6 Configuring OIM Server, Design Console, and Remote Manager

6.2.1 Prerequisites for Configuring OIM Server

Before you can configure Oracle Identity Manager (OIM) Server using the Oracle Identity Manager Configuration Wizard, you must complete the following prerequisites:

1. Installing Oracle WebLogic Server 10.3.3 and created a Middleware Home directory. For more information, see Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

2. Installing a supported version of Oracle database. For more information, see Installing Oracle Database.

3. Creating and loading the required schemas (OIM and MDS) in the database. For more information, see Creating Database Schema Using the Repository Creation Utility (RCU).

4. Installing the Oracle Identity Management Suite (the suite that contains Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator) under the Middleware Home directory. For more information, see Installing OIM, OAM, OAAM, OAPM, and OIN.

5. Installing Oracle SOA Suite 11g Release 1(11.1.1.3.0) under the same Middleware Home directory. For more information, see Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only).

6. Configuring Oracle Identity Manager and Oracle SOA Suite in the same WebLogic administration domain (a new or existing domain). For more information, see the example scenarios described in Basic Installation and Configuration Scenarios.

7. Starting the Oracle WebLogic Administration Server for the domain in which the Oracle Identity Manager application is deployed. For more information, see Starting the Stack.

8. Optional: Setting up LDAP Synchronization for Oracle Identity Manager, if you want to enable LDAP Sync. For more information, see the topic "Setting Up LDAP Synchronization" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

9. Optional: Installing Oracle BI Publisher, if you want to configure Oracle BI Publisher for reporting features in Oracle Identity Manager. For more information, see the guide Oracle Fusion Middleware Quick Installation Guide for Oracle Business Intelligence.

6.2.2 Prerequisites for Configuring Only OIM Design Console on a Different Machine

On the machine where you are installing and configuring Design Console, you must install the Oracle Identity Management 11g (11.1.1.3.0) software containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator. For information, see Installing OIM, OAM, OAAM, OAPM, and OIN.

Before you can configure Oracle Identity Manager (OIM) Design Console by running the Oracle Identity Manager Configuration Wizard, you should have configured the Oracle Identity Manager Server, as described in Configuring OIM Server on a local or machine. In addition, the Oracle Identity Manager Server should be up and running.

6.2.3 Prerequisites for Configuring Only OIM Remote Manager on a Different Machine

On the machine where you are installing and configuring Remote Manager, you must install the Oracle Identity Management 11g (11.1.1.3.0) software containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator. For information, see Installing OIM, OAM, OAAM, OAPM, and OIN.

Before you can configure Oracle Identity Manager (OIM) Remote Manager by running the Oracle Identity Manager Configuration Wizard, you should have configured the Oracle Identity Manager Server, as described in Configuring OIM Server. In addition, the Oracle Identity Manager Server should be up and running.

6.4.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Identity Manager Server on a separate host.

6.4.2 Components Deployed

Performing the configuration in this section deploys only Oracle Identity Manager Server.

6.4.3 Dependencies

The installation and configuration in this section depends on Oracle WebLogic Server, on Oracle SOA Suite, and on the installation of Oracle Identity Management 11g software. For more information, see Before Installing OIM, OAM, OAAM, OAPM, and OIN and Installing OIM, OAM, OAAM, OAPM, and OIN.

6.4.4 Procedure

Perform the following steps to configure only Oracle Identity Manager Server:

1. Ensure that all the prerequisites, described in Prerequisites for Configuring OIM Server, are satisfied.

   Note:

   If you extended an existing WebLogic domain to support Oracle Identity Manager, restart the Administration Server before starting the Oracle Identity Manager Configuration Wizard.

2. On the machine where the Administration Server is running, start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard. The Welcome screen appears.

3. On the Welcome screen, click Next. The Components to Configure screen appears.

   On the Components to Configure screen, ensure that only the OIM Server option is selected. It is selected, by default. Click Next. The Database screen appears.

4. On the Database screen, enter the full path, listen port, and service name for the database in the Connect String field. For a single host instance, the format of connect string is hostname:port:servicename. For example, if the hostname is aaa.bbb.com, port is 1234, and the service name is xxx.bbb.com, then you must enter the connect string for a single host instance as follows:

   aaa.bbb.com:1234:xxx.bbb.com

   If you are using a Real Application Cluster database, the format of the database connect string is as follows:

   hostname1:port1^hostname2:port2@servicename

   Note:

   You can use the same database or different databases for creating the Oracle Identity Manager schema and the Metadata Services schema.

5. In the OIM Schema User Name field, enter the name of the schema that you created for Oracle Identity Manager using the Repository Creation Utility (RCU). For more information, see Creating Database Schema Using the Repository Creation Utility (RCU).

6. In the OIM Schema Password field, enter the password for the Oracle Identity Manager schema that you set while creating the schema using the Repository Creation Utility (RCU).

7. If you want to use a different database for the Metadata Services (MDS) schema, select the Select different database for MDS Schema check box.

8. If you choose to use a different database for MDS schema, In the MDS Connect String field, enter the full path, listen port, and service name for the database associated with the MDS schema. For the format of the connect string, see Step 4.

   In the MDS Schema User Name field, enter the name of the schema that you created for AS Common Services - Metadata Services using the Repository Creation Utility (RCU). For more information, see Creating Database Schema Using the Repository Creation Utility (RCU).

   In the MDS Schema Password field, enter the password for the AS Common Services - Metadata Services schema that you set while creating the schema using the Repository Creation Utility (RCU). Click Next. The WebLogic Admin Server screen appears.

9. On the WebLogic Admin Server screen, in the WebLogic Admin Server URL field, enter the URL of the WebLogic Administration Server of the domain in the following format:

   t3://hostname:port

   In the UserName field, enter the WebLogic administrator user name of the domain in which the Oracle Identity Manager (OIM) application and the Oracle SOA Suite application are deployed. If you are setting up integration between Oracle Identity Manager and Oracle Access Manager, the Oracle Access Manager application is also configured in the same domain.

   In the Password field, enter the WebLogic administrator password of the domain in which the Oracle Identity Manager (OIM) application and the Oracle SOA Suite application are deployed. Click Next.

   The OIM Server screen appears. The OIM Server screen enables you to set a password for the system administrator (xelsysadm).

10. On the OIM Server screen, in the OIM Administrator Password field, enter a new password for the administrator. A valid password contains at least 6 characters; begins with an alphabetic character; includes at least one number, one uppercase letter, and one lowercase letter. The password cannot contain the first name, last name, or the login name for Oracle Identity Manager.

11. In the Confirm User Password field, enter the new password again.

12. In the OIM HTTP URL field, enter the http URL that front-ends the Oracle Identity Manager application.

    The URL is of the format: http(s)://<oim_host>:<oim_port>. For example, https://localhost:7002.

13. In the KeyStore Password field, enter a new password for the keystore. A valid password can contain 6 to 30 characters, begin with an alphabetic character, and use only alphanumeric characters and special characters like Dollar ($), Underscore (_), and Pound (#). The password must contain at least one number.

14. In the Confirm Keystore Password field, enter the new password again. Click Next. The LDAP Sync and OAM screen appears.

    The LDAP Sync and OAM screen enables you to perform the following optional tasks:

    • Enable synchronization of Oracle Identity Manager roles, users, and their hierarchy to an LDAP directory

    • Enable Identity Administration Integration with Oracle Access Manager (OAM)

    • Configure Oracle Identity Manager to use Oracle BI Publisher for reporting purposes

15. Optional: To enable LDAP Sync, you must select the Enable LDAP Sync option on the LDAP Sync and OAM screen. However, note that you must first set up LDAP Sync for Oracle Identity Manager (OIM), as described in the topic "Setting Up LDAP Synchronization" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management, before enabling LDAP Sync.

16. Optional: To enable identity administration integration with Oracle Access Manager, select the Enable Identity Administration Integration with OAM option on the LDAP Sync and OAM screen, and enter the following information:

    • Password of Access Gate - Enter the access gate password for Oracle Identity Manager. You must specify the same oimAccessGatePwd password that you provided when running the configureOIM WLST command. For more information about this WLST command and the complete setup to integrate OIM and OAM, see the topic "Setting Up Integration Between OIM and OAM Using the Domain Agent" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

    • Domain of Cookie - Enter the domain of the machine on which Oracle HTTP Server for Oracle Identity Manager is running. You must specify the same oimCookieDomain value that you provided when running the configureOIM WLST command.

    Note:

    When you choose to enable identity administration integration with Oracle Access Manager, LDAP Synchronization is enabled, by default.

17. Optional: To configure Oracle Identity Manager to use Oracle BI Publisher for reporting purposes, select the Configure BI Publisher option, and enter the BI Publisher URL in the BI Publisher URL field. Note that you should have installed Oracle BI Publisher on a local or remote machine before selecting the Configure BI Publisher option on the LDAP Sync and OAM screen. In addition, ensure that Oracle BI Publisher is up and running.

18. After making your selections, click Next on the LDAP Sync and OAM screen. If you chose to enable identity administration integration with OAM or enable LDAP Sync, the LDAP Server screen appears.

    The LDAP Server screen enables you to specify the following Oracle Virtual Directory information:

    • LDAP URL - enter the LDAP URL in the format: ldap://ovd_host:ovd_port

    • LDAP User - enter the LDAP user name.

    • LDAP Password - enter the LDAP password.

    • LDAP SearchDN - enter the Distinguished Names (DN). For example, dc=acme, dc=com. SearchDN is the top-level container for users and roles in LDAP, and Oracle Identity Manager uses this container for reconciliation.

    Click Next. The LDAP Server Continued screen appears.

19. On the LDAP Server Continued screen, enter the following LDAP information:

    • LDAP RoleContainer - enter a name for the container that will be used as a default container of roles in the LDAP directory. You can configure isolation rules in Oracle Identity Manager to create roles in different containers in LDAP. For example, cn=groups, dc=mycountry, dc=com.

    • LDAP RoleContainer Description - enter a description for the default role container.

    • LDAP Usercontainer - enter a name for the container that will be used as a default container of users in the LDAP directory. You can configure isolation rules in Oracle Identity Manager to create users in different containers in LDAP. For example, cn=users, dc=mycountry, dc=com.

    • LDAP Usercontainer Description - enter a description for the default user container.

    • User Reservation Container - enter a name for the container that will be used for reserving user names in the LDAP directory while their creation is being approved in Oracle Identity Manager. When the user names are approved, they are moved from the reservation container to the user container in the LDAP directory. For example, cn=reserve, dc=mycountry, dc=com.

    Note:

    For more information about user reservation containers in Oracle Internet Directory, see the guide Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.

    After enabling LDAP synchronization, you can verify it by using the Oracle Identity Manager Administration Console. Click Next. The Configuration Summary screen appears.

20. If you did not choose the Enable LDAP Sync option or the Enable Identity Administration Integration with OAM option on the LDAP Sync and OAM screen, the Configuration Summary screen appears after you enter information in the OIM Server screen.

    The Configuration Summary screen lists the applications you selected for configuration and summarizes your configuration options, such as database connect string, OIM schema user name, MDS schema user name, WebLogic Admin Server URL, WebLogic Administrator user name, and OIM HTTP URL.

    Review this summary and decide whether to start the configuration. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing this configuration of the Oracle Identity Manager Server, click Configure.

    Note:

    Before configuring an application, you can save your configuration settings and preferences in a response file. Response files are text files that you can create or edit in a text editor. You can use response files to perform a silent installation or use as templates or customized settings for your environment. For more information, see the topic "Performing Silent Installations" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

    After you click Configure, the Configuration Progress screen appears. Click Next.

    A configuration log is saved to the logs directory under Oracle Inventory directory. For information about the log files, see Locating Installation Log Files. If the Configuration Progress screen displays any errors, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard.

21. Click Finish.

6.4.5 Post-Configuration Steps

After installing and configuring Oracle Identity Manager Server, you must complete the following manual steps:

• Set the XEL_HOME variable in the setenv script (setenv.bat on Windows, and setenv.sh on UNIX) as follows:

  On Windows: Edit the <IDM_Home>\server\bin\setenv.bat file in a text editor, and set the path of the XEL_HOME variable to the absolute path of <IDM_Home>\server. For example, if your IDM_Home is the C:\oracle\Middleware\Oracle_IDM1 directory, then set XEL_HOME in the setenv.bat file to the C:\oracle\Middleware\Oracle_IDM1\server directory.

  On UNIX: Edit the <IDM_Home>/server/bin/setenv.sh file in a text editor, and set the path of the XEL_HOME variable to the absolute path of <IDM_Home>/server. For example, if your IDM_Home is the /test/Middleware/Oracle_IDM1 directory, then set XEL_HOME in the setenv.sh file to the /test/Middleware/Oracle_IDM1/server directory.

• After installing and configuring Oracle Identity Manager Server for the first time, you must start the Oracle Identity Manager Managed Server. For information about starting the server, see Starting the Stack.

6.6.1 Appropriate Deployment Environment

Perform the installation and configuration in this topic if you want to install Oracle Identity Manager Design Console on a separate Windows machine where Oracle Identity Manager Server is not configured.

6.6.2 Components Deployed

Performing the installation and configuration in this section deploys only Oracle Identity Manager Design Console on Windows operating systems.

6.6.3 Dependencies

The installation and configuration in this section depends on the installation of Oracle Identity Management 11g software and on the Oracle Identity Manager Server. For more information, see Installing OIM, OAM, OAAM, OAPM, and OIN and Configuring OIM Server.

6.6.4 Procedure

Perform the following steps to install and configure only Oracle Identity Manager Design Console on the Windows operating system:

1. Ensure that all the prerequisites, described in Prerequisites for Configuring Only OIM Design Console on a Different Machine, are satisfied.

2. On the machine where Design Console should be configured, start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard. The Welcome screen appears.

3. On the Welcome screen, click Next. The Components to Configure screen appears.

   On the Components to Configure screen, select only the OIM Design Console check box. Click Next. The OIM Server Host and Port screen appears.

4. On the OIM Server Host and Port screen, enter the host name of the Oracle Identity Server Manager Server in the OIM Server Hostname field. In the OIM Server Port field, enter the port number for the Oracle Identity Manager Server on which the Oracle Identity Manager application is running. Click Next. The Configuration Summary screen appears.

   The Configuration Summary screen lists the application that you selected for configuration and summarizes your configuration options, such as OIM Server host name and port.

   Review this summary and decide whether to start the configuration. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing this configuration of the Oracle Identity Management Design Console, click Configure.

   Note:

   Before configuring an application, you can save your configuration settings and preferences in a response file. Response files are text files that you can create or edit in a text editor. You can use response files to perform a silent installation or use as templates or customized settings for your environment. For more information, see the topic "Performing Silent Installations" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

   After you click Configure, the Configuration Progress screen appears. A configuration log is saved to the logs directory under Oracle Inventory directory. For information about the log files, see Locating Installation Log Files. If the Configuration Progress screen displays any errors, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard.

5. Click Finish.

6.6.5 Post-Configuration Steps

Complete the following steps after configuring the Oracle Identity Manager Design Console on Windows operating systems:

1. On the machine where Oracle WebLogic Server is installed (the machine where Oracle Identity Manager Server is installed), create the wlfullclient.jar file as follows:

   1. Use the cd command to move from your present working directory to the <Middleware_Home>\wlserver_10.3\server\lib directory.

   2. Ensure that JAVA_HOME is set, as in the following example:

      D:\oracle\<Middleware_Home>\jdk160_11

      To set this variable, right-click the My Computer icon and select Properties. The System Properties screen is displayed. Click the Advanced tab and click the Environment Variables button. The Environment Variables screen is displayed. Ensure that the JAVA_HOME variable in the User Variables section is set to the path of the JDK directory installed on your machine.

      After setting the JAVA_HOME variable, select the Path variable in the System Variables section on the same Environment Variables screen, and click Edit. The Edit System Variable dialog box is displayed. In the variable value field, enter the complete path to your JAVA_HOME, such as D:\oracle\<Middleware_Home>\jdk160_11, preceded by a semicolon (;). The semicolon is used as the delimiter for multiple paths entered in this field.

   3. After verifying the values, click OK.

2. At the DOS command prompt, type the following command:

   java -jar <Middleware_Home>modules/com.bea.core.jarbuilder_1.5.0.0.jar

   This command generates the wlfullclient.jar file.

3. Copy the wlfullclient.jar file to the <Oracle_IDM2>\designconsole\ext\ directory on the machine where Design Console is configured.

4. Ensure that the Administration Server and the Oracle Identity Manager Managed Server are started. For information about starting the servers, see Starting the Stack.

5. Start the Design Console client by running the xlclient.cmd executable script, which is available in the <IDM_Home>\designconsole\ directory.

6. Log in to the Design Console with your Oracle Identity Manager user name and password.

6.7.1 Appropriate Deployment Environment

Perform the installation and configuration in this topic if you want to install Oracle Identity Manager Remote Manager on a separate machine.

6.7.2 Components Deployed

Performing the installation and configuration in this section deploys only Oracle Identity Manager Remote Manager.

6.7.3 Dependencies

The installation and configuration in this section depends on the installation of Oracle Identity Management 11g software. For more information, see Installing OIM, OAM, OAAM, OAPM, and OIN and Prerequisites for Configuring Only OIM Remote Manager on a Different Machine.

6.7.4 Procedure

Perform the following steps to install and configure only Oracle Identity Manager Remote Manager:

1. Ensure that all the prerequisites, described in Prerequisites for Configuring Only OIM Remote Manager on a Different Machine, are satisfied.

2. On the machine where Remote Manager should be configured, start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard. The Welcome screen appears.

3. On the Welcome screen, click Next. The Components to Configure screen appears.

   On the Components to Configure screen, select only the OIM Remote Manager check box. Click Next. The Remote Manager screen appears.

4. On the Remote Manager screen, enter the service name in the Service Name field. Oracle Identity Manager Remote Manager will be registered under this service name. The service name is used with the Registry URL to a build fully qualified service name, such as rmi://host:RMI Registry Port/service name.

5. In the RMI Registry Port field, enter the port number on which the RMI registry should be started. The default port number is 12345.

6. In the Listen Port (SSL) field, enter the port number on which a secure socket is opened to listen to client requests. The default port number is 12346. Click Next. The Keystore Password screen appears.

7. On the KeyStore Password screen, in the KeyStore Password field, enter a new password for the keystore. A valid password contains 6 to 30 characters, begins with an alphabetic character, and uses only alphanumeric characters and special characters like Dollar ($), Underscore (_), and Pound (#). The password must contain at least one number. In the Confirm KeyStore Password field, enter the new password again. Click Next. The Configuration Summary screen appears.

8. The Configuration Summary screen lists the application that you selected for configuration and summarizes your configuration options, such as Remote Manager Service Name, RMI Registry Port, and Remote Manager Listen Port (SSL).

   Review this summary and decide whether to start the configuration. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing this configuration of the Oracle Identity Manager Remote Manager, click Configure.

   Note:

   Before configuring an application, you can save your configuration settings and preferences in a response file. Response files are text files that you can create or edit in a text editor. You can use response files to perform a silent installation or use as templates or customized settings for your environment. For more information, see the topic "Performing Silent Installations" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

9. After you click Configure, the Configuration Progress screen appears. A configuration log is saved to the logs directory under Oracle Inventory directory. For information about the log files, see Locating Installation Log Files. If the Configuration Progress screen displays any errors, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard.

10. Click Finish.