Skip Headers
Oracle® Fusion Middleware Installation Guide for Oracle Identity Management
11g Release 1 (11.1.1)

Part Number E12002-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

16 Configuring Oracle Identity Manager

This chapter explains how to configure Oracle Identity Manager (OIM) in a new or existing WebLogic domain.

It includes the following topics:

Note:

The Oracle Identity Manager Configuration Wizard enables you to configure only some fundamental non-J2EE elements of Oracle Identity Manager, such as Oracle Identity Manager Server, Oracle Identity Manager Design Console, and Oracle Identity Manager Remote Manager. For more information about configuring and administering Oracle Identity Manager, see the Oracle Identity Manager System Administrator's Guide.

To invoke online help at any stage of the Oracle Identity Manager configuration process, click the Help button on the Oracle Identity Manager Configuration Wizard screens.

16.1 OIM Server Configuration Workflow

The following figure illustrates the process of configuring Oracle Identity Manager (OIM) Server.

Figure 16-1 OIM Server Configuration Workflow

Surrounding text describes Figure 16-1 .

For information about configuring Oracle Identity Manager (OIM) Server on the machine where the Administration Server is running, see Configuring OIM Server.

After configuring OIM Server, you can configure Design Console and Remote Manager on a local or remote machine. For information about configuring OIM Design Console, see Configuring OIM Design Console. For information about configuring Remote Manager, see Configuring OIM Remote Manager.

16.2 Prerequisites

The following are the prerequisites for installing and configuring Oracle Identity Management 11g Release 1 (11.1.1) products:

  1. Installing Oracle Database, as described in Installing Oracle Database.

  2. Creating and loading schemas using Oracle Fusion Middleware Repository Creation Utility (RCU), as described in Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).

  3. Installing Oracle WebLogic Server 10.3.3 and creating a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  4. For Oracle Identity Manager users only: Installing Oracle SOA Suite 11g Release 1 (11.1.1.2.0) and patching it to 11.1.1.3.0, as described in Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only).

  5. Installing the Oracle Identity Management 11g Release 1 (11.1.1.3.0) suite, as described in Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0). The Oracle Identity Management suite contains Oracle Identity Manager (OIM), Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), Oracle Authorization Policy Manager (OAPM), and Oracle Identity Navigator (OIN).

16.3 Important Notes Before You Start Configuring OIM

Before you start configuring Oracle Identity Manager, keep the following points in mind:

16.4 OIM Domain Configuration Scenarios

The following sections describe basic configuration scenarios for Oracle Identity Manager (OIM):

Note:

For additional configuration scenarios, see Oracle Identity Management Suite-Level Installation Scenarios.

16.4.1 OIM Without LDAP Sync in a New Domain

This topic describes how to configure Oracle Identity Manager (OIM) without LDAP Synchronization in a new WebLogic domain. It includes the following sections:

16.4.1.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install only Oracle Identity Manager in an environment where you may use Oracle Identity Manager as a provisioning or request solution. This option is also appropriate for Oracle Identity Manager environments that do not use Single Sign-On (SSO) or Oracle Access Manager.

16.4.1.2 Components Deployed

Performing the configuration in this section installs the following components:

  • Administration Server

  • A Managed Server for Oracle Identity Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

16.4.1.3 Dependencies

The configuration in this section depends on the following:

16.4.1.4 Procedure

Complete the following steps to configure Oracle Identity Manager in a new WebLogic administration domain and to configure Oracle Identity Manager Server, Design Console, and Remote Manager:

  1. Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. Run the <Oracle_IDM2>/common/bin/config.sh script (on UNIX). (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Welcome screen of the Oracle Fusion Middleware Configuration Wizard appears.

  3. On the Welcome screen, select Create a new WebLogic domain, and click Next. The Select Domain Source screen appears.

  4. On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.

    Select Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2].

    The Oracle SOA Suite - 11.1.1.1.0 [Oracle_SOA1] option, the Oracle JRF 11.1.1.0 [oracle_common] option, the Oracle Enterprise Manager - 11.1.1.0 [oracle_common], and the Oracle WSM Policy Manager 11.1.1.0 [oracle_common] option are also selected, by default.

    Click Next. The Specify Domain Name and Location screen appears.

  5. Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.

  6. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next.

  7. Choose JRockit SDK 160_17_R28.0.0-679 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The Configure JDBC Component Schema screen appears. This screen displays a list of the following component schemas:

    • SOA Infrastructure

    • User Messaging Service

    • OIM MDS Schema

    • OWSM MDS Schema

    • SOA MDS Schema

    • OIM Infrastructure

  8. On the Configure JDBC Component Schema screen, select a component schema that you want to modify. You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Select the driver as Oracle's Driver (Thin) for Instance connections; Versions:9.0.1,9.2.0,10,11. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  9. On the Select Optional Configuration screen, you can configure the Administration Server, JMS Distributed Destination, Managed Servers, Clusters, and Machines, Deployments and Services. Click Next.

  10. Optional: Configure the following Administration Server parameters:

    • Name

    • Listen address

    • Listen port

    • SSL listen port

    • SSL enabled or disabled

    Click Next.

  11. Optional: Configure JMS Distributed Destination, as required. Click Next.

  12. Optional: Configure Managed Servers, as required. Click Next.

  13. Optional: Configure Clusters, as required. Click Next.

    For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

  14. Optional: Assign Managed Servers to Clusters, as required. Click Next.

  15. Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.Click Next.

    Tip:

    Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.
  16. Optional: Assign servers to machines. Click Next.

  17. Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server. Click Next.

  18. On the Configuration Summary screen, you can view summaries of your configuration for deployments, application, and service. Review the domain configuration, and click Create to start creating the domain.

    After the domain configuration is complete, click Done to close the configuration wizard.

    A new WebLogic domain to support Oracle Identity Manager is created in the <MW_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <MW_HOME>/user_projects/domains directory.

  19. Start the Administration Server, as described in Starting or Stopping the Oracle Stack.

  20. Start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

  21. Configure the Oracle Identity Manager Server, Design Console, or Remote Manager, as described in Configuring OIM Server, Configuring OIM Design Console, and Configuring OIM Remote Manager.

Note:

If weblogic is not your WebLogic administrator user name, you must complete a set of manual steps after starting the servers. For more information, see Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only).

16.4.2 OIM with LDAP Sync

This topic describes how to configure Oracle Identity Manager (OIM) with LDAP Synchronization in a new or existing WebLogic domain. It includes the following sections:

16.4.2.1 Configuring OIM with LDAP Sync in a New WebLogic Domain

This section discusses the following topics:

16.4.2.1.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install only Oracle Identity Manager (OIM) in an environment where you may install Oracle Access Manager at a later time and set up integration between Oracle Identity Manager and Oracle Access Manager.

16.4.2.1.2 Components Deployed

Performing the configuration in this section installs the following components:

  • Administration Server

  • A Managed Server for Oracle Identity Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

16.4.2.1.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server.

  • Installation of the Oracle Identity Management 11g software.

  • Installation of the latest version of Oracle SOA Suite.

  • Installation of the latest version of Oracle Internet Directory and Oracle Virtual Directory under the same Middleware Home directory or on a different machine.

  • Database schemas for Oracle Identity Manager and Oracle SOA 11g Suite. For more information, see Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).

16.4.2.1.4 Procedure

Complete the following steps to configure Oracle Identity Manager in a new WebLogic administration domain, to enable LDAP sync, and to configure Oracle Identity Manager Server, Design Console, and Remote Manager:

  1. Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. Run the <Oracle_IDM2>/common/bin/config.sh script (on UNIX). (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Welcome screen of the Oracle Fusion Middleware Configuration Wizard appears.

  3. On the Welcome screen, select Create a new WebLogic domain, and click Next. The Select Domain Source screen appears.

  4. On the Select Domain Source screen, ensure that the Generate a domain configured automatically to support the following products: option is selected.

    Select Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2].

    The Oracle SOA Suite - 11.1.1.1.0 [Oracle_SOA1] option, the Oracle JRF 11.1.1.0 [oracle_common] option, the Oracle Enterprise Manager - 11.1.1.0 [oracle_common], and the Oracle WSM Policy Manager 11.1.1.0 [oracle_common] option are also selected, by default.

    Click Next. The Specify Domain Name and Location screen appears.

  5. Enter a name and a location for the domain to be created, and click Next. The Configure Administrator User Name and Password screen appears.

  6. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next.

  7. Choose JRockit SDK 160_17_R28.0.0-679 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The Configure JDBC Component Schema screen appears. This screen displays a list of the following component schemas:

    • SOA Infrastructure

    • User Messaging Service

    • OIM MDS Schema

    • OWSM MDS Schema

    • SOA MDS Schema

    • OIM Infrastructure

  8. On the Configure JDBC Component Schema screen, select a component schema that you want to modify. You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Select the driver as Oracle's Driver (Thin) for Instance connections; Versions:9.0.1,9.2.0,10,11. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  9. On the Select Optional Configuration screen, you can configure the Administration Server, JMS Distributed Destination, Managed Servers, Clusters, and Machines, Deployments and Services. Click Next.

  10. Optional: Configure the following Administration Server parameters:

    • Name

    • Listen address

    • Listen port

    • SSL listen port

    • SSL enabled or disabled

    Click Next.

  11. Optional: Configure JMS Distributed Destination, as required. Click Next.

  12. Optional: Configure Managed Servers, as required. Click Next.

  13. Optional: Configure Clusters, as required. Click Next.

    For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

  14. Optional: Assign Managed Servers to Clusters, as required. Click Next.

  15. Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.Click Next.

    Tip:

    Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.
  16. Optional: Assign servers to machines. Click Next.

  17. Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server. Click Next.

  18. On the Configuration Summary screen, you can view summaries of your configuration for deployments, application, and service. Review the domain configuration, and click Create to start creating the domain.

    After the domain configuration is complete, click Done to close the configuration wizard.

    A new WebLogic domain to support Oracle Identity Manager is created in the <MW_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <MW_HOME>/user_projects/domains directory.

  19. Start the Administration Server, as described in Starting or Stopping the Oracle Stack.

  20. Set up LDAP Synchronization, as described in Setting Up LDAP Synchronization.

  21. Start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

  22. Configure the Oracle Identity Manager Server, Design Console, or Remote Manager, as described in Configuring OIM Server, Configuring OIM Design Console, and Configuring OIM Remote Manager.

Note:

If weblogic is not your WebLogic administrator user name, you must complete a set of manual steps after starting the servers. For more information, see Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only).

16.4.2.2 OIM with LDAP Sync in an Oracle Identity Management 11.1.1.3.0 Domain Containing OID and OVD

This section discusses the following topics:

16.4.2.2.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install only Oracle Identity Manager (OIM) in an existing Oracle Identity Management environment where you have installed and configured Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD). You can enable LDAP Synchronization for Oracle Identity Manager. At a later time, you may install Oracle Access Manager and set up integration between Oracle Identity Manager and Oracle Access Manager.

16.4.2.2.2 Components Deployed

Performing the configuration in this section installs the following components:

  • A Managed Server for Oracle Identity Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

16.4.2.2.3 Dependencies

The configuration in this section depends on the following:

16.4.2.2.4 Procedure

Complete the following steps to configure Oracle Identity Manager in an existing Oracle Identity Management 11.1.1.3.0 domain that has Oracle Internet Directory and Oracle Virtual Directory installed and configured:

  1. Install Oracle WebLogic Server and create a Middleware Home, as described in Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Ensure that your Oracle Identity Management 11g installation is patched to 11.1.1.3.0, as described in Installing OID, OVD, ODSM, ODIP, and OIF (11.1.1.5.0).

  3. Run the <Oracle_IDM1>/bin/config.sh on UNIX operating systems to start the Oracle Identity Management Configuration Wizard. On Windows, run the <Oracle_IDM1>\bin\config.bat to start the wizard.

  4. On the Select Domain screen, select the Create New Domain option. Set the Administrator user name and password, as required.

  5. Ensure that you select Oracle Internet Directory and Oracle Virtual Directory on the Configure Components screen.

  6. Follow the wizard, provide the necessary input, and configure the domain.

    A new WebLogic domain to support Oracle Internet Directory and Oracle Virtual Directory is created in the <MW_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <MW_HOME>/user_projects/domains directory.

  7. Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  8. Run the <Oracle_IDM2>/common/bin/config.sh script (on UNIX). (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Oracle Fusion Middleware Configuration Wizard appears.

  9. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next. The Select a WebLogic Domain Directory screen is displayed.

  10. On the Select a WebLogic Domain Directory screen, select the Oracle Identity Management 11.1.1.3.0 domain in which you configured Oracle Internet Directory and Oracle Virtual Directory. Click Next. The Select Extension Source screen is displayed.

  11. On the Select Extension Source screen, select the following domain configuration options:

    • Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2]

      Note:

      When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2] option, the following options are also selected, by default: Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], and Oracle WSM Policy Manager - 11.1.1.0 [oracle_common].
  12. After selecting the domain configuration options, click Next. The Configure JDBC Component Schema screen is displayed.

  13. On the Configure JDBC Component Schema screen, select a component schema, such as the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, the OIM Schema, or the SOA MDS Schema, that you want to modify.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  14. On the Select Optional Configuration screen, you can configure JMS Distributed Destination, Managed Servers, Clusters, and Machines, Deployments and Services, and JMS File Store. Select the relevant check boxes and click Next.

    • Optional: Select a JMS Distributed Destination Type, as required.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required.

      For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

      Tip:

      Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.
    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure JMS File Store, as required.

  15. On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.

    Your existing Oracle Identity Management 11.1.1.1.3.0 domain with Oracle Internet Directory and Oracle Virtual Directory is extended to support Oracle Identity Manager.

  16. Start the Administration Server, as described in Starting or Stopping the Oracle Stack.

  17. Set up LDAP Synchronization, as described in Setting Up LDAP Synchronization.

  18. Verify LDAP Synchronization, as described in Verifying the LDAP Synchronization.

  19. Restart the Administration Server, as described in Restarting Servers.

  20. Start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

  21. Configure Oracle Identity Manager Server, as described in Configuring OIM Server. When configuring Oracle Identity Manager Server, ensure that you select the Enable LDAP Sync option on the BI Publisher and OAM Screen in the Oracle Identity Manager Configuration Wizard.

  22. Follow the wizard and the steps described in Configuring OIM Server to complete the server configuration. Similarly, follow the wizard to configure Oracle Identity Manager Design Console (Windows only) and to configure Oracle Identity Manager Remote Server, as described in Configuring OIM Design Console, and Configuring OIM Remote Manager.

Note:

If weblogic is not your WebLogic administrator user name, you must complete a set of manual steps after starting the servers. For more information, see Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only).

16.4.3 OIM and OIN in a New WebLogic Domain

This topic describes how to configure Oracle Identity Manager (OIM) and Oracle Identity Navigator (OIN) together in a new WebLogic administration domain. It includes the following sections:

16.4.3.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Identity Manager in an environment where you want to use Oracle Identity Navigator as a centralized user interface to discover Oracle Identity Manager. You can also launch the Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, or Oracle Identity Manager Advanced Administration Console from within the Oracle Identity Navigator user interface.

16.4.3.2 Components Deployed

Performing the configuration in this section deploys the following:

  • Administration Server

  • Managed Server for Oracle Identity Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Managed Server

  • Oracle Identity Navigator application on the Administration Server

16.4.3.3 Dependencies

The configuration in this section depends on the following:

16.4.3.4 Procedure

Perform the following steps to configure Oracle Identity Manager and Oracle Identity Navigator together in a new WebLogic domain:

  1. Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. Run the <Oracle_IDM2>/common/bin/config.sh script (on UNIX). (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Oracle Fusion Middleware Configuration Wizard appears.

  3. On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen is displayed.

  4. On the Select Domain Source screen, select the Generate a domain configured automatically to support the following products: option.

  5. Select the following domain configuration options:

    • Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2]

      Note:

      When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2] option, the following options are also selected, by default:

      Oracle JRF - 11.1.1.0 [oracle_common], Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], Oracle WSM Policy Manager - 11.1.1.0 [oracle_common], and Oracle Enterprise Manager - 11.1.1.0 [oracle_common]

    • Oracle Identity Navigator - 11.1.1.3.0 [Oracle_IDM2]

  6. After selecting the domain configuration options, click Next. The Specify Domain Name and Location screen is displayed.

  7. On the Specify Domain Name and Location screen, enter a name and location for the domain to be created. In addition, enter a location to store applications for the domain. Click Next. The Configure Administrator User Name and Password screen is displayed.

  8. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next. The Configure Server Start Mode and JDK screen is displayed.

  9. Choose JRockit SDK 160_17_R28.0.0-679 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. The JDBC Component Schema screen appears.

  10. On the Configure JDBC Component Schema screen, select a component schema, such as the OIM Infrastructure Schema, the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, or the SOA MDS Schema, that you want to modify.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  11. On the Select Optional Configuration screen, you can configure Administration Server, Managed Servers, Clusters, and Machines, Deployments and Services, JMS File Store, and RDBMS Security Store. Select the relevant check boxes and click Next.

    • Optional: Configure Administration Server, as required.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required.

      For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

      Tip:

      Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.
    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure JMS File Store, as required.

    • Optional: Configure RDBMS Security Store, as required.

  12. On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain. After the domain configuration is complete, click Done.

    A new WebLogic domain to support Oracle Identity Manager and Oracle Identity Navigator is created in the <MW_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <MW_HOME>/user_projects/domains directory.

    Note:

    If you want to start the SOA Server on a remote machine, then you must manually copy the composite files from the <DOMAIN_HOME>/soa/autodeploy directory on the local machine to the <DOMAIN_HOME>/soa/autodeploy directory on the remote machine after running the unpack command on the remote machine. If the <DOMAIN_HOME>/soa/autodeploy directory does not exist on the remote machine, you must create this directory before copying the composite files.
  13. Start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

  14. Configure Oracle Identity Manager Server, as described in Configuring OIM Server.

  15. Follow the wizard and the steps described in Configuring OIM Server to complete the Oracle Identity Manager Server configuration. Similarly, follow the wizard to configure Oracle Identity Manager Design Console (Windows only) and to configure Oracle Identity Manager Remote Server, as described in Configuring OIM Design Console, and Configuring OIM Remote Manager.

Note:

If weblogic is not your WebLogic administrator user name, you must complete a set of manual steps after starting the servers. For more information, see Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only).

16.4.4 OIM and OAM in a WebLogic Domain Containing OIN

This topic describes how to configure Oracle Identity Manager (OIN) and Oracle Access Manager (OAM) together in a WebLogic administration domain that has Oracle Identity Navigator (OIN) installed. It includes the following sections:

16.4.4.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Identity Manager and Oracle Access Manager in an environment where Oracle Identity Navigator is already installed. You can set up integration between Oracle Identity Manager and Oracle Access Manager, as described in Integration Between OIM and OAM. You can use the Oracle Identity Navigator user interface to discover and access product consoles for Oracle Identity Manager and Oracle Access Manager.

16.4.4.2 Components Deployed

Performing the configuration in this section deploys the following:

  • Managed Servers for Oracle Identity Manager and Oracle Access Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

  • Oracle Access Manager Console on the Administration Server

16.4.4.3 Dependencies

The configuration in this section depends on the following:

  • Oracle WebLogic Server.

  • Installation of the Oracle Identity Management 11g software.

  • Installation of the latest version of Oracle SOA Suite (this is required by Oracle Identity Manager)

  • Database schemas for Oracle Identity Manager, Oracle SOA Suite, and Oracle Access Manager. For more information, see Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).

  • Configuration of Oracle Identity Navigator in a new WebLogic domain.

16.4.4.4 Procedure

Perform the following steps to configure Oracle Identity Manager and Oracle Access Manager in a WebLogic domain that has Oracle Identity Navigator installed:

  1. Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. Configure only Oracle Identity Navigator in a new WebLogic domain, as described in Configuring Only OIN in a New WebLogic Domain.

  3. Verify the installation of Oracle Identity Navigator, as described in Verifying OIN.

  4. Install Oracle SOA Suite under the same Middleware Home. Refer to Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only) for more information.

  5. Run the <Oracle_IDM2>/common/bin/config.sh script (on UNIX). (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Oracle Fusion Middleware Configuration Wizard appears.

  6. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.

  7. On the Select a WebLogic Domain Directory screen, browse to the directory that contains the WebLogic domain in which you configured Oracle Identity Navigator. Click Next. The Select Extension Source screen appears.

  8. On the Select Extension Source screen, select the following domain configuration options:

    • Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2]

      Note:

      When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2] option, the following options are also selected, by default: Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], Oracle Enterprise Manager - 11.1.1.0 [oracle_common], and Oracle WSM Policy Manager - 11.1.1.0 [oracle_common].
    • Oracle Access Manager with Database Policy Store - 11.1.1.3.0 [Oracle_IDM2]

  9. After selecting the domain configuration options, click Next. The Specify Domain Name and Location screen is displayed.

  10. On the Specify Domain Name and Location screen, enter a location to store applications for the domain. Click Next. The Configure JDBC Component Schema screen is displayed.

  11. On the Configure JDBC Component Schema screen, select a component schema, such as the OIM Infrastructure Schema, the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, or the SOA MDS Schema, that you want to modify.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  12. On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines, Deployments and Services, and JMS File Store. Select the relevant check boxes and click Next.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required.

      For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

      Tip:

      Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.
    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure JMS File Store, as required.

  13. On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain. When the domain configuration is complete, click Done.

    The existing Oracle Identity Navigator domain is configured to support Oracle Identity Manager and Oracle Access Manager.

    Note:

    If you want to start the SOA Server on a remote machine, then you must manually copy the composite files from the <DOMAIN_HOME>/soa/autodeploy directory on the local machine to the <DOMAIN_HOME>/soa/autodeploy directory on the remote machine after running the unpack command on the remote machine. If the <DOMAIN_HOME>/soa/autodeploy directory does not exist on the remote machine, you must create this directory before copying the composite files.
  14. Restart the Administration Server, as described in Restarting Servers.

  15. Start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

  16. Configure Oracle Identity Manager Server, as described in Configuring OIM Server.

  17. Follow the wizard and the steps described in Configuring OIM Server to complete the Oracle Identity Manager Server configuration. Similarly, follow the wizard to configure Oracle Identity Manager Design Console (Windows only) and to configure Oracle Identity Manager Remote Server, as described in Configuring OIM Design Console, and Configuring OIM Remote Manager.

Note:

If weblogic is not your WebLogic administrator user name, you must complete a set of manual steps after starting the servers. For more information, see Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only).

16.4.5 OIM and OIN in a WebLogic Domain Containing OAM

This topic describes how to configure Oracle Identity Manager (OIM) and Oracle Identity Navigator (OIN) together in a WebLogic domain that has Oracle Access Manager (OAM) installed. It includes the following sections:

16.4.5.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Identity Manager and Oracle Identity Navigator in an Oracle Identity Management environment where Oracle Access Manager is already installed. You can set up integration between Oracle Identity Manager and Oracle Access Manager, as described in Integration Between OIM and OAM. You can use the Oracle Identity Navigator user interface to discover and access product consoles for both Oracle Identity Manager and Oracle Access Manager.

16.4.5.2 Components Deployed

Performing the configuration in this section deploys the following:

  • Managed Server for Oracle Identity Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

  • Oracle Identity Navigator application on the existing Administration Server

16.4.5.3 Dependencies

The configuration in this section depends on the following:

16.4.5.4 Procedure

Perform the following steps to configure Oracle Identity Manager and Oracle Identity Navigator together in a WebLogic administration domain that has Oracle Access Manager installed:

  1. Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. Configure only Oracle Access Manager in a new WebLogic domain, as described in OAM in a New WebLogic Domain.

  3. Verify the installation of Oracle Access Manager, as described in Verifying the OAM Installation.

  4. Run the <Oracle_IDM2>/common/bin/config.sh script (on UNIX). (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Oracle Fusion Middleware Configuration Wizard appears.

  5. On the Welcome screen, select the Extend an existing WebLogic domain option. Click Next.

  6. On the Select a WebLogic Domain Directory screen, browse to the directory that contains the WebLogic domain in which you configured Oracle Access Manager. Click Next. The Select Extension Source screen appears.

  7. On the Select Extension Source screen, select the following domain configuration options:

    • Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2]

      Note:

      When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2] option, the following options are also selected, by default: Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], Oracle Enterprise Manager - 11.1.1.0 [oracle_common], and Oracle WSM Policy Manager - 11.1.1.0 [oracle_common].
    • Oracle Identity Navigator - 11.1.1.3.0 [Oracle_IDM2]

  8. After selecting the domain configuration options, click Next. The Specify Domain Name and Location screen is displayed.

  9. On the Specify Domain Name and Location screen, enter a location to store applications for the domain. Click Next. The Configure JDBC Component Schema screen is displayed.

  10. On the Configure JDBC Component Schema screen, select a component schema, such as the OIM Infrastructure Schema, the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, or the SOA MDS Schema, that you want to modify.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  11. On the Select Optional Configuration screen, you can configure Managed Servers, Clusters, and Machines, Deployments and Services, and JMS File Store. Select the relevant check boxes and click Next.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required.

      For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

      Tip:

      Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.
    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure JMS File Store, as required.

  12. On the Configuration Summary screen, review the domain configuration, and click Extend to start extending the domain.

    Your existing WebLogic domain with Oracle Access Manager is extended to support Oracle Identity Manager and Oracle Identity Navigator.

    Note:

    If you want to start the SOA Server on a remote machine, then you must manually copy the composite files from the <DOMAIN_HOME>/soa/autodeploy directory on the local machine to the <DOMAIN_HOME>/soa/autodeploy directory on the remote machine after running the unpack command on the remote machine. If the <DOMAIN_HOME>/soa/autodeploy directory does not exist on the remote machine, you must create this directory before copying the composite files.
  13. Restart the Administration Server, as described in Restarting Servers.

  14. Start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

  15. Configure Oracle Identity Manager Server, as described in Configuring OIM Server.

  16. Follow the wizard and the steps described in Configuring OIM Server to complete the Oracle Identity Manager Server configuration. Similarly, follow the wizard to configure Oracle Identity Manager Design Console (Windows only) and to configure Oracle Identity Manager Remote Server, as described in Configuring OIM Design Console, and Configuring OIM Remote Manager.

Note:

If weblogic is not your WebLogic administrator user name, you must complete a set of manual steps after starting the servers. For more information, see Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only).

16.4.6 OIM, OAM, and OIN in a New WebLogic Domain

This topic describes how to configure Oracle Identity Manager (OIM), Oracle Access Manager (OAM), and Oracle Identity Navigator (OIN) together in a new WebLogic administration domain. It includes the following sections:

16.4.6.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Identity Manager, Oracle Access Manager, and Oracle Identity Navigator together in an Oracle Identity Management environment. You can set up integration between Oracle Identity Manager and Oracle Access Manager, as described in Integration Between OIM and OAM. You can use the Oracle Identity Navigator user interface to discover and access product consoles for Oracle Identity Manager and Oracle Access Manager.

At a later time, you can also add Oracle Adaptive Access Manager to this environment and set up integration between Oracle Access Manager and Oracle Adaptive Access Manager.

16.4.6.2 Components Deployed

Performing the configuration in this section deploys the following:

  • Administration Server

  • Managed Servers for Oracle Identity Manager and Oracle Access Manager

  • Oracle Identity Administration Console, Oracle Identity Manager Self Service Console, and Oracle Identity Manager Advanced Administration Console on the Oracle Identity Manager Managed Server

  • Oracle Identity Navigator application and Oracle Access Manager Console on the Administration Server

16.4.6.3 Dependencies

The configuration in this section depends on the following:

16.4.6.4 Procedure

Perform the following steps to configure Oracle Identity Manager, Oracle Access Manager, and Oracle Identity Navigator together in a new WebLogic domain:

  1. Ensure that all the prerequisites, listed in Prerequisites, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. Run the <Oracle_IDM2>/common/bin/config.sh script (on UNIX). (<Oracle_IDM2>\common\bin\config.cmd on Windows). The Oracle Fusion Middleware Configuration Wizard appears.

  3. On the Welcome screen, select the Create a new WebLogic domain option. Click Next. The Select Domain Source screen is displayed.

  4. On the Select Domain Source screen, select the Generate a domain configured automatically to support the following products: option.

  5. Select the following domain configuration options:

    • Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2]

      Note:

      When you select the Oracle Identity Manager - 11.1.1.3.0 [Oracle_IDM2] option, the following options are also selected, by default: Oracle SOA Suite - 11.1.1.0 [Oracle_SOA1], Oracle Enterprise Manager - 11.1.1.0 [oracle_common], Oracle JRF - 11.1.1.0 [oracle_common], and Oracle WSM Policy Manager - 11.1.1.0 [oracle_common].
    • Oracle Access Manager with Database Policy Store - 11.1.1.3.0 [Oracle_IDM2]

    • Oracle Identity Navigator - 11.1.1.3.0 [Oracle_IDM2]

  6. After selecting the domain configuration options, click Next. The Specify Domain Name and Location screen is displayed.

  7. On the Specify Domain Name and Location screen, enter a name and location for the domain to be created. In addition, enter a location to store applications for the domain. Click Next. The Configure Administrator User Name and Password screen is displayed.

  8. Configure a user name and a password for the administrator. The default user name is weblogic. Click Next. The Configure Server Start Mode and JDK screen is displayed.

  9. Choose JRockit SDK 160_17_R28.0.0-679 and Production Mode in the Configure Server Start Mode and JDK screen of the Oracle Fusion Middleware Configuration Wizard. Click Next. If you selected Oracle Access Manager with Database Policy Store - 11.1.1.3.0 [Oracle_IDM2] option on the Select Extension Source screen, the Configure JDBC Data Sources Screen is displayed. Configure the oamDS data source, as required. After the test succeeds, the Configure JDBC Component Schema screen is displayed.

  10. On the Configure JDBC Component Schema screen, select a component schema, such as the OIM Infrastructure Schema, the SOA Infrastructure Schema, the User Messaging Service Schema, the OWSM MDS Schema, the OIM MDS Schema, or the SOA MDS Schema, that you want to modify.

    You can set values for Schema Owner, Schema Password, Database and Service, Host Name, and Port. Click Next. The Test JDBC Component Schema screen appears. After the test succeeds, the Select Optional Configuration screen appears.

  11. On the Select Optional Configuration screen, you can configure Administration Server, Managed Servers, Clusters, and Machines, Deployments and Services, JMS File Store, and RDBMS Security Store. Select the relevant check boxes and click Next.

    • Optional: Configure Administration Server, as required.

    • Optional: Configure Managed Servers, as required.

    • Optional: Configure Clusters, as required.

      For more information about configuring clusters for Oracle Identity Management products, see the "Configuring High Availability for Identity Management Components" topic in the guide Oracle Fusion Middleware High Availability Guide.

    • Optional: Assign Managed Servers to Clusters, as required.

    • Optional: Configure Machines, as needed. This step is useful when you want to run the Administration Server on one machine and Managed Servers on another physical machine.

      Tip:

      Before configuring a machine, use the ping command to verify whether the machine or host name is accessible.
    • Optional: Assign the Administration Server to a machine.

    • Optional: Select Deployments, such as applications and libraries, and Services to target them to a particular cluster or server.

    • Optional: Configure JMS File Store, as required.

    • Optional: Configure RDBMS Security Store, as required.

  12. On the Configuration Summary screen, review the domain configuration, and click Create to start creating the domain.

    A new WebLogic domain to support Oracle Identity Manager, Oracle Access Manager, and Oracle Identity Navigator is created in the <MW_HOME>\user_projects\domains directory (on Windows). On UNIX, the domain is created in the <MW_HOME>/user_projects/domains directory.

    Note:

    If you want to start the SOA Server on a remote machine, then you must manually copy the composite files from the <DOMAIN_HOME>/soa/autodeploy directory on the local machine to the <DOMAIN_HOME>/soa/autodeploy directory on the remote machine after running the unpack command on the remote machine. If the <DOMAIN_HOME>/soa/autodeploy directory does not exist on the remote machine, you must create this directory before copying the composite files.
  13. Start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

  14. Configure Oracle Identity Manager Server, as described in Configuring OIM Server.

  15. Follow the wizard and the steps described in Configuring OIM Server to complete the Oracle Identity Manager Server configuration. Similarly, follow the wizard to configure Oracle Identity Manager Design Console (Windows only) and to configure Oracle Identity Manager Remote Server, as described in Configuring OIM Design Console, and Configuring OIM Remote Manager.

Note:

If weblogic is not your WebLogic administrator user name, you must complete a set of manual steps after starting the servers. For more information, see Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only).

16.5 Starting the Servers

After installing and configuring Oracle Identity Manager in a WebLogic domain, you must run the Oracle WebLogic Administration Server and various Managed Servers, as described in Starting the Stack.

Note:

If weblogic is not your WebLogic administrator user name, you must complete a set of manual steps after starting the servers. For more information, see Optional: Updating the WebLogic Administrator Server User Name in Oracle Enterprise Manager Fusion Middleware Control (OIM Only).

16.6 Configuring OIM Server, Design Console, and Remote Manager

The Oracle Identity Management 11g Configuration Wizard enables you to configure Oracle Identity Manager (OIM) Server, Design Console (Windows only), and Remote Manager.

If you are configuring OIM Server, you must run this configuration wizard on the machine where the Administration Server is running.

You must complete this additional configuration for Oracle Identity Manager components after configuring Oracle Identity Manager in a new or existing WebLogic administration domain.

Note:

You can run the Oracle Identity Manager Configuration Wizard to configure Oracle Identity Manager Server only once during the initial setup. After the initial setup, you cannot run the Oracle Identity Manager Configuration Wizard again to modify the configuration of Oracle Identity Manager Server, Design Console, or Remote Manager. For such modifications, you must use Oracle Enterprise Manager Fusion Middleware Control.

Note that Oracle Identity Manager requires Oracle SOA Suite 11g (11.1.1.3.0), which should be exclusive to Oracle Identity Management. You must install Oracle SOA Suite before configuring Oracle Identity Manager. If you are setting up integration between Oracle Identity Manager and Oracle Access Manager, ensure that Oracle Identity Manager, Oracle Access Manager, and Oracle SOA Suite are configured in the same domain.

This section discusses the following topics:

16.6.1 Scope of Configuration Using the Oracle Identity Manager 11g Configuration Wizard

You can use the Oracle Identity Manager 11g Configuration Wizard to configure the non-J2EE components and elements of Oracle Identity Manager. Most of the J2EE configuration is done automatically in the domain template for Oracle Identity Manager.

16.6.2 Scenario 1: Oracle Identity Manager Server and Design Console on Different Machines

In this scenario, you configure Oracle Identity Manager Server on one machine, and install and configure only Oracle Identity Manager Design Console on a different Windows machine (a development or design system).

The following are the high-level tasks in this scenario:

  1. Install and configure Oracle Identity Manager Server on a machine after completing all the prerequisites, as described in Configuring OIM Server. Ensure that the Oracle Identity Manager Server is up and running.

  2. On a different Windows machine, install the Oracle Identity Management 11g (11.1.1.3.0) software containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator. For information, see Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0).

  3. On the Windows machine where you installed the Oracle Identity Management 11g (11.1.1.3.0) software, run the Oracle Identity Manager Configuration Wizard to configure only Design Console. Note that you must provide the Oracle Identity Manager Server information, such as host and URL, when configuring Design Console. For more information, see Installing and Configuring Only OIM Design Console on Windows.

16.6.3 Scenario 2: Oracle Identity Manager Server and Remote Manager on Different Machines

In this scenario, you configure Oracle Identity Manager Server on one machine, and install and configure only Oracle Identity Manager Remote Manager on a different machine.

The following are the high-level tasks in this scenario:

  1. Install and configure Oracle Identity Manager Server on a machine after completing all the prerequisites, as described in Configuring OIM Server. Ensure that the Oracle Identity Manager Server is up and running.

  2. On a different machine, install the Oracle Identity Management 11g (11.1.1.3.0) software containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator. For information, see Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0).

  3. On the machine where you installed the Oracle Identity Management 11g (11.1.1.3.0) software, run the Oracle Identity Manager Configuration Wizard to configure only Remote Manager. Note that you must provide the Oracle Identity Manager Server information, such as host and URL, when configuring Remote Manager. For more information, see Configuring OIM Remote Manager.

16.6.4 Scenario 3: Oracle Identity Manager Server, Design Console, and Remote Manager on a Single Windows Machine

In this scenario, suitable for test environments, you install and configure Oracle Identity Manager Server, Design Console, and Remote Manager on a single Windows machine.

The following are the high-level tasks in this scenario:

  1. Install and configure Oracle Identity Manager Server on a machine after completing all the prerequisites, as described in Configuring OIM Server. Ensure that the Oracle Identity Manager Server is up and running.

  2. On the same machine, configure Design Console, as described in Configuring OIM Design Console.

  3. On the same machine, configure Remote Manager, as described in Configuring OIM Remote Manager.

16.7 Before Configuring OIM Server, Design Console, or Remote Manager

Before configuring Oracle Identity Manager (OIM) using the Oracle Identity Manager Wizard, ensure that you have completed the prerequisites for configuring Oracle Identity Manager components (Server, Design Console, and Remote Manager).

The Oracle Identity Manager 11g Configuration Wizard prompts you to enter information about certain configurations, such as Database, Schemas, WebLogic Administrator User Name and Password, and LDAP Server. Therefore, keep this information ready with you before starting the Identity Management 11g Configuration Wizard.

This section discusses the following topics:

16.7.1 Prerequisites for Configuring OIM Server

Before you can configure Oracle Identity Manager (OIM) Server using the Oracle Identity Manager Configuration Wizard, you must complete the following prerequisites:

  1. Installing Oracle WebLogic Server 10.3.3 and created a Middleware Home directory. For more information, see Installing Oracle WebLogic Server 10.3.3 and Creating the Oracle Middleware Home.

  2. Installing a supported version of Oracle database. For more information, see Installing Oracle Database.

  3. Creating and loading the required schemas (OIM and MDS) in the database. For more information, see Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).

  4. Installing Oracle SOA Suite 11g Release 1(11.1.1.3.0) under the same Middleware Home directory. For more information, see Installing the Latest Version of Oracle SOA Suite (Oracle Identity Manager Users Only).

  5. Installing the Oracle Identity Management Suite (the suite that contains Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator) under the Middleware Home directory. For more information, see Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0).

  6. Configuring Oracle Identity Manager and Oracle SOA Suite in the same WebLogic administration domain (a new or existing domain). For more information, see the following example scenarios:

  7. Starting the Oracle WebLogic Administration Server for the domain in which the Oracle Identity Manager application is deployed. For more information, see Starting the Stack.

  8. Optional: Installing Oracle HTTP Server 11g Webgate for Oracle Access Manager, if you want to set up integration between Oracle Identity Manager and Oracle Access Manager. For more information, see Migrating from Domain Agent to Oracle HTTP Server 10g Webgate for OAM.

  9. Optional: Setting up LDAP Synchronization for Oracle Identity Manager, if you want to enable LDAP Sync. For more information, see Setting Up LDAP Synchronization.

  10. Optional: Installing Oracle BI Publisher, if you want to configure Oracle BI Publisher for reporting features in Oracle Identity Manager. For more information, see the guide Oracle Fusion Middleware Quick Installation Guide for Oracle Business Intelligence.

16.7.2 Prerequisites for Configuring Only OIM Design Console on a Different Machine

On the machine where you are installing and configuring Design Console, you must install the Oracle Identity Management 11g (11.1.1.3.0) software containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator. For information, see Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0).

Before you can configure Oracle Identity Manager (OIM) Design Console by running the Oracle Identity Manager Configuration Wizard, you should have configured the Oracle Identity Manager Server, as described in Configuring OIM Server on a local or remote machine. In addition, the Oracle Identity Manager Server should be up and running.

Note:

Oracle Identity Manager Design Console is supported on Windows operating systems only. If you are installing and configuring only Design Console on a machine, you do not need to install Oracle WebLogic Server and create a Middleware Home directory before installing the Oracle Identity Management software.

16.7.3 Prerequisites for Configuring Only OIM Remote Manager on a Different Machine

On the machine where you are installing and configuring Remote Manager, you must install the Oracle Identity Management 11g (11.1.1.3.0) software containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator. For information, see Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0).

Before you can configure Oracle Identity Manager (OIM) Remote Manager by running the Oracle Identity Manager Configuration Wizard, you should have configured the Oracle Identity Manager Server, as described in Configuring OIM Server. In addition, the Oracle Identity Manager Server should be up and running.

Note:

If you are installing and configuring only Remote Manager on a machine, you do not need to install Oracle WebLogic Server and create a Middleware Home directory before installing the Oracle Identity Management software.

16.8 Starting the Oracle Identity Manager 11g Configuration Wizard

To start the Oracle Identity Manager 11g Configuration Wizard, execute the <Oracle_IDM2>/bin/config.sh script (on UNIX) on the machine where the Administration Server is running. (<Oracle_IDM2>\bin\config.bat on Windows). The Oracle Identity Management 11g Configuration Wizard starts, and the Welcome Screen appears.

Note:

If you have extended an existing WebLogic domain to support Oracle Identity Manager, you must restart the Administration Server before starting the Oracle Identity Manager Configuration Wizard to configure Oracle Identity Manager Server, Design Console, or Remote Manager.

16.9 Configuring OIM Server

This topic describes how to install and configure only Oracle Identity Manager (OIM) Server. It includes the following sections:

16.9.1 Appropriate Deployment Environment

Perform the configuration in this topic if you want to install Oracle Identity Manager Server on a separate host.

16.9.2 Components Deployed

Performing the configuration in this section deploys only Oracle Identity Manager Server.

16.9.3 Dependencies

The installation and configuration in this section depends on Oracle WebLogic Server, on Oracle SOA Suite, and on the installation of Oracle Identity Management 11g software. For more information, see Preparing to Install Oracle Identity Management and Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0).

16.9.4 Procedure

Perform the following steps to configure only Oracle Identity Manager Server:

  1. Ensure that all the prerequisites, described in Prerequisites for Configuring OIM Server, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. On the machine where the Administration Server is running, start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard. The Welcome screen appears.

  3. On the Welcome screen, click Next. The Components to Configure screen appears.

    On the Components to Configure screen, ensure that only the OIM Server option is selected. It is selected, by default. Click Next. The Database screen appears.

  4. On the Database screen, enter the full path, listen port, and service name for the database in the Connect String field. For a single host instance, the format of connect string is hostname:port:servicename. For example, if the hostname is aaa.bbb.com, port is 1234, and the service name is xxx.bbb.com, then you must enter the connect string for a single host instance as follows:

    aaa.bbb.com:1234:xxx.bbb.com

    If you are using a Real Application Cluster database, the format of the database connect string is as follows:

    hostname1:port1^hostname2:port2@servicename

    Note:

    You can use the same database or different databases for creating the Oracle Identity Manager schema and the Metadata Services schema.
  5. In the OIM Schema User Name field, enter the name of the schema that you created for Oracle Identity Manager using the Oracle Fusion Middleware Repository Creation Utility (RCU). For more information, see Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).

  6. In the OIM Schema Password field, enter the password for the Oracle Identity Manager schema that you set while creating the schema using the Oracle Fusion Middleware Repository Creation Utility (RCU).

  7. If you want to use a different database for the Metadata Services (MDS) schema, select the Select different database for MDS Schema check box.

  8. If you choose to use a different database for MDS schema, In the MDS Connect String field, enter the full path, listen port, and service name for the database associated with the MDS schema. For the format of the connect string, see Step 4.

    In the MDS Schema User Name field, enter the name of the schema that you created for AS Common Services - Metadata Services using the Oracle Fusion Middleware Repository Creation Utility (RCU). For more information, see Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).

    In the MDS Schema Password field, enter the password for the AS Common Services - Metadata Services schema that you set while creating the schema using the Oracle Fusion Middleware Repository Creation Utility (RCU). Click Next. The WebLogic Admin Server screen appears.

  9. On the WebLogic Admin Server screen, in the WebLogic Admin Server URL field, enter the URL of the WebLogic Administration Server of the domain in the following format:

    t3://hostname:port

    In the UserName field, enter the WebLogic administrator user name of the domain in which the Oracle Identity Manager (OIM) application and the Oracle SOA Suite application are deployed. If you are setting up integration between Oracle Identity Manager and Oracle Access Manager, the Oracle Access Manager application is also configured in the same domain.

    In the Password field, enter the WebLogic administrator password of the domain in which the Oracle Identity Manager (OIM) application and the Oracle SOA Suite application are deployed. Click Next.

    The OIM Server screen appears. The OIM Server screen enables you to set a password for the system administrator (xelsysadm).

  10. On the OIM Server screen, in the OIM Administrator Password field, enter a new password for the administrator. A valid password contains at least 6 characters; begins with an alphabetic character; includes at least one number, one uppercase letter, and one lowercase letter. The password cannot contain the first name, last name, or the login name for Oracle Identity Manager.

  11. In the Confirm User Password field, enter the new password again.

  12. In the OIM HTTP URL field, enter the http URL that front-ends the Oracle Identity Manager application.

    The URL is of the format: http(s)://<oim_host>:<oim_port>. For example, https://localhost:7002.

  13. In the KeyStore Password field, enter a new password for the keystore. A valid password can contain 6 to 30 characters, begin with an alphabetic character, and use only alphanumeric characters and special characters like Dollar ($), Underscore (_), and Pound (#). The password must contain at least one number.

  14. In the Confirm Keystore Password field, enter the new password again. Click Next. The LDAP Sync and OAM screen appears.

    The LDAP Sync and OAM screen enables you to perform the following optional tasks:

    • Enable synchronization of Oracle Identity Manager roles, users, and their hierarchy to an LDAP directory

    • Enable Identity Administration Integration with Oracle Access Manager (OAM)

    • Configure Oracle Identity Manager to use Oracle BI Publisher for reporting purposes

  15. Optional: To enable LDAP Sync, you must select the Enable LDAP Sync option on the LDAP Sync and OAM screen. However, note that you must first set up LDAP Sync for Oracle Identity Manager (OIM), as described in Setting Up LDAP Synchronization, before enabling LDAP Sync.

  16. Optional: To enable identity administration integration with Oracle Access Manager, select the Enable Identity Administration Integration with OAM option on the LDAP Sync and OAM screen, and enter the following information:

    • Password of Access Gate - Enter the access gate password for Oracle Identity Manager. This password is generated when you run the configureOIM WLST command to configure Oracle Access Manager (OAM) for Oracle Identity Manager (OIM) integration. For more information about this WLST command and the complete setup to integrate OIM and OAM, see Setting Up Integration Between OIM and OAM Using the Domain Agent.

    • Domain of Cookie - Enter the domain of the machine on which Oracle HTTP Server for Oracle Identity Manager is running. For example, examplehost.exampledomain.com

    Note:

    When you choose to enable identity administration integration with Oracle Access Manager, LDAP Synchronization is enabled, by default.
  17. Optional: To configure Oracle Identity Manager to use Oracle BI Publisher for reporting purposes, select the Configure BI Publisher option, and enter the BI Publisher URL in the BI Publisher URL field. Note that you should have installed Oracle BI Publisher on a local or remote machine before selecting the Configure BI Publisher option on the LDAP Sync and OAM screen. In addition, ensure that Oracle BI Publisher is up and running.

  18. After making your selections, click Next on the LDAP Sync and OAM screen. If you chose to enable identity administration integration with OAM or enable LDAP Sync, the LDAP Server screen appears.

    The LDAP Server screen enables you to specify the following Oracle Virtual Directory information:

    • LDAP URL - enter the LDAP URL in the format: ldap://ovd_host:ovd_port

    • LDAP User - enter the LDAP user name.

    • LDAP Password - enter the LDAP password.

    • LDAP SearchDN - enter the Distinguished Names (DN). For example, dc=oracle, dc=com. SearchDN is the OVD searchbase for users and roles in LDAP, and Oracle Identity Manager uses this container for reconciliation.

    Click Next. The LDAP Server Continued screen appears.

  19. On the LDAP Server Continued screen, enter the following LDAP information:

    • LDAP RoleContainer - enter a name for the container that will be used as a default container of roles in the LDAP directory. You can configure isolation rules in Oracle Identity Manager to create roles in different containers in LDAP. For example, cn=groups, dc=mycountry, dc=com.

    • LDAP RoleContainer Description - enter a description for the default role container.

    • LDAP Usercontainer - enter a name for the container that will be used as a default container of users in the LDAP directory. You can configure isolation rules in Oracle Identity Manager to create users in different containers in LDAP. For example, cn=users, dc=mycountry, dc=com.

    • LDAP Usercontainer Description - enter a description for the default user container.

    • User Reservation Container - enter a name for the container that will be used for reserving user names in the LDAP directory while their creation is being approved in Oracle Identity Manager. When the user names are approved, they are moved from the reservation container to the user container in the LDAP directory. For example, cn=reserve, dc=mycountry, dc=com.

    Note:

    For more information about user reservation containers in Oracle Internet Directory, see the guide Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.

    After enabling LDAP synchronization, you can verify it by using the Oracle Identity Manager Administration Console. For more information, see Verifying the LDAP Synchronization. Click Next. The Configuration Summary screen appears.

  20. If you did not choose the Enable LDAP Sync option or the Enable Identity Administration Integration with OAM option on the LDAP Sync and OAM screen, the Configuration Summary screen appears after you enter information in the OIM Server screen.

    The Configuration Summary screen lists the applications you selected for configuration and summarizes your configuration options, such as database connect string, OIM schema user name, MDS schema user name, WebLogic Admin Server URL, WebLogic Administrator user name, and OIM HTTP URL.

    Review this summary and decide whether to start the configuration. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing this configuration of the Oracle Identity Manager Server, click Configure.

    Note:

    Before configuring an application, you can save your configuration settings and preferences in a response file. Response files are text files that you can create or edit in a text editor. You can use response files to perform a silent installation or use as templates or customized settings for your environment. For more information, see Performing a Silent Installation.

    After you click Configure, the Configuration Progress screen appears. Click Next.

    A configuration log is saved to the logs directory under Oracle Inventory directory. For information about the log files, see Installation Log Files. If the Configuration Progress screen displays any errors, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard.

  21. Click Finish.

Note:

If the configuration fails, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

16.9.5 Post-Configuration Steps

After installing and configuring Oracle Identity Manager Server, you must complete the following manual steps:

  • Set the XEL_HOME variable in the setenv script (setenv.bat on Windows, and setenv.sh on UNIX) as follows:

    On Windows: Edit the <IDM_Home>\server\bin\setenv.bat file in a text editor, and set the path of the XEL_HOME variable to the absolute path of <IDM_Home>\server. For example, if your IDM_Home is the C:\oracle\Middleware\Oracle_IDM1 directory, then set XEL_HOME in the setenv.bat file to the C:\oracle\Middleware\Oracle_IDM1\server directory.

    On UNIX: Edit the <IDM_Home>/server/bin/setenv.sh file in a text editor, and set the path of the XEL_HOME variable to the absolute path of <IDM_Home>/server. For example, if your IDM_Home is the /test/Middleware/Oracle_IDM1 directory, then set XEL_HOME in the setenv.sh file to the /test/Middleware/Oracle_IDM1/server directory.

  • After installing and configuring Oracle Identity Manager Server for the first time, you must apply the Patch 9819201 as follows:

    1. Go to My Oracle Support at http://support.oracle.com, click on the Patches & Updates tab, and search for patch 9819201.

    2. Download the patch and install it by following the instructions in the README file included with the patch.

16.10 Installing and Configuring Only OIM Design Console on Windows

Table 16-1 lists the steps required to install and configure only Oracle Identity Manager (OIM) Design Console on Windows operating systems.

Table 16-1 Design Console Installation and Configuration Workflow

Task For more information

Installing the Oracle Identity Management 11g Release 1 (11.1.1.3.0) suite containing Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator on the Windows machine where you want to install only Design Console

See Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0).

Configuring Oracle Identity Manager Server on a local or remote machine

Note: The Oracle Identity Manager Server must be up and running when you configure only Design Console.

See Configuring OIM Server.

Configuring Oracle Identity Manager Design Console on the Windows machine where you want to install only Design Console

See Configuring OIM Design Console.

Completing any post-configuration steps

See Post-Configuration Steps.


16.11 Configuring OIM Design Console

This topic describes how to install and configure only Oracle Identity Manager (OIM) Design Console, which is supported on Windows operating systems only.

It includes the following sections:

16.11.1 Appropriate Deployment Environment

Perform the installation and configuration in this topic if you want to install Oracle Identity Manager Design Console on a separate Windows machine where Oracle Identity Manager Server is not configured. For more information, see Scenario 1: Oracle Identity Manager Server and Design Console on Different Machines.

16.11.2 Components Deployed

Performing the installation and configuration in this section deploys only Oracle Identity Manager Design Console on Windows operating systems.

16.11.3 Dependencies

The installation and configuration in this section depends on the installation of Oracle Identity Management 11g software and on the Oracle Identity Manager Server. For more information, see Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0) and Configuring OIM Server.

16.11.4 Procedure

Perform the following steps to install and configure only Oracle Identity Manager Design Console on the Windows operating system:

  1. Ensure that all the prerequisites, described in Prerequisites for Configuring Only OIM Design Console on a Different Machine, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. On the Windows machine where Oracle Identity Manager Design Console sound be configured, start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard. The Welcome screen appears.

  3. On the Welcome screen, click Next. The Components to Configure screen appears.

    On the Components to Configure screen, select only the OIM Design Console check box. Click Next. The OIM Server Host and Port screen appears.

  4. On the OIM Server Host and Port screen, enter the host name of the Oracle Identity Server Manager Server in the OIM Server Hostname field. In the OIM Server Port field, enter the port number for the Oracle Identity Manager Server on which the Oracle Identity Manager application is running. Click Next. The Configuration Summary screen appears.

    The Configuration Summary screen lists the application that you selected for configuration and summarizes your configuration options, such as OIM Server host name and port.

    Review this summary and decide whether to start the configuration. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing this configuration of the Oracle Identity Management Design Console, click Configure.

    Note:

    Before configuring an application, you can save your configuration settings and preferences in a response file. Response files are text files that you can create or edit in a text editor. You can use response files to perform a silent installation or use as templates or customized settings for your environment. For more information, see Performing a Silent Installation.

    After you click Configure, the Configuration Progress screen appears. A configuration log is saved to the logs directory under Oracle Inventory directory. For information about the log files, see Installation Log Files. If the Configuration Progress screen displays any errors, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard.

  5. Click Finish.

Note:

If the configuration fails, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

16.11.5 Post-Configuration Steps

Complete the following steps after configuring the Oracle Identity Manager Design Console on Windows operating systems:

  1. On the machine where Oracle WebLogic Server is installed (the machine where Oracle Identity Manager Server is installed), create the wlfullclient.jar file as follows:

    1. Use the cd command to move from your present working directory to the <MW_HOME>\wlserver_10.3\server\lib directory.

    2. Ensure that JAVA_HOME is set, as in the following example:

      D:\oracle\<MW_HOME>\jdk160_11

      To set this variable, right-click the My Computer icon and select Properties. The System Properties screen is displayed. Click the Advanced tab and click the Environment Variables button. The Environment Variables screen is displayed. Ensure that the JAVA_HOME variable in the User Variables section is set to the path of the JDK directory installed on your machine.

      After setting the JAVA_HOME variable, select the Path variable in the System Variables section on the same Environment Variables screen, and click Edit. The Edit System Variable dialog box is displayed. In the variable value field, enter the complete path to your JAVA_HOME, such as D:\oracle\<MW_HOME>\jdk160_11, preceded by a semicolon (;). The semicolon is used as the delimiter for multiple paths entered in this field.

    3. After verifying the values, click OK.

  2. At the DOS command prompt, type the following command:

    java -jar <MW_HOME>modules/com.bea.core.jarbuilder_1.5.0.0.jar

    This command generates the wlfullclient.jar file.

  3. Copy the wlfullclient.jar file to the <Oracle_IDM2>\designconsole\ext\ directory on the machine where Design Console is configured.

  4. Ensure that the Administration Server and the Oracle Identity Manager Managed Server are started. For information about starting the servers, see Starting the Stack.

  5. Start the Design Console client by running the xlclient.cmd executable script, which is available in the <IDM_Home>\designconsole\ directory.

  6. Log in to the Design Console with your Oracle Identity Manager user name and password.

16.11.6 Updating the xlconfig.xml File to Change the Port for Design Console

To update the xlconfig.xml file and start the Design Console on a new port as opposed to what was set during configuration, complete the following steps:

  1. In a text editor, open the <IDM_HOME>\designconsole\config\xlconfig.xml file.

  2. Edit the following tags:

    • ApplicationURL

    • java.naming.provider.url

  3. Change the port number.

  4. Restart the Design Console.

Note:

You do not have to perform this procedure during installation. It is required if you want to change ports while using the product. You must ensure that the Oracle Identity Manager server port is changed to this new port before performing these steps.

16.11.7 Configuring Design Console to Use SSL

To configure the Design Console to use SSL, complete the following steps:

  1. Add the WebLogic Server jar files required to support SSL by copying the webserviceclient+ssl.jar file from the <WL_HOME>/server/lib directory to the <IDM_Home>/designconsole/ext directory.

  2. Use the server trust store in Design Console as follows:

    1. Log in to the Oracle WebLogic Administration Console using the WebLogic administrator credentials.

    2. Under Domain Structure, click Environment > Servers. The Summary of Servers page is displayed.

    3. Click on the Oracle Identity Manager server name (for example, oim_server1). The Settings for oim_server1 is displayed.

    4. Click the Keystores tab.

    5. From the Trust section, note down the path and file name of the trust keystore.

  3. Set the TRUSTSTORE_LOCATION environment variable as follows:

    • If Oracle Identity Manager Design Console and Oracle Identity Manager Server are installed and configured on the same machine, set the TRUSTSTORE_LOCATION environment variable to the location of the trust keystore that you noted down.

      For example, setenv TRUSTSTORE_LOCATION=/test/DemoTrust.jks

    • If Oracle Identity Manager Design Console and Oracle Identity Manager Server are installed and configured on different machines, copy the trust keystore file to the machine where Design Console is configured. Set the TRUSTSTORE_LOCATION environment variable to the location of the copied trust keystore file on the local machine.

  4. If the Design Console was installed without SSL enabled, complete the following steps:

    1. Open the <IDM_Home>/designconsole/config/xlconfig.xml file in a text editor.

    2. Edit the <ApplicationURL> entry to use HTTPS, T3S protocol, and SSL port to connect to the server, as in the following example:

      <ApplicationURL>https://<host>:<sslport>/xlWebApp/loginWorkflowRenderer.do</ApplicationURL>

      Note:

      For a clustered installation, you can send an https request to only one of the servers in the cluster, as shown in the following element:

      <java.naming.provider.url>t3s://<host>:<sslport></java.naming.provider.url>

    3. Save the file and exit.

16.12 Configuring OIM Remote Manager

This topic describes how to install and configure only Oracle Identity Manager (OIM) Remote Manager. It includes the following sections:

16.12.1 Appropriate Deployment Environment

Perform the installation and configuration in this topic if you want to install Oracle Identity Manager Remote Manager on a separate machine. For more information, see Scenario 2: Oracle Identity Manager Server and Remote Manager on Different Machines.

16.12.2 Components Deployed

Performing the installation and configuration in this section deploys only Oracle Identity Manager Remote Manager.

16.12.3 Dependencies

The installation and configuration in this section depends on the installation of Oracle Identity Management 11g software. For more information, see Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0) and Prerequisites for Configuring Only OIM Remote Manager on a Different Machine.

16.12.4 Procedure

Perform the following steps to install and configure only Oracle Identity Manager Remote Manager:

  1. Ensure that all the prerequisites, described in Prerequisites for Configuring Only OIM Remote Manager on a Different Machine, are satisfied. In addition, see Important Notes Before You Start Configuring OIM.

  2. On the machine where Oracle Identity Manager Remote Manager should be configured, start the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard. The Welcome screen appears.

  3. On the Welcome screen, click Next. The Components to Configure screen appears.

    On the Components to Configure screen, select only the OIM Remote Manager check box. Click Next. The Remote Manager screen appears.

  4. On the Remote Manager screen, enter the service name in the Service Name field. Oracle Identity Manager Remote Manager will be registered under this service name. The service name is used with the Registry URL to a build fully qualified service name, such as rmi://host:RMI Registry Port/service name.

  5. In the RMI Registry Port field, enter the port number on which the RMI registry should be started. The default port number is 12345.

  6. In the Listen Port (SSL) field, enter the port number on which a secure socket is opened to listen to client requests. The default port number is 12346. Click Next. The Keystore Password screen appears.

  7. On the KeyStore Password screen, in the KeyStore Password field, enter a new password for the keystore. A valid password contains 6 to 30 characters, begins with an alphabetic character, and uses only alphanumeric characters and special characters like Dollar ($), Underscore (_), and Pound (#). The password must contain at least one number. In the Confirm KeyStore Password field, enter the new password again. Click Next. The Configuration Summary screen appears.

  8. The Configuration Summary screen lists the application that you selected for configuration and summarizes your configuration options, such as Remote Manager Service Name, RMI Registry Port, and Remote Manager Listen Port (SSL).

    Review this summary and decide whether to start the configuration. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing this configuration of the Oracle Identity Manager Remote Manager, click Configure.

    Note:

    Before configuring an application, you can save your configuration settings and preferences in a response file. Response files are text files that you can create or edit in a text editor. You can use response files to perform a silent installation or use as templates or customized settings for your environment. For more information, see Performing a Silent Installation.
  9. After you click Configure, the Configuration Progress screen appears. A configuration log is saved to the logs directory under Oracle Inventory directory. For information about the log files, see Installation Log Files. If the Configuration Progress screen displays any errors, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard.

  10. Click Finish.

Note:

Oracle Identity Manager Server certificates, such as xlserver.cert, are created in the DOMAIN_HOME/config/fmwconfig/ directory. You can use these certificates if you require server-side certificates for configuring Oracle Identity Manager Remote Manager.

If the configuration fails, click Abort to stop the installation and restart the Oracle Identity Manager Configuration Wizard, as described in Starting the Oracle Identity Manager 11g Configuration Wizard.

16.13 Verifying the OIM Installation

Before you can verify the Oracle Identity Manager (OIM) installation, ensure that the following servers are up and running:

You can verify your Oracle Identity Manager installation by:

16.14 Setting Up LDAP Synchronization

This section discusses the following topics:

  1. Prerequisites

  2. Task 1: Running the LDAP Preconfiguration Utility

  3. Task 2: Configuring OVD and OID for OIM

  4. Task 3: Running the LDAP Post-Configuration Utility

  5. After Setting Up LDAP Synchronization

  6. Verifying the LDAP Synchronization

16.14.1 Prerequisites

You must complete the following prerequisites for setting up LDAP synchronization:

  1. Install a supported version of Oracle Database, as described in Installing Oracle Database.

  2. Create and load database schemas, as described in Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).

  3. Ensure that the Oracle Identity Management 11g Release 1 (11.1.1) suite containing Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD) are installed, as described in Installing OID, OVD, ODSM, ODIP, and OIF (11.1.1.5.0).

  4. Configure Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD) with or without a WebLogic administration domain. For more information, see Configuring Oracle Internet Directory and Configuring Oracle Virtual Directory.

  5. Install Oracle Identity Management 11g Release 1 (11.1.1) suite containing Oracle Identity Manager (OIM), Oracle Access Manager (OAM), Oracle Adaptive Access Manager (OAAM), Oracle Authorization Policy Manager (OAPM), and Oracle Identity Navigator (OIN), as described in Installing OIM, OAM, OAAM, OAPM, and OIN (11.1.1.3.0).

16.14.2 Task 1: Running the LDAP Preconfiguration Utility

After completing the prerequisites, you must run the LDAP preconfiguration utility as follows:

  1. Open the ldapconfig.props file in a text editor. This file is located in the server/ldap_config_util directory under the Oracle Home for Oracle Identity Manager and Oracle Acccess Manager.

  2. In the ldapconfig.props file, set values for the following parameters:

    • OIMProviderURL - Specify the URL for the OIM provider in the format: t3://localhost:port. For example:

      t3://myhost.mycompany.com:8003
      
    • OIDURL - Specify the URL for the OID instance.

    • OIDAdminUsername - Specify the OID Administrator's user name, such as cn=orcladmin.

    • OIDSearchBase - Specify the OID search base, such as ou=people,dc=com.

    • UserContainerName - Specify the name of the user container, which is used as a default container of users in the LDAP directory.

    • RoleContainerName - Specify the name of the role container, which is used as a default container of roles in the LDAP directory.

    • ReservationContainerName - Specify the name of the user reservation container, which is used to reserve users while waiting for user creation approvals in Oracle Identity Manager. When the user creation is approved, users are moved from the reservation container to the actual user container.

  3. Ensure that the WL_HOME environment variable is set to the wlserver_10.3 directory under your Middleware Home. On UNIX, it is the <MW_HOME>/wlserver_10.3 directory. On Windows, it is the <MW_HOME>\wlserver_10.3 directory. In addition, set the JAVA_HOME environment variable to the directory where the JDK is installed on your machine.

  4. On the command line, run the LDAP configuration pre-setup script (LDAPConfigPreSetup.bat on Windows, and LDAPConfigPreSetup.sh on UNIX). The files are located in the same server/ldap_config_util directory under your IDM_Home for Oracle Identity Manager and Oracle Access Manager.

  5. When prompted, enter the OID administrator's password and the OIM administrator's password.

16.14.3 Task 2: Configuring OVD and OID for OIM

After running the LDAP preconfiguration utility, as described in Task 1: Running the LDAP Preconfiguration Utility, you must create and configure two Oracle Virtual Directory (OVD) adapters and Changelog adapters.

To configure the adapters, complete the following steps:

  1. Create a User adapter as follows:

    1. Choose the User_OID template.

    2. Specify Proxy DN as follows: cn=oimadmin,cn=users,cn=oim,cn=products,cn=oraclecontext

    3. Specify Proxy Password as the value that is specified for the oimadmin user.

    4. For namespace, select Remote Base and map it to Mapped Namespace in Oracle Virtual Directory.

  2. Create a Changelog adapter as follows:

    1. Choose the Changelog_OID template.

    2. For namespace, set both Remote Base and map it to Mapped Namespace to cn=changelog.

  3. Verify that the plug-in parameter values for the user adapter match with the values listed in Table 16-2.

    1. Select the user adapter to modify, and click the Plug-ins tab.

    2. Click the plug-in, and click Edit.

    3. In the Parameters table, update the parameters, if necessary, to match the following values:

      Table 16-2 User Adapter Parameter Values

      Parameter Value

      directoryType

      oid

      pwdMaxFailure

      10

      oamEnabled

      true or false

      Note that this parameter should be set to true if you are setting up integration between Oracle Identity Manager and Oracle Access Manager.


    4. Click OK.

    5. Click Apply.

  4. Verify that the plug-in parameter values for the changelog adapter match with the values listed in Table 16-3.

    1. Select the changelog adapter to modify, and click the Plug-ins tab.

    2. Click the plug-in, and click Edit.

    3. In the Parameters table, update the parameters, if necessary, to match the following values:

      Table 16-3 Changelog Adapter Parameter Values

      Parameter Value

      directoryType

      oid

      mapAttribute

      targetGUID=orclGUID

      mapObjectclass

      changelog=changelogentry

      requiredAttribute

      orclGUID

      addAttribute

      orclContainerOC,changelogSupported=1

      modifierDNFilter

      cn=oimadmin,cn=users,cn=OIM,cn=Products,cn=OracleContext

      sizeLimit

      1000

      targetDNFilter

      Search based from which reconciliation needs to happen. This value needs to same as the LDAP SearchDN that is specified during OIM installation

      mapUserState

      true

      oamEnabled

      true or false


    4. Click OK.

    5. Click Apply.

    Note:

    For more information about these plug-in parameters, refer to the "Understanding the Oracle Virtual Directory Plug-ins" section in the Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory 11g Release 1 (11.1.1).

16.14.4 Task 3: Running the LDAP Post-Configuration Utility

After configuring OID and OVD for OIM, as described in Task 2: Configuring OVD and OID for OIM, you must run the LDAP post-configuration utility as follows:

  1. In the ldapconfig.props file, set values for the following parameters:

    • OIMProviderURL - Specify the URL for the OIM provider in the format: t3://localhost:8003

    • OIDURL - Specify the URL for the OID instance.

    • OIDAdminUsername - Specify the OID Administrator's user name, such as cn=orcladmin.

    • OIDSearchBase - Specify the OID search base, such as ou=people,dc=com.

    • UserContainerName - Specify the name of the user container, which is used as a default container of users in the LDAP directory.

    • RoleContainerName - Specify the name of the user container, which is used as a default container of roles in the LDAP directory.

    • ReservationContainerName - Specify the name of the user reservation container, which is used to reserve users while waiting for user creation approvals in Oracle Identity Manager. When the user creation is approved, users are moved from the reservation container to the actual user container.

  2. Ensure that the WL_HOME environment variable is set to the wlserver_10.3 directory under your Middleware Home. On UNIX, it is the <MW_HOME>/wlserver_10.3 directory. On Windows, it is the <MW_HOME>\wlserver_10.3 directory. In addition, set the JAVA_HOME environment variable to the directory where the JDK is installed on your machine.

  3. Start the OIM Managed Server. For more information, see Starting the Servers.

  4. On the command line, run the LDAP configuration post-setup script (LDAPConfigPostSetup.bat on Windows, and LDAPConfigPostSetup.sh on UNIX). The files are located in the server/ldap_config_util directory under your IDM_Home for Oracle Identity Manager, Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Authorization Policy Manager, and Oracle Identity Navigator.

  5. When prompted, enter the OIM administrator's password and the xelsysadm password.

16.14.5 After Setting Up LDAP Synchronization

After setting up LDAP synchronization, you can enable LDAP Sync for Oracle Identity Manager by selecting the Enable LDAP Sync option on the BI Publisher and OAM screen in the Oracle Identity Management 11g Configuration Wizard while configuring Oracle Identity Manager (OIM) Server. For more information, see Configuring OIM Server.

Note that LDAP Sync is enabled automatically if you choose to enable identity administration integration with Oracle Access Manager on the BI Publisher and OAM screen.

16.14.6 Verifying the LDAP Synchronization

To verify the configuration of LDAP with Oracle Identity Manager, complete the following steps:

  1. Ensure that the WebLogic Administration Server is up and running.

  2. Invoke the Oracle Identity Manager Administration Console (http://<host>:<port>/oim), which is deployed on the Administration Server.

  3. In this console, click Search under Configurations -> Manage IT Resource. If the LDAP information is correct, the resource information is displayed.

  4. Create a normal user using the same console.

  5. If a user is created, verify the LDAP store by using the Oracle Data Services Manager URL, such as http://<host>:<odsm_port>/odsm/faces/odsm.jspx.

Note:

Ensure that Oracle Identity Directory being used has an Oracle Virtual Directory configured. They both must be up and running because Oracle Identity Manager communicates with the LDAP data store via the Oracle Virtual Directory component.

16.15 Setting Up Integration with OAM

For information about setting up integration between Oracle Identity Manager (OIM) and Oracle Access Manager (OAM), see Integration Between OIM and OAM.

16.16 List of Supported Languages

Oracle Identity Manager supports the following languages:

Arabic, Brazilian Portuguese, Czech, Danish, Dutch, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Korean, Norwegian, Polish, Portuguese, Romanian, Russian, Simplified Chinese, Slovak, Spanish, Swedish, Thai, Traditional Chinese, and Turkish

16.17 Using the Diagnostic Dashboard

Diagnostic Dashboard is a stand-alone application that helps you validate some of the Oracle Identity Manager prerequisites and installation.You must have the appropriate system administrator permissions for your Application Server and Oracle Identity Manager environments to use this tool. You need DBA-level permissions to execute some database-related tests.

Note:

The Diagnostic Dashboard and Oracle Identity Manager must be installed on the same application server.

For more information about installing and using the Diagnostic Dashboard for Oracle Identity Manager, see the "Working with the Diagnostic Dashboard" topic in the Oracle Fusion Middleware System Administrator's Guide for Oracle Identity Manager.

16.18 Getting Started with OIM After Installation

After installing Oracle Identity Manager (OIM), refer to "Part 1: Oracle Identity Manager System Administration Console" and "Part 2: Oracle Identity Manager Administrative and User Console" in the Oracle Fusion Middleware Administrator's Guide for Oracle Identity Manager.