| Oracle® Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) Part Number E12002-05 |
|
|
View PDF |
| Oracle® Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) Part Number E12002-05 |
|
|
View PDF |
This topic generally describes how to perform an Advanced Oracle Identity Federation (OIF) configuration. Refer to the next two topics in this chapter for information on performing specific Advanced Oracle Identity Federation configurations.
This topic includes the following sections:
The Advanced Oracle Identity Federation configuration provides a fast and simplified method for deploying Oracle Identity Federation with its vital components integrated and configured.
Performing the Advanced Oracle Identity Federation configuration deploys the following components:
If you configure Oracle Identity Federation in a new domain:
WebLogic Managed Server
Oracle Identity Federation
WebLogic Administration Server
Fusion Middleware Control
Optionally, Oracle HTTP Server
If you configure Oracle Identity Federation in an existing domain:
WebLogic Managed Server
Oracle Identity Federation
Optionally, Oracle HTTP Server
The Advanced Oracle Identity Federation configuration depends on the following components:
Oracle WebLogic Server
Oracle Database, if using RDBMS for User Store, Federation Store, Session Store, Message Store, or Configuration Store.
New Identity Management - Oracle Identity Federation schema existing in the database, if using RDBMS for Federation Store, Session Store, Message Store, or Configuration Store.
Database table for storing user dative using RDBMS for User Store
LDAP repository, if using LDAP for Authentication, User Store, or Federation Store.
Perform the following steps to deploy an Advanced Oracle Identity Federation configuration:
Decide if you want to use RDBMS for User Store, Federation Store, Session Store, Message Store, or Configuration Store. If you do, perform the following steps a and b.
Install the database for Oracle Identity Federation. Refer to Installing Oracle Database for more information.
Create the Identity Management - Oracle Identity Federation schema in the database. Refer to "Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU)" for more information.
Note:
The schema is not required for RDBMS User Stores.Decide if you want to use an LDAP repository for Authentication, User Store, or Federation Store. If you do, you must install the LDAP repository before you can install Oracle Identity Federation.
Ensure that Oracle Identity Federation is installed, as described in Installation Roadmap and Installing OID, OVD, ODSM, ODIP, and OIF (11.1.1.4.0).
Run <ORACLE_HOME>/bin/config.sh (On UNIX) or <ORACLE_HOME>\bin\config.bat to start the Oracle Identity Management Configuration Wizard. Click Next to continue.
On the Select Domain screen, choose whether to install Oracle Identity Federation in a new or existing domain:
To configure Oracle Identity Federation in a new domain:
Select Create New Domain.
Enter the user name for the new domain in the User Name field.
Enter the user password for the new domain in the User Password field.
Enter the user password again in the Confirm Password field.
Enter a name for the new domain in the Domain Name field.
Click Next. The Specify Installation Location screen appears.
Continue the installation by going to step 6 now.
To configure Oracle Identity Federation in an existing domain:
Select Extend Existing Domain.
Enter the name of the host that contains the domain in the Host Name field.
Enter the listen port for the WebLogic Administration Server in the Port field.
Enter the user name for the domain in the User Name field.
Enter the password for the domain user in the User Password field.
Click Next. The Specify Installation Location screen appears.
Identify the Homes, Instances, and the WebLogic Server directory by referring to Identifying Installation Directories.
Note:
To install Oracle Identity Management components in an existing Oracle WebLogic Server administration domain, each Oracle WebLogic Server Home, Oracle Middleware Home, and Oracle Home directory in the domain must have identical directory paths and names.After you enter information for each field, click Next. The Specify Security Updates screen appears.
Choose how you want to be notified about security issues:
If you want to be notified about security issues through email, enter your email address in the Email field.
If you want to be notified about security issues through My Oracle Support (formerly MetaLink), select the My Oracle Support option and enter your My Oracle Support Password.
If you do not want to be notified about security issues, leave all fields empty.
Click Next. The Configure Components screen appears.
Select Oracle Identity Federation—and optionally, Oracle HTTP Server. Refer to "Configuring Oracle HTTP Server for OIF" for information about configuring these two components simultaneously.
If you are installing Oracle Identity Federation in a new domain, the Fusion Middleware Control management component is automatically selected for installation.
Ensure no other components are selected and click Next. The Configure Ports screen appears.
Choose how you want the Installer to configure ports:
Select Auto Port Configuration if you want the Installer to configure ports from a predetermined range.
Select Specify Ports using Configuration File if you want the Installer to configure ports using the staticports.ini file. You can click View/Edit File to update the settings in the staticports.ini file.
Click Next. The Select Oracle Identity Federation Configuration Type screen appears.
Select Advanced and click Next. The Specify OIF Details screen appears.
Enter the following information:
PKCS12 Password: Enter the password Oracle Identity Federation will use for encryption and for signing wallets. The Installer automatically generates these wallets with self-signed certificates. Oracle recommends using the wallets only for testing.
Confirm Password: Enter the PKCS12 password again.
Server ID: Enter a string that will be used to identify this Oracle Identity Federation instance. A prefix of oif will be added to the beginning of the string you enter. Each logical Oracle Identity Federation instance within an Oracle WebLogic Server administration domain must have a unique Server ID. Clustered Oracle Identity Federation instances acting as a single logical instance will have the same Server ID.
Click Next. The Select OIF Advanced Flow Attributes screen appears.
Select the appropriate option for each configuration item and click Next.
Note:
User Session Store and Message Store appear in the Installer as separate configuration items, however, most deployments use the same type of repository for both stores.The screens that appear next depend on the options you selected for the configuration items on the Select OIF Advanced Flow Attributes screen. The following information describes all possible screens that may appear. This information about all possible screens that may appear is not presented in a linear sequence and your installation may not encounter all of the screens. Enter information for the appropriate screens and proceed to step 13.
If you selected LDAP for Authentication Type, the Specify Authentication LDAP Details screen will appear. Enter the following information:
LDAP Type: Select the appropriate LDAP repository.
LDAP URL: Enter the URL connection string for the LDAP repository in the form: protocol://hostname:port
Note:
If you selected Microsoft Active Directory for the LDAP Type, you must specify an SSL LDAP URL, that is, ldaps://hostname:port.LDAP Bind DN: Enter the bind DN for the LDAP repository.
LDAP Password: Enter the password for the bind DN.
User Credential ID Attribute: Enter the LDAP attribute Oracle Identity Federation will use to authenticate users. For example, if you enter mail and the value of the mail attribute for a user is jane.doe@domain.com, then Jane Doe must enter jane.doe.@domain.com when challenged. Values for the LDAP attribute you identify for User Credential ID Attribute must be unique for all users.
User Unique ID Attribute: Enter the LDAP attribute that will uniquely identify users to Oracle Identity Federation. The value you enter must be identical to the value you enter for the User Data Store's User ID Attribute parameter. For example, if you enter mail for User Unique ID Attribute and you configure the User Data Store's User ID Attribute parameter with a value of EmailAddress, then the value of mail in the authentication engine repository must equal the value of EmailAddress in the User Data Store. Values for the LDAP attribute you identify for User Unique ID Attribute must be unique for all users.
Person Object Class: Enter the LDAP object class that represents a user in the LDAP repository. For example: inetOrgPerson for Oracle Internet Directory and Sun Java System Directory Server, and user for Microsoft Active Directory.
Base DN: Enter the root DN that searches will start from.
If you selected LDAP for User Store, the Specify LDAP Attributes for User Data Store screen will appear. Enter the following information:
LDAP Type: Select the appropriate LDAP repository.
LDAP URL: Enter the URL connection string for the LDAP repository in the form: protocol://hostname:port
Note:
If you selected Microsoft Active Directory for the LDAP Type, you must specify an SSL LDAP URL, that is, ldaps://hostname:port.LDAP Bind DN: Enter the bind DN for the LDAP repository.
LDAP Password: Enter the password for the bind DN.
User Description Attribute: Enter the readable LDAP attribute that will identify the owner of a federation record. For example: uid for Oracle Internet Directory and Sun Java System Directory Server, and sAMAccountName for Microsoft Active Directory.
User ID Attribute: Enter the LDAP attribute that will uniquely identify the user during authentication. For example: uid for Oracle Internet Directory and Sun Java System Directory Server, and sAMAccountName for Microsoft Active Directory.
Person Object Class: Enter the LDAP object class that represents a user in the LDAP repository. For example: inetOrgPerson for Oracle Internet Directory and Sun Java System Directory Server, and user for Microsoft Active Directory.
Base DN: Enter the root DN that searches will start from.
If you selected RDBMS for User Store, the Specify User Store Database Details screen will appear. Enter the following information:
HostName: Enter the connection string to the database host in the form: hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form: hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Username: Enter the database username.
Password: Enter the password for the database user.
Login Table: Enter the name of the table that will store user data. The value you enter must be a valid table name, and the values you enter for User ID Attribute and User Description Attribute must be valid column names in the table you identify.
User ID Attribute: Enter the name of the table column to use for the Oracle Identity Federation user ID. The value you enter must be a valid column name in the table you identified for the Login Table parameter.
User Description Attribute: Enter the name of the table column to use for the user description. The value you enter must be a valid column name in the table you identified for the Login Table parameter.
If you selected LDAP for Federation Store, the Specify LDAP Attributes for Federation Data Store screen will appear. Enter the following information:
LDAP Type: Select the appropriate LDAP repository.
LDAP URL: Enter the URL connection string for the LDAP repository in the form: protocol://hostname:port
Note:
If you selected Microsoft Active Directory for the LDAP Type, you must specify an SSL LDAP URL, that is, ldaps://hostname:port.LDAP Bind DN: Enter the bind DN for the LDAP repository.
LDAP Password: Enter the password for the bind DN.
User Federation Record Context: Enter the location of the container where you want Oracle Identity Federation to store federation records. If the container you identify does not exist, it will be created at runtime. However, if you identify cn=example,dc=test,dc=com as the User Federation Record Context, dc=test,dc=com must exist in the LDAP repository.
LDAP Container Object Class: Optional. Enter the object class for the container that stores federation records. If this field is empty, the default value of applicationProcess is used.
Active Directory Domain: Appears only if you select Microsoft Active Directory for the LDAP Type. Enter the name of the Microsoft Active Directory domain.
If you selected RDBMS for Federation Store, the Specify Federation Store Database Details screen will appear. Enter the following information:
HostName: Enter the connection string to the database host in the form: hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form: hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Username: Enter the name of the schema owner created by RCU, which is of the form PREFIX_OIF.
Password: Enter the password for the database user.
If you selected RDBMS for User Session Store, Message Store, or Configuration Store, the Specify Transient Store Database Details screen will appear. Enter the following information:
HostName: Enter the connection string to the database host in the form: hostname:port:servicename. For Oracle Real Application Clusters (RAC), the connection string must be in the form: hostname1:port1:instance1^hostname2:port2:instance2@servicename.
Username: Enter the name of the schema owner created by RCU, which is of the form PREFIX_OIF.
Password: Enter the password for the database user.
Complete the installation by performing all the steps in Completing an Installation.
|
 Copyright © 2001, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
