Dec 27 15

Installing and Configuring Oracle Identity Manager R2 PS3

Tamim Khan

In this article describe the step by step installation Oracle Identity Manager11g R2 PS3. Assuming all the environment settings has been configuring properly according to the oracle best practice.

Make sure that the below db parameters are updated with the values given below

AL32UTF8 (Unicode) as the database character set.
SHARED_POOL_SIZE is greater than or equal to 147456KB.
SGA_MAX_SIZE is greater than or equal to 4294967296.
DB_BLOCK_SIZE is greater than or equal to 8KB
OPEN_CURSOR = 1600
PROCESSES=500

1.    DOWNLOAD INSTALLATION MEDIA

Download URL of Oracle Identity and Access Management 11g R2 PS3 and Oracle Fusion Middleware Repository Creation Utility 11g (11.1.1.9.0):
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html

image001

2.    SET ENVIRONMENT VARIABLE FOR ORACLE USER

#Host
export ORACLE_HOSTNAME=iamr2ps3.tigeritbd.com

#WebLogic
export APP_SERVER=weblogic
export MW_HOME=/oracle/Middleware
export WL_HOME=$MW_HOME/wlserver_10.3
export WLS_HOME=$WL_HOME/server
export ANT_HOME=$MW_HOME/modules/org.apache.ant_1.7.1
export OIM_DOMAIN_HOME=$MW_HOME/user_projects/domains/IAMGovernanceDomain

#Java
export JAVA_VENDOR=ORACLE-JDK
export JAVA_HOME=/usr/java/jdk1.7.0_79

#SOA
export SOA_ORACLE_HOME=$MW_HOME/soa_home

#ORACLE IAM
export IAM_ORACLE_HOME=$MW_HOME/iam_home
export IAM_HOME=$IAM_ORACLE_HOME
export XL_HOME=$OIM_ORACLE_HOME/server
export DC_HOME=$OIM_ORACLE_HOME/designconsole
export RM_HOME=$OIM_ORACLE_HOME/remote_manager

#ORACLE COMMON HOME
export COMMON_ORACLE_HOME=$MW_HOME/oracle_common/common

#LOG File 
export OIM_LOG_DIR=$OIM_DOMAIN_HOME/servers/oim_server1/logs
export SOA_LOG_DIR=$OIM_DOMAIN_HOME/servers/soa_server1/logs

#Library
export PATH=$PATH:$ORACLE_HOME/bin:$SOA_ORACLE_HOME/bin:$IAM_ORACLE_HOME/bin:$ANT_HOME/bin:/sbin:/bin:/usr/sbin
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$SOA_ORACLE_HOME/lib:$IAM_ORACLE_HOME/lib:/lib:/usr/lib
export CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib

3.    INSTALL A CERTIFIED JDK

1.    Make sure that execute permissions are set
2.    Run this command as a root user: rpm -ivh jdk-7u79-linux-x64.rpm
3.    Checking Java version using java –version and which java is using.

4.    MODIFY THE DATABASE SYSTEM PARAMETERS

Before running RCU modify database system parameter.

sqlplus / as sysdba
alter system set processes=500 scope=spfile;
alter system set open_cursors=1600 scope=spfile;
alter system set session_cached_cursors=500 scope=spfile;
alter system set session_max_open_files=50 scope=spfile;
alter system set aq_tm_processes=1 scope=spfile;
alter system set job_queue_processes=10 scope=spfile;
ALTER SYSTEM SET sga_max_size = 4294967296 scope=spfile;
shutdown immediate;
startup;

5.    CREATING DATABASE SCHEMA USING THE RCU

To create database schemas for Oracle Identity and Access Management 11g Release 2 PS3 (11.1.2.3.0) components, you must use the11g Release 2 (11.1.2.3.0) version of the Oracle Fusion Middleware Repository Creation Utility.

unzip ofm_rcu_linux_11.1.1.9.0_64_disk1_1of1.zip
Run “sh rcu” from rcuHome/bin
  1. Welcome: Click Next
  2. Create Repository: Select Create and Click next.
  3. Database Connection Details: Provide Database connection information
  4. Repository Creation Utility – Checking Prerequisites: If you are not using Oracle Database Enterprise edition then you have to ignore a warning message.
  5. Select Components: In our Environment we are using prefix “OIM”, then Select “Oracle Identity Manager” following component need to be select for OIM.

      Oracle AS Repository Components

  • AS Common Services
    • Metadata Services
    • Oracle Platform Security Service
  • Oracle Identity Manager
    • Identity Management
  • Oracle Business Intelligence
    • Oracle Business Intelligence Platform
  • SOA and BPM Infrastructure
    • SOA Infrastructure
    • User Messaging Service

N.B: Select Only Oracle Identity Manager, All required components will select automatically

image002 

6. Repository Creation Utility – Checking Prerequisites:

7. Schema Passwords: In our case we are using one password for all schemas

8. Map Tablespaces: Click Nex

9. Repository Creation Utility – Creating Tablespace

10. Summary: Click Next

11. Completion Summary: Click Close

Alter Default profile Password life time unlimited.

SELECT USERNAME, PROFILE FROM DBA_USERS Where USERNAME Like ‘OIM%’;

SELECT resource_name, limit
FROM  dba_profiles
where profile='DEFAULT'
  and resource_type='PASSWORD';
ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;

image003

6. Install WebLogic Server

Assuming Weblogic Server is installing in /oracle/Middleware during the time of OUD installation, if not then follow the steps from previous article Installing and Configuring Oracle Unified Directory 11g.

7. Install Oracle SOA Suite

Install certified Oracle SOA Suite 11g Release 1 (11.1.1.9.0)

Download V75849-01_1of2.zip and V75849-01_2of2.zip from https://edelivery.oracle.com

Then unzip the package, go to Disk1 and run runInstaller

$ ./runInstaller -jreloc $JAVA_HOME

Welcome

image004

Install Software Updates: Select Skip Software Updates and then click next.

image005

Prerequisite Checks: Make sure all the check is passing successfully.

image006

Specify Installation Location: Middleware home in /oracle/Middleware and SOA Home directory in soa_home as set the environment variable.

image007

Application Server: Select Weblogic Server and Click next

image008

Installation Summary:

image009

Installation Progress:

image010

Installation Complete:

image011

8. Install Oracle Identity Manager 11g R2 PS2

Packege Name: 
unzip ofm_iam_generic_11.1.2.3.0_disk1_1of3.zip 
ofm_iam_generic_11.1.2.3.0_disk1_2of3.zip 
ofm_iam_generic_11.1.2.3.0_disk1_3of3.zip
$ ./runInstaller -jreloc $JAVA_HOME
Starting Oracle Universal Installer...

Checking if CPU speed is above 300 MHz.    Actual 2394 MHz    Passed
Checking Temp space: must be greater than 150 MB.   Actual 70200 MB    Passed
Checking swap space: must be greater than 512 MB.   Actual 15404 MB    Passed
Checking monitor: must be configured to display at least 256 colors.    Actual 16777216    Passed

Welcome:

image012

Install Software Updates:

image013

Prerequisite Checks:

image014

Specify Installation Location:

image015

Installation Summary:

image016

Installation Progress:

image017

Installation Complete:

image018

8. Create an IAM Governance Domains

Run the configuration wizard from the following location:

$MW_HOME/oracle_common/common/bin/config.sh

Welcome: Select “Create a New Weblogic domain” and click Next.

image019

Select Domain Source: Select only “Oracle Identity Manager” rest of the required component will select automatically.

image020

Specify Domain Name and Location: In Our case we are using IAMGovernanceDomain as a domain name.

image021

Configure Administrator User Name and Password: Name weblogic and password

Note: Do not change the user name “weblogic”.

image022

Configure Server Start Mode and JDK:

image023

Configure JDBC Component Schema: Provide DB Host name, SID and TNS Port, do not forget to change schema prefix according to RCU.

image024

Test JDBC Component Schema: Make sure all the test is status is successful

image025

Select Optional Configuration: Select Administration Server to change the admin server port if required.

image026

Configure the Administration Server: As we are using OUD/OAM in 7001 and 7002 so change the listen port to 7003 and 7004

image027

Configure Manage Servers:

image028

Configure Cluster:

image029

Assign Server to Machines:
image031

Configuration Summary: Click on Create Button to start the domain creation process

image032

Creating Domain:  After Successful domain Creation, click on done button to exit from weblogic domain creation utility.

image033

10. Configuring Database Security Store for an OIM Domain

Ensure the MW_HOME and IAM_HOME environment variable are set as bellow.

export MW_HOME=/oracle/Middleware
export IAM_HOME=/oracle/Middleware/iam_home
After that we call the configureSecurityStore.py script passing the following parameters:
-d domaindir: Location of the directory containing the domain.
-c configmode: The configuration mode of the domain. When configuring Database Security Store this value must be specified as IAM.
-p password: The OPSS schema password.
-m mode: create- Use create if you want to create a new database security store.

 

The full command will look like this:

$MW_HOME/oracle_common/common/bin/wlst.sh \
$IAM_HOME/common/tools/configureSecurityStore.py \
-d $MW_HOME/user_projects/domains/IAMGovernanceDomain -c IAM -p Tigerit1 -m create

After successful execution Info:  Create operation has completed successfully, is shown.

image034

image035

Validate Database Security Store 

$MW_HOME/oracle_common/common/bin/wlst.sh \
$IAM_HOME/common/tools/configureSecurityStore.py -d \
$MW_HOME/user_projects/domains/IAMGovernanceDomain -m validate

image036

11. Start Weblogic Admin Server and SOA Server

  • Start Weblogic Admin Server
  $ $OIM_DOMAIN_HOME/bin/startWebLogic.sh
  • Before start SOA server perform the following steps [one time task]
  $ cd $OIM_DOMAIN_HOME/servers
  $ mkdir -p soa_server1/security
  $ cp AdminServer/security/boot.properties soa_server1/security/
  • Start SOA Server
  $OIM_DOMAIN_HOME/bin/startManagedWebLogic.sh soa_server1

Wait until the Admin Server and SOA Server Running Mode

12. Configuring Oracle Identity and Access Management Products

Run config.sh from $IAM_ORACLE_HOME/bin/config.sh

Welcome

image037

Component to Configure:

image038

Database:

image039

Weblogic Admin Server:

image040

OIM Server:

image041

OIM Server Host and Port

image042

Remote Manager

image043

Configuration Summary

image044

Configuration Progress

image045

Configuration Complete

image046

13. Start OIM Server

Before start OIM manage server perform following steps to copy boot.properties from admin server to oim manage server to omit prompt user name and password when start manage server every time.

$ cd $OIM_DOMAIN_HOME/servers
$ mkdir -p oim_server1/security
$ cp AdminServer/security/boot.properties oim_server1/security/

Start OIM Server

$OIM_DOMAIN_HOME/bin/startManagedWebLogic.sh oim_server1

Wait until the OIM Server Running Mode.

IAM R2 PS3 came up with integrated BI Publisher.

14. Start BI Server

Before start BI manage server perform following steps to copy boot.properties from admin server to BI manage server to omit prompt user name and password when start manage server every time.

$ cd $OIM_DOMAIN_HOME/servers
$ mkdir -p bi_server1/security
$ cp AdminServer/security/boot.properties bi_server1/security/

Start BI Server

$OIM_DOMAIN_HOME/bin/startManagedWebLogic.sh bi_server1

Wait until the BI Server Running Mode.

15. Verify Weblogic and SOA Web Console

Weblogic Admin Console

URL: http://<hostname>.com:7003/console/
Login as an webogic User, Which is Weblogic Admin User for weblogic.

image048

Weblogic Enterprise Manager

URL: http://<hostname>:7001/em

image050

SOA infrastructure

URL: http://<hostname>:8001/soa-infra/

image051

SOA Composer

URL: http://<hostname>:8001/soa/composer/faces/home

image053

16. Verify OIM web Console

URL: http://<hostname>:14000/oim

OIM self-service

image054

OIM Password Management

image055

OIM Self Service Home page

image056

 

OIM System Administration Console

URL: http://<hostname>:14000/sysadmin/

image057

image058

17. Verify BI web Console

URL: http://<hostname>:9704/xmlpserver

image059

18. POST Installation Task for OIM

Create wljarbuilder.jar

  1. Create wlfullclient.jar file. Change directories to the server/lib directory.
  $ cd $WL_HOME/server/lib
  1. Use the following command to create wlfullclient.jar in the server/lib directory:
  $ java -jar wljarbuilder.jar
  1. Copy the wlfullclient.jar file into $IAM_HOME/designconsole/ext/
     $ cp $WL_HOME/server/lib/wlfullclient.jar $IAM_ORACLE_HOME/designconsole/ext/
  1. Run Design console
     cd $IAM_ORACLE_HOME/designconsole/
     sh xlclient.sh

image060

image061

image062