Oracle Identity Management (IdM) Compact Installer

Oracle Identity Management (IdM) Compact Installer
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
Table of Contents
1
DESCRIPTION .............................................................................................................................................................................. 2
2
SYSTEM REQUIREMENTS ........................................................................................................................................................ 2
3
DOWNLOADING PRODUCT BINARIES ................................................................................................................................. 2
4
SETTING UP ENVIRONMENT .................................................................................................................................................. 3
5
VALIDATING ENVIRONMENT ................................................................................................................................................ 4
6
MANAGING ENVIRONMENT ................................................................................................................................................... 4
7
CONFIGURATION PROPERTIES ............................................................................................................................................. 5
8
DEFAULT URLS AND PORTS ................................................................................................................................................... 6
9
MEETING DATABASE PREREQUISITES ............................................................................................................................... 7
10
CONFIGURING HOST NAME RESOLUTION ........................................................................................................................ 8
11
CONFIGURING DBA GROUP .................................................................................................................................................... 8
12
ENVIRONMENT ARCHITECTURE .......................................................................................................................................... 9
13
PRODUCT DOWNLOAD LOCATIONS .................................................................................................................................. 11
14
RELEASE NOTES ....................................................................................................................................................................... 13
This compact environment is meant for evaluations and demos. It is not intended for production
deployments.
Before downloading product binaries, ensure you have Oracle
(https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx) and Oracle Support
(https://support.oracle.com/CSP/ui/flash.html) accounts.
Oracle Proprietary & Confidential, © 2012 Oracle
Page 1
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
1 Description
This document explains how to use the Oracle Identity and Access Management Compact Setup tool on Linux.
The tool performs the following actions:
1
2
3
Installs Oracle Identity and Access Management components and dependent products from binaries
supplied by the end user.
Configures each component to run in a topology optimized for 6GB of RAM. To achieve this, the tool
takes the following steps:
 Reduces the memory footprint of the Oracle Database to about 800 MB.
 Deploys Oracle Identity and Access Management components to run on the minimum number of
servers in one Oracle WebLogic domain.
 Removes, or does not start, Oracle Fusion Middleware components that are not relevant to the
operation of Oracle Identity and Access Management.
Integrates Oracle Identity Manager, Oracle Access Manager, and Oracle Internet Directory components
to work together.
2 System Requirements
The environment requires the following:
1. Platforms supported:
 Oracle Enterprise Linux 5, x86-64, kernel 2.6.18 or later, oracle-validated setup applied
2. Minimum free disk space:
 40 GB (25GB if STAGED_MEDIA is TRUE)
 500 MB in /tmp
3. Minimum physical RAM:
 Bare metal: 6 GB
 Virtual Box: At least 6718 MB must be allocated to the VM
4. Default ports used:
 1521, 3060, 5575, 6501, 7001, 7005, 7499, 7501, and 8899
5. Perl version 5.8.5 or higher installed:
 Perl downloads are available at http://www.perl.org/get.html
6. UNZIP tool for the destination platform:
 UNZIP tools are available at https://updates.oracle.com/unzips/unzips.html
7. Network
 Host name resolution configured to use the hosts file
 Only one NIC card should be active
3 Downloading Product Binaries
To download product binaries:
1. Ensure you have “Oracle” (https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx) and
“Oracle Support” (https://support.oracle.com/CSP/ui/flash.html) accounts. Oracle users can use their
Oracle Proprietary & Confidential, © 2012 Oracle
Page 2
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
SSO accounts to download product binaries. Log in to both accounts to make sure your credentials are
valid. Note: If you do not have these accounts you will not be able to download required binaries.
2. Create a directory to hold the platform-specific product binaries used during setup.
3. Using your Oracle and Oracle Support accounts, download all required product binaries for the target
platform to the download directory created in previous step using the reference information provided in
section
4 Setting up Environment
Perform these steps:
1. Ensure your Linux environment meets Oracle Database prerequisites. For details on how to configure
the Linux environment, refer to section 9, or see http://www.oraclebase.com/articles/11g/OracleDB11gR2InstallationOnEnterpriseLinux5.php#OracleValidatedSetup.
2. Ensure the host name resolution is configured to use the hosts file. For details on how to configure
this, refer to section 10, or see:
http://download.oracle.com/docs/cd/B28359_01/install.111/b32002/pre_install.htm#BABHFHBA.
3. Ensure the executing user account is a member of the dba group. For details on how to configure this,
refer to section 11, or see:
http://download.oracle.com/docs/cd/B28359_01/install.111/b32002/pre_install.htm#autoId26.
4. Ensure that any previous setup of the environment is safely stopped and removed before starting a new
setup. Refer to section 6 for more information.
5. Unzip ofm_idm_compact_11.1.1.5.2_generic_disk1of1.zip in the directory where you
want to setup the environment.
6. Navigate to the newly created idmSetup subdirectory containing files required by the setup.
7. Update idmSetup.properties using the reference information provided in section 7Configuration
Properties. Save a copy of this file in a directory separate from the environment.
8. Execute the command to start the setup:
sh idmSetup.sh
The script will ask for the password and begin the setup.
Note: The full command line with optional parameters is as follows:
sh idmSetup.sh [properties-file] [password]
Oracle Proprietary & Confidential, © 2012 Oracle
Page 3
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
The script will take between 60 and 90 minutes (may be 2-3 times longer in VMs) to setup a working
environment, depending on the speed of the host machine.
5 Validating Environment
After completing these steps, all products are installed and configured; in addition, Oracle Access Manager and
Oracle Identity Manager are integrated to work together. Take these steps to validate the integration:
1. Log in to the Oracle Access Manager console by accessing URL http://<FQDNHOSTNAME>:7001/oamconsole with username OAMMasterAdmin and password specified
during the setup. Check that the following links appear on the login page: Forgot password, Register
new account, and Track user registration.
2. From a different browser instance, access the Oracle Identity Manager console by accessing URL
http://<FQDN-HOSTNAME>:7005/oim/faces/pages/Admin.jspx with username
xelsysadm and password specified during the setup:
 Check that the login page is the same one you observed earlier.
 Click the logout link on the Oracle Identity Manager administration console. You should be
redirected to the Oracle Access Manager login page.
6 Managing Environment
Once the environment has been setup, managing its lifecycle involves starting, stopping, and removing the
environment.
To start the environment, execute command ‘sh start.sh <password>’ from the idmSetup/bin
directory. Omit the password if CACHE_CREDS was TRUE.
To stop the environment, execute command ‘sh stop.sh <password>’ from the idmSetup/bin
directory. Omit the password if CACHE_CREDS was TRUE.
Note: The password is optional based on whether or not the environment had been created to require passwords
(as controlled by the CACHE_CREDS setup property). The script will prompt for the password if it determines
the password is required but was not passed in.
To remove the environment, perform these steps:
1.
2.
3.
4.
5.
sh stop.sh <password> from the idmSetup/bin directory
ps -aux | grep idmSetup, then execute command kill -9 <pid> for every process listed
Change directory to one level above the idmSetup directory
chmod a+w -R idmSetup
rm -r -f idmSetup
Oracle Proprietary & Confidential, © 2012 Oracle
Page 4
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
7 Configuration Properties
Property
DOWNLOAD_DIRECTORY
Description
Absolute path to the directory containing downloaded product kits.
MEDIA_DIRECTORY
Example: DOWNLOAD_DIRECTORY=/temp/downloadIdm
Absolute path to the directory to receive setup media generated from
downloaded product kits.
If not specified, the script defaults to the current working directory.
STAGED_MEDIA
Example: MEDIA_DIRECTORY=/temp/idmMedia
Indicates if the script should use existing setup media in
MEDIA_DIRECTORY, or generate product setup media from downloaded
product kits. Valid values are TRUE and FALSE. Default value is FALSE.
If set to FALSE, the script generates setup media from downloaded product
kits.
If set to TRUE, the script assumes setup media already exists in
MEDIA_DIRECTORY.
WIPE_MEDIA_DIRECTORY
Example: STAGED_MEDIA=FALSE
Indicates if the script should erase existing setup media in
MEDIA_DIRECTORY when configured to generate setup media from
downloaded product kits (indicated by STAGED_MEDIA=FALSE).
This property is used to guard against accidental erasure of the setup media.
Valid values are TRUE and FALSE. Default value is FALSE.
If set to TRUE, the script erases setup media in MEDIA_DIRECTORY before
proceeding with setup.
If set to FALSE, the script exits if the setup media already exists in
MEDIA_DIRECTORY.
DB_SID
Example: MEDIA_DIRECTORY=FALSE
Indicates the database SID to use. This is an alphanumeric string. Default
value is idm.
DB_NAME
Example: DB_SID=idm
Indicates the global database name / database service name to use. This is an
alphanumeric string. Default value is idm.oracle.com
Oracle Proprietary & Confidential, © 2012 Oracle
Page 5
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
DB_PORT
Example: DB_NAME=idm.oracle.com
Indicates the database port to use. Default value is 1521.
DB_CHARSET
Example: DB_PORT=1521
Indicates the character set to use. Default value is idm.
WLS_STARTUP_DELAY
WLS_SHUTDOWN_DELAY
Example: DB_CHARSET=AL32UTF8
Maximum number of seconds the script should wait for the Oracle Web Logic
server to start or stop. While the script detects server up/down conditions, this
setting is used to protect against hung server operations. Default value is 420
(start) and 120 (stop).
When setting the environment on a bare metal host use 420 (start) / 120
(stop) seconds as a starting point. On a slower host, such as virtual machine,
adjust the delay to 800 (start) / 240 (stop) seconds.
CACHE_CREDS
Example: WLS_STARTUP_DELAY=420
Example: WLS_SHUTDOWN_DELAY=120
Indicates if the environment should require credentials to start and stop
Oracle Web Logic and Oracle Database.
Valid values are TRUE and FALSE. Default value is FALSE.
DEBUG
Example: CACHE_CREDS=TRUE
Indicates if debug mode should be enabled to generate more verbose output.
Valid values are TRUE and FALSE. Default value is FALSE.
Example: DEBUG=FALSE
8 Default URLs and Ports
Login credentials and default URLs used by the environment are listed in the following table.
Note: <SYS_PW> refers to the password configured during the setup.
Product and Login Credentials
Oracle WebLogic Server
WebLogic console (weblogic/<SYS_PW>)
Oracle Enterprise Manager
Enterprise Manager (weblogic/<SYS_PW>)
Enterprise Manager Agent
Oracle Directory Services Manager
ODSM (orcladmin/<SYS_PW>)
Console URL
http://<FQDN-HOSTNAME>:7001/console
http://< FQDN-HOSTNAME>:7001/em
http://< FQDN-HOSTNAME>:5162/emd/main
http://< FQDN-HOSTNAME>:7005/odsm/faces/odsm.jspx
Oracle Proprietary & Confidential, © 2012 Oracle
Page 6
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
OID admin account
(cn=orcladmin/<SYS_PW>)
Oracle Identity Federation
OIF test page
Oracle Identity Navigator
OINAV (oammasteradmin/<SYS_PW>)
Oracle Access Manager
OAM Admin
(oammasteradmin/<SYS_PW>)
Oracle Adaptive Access Manager
OAAM Admin (oaamadmin/<SYS_PW>)
OAAM Server (any username, password
‘test’)
Oracle Identity Manager
OIM admin console for user and role
management activities
(xelsysadm/<SYS_PW>)
Oracle SOA Suite
SOA Infrastructure (weblogic/<SYS_PW>)
SOA Worklist (xelsysadm/<SYS_PW>)
EM DB Console (Disabled after the setup)
sys/<SYS_PW>
http://< FQDN-HOSTNAME>:7777/fed/user/testspsso
http://< FQDN-HOSTNAME>:7001/oinav
http://< FQDN-HOSTNAME>:7001/oamconsole
http://< FQDN-HOSTNAME>:7005/oaam_admin
http://< FQDN-HOSTNAME>:7499/oaam_server
http://< FQDN-HOSTNAME>:7005/admin/faces/pages/Admin.jspx
http://< FQDN-HOSTNAME>:7001/soa-infra
http://< FQDN-HOSTNAME>:7001/integration/worklistapp
https://< FQDN-HOSTNAME>:1158/em/console
The default ports used by the environment are as follows:
Component
Database
EM Agent
Oracle Internet Directory
Oracle Virtual Directory
Oracle HTTP Server
Port
EM Console Port: 5500
EM Agent Port: 5162
Non-SSL Port: 3060, SSL Port: 3131
Non-SSL Port: 6501, SSL Port: 7501, Admin SSL Port: 8899
HTTP Port : 7777, HTTPS Port : 4444, Admin Port : 9999
9 Meeting Database Prerequisites
A database may not install if the Linux environment is not configured with the required packages. A simple way
to install the required packages is to use Oracle’s public Yum server.
1. Download and copy the appropriate Yum configuration file, by running the following commands as
root:
cd /etc/yum.repos.d
wget http://public-yum.oracle.com/public-yum-el5.repo
2. Open public-yum-el5.repo in a text editor and enable the following sections by changing
enabled=0 to enabled=1
[el5_uN_base], where N is the highest number available
[el5_oracle_addons]
Oracle Proprietary & Confidential, © 2012 Oracle
Page 7
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
3. Execute the following command:
yum install oracle-validated
10 Configuring Host Name Resolution
A database configuration error may occur if name resolution is not set up. To avoid this error you must ensure
that host names are resolved through the /etc/hosts file.
1. Verify that the /etc/hosts file is used for name resolution. You can do this by checking the hosts
file entry in the nsswitch.conf file as follows:
cat /etc/nsswitch.conf | grep hosts
The output of this command should contain an entry for files.
2. Verify that the hosts file contains the fully qualified host name by using the following command:
cat /etc/hosts
The output of this command should contain entries for the fully qualified hostname and localhost.
For example:
192.168.100.16
127.0.0.1
myhost.us.example.com myhost
localhost.localdomain localhost
If the hosts file does not contain the fully qualified host name, open the file and make the required
changes to the file.
To find out the host name, execute the following command:
hostname
To find out the fully qualified host name, execute the following command:
hostname -f
To find out the host IP address, execute the following command:
hostname -i
11 Configuring DBA Group
Verify that the executing user account is a member of the dba group. Execute the following command:
Oracle Proprietary & Confidential, © 2012 Oracle
Page 8
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
id -Gn
If the output of this command does not contain the dba group then perform the following steps:
1. To determine whether the dba group exists, enter the following command:
grep dba /etc/group
2. If the dba group does not exist, then enter the following command to create it:
/usr/sbin/groupadd dba
3. Enter the following command to add the executing user account to the dba group:
/usr/sbin/usermod -a -G dba <user-account>
Note: <user-account> is the executing user’s account as reported by the id command.
12 Environment Architecture
This compact form factor of the environment is achieved by way of optimizing the setup and configuration of
the components that make up the Identity & Access Management environment:
1
2
3
4
The database is configured to require the smallest amount of memory necessary to support a simple
environment capable of running a demo. To achieve this goal the database is configured to run in about
800MB of RAM. The actual amount of memory (+ 150MB) is specified in
idmSetup/scripts/sql/optimize.sql.
The OID and OVD applications are started
The Identity Management 11gR1 11.1.1.5.0 domain is deployed using three servers:
 Admin server running the WLS Console and FMW Control applications
 Wls_oif1 server running the OIF application
 Wls_ods1 server running the ODSM application for administering OID and OVD
The Identity and Access Management 11.1.1.5.0 domains extends the Identity Management 11.1.1.5.0
domain to leverage the existing server footprint without starting additional WLS servers:
 The OAM application is deployed to the wls_oif1 server
 The OAAM Admin application is deployed to the Admin server
 The OAAM Server application is deployed to the wls_oif1 server
 The OIM application is deployed to wls_ods1
 The SOA components as required by OIM is deployed to the Admin server
Figure 1: Functional Topology illustrates functional components present in the environment.
Oracle Proprietary & Confidential, © 2012 Oracle
Page 9
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
BASE_DOMAIN
AdminServer
7001
console
em
oam_admin
oamsso_logout
oinav
soa-infra
worklistapp
oidinstance
wls_ods1
7005
oaam_admin
oamsso_logout
oim
odsm
wls_oif1
7499
oam_server
oaam_server
oif
Database 11.2.0.2.0
DB Console
oid1 (3131, 3060)
ovd1 (6501, 7501, 8899)
ohs1 (7777, 4444, 9999)
1158
DB Listener 1121
Compact Environment
Figure 1: Functional Topology
The setup process is illustrated by Figure 2: Lifecycle Process. Note that Product Binaries as downloaded in
Step 1, and derived Product Media as extracted from Product Binaries in step 2, can be created once and then
used to create multiple environments. For example, staged product media can be saved to a portable disk and
used in setting up different environments.
Oracle Proprietary & Confidential, © 2012 Oracle
Page 10
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
1. Download Product
Binaries
unzip
2. Generate Staged
Product Media
install
3. Run Setup Script
idmSetup.sh
DOWNLOAD_DIRECTORY
MEDIA_DIRECTORY
Setup Properties
setup
idmProperties.sh
6. Remove
Environment
5. Start/Stop Environment
manage
idmSetup/bin
4. Generate
Compact
Environment
idmSetup
Figure 2: Lifecycle Process
Figure 3: IAM/IDM domain Directory Structure describes the directory structure used by the compact
environment:
idmSetup
bin.......................Scripts to manage environment
binaries..................Product media w/o using MEDIA_DIRECTORY
config....................Temporary configuration files
config-templates..........Configuration templates
logs......................Setup logs
runtime...................Runtime environment
db.....................Database runtime
jrockit................Jrockit runtime
wlshome................Middleware home
Oracle_IDM1.........IAM (OAM, OAAM, OIM, SOA)
Oracle_MGMT_IDM1....IDM (OID, OVD)
IDM_MGMT............OID instance
user_projects.......WLS domain (base_domain)
wlserver_10.3.......WLS runtime
Figure 3: IAM/IDM domain Directory Structure
13 Product Download Locations
The following table lists download locations for Linux binaries.
Oracle Proprietary & Confidential, © 2012 Oracle
Page 11
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
Product
Oracle Database 11g Release 2 (11.2.0.2.0)
Download Location (Linux x86-64)
https://updates.oracle.com/download/10098816.html
Select “Linux X86-64” and download the first two binaries
as shown below:
Oracle WebLogic Server 11g Release 1 (10.3.5)
http://www.oracle.com/technetwork/middleware/we
blogic/downloads/wls-main-097127.html
Oracle JRockit JDK for Java Version 6
http://www.oracle.com/technetwork/middleware/jroc
kit/downloads/index.html
Oracle Fusion Middleware Repository Creation
Utility 11g Release 1 (11.1.1.5.0)
Oracle Identity Management 11g Release 1
(11.1.1.2.0)
p10098816_112020_Linux-x86-64_1of7.zip
p10098816_112020_Linux-x86-64_2of7.zip
http://download.oracle.com/otn/nt/middleware/11g/wls/10
35/wls1035_generic.jar
http://download.oracle.com/otn/bea/jrockit/jrockitjdk1.6.0_26-R28.1.4-4.0.1-linux-x64.bin
http://download.oracle.com/otn/linux/middleware/11g/111
150/ofm_rcu_linux_11.1.1.5.0_disk1_1of1.zip
http://download.oracle.com/otn/linux/middleware/11g/ofm
_idm_linux_11.1.1.2.0_64_disk1_1of1.zip
http://www.oracle.com/technetwork/middleware/do
wnloads/oid-11g-161194.html
Oracle Identity Management 11g Release 1 Patch Set https://updates.oracle.com/download/12395123.html
4 (11.1.1.5.0)
Select “Linux X86-64” and click Download.
Oracle Identity and Access Management 11g
Release 1 (11.1.1.5.0)
p12395123_111150_Linux-x86-64.zip
http://download.oracle.com/otn/nt/middleware/11g/111150
/ofm_iam_generic_11.1.1.5.0_disk1_1of1.zip
http://www.oracle.com/technetwork/middleware/do
wnloads/oid-11g-161194.html
Oracle SOA Suite Release 11g Release 1 (11.1.1.5.0) http://download.oracle.com/otn/nt/middleware/11g/111150
/ofm_soa_generic_11.1.1.5.0_disk1_1of2.zip
http://www.oracle.com/technetwork/middleware/soa
suite/downloads/index.html
http://download.oracle.com/otn/nt/middleware/11g/111150
/ofm_soa_generic_11.1.1.5.0_disk1_2of2.zip
Oracle Identity Manager 11g Release 1 Bundle Patch https://updates.oracle.com/download/13399365.html
2 (11.1.1.5.2)
Select “Generic Platform” and click Download.
p13399365_111150_Generic.zip
Oracle Proprietary & Confidential, © 2012 Oracle
Page 12
Setting up Oracle Identity and Access Management 11gR1 Compact Environment
Version 11.1.1.5.2
Oracle Access Manager 11g Release 1 Bundle Patch
2 (11.1.1.5.2)
https://updates.oracle.com/download/13115859.html
Select “Generic Platform” and click Download.
p13115859_111150_Generic.zip
14 Release Notes
11.1.1.5.2 Release Notes
Added the following features:
1.
2.
3.
4.
5.
6.
Support user-specified directory to receive product media generated from downloaded product binaries.
Support setup from staged product media.
Support operation of Oracle WebLogic and Oracle Database without credentials.
Optimize start/stop scripts to automatically detect Oracle WebLogic Server up/down conditions.
Optimize server restarts to speed up setup time by 25%.
Enhance pre-requisites
 Ensure correct version of PERL.
 Ensure user is a member of the dba group and is not root.
 Ensure the machine is configured to use host name resolution.
 Ensure free HD requirements check reflects location of the installation media directory.
 Ensure sufficient free HD space on /tmp to account for JROCKIT requirements.
7. Enhance script robustness by exiting upon detecting an unrecoverable error.
8. Log the entire setup process to a log file.
9. Documented functional and directory topology.
10. Apply OAM BP02 and OIM BP02 patches.
11.1.1.5.0 Release Notes
Initial Release
Oracle Proprietary & Confidential, © 2012 Oracle
Page 13
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising