Oracle® Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) Part Number E12002-06 |
|
|
View PDF |
This appendix describes the screens of the Oracle Identity Manager 11g Configuration Wizard that enables you to configure Oracle Identity Manager Server, Oracle Identity Manager Design Console, and Oracle Identity Manager Remote Manager.
This appendix contains the following topics:
The Welcome screen is displayed each time you start the Oracle Identity Manager Configuration Wizard.
You can use the Oracle Identity Manager Configuration Wizard only once during initial setup for configuring Oracle Identity Manager Server. After configuring Oracle Identity Manager Server using this wizard, you cannot re-run this wizard to modify the configuration of Oracle Identity Manager. You must use Oracle Enterprise Manager Fusion Middleware Control to make such modifications. However, you can run this wizard on other machines, where Design Console or Remote Manager is configured, as and when needed.
Ensure that you have configured Oracle Identity Manager in a new or existing WebLogic domain before launching the Oracle Identity Manager Configuration Wizard to configure Oracle Identity Manager Server, Design Console on Windows, and Remote Manager.
If you are configuring Server, you must run this wizard on the machine where the WebLogic Administration Server is running (the Administration Server for the domain in which Oracle Identity Manager is deployed). Ensure that the Administration Server is up and running before you start configuring Oracle Identity Manager Server.
If you are configuring only Design Console, you must run this wizard on the Windows machine where Design Console should be configured. If you are configuring only Remote Manager, you must run this wizard on the machine where Remote Manager is being configured. Note that the Oracle Identity Manager Server should be configured before you can configure Design Console or Remote Manager.
Click Next to continue.
Use this screen to select the Oracle Identity Manager components that you want to configure. Oracle Identity Manager components include Server, Design Console, and Remote Manager.
Before configuring Oracle Identity Manager Server, Design Console or Remote Manager, ensure that you have configured Oracle Identity Manager in a new or existing WebLogic domain using the Oracle Fusion Middleware Configuration Wizard.
Table H-1 describes the Oracle Identity Manager components that you can choose.
Table H-1 Oracle Identity Manager Configuration Choices
Option | Description |
---|---|
Configure all components on this screen |
To configure Oracle Identity Manager Server, Design Console, and Remote Manager simultaneously on the same machine, select the Oracle Identity Manager option. |
Configure only Oracle Identity Manager Server |
To configure only Oracle Identity Manager Server, select the OIM Server option. This option is selected, by default. Note that WebLogic Administration Server for the domain (the domain in which Oracle Identity Manager is deployed) should be up and running. |
Configure only Oracle Identity Manager Design Console |
To configure only Oracle Identity Manager Design Console, select the OIM Design Console option. However, note that Oracle Identity Manager Server must be configured either on the local machine or on a remote machine before you can run Design Console on development machines. Design Console is supported on Windows operating systems only. |
Configure only Oracle Identity Manager Remote Manager |
To configure only Oracle Identity Manager Remote Manager, select the OIM Remote Manager option. However, note that Oracle Identity Manager Server must be configured either on the local machine or on a remote machine before you can run Remote Manager. |
Note:
You can also select any combination of two of the three Oracle Identity Manager components.In this screen, you specify the database and schema information. Note that you should have created and loaded Oracle Identity Manager schemas using the Oracle Fusion Middleware Repository Creation Utility (RCU) before configuring Oracle Identity Manager Server. For information about creating and loading Oracle Identity Manager schemas, see Creating Database Schema Using the Oracle Fusion Middleware Repository Creation Utility (RCU).
You can use the same database or different databases for creating the Oracle Identity Manager schema and the Metadata Services schema.
Table H-2 describes the database connection information that you must specify.
Table H-2 Fields in the Database Screen
Field | Description |
---|---|
Connect String |
Enter the full path, listen port, and service name for your Oracle database. For a single host instance, the format of connect string is For example, if the hostname is aaa.bbb.com, port is 1234, and the service name is xxx.bbb.com, then you must enter the connect string for a single host instance as follows:
If you are using a Real Application Cluster database, the format of the database connect string is as follows:
|
OIM Schema User Name |
Enter the name of the schema user that you created for Oracle Identity Manager using the Oracle Fusion Middleware Repository Creation Utility. If you upgraded your existing Oracle Identity Manager schema to 11g Release 1 (11.1.1), enter the user name for your existing schema. |
OIM Schema Password |
Enter the password for the Oracle Identity Manager schema user that you set while creating the schema using the Oracle Fusion Middleware Repository Creation Utility (RCU). If you upgraded your existing Oracle Identity Manager schema to 11g Release 1 (11.1.1), enter the password for your existing schema. |
Select different database for MDS schema |
Select this check box if you want to use a different database for the Metadata Services (MDS) schema. |
MDS Connect String |
If you are using a different database for the Metadata Services (MDS) schema, enter the full path, listen port, and service name for the database associated with the MDS schema. The format of the connect string is similar to that of the standard Connect String. |
MDS Schema User Name |
Enter the name of the schema user that you created for AS Common Services - Metadata Services by using the Oracle Fusion Middleware Repository Creation Utility (RCU). If you upgraded your existing Metadata Services schema to 11g Release 1 (11.1.1), enter the user name for your existing schema. |
MDS Schema Password |
Enter the password for the AS Common Services - Metadata Services schema user that you set while creating the schema by using the Oracle Fusion Middleware Repository Creation Utility (RCU). If you upgraded your existing Oracle Identity Manager schema to 11g Release 1 (11.1.1), enter the password for your existing schema. |
After entering information in the fields, click Next to continue.
In this screen, you specify the t3 URL, user name and password for the WebLogic administration domain in which the Oracle Identity Manager application is deployed. Ensure that the Administration Server is up and running.
In the WebLogic Admin Server URL text box, enter the t3 URL of the Administration Server for the WebLogic domain in the following format:
t3://hostname:port
In the UserName text box, enter the WebLogic Administrator user name.
In the Password text box, enter the WebLogic Administrator password.
After entering information in the fields, click Next to continue.
Use this screen to set a password for the for the system administrator (xelsysadm
).
Table H-3 describes the Oracle Identity Manager Server parameters that you can configure.
Table H-3 Oracle Identity Manager Server Configuration Parameters
Field Name | Description |
---|---|
OIM Administrator Password |
Enter a new password for the administrator. A valid password contains at least six characters, begins with an alphabetic character, and includes at least one number, one uppercase letter and one lowercase letter. The password cannot contain first name, last name, or login name of Oracle Identity Manager. Note that you are not prompted to enter this password in upgrade scenarios. You must set a password only if you are performing a new 11g installation. |
Confirm Password |
Enter the new password again to confirm. |
OIM HTTP URL |
Enter the http URL that front-ends the Oracle Identity Manager application. For example, By default, this field contains the URL of the Oracle Identity Manager Managed Server. |
KeyStore Password |
Enter new password for the keystore. A valid password can contain 6 to 30 characters, begin with an alphabetic character, and use only alphanumeric characters and special characters like Underscore (_), Dollar ($), Pound (#). The password must contain at least one number. |
Confirm KeyStore Password |
Enter the new password again to confirm. |
After entering information in the fields, click Next to continue.
In this screen, you can perform the following optional tasks:
Enable synchronization of Oracle Identity Manager roles, users, and their hierarchy to an LDAP directory
Enable Identity Administration Integration with Oracle Access Manager (OAM)
Configure Oracle Identity Manager to use Oracle BI Publisher by specifying the BI publisher URL
Enabling OIM-LDAP Synchronization
If you want to enable LDAP sync, you must first set up LDAP Sync for Oracle Identity Manager (OIM) before selecting the Enable LDAP Sync option on this screen. For information about setting up OIM-LDAP Sync, see Setting Up LDAP Synchronization. After setting up LDAP Synchronization, select the Enable LDAP Sync option.
If you do not want to perform the other optional tasks, click Next to continue.
Enabling Identity Administration Integration with Oracle Access Manager (OAM)
You must set up integration between OIM and OAM before enabling identity administration integration with OAM on this screen. For information about setting up the integration, see the chapter Integration Between OIM and OAM. After setting up the integration, select the Enable Identity Administration Integration with OAM option, and enter the following:
Password of Access Gate - Enter the access gate password for Oracle Identity Manager. This is the same password you provided with the oimAccessGatePwd
parameter for the configureOIM
WLST command during the OIM-OAM integration setup.
Domain of Cookie - Enter the domain in which Oracle Access Manager is installed. For example, *.us.acme.com
*. This is the same cookie domain you provided with the oimCookieDomain
parameter for the configureOIM
WLST command during the OIM-OAM integration setup. Note that the period (.) at the beginning of the string is mandatory.
Note:
When you choose to enable Identity Administration Integration with OAM, the LDAP synchronization for OIM is enabled, by default.If you do not want to configure Oracle BI Publisher, click Next to continue.
Configuring Oracle Identity Manager to Use Oracle BI Publisher
Ensure that Oracle BI Publisher is installed on your local or remote machine.
To configure Oracle Identity Manager to use Oracle BI Publisher, select the Configure BI Publisher option, and enter the BI Publisher URL in the BI Publisher URL text box.
The URL is of the format: http://hostname:port/xmlpserver
, where hostname and port are the host name and the port on which the Oracle BI Publisher server is running.
After entering information in the fields, click Next to continue.
This screen is displayed only if you select the Enable LDAP Sync option on the LDAP Sync and OAM screen. In the LDAP Server screen, you should specify the authentication information for the Oracle Virtual Directory server, as you want to synchronize Oracle Identity Manager roles, users, and their hierarchy to an LDAP directory.
Table H-4 describes the Oracle Virtual Directory Server parameters that you must specify.
Table H-4 LDAP Server Information
Field Name | Description |
---|---|
LDAP URL |
Enter the LDAP URL in the format:
|
LDAP User |
Enter the user name for the Oracle Virtual Directory administrator. |
LDAP Password |
Enter the password for the Oracle Virtual Directory administrator. |
LDAP SearchDN |
Enter the Distinguished Names (DN). For example, This is the top-level container for users and roles in LDAP that is used for Oracle Identity Manager for reconciliation purposes. |
After entering information in the fields, click Next to continue.
This screen is a continuation of the LDAP Server screen.
Table H-5 describes the LDAP parameters that you must specify.
Table H-5 LDAP Server Continued Information
Field Name | Description |
---|---|
LDAP RoleContainer |
Enter a name for the container that will be used as a default container of roles in the LDAP directory. |
LDAP RoleContainer Description |
Type a description for the role container. |
LDAP UserContainer |
Enter a name for the container that will be used as a default container of users in the LDAP directory. |
LDAP UserContainer Description |
Type a description for the user container. |
User Reservation Container |
Enter a name for the container that will be used for reserving user names in the LDAP directory while their creation is being approved in Oracle Identity Manager. When the user names are approved, they are moved from the reservation container to the user container in the LDAP directory. |
After entering information in the fields, click Next to continue.
This screen is displayed only if you choose to configure Oracle Identity Manager Design Console on the Components to Configure screen, on Windows operating systems. Note that you must configure Oracle Identity Manager (OIM) Server on a local machine or a remote machine before running Design Console. In the OIM Server Host and Port screen, you must specify the host name and port information for the Oracle Identity Manager Server.
In the OIM Server Hostname text box, enter the host name of the Oracle Identity Manager Managed Server that you configured during while configuring OIM in a new or existing WebLogic domain.
In the OIM Server Port text box, enter the port number for the Oracle Identity Manager Managed Server. This port is the Listen port you or your administrator specified while configuring OIM in a new or existing WebLogic administration domain.
After entering information in the fields, click Next to continue.
Use this screen to configure the Oracle Identity Manager Remote Manager. Note that you must configure Oracle Identity Manager Server on the local machine or a remote machine before running Remote Manager.
Table H-6 describes the Oracle Identity Manager Remote Manager parameters that you can configure.
Table H-6 Remote Manager Configuration
Field Name | Description |
---|---|
Service Name |
Enter the service name for the Remote Manager. |
RMI Registry Port |
Enter the port number on which RMI registry should be started. The default value is 12345. |
Listen Port (SSL) |
Enter the SSL port number. On this port number, a secure socket is opened to listen to client requests. The default value is 12346. |
After entering information in the fields, click Next to continue.
This screen is displayed if you choose to configure only Remote Manager on a remote machine (a machine where Oracle Identity Manager Server is not configured).
Table H-7 describes the keystore password requirements.
Table H-7 Fields in the KeyStore Password Screen
Field Name | Description |
---|---|
KeyStore Password |
Enter a new password for the keystore. A valid password can contain 6 to 30 characters, begin with an alphabetic character, and use only alphanumeric characters and special characters like Underscore (_), Dollar ($), Pound (#). The password must contain at least one number. |
Confirm KeyStore Password |
Enter the new password again to confirm. |
After entering information in the fields, click Next to continue.
This screen displays a list of the applications or components you have selected for configuration. It includes the following information:
Location of your installation
Disk space that will be used for the installation
Applications or components you have selected for configuration
Configuration choices you made on different screens in the Oracle Identity Manager Configuration Wizard
Review this summary screen.
Additionally, you can select to create a response file from your installation selections by clicking on the Save button in the Save Response File field. A response file can be used for silent or non-interactive installations of software requiring no or very little user input.
Click Configure to start configuring the selected Oracle Identity Manager components.