ................................................ 3-13
Performing Common Installation Tasks
4.1
Common Installation Tasks for Oracle Identity Management (11.1.1.5.0) ......................... 4-1
4.1.1
Starting an Installation ........................................................................................................ 4-2
4.1.2
Creating the Inventory Directory (UNIX Only) .............................................................. 4-2
4.1.3
Identifying Installation Directories ................................................................................... 4-3
4.1.3.1
Oracle Middleware Home Location .......................................................................... 4-3
4.1.3.2
Oracle Home Directory................................................................................................ 4-3
4.1.3.3
WebLogic Server Directory ......................................................................................... 4-4
4.1.3.4
Oracle Instance Location ............................................................................................. 4-4
4.1.3.5
Oracle Instance Name .................................................................................................. 4-4
4.1.4
Determining Port Numbers................................................................................................ 4-4
4.1.5
Completing an Installation................................................................................................. 4-5
4.1.6
Optional: Configuring the Minimum Amount for Oracle WebLogic Server’s Maximum
Heap Size 4-6
4.1.7
Locating Installation Log Files........................................................................................... 4-7
4.2
Common Installation Tasks for Oracle Identity and Access Management (11.1.1.5.0) .... 4-7
4.2.1
Starting an Installation ........................................................................................................ 4-8
4.2.2
Starting Oracle Fusion Middleware Configuration Wizard.......................................... 4-9
4.2.3
List of Executable Files........................................................................................................ 4-9
4.2.4
Identifying Installation Directories ................................................................................ 4-11
4.2.4.1
Oracle Middleware Home Location ....................................................................... 4-11
4.2.4.2
Oracle Home Directory............................................................................................. 4-12
4.2.4.3
Oracle Common Directory ....................................................................................... 4-12
4.2.4.4
Oracle WebLogic Domain Directory ...................................................................... 4-12
4.2.4.5
WebLogic Server Directory ...................................................................................... 4-12
4.2.5
Determining Port Numbers............................................................................................. 4-12
4.2.6
Completing an Installation.............................................................................................. 4-13
4.2.7
Locating Installation Log Files........................................................................................ 4-13
v
4.2.8
Part II
5
6.2.1
6.2.2
6.2.3
6.2.4
6.3
6.3.1
6.3.2
6.3.3
6.3.4
6.4
6.4.1
6.4.2
6.4.3
6.4.4
6.5
6.5.1
6.5.2
6.5.3
6.5.4
6.6
6.7
5-1
5-1
5-2
5-2
5-3
5-4
OID with ODSM and Fusion Middleware Control in a New WebLogic Domain ............ 6-2
Appropriate Deployment Environment........................................................................... 6-2
Components Deployed ....................................................................................................... 6-3
Dependencies ....................................................................................................................... 6-3
Procedure .............................................................................................................................. 6-3
OID with ODIP, ODSM, and Fusion Middleware Control in a New WebLogic Domain .......
6-5
Appropriate Deployment Environment........................................................................... 6-6
Components Deployed ....................................................................................................... 6-6
Dependencies ....................................................................................................................... 6-6
Procedure .............................................................................................................................. 6-6
OID and OVD with ODSM in a New WebLogic Domain .................................................... 6-9
Appropriate Deployment Environment........................................................................... 6-9
Components Deployed ....................................................................................................... 6-9
Dependencies ....................................................................................................................... 6-9
Procedure ........................................................................................................................... 6-10
Only OID in an Existing WebLogic Domain........................................................................ 6-12
Appropriate Deployment Environment........................................................................ 6-12
Components Deployed .................................................................................................... 6-13
Dependencies .................................................................................................................... 6-13
Procedure ........................................................................................................................... 6-13
Only OID Without a WebLogic Domain .............................................................................. 6-15
Appropriate Deployment Environment........................................................................ 6-16
Components Deployed .................................................................................................... 6-16
Dependencies .................................................................................................................... 6-16
Procedure ........................................................................................................................... 6-16
Verifying OID Installation ...................................................................................................... 6-19
Getting Started with OID After Installation......................................................................... 6-20
Configuring Oracle Virtual Directory
7.1
7.1.1
vi
Installing Oracle Identity Management (11.1.1.5.0) ...............................................................
Obtaining Oracle Fusion Middleware 11g Softwares.....................................................
Installing Oracle WebLogic Server and Creating the Middleware Home ..................
Installing the 11.1.1.2.0 Version of Oracle Identity Management Software ................
Patching the Oracle Identity Management 11.1.1.2.0 to 11.1.1.5.0................................
Configuring Oracle Identity Management (11.1.1.5.0) .........................................................
Configuring Oracle Internet Directory
6.1
6.1.1
6.1.2
6.1.3
6.1.4
6.2
7
Installing and Configuring Oracle Identity Management (11.1.1.5.0)
Installing Oracle Identity Management (11.1.1.5.0)
5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.2
6
Optional: Updating the WebLogic Administrator Server User Name in Oracle
Enterprise Manager Fusion Middleware Control (OIM Only) 4-14
OVD with ODSM and Fusion Middleware Control in a New WebLogic Domain........... 7-1
Appropriate Deployment Environment........................................................................... 7-1
7.1.2
7.1.3
7.1.4
7.2
7.2.1
7.2.2
7.2.3
7.2.4
7.3
7.3.1
7.3.2
7.3.3
7.3.4
7.4
7.5
8
7-2
7-2
7-2
7-3
7-3
7-4
7-4
7-4
7-5
7-5
7-6
7-6
7-6
7-8
7-8
Configuring Oracle Directory Integration Platform
8.1
8.1.1
8.1.2
8.1.3
8.1.4
8.2
8.2.1
8.2.2
8.2.3
8.2.4
8.3
8.4
8.5
9
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Only OVD in an Existing WebLogic Domain .........................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Only OVD Without a WebLogic Domain................................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Verifying OVD.............................................................................................................................
Getting Started with OVD After Installation ..........................................................................
ODIP with Fusion Middleware Control in a New WebLogic Domain...............................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Only ODIP in an Existing WebLogic Domain ........................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Configuring ODIP when OID is Running in SSL Mode 2 - Server Only Authentication
Verifying ODIP............................................................................................................................
Getting Started with ODIP After Installation .........................................................................
8-1
8-1
8-1
8-2
8-2
8-3
8-3
8-4
8-4
8-4
8-5
8-6
8-7
Configuring Oracle Directory Services Manager
9.1
9.1.1
9.1.2
9.1.3
9.1.4
9.2
9.2.1
9.2.2
9.2.3
9.2.4
9.3
9.4
Only ODSM in a New WebLogic Domain ..............................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Only ODSM in an Existing WebLogic Domain ......................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Verifying ODSM..........................................................................................................................
Getting Started with ODSM After Installation .......................................................................
9-1
9-1
9-1
9-2
9-2
9-3
9-3
9-3
9-3
9-3
9-4
9-5
vii
10 Configuring Oracle Identity Federation
10.1
10.2
10.3
10.3.1
10.3.2
10.4
10.5
10.5.1
10.5.2
10.5.3
10.5.4
10.6
10.6.1
10.6.2
10.6.3
10.6.4
10.7
10.7.1
10.7.2
10.7.3
10.7.4
10.8
10.8.1
10.8.2
10.8.3
10.8.4
10.9
10.10
Using the Information in This Chapter................................................................................. 10-1
Understanding OIF Deployments ......................................................................................... 10-1
Understanding OIF Basic and Advanced Deployments .................................................... 10-2
Basic Deployment ............................................................................................................. 10-2
Advanced Deployments .................................................................................................. 10-2
Configuring Oracle HTTP Server for OIF ........................................................................... 10-3
Performing Basic OIF Configurations................................................................................... 10-4
Appropriate Deployment Environment........................................................................ 10-4
Components Deployed .................................................................................................... 10-4
Dependencies .................................................................................................................... 10-5
Procedure ........................................................................................................................... 10-5
Performing Advanced OIF Configurations ......................................................................... 10-6
Appropriate Deployment Environment........................................................................ 10-7
Components Deployed .................................................................................................... 10-7
Dependencies .................................................................................................................... 10-7
Procedure ........................................................................................................................... 10-7
Advanced Example: Configuring OIF with OID in a New WebLogic Domain for LDAP
Authentication, User Store, and Federation Store 10-12
Appropriate Deployment Environment...................................................................... 10-13
Components Deployed .................................................................................................. 10-13
Dependencies .................................................................................................................. 10-13
Procedure ......................................................................................................................... 10-13
Advanced Example: Configuring OIF in a New or Existing WebLogic Domain with
RDBMS Data Stores 10-17
Appropriate Deployment Environment...................................................................... 10-17
Components Deployed .................................................................................................. 10-17
Dependencies .................................................................................................................. 10-17
Procedure ......................................................................................................................... 10-18
Verifying OIF .......................................................................................................................... 10-22
Getting Started with OIF After Installation ....................................................................... 10-22
Part III Installing and Configuring Oracle Identity and Access Management
(11.1.1.5.0)
11
Installing Oracle Identity and Access Management (11.1.1.5.0)
11.1
11.1.1
11.1.2
11.1.3
11.2
11.3
11.4
Installing Oracle Identity and Access Management (11.1.1.5.0) .......................................
Products Installed .............................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Understanding the Directory Structure After Installation.................................................
After Installing the Oracle Identity and Access Management Software..........................
Configuring Oracle Identity and Access Management Products .....................................
11-1
11-1
11-2
11-2
11-5
11-5
11-5
12 Understanding Domain Extension Scenarios
12.1
viii
Overview................................................................................................................................... 12-1
12.2
Important Notes Before You Begin ....................................................................................... 12-2
12.3
Domain Extension Scenarios .................................................................................................. 12-3
12.3.1
Extending an Oracle Identity Management 11.1.1.5.0 Domain to Support OIM, OAM,
OAAM or OIN on the Local Machine 12-3
12.3.2
Understanding Joint Configuration and Domain Extension Scenarios for OIM, OAM,
OAAM, and OIN on the Local Machine 12-4
12.4
Starting the Administration Server on the Local Machine ................................................ 12-5
12.5
Creating Managed Servers on a Remote Machine .............................................................. 12-5
12.5.1
Installing Oracle WebLogic Server and Oracle Identity Management Suite on the
Remote Machine 12-5
12.5.2
Creating and Starting Managed Servers on a Remote Machine ................................ 12-5
13 Configuring Oracle Identity Navigator
13.1
13.2
13.3
13.4
13.4.1
13.4.2
13.4.3
13.4.4
13.5
13.5.1
13.5.2
13.5.3
13.5.4
13.6
13.7
13.8
14
General Prerequisites...............................................................................................................
Installing OIN ...........................................................................................................................
Important Notes Before You Begin .......................................................................................
Configuring OIN in a New WebLogic Domain...................................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
OIN with OIM, OAM, and OAAM .......................................................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Starting the Servers..................................................................................................................
Verifying OIN...........................................................................................................................
Getting Started with Oracle OIN After Installation............................................................
13-1
13-1
13-2
13-2
13-3
13-3
13-3
13-3
13-5
13-5
13-5
13-5
13-5
13-7
13-7
13-8
Configuring Oracle Identity Manager
14.1
14.2
14.3
14.3.1
14.3.2
14.3.3
14.3.4
14.4
14.5
14.5.1
OIM Server Configuration Workflow................................................................................... 14-1
Important Notes Before You Start Configuring OIM ......................................................... 14-2
Creating a new WebLogic Domain for OIM and SOA....................................................... 14-4
Appropriate Deployment Environment........................................................................ 14-4
Components Deployed .................................................................................................... 14-4
Dependencies .................................................................................................................... 14-4
Procedure ........................................................................................................................... 14-5
Starting the Servers.................................................................................................................. 14-7
Configuring OIM Server, Design Console, and Remote Manager ................................... 14-7
Scope of Configuration Using the Oracle Identity Manager 11g Configuration Wizard..
14-8
14.5.2
Scenario 1: Oracle Identity Manager Server and Design Console on Different Machines
14-8
14.5.3
Scenario 2: Oracle Identity Manager Server and Remote Manager on Different
Machines 14-8
ix
14.5.4
Scenario 3: Oracle Identity Manager Server, Design Console, and Remote Manager on
a Single Windows Machine 14-9
14.6
Before Configuring OIM Server, Design Console, or Remote Manager.......................... 14-9
14.6.1
Prerequisites for Configuring OIM Server.................................................................... 14-9
14.6.2
Prerequisites for Configuring Only OIM Design Console on a Different Machine ..........
14-10
14.6.3
Prerequisites for Configuring Only OIM Remote Manager on a Different Machine ........
14-10
14.7
Starting the Oracle Identity Manager 11g Configuration Wizard .................................. 14-11
14.8
Configuring OIM Server ....................................................................................................... 14-11
14.8.1
Appropriate Deployment Environment...................................................................... 14-11
14.8.2
Components Deployed .................................................................................................. 14-11
14.8.3
Dependencies .................................................................................................................. 14-11
14.8.4
Procedure ......................................................................................................................... 14-12
14.8.5
Completing the Prerequisites for Enabling LDAP Synchronization....................... 14-16
14.8.5.1
Preconfiguring the Identity Store.......................................................................... 14-16
14.8.5.2
Creating Adapters in Oracle Virtual Directory................................................... 14-19
14.8.6
Running the LDAP Post-Configuration Utility.......................................................... 14-31
14.8.7
Verifying the LDAP Synchronization.......................................................................... 14-33
14.8.8
Post-Configuration Steps............................................................................................... 14-33
14.8.9
Setting oamEnabled Parameter for Identity Virtualization Library ....................... 14-34
14.8.10
Enabling LDAP Sync after Installing and Configuring OIM Server at a Later Point ........
14-35
14.9
Installing and Configuring Only OIM Design Console on Windows............................ 14-35
14.10 Configuring OIM Design Console....................................................................................... 14-35
14.10.1
Appropriate Deployment Environment...................................................................... 14-36
14.10.2
Components Deployed .................................................................................................. 14-36
14.10.3
Dependencies .................................................................................................................. 14-36
14.10.4
Procedure ......................................................................................................................... 14-36
14.10.5
Post-Configuration Steps............................................................................................... 14-37
14.10.6
Updating the xlconfig.xml File to Change the Port for Design Console ................ 14-38
14.10.7
Configuring Design Console to Use SSL ..................................................................... 14-38
14.11 Configuring OIM Remote Manager .................................................................................... 14-39
14.11.1
Appropriate Deployment Environment...................................................................... 14-39
14.11.2
Components Deployed .................................................................................................. 14-40
14.11.3
Dependencies .................................................................................................................. 14-40
14.11.4
Procedure ......................................................................................................................... 14-40
14.12 Verifying the OIM Installation............................................................................................. 14-41
14.13 Setting Up Integration with OAM....................................................................................... 14-42
14.14 List of Supported Languages ............................................................................................... 14-42
14.15 Using the Diagnostic Dashboard ......................................................................................... 14-42
14.16 Getting Started with OIM After Installation...................................................................... 14-43
15 Configuring Oracle Access Manager
15.1
15.2
15.3
15.4
x
Prerequisites .............................................................................................................................
Important Notes Before You Begin .......................................................................................
Installing OAM.........................................................................................................................
Oracle Access Manager Domain Configuration Template ................................................
15-1
15-2
15-2
15-3
15.5
OAM in a New WebLogic Domain .......................................................................................
15.5.1
Appropriate Deployment Environment........................................................................
15.5.2
Components Deployed ....................................................................................................
15.5.3
Dependencies ....................................................................................................................
15.5.4
Procedure ...........................................................................................................................
15.6
OAM and OIN in a New WebLogic Domain.......................................................................
15.6.1
Appropriate Deployment Environment........................................................................
15.6.2
Components Deployed ....................................................................................................
15.6.3
Dependencies ....................................................................................................................
15.6.4
Procedure ...........................................................................................................................
15.7
OAM in a Domain Containing OAAM and OIN ................................................................
15.7.1
Appropriate Deployment Environment........................................................................
15.7.2
Components Deployed ....................................................................................................
15.7.3
Dependencies ....................................................................................................................
15.7.4
Procedure ...........................................................................................................................
15.8
Starting the Servers................................................................................................................
15.9
Optional Post-Installation Tasks..........................................................................................
15.10 Verifying the OAM Installation ...........................................................................................
15.11 Setting Up OAM Agents .......................................................................................................
15.11.1
Setting Up Oracle HTTP Server WebGate ..................................................................
15.11.1.1
Installing and Configuring WebGate ...................................................................
15.11.1.2
Registering WebGate as a Partner Application...................................................
15.11.1.3
Restarting Managed Servers ..................................................................................
15.11.2
Setting Up the OSSO Agent ..........................................................................................
15.11.2.1
Installing mod_osso ................................................................................................
15.11.2.2
Restarting Managed Servers ..................................................................................
15.12 Setting Up Integration with OIM.........................................................................................
15.13 Getting Started with OAM After Installation ....................................................................
16
15-3
15-3
15-3
15-4
15-4
15-5
15-5
15-6
15-6
15-6
15-7
15-8
15-8
15-8
15-8
15-10
15-10
15-10
15-10
15-11
15-11
15-11
15-11
15-11
15-11
15-12
15-12
15-12
Configuring Oracle Adaptive Access Manager
16.1
16.2
16.3
16.4
16.5
16.5.1
16.5.2
16.5.3
16.5.4
16.6
16.6.1
16.6.2
16.6.3
16.7
16.8
16.9
16.10
Overview...................................................................................................................................
Prerequisites .............................................................................................................................
Important Notes Before You Begin .......................................................................................
Installing OAAM......................................................................................................................
OAAM in a New WebLogic Domain ....................................................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Configuring Oracle Adaptive Access Manager (Offline)...................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Starting the Servers..................................................................................................................
Post-Installation Steps .............................................................................................................
Verifying the OAAM Installation ........................................................................................
Migrating Policy and Credential Stores..............................................................................
16-1
16-2
16-2
16-3
16-3
16-4
16-4
16-4
16-4
16-6
16-6
16-6
16-6
16-8
16-8
16-11
16-12
xi
16.10.1
Creating JPS Root............................................................................................................ 16-12
16.10.2
Reassociating the Policy and Credential Store ........................................................... 16-12
16.11 Getting Started with OAAM After Installation ................................................................. 16-13
17
OAM and OAAM Joint Domain Configuration Scenarios
17.1
17.2
17.3
17.4
17.4.1
17.4.2
17.4.3
17.4.4
17.5
17.5.1
17.5.2
17.5.3
17.5.4
17.6
17.7
17.8
Prerequisites .............................................................................................................................
Important Notes Before You Begin .......................................................................................
Installing Oracle Identity and Access Management 11g Release 1 (11.1.1) .....................
OAM, OIM, and OIN in a New WebLogic Domain ...........................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
OAM, OAAM, and OIN in a New WebLogic Domain ......................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Starting the Servers..................................................................................................................
Getting Started with OAM After Installation ......................................................................
Getting Started with OAAM After Installation ...................................................................
17-1
17-2
17-2
17-3
17-3
17-3
17-3
17-3
17-
Installation Guide for Oracle Identity Management
11g Release 1 (11.1.1)
E12002-09
July 2011
Oracle Fusion Middleware Installation Guide for Oracle Identity Management, 11g Release 1 (11.1.1)
E12002-09
Copyright © 2001, 2011, Oracle and/or its affiliates. All rights reserved.
Primary Author: Nisha Singh
Contributors: Don Biasotti, Niranjan Ananthapadmanabha, Heeru Janweja, Deepak Ramakrishnan,
Madhu Martin, Sergio Mendiola, Svetlana Kolomeyskaya, Sid Choudhury, Javed Beg, Eswar Vandanapu,
Harsh Maheshwari, Sidhartha Das, Mark Karlstrand, Daniel Shih, Don Bosco Durai, Kamal Singh, Rey Ong,
Gail Flanegin, Ellen Desmond, Priscilla Lee, Vinaye Misra, Toby Close, Ashish Kolli, Ashok Maram, Peter
LaQuerre, Srinivasa Vedam, Vinay Shukla, Sanjeev Topiwala, Shaun Lin, Prakash Hulikere, Debapriya
Dutta, Sujatha Ramesh, Ajay Keni, Ken Vincent
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify,
license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means.
Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data
delivered to U.S. Government customers are "commercial computer software" or "commercial technical
data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental
regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the
restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable
by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial
Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA
94065.
This software is developed for general use in a variety of information management applications. It is not
developed or intended for use in any inherently dangerous applications, including applications which may
create a risk of personal injury. If you use this software in dangerous applications, then you shall be
responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use
of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of
this software in dangerous applications.
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks
of their respective owners.
This software and documentation may provide access to or information on content, products, and services
from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all
warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and
its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services.
Contents
Preface .............................................................................................................................................................. xvii
Audience.................................................................................................................................................... xvii
Documentation Accessibility .................................................................................................................. xvii
Related Documents .................................................................................................................................. xvii
Conventions ............................................................................................................................................... xix
Part I
1
Introduction and Preparation
Understanding Oracle Identity Management
1.1
1.1.1
1.2
1.3
1.4
1.5
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
2
What is Oracle Fusion Middleware?........................................................................................ 1-1
What is Oracle Enterprise Manager Fusion Middleware Control? .............................. 1-1
What is Oracle Identity Management? .................................................................................... 1-2
Oracle Identity Management 11g Release 1 (11.1.1.5.0) Components................................. 1-2
Oracle Identity and Access Management 11g Release 1 (11.1.1.5.0) Components ............ 1-2
Special Instructions for Oracle Single Sign-On and Oracle Delegated Administration
Services Users 1-3
What Does This Guide Cover?.................................................................................................. 1-3
Using This Guide ................................................................................................................. 1-3
Upgrading to Oracle Identity Management (11.1.1.5.0)................................................. 1-4
Upgrading to Oracle Identity and Access Management (11.1.1.5.0) ............................ 1-5
Installing Oracle Identity Management (11.1.1.5.0) for High Availability.................. 1-5
Installing Oracle Identity and Access Management (11.1.1.5.0) for High Availability .....
1-5
Understanding the Oracle Identity Management Installation
2.1
2.1.1
2.1.2
2.2
2.2.1
2.2.2
Overview and Structure of Oracle Identity Management 11g Installation ........................ 2-1
Overview............................................................................................................................... 2-1
Structure of the Installation................................................................................................ 2-2
Overview of Oracle Identity Management (11.1.1.5.0) Installation..................................... 2-3
Installation Roadmap .......................................................................................................... 2-3
Installation Types: "Install Software - Do Not Configure" vs. "Install and Configure".....
2-5
2.2.2.1
Understanding the "Install Software - Do Not Configure" Option ....................... 2-6
2.2.2.2
Understanding the "Install and Configure" Option ................................................ 2-6
2.2.3
Understanding Oracle WebLogic Server Administration Domain Options............... 2-6
iii
2.2.3.1
2.2.3.2
2.2.3.3
2.2.3.4
2.2.4
2.2.5
2.2.6
2.2.6.1
2.2.6.2
2.2.6.3
2.3
2.3.1
2.3.2
2.3.3
2.3.3.1
2.3.3.2
2.3.4
2.3.5
2.3.5.1
2.3.5.2
2.3.6
2.3.7
2.3.8
2.3.9
2.3.9.1
2.3.9.2
3
Preparing to Install
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.6.1
3.1.6.2
3.1.6.3
3.2
3.2.1
3.2.2
3.2.2.1
iv
Create New Domain..................................................................................................... 2-7
Extend Existing Domain.............................................................................................. 2-7
Expand Cluster ............................................................................................................. 2-7
Configure Without a Domain ..................................................................................... 2-7
Installing Components on Separate Systems................................................................... 2-8
Executing the oracleRoot.sh Script on UNIX Platforms................................................. 2-8
Understanding the State of Oracle Identity Management Components After
Installation 2-9
Default SSL Configurations ........................................................................................ 2-9
Default Passwords........................................................................................................ 2-9
Ports Assigned Using Auto Port Configuration ...................................................... 2-9
Overview of Oracle Identity and Access Management (11.1.1.5.0) Installation ............. 2-10
Installation Roadmap ....................................................................................................... 2-10
Prerequisite Checks Performed by the Oracle Identity and Access Management
Installer 2-13
Understanding Oracle WebLogic Server Administration Domain Options............ 2-13
Create a New Domain............................................................................................... 2-14
Extend an Existing Domain...................................................................................... 2-14
Additional Configuration Using the Oracle Identity Manager 11g Configuration
Wizard 2-14
Additional 11g Release 1 (11.1.1) Deployment Information....................................... 2-14
Upgrading to 11g Release 1 (11.1.1) ........................................................................ 2-14
Installing 11g Release 1 (11.1.1) for High Availability ......................................... 2-15
Silent Installation .............................................................................................................. 2-15
Installing Components on Separate Systems................................................................ 2-15
Screens in Oracle Fusion Middleware Configuration Wizard................................... 2-15
Understanding the State of Oracle Identity and Access Management Components
After Installation 2-16
Default SSL Configurations ..................................................................................... 2-16
Default Passwords..................................................................................................... 2-16
Before Installing Oracle Identity Management (11.1.1.5.0)................................................... 3-1
System Requirements and Certification ........................................................................... 3-1
Installing and Configuring Java Access Bridge (Windows Only) ................................ 3-2
Managing the Oracle WebLogic Server Node Manager Utility for Oracle Identity
Management Installations 3-2
Installing Oracle Database.................................................................................................. 3-3
Creating Database Schema Using the Oracle Fusion Middleware Repository Creation
Utility (RCU) 3-4
Optional Environment-Specific Preparation ................................................................... 3-5
Using Symbolic Links .................................................................................................. 3-5
Installing Oracle Identity Management on DHCP Hosts ....................................... 3-6
Installing Oracle Identity Management on a Multihomed System....................... 3-6
Before Installing Oracle Identity and Access Management (11.1.1.5.0) ............................. 3-6
Oracle Fusion Middleware Certification.......................................................................... 3-7
System Requirements.......................................................................................................... 3-7
Most Recent Information ............................................................................................. 3-7
3.2.2.2
3.2.2.3
3.2.3
3.2.4
3.2.5
3.2.6
3.2.6.1
3.2.7
3.2.8
3.2.9
3.2.9.1
3.2.9.2
3.2.9.3
4
Installer Startup Requirements................................................................................... 3-7
Memory Requirements ................................................................................................ 3-8
Installing and Configuring Java Access Bridge (Windows Only) ................................ 3-8
Obtaining the Latest Oracle WebLogic Server and Oracle Fusion Middleware 11g
Software 3-9
Installing Oracle WebLogic Server and Creating the Oracle Middleware Home...... 3-9
Installing Oracle Database.................................................................................................. 3-9
Oracle Database 11.1.0.7 Patch Requirements for Oracle Identity Manager .... 3-10
Creating Database Schema Using the Oracle Fusion Middleware Repository Creation
Utility (RCU) 3-10
Upgrading an Existing Database Schema .................................................................... 3-12
Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users
Only) 3-12
Obtaining the Latest Oracle WebLogic Server and Oracle SOA Suite Software.........
3-12
Installing Oracle WebLogic Server and Creating the Middleware Home ........ 3-13
Installing the Latest Version of Oracle SOA Suite ................................................ 3-13
Performing Common Installation Tasks
4.1
Common Installation Tasks for Oracle Identity Management (11.1.1.5.0) ......................... 4-1
4.1.1
Starting an Installation ........................................................................................................ 4-2
4.1.2
Creating the Inventory Directory (UNIX Only) .............................................................. 4-2
4.1.3
Identifying Installation Directories ................................................................................... 4-3
4.1.3.1
Oracle Middleware Home Location .......................................................................... 4-3
4.1.3.2
Oracle Home Directory................................................................................................ 4-3
4.1.3.3
WebLogic Server Directory ......................................................................................... 4-4
4.1.3.4
Oracle Instance Location ............................................................................................. 4-4
4.1.3.5
Oracle Instance Name .................................................................................................. 4-4
4.1.4
Determining Port Numbers................................................................................................ 4-4
4.1.5
Completing an Installation................................................................................................. 4-5
4.1.6
Optional: Configuring the Minimum Amount for Oracle WebLogic Server’s Maximum
Heap Size 4-6
4.1.7
Locating Installation Log Files........................................................................................... 4-7
4.2
Common Installation Tasks for Oracle Identity and Access Management (11.1.1.5.0) .... 4-7
4.2.1
Starting an Installation ........................................................................................................ 4-8
4.2.2
Starting Oracle Fusion Middleware Configuration Wizard.......................................... 4-9
4.2.3
List of Executable Files........................................................................................................ 4-9
4.2.4
Identifying Installation Directories ................................................................................ 4-11
4.2.4.1
Oracle Middleware Home Location ....................................................................... 4-11
4.2.4.2
Oracle Home Directory............................................................................................. 4-12
4.2.4.3
Oracle Common Directory ....................................................................................... 4-12
4.2.4.4
Oracle WebLogic Domain Directory ...................................................................... 4-12
4.2.4.5
WebLogic Server Directory ...................................................................................... 4-12
4.2.5
Determining Port Numbers............................................................................................. 4-12
4.2.6
Completing an Installation.............................................................................................. 4-13
4.2.7
Locating Installation Log Files........................................................................................ 4-13
v
4.2.8
Part II
5
6.2.1
6.2.2
6.2.3
6.2.4
6.3
6.3.1
6.3.2
6.3.3
6.3.4
6.4
6.4.1
6.4.2
6.4.3
6.4.4
6.5
6.5.1
6.5.2
6.5.3
6.5.4
6.6
6.7
5-1
5-1
5-2
5-2
5-3
5-4
OID with ODSM and Fusion Middleware Control in a New WebLogic Domain ............ 6-2
Appropriate Deployment Environment........................................................................... 6-2
Components Deployed ....................................................................................................... 6-3
Dependencies ....................................................................................................................... 6-3
Procedure .............................................................................................................................. 6-3
OID with ODIP, ODSM, and Fusion Middleware Control in a New WebLogic Domain .......
6-5
Appropriate Deployment Environment........................................................................... 6-6
Components Deployed ....................................................................................................... 6-6
Dependencies ....................................................................................................................... 6-6
Procedure .............................................................................................................................. 6-6
OID and OVD with ODSM in a New WebLogic Domain .................................................... 6-9
Appropriate Deployment Environment........................................................................... 6-9
Components Deployed ....................................................................................................... 6-9
Dependencies ....................................................................................................................... 6-9
Procedure ........................................................................................................................... 6-10
Only OID in an Existing WebLogic Domain........................................................................ 6-12
Appropriate Deployment Environment........................................................................ 6-12
Components Deployed .................................................................................................... 6-13
Dependencies .................................................................................................................... 6-13
Procedure ........................................................................................................................... 6-13
Only OID Without a WebLogic Domain .............................................................................. 6-15
Appropriate Deployment Environment........................................................................ 6-16
Components Deployed .................................................................................................... 6-16
Dependencies .................................................................................................................... 6-16
Procedure ........................................................................................................................... 6-16
Verifying OID Installation ...................................................................................................... 6-19
Getting Started with OID After Installation......................................................................... 6-20
Configuring Oracle Virtual Directory
7.1
7.1.1
vi
Installing Oracle Identity Management (11.1.1.5.0) ...............................................................
Obtaining Oracle Fusion Middleware 11g Softwares.....................................................
Installing Oracle WebLogic Server and Creating the Middleware Home ..................
Installing the 11.1.1.2.0 Version of Oracle Identity Management Software ................
Patching the Oracle Identity Management 11.1.1.2.0 to 11.1.1.5.0................................
Configuring Oracle Identity Management (11.1.1.5.0) .........................................................
Configuring Oracle Internet Directory
6.1
6.1.1
6.1.2
6.1.3
6.1.4
6.2
7
Installing and Configuring Oracle Identity Management (11.1.1.5.0)
Installing Oracle Identity Management (11.1.1.5.0)
5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.2
6
Optional: Updating the WebLogic Administrator Server User Name in Oracle
Enterprise Manager Fusion Middleware Control (OIM Only) 4-14
OVD with ODSM and Fusion Middleware Control in a New WebLogic Domain........... 7-1
Appropriate Deployment Environment........................................................................... 7-1
7.1.2
7.1.3
7.1.4
7.2
7.2.1
7.2.2
7.2.3
7.2.4
7.3
7.3.1
7.3.2
7.3.3
7.3.4
7.4
7.5
8
7-2
7-2
7-2
7-3
7-3
7-4
7-4
7-4
7-5
7-5
7-6
7-6
7-6
7-8
7-8
Configuring Oracle Directory Integration Platform
8.1
8.1.1
8.1.2
8.1.3
8.1.4
8.2
8.2.1
8.2.2
8.2.3
8.2.4
8.3
8.4
8.5
9
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Only OVD in an Existing WebLogic Domain .........................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Only OVD Without a WebLogic Domain................................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Verifying OVD.............................................................................................................................
Getting Started with OVD After Installation ..........................................................................
ODIP with Fusion Middleware Control in a New WebLogic Domain...............................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Only ODIP in an Existing WebLogic Domain ........................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Configuring ODIP when OID is Running in SSL Mode 2 - Server Only Authentication
Verifying ODIP............................................................................................................................
Getting Started with ODIP After Installation .........................................................................
8-1
8-1
8-1
8-2
8-2
8-3
8-3
8-4
8-4
8-4
8-5
8-6
8-7
Configuring Oracle Directory Services Manager
9.1
9.1.1
9.1.2
9.1.3
9.1.4
9.2
9.2.1
9.2.2
9.2.3
9.2.4
9.3
9.4
Only ODSM in a New WebLogic Domain ..............................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Only ODSM in an Existing WebLogic Domain ......................................................................
Appropriate Deployment Environment...........................................................................
Components Deployed .......................................................................................................
Dependencies .......................................................................................................................
Procedure ..............................................................................................................................
Verifying ODSM..........................................................................................................................
Getting Started with ODSM After Installation .......................................................................
9-1
9-1
9-1
9-2
9-2
9-3
9-3
9-3
9-3
9-3
9-4
9-5
vii
10 Configuring Oracle Identity Federation
10.1
10.2
10.3
10.3.1
10.3.2
10.4
10.5
10.5.1
10.5.2
10.5.3
10.5.4
10.6
10.6.1
10.6.2
10.6.3
10.6.4
10.7
10.7.1
10.7.2
10.7.3
10.7.4
10.8
10.8.1
10.8.2
10.8.3
10.8.4
10.9
10.10
Using the Information in This Chapter................................................................................. 10-1
Understanding OIF Deployments ......................................................................................... 10-1
Understanding OIF Basic and Advanced Deployments .................................................... 10-2
Basic Deployment ............................................................................................................. 10-2
Advanced Deployments .................................................................................................. 10-2
Configuring Oracle HTTP Server for OIF ........................................................................... 10-3
Performing Basic OIF Configurations................................................................................... 10-4
Appropriate Deployment Environment........................................................................ 10-4
Components Deployed .................................................................................................... 10-4
Dependencies .................................................................................................................... 10-5
Procedure ........................................................................................................................... 10-5
Performing Advanced OIF Configurations ......................................................................... 10-6
Appropriate Deployment Environment........................................................................ 10-7
Components Deployed .................................................................................................... 10-7
Dependencies .................................................................................................................... 10-7
Procedure ........................................................................................................................... 10-7
Advanced Example: Configuring OIF with OID in a New WebLogic Domain for LDAP
Authentication, User Store, and Federation Store 10-12
Appropriate Deployment Environment...................................................................... 10-13
Components Deployed .................................................................................................. 10-13
Dependencies .................................................................................................................. 10-13
Procedure ......................................................................................................................... 10-13
Advanced Example: Configuring OIF in a New or Existing WebLogic Domain with
RDBMS Data Stores 10-17
Appropriate Deployment Environment...................................................................... 10-17
Components Deployed .................................................................................................. 10-17
Dependencies .................................................................................................................. 10-17
Procedure ......................................................................................................................... 10-18
Verifying OIF .......................................................................................................................... 10-22
Getting Started with OIF After Installation ....................................................................... 10-22
Part III Installing and Configuring Oracle Identity and Access Management
(11.1.1.5.0)
11
Installing Oracle Identity and Access Management (11.1.1.5.0)
11.1
11.1.1
11.1.2
11.1.3
11.2
11.3
11.4
Installing Oracle Identity and Access Management (11.1.1.5.0) .......................................
Products Installed .............................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Understanding the Directory Structure After Installation.................................................
After Installing the Oracle Identity and Access Management Software..........................
Configuring Oracle Identity and Access Management Products .....................................
11-1
11-1
11-2
11-2
11-5
11-5
11-5
12 Understanding Domain Extension Scenarios
12.1
viii
Overview................................................................................................................................... 12-1
12.2
Important Notes Before You Begin ....................................................................................... 12-2
12.3
Domain Extension Scenarios .................................................................................................. 12-3
12.3.1
Extending an Oracle Identity Management 11.1.1.5.0 Domain to Support OIM, OAM,
OAAM or OIN on the Local Machine 12-3
12.3.2
Understanding Joint Configuration and Domain Extension Scenarios for OIM, OAM,
OAAM, and OIN on the Local Machine 12-4
12.4
Starting the Administration Server on the Local Machine ................................................ 12-5
12.5
Creating Managed Servers on a Remote Machine .............................................................. 12-5
12.5.1
Installing Oracle WebLogic Server and Oracle Identity Management Suite on the
Remote Machine 12-5
12.5.2
Creating and Starting Managed Servers on a Remote Machine ................................ 12-5
13 Configuring Oracle Identity Navigator
13.1
13.2
13.3
13.4
13.4.1
13.4.2
13.4.3
13.4.4
13.5
13.5.1
13.5.2
13.5.3
13.5.4
13.6
13.7
13.8
14
General Prerequisites...............................................................................................................
Installing OIN ...........................................................................................................................
Important Notes Before You Begin .......................................................................................
Configuring OIN in a New WebLogic Domain...................................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
OIN with OIM, OAM, and OAAM .......................................................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Starting the Servers..................................................................................................................
Verifying OIN...........................................................................................................................
Getting Started with Oracle OIN After Installation............................................................
13-1
13-1
13-2
13-2
13-3
13-3
13-3
13-3
13-5
13-5
13-5
13-5
13-5
13-7
13-7
13-8
Configuring Oracle Identity Manager
14.1
14.2
14.3
14.3.1
14.3.2
14.3.3
14.3.4
14.4
14.5
14.5.1
OIM Server Configuration Workflow................................................................................... 14-1
Important Notes Before You Start Configuring OIM ......................................................... 14-2
Creating a new WebLogic Domain for OIM and SOA....................................................... 14-4
Appropriate Deployment Environment........................................................................ 14-4
Components Deployed .................................................................................................... 14-4
Dependencies .................................................................................................................... 14-4
Procedure ........................................................................................................................... 14-5
Starting the Servers.................................................................................................................. 14-7
Configuring OIM Server, Design Console, and Remote Manager ................................... 14-7
Scope of Configuration Using the Oracle Identity Manager 11g Configuration Wizard..
14-8
14.5.2
Scenario 1: Oracle Identity Manager Server and Design Console on Different Machines
14-8
14.5.3
Scenario 2: Oracle Identity Manager Server and Remote Manager on Different
Machines 14-8
ix
14.5.4
Scenario 3: Oracle Identity Manager Server, Design Console, and Remote Manager on
a Single Windows Machine 14-9
14.6
Before Configuring OIM Server, Design Console, or Remote Manager.......................... 14-9
14.6.1
Prerequisites for Configuring OIM Server.................................................................... 14-9
14.6.2
Prerequisites for Configuring Only OIM Design Console on a Different Machine ..........
14-10
14.6.3
Prerequisites for Configuring Only OIM Remote Manager on a Different Machine ........
14-10
14.7
Starting the Oracle Identity Manager 11g Configuration Wizard .................................. 14-11
14.8
Configuring OIM Server ....................................................................................................... 14-11
14.8.1
Appropriate Deployment Environment...................................................................... 14-11
14.8.2
Components Deployed .................................................................................................. 14-11
14.8.3
Dependencies .................................................................................................................. 14-11
14.8.4
Procedure ......................................................................................................................... 14-12
14.8.5
Completing the Prerequisites for Enabling LDAP Synchronization....................... 14-16
14.8.5.1
Preconfiguring the Identity Store.......................................................................... 14-16
14.8.5.2
Creating Adapters in Oracle Virtual Directory................................................... 14-19
14.8.6
Running the LDAP Post-Configuration Utility.......................................................... 14-31
14.8.7
Verifying the LDAP Synchronization.......................................................................... 14-33
14.8.8
Post-Configuration Steps............................................................................................... 14-33
14.8.9
Setting oamEnabled Parameter for Identity Virtualization Library ....................... 14-34
14.8.10
Enabling LDAP Sync after Installing and Configuring OIM Server at a Later Point ........
14-35
14.9
Installing and Configuring Only OIM Design Console on Windows............................ 14-35
14.10 Configuring OIM Design Console....................................................................................... 14-35
14.10.1
Appropriate Deployment Environment...................................................................... 14-36
14.10.2
Components Deployed .................................................................................................. 14-36
14.10.3
Dependencies .................................................................................................................. 14-36
14.10.4
Procedure ......................................................................................................................... 14-36
14.10.5
Post-Configuration Steps............................................................................................... 14-37
14.10.6
Updating the xlconfig.xml File to Change the Port for Design Console ................ 14-38
14.10.7
Configuring Design Console to Use SSL ..................................................................... 14-38
14.11 Configuring OIM Remote Manager .................................................................................... 14-39
14.11.1
Appropriate Deployment Environment...................................................................... 14-39
14.11.2
Components Deployed .................................................................................................. 14-40
14.11.3
Dependencies .................................................................................................................. 14-40
14.11.4
Procedure ......................................................................................................................... 14-40
14.12 Verifying the OIM Installation............................................................................................. 14-41
14.13 Setting Up Integration with OAM....................................................................................... 14-42
14.14 List of Supported Languages ............................................................................................... 14-42
14.15 Using the Diagnostic Dashboard ......................................................................................... 14-42
14.16 Getting Started with OIM After Installation...................................................................... 14-43
15 Configuring Oracle Access Manager
15.1
15.2
15.3
15.4
x
Prerequisites .............................................................................................................................
Important Notes Before You Begin .......................................................................................
Installing OAM.........................................................................................................................
Oracle Access Manager Domain Configuration Template ................................................
15-1
15-2
15-2
15-3
15.5
OAM in a New WebLogic Domain .......................................................................................
15.5.1
Appropriate Deployment Environment........................................................................
15.5.2
Components Deployed ....................................................................................................
15.5.3
Dependencies ....................................................................................................................
15.5.4
Procedure ...........................................................................................................................
15.6
OAM and OIN in a New WebLogic Domain.......................................................................
15.6.1
Appropriate Deployment Environment........................................................................
15.6.2
Components Deployed ....................................................................................................
15.6.3
Dependencies ....................................................................................................................
15.6.4
Procedure ...........................................................................................................................
15.7
OAM in a Domain Containing OAAM and OIN ................................................................
15.7.1
Appropriate Deployment Environment........................................................................
15.7.2
Components Deployed ....................................................................................................
15.7.3
Dependencies ....................................................................................................................
15.7.4
Procedure ...........................................................................................................................
15.8
Starting the Servers................................................................................................................
15.9
Optional Post-Installation Tasks..........................................................................................
15.10 Verifying the OAM Installation ...........................................................................................
15.11 Setting Up OAM Agents .......................................................................................................
15.11.1
Setting Up Oracle HTTP Server WebGate ..................................................................
15.11.1.1
Installing and Configuring WebGate ...................................................................
15.11.1.2
Registering WebGate as a Partner Application...................................................
15.11.1.3
Restarting Managed Servers ..................................................................................
15.11.2
Setting Up the OSSO Agent ..........................................................................................
15.11.2.1
Installing mod_osso ................................................................................................
15.11.2.2
Restarting Managed Servers ..................................................................................
15.12 Setting Up Integration with OIM.........................................................................................
15.13 Getting Started with OAM After Installation ....................................................................
16
15-3
15-3
15-3
15-4
15-4
15-5
15-5
15-6
15-6
15-6
15-7
15-8
15-8
15-8
15-8
15-10
15-10
15-10
15-10
15-11
15-11
15-11
15-11
15-11
15-11
15-12
15-12
15-12
Configuring Oracle Adaptive Access Manager
16.1
16.2
16.3
16.4
16.5
16.5.1
16.5.2
16.5.3
16.5.4
16.6
16.6.1
16.6.2
16.6.3
16.7
16.8
16.9
16.10
Overview...................................................................................................................................
Prerequisites .............................................................................................................................
Important Notes Before You Begin .......................................................................................
Installing OAAM......................................................................................................................
OAAM in a New WebLogic Domain ....................................................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Configuring Oracle Adaptive Access Manager (Offline)...................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Starting the Servers..................................................................................................................
Post-Installation Steps .............................................................................................................
Verifying the OAAM Installation ........................................................................................
Migrating Policy and Credential Stores..............................................................................
16-1
16-2
16-2
16-3
16-3
16-4
16-4
16-4
16-4
16-6
16-6
16-6
16-6
16-8
16-8
16-11
16-12
xi
16.10.1
Creating JPS Root............................................................................................................ 16-12
16.10.2
Reassociating the Policy and Credential Store ........................................................... 16-12
16.11 Getting Started with OAAM After Installation ................................................................. 16-13
17
OAM and OAAM Joint Domain Configuration Scenarios
17.1
17.2
17.3
17.4
17.4.1
17.4.2
17.4.3
17.4.4
17.5
17.5.1
17.5.2
17.5.3
17.5.4
17.6
17.7
17.8
Prerequisites .............................................................................................................................
Important Notes Before You Begin .......................................................................................
Installing Oracle Identity and Access Management 11g Release 1 (11.1.1) .....................
OAM, OIM, and OIN in a New WebLogic Domain ...........................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
OAM, OAAM, and OIN in a New WebLogic Domain ......................................................
Appropriate Deployment Environment........................................................................
Components Deployed ....................................................................................................
Dependencies ....................................................................................................................
Procedure ...........................................................................................................................
Starting the Servers..................................................................................................................
Getting Started with OAM After Installation ......................................................................
Getting Started with OAAM After Installation ...................................................................
17-1
17-2
17-2
17-3
17-3
17-3
17-3
17-3
17-