A Using the idmConfigTool Command

The idmConfigTool is located at:

IAM_ORACLE_HOME/idmtools/bin

You use the idmConfigTool to automate the following tasks:

Preconfiguring the Identity Store components (Oracle Internet Directory and Oracle Virtual Directory) for installing the other Identity Management components, including Oracle Access Manager and Oracle Identity Manager
Postconfiguring the Identity Store components Oracle Access Manager, Oracle Identity Manager and wiring of Oracle Access Manager and Oracle Identity Manager
Extracting the configuration of the Identity Management components Oracle Internet Directory, Oracle Virtual Directory, Oracle Access Manager and Oracle Identity Manager
Validating the configuration parameters representing the Identity Management components Oracle Internet Directory, Oracle Virtual Directory, Oracle Access Manager and Oracle Identity Manager.

A.1 Syntax

The tool has the following syntax on Linux:

idmConfigTool.sh -command  input_file=filename log_file=logfileName log_level=log_level

The tool has the following syntax on Windows:

idmConfigTool.bat -command  input_file=filename log_file=logfileName log_level=log_level

Values for command are as follows:

Command	Component name	Description
`preConfigIDStore`		Configure the Identity Store and Policy store by creating the groups and setting ACIs to the various containers.
`prepareIDStore`		Configure the identity store by adding necessary users and associating users with groups. Modes are available to enable you to configure for a specific component.
`configPolicyStore`		Configures policy store by creating read-write user and associates them to the groups.
`configOAM`		Prepares Oracle Access Manager for integration with Oracle Identity Manager.
`configOIM`		Sets up wiring between Oracle Access Manager and Oracle Identity Manager.
`validate`	`IDSTORE` `POLICYSTORE` `OAM10g` `OIM`	Validates the set of input parameters.

The validate command requires a component name.

You must run this tool as a user with orcladmin privileges on Oracle Internet Directory.

A.2 Parameters

The following sections list the parameters for the commands.

A.2.1 preConfigIDStore

Parameter	Value
`IDSTORE_HOST`	identity store hostname, for example `mynode.us.mycompany.com`
`IDSTORE_PORT`	identity store port, for example `1234`
`IDSTORE_BINDDN`	`cn:orcladmin`
`IDSTORE_USERNAMEATTRIBUTE`	`cn`
`IDSTORE_USERSEARCHBASE`	`cn:Users, dc:test`
`IDSTORE_GROUPSEARCHBASE`	`cn:Groups, dc:test`
`IDSTORE_SEARCHBASE`	`dc:test`
`IDSTORE_SYSTEMIDBASE`	`cn:system, dc:test`
`IDSTORE_READONLYUSER`	`readOnlyUser`
`IDSTORE_READWRITEUSER`	`readWriteUser`
`IDSTORE_SUPERUSER`	`FAAdmin`
`IDSTORE_OAMSOFTWAREUSER`	`oamSoftwareUser`
`IDSTORE_OAMADMINUSER`	`oamAdminUser`
`IDSTORE_OIMADMINUSER`	`oimAdminUser`
`IDSTORE_OIMADMINGROUP`	`oimAdminGroup`
`POLICYSTORE_SHARES_IDSTORE`	`true`

A.2.2 prepareIDStore Parameters

The prepareIDStore option takes "mode" as an argument to perform tasks for the specified component. The syntax for specifying the mode is:

prepareIDStore mode=mode
input_file=filename_with_ConfigParameters

where mode must be one of:

fusion
OAM
OIM
OAAM
WLS
all (performs all the tasks of the above modes combined)

prepareIDStore mode=fusion

The following are created in this mode:

Create a Readonly User
Create a ReadWrite User
Create a Super User
Add the readOnly user to the groups orclFAGroupReadPrivilegeGroup and orclFAUserWritePrefsPrivilegeGroup
Add the readWrite user to the groups orclFAUserWritePrivilegeGroup and orclFAGroupWritePrivilegeGroup

Table A-1 prepareIDStore mode=fusion Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com
IDSTORE_READONLYUSER	readOnlyUser
IDSTORE_READWRITEUSER	readWriteUser
IDSTORE_SUPERUSER	superUser

prepareIDStore mode=OAM

The following are created in this mode:

Perform schema extensions as required by the OAM component
Add the oblix schema
Create the OAMSoftware User
Create OblixAnonymous User
Optionally create the OAM Admin User
Associate these users to their respective groups
Create the group “orclFAOAMUserWritePrivilegeGroup”

Table A-2 prepareIDStore mode=OAM Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com
IDSTORE_OAMSOFTWAREUSER	oamSoftwareUser
IDSTORE_OAMADMINUSER	oamAdminUser

prepareIDStore mode=OIM

The following are created in this mode:

Create OIM Admin User under SystemID container
Create OIM Admin Group
Add OIM Admin User to OIM Admin Group
Add ACIs to OIM Admin Group
Create reserve container
Create xelsysadmin user

Table A-3 prepareIDStore mode=OIM Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com
IDSTORE_OIMADMINUSER	oimAdminUser
IDSTORE_OIMADMINGROUP	oimAdminGroup
IDSTORE_SYSTEMIDBASE	cn=system,dc=us,dc=oracle,dc=com

prepareIDStore mode=OAAM

The following are created in this mode:

Create OAAM Admin User
Create OAAM Groups
Add the OAAM Admin User as a member of OAAM Groups

Table A-4 prepareIDStore mode=OAAM Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com

prepareIDStore mode=WLS

The following are created in the WLS (Oracle WebLogic Server) mode:

Create Weblogic Admin User
Create Weblogic Admin Group
Add the Weblogic Admin User as a member of Weblogic Admin Group

Table A-5 prepareIDStore mode=WLS Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE	cn
IDSTORE_LOGINATTRIBUTE	uid
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com

prepareIDStore mode=all

The mode performs all the tasks that are performed in the modes fusion, OAM, OIM, WLS and OAAM.

Table A-6 prepareIDStore mode=WLS Parameters

Parameter	Value
IDSTORE_HOST	identity store hostname
IDSTORE_PORT	identity store port
IDSTORE_BINDDN	cn=orcladmin
IDSTORE_USERSEARCHBASE	cn=Users, dc=us,dc=oracle,dc=com
IDSTORE_GROUPSEARCHBASE	cn=Groups, dc=us,dc=oracle,dc=com
IDSTORE_SEARCHBASE	dc=us,dc=oracle,dc=com
IDSTORE_SYSTEMIDBASE	cn=system,dc=us,dc=oracle,dc=test
IDSTORE_READONLYUSER	readOnlyUser
IDSTORE_READWRITEUSER	readWriteUser
IDSTORE_SUPERUSER	superUser
IDSTORE_OAMSOFTWAREUSER	oamSoftwareUser
IDSTORE_OAMADMINUSER	oamAdminUser
IDSTORE_OIMADMINUSER	oimAdminUser
IDSTORE_OIMADMINGROUP	oimAdminGroup

A.2.3 configPolicyStore Parameters

Parameter	Value
`POLICYSTORE_HOST`	policy store hostname, for example `mynode.us.mycompany.com`
`POLICYSTORE_PORT`	policy store port, for example `1234`
`POLICYSTORE_BINDDN`	`cn:orcladmin`
`POLICYSTORE_SEARCHBASE`	`dc:test`
`POLICYSTORE_READONLYUSER`	`PolStoreROUser`
`POLICYSTORE_READWRITEUSER`	`PolStoreRWUser`
`POLICYSTORE_CONTAINER`	`cn:jpsroot`

A.2.4 configOAM Parameters

Parameter	Value
`IDSTORE_HOST`	identity store hostname, for example `mynode.us.mycompany.com`
`IDSTORE_PORT`	identity store port, for example `1234`
`POLICYSTORE_HOST`	policy store hostname, for example `abc`
`POLICYSTORE_PORT`	policy store port, for example `1110`
`POLICYSTORE_OAMDN`	`cn:oamsoftware,cn:users,dc:us,dc:oracle,dc:com`
`POLICYSTORE_PWD`	`password`
`OAM_POLICYSEARCHBASE`	(required only for non-OID directory)
`OAM_POLICYSEARCHBASE`	`dc:us,dc:oracle,dc:com`
`OAM_WEBGATE_URL`	WebGate URL, for example `http://mynode.us.mycompany.com:1010`
`OAM_CONSENTFORM_URL`	`/cgi-bin/consentredirect.pl`
`OAM_IMPERSONATION_PATH`	impersonation path, for example `/mydir/lib/authz_impersonate.so`
`OIM_OHS_URL`	OHS URL, for example `http://mynode.us.mycompany.com:1234`
`App_agent_password`	`password`
`Oam_aaa_mode`	`open`
`Oam_aaa_passphrase`	`password`
`Primary_oam_servers`	`ACCSERVEROAS`
`MAX_OAM_CONNECTIONS`	`4`

A.2.5 configOIM Parameters

Parameter	Value
`ACCESS_SERVER_HOST`	Access Server hostname, for example `mynode.us.mycompany.com`
`ACCESS_GATE_ID`	`IdentityManagerAccessGate`
`ACCESS_SERVER_PORT`	`5575`
`COOKIE_DOMAIN`	`.us.oracle.com`
`COOKIE_EXPIRY_INTERVAL`	`120`
`WEBGATE_TYPE`	`javaWebgate` \| `ohsWebgate10g` \| `ohsWebgate11g`
`SSO_ENABLED_FLAG`	`true` \| `false`
`IDSTORE_PORT`
`IDSTORE_HOST`
`IDSTORE_ADMIN_USER`
`IDSTORE_USERSEARCHBASE`
`IDSTORE_GROUPSEARCHBASE`
`MDS_DB_URL`
`MDS_DB_URL`
`MDS_DB_SCHEMA_USERNAME`
`WLSHOST`
`WLSPORT`
`WLSADMIN`
`DOMAIN_NAME`
`OIM_MANAGED_SERVER_NAME`
`DOMAIN_LOCATION`
`OIM_MANAGED_SERVER_HOST`
`OIM_MANAGED_SERVER_PORT`

A.2.6 postProv Parameters

Same as preConfigIDStore parameters.

A.2.7 Validate IDStore parameters

Parameter	Value
`IDSTORE_TYPE`	`OID` \| `OVD`
`IDSTORE_HOST`	`adcxyx`
`IDSTORE_PORT`	`3060`
`IDSTORE_SSLPORT`	`3031`
`IDSTORE_SSL_ENABLED`	`true`
`IDSTORE_SUPER_USER`	`faadmin`
`IDSTORE_READ_WRITE_USER`	`cn=rou,cn=users,dc=mycompany,dc=com`
`IDSTORE_READ_WRITE_PASSWORD`	`password`
`IDSTORE_READ_ONLY_USER`	`cn=rwu,cn=users,dc=mycompany,dc=com`
`IDSTORE_READ_ONLY_PASSWORD`	`password`
`IDSTORE_USER_CONTAINER`	`cn=users,dc=mycompany,dc=com`
`IDSTORE_GROUP_CONTAINER`	`cn=users,dc=mycompany,dc=com`
`IDSTORE_SEEDING`	`true`
`IDSTORE_ADMIN_GROUP`	`cn=administrators,cn=groups,dc=mycompany,dc=com`
`IDSTORE_ADMIN_GROUP_EXISTS`	`true`

A.2.8 PolicyStore parameters

Parameter	Value
`POLICYSTORE_HOST`	`POLICYSTORE.host`
`POLICYSTORE_PORT`	`POLICYSTORE.port`
`POLICYSTORE_SECURE_PORT`	`POLICYSTORE.sslport`
`POLICYSTORE_IS_SSL_ENABLED`	`POLICYSTORE.ssl.enabled`
`POLICYSTORE_READ_WRITE_USERNAME`	`POLICYSTORE.username`
`POLICYSTORE_PASSWORD`	`POLICYSTORE.password`
`POLICYSTORE_SEEDING`	`POLICYSTORE.seeding`
`POLICYSTORE_JPS_ROOT_NODE`	`POLICYSTORE.jps.root`
`POLICYSTORE_DOMAIN_NAME`	`POLICYSTORE.domain.name`
`POLICYSTORE_CREATED_BY_CUSTOMER`	`POLICYSTORE.created.by.customer`
`POLICYSTORE_JPS_CONFIG_DIR`	`idm.jpsconfig.filesdir`
`POLICYSTORE_CRED_MAPPING_FILE_LOCATION`	`idm.credentials.mapping.filelocation`
`POLICYSTORE_ADF_CRED_FILE_LOCATION`	`idm.common.adfcreds.file`
`POLICYSTORE_STRIPE_FSCM`	`fscm`
`POLICYSTORE_STRIPE_CRM`	`crm`
`POLICYSTORE_STRIPE_HCM`	`hcm`
`POLICYSTORE_STRIPE_SOA_INFRA`	`soa-infra`
`POLICYSTORE_STRIPE_APM`	`oracle.security.apm`
`POLICYSTORE_STRIPE_ESSAPP`	`ESSAPP`
`POLICYSTORE_STRIPE_B2BUI`	`b2bui`
`POLICYSTORE_STRIPE_OBI`	`obi`
`POLICYSTORE_STRIPE_WEBCENTER`	`webcenter`
`POLICYSTORE_STRIPE_IDCCS`	`IDCCS`
`POLICYSTORE_CRED_STORE`	`POLICYSTORE.credential.store`
`IDM_KEYSTORE_FILE`	`idm.keystore.file`
`IDM_KEYSTORE_PASSWORD`	`idm.keystore.password`

A.2.9 Validate OAM Configuration

Parameter	Value	Notes
`OAM10g_MODE`
`OAM10g_NOPROMPT`		Query for password is suppressed when `true`.
`OAM10g_POLICY_HOST`
`OAM10g_POLICY_PORT`
`OAM10g_POLICY_USERDN`	`ldap_userdn`
`OAM10g_POLICY_USERPWD`	`ldap_userpassword`
`OAM10g_AAA_MODE`	`oam_aaa_mode`
`OAM10g_AAA_PASSPHRASE`	`oam_aaa_passphrase`
`OAM10g_PRIMARY_SERVERS`	`primary_oam_servers`
`OAM10g_SECONDARY_SERVERS`	`secondary_oam_servers`
`OAM10g_RUNTIME_USER`	`oam_runtime_user`	User used to configure Oracle Access Manager 10g components. This user has read/write privileges to the Oracle Access Manager Policy store, for example: `cn=OAMSoftware`

A.2.10 Validate OIM

Parameter	Value	Notes
`ADMIN_SERVER_HOST`	`admin_server_host`	Domain Admin Server Constant
`ADMIN_SERVER_PORT`	`admin_server_port`	Domain Admin Server Constant
`ADMIN_SERVER_USER`	`admin_server_user`	Domain Admin Server Constant
`ADMIN_SERVER_USER_PASSWORD`	`admin_server_user_password`	Domain Admin Server Constant
`ACCESS_SERVER_HOST`
`ACCESS_SERVER_PORT`
`ACCESS_SERVER_ID`

A.3 Examples

The following reference contains examples of idmConfigTool usage:

"Integrating Oracle Access Manager and Oracle Identity Manager" in the Oracle Fusion Middleware Integration Guide for Oracle Access Manager.