Skip Headers
Oracle® Fusion Middleware Quick Installation Guide for Oracle Identity Management
11g Release 1 (11.1.1)
Part Number E10033-04
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

5 Installing and Configuring OIM, OAM, OAAM, OAPM, and OIN

This chapter provides an overview of Oracle Identity Management 11g Release 1 (11.1.1) and this guide. This chapter includes the following topics:

5.1 Installing OIM, OAM, OAAM, OAPM, and OIN

This section describes how to install the Oracle Identity Management 11g Release 1 (11.1.1) suite that contains Oracle Identity Manager (OIM), Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), Oracle Authorization Policy Manager (OAPM), and Oracle Identity Navigator (OIN).

It includes the following sections:

5.1.1 Applications Installed

Performing the installation in this section installs the following products:

  • Oracle Identity Manager Server

  • Oracle Identity Manager Design Console

  • Oracle Identity Manager Remote Manager

  • Oracle Access Manager

  • Oracle Adaptive Access Manager

  • Oracle Identity Navigator

  • Oracle Authorization Policy Manager

5.1.2 Dependencies

The installation in this section depends on the following:

  • Oracle WebLogic Server

  • Oracle Database

  • Oracle SOA 11g Suite 11.1.1.3.0 (required for Oracle Identity Manager only)

  • JDK (either Oracle WebLogic JRockit JDK or Sun JDK 1.6.0)

5.1.3 Procedure

Complete the following steps to install the Oracle Identity Management software that contains Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Management Navigator:

  1. Install the Oracle Database. Refer to Installing Oracle Database for more information.

    Note:

    Ensure that the Oracle database is with the AL32UTF8 character set encoding.

  2. Decide if you want to create new schemas for Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Metadata Services, and SOA Infrastructure by using the Installer during installation or if you want to use an existing schema:

    • If you want to create a new schema using the Installer, refer to Creating Database Schema Using the Repository Creation Utility (RCU) for more information about creating schemas. After creating schemas, continue this procedure by going to Step 3.

    • If you want to use an existing schema, you must upgrade the schema by using the Upgrade Assistant tool. For more information, see the Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management.

  3. Install Oracle WebLogic Server. Refer to Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home for more information.

  4. Install Oracle SOA 11g suite (11.1.1.3.0) if you want to use Oracle Identity Manager. For information about installing the Oracle SOA 11g suite, refer to Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only).

  5. Start your installation by performing all the steps in Starting an Installation. After you complete those steps, the Welcome screen appears.

  6. Click Next on the Welcome screen. The Prerequisite Checks screen appears.

  7. If all prerequisite checks pass inspection, click Next. The Specify Installation Location screen appears.

  8. On the Specify Installation Location screen, enter the path to the Oracle Middleware Home installed on your system. Ensure that Oracle WebLogic Server is already installed on the system in the same Middleware Home. This directory is the same as the Oracle Home created in the Oracle WebLogic Server installation.

    Note:

    If you do not specify a valid Middleware Home directory on the Specify Installation Location screen, the Installer displays a message and verifies whether you want to proceed with the installation of only Oracle Identity Manager Design Console and Oracle Identity Manager Remote Manager. These two components of Oracle Identity Manager do not require a Middleware Home directory.

    If you want to install only Oracle Identity Manager Design Console on a Windows machine, you do not need to install Oracle WebLogic Server and create a Middleware Home directory on the Windows machine. Before using Oracle Identity Manager Design Console, you must configure Oracle Identity Manager Server. However, the Server can be installed and configured on a different machine, so you can specify the Oracle Identity Manager Server host and URL information when configuring only Design Console on the Windows machine.

  9. In the Oracle Home Directory field, enter a name for the Oracle Home folder that will be created under your Middleware Home. This directory is also referred to as IDM_Home in this book.

    Click Next. The Summary Page screen appears.

    The Summary Page screen displays a summary of the choices that you made. Review this summary and decide whether to start the installation. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing Oracle Identity Management, click Install.

    This installation process copies the Identity Management software to your system and creates an IDM_Home directory, such as Oracle_IDM1, under your Middleware Home. You must proceed to create a WebLogic Domain, as described in After Installing the Oracle Identity Management Software. In addition, you must configure the Administration Server settings while creating the domain.

    To configure Oracle Identity Manager Server, Oracle Identity Manager Design Console, and Oracle Identity Manager Remote Manager, you must launch the Oracle Identity Manager 11g Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

    In addition, see Configuring OIM Server, Configuring OIM Design Console, and Configuring OIM Remote Manager.

5.2 After Installing the Oracle Identity Management Software

After installing the Oracle Identity Management software, you must proceed to configure Oracle Identity Management products in a new or existing WebLogic domain. You can use the Oracle Fusion Middleware Configuration Wizard to create a WebLogic domain or extend an existing domain. For more information about WebLogic administration domain options, see the "Introduction to WebLogic Domains" topic in the guide Oracle Fusion Middleware Creating Domains Using the Configuration Wizard.

This chapter discusses some of the basic installation and configuration scenarios. For more information about advanced installation scenarios, including Oracle Identity Management suite-level scenarios, see the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

See:

The "Understanding Oracle WebLogic Server Domains" chapter in the Oracle Fusion Middleware Understanding Domain Configuration for Oracle WebLogic Server guide for more information about Oracle WebLogic Server administration domains.

For Oracle Identity Manager users only:

After configuring Oracle Identity Manager in a new or existing WebLogic domain, you must configure Oracle Identity Manager Server, Oracle Identity Manager Design Console, and Oracle Identity Manager Remote Manager, by running the Oracle Identity Manager 11g Configuration Wizard, as described in Configuring OIM Server, Design Console, and Remote Manager.

5.3 Basic Installation and Configuration Scenarios

This section includes some of the most basic installation and configuration scenarios for Oracle Identity Management 11g Release 1 (11.1.1.3.0) products, comprising Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Identity Navigator, and Oracle Identity Navigator.

For an extensive list of installation and configuration scenarios, including Oracle Identity Management suite-level installation scenarios, see the chapter "Oracle Identity Management Suite-Level Installation Scenarios" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

This section discusses the following topics:

5.3.1 OIN in a New WebLogic Domain

This topic describes how to configure only Oracle Identity Navigator (OIN) in a new WebLogic administration domain. It includes the following sections:

5.3.1.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to use Oracle Identity Navigator with Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Authorization Policy Manager in a new WebLogic domain and then run the Oracle Identity Navigator discovery feature. This feature populates links to the product consoles for Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Authorization Policy Manager. You can then access those product consoles from within the Oracle Identity Navigator interface, without having to remember the individual console URLs.

5.3.1.2 Components Deployed

Performing the configuration in this section deploys the Oracle Identity Navigator application on a new WebLogic Administration Server.

5.3.1.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server

  • Installation of the Oracle Identity Management 11g software

For more information, see Preparing to Install Oracle Identity Management and Installing OIM, OAM, OAAM, OAPM, and OIN.

5.3.1.4 Procedure

Perform the following steps to configure only Oracle Identity Navigator in a new WebLogic administration domain:

  1. Install Oracle WebLogic Server, and create a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Install the Oracle Identity Management 11g software. Refer to Installing OIM, OAM, OAAM, OAPM, and OIN for more information.

  3. Run the <IDM_Home>/common/bin/config.sh script. (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Welcome screen of the Oracle Fusion Middleware Configuration Wizard appears.

  4. On the Welcome screen, select Create a new WebLogic domain, and click Next. The Select Domain Source screen appears.

  5. On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected. Create a WebLogic administration domain, which supports Oracle Identity Navigator (choose Oracle Identity Navigator - 11.1.1.3.0), and click Next. The Specify Domain Name and Location screen appears.

    Note:

    When you select the Oracle Identity Navigator - 11.1.1.3.0 check box, the Oracle JRF 11.1.1.0 [oracle_common] option is also selected, by default.

  6. Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.

  7. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next.

  8. Choose JRockit SDK 1.6.0_17 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard.

    The Select Optional Configuration screen appears.

  9. On the Select Optional Configuration screen, you can configure Administration Server and Managed Servers, Clusters, and Machines, Deployments and Services, and RDBMS Security Store options. Click Next.

  10. Optional: Configure the following Administration Server parameters:

    • Name

    • Listen address

    • Listen port

    • SSL listen port

    • SSL enabled or disabled

  11. Optional: Configure Managed Servers, as required.

  12. Optional: Configure Clusters, as required.

    For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

  13. Optional: Assign Managed Servers to clusters, as required.

  14. Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

  15. Optional: Assign the Administration Server to a machine.

  16. Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

  17. Optional: Configure RDBMS Security Store, as required.

  18. On the Configuration Summary screen, you can view summaries of your configuration for deployments, application, and service. Review the domain configuration, and click Create to start creating the domain.

A new WebLogic domain to support Oracle Identity Navigator is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

5.3.2 OIM Without LDAP Sync in a New WebLogic Domain

This topic describes how to configure Oracle Identity Manager (OIM) without LDAP Synchronization in a new WebLogic domain. It includes the following sections:

5.3.2.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install only Oracle Identity Manager in an environment where you may use Oracle Identity Manager as a provisioning or request solution.

5.3.2.2 Components Deployed

Performing the configuration in this section installs the following components:

  • Administration Server

  • A Managed Server for Oracle Identity Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

5.3.2.3 Dependencies

The configuration in this section depends on the following:

5.3.2.4 Procedure

Complete the following steps to configure Oracle Identity Manager (without LDAP Sync) in a new WebLogic domain and to configure Oracle Identity Manager Server, Design Console, and Remote Manager:

  1. Install Oracle WebLogic Server and create a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Create and load the appropriate schemas required by Oracle Identity Manager and Oracle SOA Suite, as described in Creating Database Schema Using the Repository Creation Utility (RCU).

  3. Install the Oracle Identity Management 11g software. Refer to Installing OIM, OAM, OAAM, OAPM, and OIN for more information.

  4. Install Oracle SOA Suite under the same Middleware Home, as described in Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only).

  5. Run the <IDM_Home>/common/bin/config.sh script (on UNIX). (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Welcome screen of the Oracle Fusion Middleware Configuration Wizard appears.

  6. On the Welcome screen, select Create a new WebLogic domain, and click Next. The Select Domain Source screen appears.

  7. On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.

    Select Oracle Identity Manager - 11.1.1.3.0. The Oracle SOA Suite - 11.1.1.1.0 [Oracle_SOA1] option, the Oracle JRF 11.1.1.0 [oracle_common] option, the Oracle Enterprise Manager - 11.1.1.0 [oracle_common], and the Oracle WSM Policy Manager 11.1.1.0 [oracle_common] option are also selected, by default.

    Click Next. The Specify Domain Name and Location screen appears.

  8. Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.

  9. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next.

  10. Choose JRockit SDK 1.6.0_17 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The Configure JDBC Component Schema screen appears. This screen displays a list of the following component schemas:

    • SOA Infrastructure

    • User Messaging Service

    • OIM MDS Schema

    • OWSM MDS Schema

    • SOA MDS Schema

    • OIM Infrastructure

  11. On the Configure JDBC Component Schema screen, select a component schema that you want to modify. You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Select the driver as Oracle's Driver (Thin) for Instance connections; Versions:9.0.1,9.2.0,10,11. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  12. On the Select Optional Configuration screen, you can configure the Administration Server, JMS Distributed Destination, Managed Servers, Clusters, and Machines, Deployments and Services. Click Next.

  13. Optional: Configure the following Administration Server parameters:

    • Name

    • Listen address

    • Listen port

    • SSL listen port

    • SSL enabled or disabled

    Click Next.

  14. Optional: Configure JMS Distributed Destination, as required. Click Next.

  15. Optional: Configure Managed Servers, as required. Click Next.

  16. Optional: Configure Clusters, as required. For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    Click Next.

  17. Optional: Assign Managed Servers to Clusters, as required. Click Next.

  18. Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.Click Next.

  19. Optional: Assign servers to machines. Click Next.

  20. Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server. Click Next.

  21. On the Configuration Summary screen, you can view summaries of your configuration for deployments, application, and service. Review the domain configuration, and click Create to start creating the domain.

    After the domain configuration is complete, click Done to close the configuration wizard.

    A new WebLogic domain to support Oracle Identity Manager is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

  22. Start the Administration Server, as described in Starting the Stack.

  23. Configure the Oracle Identity Manager Server, Design Console, or Remote Manager, as described in Configuring OIM Server, Design Console, and Remote Manager.

5.3.3 OIM with LDAP Sync

This topic describes how to configure Oracle Identity Manager (OIM) with LDAP Synchronization in a new or existing WebLogic domain. It includes the following sections:

5.3.3.1 OIM with LDAP Sync in a New WebLogic Domain

This section discusses the following topics:

5.3.3.1.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install only Oracle Identity Manager in an environment where you want to set up LDAP synchronization for Oracle Identity Manager. At a later time, you can set up integration between Oracle Identity Manager and Oracle Access Manager.

5.3.3.1.2 Components Deployed

Performing the configuration in this section installs the following components:

  • Administration Server

  • A Managed Server for Oracle Identity Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

5.3.3.1.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server

  • Installation of the Oracle Identity Management 11g software

  • Installation of the latest version of Oracle Internet Directory and Oracle Virtual Directory under the same Middleware Home directory or on a different machine.

  • Installation of the latest version of Oracle SOA Suite

  • Database schemas for Oracle Identity Manager and Oracle SOA 11g Suite

5.3.3.1.4 Procedure

Complete the following steps to configure Oracle Identity Manager with LDAP Sync in a new WebLogic administration domain:

  1. Install Oracle WebLogic Server and create a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Create and load the appropriate schemas required by Oracle Identity Manager and Oracle SOA Suite, as described in Creating Database Schema Using the Repository Creation Utility (RCU).

  3. Install the Oracle Identity Management 11g software. Refer to Installing OIM, OAM, OAAM, OAPM, and OIN for more information.

  4. Install Oracle SOA Suite under the same Middleware Home, as described in Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only).

  5. Run the <IDM_Home>/common/bin/config.sh script (on UNIX). (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Welcome screen of the Oracle Fusion Middleware Configuration Wizard appears.

  6. On the Welcome screen, select Create a new WebLogic domain, and click Next. The Select Domain Source screen appears.

  7. On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.

    Select Oracle Identity Manager - 11.1.1.3.0.

    The Oracle SOA Suite - 11.1.1.1.0 [Oracle_SOA1] option, the Oracle JRF 11.1.1.0 [oracle_common] option, the Oracle Enterprise Manager - 11.1.1.0 [oracle_common], and the Oracle WSM Policy Manager 11.1.1.0 [oracle_common] option are also selected, by default.

    Click Next. The Specify Domain Name and Location screen appears.

  8. Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.

  9. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next.

  10. Choose JRockit SDK 1.6.0_17 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The Configure JDBC Component Schema screen appears. This screen displays a list of the following component schemas:

    • SOA Infrastructure

    • User Messaging Service

    • OIM MDS Schema

    • OWSM MDS Schema

    • SOA MDS Schema

    • OIM Infrastructure

  11. On the Configure JDBC Component Schema screen, select a component schema that you want to modify. You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port.

    Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  12. On the Select Optional Configuration screen, you can configure the Administration Server, JMS Distributed Destination, Managed Servers, Clusters, and Machines, Deployments and Services. Click Next.

  13. Optional: Configure the following Administration Server parameters:

    • Name

    • Listen address

    • Listen port

    • SSL listen port

    • SSL enabled or disabled

    Click Next.

  14. Optional: Configure JMS Distributed Destination, as required. Click Next.

  15. Optional: Configure Managed Servers, as required. Click Next.

  16. Optional: Configure Clusters, as required. For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    Click Next.

  17. Optional: Assign Managed Servers to Clusters, as required. Click Next.

  18. Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.Click Next.

  19. Optional: Assign servers to machines. Click Next.

  20. Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server. Click Next.

  21. On the Configuration Summary screen, you can view summaries of your configuration for deployments, application, and service. Review the domain configuration, and click Create to start creating the domain.

    After the domain configuration is complete, click Done to close the configuration wizard.

    A new WebLogic domain to support Oracle Identity Manager is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

  22. Start the Administration Server, as described in Starting the Stack.

  23. Set up LDAP Synchronization, as described in the "Setting Up LDAP Synchronization" topic in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  24. Configure the Oracle Identity Manager Server, Design Console, or Remote Manager, as described in Configuring OIM Server, Design Console, and Remote Manager.

5.3.3.2 OIM with LDAP Sync in a Domain Containing OID and OVD

This section discusses the following topics:

5.3.3.2.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install only Oracle Identity Manager (OIM) in an existing Oracle Identity Management environment where you have installed and configured Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD). You can enable LDAP Synchronization for Oracle Identity Manager. At a later time, you may install Oracle Access Manager and set up integration between Oracle Identity Manager and Oracle Access Manager.

5.3.3.2.2 Components Deployed

Performing the configuration in this section installs the following components:

  • A Managed Server for Oracle Identity Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

5.3.3.2.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server

  • Installation of the Oracle Identity Management 11g software

  • Installation of the latest version of Oracle SOA Suite

  • Database schemas for Oracle Identity Manager and Oracle SOA 11g Suite

5.3.3.2.4 Procedure

Complete the following steps to configure Oracle Identity Manager with LDAP Sync in an existing Oracle Identity Management 11.1.1.3.0 domain that has Oracle Internet Directory and Oracle Virtual Directory installed and configured:

  1. Install Oracle WebLogic Server and create a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Ensure that your Oracle Identity Management 11g installation is patched to 11.1.1.3.0, as described in Installing and Configuring the Latest Version of OID, OVD, ODSM, ODIP, and OIF.

  3. Run the <IDM_Home>/bin/config.sh on UNIX operating systems to start the Oracle Identity Management Configuration Wizard. On Windows, run the <IDM_Home>\bin\config.bat to start the wizard. This IDM_Home is the directory where you have installed and configured Oracle Internet Directory and Oracle Virtual Directory. The Welcome screen in the Oracle Identity Management Configuration Wizard is displayed.

  4. On the Select Domain screen, select the Create New Domain option. Set the Administrator user name and password, as required.

  5. Ensure that you select Oracle Internet Directory and Oracle Virtual Directory on the Configure Components screen.

  6. Follow the wizard, provide the necessary input, and configure the domain.

    A new WebLogic domain to support Oracle Internet Directory and Oracle Virtual Directory is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

  7. Ensure that your Oracle database version is supported and you have installed the necessary patches. For more information, see Installing Oracle Database.

  8. Create and load the appropriate schemas required by Oracle Identity Manager, Oracle SOA Suite, and Oracle Access Manager, as described in Creating Database Schema Using the Repository Creation Utility (RCU).

  9. Install the Oracle Identity Management 11g software under the same Middleware Home. Refer to Installing OIM, OAM, OAAM, OAPM, and OIN for more information. A new IDM_Home for Oracle Identity Management, such as Oracle_IDM2, is created under the Middleware Home directory.

  10. Install Oracle SOA Suite under the same Middleware Home. Refer to Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only) for more information.

  11. Run the <IDM_Home>/common/bin/config.sh script (on UNIX). (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Oracle Fusion Middleware Configuration Wizard appears.

  12. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next. The Select a WebLogic Domain Directory screen is displayed.

  13. On the Select a WebLogic Domain Directory screen, select the Oracle Identity Management 11.1.1.3.0 domain in which you configured Oracle Internet Directory and Oracle Virtual Directory. Click Next. The Select Extension Source screen is displayed.

  14. On the Select Extension Source screen, select the following domain configuration options:

    • Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM1]

      Note:

      When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM1] option, the following options are also selected, by default: Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], and Oracle WSM Policy Manager - 11.1.1.0 [oracle_common].

  15. After selecting the domain configuration options, click Next. The Configure JDBC Component Schema screen is displayed.

  16. On the Configure JDBC Component Schema screen, select a component schema, such as the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, the OIM Schema, or the SOA MDS Schema, that you want to modify.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  17. On the Select Optional Configuration screen, you can configure JMS Distributed Destination, Managed Servers, Clusters, and Machines, Deployments and Services, and JMS File Store. Select the relevant check boxes and click Next.

    • Optional: Select a JMS Distributed Destination Type, as required.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required. For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure JMS File Store, as required.

  18. On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.

    Your existing Oracle Identity Management 11.1.1.1.3.0 domain with Oracle Internet Directory and Oracle Virtual Directory is extended to support Oracle Identity Manager.

  19. Start the Administration Server, as described in Starting the Stack.

  20. Set up LDAP Synchronization, as described in the "Setting Up LDAP Synchronization" topic in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  21. Verify LDAP Synchronization, as described in the "Verifying LDAP Synchronization" topic in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  22. Configure Oracle Identity Manager Server, as described in Configuring OIM Server, Design Console, and Remote Manager. When configuring Oracle Identity Manager Server, ensure that you select the Enable LDAP Sync option on the LDAP Sync and OAM Screen in the Oracle Identity Manager Configuration Wizard.

  23. Follow the wizard to complete the configuration.

5.3.4 OIM with LDAP Sync, and OAM

This section discusses how to configure Oracle Identity Manager (OIM) and Oracle Access Manager (OAM) in different scenarios:

It includes the following sections:

5.3.4.1 Overview

In this section, you perform the following tasks:

  1. Install and configure Oracle Internet Directory and Oracle Virtual Directory

  2. Install and configure Oracle Identity Manager and Oracle Access Manager

  3. Configure Oracle Access Manager to use Oracle Internet Directory as the LDAP provider

  4. Set up LDAP sync for Oracle Identity Manager

  5. Configure Oracle Identity Manager Server, Design Console (Windows only), and Remote Manager

5.3.4.2 Prerequisites

The following lists the prerequisites for installing and configuring Oracle Identity Manager with LDAP Synchronization, and Oracle Access Manager:

5.3.4.3 Scenario 1: OIM with LDAP Sync, and OAM in a New WebLogic Domain

This section discusses the following topics:

5.3.4.3.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Identity Manager (OIM) with LDAP Synchronization in an environment where you may set up integration between Oracle Identity Manager and Oracle Access Manager (OAM) at a later time.

5.3.4.3.2 Components Deployed

Performing the configuration in this section deploys the following:

  • WebLogic Administration Server

  • Managed Servers for Oracle Identity Manager and Oracle Access Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

  • Oracle Access Manager Console on the Administration Server

5.3.4.3.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server.

  • Installation of the Oracle Identity Management 11g software.

  • Installation and configuration of Oracle Internet Directory and Oracle Virtual Directory.

  • Installation of the latest version of Oracle SOA Suite (required by Oracle Identity Manager).

  • Database schemas for Oracle Identity Manager, Oracle SOA Suite, and Oracle Access Manager. For more information, see Creating Database Schema Using the Repository Creation Utility (RCU).

5.3.4.3.4 Procedure

Perform the following steps to configure Oracle Identity Manager with LDAP Synchronization, and Oracle Access Manager in a new WebLogic domain:

  1. After completing all the prerequisites, run the <Oracle_IDM2>/common/bin/config.sh script on UNIX (<Oracle_IDM2>\common\bin\config.cmd on Windows). This Oracle_IDM2 is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Oracle Fusion Middleware Configuration Wizard appears.

  2. On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen is displayed.

  3. On the Select Domain Source screen, select the following domain configuration options:

    • Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2]

      Note:

      When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2] option, the following options are also selected, by default: Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], Oracle Enterprise Manager - 11.1.1.0 [oracle_common], and Oracle WSM Policy Manager - 11.1.1.0 [oracle_common].

    • Oracle Access Manager with Database Policy Store - 11.1.1.3.0 [Oracle_IDM2]

  4. After selecting the domain configuration options, click Next. The Specify Domain Name and Location screen is displayed.

  5. On the Specify Domain Name and Location screen, enter a name and location for the domain to be created. In addition, enter a location to store applications for the domain. Click Next. The Configure Administrator User Name and Password screen is displayed.

  6. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next. The Configure Server Start Mode and JDK screen is displayed.

  7. Choose JRockit SDK 1.6.0_17 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next.Tthe Configure JDBC Component Schema screen is displayed.

  8. On the Configure JDBC Component Schema screen, select a component schema, such as the OAM Infrastructure Schema, the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, the OIM Schema, or the SOA MDS Schema, that you want to modify.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  9. On the Select Optional Configuration screen, you can configure Administration Server, Managed Servers, Clusters, and Machines, Deployments and Services, RDBMS Security Store, and JMS File Store. Select the relevant check boxes and click Next.

    • Optional: Configure Administration Server, as required.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required.

      For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

      Tip:

      Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.

    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure RDBMS Security Store, as required.

    • Optional: Configure JMS File Store, as required.

  10. On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.

    A new WebLogic domain to support Oracle Identity Manager and Oracle Access Manager is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

  11. Start the WebLogic Administration Server and Managed Servers (Oracle Identity Manager and Oracle Access Manager), as described in Starting the Stack.

  12. Configure Oracle Access Manager (OAM) to use Oracle Internet Directory (OID) as an LDAP provider by running the createUserIdentityStore WLST command:

    1. On the command line, use the cd command to move from your present working directory to the Oracle_IDM2/common/bin directory. Oracle_IDM2 is the IDM_Home for Oracle Identity Manager and Oracle Access Manager.

    2. Launch the WebLogic Scripting Tool (WLST) interface as follows:

      On UNIX: Run ./wlst.sh on the command line.

      On Windows: Run wlst.cmd.

      At the WLST command prompt (wls:/offline>), type the following:

      connect()

      You are prompted to enter the WebLogic Administration Server user name, password, and URL. For more information about using the WLST interface, see the topic "Using the WebLogic Scripting Tool" in the guide Oracle Fusion Middleware Oracle WebLogic Scripting Tool.

      Run the createUserIdentityStore WLST command, as in the following example:

      createUserIdentityStore(name="OAMOIDIdStoreForOIM",principal="cn=orcladmin", credential="welcome1", type="LDAP", userAttr="uid", ldapProvider="OID", roleSecAdmin="OAMAdministrators", userSearchBase="cn=Users,dc=us,dc=acme,dc=com" ,ldapUrl="ldap://<oid host>:<oid port>" ,isPrimary="true" ,userIDProvider="OracleUserRoleAPI" , groupSearchBase="cn=Groups,dc=us,dc=acme,dc=com")

      Note:

      Users that are members of the group specified in the roleSecAdmin attribute are allowed access to the Oracle Access Manager Administration Console. This group must exist under the Directory Information Tree (DIT) specified in the groupSearchBase attribute. If the group is not available, you can specify the user name, such as orcladmin, who will have access to the Oracle Access Manager Administration Console. Note that only the user specified in this attribute will have access to the Oracle Access Manager Administration Console.

    Alternatively, you can use the Oracle Access Manager Administration Console, deployed on the Administration Server, to configure Oracle Internet Directory as an LDAP provider for Oracle Access Manager. For more information, see the "Managing User-Identity Store and OAM Administrator Registrations" topic in the guide Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager.

  13. Set up LDAP Synchronization, as described in the "Setting Up LDAP Synchronization" topic in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  14. Verify LDAP Synchronization, as described in the "Verifying LDAP Synchronization" topic in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  15. Configure Oracle Identity Manager Server, as described in Configuring OIM Server. When configuring Oracle Identity Manager Server, ensure that you select the Enable LDAP Sync option on the LDAP Sync and OAM Screen in the Oracle Identity Manager Configuration Wizard.

  16. Follow the wizard and the steps described in Configuring OIM Server to complete the Oracle Identity Manager Server configuration. Similarly, follow the wizard to configure Oracle Identity Manager Design Console (Windows only) and to configure Oracle Identity Manager Remote Server, as described in Configuring OIM Design Console, and Configuring OIM Remote Manager.

5.3.4.4 Scenario 2: OIM with LDAP Sync, and OAM, in an Existing Domain Containing OID and OVD

This section discusses the following topics:

5.3.4.4.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Identity Manager (OIM) with LDAP Synchronization in an environment where you have installed and configured Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD). At a later time, you may set up integration between Oracle Identity Manager and Oracle Access Manager (OAM) at a later time.

5.3.4.4.2 Components Deployed

Performing the configuration in this section deploys the following:

  • Managed Servers for Oracle Identity Manager and Oracle Access Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

  • Oracle Access Manager Console on the existing Administration Server

5.3.4.4.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server.

  • Installation and configuration of Oracle Internet Directory and Oracle Virtual Directory.

  • Installation of the Oracle Identity Management 11g software.

  • Installation of the latest version of Oracle SOA Suite (required by Oracle Identity Manager).

  • Database schemas for Oracle Identity Manager, Oracle SOA Suite, and Oracle Access Manager. For more information, see Creating Database Schema Using the Repository Creation Utility (RCU).

5.3.4.4.4 Procedure

Perform the following steps to configure Oracle Identity Manager with LDAP Synchronization, and Oracle Access Manager in an existing Oracle Identity Management 11.1.1.3.0 domain that contains Oracle Internet Directory and Oracle Virtual Directory:

  1. After completing the prerequisites, run the <Oracle_IDM1>/bin/config.sh on UNIX operating systems to start the Oracle Identity Management Configuration Wizard. On Windows, run the <Oracle_IDM1>\bin\config.bat to start the wizard. The Oracle_IDM1 home is the directory where you installed Oracle Internet Directory, Oracle Virtual Directory, Oracle Directory Services Manager, Oracle Directory Integration Platform, and Oracle Identity Federation.

  2. On the Select Domain screen, select the Create New Domain option. Set the Administrator user name and password, as required.

  3. Ensure that you select Oracle Internet Directory and Oracle Virtual Directory on the Configure Components screen.

  4. Follow the wizard, provide the necessary input, and configure the domain.

    A new WebLogic domain to support Oracle Internet Directory and Oracle Virtual Directory is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

  5. Ensure that your Oracle database version is supported and you have installed the necessary patches. For more information, see Installing Oracle Database.

  6. Ensure that any appropriate schemas required by Oracle Identity Manager, Oracle SOA Suite, and Oracle Access Manager are created and loaded, as described in Creating Database Schema Using the Repository Creation Utility (RCU).

  7. Ensure that the Oracle Identity Management 11g software is installed. Refer to Installing OIM, OAM, OAAM, OAPM, and OIN for more information. A new Oracle Home for Oracle Identity Management, such as Oracle_IDM2, is created under the Middleware Home directory.

  8. Ensure that the latest version of Oracle SOA Suite is installed under the same Middleware Home. Refer to Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only) for more information.

  9. Run the <Oracle_IDM2>/common/bin/config.sh script (on UNIX). (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Oracle Fusion Middleware Configuration Wizard appears.

  10. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next. The Select a WebLogic Domain Directory screen is displayed.

  11. On the Select a WebLogic Domain Directory screen, select the Oracle Identity Management 11.1.1.3.0 domain in which you configured Oracle Internet Directory and Oracle Virtual Directory. Click Next. The Select Extension Source screen is displayed.

  12. On the Select Extension Source screen, select the following domain configuration options:

    • Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2]

      Note:

      When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2] option, the following options are also selected, by default: Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], and Oracle WSM Policy Manager - 11.1.1.0 [oracle_common].

    • Oracle Access Manager with Database Policy Store - 11.1.1.3.0 [Oracle_IDM2]

  13. After selecting the domain configuration options, click Next. The Configure JDBC Component Schema screen is displayed.

  14. On the Configure JDBC Component Schema screen, select a component schema, such as the OAM Infrastructure Schema, the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, the OIM Schema, or the SOA MDS Schema, that you want to modify.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  15. On the Select Optional Configuration screen, you can configure JMS Distributed Destination, Managed Servers, Clusters, and Machines, Deployments and Services, and JMS File Store. Select the relevant check boxes and click Next.

    • Optional: Select a JMS Distributed Destination Type, as required.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required.

      For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

      Tip:

      Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.

    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure JMS File Store, as required.

  16. On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.

    Your existing Oracle Identity Management 11.1.1.1.3.0 domain with Oracle Internet Directory and Oracle Virtual Directory is extended to support Oracle Identity Manager and Oracle Access Manager.

  17. Start the WebLogic Administration Server and Managed Servers (Oracle Identity Manager and Oracle Access Manager), as described in Starting the Stack.

  18. Configure Oracle Access Manager (OAM) to use Oracle Internet Directory (OID) as an LDAP provider by running the createUserIdentityStore WLST command:

    1. On the command line, use the cd command to move from your present working directory to the Oracle_IDM2/common/bin directory. Oracle_IDM2 is the IDM_Home for Oracle Identity Manager and Oracle Access Manager.

    2. Launch the WebLogic Scripting Tool (WLST) interface as follows:

      On UNIX: Run ./wlst.sh on the command line.

      On Windows: Run wlst.cmd.

      At the WLST command prompt (wls:/offline>), type the following:

      connect()

      You are prompted to enter the WebLogic Administration Server user name, password, and URL. For more information about using the WLST interface, see the topic "Using the WebLogic Scripting Tool" in the guide Oracle Fusion Middleware Oracle WebLogic Scripting Tool.

      Run the createUserIdentityStore WLST command, as in the following example:

      createUserIdentityStore(name="OAMOIDIdStoreForOIM",principal="cn=orcladmin", credential="welcome1", type="LDAP", userAttr="uid", ldapProvider="OID", roleSecAdmin="OAMAdministrators", userSearchBase="cn=Users,dc=us,dc=acme,dc=com" ,ldapUrl="ldap://<oid host>:<oid port>" ,isPrimary="true" ,userIDProvider="OracleUserRoleAPI" , groupSearchBase="cn=Groups,dc=us,dc=acme,dc=com")

      Note:

      Users that are members of the group specified in the roleSecAdmin attribute are allowed access to the Oracle Access Manager Administration Console. This group must exist under the Directory Information Tree (DIT) specified in the groupSearchBase attribute. If the group is not available, you can specify the user name, such as orcladmin, who will have access to the Oracle Access Manager Administration Console. Note that only the user specified in this attribute will have access to the Oracle Access Manager Administration Console.

    Alternatively, you can use the Oracle Access Manager Administration Console, deployed on the Administration Server, to configure Oracle Internet Directory as an LDAP provider for Oracle Access Manager. For more information, see the "Managing User-Identity Store and OAM Administrator Registrations" topic in the guide Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager.

  19. Set up LDAP Synchronization, as described in the "Setting Up LDAP Synchronization" topic in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  20. Verify LDAP Synchronization, as described in the "Verifying LDAP Synchronization" topic in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

  21. Configure Oracle Identity Manager Server, as described in Configuring OIM Server. When configuring Oracle Identity Manager Server, ensure that you select the Enable LDAP Sync option on the LDAP Sync and OAM Screen in the Oracle Identity Manager Configuration Wizard.

  22. Follow the wizard and the steps described in Configuring OIM Server to complete the Oracle Identity Manager Server configuration. Similarly, follow the wizard to configure Oracle Identity Manager Design Console (Windows only) and to configure Oracle Identity Manager Remote Server, as described in Configuring OIM Design Console, and Configuring OIM Remote Manager.

5.3.5 OAM in a New WebLogic Domain

This topic describes how to configure Oracle Access Manager (OAM) in a new WebLogic domain.

It includes the following sections:

5.3.5.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install only Oracle Access Manager in an environment where you may add other Oracle Identity Management components, such as Oracle Identity Navigator, Oracle Identity Manager, and Oracle Adaptive Access Manager at a later time in the same domain.

5.3.5.2 Components Deployed

Performing the configuration in this section deploys the following:

  • WebLogic Administration Server

  • Managed Server for Oracle Access Manager

  • Oracle Access Manager Console on the Administration Server

5.3.5.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server

  • Installation of the Oracle Identity Management 11g software

  • Database schemas for Oracle Access Manager.

5.3.5.4 Procedure

Perform the following steps to configure Oracle Access Manager in a new WebLogic domain:

  1. Install Oracle WebLogic Server and create a Middleware Home. Refer to Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home for more information.

  2. Create and load the appropriate schemas required by Oracle Access Manager, as described in Creating Database Schema Using the Repository Creation Utility (RCU).

  3. Install the Oracle Identity Management 11g software. Refer to Installing OIM, OAM, OAAM, OAPM, and OIN for more information.

  4. Run the <IDM_Home>/common/bin/config.sh script (on UNIX). (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Oracle Fusion Middleware Configuration Wizard appears.

  5. On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen appears.

  6. On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected. Select Oracle Access Manager with Database Policy Store - 11.1.1.3.0, and click Next. The Select Domain Name and Location screen appears.

    Note:

    When you select the Oracle Access Manager with Database Policy Store - 11.1.1.3.0 option, the Oracle JRF 11.1.1.0 [Oracle_Common] option is also selected, by default.

  7. Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.

  8. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next.

  9. Choose JRockit SDK 1.6.0_17 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The Select Optional Configuration screen appears.

  10. On the Select Optional Configuration screen, you can configure the Administration Server and Managed Servers, Clusters, and Machines. Click Next.

  11. Optional: Configure the following Administration Server parameters:

    • Name

    • Listen address

    • Listen port

    • SSL listen port

    • SSL enabled or disabled

  12. Optional: Configure Managed Servers, as required.

    Note:

    If you want to configure the Managed Server on the same machine, ensure that the port is different from that of the Administration Server.

  13. Optional: Configure Clusters, as required. For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

  14. Optional: Assign Managed Servers to clusters, as required.

  15. Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

  16. Optional: If the Administration Server is not assigned to a machine, you can assign it to a machine.

    Note that deployments, such as applications and libraries, and services that are targeted to a particular cluster or server are selected, by default.

  17. Optional: Assign the newly created Managed Server, such as oam_server1, to a machine.

  18. On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.

A new WebLogic domain to support Oracle Access Manager is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

5.3.6 OAAM in a New WebLogic Domain

This topic describes how to configure Oracle Adaptive Access Manager (OAAM) in a new WebLogic administration domain. It includes the following sections:

5.3.6.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Adaptive Access Manager in an environment where you may install other Oracle Identity Management 11g components, such as Oracle Identity Navigator, Oracle Access Manager, or Oracle Identity Manager at a later time in the same domain.

5.3.6.2 Components Deployed

Performing the configuration in this section deploys the following:

  • WebLogic Administration Server

  • Managed Server for Oracle Adaptive Access Manager

  • Oracle Adaptive Access Manager Console on the Administration Server

5.3.6.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server

  • Installation of the Oracle Identity Management 11g software

  • Database schema for Oracle Adaptive Access Manager

5.3.6.4 Procedure

Perform the following steps to configure only Oracle Adaptive Access Manager in a new WebLogic domain:

  1. Install Oracle WebLogic Server and create a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Create and load the appropriate schemas required by Oracle Adaptive Access Manager, as described in Creating Database Schema Using the Repository Creation Utility (RCU).

  3. Install the Oracle Identity Management 11g software under your Middleware Home, as described in Installing OIM, OAM, OAAM, OAPM, and OIN.

  4. Run the <IDM_Home>/common/bin/config.sh script (on UNIX). (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Oracle Fusion Middleware Configuration Wizard appears.

  5. On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen appears.

  6. On the Select Domain Source screen ensure that the Generate a domain configured automatically to support the following products: option is selected. Select Oracle Adaptive Access Manager Admin Server - 11.1.1.3.0, which is mandatory.

    In addition, you can select Oracle Adaptive Access Manager - Server - 11.1.1.3.0, which is optional. Click Next. The Select Domain Name and Location screen appears.

    Note:

    When you select either of the Oracle Adaptive Access Manager options, the Oracle JRF - 11.1.1.0 [oracle_common] option, the Oracle Identity Navigator - 11.1.1.3.0 [Oracle_IDM1] option, and the Oracle WSM Policy Manager - 11.1.1.0 [Oracle_IDM1] option are also selected, by default.

  7. Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.

  8. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next.

  9. Choose JRockit SDK 1.6.0_17 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard.

  10. On the Configure JDBC Data Sources screen, select the OAAM_ADMIN_DS data source for the Oracle Adaptive Access Manager Server application. If you selected the Oracle Adaptive Access Manager - Server - 11.1.1.3.0 option on the Select Domain source screen, you can also select the OAAM_SERVER_DS data source. Configure default database credentials, such as Schema Name, Password, Database Service Name, Host Name, and Port. Click Next.

    The Test JDBC Data Sources screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  11. On the Select Optional Configuration screen, you can configure the Administration Server and Managed Servers, Clusters, and Machines, and Deployments and Services. Click Next.

  12. Optional: Configure the following Administration Server parameters:

    • Name

    • Listen address

    • Listen port

    • SSL listen port

    • SSL enabled or disabled

  13. Optional: Configure Managed Servers, as required.

  14. Optional: Configure Clusters, as required. For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

  15. Optional: Assign Managed Servers to Clusters, as required.

  16. Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

  17. Optional: Assign the Administration Server to a machine.

  18. Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

  19. On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.

A new WebLogic domain to support Oracle Adaptive Access Manager is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

5.3.7 OAPM in a New WebLogic Domain

This topic describes how to configure Oracle Authorization Policy Manager (OAPM) in a new WebLogic domain. It includes the following sections:

5.3.7.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Authorization Policy Manager in an environment where you may install Oracle Identity Manager, Oracle Access Manager, Oracle Identity Management Navigator, or Oracle Adaptive Access Manager at a later stage in the same domain.

5.3.7.2 Components Deployed

Performing the configuration in this section deploys the following:

  • WebLogic Administration Server

  • Oracle Authorization Policy Manager application on the Administration Server

5.3.7.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server.

  • Installation of the Oracle Identity Management 11g software.

  • Database schema for Oracle Authorization Policy Manager and Metadata Services (MDS).

5.3.7.4 Procedure

Perform the following steps to configure Oracle Authorization Policy Manager in a new WebLogic domain:

  1. Install Oracle WebLogic Server and create a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Create and load the database schemas for Oracle Authorization Policy Manager, as described in Creating Database Schema Using the Repository Creation Utility (RCU).

  3. Install the Oracle Identity Management 11g software under your Middleware Home. Refer to Installing OIM, OAM, OAAM, OAPM, and OIN for more information.

  4. Run the <IDM_Home>/common/bin/config.sh script (on UNIX). (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Oracle Fusion Middleware Configuration Wizard appears.

  5. On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen appears.

  6. On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.

    Select the Oracle Application Authorization Policy Manager - 11.1.1.3.0 option.

    When you select this option, the Oracle JRF 11.1.1.0 [oracle_common] option is also selected, by default. For association with Enterprise Manager at a later stage, select the Oracle Enterprise Manager - 11.1.1.3.0 [oracle_common] template. Click Next. The Select Domain Name and Location screen appears.

  7. Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.

  8. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next.

  9. Choose JRockit SDK 1.6.0_17 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The Configure JDBC Component Schema screen is displayed.

  10. On the Configure JDBC Component Schema screen, select a component schema, such as the APM MDS Schema or the APM Schema that you want to modify. You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  11. On the Select Optional Configuration screen, you can configure the Administration Server, Managed Servers, Clusters, Machines, Deployments and Services, and RDBMS Security Store. Select the relevant check boxes and click Next.

    • Optional: Configure the following Administration Server parameters:

      • Name

      • Listen Address

      • Listen Port

      • SSL Listen Port

      • SSL Enabled

    • Optional: Add and configure Managed Servers, as required. Note that Oracle Authorization Policy Manager does not require a Managed Server because the application is deployed on the WebLogic Administration Server.

    • Optional: Configure Clusters, as required. For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure RDBMS Security Store Database, as required.

  12. On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.

A new WebLogic domain to support Oracle Authorization Policy Manager is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

5.3.8 OAPM in a Domain Containing OIM, OAM, OAAM, and OIN

This topic describes how to configure Oracle Authorization Policy Manager (OAPM) in an existing Oracle Identity Management domain that contains Oracle Identity Manager (OIM), Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), and Oracle Identity Navigator (OIN).

It includes the following sections:

5.3.8.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Authorization Policy Manager in an environment where Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator are installed and configured.

5.3.8.2 Components Deployed

Performing the configuration in this section deploys the Oracle Authorization Policy Manager application on the existing WebLogic Administration Server.

5.3.8.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server.

  • Installation of the Oracle Identity Management 11g software.

  • Installation of the latest version of Oracle SOA Suite (required by Oracle Identity Manager.

  • Database schema for Oracle Authorization Policy Manager and Metadata Services (MDS) schema.

5.3.8.4 Procedure

To configure Oracle Authorization Policy Manager in an existing WebLogic domain that contains Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Management Navigator, complete the following steps:

  1. Install Oracle WebLogic Server and create a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Create and load the schemas for Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Authorization Policy Manager by using Repository Creation Utility (RCU), as described in Creating Database Schema Using the Repository Creation Utility (RCU).

  3. Install the Oracle Identity Management 11g software under your Middleware Home. Refer to Installing OIM, OAM, OAAM, OAPM, and OIN for more information.

  4. Run the <IDM_Home>/common/bin/config.sh script (on UNIX). (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Oracle Fusion Middleware Configuration Wizard appears.

  5. Create a new WebLogic domain to support Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Management Navigator.

    For more information, see the "Simultaneous configuration of OIN, OAPM, OAAM, OAM, and OIM" topic in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

    Note:

    On the Select Domain Source screen, do not select the Oracle Authorization Policy Manager - 11.1.1.3.0 [Oracle_IDM1] option.

  6. Ensure that the WebLogic domain with Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Management Navigator is configured correctly.

    After the domain configuration is complete, click Done to dismiss the Oracle Fusion Middleware Configuration Wizard.

    A new WebLogic domain to support Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator is created in the <Middleware_Home>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <Middleware_Home>/user_projects/domains directory.

  7. Run the <IDM_Home>/common/bin/config.sh script (on UNIX). (<IDM_Home>\common\bin\config.cmd on Windows). This IDM_Home is the directory where you installed Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

    The Oracle Fusion Middleware Configuration Wizard appears.

  8. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.

  9. On the Select a WebLogic Domain Directory screen, browse to the <Middleware_Home>/user_projects/domains directory where you created the domain with Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator. Click Next.

    The Select Extension Source screen appears.

  10. On the Select Extension Source screen, ensure that the Extend my domain automatically to support the following products: option is selected. Select Oracle Application Authorization Policy Manager - 11.1.1.3.0. Click Next. The Configure JDBC Component Schema screen appears.

  11. On the Configure JDBC Component Schema screen, select a component schema that you want to modify.

    The screen lists the following component schemas:

    • SOA Infrastructure

    • OAAM Admin Schema

    • OAAM Server Schema

    • User Messaging Service

    • APM MDS Schema

    • APM Schema

    • OAAM Admin MDS Schema

    • OIM MDS Schema

    • OWSM MDS Schema

    • SOA MDS Schema

    • OIM Schema

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  12. On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines, Deployments and Services, and JMS File Store. Select the relevant check boxes, and Click Next.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required. For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server, such as oam_server1 (default value).

    • Optional: Configure JMS File Stores, as required.

  13. On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the existing domain, which contains Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, and Oracle Identity Navigator, to support Oracle Authorization Policy Manager.

5.4 Configuring OIM Server, Design Console, and Remote Manager

After configuring Oracle Identity Manager (OIM) in a new or existing WebLogic administration domain, you must run the Oracle Identity Manager 11g Configuration Wizard to configure the following:

Note:

For information about configuring Oracle Identity Manager Server, Design Console, and Remote Manager after configuring Oracle Identity Manager in a new or existing WebLogic domain, see Chapter 6, "Configuring OIM Server, Design Console, and Remote Manager".

5.5 Oracle Identity Management Suite-Level Installation Scenarios

For information about Oracle Identity Management suite-level installation scenarios, see the chapter "Oracle Identity Management Suite-Level Installation Scenarios" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

5.6 Installing Oracle HTTP Server 11g WebGate for OAM

For information about installing and configuring Oracle HTTP Server 11g WebGate for Oracle Access Manager (OAM), see the chapter "Installing and Configuring Oracle HTTP Server 11g WebGate for OAM" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

5.7 Setting Up Integration Between OIM and OAM

For information about setting up integration between Oracle Identity Manager (OIM) and Oracle Access Manager (OAM), see the chapter "Integration Between OIM and OAM" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Master Index
Master Index		 Go to Feedback page
Contact Us