Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 Enterprise Deployment Overview

• 1.1 What is an Enterprise Deployment?
• 1.2 Terminology
• 1.3 Benefits of Oracle Recommendations
  • 1.3.1 Built-in Security
  • 1.3.2 High Availability
• 1.4 The Enterprise Deployment Reference Topology
  • 1.4.1 Understanding the Directory Tier
  • 1.4.2 Understanding the Application Tier
  • 1.4.3 Understanding the Web Tier
  • 1.4.4 What to Install
• 1.5 How to Use This Guide

2 Prerequisites for Enterprise Deployments

• 2.1 Hardware Resource Planning
• 2.2 Network Prerequisites
  • 2.2.1 Load Balancers
  • 2.2.2 Configuring Virtual Server Names and Ports on the Load Balancer
  • 2.2.3 Administration Server Virtual IP
  • 2.2.4 Managing Oracle Fusion Middleware Component Connections
  • 2.2.5 Oracle Access Manager Communication Protocol and Terminology
    • 2.2.5.1 Oracle Access Manager Protocols
    • 2.2.5.2 Overview of User Request
  • 2.2.6 Firewall and Port Configuration
• 2.3 WebLogic Domain Considerations
  • 2.3.1 Directory Structure Terminology and Recommendations
    • 2.3.1.1 Directory Structure Terminology
    • 2.3.1.2 Directory Structure Recommendations

3 Creating the WebLogic Server Domain for Identity Management

• 3.1 Installing Oracle WebLogic Server
• 3.2 Configuring the WebLogic Server Domain on IDMHOST1
• 3.3 Creating boot.properties for the Administration Server
• 3.4 Backing Up the WebLogic Server Domain Configuration

4 Installing and Configuring OID and OVD

• 4.1 Directory Tier Considerations
  • 4.1.1 Directory Services-only Topologies
    • 4.1.1.1 Oracle Virtual Directory-only Topology
    • 4.1.1.2 Oracle Internet Directory-only Topology
• 4.2 Database Prerequisites
• 4.3 Installing and Configuring the Database Repository
  • 4.3.1 Configuring the Database for Oracle Fusion Middleware 11g Metadata
• 4.4 Executing the Repository Creation Utility
• 4.5 Installing the Oracle Internet Directory Instances
  • 4.5.1 Synchronizing the Time on Oracle Internet Directory Nodes
  • 4.5.2 Installing the First Oracle Internet Directory
  • 4.5.3 Installing an Additional Oracle Internet Directory
  • 4.5.4 Registering Oracle Internet Directory with the WebLogic Server Domain
• 4.6 Installing the Oracle Virtual Directory Instances
  • 4.6.1 Installing the First Oracle Virtual Directory
    • 4.6.1.1 SSL Validation for Oracle Virtual Directory
  • 4.6.2 Installing an Additional Oracle Virtual Directory
  • 4.6.3 Registering Oracle Virtual Directory with the Oracle WebLogic Server Domain
  • 4.6.4 Configuring Oracle Virtual Directory Communication with LDAP
• 4.7 Validating the Directory Tier Components
• 4.8 Backing Up the Directory Tier Configuration

5 Installing and Configuring Oracle DIP and ODSM

• 5.1 Extending the Oracle WebLogic Domain with DIP and ODSM
• 5.2 Expanding the DIP and ODSM Cluster
  • 5.2.1 Install and Configure DIP and ODSM on IDMHOST2
  • 5.2.2 Post-Installation Steps
    • 5.2.2.1 Copy the DIP Application from IDMHOST1 to IDMHOST2
    • 5.2.2.2 Set the Listen Address for the Managed Servers
    • 5.2.2.3 Start the wls_ods2 Managed Server on IDMHOST2
• 5.3 Validating the Application Tier Configuration
  • 5.3.1 Validating Oracle Directory Services Manager
  • 5.3.2 Validating Oracle Directory Integration Platform
• 5.4 Backing Up the Application Tier Configuration

6 Installing and Configuring the Web Tier

• 6.1 Prerequisites
• 6.2 Installing Oracle HTTP Server on WEBHOST1 and WEBHOST2
• 6.3 Validating the Installations of Oracle HTTP Server
• 6.4 Configuring Oracle HTTP Server with the Load Balancer
• 6.5 Configuring Oracle HTTP Server for Virtual Hosts
• 6.6 Configuring mod_wl_ohs for Oracle WebLogic Server Clusters
• 6.7 Setting the Frontend URL for the Administration Console
• 6.8 Validating the Web Tier Configuration
• 6.9 Backing up the Web Tier Configuration

7 Installing and Configuring Oracle Access Manager

• 7.1 Introduction to Installing Oracle Access Manager
  • 7.1.1 Using 10g Oracle Single Sign-On and Delegated Administration Services
  • 7.1.2 Using Different LDAP Directory Stores
    • 7.1.2.1 Using Oracle Virtual Directory as the Identity Store
• 7.2 Prerequisites
• 7.3 Identity System Installation and Configuration
  • 7.3.1 Installing Identity Servers on OAMHOST1 and OAMHOST2
    • 7.3.1.1 Installing the First Identity Server on OAMHOST1
    • 7.3.1.2 Installing the Second Identity Server on OAMHOST2
  • 7.3.2 Installing Oracle HTTP Server on OAMADMINHOST
    • 7.3.2.1 Installing Oracle HTTP Server
    • 7.3.2.2 Validating the Installation of Oracle HTTP Server
  • 7.3.3 Installing WebPass on OAMADMINHOST
    • 7.3.3.1 Configuring Oracle HTTP Server and WebPass Communication
    • 7.3.3.2 Validating the WebPass Installation
  • 7.3.4 Configuring Identity Servers Using WebPass
    • 7.3.4.1 Configuring the First Identity Server
    • 7.3.4.2 Configuring the Second Identity Server
• 7.4 Access System Installation and Configuration
  • 7.4.1 Installing the Policy Manager on OAMADMINHOST
    • 7.4.1.1 Configuring the Policy Manager
  • 7.4.2 Installing the Access Server on OAMHOST1 and OAMHOST2
    • 7.4.2.1 Creating an Access Server Instance
    • 7.4.2.2 Starting the Access Server Installation
  • 7.4.3 Installing WebGate on OAMADMINHOST, WEBHOST1, and WEBHOST2
    • 7.4.3.1 Creating a WebGate Profile
    • 7.4.3.2 Assigning an Access Server to the WebGate
    • 7.4.3.3 Installing the WebGate
• 7.5 Backing Up the Oracle Access Manager Configuration

8 Configuring Single Sign-On for Administration Consoles

• 8.1 Prerequisites for Configuring Single Sign-On
• 8.2 Running the Oracle Access Manager Configuration Tool
  • 8.2.1 Collecting the Information for the OAM Configuration Tool
  • 8.2.2 Running the OAM Configuration Tool
  • 8.2.3 Update the Host Identifier
  • 8.2.4 Update the WebGate Profile
  • 8.2.5 Update the Form Authentication for Delegated Administration
• 8.3 Validating the Policy Domain and AccessGate Configurations
  • 8.3.1 Validating the Policy Domain Configuration
  • 8.3.2 Validating the AccessGate Configuration
• 8.4 Setting Up the WebLogic Authenticators
  • 8.4.1 Setting Up the Oracle Internet Directory Authenticator
  • 8.4.2 Setting Up the OAM ID Asserter
  • 8.4.3 Reorder OAM Identity Asserter, OID Authenticator, and Default Authenticator
  • 8.4.4 Stop and Start the WebLogic Administration Servers and Managed Servers
• 8.5 Changing the Login Form for the Administration Server
• 8.6 Creating WebLogic Administrative Users in an LDAP Directory
  • 8.6.1 Provisioning Admin Users and Groups in an LDAP Directory
  • 8.6.2 Assigning the Admin Role to the Admin Group
  • 8.6.3 Updating the boot.properties File on IDMHOST1 and IDMHOST2
• 8.7 Policy and Credential Store Migration
  • 8.7.1 JPS Root Creation
  • 8.7.2 Reassociate the Policy and Credential Store
• 8.8 Validate the Oracle Access Manager Single Sign-On Setup

9 Enabling Administration Server High Availability

• 9.1 Configuring High Availability for Oracle WebLogic Administration Server
  • 9.1.1 Enabling a Virtual IP Address on IDMHOST1
  • 9.1.2 Create a Machine for the Administration Server
  • 9.1.3 Enable the Administration Server to Listen on the Virtual IP Address
  • 9.1.4 Update Enterprise Manager Agent and OPMN Configuration
  • 9.1.5 Update the WEBHOST Configuration
  • 9.1.6 Validate the WEBHOST and Administration Server Configuration Changes
• 9.2 Provisioning the Administration Server and Fusion Middleware Control on IDMHOST2
• 9.3 Validating Administration Server and Oracle Fusion Middleware Control Failover on IDMHOST2

10 Managing Enterprise Deployments

• 10.1 Monitoring Enterprise Deployments
  • 10.1.1 Monitoring Oracle Internet Directory
    • 10.1.1.1 Oracle Internet Directory Component Names Assigned by Oracle Identity Management Installer
  • 10.1.2 Monitoring Oracle Virtual Directory
  • 10.1.3 Monitoring Oracle Directory Integration Platform
  • 10.1.4 Monitoring Oracle Access Manager
• 10.2 Auditing Identity Management
• 10.3 Scaling Enterprise Deployments
  • 10.3.1 Scaling Up the Topology
    • 10.3.1.1 Scaling Up the Directory Tier
      • 10.3.1.1.1 Scaling Up Oracle Internet Directory
      • 10.3.1.1.2 Scaling Up Oracle Virtual Directory
    • 10.3.1.2 Scaling Up the Application Tier
      • 10.3.1.2.1 Scaling Up Oracle Directory Integration Platform and Oracle Directory Services Manager
    • 10.3.1.3 Scaling Up Oracle Access Manager
    • 10.3.1.4 Scaling Up the Web Tier
  • 10.3.2 Scaling Out the Topology
    • 10.3.2.1 Scaling Out the Directory Tier
      • 10.3.2.1.1 Scaling Out Oracle Internet Directory
      • 10.3.2.1.2 Scaling Out Oracle Virtual Directory
    • 10.3.2.2 Scaling Out the Application Tier
      • 10.3.2.2.1 Scaling Out Oracle Directory Integration Platform and Oracle Directory Services Manager
      • 10.3.2.2.2 Scaling Out Oracle Access Manager
    • 10.3.2.3 Scaling Out the Web Tier
• 10.4 Performing Backups and Recoveries
• 10.5 Patching Enterprise Deployments
  • 10.5.1 Patching an Oracle Fusion Middleware Source File
  • 10.5.2 Patching Identity Management Components
• 10.6 Troubleshooting
  • 10.6.1 Troubleshooting Oracle Internet Directory
  • 10.6.2 Troubleshooting Oracle Virtual Directory
  • 10.6.3 Troubleshooting Oracle Directory Integration Platform
  • 10.6.4 Troubleshooting Oracle Directory Services Manager
  • 10.6.5 Troubleshooting Oracle Access Manager
    • 10.6.5.1 User is Redirected to the Login Screen After Activating Some Administration Console Changes
    • 10.6.5.2 User is Redirected to the Administration Console's Home Page After Activating Some Changes
    • 10.6.5.3 OAM Configuration Tool Does Not Remove Invalid URLs
• 10.7 Other Recommendations
  • 10.7.1 Preventing Timeouts for SQL*Net Connections

Index