Oracle® Fusion Middleware Integration Overview for Oracle Identity Management Suite 11g Release 1 (11.1.1) Part Number E15477-02 |
|
|
PDF · Mobi · ePub |
The idmConfigTool
is located at:
IAM_ORACLE_HOME
/idmtools/bin
You use the idmConfigTool
to automate the following tasks:
Preconfiguring the Identity Store components (Oracle Internet Directory and Oracle Virtual Directory) for installing the other Identity Management components, including Oracle Access Manager and Oracle Identity Manager
Postconfiguring the Identity Store components Oracle Access Manager, Oracle Identity Manager and wiring of Oracle Access Manager and Oracle Identity Manager
Extracting the configuration of the Identity Management components Oracle Internet Directory, Oracle Virtual Directory, Oracle Access Manager and Oracle Identity Manager
Validating the configuration parameters representing the Identity Management components Oracle Internet Directory, Oracle Virtual Directory, Oracle Access Manager and Oracle Identity Manager.
The tool has the following syntax on Linux:
idmConfigTool.sh -command input_file=filename log_file=logfileName log_level=log_level
The tool has the following syntax on Windows:
idmConfigTool.bat -command input_file=filename log_file=logfileName log_level=log_level
Values for command
are as follows:
Command | Component name | Description |
---|---|---|
preConfigIDStore |
Configure the Identity Store and Policy store by creating the groups and setting ACIs to the various containers. | |
prepareIDStore |
Configure the identity store by adding necessary users and associating users with groups. Modes are available to enable you to configure for a specific component. | |
configPolicyStore |
Configures policy store by creating read-write user and associates them to the groups. | |
configOAM |
Prepares Oracle Access Manager for integration with Oracle Identity Manager. | |
configOIM |
Sets up wiring between Oracle Access Manager and Oracle Identity Manager. | |
validate |
IDSTORE
|
Validates the set of input parameters. |
The validate
command requires a component name.
You must run this tool as a user with orcladmin
privileges on Oracle Internet Directory.
The following sections list the parameters for the commands.
Parameter | Value |
---|---|
IDSTORE_HOST |
identity store hostname, for example mynode.us.mycompany.com |
IDSTORE_PORT |
identity store port, for example 1234 |
IDSTORE_BINDDN |
cn:orcladmin |
IDSTORE_USERNAMEATTRIBUTE |
cn |
IDSTORE_USERSEARCHBASE |
cn:Users, dc:test |
IDSTORE_GROUPSEARCHBASE |
cn:Groups, dc:test |
IDSTORE_SEARCHBASE |
dc:test |
IDSTORE_SYSTEMIDBASE |
cn:system, dc:test |
IDSTORE_READONLYUSER |
readOnlyUser |
IDSTORE_READWRITEUSER |
readWriteUser |
IDSTORE_SUPERUSER |
FAAdmin |
IDSTORE_OAMSOFTWAREUSER |
oamSoftwareUser |
IDSTORE_OAMADMINUSER |
oamAdminUser |
IDSTORE_OIMADMINUSER |
oimAdminUser |
IDSTORE_OIMADMINGROUP |
oimAdminGroup |
POLICYSTORE_SHARES_IDSTORE |
true |
The prepareIDStore option takes "mode" as an argument to perform tasks for the specified component. The syntax for specifying the mode is:
prepareIDStore mode=mode input_file=filename_with_ConfigParameters
where mode must be one of:
fusion
OAM
OIM
OAAM
WLS
all (performs all the tasks of the above modes combined)
prepareIDStore mode=fusion
The following are created in this mode:
Create a Readonly User
Create a ReadWrite User
Create a Super User
Add the readOnly user to the groups orclFAGroupReadPrivilegeGroup and orclFAUserWritePrefsPrivilegeGroup
Add the readWrite user to the groups orclFAUserWritePrivilegeGroup and orclFAGroupWritePrivilegeGroup
Table A-1 prepareIDStore mode=fusion Parameters
Parameter | Value |
---|---|
IDSTORE_HOST |
identity store hostname |
IDSTORE_PORT |
identity store port |
IDSTORE_BINDDN |
cn=orcladmin |
IDSTORE_USERNAMEATTRIBUTE |
cn |
IDSTORE_LOGINATTRIBUTE |
uid |
IDSTORE_USERSEARCHBASE |
cn=Users, dc=us,dc=oracle,dc=com |
IDSTORE_GROUPSEARCHBASE |
cn=Groups, dc=us,dc=oracle,dc=com |
IDSTORE_SEARCHBASE |
dc=us,dc=oracle,dc=com |
IDSTORE_READONLYUSER |
readOnlyUser |
IDSTORE_READWRITEUSER |
readWriteUser |
IDSTORE_SUPERUSER |
superUser |
prepareIDStore mode=OAM
The following are created in this mode:
Perform schema extensions as required by the OAM component
Add the oblix schema
Create the OAMSoftware User
Create OblixAnonymous User
Optionally create the OAM Admin User
Associate these users to their respective groups
Create the group “orclFAOAMUserWritePrivilegeGroup”
Table A-2 prepareIDStore mode=OAM Parameters
Parameter | Value |
---|---|
IDSTORE_HOST |
identity store hostname |
IDSTORE_PORT |
identity store port |
IDSTORE_BINDDN |
cn=orcladmin |
IDSTORE_USERNAMEATTRIBUTE |
cn |
IDSTORE_LOGINATTRIBUTE |
uid |
IDSTORE_USERSEARCHBASE |
cn=Users, dc=us,dc=oracle,dc=com |
IDSTORE_GROUPSEARCHBASE |
cn=Groups, dc=us,dc=oracle,dc=com |
IDSTORE_SEARCHBASE |
dc=us,dc=oracle,dc=com |
IDSTORE_OAMSOFTWAREUSER |
oamSoftwareUser |
IDSTORE_OAMADMINUSER |
oamAdminUser |
prepareIDStore mode=OIM
The following are created in this mode:
Create OIM Admin User under SystemID container
Create OIM Admin Group
Add OIM Admin User to OIM Admin Group
Add ACIs to OIM Admin Group
Create reserve container
Create xelsysadmin user
Table A-3 prepareIDStore mode=OIM Parameters
Parameter | Value |
---|---|
IDSTORE_HOST |
identity store hostname |
IDSTORE_PORT |
identity store port |
IDSTORE_BINDDN |
cn=orcladmin |
IDSTORE_USERNAMEATTRIBUTE |
cn |
IDSTORE_LOGINATTRIBUTE |
uid |
IDSTORE_USERSEARCHBASE |
cn=Users, dc=us,dc=oracle,dc=com |
IDSTORE_GROUPSEARCHBASE |
cn=Groups, dc=us,dc=oracle,dc=com |
IDSTORE_SEARCHBASE |
dc=us,dc=oracle,dc=com |
IDSTORE_OIMADMINUSER |
oimAdminUser |
IDSTORE_OIMADMINGROUP |
oimAdminGroup |
IDSTORE_SYSTEMIDBASE |
cn=system,dc=us,dc=oracle,dc=com |
prepareIDStore mode=OAAM
The following are created in this mode:
Create OAAM Admin User
Create OAAM Groups
Add the OAAM Admin User as a member of OAAM Groups
Table A-4 prepareIDStore mode=OAAM Parameters
Parameter | Value |
---|---|
IDSTORE_HOST |
identity store hostname |
IDSTORE_PORT |
identity store port |
IDSTORE_BINDDN |
cn=orcladmin |
IDSTORE_USERNAMEATTRIBUTE |
cn |
IDSTORE_LOGINATTRIBUTE |
uid |
IDSTORE_USERSEARCHBASE |
cn=Users, dc=us,dc=oracle,dc=com |
IDSTORE_GROUPSEARCHBASE |
cn=Groups, dc=us,dc=oracle,dc=com |
IDSTORE_SEARCHBASE |
dc=us,dc=oracle,dc=com |
prepareIDStore mode=WLS
The following are created in the WLS (Oracle WebLogic Server) mode:
Create Weblogic Admin User
Create Weblogic Admin Group
Add the Weblogic Admin User as a member of Weblogic Admin Group
Table A-5 prepareIDStore mode=WLS Parameters
Parameter | Value |
---|---|
IDSTORE_HOST |
identity store hostname |
IDSTORE_PORT |
identity store port |
IDSTORE_BINDDN |
cn=orcladmin |
IDSTORE_USERNAMEATTRIBUTE |
cn |
IDSTORE_LOGINATTRIBUTE |
uid |
IDSTORE_USERSEARCHBASE |
cn=Users, dc=us,dc=oracle,dc=com |
IDSTORE_GROUPSEARCHBASE |
cn=Groups, dc=us,dc=oracle,dc=com |
IDSTORE_SEARCHBASE |
dc=us,dc=oracle,dc=com |
prepareIDStore mode=all
The mode performs all the tasks that are performed in the modes fusion, OAM, OIM, WLS and OAAM.
Table A-6 prepareIDStore mode=WLS Parameters
Parameter | Value |
---|---|
IDSTORE_HOST |
identity store hostname |
IDSTORE_PORT |
identity store port |
IDSTORE_BINDDN |
cn=orcladmin |
IDSTORE_USERSEARCHBASE |
cn=Users, dc=us,dc=oracle,dc=com |
IDSTORE_GROUPSEARCHBASE |
cn=Groups, dc=us,dc=oracle,dc=com |
IDSTORE_SEARCHBASE |
dc=us,dc=oracle,dc=com |
IDSTORE_SYSTEMIDBASE |
cn=system,dc=us,dc=oracle,dc=test |
IDSTORE_READONLYUSER |
readOnlyUser |
IDSTORE_READWRITEUSER |
readWriteUser |
IDSTORE_SUPERUSER |
superUser |
IDSTORE_OAMSOFTWAREUSER |
oamSoftwareUser |
IDSTORE_OAMADMINUSER |
oamAdminUser |
IDSTORE_OIMADMINUSER |
oimAdminUser |
IDSTORE_OIMADMINGROUP |
oimAdminGroup |
Parameter | Value |
---|---|
POLICYSTORE_HOST |
policy store hostname, for example mynode.us.mycompany.com |
POLICYSTORE_PORT |
policy store port, for example 1234 |
POLICYSTORE_BINDDN |
cn:orcladmin |
POLICYSTORE_SEARCHBASE |
dc:test |
POLICYSTORE_READONLYUSER |
PolStoreROUser |
POLICYSTORE_READWRITEUSER |
PolStoreRWUser |
POLICYSTORE_CONTAINER |
cn:jpsroot |
Parameter | Value |
---|---|
IDSTORE_HOST |
identity store hostname, for example mynode.us.mycompany.com |
IDSTORE_PORT |
identity store port, for example 1234 |
POLICYSTORE_HOST |
policy store hostname, for example abc |
POLICYSTORE_PORT |
policy store port, for example 1110 |
POLICYSTORE_OAMDN |
cn:oamsoftware,cn:users,dc:us,dc:oracle,dc:com |
POLICYSTORE_PWD |
password |
OAM_POLICYSEARCHBASE |
(required only for non-OID directory) |
OAM_POLICYSEARCHBASE |
dc:us,dc:oracle,dc:com |
OAM_WEBGATE_URL |
WebGate URL, for example http://mynode.us.mycompany.com:1010 |
OAM_CONSENTFORM_URL |
/cgi-bin/consentredirect.pl |
OAM_IMPERSONATION_PATH |
impersonation path, for example /mydir/lib/authz_impersonate.so |
OIM_OHS_URL |
OHS URL, for example http://mynode.us.mycompany.com:1234 |
App_agent_password |
password |
Oam_aaa_mode |
open |
Oam_aaa_passphrase |
password |
Primary_oam_servers |
ACCSERVEROAS |
MAX_OAM_CONNECTIONS |
4 |
Parameter | Value |
---|---|
ACCESS_SERVER_HOST |
Access Server hostname, for example mynode.us.mycompany.com |
ACCESS_GATE_ID |
IdentityManagerAccessGate |
ACCESS_SERVER_PORT |
5575 |
COOKIE_DOMAIN |
.us.oracle.com |
COOKIE_EXPIRY_INTERVAL |
120 |
WEBGATE_TYPE |
javaWebgate | ohsWebgate10g | ohsWebgate11g |
SSO_ENABLED_FLAG |
true | false |
IDSTORE_PORT |
|
IDSTORE_HOST |
|
IDSTORE_ADMIN_USER |
|
IDSTORE_USERSEARCHBASE |
|
IDSTORE_GROUPSEARCHBASE |
|
MDS_DB_URL |
|
MDS_DB_URL |
|
MDS_DB_SCHEMA_USERNAME |
|
WLSHOST |
|
WLSPORT |
|
WLSADMIN |
|
DOMAIN_NAME |
|
OIM_MANAGED_SERVER_NAME |
|
DOMAIN_LOCATION |
|
OIM_MANAGED_SERVER_HOST |
|
OIM_MANAGED_SERVER_PORT |
Parameter | Value |
---|---|
IDSTORE_TYPE |
OID | OVD |
IDSTORE_HOST |
adcxyx |
IDSTORE_PORT |
3060 |
IDSTORE_SSLPORT |
3031 |
IDSTORE_SSL_ENABLED |
true |
IDSTORE_SUPER_USER |
faadmin |
IDSTORE_READ_WRITE_USER |
cn=rou,cn=users,dc=mycompany,dc=com |
IDSTORE_READ_WRITE_PASSWORD |
password |
IDSTORE_READ_ONLY_USER |
cn=rwu,cn=users,dc=mycompany,dc=com |
IDSTORE_READ_ONLY_PASSWORD |
password |
IDSTORE_USER_CONTAINER |
cn=users,dc=mycompany,dc=com |
IDSTORE_GROUP_CONTAINER |
cn=users,dc=mycompany,dc=com |
IDSTORE_SEEDING |
true |
IDSTORE_ADMIN_GROUP |
cn=administrators,cn=groups,dc=mycompany,dc=com |
IDSTORE_ADMIN_GROUP_EXISTS |
true |
Parameter | Value |
---|---|
POLICYSTORE_HOST |
POLICYSTORE.host |
POLICYSTORE_PORT |
POLICYSTORE.port |
POLICYSTORE_SECURE_PORT |
POLICYSTORE.sslport |
POLICYSTORE_IS_SSL_ENABLED |
POLICYSTORE.ssl.enabled |
POLICYSTORE_READ_WRITE_USERNAME |
POLICYSTORE.username |
POLICYSTORE_PASSWORD |
POLICYSTORE.password |
POLICYSTORE_SEEDING |
POLICYSTORE.seeding |
POLICYSTORE_JPS_ROOT_NODE |
POLICYSTORE.jps.root |
POLICYSTORE_DOMAIN_NAME |
POLICYSTORE.domain.name |
POLICYSTORE_CREATED_BY_CUSTOMER |
POLICYSTORE.created.by.customer |
POLICYSTORE_JPS_CONFIG_DIR |
idm.jpsconfig.filesdir |
POLICYSTORE_CRED_MAPPING_FILE_LOCATION |
idm.credentials.mapping.filelocation |
POLICYSTORE_ADF_CRED_FILE_LOCATION |
idm.common.adfcreds.file |
POLICYSTORE_STRIPE_FSCM |
fscm |
POLICYSTORE_STRIPE_CRM |
crm |
POLICYSTORE_STRIPE_HCM |
hcm |
POLICYSTORE_STRIPE_SOA_INFRA |
soa-infra |
POLICYSTORE_STRIPE_APM |
oracle.security.apm |
POLICYSTORE_STRIPE_ESSAPP |
ESSAPP |
POLICYSTORE_STRIPE_B2BUI |
b2bui |
POLICYSTORE_STRIPE_OBI |
obi |
POLICYSTORE_STRIPE_WEBCENTER |
webcenter |
POLICYSTORE_STRIPE_IDCCS |
IDCCS |
POLICYSTORE_CRED_STORE |
POLICYSTORE.credential.store |
IDM_KEYSTORE_FILE |
idm.keystore.file |
IDM_KEYSTORE_PASSWORD |
idm.keystore.password |
Parameter | Value | Notes |
---|---|---|
OAM10g_MODE |
||
OAM10g_NOPROMPT |
Query for password is suppressed when true . |
|
OAM10g_POLICY_HOST |
||
OAM10g_POLICY_PORT |
||
OAM10g_POLICY_USERDN |
ldap_userdn |
|
OAM10g_POLICY_USERPWD |
ldap_userpassword |
|
OAM10g_AAA_MODE |
oam_aaa_mode |
|
OAM10g_AAA_PASSPHRASE |
oam_aaa_passphrase |
|
OAM10g_PRIMARY_SERVERS |
primary_oam_servers |
|
OAM10g_SECONDARY_SERVERS |
secondary_oam_servers |
|
OAM10g_RUNTIME_USER |
oam_runtime_user |
User used to configure Oracle Access Manager 10g components. This user has read/write privileges to the Oracle Access Manager Policy store, for example: cn=OAMSoftware |
Parameter | Value | Notes |
---|---|---|
ADMIN_SERVER_HOST |
admin_server_host |
Domain Admin Server Constant |
ADMIN_SERVER_PORT |
admin_server_port |
Domain Admin Server Constant |
ADMIN_SERVER_USER |
admin_server_user |
Domain Admin Server Constant |
ADMIN_SERVER_USER_PASSWORD |
admin_server_user_password |
Domain Admin Server Constant |
ACCESS_SERVER_HOST |
||
ACCESS_SERVER_PORT |
||
ACCESS_SERVER_ID |
The following reference contains examples of idmConfigTool
usage:
"Integrating Oracle Access Manager and Oracle Identity Manager" in the Oracle Fusion Middleware Integration Guide for Oracle Access Manager.