Skip Headers
Oracle® Fusion Middleware Integration Overview for Oracle Identity Management Suite
11g Release 1 (11.1.1)

Part Number E15477-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

A Using the idmConfigTool Command

The idmConfigTool is located at:

IAM_ORACLE_HOME/idmtools/bin

You use the idmConfigTool to automate the following tasks:

A.1 Syntax

The tool has the following syntax on Linux:

idmConfigTool.sh -command  input_file=filename log_file=logfileName log_level=log_level

The tool has the following syntax on Windows:

idmConfigTool.bat -command  input_file=filename log_file=logfileName log_level=log_level

Values for command are as follows:

Command Component name Description
preConfigIDStore   Configure the Identity Store and Policy store by creating the groups and setting ACIs to the various containers.
prepareIDStore   Configure the identity store by adding necessary users and associating users with groups. Modes are available to enable you to configure for a specific component.
configPolicyStore   Configures policy store by creating read-write user and associates them to the groups.
configOAM   Prepares Oracle Access Manager for integration with Oracle Identity Manager.
configOIM   Sets up wiring between Oracle Access Manager and Oracle Identity Manager.
validate IDSTORE

POLICYSTORE

OAM10g

OIM

Validates the set of input parameters.

The validate command requires a component name.

You must run this tool as a user with orcladmin privileges on Oracle Internet Directory.

A.2 Parameters

The following sections list the parameters for the commands.

A.2.1 preConfigIDStore

Parameter Value
IDSTORE_HOST identity store hostname, for example mynode.us.mycompany.com
IDSTORE_PORT identity store port, for example 1234
IDSTORE_BINDDN cn:orcladmin
IDSTORE_USERNAMEATTRIBUTE cn
IDSTORE_USERSEARCHBASE cn:Users, dc:test
IDSTORE_GROUPSEARCHBASE cn:Groups, dc:test
IDSTORE_SEARCHBASE dc:test
IDSTORE_SYSTEMIDBASE cn:system, dc:test
IDSTORE_READONLYUSER readOnlyUser
IDSTORE_READWRITEUSER readWriteUser
IDSTORE_SUPERUSER FAAdmin
IDSTORE_OAMSOFTWAREUSER oamSoftwareUser
IDSTORE_OAMADMINUSER oamAdminUser
IDSTORE_OIMADMINUSER oimAdminUser
IDSTORE_OIMADMINGROUP oimAdminGroup
POLICYSTORE_SHARES_IDSTORE true

A.2.2 prepareIDStore Parameters

The prepareIDStore option takes "mode" as an argument to perform tasks for the specified component. The syntax for specifying the mode is:

prepareIDStore mode=mode
input_file=filename_with_ConfigParameters

where mode must be one of:

  • fusion

  • OAM

  • OIM

  • OAAM

  • WLS

  • all (performs all the tasks of the above modes combined)

prepareIDStore mode=fusion

The following are created in this mode:

  • Create a Readonly User

  • Create a ReadWrite User

  • Create a Super User

  • Add the readOnly user to the groups orclFAGroupReadPrivilegeGroup and orclFAUserWritePrefsPrivilegeGroup

  • Add the readWrite user to the groups orclFAUserWritePrivilegeGroup and orclFAGroupWritePrivilegeGroup

Table A-1 prepareIDStore mode=fusion Parameters

Parameter Value

IDSTORE_HOST

identity store hostname

IDSTORE_PORT

identity store port

IDSTORE_BINDDN

cn=orcladmin

IDSTORE_USERNAMEATTRIBUTE

cn

IDSTORE_LOGINATTRIBUTE

uid

IDSTORE_USERSEARCHBASE

cn=Users, dc=us,dc=oracle,dc=com

IDSTORE_GROUPSEARCHBASE

cn=Groups, dc=us,dc=oracle,dc=com

IDSTORE_SEARCHBASE

dc=us,dc=oracle,dc=com

IDSTORE_READONLYUSER

readOnlyUser

IDSTORE_READWRITEUSER

readWriteUser

IDSTORE_SUPERUSER

superUser


prepareIDStore mode=OAM

The following are created in this mode:

  • Perform schema extensions as required by the OAM component

  • Add the oblix schema

  • Create the OAMSoftware User

  • Create OblixAnonymous User

  • Optionally create the OAM Admin User

  • Associate these users to their respective groups

  • Create the group “orclFAOAMUserWritePrivilegeGroup”

Table A-2 prepareIDStore mode=OAM Parameters

Parameter Value

IDSTORE_HOST

identity store hostname

IDSTORE_PORT

identity store port

IDSTORE_BINDDN

cn=orcladmin

IDSTORE_USERNAMEATTRIBUTE

cn

IDSTORE_LOGINATTRIBUTE

uid

IDSTORE_USERSEARCHBASE

cn=Users, dc=us,dc=oracle,dc=com

IDSTORE_GROUPSEARCHBASE

cn=Groups, dc=us,dc=oracle,dc=com

IDSTORE_SEARCHBASE

dc=us,dc=oracle,dc=com

IDSTORE_OAMSOFTWAREUSER

oamSoftwareUser

IDSTORE_OAMADMINUSER

oamAdminUser


prepareIDStore mode=OIM

The following are created in this mode:

  • Create OIM Admin User under SystemID container

  • Create OIM Admin Group

  • Add OIM Admin User to OIM Admin Group

  • Add ACIs to OIM Admin Group

  • Create reserve container

  • Create xelsysadmin user

Table A-3 prepareIDStore mode=OIM Parameters

Parameter Value

IDSTORE_HOST

identity store hostname

IDSTORE_PORT

identity store port

IDSTORE_BINDDN

cn=orcladmin

IDSTORE_USERNAMEATTRIBUTE

cn

IDSTORE_LOGINATTRIBUTE

uid

IDSTORE_USERSEARCHBASE

cn=Users, dc=us,dc=oracle,dc=com

IDSTORE_GROUPSEARCHBASE

cn=Groups, dc=us,dc=oracle,dc=com

IDSTORE_SEARCHBASE

dc=us,dc=oracle,dc=com

IDSTORE_OIMADMINUSER

oimAdminUser

IDSTORE_OIMADMINGROUP

oimAdminGroup

IDSTORE_SYSTEMIDBASE

cn=system,dc=us,dc=oracle,dc=com


prepareIDStore mode=OAAM

The following are created in this mode:

  • Create OAAM Admin User

  • Create OAAM Groups

  • Add the OAAM Admin User as a member of OAAM Groups

Table A-4 prepareIDStore mode=OAAM Parameters

Parameter Value

IDSTORE_HOST

identity store hostname

IDSTORE_PORT

identity store port

IDSTORE_BINDDN

cn=orcladmin

IDSTORE_USERNAMEATTRIBUTE

cn

IDSTORE_LOGINATTRIBUTE

uid

IDSTORE_USERSEARCHBASE

cn=Users, dc=us,dc=oracle,dc=com

IDSTORE_GROUPSEARCHBASE

cn=Groups, dc=us,dc=oracle,dc=com

IDSTORE_SEARCHBASE

dc=us,dc=oracle,dc=com


prepareIDStore mode=WLS

The following are created in the WLS (Oracle WebLogic Server) mode:

  • Create Weblogic Admin User

  • Create Weblogic Admin Group

  • Add the Weblogic Admin User as a member of Weblogic Admin Group

Table A-5 prepareIDStore mode=WLS Parameters

Parameter Value

IDSTORE_HOST

identity store hostname

IDSTORE_PORT

identity store port

IDSTORE_BINDDN

cn=orcladmin

IDSTORE_USERNAMEATTRIBUTE

cn

IDSTORE_LOGINATTRIBUTE

uid

IDSTORE_USERSEARCHBASE

cn=Users, dc=us,dc=oracle,dc=com

IDSTORE_GROUPSEARCHBASE

cn=Groups, dc=us,dc=oracle,dc=com

IDSTORE_SEARCHBASE

dc=us,dc=oracle,dc=com

   

prepareIDStore mode=all

The mode performs all the tasks that are performed in the modes fusion, OAM, OIM, WLS and OAAM.

Table A-6 prepareIDStore mode=WLS Parameters

Parameter Value

IDSTORE_HOST

identity store hostname

IDSTORE_PORT

identity store port

IDSTORE_BINDDN

cn=orcladmin

IDSTORE_USERSEARCHBASE

cn=Users, dc=us,dc=oracle,dc=com

IDSTORE_GROUPSEARCHBASE

cn=Groups, dc=us,dc=oracle,dc=com

IDSTORE_SEARCHBASE

dc=us,dc=oracle,dc=com

IDSTORE_SYSTEMIDBASE

cn=system,dc=us,dc=oracle,dc=test

IDSTORE_READONLYUSER

readOnlyUser

IDSTORE_READWRITEUSER

readWriteUser

IDSTORE_SUPERUSER

superUser

IDSTORE_OAMSOFTWAREUSER

oamSoftwareUser

IDSTORE_OAMADMINUSER

oamAdminUser

IDSTORE_OIMADMINUSER

oimAdminUser

IDSTORE_OIMADMINGROUP

oimAdminGroup


A.2.3 configPolicyStore Parameters

Parameter Value
POLICYSTORE_HOST policy store hostname, for example mynode.us.mycompany.com
POLICYSTORE_PORT policy store port, for example 1234
POLICYSTORE_BINDDN cn:orcladmin
POLICYSTORE_SEARCHBASE dc:test
POLICYSTORE_READONLYUSER PolStoreROUser
POLICYSTORE_READWRITEUSER PolStoreRWUser
POLICYSTORE_CONTAINER cn:jpsroot

A.2.4 configOAM Parameters

Parameter Value
IDSTORE_HOST identity store hostname, for example mynode.us.mycompany.com
IDSTORE_PORT identity store port, for example 1234
POLICYSTORE_HOST policy store hostname, for example abc
POLICYSTORE_PORT policy store port, for example 1110
POLICYSTORE_OAMDN cn:oamsoftware,cn:users,dc:us,dc:oracle,dc:com
POLICYSTORE_PWD password
OAM_POLICYSEARCHBASE (required only for non-OID directory)
OAM_POLICYSEARCHBASE dc:us,dc:oracle,dc:com
OAM_WEBGATE_URL WebGate URL, for example http://mynode.us.mycompany.com:1010
OAM_CONSENTFORM_URL /cgi-bin/consentredirect.pl
OAM_IMPERSONATION_PATH impersonation path, for example /mydir/lib/authz_impersonate.so
OIM_OHS_URL OHS URL, for example http://mynode.us.mycompany.com:1234
App_agent_password password
Oam_aaa_mode open
Oam_aaa_passphrase password
Primary_oam_servers ACCSERVEROAS
MAX_OAM_CONNECTIONS 4

A.2.5 configOIM Parameters

Parameter Value
ACCESS_SERVER_HOST Access Server hostname, for example mynode.us.mycompany.com
ACCESS_GATE_ID IdentityManagerAccessGate
ACCESS_SERVER_PORT 5575
COOKIE_DOMAIN .us.oracle.com
COOKIE_EXPIRY_INTERVAL 120
WEBGATE_TYPE javaWebgate | ohsWebgate10g | ohsWebgate11g
SSO_ENABLED_FLAG true | false
IDSTORE_PORT  
IDSTORE_HOST  
IDSTORE_ADMIN_USER  
IDSTORE_USERSEARCHBASE  
IDSTORE_GROUPSEARCHBASE  
MDS_DB_URL  
MDS_DB_URL  
MDS_DB_SCHEMA_USERNAME  
WLSHOST  
WLSPORT  
WLSADMIN  
DOMAIN_NAME  
OIM_MANAGED_SERVER_NAME  
DOMAIN_LOCATION  
OIM_MANAGED_SERVER_HOST  
OIM_MANAGED_SERVER_PORT  

A.2.6 postProv Parameters

Same as preConfigIDStore parameters.

A.2.7 Validate IDStore parameters

Parameter Value
IDSTORE_TYPE OID | OVD
IDSTORE_HOST adcxyx
IDSTORE_PORT 3060
IDSTORE_SSLPORT 3031
IDSTORE_SSL_ENABLED true
IDSTORE_SUPER_USER faadmin
IDSTORE_READ_WRITE_USER cn=rou,cn=users,dc=mycompany,dc=com
IDSTORE_READ_WRITE_PASSWORD password
IDSTORE_READ_ONLY_USER cn=rwu,cn=users,dc=mycompany,dc=com
IDSTORE_READ_ONLY_PASSWORD password
IDSTORE_USER_CONTAINER cn=users,dc=mycompany,dc=com
IDSTORE_GROUP_CONTAINER cn=users,dc=mycompany,dc=com
IDSTORE_SEEDING true
IDSTORE_ADMIN_GROUP cn=administrators,cn=groups,dc=mycompany,dc=com
IDSTORE_ADMIN_GROUP_EXISTS true

A.2.8 PolicyStore parameters

Parameter Value
POLICYSTORE_HOST POLICYSTORE.host
POLICYSTORE_PORT POLICYSTORE.port
POLICYSTORE_SECURE_PORT POLICYSTORE.sslport
POLICYSTORE_IS_SSL_ENABLED POLICYSTORE.ssl.enabled
POLICYSTORE_READ_WRITE_USERNAME POLICYSTORE.username
POLICYSTORE_PASSWORD POLICYSTORE.password
POLICYSTORE_SEEDING POLICYSTORE.seeding
POLICYSTORE_JPS_ROOT_NODE POLICYSTORE.jps.root
POLICYSTORE_DOMAIN_NAME POLICYSTORE.domain.name
POLICYSTORE_CREATED_BY_CUSTOMER POLICYSTORE.created.by.customer
POLICYSTORE_JPS_CONFIG_DIR idm.jpsconfig.filesdir
POLICYSTORE_CRED_MAPPING_FILE_LOCATION idm.credentials.mapping.filelocation
POLICYSTORE_ADF_CRED_FILE_LOCATION idm.common.adfcreds.file
POLICYSTORE_STRIPE_FSCM fscm
POLICYSTORE_STRIPE_CRM crm
POLICYSTORE_STRIPE_HCM hcm
POLICYSTORE_STRIPE_SOA_INFRA soa-infra
POLICYSTORE_STRIPE_APM oracle.security.apm
POLICYSTORE_STRIPE_ESSAPP ESSAPP
POLICYSTORE_STRIPE_B2BUI b2bui
POLICYSTORE_STRIPE_OBI obi
POLICYSTORE_STRIPE_WEBCENTER webcenter
POLICYSTORE_STRIPE_IDCCS IDCCS
POLICYSTORE_CRED_STORE POLICYSTORE.credential.store
IDM_KEYSTORE_FILE idm.keystore.file
IDM_KEYSTORE_PASSWORD idm.keystore.password

A.2.9 Validate OAM Configuration

Parameter Value Notes
OAM10g_MODE    
OAM10g_NOPROMPT   Query for password is suppressed when true.
OAM10g_POLICY_HOST    
OAM10g_POLICY_PORT    
OAM10g_POLICY_USERDN ldap_userdn  
OAM10g_POLICY_USERPWD ldap_userpassword  
OAM10g_AAA_MODE oam_aaa_mode  
OAM10g_AAA_PASSPHRASE oam_aaa_passphrase  
OAM10g_PRIMARY_SERVERS primary_oam_servers  
OAM10g_SECONDARY_SERVERS secondary_oam_servers  
OAM10g_RUNTIME_USER oam_runtime_user User used to configure Oracle Access Manager 10g components. This user has read/write privileges to the Oracle Access Manager Policy store, for example: cn=OAMSoftware

A.2.10 Validate OIM

Parameter Value Notes
ADMIN_SERVER_HOST admin_server_host Domain Admin Server Constant
ADMIN_SERVER_PORT admin_server_port Domain Admin Server Constant
ADMIN_SERVER_USER admin_server_user Domain Admin Server Constant
ADMIN_SERVER_USER_PASSWORD admin_server_user_password Domain Admin Server Constant
ACCESS_SERVER_HOST    
ACCESS_SERVER_PORT    
ACCESS_SERVER_ID    

A.3 Examples

The following reference contains examples of idmConfigTool usage: