{"id":1181,"date":"2012-02-02T21:46:12","date_gmt":"2012-02-02T16:16:12","guid":{"rendered":"http:\/\/www.oratraining.com\/blog\/?p=1181"},"modified":"2013-01-07T07:50:14","modified_gmt":"2013-01-07T07:50:14","slug":"configuring-oracle-identity-and-access-management-components","status":"publish","type":"post","link":"https:\/\/www.oratraining.com\/blog\/2012\/02\/configuring-oracle-identity-and-access-management-components\/","title":{"rendered":"Configuring Oracle Identity and Access Management components"},"content":{"rendered":"

Oracle Fusion Applications Installation<\/span>: Configuring Oracle Identity and Access Management components<\/strong><\/span>
\n<\/span><\/p>\n

Previous:\u00a0Installing Oracle Identity and Access Management Components<\/a><\/strong><\/p>\n

Important Note: This is OLD guide for old version 11.1.1.5. Please follow instructions at\u00a0<\/span>http:\/\/www.oratraining.com\/blog\/2012\/12\/oracle-fusion-applications-installation-step-by-step-guide-11-1-5\/<\/a>\u00a0for latest guide for current version i.e. 11.1.5<\/span><\/h3>\n

 <\/p>\n

Configuring Oracle Identity Management components” can be divided into following tasks. Please note that we will not configure Oracle Virtual Directory, Oracle Identity Federation etc.<\/p>\n

    \n
  1. Configuring the Web Tier<\/li>\n
  2. Create Weblogic Domain for Identity Management<\/li>\n
  3. Extending the Domain with Oracle Internet Directory<\/li>\n
  4. Extending the Domain with Oracle Directory Service Manager (ODSM)<\/li>\n
  5. Extending the Domain with Oracle Access Manager<\/li>\n
  6. Preparing Identity and Policy Stores<\/li>\n
  7. \n
    Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite<\/div>\n<\/li>\n<\/ol>\n
    Please note that this post is going to be long so allow time to load all images.<\/span><\/div>\n
    <\/div>\n

    Configuring the Web Tier<\/strong><\/span>
    \n<\/span><\/span><\/p>\n

    Start the configuration from\u00a0<Web_Home>\/bin<\/strong><\/span><\/p>\n

    [oracle@fusion web]$ cd \/app\/fusion\/fmw\/web\/bin\/<\/strong><\/span><\/p>\n

    [oracle@fusion bin]$ .\/config.sh &<\/strong><\/span><\/p><\/blockquote>\n

    \"\"<\/p>\n

    \"\"<\/p>\n

    Click\u00a0Next<\/strong><\/span><\/p>\n

    \"\"<\/p>\n

    Select “Oracle HTTP Server<\/strong>” and click\u00a0Next<\/strong><\/span><\/p>\n

    \"\"<\/p>\n

    For Instance location enter “\/app\/fusion\/admin\/ohs_inst1<\/strong>” since we will keep all instances in this location. Provide any appropriate Instance name and OHS component name. We will go for the defaults. Click\u00a0Next<\/strong><\/span><\/p>\n

    \"\"<\/p>\n

    Select “Specify Ports using Configuration File<\/strong>” and enter file name as\u00a0\/home\/oracle\/staticports.ini<\/strong>
    \n<\/span><\/p>\n

    Now we will copy staticports.ini default file from <repository_location>\/installers\/webtier\/Disk1\/stage\/Response to home directory \/home\/oracle
    \n<\/span><\/p>\n

    cp \/mnt\/fusion\/installers\/webtier\/Disk1\/stage\/Response\/staticports.ini ~\/staticports.ini<\/strong><\/p><\/blockquote>\n

    Now click on “<\/span>View\/Edit File<\/strong>” to edit this file.<\/span><\/p>\n

    \"\"<\/p>\n

    Uncomment and set the following values. Click\u00a0Save<\/strong><\/p>\n

    OPMN Local Port = 6700<\/strong><\/p>\n

    OHS Port = 7777<\/strong><\/p><\/blockquote>\n

    \"\"<\/p>\n

    Deselect email notification and click\u00a0Next<\/strong>
    \n<\/span><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Save summary if needed and click\u00a0Configure<\/strong>\u00a0to start configuration.<\/p>\n

    Important Note: <\/strong><\/span>If SELinux is enabled in your Linux operating System then it will throw an error. Since we already disabled it during installation, we will not see that error here.<\/p><\/blockquote>\n

    \"\"
    \n<\/strong><\/p>\n

    Once installation finishes, click\u00a0Next<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Save installation summary if needed and click\u00a0Finish<\/strong>\u00a0to complete the installation.<\/p>\n

    It would have already started HTTP server now. We can verify the same.<\/p>\n

    [oracle@fusion instances]$ ps -ef | grep http<\/strong><\/span><\/p>\n

    oracle 3521 3491 0 10:06 ? 00:00:00 \/app\/fusion\/fmw\/web\/ohs\/bin\/httpd.worker -DSSL<\/p>\n

    oracle 3547 3521 0 10:06 ? 00:00:00 \/app\/fusion\/fmw\/web\/ohs\/bin\/httpd.worker -DSSL<\/p>\n

    oracle 3548 3521 0 10:06 ? 00:00:00 \/app\/fusion\/fmw\/web\/ohs\/bin\/httpd.worker -DSSL<\/p>\n

    oracle 3549 3521 0 10:06 ? 00:00:00 \/app\/fusion\/fmw\/web\/ohs\/bin\/httpd.worker \u2013DSSL<\/p><\/blockquote>\n

    Check \/app\/fusion\/admin\/ohs_inst1\/config\/OHS\/ohs1\/httpd.conf<\/strong> to make sure it reflects correct user and group name<\/p>\n

    User oracle<\/strong><\/p>\n

    Group oinstall<\/strong><\/p>\n

    We can launch\u00a0http:\/\/fusion:7777<\/strong>\u00a0<\/span>(Homepage of Oracle HTTP server) now. It will look as follows.<\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Create Weblogic Domain for Identity Management
    \n<\/strong><\/span><\/p>\n

    Start the configuration from\u00a0<\/span><Middleware Home>\/oracle_common\/commin\/bin<\/strong><\/p>\n

    [oracle@fusion bin]$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin\/<\/p>\n

    [oracle@fusion bin]$ .\/config.sh &<\/p><\/blockquote>\n

    \"\"
    \n<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Select “Create a new Weblogic domain” and click\u00a0Next<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Select “Oracle Enterprise Manager \u2013 11.1.1.0 [oracle_common]<\/strong>” and “Oracle JRF \u2013 11.1.1.0 [oracle_common]<\/strong>” and click\u00a0Next<\/strong><\/span>
    \n<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Enter details as above and click\u00a0Next.
    \n<\/strong><\/p>\n

    Domain Name: IDMDomain<\/strong><\/p>\n

    Domain Location: \/app\/fusion\/admin\/IDMDomain\/aserver
    \n<\/strong>Application location: \/app\/fusion\/admin\/IDMDomain\/aserver\/applications
    \n<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Since it accepts minimum 8 characters set password again to Oracle123. Please note that you can also change username from weblogic but we will go for default “weblogic” username. As informed earlier we will use Oracle123<\/strong> as password for all steps.<\/span>
    \n<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    You would see option of Oracle JRockit here. So select that JDK in this list.<\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Select “Administration Server” and “Managed Servers, Clusters and Machines”. Click\u00a0Next<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Keep defaults but make a note of the port since this will be widely used during next part of installation. Click\u00a0Next<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Just click\u00a0Next<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Click\u00a0Next<\/strong>\u00a0again<\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Select Second Tab “Unix Machine<\/strong>” and enter the hostname as above. Click\u00a0Next<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Click on\u00a0AdminServer<\/strong>\u00a0and Click right arrow. Click\u00a0Next<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    It will now look as above. Click\u00a0Next<\/strong><\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    On Summary page click\u00a0Create<\/strong><\/p>\n

    \"\"<\/p>\n

    Once installation finishes, click\u00a0Done<\/strong><\/p>\n

    Make sure that the encrypted username and password values are already in boot.properties<\/p>\n

    [oracle@fusion security]$ more \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/\\<\/strong><\/p>\n

    AdminServer\/security\/boot.properties<\/strong><\/p>\n

    # Generated by Configuration Wizard on Mon Jan 23 10:59:07 GST 2012<\/p>\n

    username={AES}zaXc3+4y2KGuxnK6WkI7ehKcliQDeandkjdTdu0vpuY=<\/p>\n

    password={AES}WZ6Zo+j6aGoCyE2nQmCCdboEkA8TDGRlagdSqFGRedo=<\/p><\/blockquote>\n

    If you don’t have the boot.properties file or security folder present then create one as follows.
    \n<\/strong><\/p>\n

    [oracle@fusion fusion]$ mkdir -p\u00a0\/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/AdminServer\/security
    \n<\/strong><\/p>\n

    [oracle@fusion security]$ cd \\<\/strong><\/p>\n

    \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/AdminServer\/security
    \n<\/strong><\/p>\n

    [oracle@fusion security]$ vi boot.properties<\/strong><\/p>\n

    <Enter following values and save the file><\/p>\n

    username=weblogic<\/p>\n

    password=Oracle123<\/p><\/blockquote>\n

    Next time when you restart Admin server it will encrypt the username and password automatically.<\/strong><\/p>\n

    Start Node manager<\/strong>
    \n<\/span><\/p>\n

    [oracle@fusion security]$ cd \/app\/fusion\/fmw\/wlserver_10.3\/server\/bin\/<\/p>\n

    [oracle@fusion bin]$ .\/startNodeManager.sh &<\/p><\/blockquote>\n

    Set StartScriptEnabled=true in nodemanager.properties by running following script<\/span>
    \n<\/strong><\/p>\n

    [oracle@fusion bin]$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin<\/p>\n

    [oracle@fusion bin]$ .\/setNMProps.sh<\/p>\n

    Appending required nodemanager.properties<\/p><\/blockquote>\n

    Verify the change.<\/span><\/p>\n

    [oracle@fusion bin]$\u00a0tail -f\u00a0\/app\/fusion\/fmw\/wlserver_10.3\/common\/nodemanager\/nodemanager.properties<\/strong><\/p>\n

    #Required NM Property overrides (append to existing nodemanager.properties)<\/p>\n

    StartScriptEnabled=true<\/p><\/blockquote>\n

    Kill node manager script. Start Node Manager again as follows.<\/p>\n

    [oracle@fusion bin]$\u00a0nohup .\/startNodeManager.sh &<\/strong><\/p><\/blockquote>\n

    The log file should show following entries to confirm that Node manager came up successfully.<\/p>\n

    \u2026<\/p>\n

    INFO: Secure socket listener started on port 5556<\/p><\/blockquote>\n

    Start Weblogic AdminServer<\/strong><\/span><\/p>\n

    [oracle@fusion bin]$\u00a0nohup<\/strong>
    \n\/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/bin\/startWebLogic.sh &<\/strong><\/p><\/blockquote>\n

    tail nohup.out file until it shows following message.
    \n<\/span><\/p>\n

    <Jan 23, 2012 11:55:21 AM GST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
    \n<\/span><\/p>\n

    Note:<\/strong> If you ever get error like<\/p>\n

    <Info> <Management> <BEA-141281> <unable to get file lock, will retry …><\/strong><\/p>\n

    Then do the following<\/p>\n

    Kill any running processes for startWeblogic.sh and then remove the lock files as follows.<\/p>\n

    -bash-3.2$ rm \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/AdminServer\/tmp\/AdminServer.lok<\/p>\n

    This error appears if you the admin server or managed server did not stop properly earlier.<\/p><\/blockquote>\n

     <\/p>\n

    Open Weblogic Admin Console<\/strong><\/p>\n

    Launch Weblogic Admin console through
    \n<\/strong><\/span>http:\/\/fusion:7001\/console<\/strong><\/span>
    \n<\/span><\/p>\n

    \"\"
    \n<\/span><\/p>\n

    Login with weblogic\/Oracle123
    \n\"\"
    \n<\/span>
    \nNote:<\/strong> Go to preferences and change “automatic acquire lock” settings to avoid accidental changes.
    \n\"\"
    \n<\/span><\/p>\n

     <\/p>\n

    Configuring HTTP server for the Administration Server<\/strong><\/span>
    \n<\/span>
    \nCreate a new file admin.conf<\/strong> as follows.<\/span><\/p>\n

    [oracle@fusion moduleconf]$\u00a0more\u00a0<\/strong>\/app\/fusion\/admin\/ohs_inst1\/config\/OHS\/ohs1\/moduleconf\/admin.conf<\/strong><\/p>\n

    # Admin Server and EM
    \n<\/span><\/p>\n

    <Location \/console>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WebLogicHost fusion
    \n<\/span><\/p>\n

    WeblogicPort 7001
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    <Location \/consolehelp>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WebLogicHost fusion
    \n<\/span><\/p>\n

    WeblogicPort 7001
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    <Location \/em>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WebLogicHost fusion
    \n<\/span><\/p>\n

    WeblogicPort 7001
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p><\/blockquote>\n

     <\/p>\n

    Restart http server as follows.
    \n<\/strong><\/span><\/p>\n

    ORACLE_HOME=\/app\/fusion\/fmw\/web<\/p>\n

    export ORACLE_HOME<\/p>\n

    ORACLE_INSTANCE=\/app\/fusion\/admin\/ohs_inst1<\/p>\n

    export ORACLE_INSTANCE<\/p>\n

    PATH=$ORACLE_HOME\/opmn\/bin:$PATH<\/p>\n

    export PATH<\/p>\n

    opmnctl stopall<\/p>\n

    opmnctl startall<\/p><\/blockquote>\n

    Register HTTP server with Weblogic Server
    \n<\/strong><\/span><\/h3>\n

    Now we need to Register HTTP server with Weblogic Server so that Enterprise Manager can monitor the instance.<\/span><\/p>\n

    [oracle@fusion ~]$\u00a0opmnctl registerinstance -adminHost fusion -adminport 7001 -adminUsername weblogic<\/strong><\/p>\n

    Command requires login to weblogic admin server (fusion):<\/p>\n

    Username: weblogic<\/p>\n

    Password:<\/p>\n

    \u2026<\/p>\n

    Done<\/p>\n

    Registering instance<\/p>\n

    Command succeeded.<\/p><\/blockquote>\n

    Note:<\/strong> We will not enable load-balancer access since we have skipped load-balancing in this single node installation guide.
    \n<\/span><\/p>\n

    Now you can launch Admin Server via Web server port 7777<\/p>\n

    http:\/\/fusion:7777\/console<\/strong><\/a><\/p>\n

    http:\/\/fusion:7777\/em<\/strong><\/a>
    \nEnable Weblogic Plugin<\/strong><\/span>
    \n<\/span><\/p>\n

    Log in the Oracle Weblogic Server Administration and click on Lock and Edit. Click on IDMDomain and Click on Configuration tab and then select the Web Applications tab.
    \n<\/span><\/p>\n

     <\/p>\n

    \"\"
    \n<\/span>
    \nScroll down and enable “Weblogic Plug-in Enabled”.<\/strong><\/p>\n


    \n<\/span><\/a>Click on Save and Activate the Changes.
    \n<\/span><\/p>\n

    \"\"
    \n<\/span><\/p>\n

    Restart the Weblogic Administration Server.<\/strong><\/span>
    \n<\/span><\/p>\n

     <\/p>\n

    Check Enterprise Manager by launching http:\/\/fusion:7777\/em<\/span><\/a>
    \n<\/strong><\/p>\n

    Login with weblogic\/<password><\/p>\n

     <\/p>\n

    \"\"
    \n<\/strong><\/p>\n

     <\/p>\n

    Since we are using web server port for launching all pages, we need to change the frontend host and port to the one used by web server.<\/p>\n

    Login to Weblogic Admin console.<\/p>\n

    In the preferences link on the top, shared preferences->deselect Follow Configuration Changes<\/strong>.<\/p>\n

    \"\"
    \n<\/strong><\/p>\n

    Click Lock and Edit<\/strong>. Select Servers->AdminServer.<\/strong> In the protocols<\/strong> tab click on HTTP<\/strong> and change the following values. Now click on Activate changes.<\/p>\n

     <\/p>\n

    \"\"
    \n<\/strong><\/p>\n

     <\/p>\n

    Extending the Domain with Oracle Internet Directory<\/span>
    \n<\/span><\/strong><\/span><\/p>\n

    Start the configuration from\u00a0<\/span><IDM Oracle Home\/bin<\/strong><\/p>\n

    [oracle@fusion bin]$\u00a0cd \/app\/fusion\/fmw\/idm\/bin<\/strong><\/p>\n

    [oracle@fusion bin]$\u00a0.\/config.sh &<\/strong><\/p><\/blockquote>\n

    \"\"
    \n<\/strong><\/p>\n

    \"\"<\/p>\n

    Click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Select “Configure Without A Domain<\/strong>” and click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Enter values as follows. Click\u00a0Next
    \n<\/strong><\/p>\n

    Instance Location: \/app\/fusion\/admin\/oid_inst1<\/strong><\/p>\n

    Instance Name: oid_inst1<\/strong><\/p>\n

    \"\"<\/p>\n

    Deselect email notification and click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Select only “Oracle Internet Directory<\/strong>” and click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Select “Specify Ports using Configuration File<\/strong>” and enter file name as\u00a0\/home\/oracle\/staticports.ini<\/strong><\/p>\n

    In another terminal window copy the staticports.ini file to home directory.<\/p>\n

    [oracle@fusion bin]$\u00a0cp \/app\/fusion\/provisioning\/idm\/idm\/Disk1\/stage\/Response\/staticports.ini ~\/<\/strong><\/p><\/blockquote>\n

    Click on View\/Edit file
    \n<\/strong><\/p>\n

    \"\"<\/p>\n

    Change the values as follows and click Save<\/strong>.<\/p>\n

    VERY IMPORTANT:<\/strong><\/span><\/p>\n

    As per Oracle Manual ideally we should have changed it to as follows.<\/p>\n

    #The Non-SSL port for OID<\/p>\n

    Oracle Internet Directory Port No = 389<\/p>\n

    #The SSL port for OID<\/p>\n

    Oracle Internet Directory (SSL) Port No = 636<\/p>\n

    But OID fails to configure and start at the end of installation with these values so we will stick to the OID values for 11g in the staticports.ini and just remove the comments.<\/strong><\/p>\n

    #The Non-SSL port for OID<\/p>\n

    Oracle Internet Directory Port No = 3060<\/strong><\/p>\n

    #The SSL port for OID<\/p>\n

    Oracle Internet Directory (SSL) Port No = 3061<\/strong><\/p><\/blockquote>\n

     <\/p>\n

    \"\"<\/p>\n

    Once saved, click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Enter Oracle123<\/strong> or any suitable password. If you are using different passwords then please make a note of all of them. Click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Since we are not using any domains as such but as we have added an entry in our hosts file for fusion.localdomain<\/strong>, we will add “dc=localdomain<\/strong>” for Realm. Enter Oracle123<\/strong> or any suitable password. Click\u00a0Next<\/strong><\/p>\n

    [oracle@fusion ~]$ more \/etc\/hosts<\/p>\n

    127.0.0.1 localhost.localdomain localhost<\/p>\n

    192.168.56.101 fusion fusion.localdomain<\/p><\/blockquote>\n

    \"\"<\/p>\n

    Save summary if needed and click\u00a0Configure<\/strong>\u00a0to start configuration.<\/p>\n

    \"\"<\/p>\n

    Once installation finishes, click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Save installation summary if needed and click\u00a0Finish<\/strong>\u00a0to complete the installation.<\/p>\n

     <\/p>\n

    Validate the OID installation<\/strong><\/span><\/p>\n

    [oracle@fusion ~]$\u00a0export ORACLE_HOME=\/app\/fusion\/fmw\/idm<\/strong><\/p>\n

    [oracle@fusion ~]$\u00a0export ORACLE_INSTANCE=\/app\/fusion\/admin\/oid_inst1<\/strong><\/p>\n

    [oracle@fusion ~]$\u00a0export PATH= \\<\/strong><\/p>\n

    $ORACLE_HOME\/opmn\/bin:$ORACLE_HOME\/bin:$ORACLE_HOME\/ldap\/bin: \\<\/strong><\/p>\n

    $ORACLE_HOME\/ldap\/admin:$PATH<\/strong><\/p>\n

    [oracle@fusion ~]$\u00a0ldapbind -h fusion -p 3060 -D “cn=orcladmin” -q<\/strong><\/p>\n

    Please enter bind password:<\/p>\n

    bind successful<\/p>\n

    [oracle@fusion ~]$\u00a0ldapbind -h fusion -p 3061 -D “cn=orcladmin” -q -U 1<\/strong><\/p>\n

    Please enter bind password:<\/p>\n

    bind successful<\/p>\n

    [oracle@fusion ~]$\u00a0opmnctl status<\/strong><\/p>\n

    Processes in Instance: oid_inst1<\/p>\n

    \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014+\u2014\u2014\u2014\u2014\u2014\u2014\u2013+\u2014\u2014\u2014+\u2014\u2014\u2014<\/p>\n

    ias-component | process-type | pid | status<\/p>\n

    \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014+\u2014\u2014\u2014\u2014\u2014\u2014\u2013+\u2014\u2014\u2014+\u2014\u2014\u2014<\/p>\n

    oid1 | oidldapd | 19810 | Alive<\/p>\n

    oid1 | oidldapd | 19798 | Alive<\/p>\n

    oid1 | oidmon | 19785 | Alive<\/p>\n

    EMAGENT | EMAGENT | 19325 | Alive<\/p><\/blockquote>\n

     <\/p>\n

    Registering Oracle Internet Directory with the WebLogic Server Domain<\/strong><\/span>
    \n<\/span><\/span><\/p>\n

    [oracle@fusion provisioning]$ export ORACLE_HOME=\/app\/fusion\/fmw\/idm<\/strong><\/p>\n

    [oracle@fusion provisioning]$ export ORACLE_INSTANCE=\/app\/fusion\/admin\/oid_inst1<\/strong><\/p>\n

    [oracle@fusion provisioning]$ $ORACLE_INSTANCE\/bin\/opmnctl \\<\/strong><\/p>\n

    registerinstance -adminHost fusion -adminPort 7001 -adminUsername weblogic<\/strong><\/p>\n

    Command requires login to weblogic admin server (fusion):<\/p>\n

    Username: weblogic<\/strong><\/p>\n

    Password:<\/p>\n

    Registering instance<\/p>\n

    Command succeeded.<\/p><\/blockquote>\n

    Note:<\/strong>\u00a0We have skipped next steps related to SSL since we are setting up non-SSL connections here.
    \nUpdate the Enterprise Manager Repository URL<\/strong><\/span>
    \n<\/span><\/span><\/p>\n

    Next we will update the Enterprise Manager Repository URL using the emctl utility with the<\/span>\u00a0switchOMS<\/strong>flag. The emctl utility is located under the\u00a0<\/span>ORACLE_INSTANCE<\/em>\/EMAGENT\/EMAGENT\/bin<\/span>\u00a0<\/span>directory.<\/span><\/span>
    \n<\/span><\/p>\n

    [oracle@fusion ~]$ cd $ORACLE_INSTANCE\/EMAGENT\/EMAGENT\/bin<\/strong><\/span><\/p>\n

    [oracle@fusion bin]$ .\/emctl switchOMS http:\/\/fusion:7001\/em\/upload<\/span><\/a><\/strong><\/span><\/p>\n

    Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.<\/p>\n

    Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.<\/p>\n

    SwitchOMS succeeded.<\/p><\/blockquote>\n

    We can now verify whether this instance is registered for monitoring agent.<\/p>\n

    Login to\u00a0http:\/\/fusion:7001\/em<\/strong><\/p>\n

    Click on\u00a0Farm->Agent monitored targets.<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

    \"\"<\/p>\n

    Extending the Domain with Oracle Directory Service Manager (ODSM)<\/strong><\/span>
    \n<\/span><\/p>\n

    Start the configuration from\u00a0<IDM Oracle Home>\/bin<\/strong><\/p>\n

    [oracle@fusion bin]$ cd \/app\/fusion\/fmw\/idm\/bin\/<\/strong><\/span><\/p>\n

    [oracle@fusion bin]$ .\/config.sh &
    \n<\/strong><\/span><\/p><\/blockquote>\n

    \"\"<\/p>\n

    \"\"<\/p>\n

    Click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Select “Extend Existing Domain<\/strong>” and enter details of existing weblogic Server and AdminServer port. Click Next<\/strong><\/p>\n

    \"\"<\/p>\n

    You can ignore this error since we created this domain using the Identity Management installer. Click\u00a0Yes <\/strong>to ignore.<\/p>\n

    \"\"<\/p>\n

    Verify that the weblogic server directory shown is correct as per previous steps. Specify name and path for Oracle Directory Service instance. Make sure to keep the instance in same parent directory as previous instances. Click\u00a0Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

    Deselect email notification and click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Select Oracle “Directory Service Manager<\/strong>” and click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Select “Specify Ports using Configuration File<\/strong>” and enter file name as\u00a0\/home\/oracle\/staticports.ini<\/strong><\/p>\n

    Meanwhile in another terminal window copy the\u00a0staticports.ini<\/strong>\u00a0to home directory.<\/p>\n

    [oracle@fusion bin]$ cp -p \/app\/fusion\/provisioning\/idm\/idm\/Disk1\/stage\/Response\/staticports.ini ~\/<\/p><\/blockquote>\n

    Click View\/Edit<\/strong><\/p>\n

    \"\"<\/p>\n

    Uncomment the ODS Server Port and keep it default 7006<\/strong>. Click Save<\/strong><\/p>\n

    \"\"<\/p>\n

    Once Saved click Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Save summary if needed and click\u00a0Configure<\/strong>\u00a0to start configuration.<\/p>\n

    \"\"<\/p>\n

    Once installation finishes, click\u00a0Next<\/strong><\/p>\n

    \"\"<\/p>\n

    Save installation summary if needed and click\u00a0Finish<\/strong>\u00a0to complete the installation.<\/p>\n

     <\/p>\n

    Password-less startup for ODS<\/strong><\/span><\/p>\n

    cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/wls_ods1\/security\/\u00a0(if not present create this structure)<\/p>\n

    cp ..\/..\/AdminServer\/security\/boot.properties .<\/p>\n

    cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/bin\/<\/p>\n

    nohup .\/startManagedWebLogic.sh wls_ods1 &<\/p><\/blockquote>\n

    Now you can access ODS homepage at\u00a0<\/span>http:\/\/fusion:7006\/odsm<\/span>
    \n<\/span><\/p>\n

    \"\"<\/p>\n

    It will now also show up in http:\/\/fusion:7777\/em<\/a><\/p>\n

    \"\"<\/p>\n

    Configure Oracle Directory Service with OID<\/strong><\/span>
    \n<\/span>
    \n\"\"
    \n<\/span><\/p>\n

    Click on\u00a0Connect to a directory<\/strong>\u00a0->\u00a0Create A New Connection<\/strong>
    \n\"\"
    \n<\/span><\/p>\n

    Enter the details for OID.<\/p>\n

    Name:\u00a0fusion-oid<\/strong><\/p>\n

    Server:\u00a0fusion<\/strong><\/p>\n

    SSL Enabled:\u00a0Unchecked<\/strong><\/p>\n

    User Name:\u00a0cn=orcladmin<\/strong><\/p>\n

    Password:\u00a0Oracel123<\/strong><\/p>\n

    Start Page:\u00a0Home<\/strong><\/p>\n

    Click\u00a0Connect<\/strong><\/p><\/blockquote>\n

    \"\"
    \n<\/span><\/p>\n

    Once connection is successful, you should be able to see OID page<\/p>\n

    .\"\"
    \n<\/span><\/p>\n

    You can randomly check whether you are able to see details of any user, for example\u00a0cn=orcladmin<\/strong>
    \nConfiguring Oracle HTTP Servers to Access the ODSM Console<\/strong><\/span><\/p>\n

    [oracle@fusion moduleconf]$\u00a0cd \/app\/fusion\/admin\/ohs_inst1\/config\/OHS\/ohs1\/moduleconf\/<\/strong><\/p>\n

    [oracle@fusion moduleconf]$\u00a0vi admin.conf
    \n<\/strong><\/p>\n

    # Append following lines in admin.conf<\/strong><\/p>\n

    <Location \/odsm>
    \n<\/strong><\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/strong><\/span><\/p>\n

    WebLogicHost fusion
    \n<\/strong><\/span><\/p>\n

    WeblogicPort 7006
    \n<\/strong><\/span><\/p>\n

    <\/Location>
    \n<\/strong><\/span><\/p><\/blockquote>\n

     <\/p>\n

    Restart HTTP server.<\/strong>
    \n<\/span><\/p>\n

    Now we can access ODSM through\u00a0<\/span>http:\/\/fusion:7777\/odsm\/<\/span>
    \n<\/span><\/p>\n

    http:\/\/fusion:7777\/odsm<\/span><\/a><\/p>\n

     <\/p>\n

    Apply following patches<\/span><\/strong><\/span><\/p>\n

      \n
    1. 12995033<\/strong> for IDM Tools IAM_ORACLE_HOME
      \n<\/span><\/li>\n
    2. 12989739<\/strong> for OAM 11g IAM_ORACLE_HOME
      \n<\/span><\/li>\n
    3. 12961473<\/strong>, 14109501 (could not locate this second patch) for OIM IAM_ORACLE_HOME [Skip post steps for 12961473 for now since there is another patch to be applied later which has same post steps and is subset patch for this]
      \n<\/span><\/li>\n
    4. 12937765<\/strong> for OID IDM_ORACLE_HOME <\/span>
      \n
      \n<\/span><\/li>\n<\/ol>\n

      There is a patch listed for Webgate but you can apply it once we install Webgate. We have skipped this for now.
      \n<\/span><\/p>\n

      12816881<\/strong> for OAM 10g WebGate
      \n<\/span><\/p>\n

       <\/p>\n

      Preparing Identity and Policy Stores
      \n<\/strong><\/span><\/p>\n

      A) Preparing the OPSS Policy Store<\/strong><\/p>\n

      Creating Policy Store Users and the Policy Container<\/strong><\/p>\n

      [oracle@fusion ~]$ cd \/app\/fusion\/fmw\/iam\/idmtools\/bin\/<\/strong><\/p>\n

      [oracle@fusion bin]$ export ORACLE_HOME=\/app\/fusion\/fmw\/iam<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ export JAVA_HOME=\/app\/fusion\/jdk6<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ export IDM_HOME=\/app\/fusion\/fmw\/idm<\/strong>
      \n<\/span><\/p>\n

      [oracle@fusion bin]$ export MW_HOME=\/app\/fusion\/fmw<\/strong><\/span><\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ more policystore.props<\/strong><\/span><\/p>\n

      POLICYSTORE_HOST: fusion<\/p>\n

      POLICYSTORE_PORT: 3060<\/p>\n

      POLICYSTORE_BINDDN: cn=orcladmin<\/p>\n

      POLICYSTORE_READONLYUSER: PolicyROUser<\/p>\n

      POLICYSTORE_READWRITEUSER: PolicyRWUser<\/p>\n

      POLICYSTORE_SEARCHBASE: dc=localdomain<\/p>\n

      POLICYSTORE_CONTAINER: cn=jpsroot<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ .\/idmConfigTool.sh -configPolicyStore input_file=policystore.props<\/strong><\/span><\/p>\n

      Enter Policy Store Bind DN password :<\/p>\n

      \u2026<\/p>\n

      Enter User Password for PolicyROUser:<\/p>\n

      Confirm User Password for PolicyROUser:<\/p>\n

      \u2026<\/p>\n

      Enter User Password for PolicyRWUser:<\/p>\n

      Confirm User Password for PolicyRWUser:<\/p>\n

      \u2026<\/p><\/blockquote>\n

       <\/p>\n

      Reassociating the Policy and Credential Store<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin\/<\/strong><\/p>\n

      [oracle@fusion bin]$ .\/wlst.sh<\/strong><\/span><\/p>\n

      wls:\/offline> connect(“weblogic”,”Oracle123″,”t3:\/\/fusion:7001″)<\/strong><\/span><\/p>\n

      wls:\/IDMDomain\/serverConfig> reassociateSecurityStore(domain=”IDMDomain”, admin=”cn=orcladmin”,password=”Oracle123″, ldapurl=”ldap:\/\/fusion:3060″,servertype=”OID”, jpsroot=”cn=jpsroot”)
      \n<\/strong><\/span><\/p>\n

      \u2026<\/p>\n

      \u2026<\/p>\n

      Jps Configuration has been changed. Please restart the application server.<\/p>\n

      wls:\/IDMDomain\/serverConfig> wls:\/IDMDomain\/serverConfig> exit()<\/strong><\/span><\/p><\/blockquote>\n

      Restart Weblogic Admin Server.<\/strong><\/p>\n

       <\/p>\n

      B)\u00a0<\/strong>Preparing the Identity Store
      \n<\/strong><\/span><\/p>\n

      Extending Directory Schema for Oracle Access Manager<\/strong><\/p>\n

      [oracle@fusion bin]$ more extend.props<\/strong><\/span><\/p>\n

      IDSTORE_HOST: fusion<\/p>\n

      IDSTORE_PORT: 3060<\/p>\n

      IDSTORE_BINDDN: cn=orcladmin<\/p>\n

      IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

      IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

      IDSTORE_USERSEARCHBASE: cn=Users,dc=localdomain<\/p>\n

      IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

      IDSTORE_SEARCHBASE: dc=localdomain<\/p>\n

      IDSTORE_SYSTEMIDBASE: cn=systemids,dc=localdomain<\/p>\n

      [oracle@fusion bin]$ .\/idmConfigTool.sh -preConfigIDStore input_file=extend.props<\/strong><\/span><\/p>\n

      Enter ID Store Bind DN password :<\/p><\/blockquote>\n

      Creating Users and Groups for Oracle Access Manager<\/strong><\/p>\n

      [oracle@fusion bin]$ more oam.props<\/strong><\/span><\/p>\n

      IDSTORE_HOST: fusion<\/p>\n

      IDSTORE_PORT: 3060<\/p>\n

      IDSTORE_BINDDN: cn=orcladmin<\/p>\n

      IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

      IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

      IDSTORE_USERSEARCHBASE: cn=Users,dc=localdomain<\/p>\n

      IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

      IDSTORE_SEARCHBASE: dc=localdomain<\/p>\n

      POLICYSTORE_SHARES_IDSTORE: true<\/p>\n

      OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators<\/p>\n

      IDSTORE_OAMSOFTWAREUSER:oamLDAP<\/p>\n

      IDSTORE_OAMADMINUSER:oamadmin<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ .\/idmConfigTool.sh -prepareIDStore mode=OAM input_file=oam.props<\/strong><\/span><\/p>\n

      Enter ID Store Bind DN password :<\/p>\n

      \u2026<\/p>\n

      Enter User Password for oamadmin:<\/p>\n

      Confirm User Password for oamadmin:<\/p>\n

      \u2026<\/p>\n

      Enter User Password for oamLDAP:<\/p>\n

      Confirm User Password for oamLDAP:<\/p><\/blockquote>\n

       <\/p>\n

      Creating Users and Groups for Oracle Identity Manager<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ more oim.props<\/strong><\/span><\/p>\n

      IDSTORE_HOST: fusion<\/p>\n

      IDSTORE_PORT: 3060<\/p>\n

      IDSTORE_BINDDN: cn=orcladmin<\/p>\n

      IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

      IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

      IDSTORE_USERSEARCHBASE: cn=Users,dc=localdomain<\/p>\n

      IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

      IDSTORE_SEARCHBASE: dc=localdomain<\/p>\n

      POLICYSTORE_SHARES_IDSTORE: true<\/p>\n

      IDSTORE_SYSTEMIDBASE: cn=systemids,dc=localdomain<\/p>\n

      IDSTORE_OIMADMINUSER: oimLDAP<\/p>\n

      IDSTORE_OIMADMINGROUP: OIMAdministrators<\/p>\n

      [oracle@fusion bin]$ .\/idmConfigTool.sh -prepareIDStore mode=OIM input_file=oim.props<\/strong><\/span><\/p>\n

      Enter ID Store Bind DN password :<\/p>\n

      \u2026<\/p>\n

      Enter User Password for oimLDAP:<\/p>\n

      Confirm User Password for oimLDAP:<\/p>\n

      \u2026<\/p>\n

      Enter User Password for xelsysadm:<\/p>\n

      Confirm User Password for xelsysadm:<\/p><\/blockquote>\n

       <\/p>\n

      Creating Users and Groups for Oracle WebLogic Server
      \n<\/strong><\/span><\/p>\n

      Add a read-only user to cn=orclFAUserReadPrivilegeGroup as follows<\/strong><\/p>\n

      [oracle@fusion bin]$ export ORACLE_HOME=\/app\/fusion\/fmw\/idm<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ more rou_member.ldif<\/strong><\/span><\/p>\n

      dn: cn=orclFAUserReadPrivilegeGroup,cn=Groups,dc=localdomain<\/p>\n

      changetype: modify<\/p>\n

      add: uniquemember<\/p>\n

      uniquemember: cn=IDROUser,cn=Users,dc=localdomain<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ \/app\/fusion\/fmw\/idm\/bin\/ldapmodify -h fusion -p 3060 -D cn=orcladmin -q -f rou_member.ldif<\/strong><\/span><\/p>\n

      Please enter bind password:<\/p>\n

      modifying entry cn=orclFAUserReadPrivilegeGroup,cn=Groups,dc=localdomain<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ export ORACLE_HOME=\/app\/fusion\/fmw\/iam<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ more wls.props<\/strong><\/span><\/p>\n

      IDSTORE_HOST: fusion<\/p>\n

      IDSTORE_PORT: 3060<\/p>\n

      IDSTORE_BINDDN: cn=orcladmin<\/p>\n

      IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

      IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

      IDSTORE_USERSEARCHBASE: cn=Users, dc=localdomain<\/p>\n

      IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

      IDSTORE_SEARCHBASE: dc=localdomain<\/p>\n

      POLICYSTORE_SHARES_IDSTORE: true<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ .\/idmConfigTool.sh -prepareIDStore mode=WLS input_file=wls.props<\/strong><\/span><\/p>\n

      Enter ID Store Bind DN password :<\/p>\n

      \u2026<\/p>\n

      Enter User Password for weblogic_idm:<\/p>\n

      Confirm User Password for weblogic_idm:<\/p><\/blockquote>\n

       <\/p>\n

      Creating Users and Groups for Fusion Applications<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ more fusion.props<\/strong><\/span><\/p>\n

      IDSTORE_HOST: fusion<\/p>\n

      IDSTORE_PORT: 3060<\/p>\n

      IDSTORE_BINDDN: cn=orcladmin<\/p>\n

      IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

      IDSTORE_READONLYUSER: IDROUser<\/p>\n

      IDSTORE_READWRITEUSER: IDRWUser<\/p>\n

      IDSTORE_USERSEARCHBASE:cn=Users,dc=localdomain<\/p>\n

      IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

      IDSTORE_SEARCHBASE: dc=localdomain<\/p>\n

      IDSTORE_SUPERUSER: weblogic_fa<\/p>\n

      POLICYSTORE_SHARES_IDSTORE: true<\/p><\/blockquote>\n

       <\/p>\n

      [oracle@fusion bin]$ .\/idmConfigTool.sh -prepareIDStore mode=fusion input_file=fusion.props<\/strong><\/span><\/p>\n

      Enter ID Store Bind DN password :<\/p>\n

      *** Creation of IDROUser ***<\/p>\n

      Mar 22, 2012 3:05:58 PM oracle.ldap.util.LDIFLoader loadOneLdifFile<\/p>\n

      INFO: -> LOADING: \/app\/fusion\/fmw\/iam\/idmtools\/templates\/oid\/oam_user_template.ldif<\/p>\n

      Enter User Password for IDROUser:<\/p>\n

      Confirm User Password for IDROUser:<\/p>\n

      *** Creation of IDRWUser ***<\/p>\n

      Mar 22, 2012 3:06:03 PM oracle.ldap.util.LDIFLoader loadOneLdifFile<\/p>\n

      INFO: -> LOADING: \/app\/fusion\/fmw\/iam\/idmtools\/templates\/oid\/oam_user_template.ldif<\/p>\n

      Enter User Password for IDRWUser:<\/p>\n

      Confirm User Password for IDRWUser:<\/p>\n

      *** Creation of weblogic_fa ***<\/p>\n

      Mar 22, 2012 3:06:10 PM oracle.ldap.util.LDIFLoader loadOneLdifFile<\/p>\n

      INFO: -> LOADING: \/app\/fusion\/fmw\/iam\/idmtools\/templates\/oid\/oam_user_template.ldif<\/p>\n

      Enter User Password for weblogic_fa:<\/p>\n

      Confirm User Password for weblogic_fa:<\/p>\n

      Mar 22, 2012 3:06:15 PM oracle.ldap.util.LDIFLoader loadOneLdifFile<\/p>\n

      INFO: -> LOADING: \/app\/fusion\/fmw\/iam\/idmtools\/templates\/common\/oam_user_read_acl_template.ldif<\/p>\n

      Mar 22, 2012 3:06:15 PM oracle.ldap.util.LDIFLoader loadOneLdifFile<\/p>\n

      INFO: -> LOADING: \/app\/fusion\/fmw\/iam\/idmtools\/templates\/oid\/fa_add_pwdpolicy.ldif<\/p>\n

      Mar 22, 2012 3:06:15 PM oracle.ldap.util.LDIFLoader loadOneLdifFile<\/p>\n

      INFO: -> LOADING: \/app\/fusion\/fmw\/iam\/idmtools\/templates\/oid\/fa_add_pwdpolicy.ldif<\/p>\n

      Mar 22, 2012 3:06:15 PM oracle.ldap.util.LDIFLoader loadOneLdifFile<\/p>\n

      INFO: -> LOADING: \/app\/fusion\/fmw\/iam\/idmtools\/templates\/oid\/fa_add_pwdpolicy.ldif<\/p>\n

      The tool has completed its operation. Details have been logged to automation.log<\/p><\/blockquote>\n

       <\/p>\n

      In addition to creating the users, the idmConfigTool command you ran earlier<\/p>\n

      creates the following groups and assigns users to them:<\/p>\n

      orclFAGroupReadPrivilegeGroup<\/p>\n

      orclFAGroupWritePrivilegeGroup<\/p>\n

      orclFAUserReadPrivilegeGroup<\/p>\n

      orclFAUserWritePrefsPrivilegeGroup<\/p>\n

      orclFAUserWritePrivilegeGroup<\/p>\n

       <\/p>\n

      Important Note:<\/strong><\/span> Check automation.log file now. If you see any message like “Error adding user to groups<\/strong><\/span>” then you must also do following steps. This is due to a bug introduced by one of the pre-requisite patches. If you have not applied these patches then you may not face the error. Regardless, nothing to worry since we have a solution as below.<\/p>\n

      No need to execute these if there were no errors in automation.log file.<\/span><\/p>\n

      [oracle@fusion bin]$ more rog_member.ldif<\/strong><\/span><\/p>\n

      dn: cn=orclFAGroupReadPrivilegeGroup,cn=Groups,dc=localdomain<\/p>\n

      changetype: modify<\/p>\n

      add: uniquemember<\/p>\n

      uniquemember: cn=IDROUser,cn=Users,dc=localdomain<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ more rwu_member.ldif<\/strong><\/span><\/p>\n

      dn: cn=orclFAUserWritePrivilegeGroup,cn=Groups,dc=localdomain<\/p>\n

      changetype: modify<\/p>\n

      add: uniquemember<\/p>\n

      uniquemember: cn=IDRWUser,cn=Users,dc=localdomain<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ more rwg_member.ldif<\/strong><\/span><\/p>\n

      dn: cn=orclFAGroupWritePrivilegeGroup,cn=Groups,dc=localdomain<\/p>\n

      changetype: modify<\/p>\n

      add: uniquemember<\/p>\n

      uniquemember: cn=IDRWUser,cn=Users,dc=localdomain<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ more rwpg_member.ldif<\/strong><\/span><\/p>\n

      dn: cn=orclFAUserWritePrefsPrivilegeGroup<\/span>,cn=Groups,dc=localdomain<\/p>\n

      changetype: modify<\/p>\n

      add: uniquemember<\/p>\n

      uniquemember: cn=IDRWUser,cn=Users,dc=localdomain<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ \/app\/fusion\/fmw\/idm\/bin\/ldapmodify -h fusion -p 3060 -D cn=orcladmin -q -f rog_member.ldif<\/strong><\/span><\/p>\n

      Please enter bind password:<\/p>\n

      modifying entry cn=orclFAGroupReadPrivilegeGroup,cn=Groups,dc=localdomain<\/p>\n

      ldap_modify: Type or value exists<\/p>\n

      ldap_modify: additional info: uniquemember attribute has duplicate value.<\/p>\n

       <\/p>\n

      Note:<\/strong><\/span> Ignore if you see above error. This confirms that the user was already added to ReadOnly group.<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ \/app\/fusion\/fmw\/idm\/bin\/ldapmodify -h fusion -p 3060 -D cn=orcladmin -q -f rwu_member.ldif<\/strong><\/span><\/p>\n

      Please enter bind password:<\/p>\n

      modifying entry cn=orclFAUserWritePrivilegeGroup,cn=Groups,dc=localdomain<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ \/app\/fusion\/fmw\/idm\/bin\/ldapmodify -h fusion -p 3060 -D cn=orcladmin -q -f rwg_member.ldif<\/strong><\/span><\/p>\n

      Please enter bind password:<\/p>\n

      modifying entry cn=orclFAGroupWritePrivilegeGroup,cn=Groups,dc=localdomain<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ \/app\/fusion\/fmw\/idm\/bin\/ldapmodify -h fusion -p 3060 -D cn=orcladmin -q -f rwpg_member.ldif<\/strong><\/span><\/p>\n

      Please enter bind password:<\/p>\n

      modifying entry cn=orclFAUserWritePrefsPrivilegeGroup,cn=Groups,dc=localdomain<\/p><\/blockquote>\n

       <\/p>\n

      Extending the Domain with Oracle Access Manager<\/strong><\/p>\n

      [oracle@fusion bin]$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin\/<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ .\/config.sh &<\/strong><\/span><\/p><\/blockquote>\n

      \"\"<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

      Click “Extend an existing WebLogic domain<\/strong>” and click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Scroll down and select\u00a0admin->IDMDomain-> aserver -> IDMDomain<\/strong>. Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Select only “Oracle Access Manager with Database Policy Store”<\/strong>\u00a0and click on Next.<\/p>\n

      \"\"<\/p>\n

      Here you need to provide the database connection details and choose schema owner username. You can keep the name default but make sure to keep a note of it since you will need this later. Choose a password for example Oracle123<\/strong>. Click\u00a0Next<\/strong><\/p>\n

      \"\"
      \n<\/strong><\/span><\/p>\n

      Now it will test the database connectivity through JDBC.<\/p>\n

      \"\"<\/p>\n

      Once successful, click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Select “Managed Servers, Clusters and Machines” only and click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      The first row was from previous configuration of ODS and now there will be another row for OAM. Keep the default port and make a note of it. Enter wls_oam1<\/strong> for the instance name (or whichever you chose while creating instance) and click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Just click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      On the “Machines<\/strong>” tab make sure that correct hostname is entered. Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Select\u00a0wls_oam1<\/strong>\u00a0and click the right arrow.<\/p>\n

      \"\"<\/p>\n

      Now it should look as above. Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      On the summary page Click\u00a0Extend<\/strong>.<\/p>\n

      \"\"<\/p>\n

      Click\u00a0OK<\/strong>\u00a0Since we are aware that these are correct ports being used by AdminServer<\/strong> and wls_ods1<\/strong> instance.<\/p>\n

      \"\"<\/p>\n

      Once configuration finishes, click\u00a0Done<\/strong>.<\/p>\n

      Restart Weblogic admin server. Do not start managed server wls_oam1 yet.
      \n<\/strong><\/span><\/p>\n

       <\/p>\n

      You can start the managed server by using following command.<\/span><\/p>\n

      [oracle@fusion bin]$\u00a0cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/bin\/<\/strong><\/p>\n

      [oracle@fusion bin]$ .\/startManagedWebLogic.sh wls_oam1<\/strong><\/p>\n

      This will create the directory<\/span>
      \n<\/span>\/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/wls_oam1<\/strong>
      \n<\/span><\/p>\n

      Press CTRL+C to stop the process since we will need to configure startup without password prompt.<\/span><\/p>\n

      [oracle@fusion wls_oam1]$\u00a0cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/wls_oam1<\/strong><\/p>\n

      [oracle@fusion wls_oam1]$\u00a0cp ..\/wls_ods1\/security\/ boot.properties .<\/strong><\/p><\/blockquote>\n

      Now we can start the managed server without prompting for password.<\/span><\/p>\n

      [oracle@fusion bin]$\u00a0cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/bin\/<\/strong><\/p>\n

      [oracle@fusion bin]$\u00a0nohup .\/startManagedWebLogic.sh wls_oam1 &<\/strong><\/p><\/blockquote>\n

      Remove IDM Domain Agent<\/strong>
      \n<\/span><\/p>\n

      Open Admin Server console at http:\/\/fusion:7777\/console<\/a> and login with user weblogic<\/strong><\/p>\n

      Click Lock & Edit<\/p>\n

      \"\"<\/p>\n

      Go to Console->Environment -> Security Realms -> myrealm -> providers -> Select IAMSuiteAgent<\/strong> and delete<\/strong> it.<\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      Restart Weblogic and all managed servers including wls_oam1
      \n<\/strong><\/span><\/p>\n

       <\/p>\n

      Configuring Oracle HTTP Servers to Display Login Page and Oracle Access Manager Console<\/strong><\/span>
      \n<\/span><\/p>\n

      Append<\/strong>\u00a0following entries in \/app\/fusion\/admin\/ohs_inst1\/config\/OHS\/ohs1\/moduleconf\/admin.conf<\/strong>
      \n<\/span><\/p>\n

      <Location \/oam>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14100
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

       <\/p>\n

      <Location \/fusion_apps><\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14100
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

       <\/p>\n

      <Location \/oamconsole>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 7001
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p><\/blockquote>\n

       <\/p>\n

      Restart HTTP Server<\/strong>\u00a0to bring this to effect.<\/span>\u00a0<\/span><\/p>\n

      Check http:\/\/fusion:7777\/oamconsole<\/span><\/a> to validate the same.<\/p>\n

       <\/p>\n

      Configure OAM<\/strong>
      \n<\/span><\/p>\n

      [oracle@fusion bin]$ cd \/app\/fusion\/fmw\/iam\/idmtools\/bin<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ more config_oam1.props<\/strong><\/span><\/p>\n

      WLSHOST: fusion<\/p>\n

      WLSPORT: 7001<\/p>\n

      WLSADMIN: weblogic<\/p>\n

      IDSTORE_HOST: fusion<\/p>\n

      IDSTORE_PORT: 3060<\/p>\n

      IDSTORE_BINDDN: cn=orcladmin<\/p>\n

      IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

      IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

      IDSTORE_USERSEARCHBASE: cn=Users,dc=localdomain<\/p>\n

      IDSTORE_SEARCHBASE: dc=localdomain<\/p>\n

      IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

      IDSTORE_OAMSOFTWAREUSER: oamLDAP<\/p>\n

      IDSTORE_OAMADMINUSER: oamadmin<\/p>\n

      PRIMARY_OAM_SERVERS: fusion:5575<\/p>\n

      WEBGATE_TYPE: ohsWebgate10g<\/p>\n

      ACCESS_GATE_ID: Webgate_IDM<\/p>\n

      OAM11G_IDM_DOMAIN_OHS_HOST:fusion<\/p>\n

      OAM11G_IDM_DOMAIN_OHS_PORT:7777<\/p>\n

      OAM11G_IDM_DOMAIN_OHS_PROTOCOL:http<\/p>\n

      OAM11G_OAM_SERVER_TRANSFER_MODE:open<\/p>\n

      OAM11G_IDM_DOMAIN_LOGOUT_URLS:\/console\/jsp\/common\/logout.jsp,\/em\/targetauth\/emaslogout.jsp<\/p>\n

      OAM11G_WG_DENY_ON_NOT_PROTECTED: false<\/p>\n

      OAM11G_SERVER_LOGIN_ATTRIBUTE: uid<\/p>\n

      OAM_TRANSFER_MODE: open<\/p>\n

      COOKIE_DOMAIN: .localdomain<\/p>\n

      OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators<\/p>\n

      OAM11G_SSO_ONLY_FLAG: true<\/p>\n

      OAM11G_OIM_INTEGRATION_REQ: false<\/p>\n

      OAM11G_IMPERSONATION_FLAG:true<\/p>\n

      OAM11G_SERVER_LBR_HOST:fusion<\/p>\n

      OAM11G_SERVER_LBR_PORT:7777<\/p>\n

      OAM11G_SERVER_LBR_PROTOCOL:http<\/p>\n

      OAM11G_OIM_WEBGATE_PASSWD: Oracle123<\/p>\n

      COOKIE_EXPIRY_INTERVAL: 120<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ .\/idmConfigTool.sh -configOAM input_file=config_oam1.props<\/strong><\/span><\/p>\n

      Enter ID Store Bind DN password :<\/p>\n

      Enter User Password for WLSPASSWD:<\/p>\n

      Confirm User Password for WLSPASSWD:<\/p>\n

      Enter User Password for OAM11G_IDM_DOMAIN_WEBGATE_PASSWD:<\/p>\n

      Confirm User Password for OAM11G_IDM_DOMAIN_WEBGATE_PASSWD:<\/p>\n

      The passwords do not match. Please re-enter.<\/p>\n

      Enter User Password for OAM11G_IDM_DOMAIN_WEBGATE_PASSWD:<\/p>\n

      Confirm User Password for OAM11G_IDM_DOMAIN_WEBGATE_PASSWD:<\/p>\n

      Enter User Password for IDSTORE_PWD_OAMSOFTWAREUSER:<\/p>\n

      Confirm User Password for IDSTORE_PWD_OAMSOFTWAREUSER:<\/p>\n

      Enter User Password for IDSTORE_PWD_OAMADMINUSER:<\/p>\n

      Confirm User Password for IDSTORE_PWD_OAMADMINUSER:<\/p>\n

      \u2026<\/p>\n

      The tool has completed its operation. Details have been logged to automation.log<\/p><\/blockquote>\n

      Restart Admin server.
      \n<\/strong><\/span><\/p>\n

       <\/p>\n

      Validating the Configuration
      \n<\/strong><\/span><\/p>\n

      Login with oamadmin at http:\/\/fusion:7777\/oamconsole<\/span><\/a><\/p>\n

      oamadmin\/Oracle123<\/p>\n

      System Configuration -> Access Manager Settings -> SSO Agents -> Double click on OAM Agents<\/strong><\/p>\n

      click Search<\/strong><\/p>\n

      Webgate_IDM<\/strong> should be displayed here<\/p>\n

      Updating Newly-Created Agent<\/strong><\/p>\n

      Click the Agent Webgate_IDM<\/strong>.<\/p>\n

      Select Open<\/strong> from the Actions menu.<\/p>\n

      Update the following information:<\/p>\n

      Deny if not Protected: Deselect.
      \n<\/strong><\/p>\n

      Set Max Connections to 4<\/strong> for all of the Oracle Access Manager servers listed in the primary servers list.<\/p>\n

      Click Apply<\/strong>.<\/p><\/blockquote>\n

       <\/p>\n

      Click Policy Configuration tab<\/strong>.<\/p>\n

      Double Click IAMSuiteAgent<\/strong> under Host Identifiers<\/strong>.<\/p>\n

      Click +<\/strong> in the operations box.<\/p>\n

      Enter the following information:<\/p>\n

      Host Name: fusion<\/p>\n

      Port: 7777<\/p>\n

      Click Apply.<\/p><\/blockquote>\n

       <\/p>\n

      Changing the Login Attribute
      \n<\/strong><\/span><\/p>\n

      Note: <\/strong>If you have applied the previous patches then following will be already set.<\/p>\n

      Log in to the oamconsole at:<\/p>\n

      http:\/\/fusion:7777\/oamconsole<\/span><\/a><\/p>\n

      2. <\/strong>Click the System Configuration <\/strong>tab.<\/p>\n

      3. <\/strong>Expand Data Sources <\/strong>– User Identity Stores<\/strong>.<\/p>\n

      4. <\/strong>Click OIMIDStore<\/strong>.<\/p>\n

      5. <\/strong>Click Open<\/strong>.<\/p>\n

      Adding the oamadmin Account to Access System Administrators<\/p>\n

      12-16 <\/strong>Product Title\/BookTitle as a Variable<\/p>\n

      6. <\/strong>Change Username <\/strong>attribute to uid.<\/p>\n

      7. <\/strong>Click Apply<\/strong>.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      Restart the managed server wls_oam1
      \n<\/strong><\/span><\/p>\n

       <\/p>\n

      Add oamadmin as administrator
      \n<\/strong><\/span><\/p>\n

      1. <\/strong>Log in to the oamconsole at:<\/p>\n

      http:\/\/fusion:7777\/oamconsole<\/span><\/a><\/p>\n

      2. <\/strong>Click the System Configuration <\/strong>tab.<\/p>\n

      3. <\/strong>Expand Data Sources <\/strong>– User Identity Stores<\/strong>.<\/p>\n

      4. <\/strong>Click OIMIDStore<\/strong>.<\/p>\n

      5. <\/strong>Click Open<\/strong>.<\/p>\n

      6. <\/strong>Click the + <\/strong>symbol next to Access System Adminsitrators<\/strong>.<\/p>\n

      7. <\/strong>Type oamadmin in the search box and click Search<\/strong>.<\/p>\n

      8. <\/strong>Click the returned oamadmin <\/strong>row, then click Add Selected<\/strong>.<\/p>\n

      9. <\/strong>Click Apply<\/strong>.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      Validate OAM<\/strong>
      \n<\/span><\/p>\n

      [oracle@fusion tester]$ export JAVA_HOME=\/app\/fusion\/jdk6<\/strong><\/span><\/p>\n

      [oracle@fusion tester]$ cd \/app\/fusion\/fmw\/iam\/oam\/server\/tester<\/strong><\/span><\/p>\n

      [oracle@fusion tester]$ java -jar oamtest.jar<\/strong><\/span><\/p><\/blockquote>\n

      \"\"<\/p>\n

      Enter following details click Connect
      \n<\/strong><\/p>\n

      IP address: fusion
      \n<\/strong><\/p>\n

      Port: 5575<\/strong><\/p>\n

      Agent ID: Webgate_IDM<\/strong><\/p>\n

      Agent Password: Oracle123<\/strong><\/p><\/blockquote>\n

      \"\"<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

      Enter following details in URI section and click Validate<\/strong>.<\/p>\n

      Scheme: http<\/p>\n

      Host: fusion<\/p>\n

      Port: 7777
      \n<\/strong><\/p>\n

      Resource: \/oamconsole
      \n<\/strong><\/p>\n

      Operation: Get<\/strong><\/p><\/blockquote>\n

      \"\"<\/p>\n

      Enter following details and click Authorize.<\/p>\n

      IP address: IP<\/strong> for the host fusion (for our case 192.168.56.101 or fusion)<\/p>\n

      Username: oamadmin<\/strong><\/p>\n

      Password: Oracle123<\/strong><\/p><\/blockquote>\n

      \"\"<\/p>\n

      Click Authorize<\/strong>. It should succeed. This concludes OAM test.<\/p>\n

       <\/p>\n

      Update the Configuration File oam-config.xml<\/strong><\/span><\/p>\n

      Edit \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/config\/fmwconfig\/oam-config.xml<\/span>
      \n<\/strong>as per post step for patch 12989739<\/strong><\/span><\/p>\n

      <Setting Name=”NoUniqueSessionsFor10gAgents” Type=”xsd:boolean”>true<\/strong><\/Setting><\/p>\n

      …<\/p>\n

      <Setting Name=”SessionConfigurations” Type=”htf:map”><\/p>\n

      <Setting Name=”Timeout” Type=”htf:timeInterval”>120M<\/strong><\/Setting><\/p>\n

      <Setting Name=”Expiry” Type=”htf:timeInterval”>120M<\/strong><\/Setting><\/p>\n

      <Setting Name=”MaxSessionsPerUser” Type=”xsd:integer”>400<\/strong><\/Setting><\/p>\n

      <\/Setting><\/p><\/blockquote>\n

       <\/p>\n

      Extending the Domain to Configure Oracle Identity Manager and Oracle SOA Suite<\/strong><\/span>
      \n<\/span><\/p>\n

      Start the configuration from\u00a0<\/span><Middleware Home\/oracle_common\/common\/bin<\/strong><\/p>\n

      [oracle@fusion fmwconfig]$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin\/<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ .\/config.sh &<\/strong><\/span><\/p><\/blockquote>\n

      \"\"<\/p>\n

      \"\"<\/p>\n

      Select “Extend an existing WebLogic domain<\/strong>” and click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Scroll down and select\u00a0admin->IDMDomain->aseever -> IDMDomain<\/strong>\u00a0and click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Select\u00a0Oracle Identity Manager<\/strong>. It will automatically select\u00a0Oracle SOA Suite<\/strong>\u00a0and\u00a0Oracle WSM<\/strong>. Click Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Check all to modify all entries together. Provide database connect details and password Oracle123<\/strong> for all. Accept default value for Schema owner names. Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Now it will test the database connectivity through JDBC. Once JDBC test is successful, click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Select only “Managed Servers, Clusters and Machines<\/strong>” and click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Add entries for\u00a0wls_soa1<\/strong>\u00a0and\u00a0wls_oim1<\/strong>. Note the ports and click\u00a0Next.<\/strong><\/p>\n

      \"\"<\/p>\n

      Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Since we are using Linux\/Unix machine,\u00a0delete<\/strong>\u00a0entry from above screen.<\/p>\n

      \"\"<\/p>\n

      After Delete it should look as above. Click on Unix Machines <\/strong>tab<\/p>\n

      \"\"<\/p>\n

      Make sure correct hostname is entered here. Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Select\u00a0wls_oim1<\/strong>\u00a0andwls_soa1<\/strong>\u00a0and click right arrow.<\/p>\n

      \"\"<\/p>\n

      The screen will now look like above. Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      On Summary screen click\u00a0Entend<\/strong><\/p>\n

      \"\"<\/p>\n

      Click\u00a0OK<\/strong><\/p>\n

      \"\"<\/p>\n

      Once configuration finishes, click\u00a0Done<\/strong><\/p>\n

      Restart Weblogic Admin Server. Do not start OIM\/SOA yet.<\/strong><\/p>\n

      Note:<\/strong> Just in case if your database has case sensitive login enabled, make sure to disable it as follows. (default enabled in 11g)<\/p>\n

      SQL> alter system set sec_case_sensitive_logon=FALSE;<\/strong><\/span><\/p><\/blockquote>\n

       <\/p>\n

      Configuring Oracle Identity Manager<\/strong><\/span>
      \n<\/span><\/p>\n

      Now we will configure the Identity Manager from\u00a0<IAM Oracle Home>\/bin<\/strong><\/span><\/p>\n

      Before proceeding, ensure that the following are true:<\/p>\n

      1. The Administration Server is up and running.<\/p>\n

      2. The environment variables DOMAIN_HOME and WL_HOME are not <\/em><\/strong>set in the current shell.<\/p>\n

      [oracle@fusion bin]$ cd \/app\/fusion\/fmw\/iam\/bin
      \n<\/strong><\/span><\/p>\n

      [oracle@fusion bin]$ .\/config.sh &<\/strong><\/span><\/p><\/blockquote>\n

      \"\"<\/p>\n

      \"\"<\/p>\n

      Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Select only OIM Server and click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Enter database details in shown format “fusion:1521:fusiondb<\/strong>“. Select Schema names (keep default) and enter password (oracle123). Make sure to keep a note of these schema names\u00a0DEV_OIM<\/strong>\u00a0and DEV_MDS<\/strong>. We will need these later during provisioning plan. Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Enter AdminServer details in\u00a0t3:\/\/<hostname>:<port>\u00a0<\/strong>format. Here\u00a0t3:\/\/fusion:7001<\/strong><\/p>\n

      Important Note:\u00a0<\/strong>Before clicking next make sure that AdminServer is running otherwise it may throw following error on next page. Start or restart AdminServer if you see this error.<\/p>\n

      INST-6180: Error while retrieving OIM Managed Server URL from the domain.<\/p><\/blockquote>\n

      Click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Enter passwords as follows and keep a note of them since we will require them in provisioning wizard.<\/p>\n

      OIM Admin password: Oracle123<\/p>\n

      Keystore Password: Oracle123<\/p>\n

      Enter OIM HTTP URL as\u00a0http:\/\/fusion:14000<\/span><\/a>\u00a0(based on port value in previous configuration step). Click Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Deselect Configure BI Publisher and select Enable LDAP Sync. <\/strong>Click Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Enter details as follows and click Next<\/strong><\/p>\n

      Directory type: OID<\/strong><\/p>\n

      ID: oid1<\/strong><\/p>\n

      URL: ldap:\/\/fusion:3060
      \n<\/strong><\/p>\n

      Server User: cn=oimLDAP,cn=systemids,dc=localdomain
      \n<\/strong><\/p>\n

      Server Password: Oracle123<\/p>\n

      Server SearchDN: dc=localdomain<\/strong><\/p>\n

      \"\"<\/p>\n

      Enter details as follows and click Next<\/strong>.<\/p>\n

      Role Container: cn=Groups,dc=localdomain
      \n<\/strong><\/p>\n

      User container: cn=Users,dc=localdomain<\/strong><\/p>\n

      Reservation container: cn=Reserve,dc=localdomain<\/strong><\/p><\/blockquote>\n

      \"\"<\/p>\n

      Save the summary if required and click\u00a0Configure.<\/strong><\/p>\n

      \"\"<\/p>\n

      Once configuration finishes click\u00a0Next<\/strong><\/p>\n

      \"\"<\/p>\n

      Save the configuration summary if needed and click\u00a0Finish<\/strong>\u00a0to complete the configuration.<\/p>\n

      Start wls_oim1 and wls_soa1 managed servers.
      \n<\/strong><\/span><\/p>\n

       <\/p>\n

      copy boot.properties<\/strong><\/p>\n

      [oracle@fusion bin]$ cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/<\/p>\n

      [oracle@fusion servers]$ cp -p AdminServer\/security\/boot.properties wls_oim1\/security\/<\/p>\n

      [oracle@fusion servers]$ cp -p AdminServer\/security\/boot.properties wls_soa1\/security\/<\/p><\/blockquote>\n

       <\/p>\n

      Validate OIM<\/strong> by launching http:\/\/fusion:14000\/oim<\/span><\/a><\/p>\n

       <\/p>\n

      \"\"<\/p>\n

      Now login with xelsysadm\/Oralce123<\/p>\n

      \"\"<\/p>\n

      Now validate SOA<\/strong> by launching http:\/\/fusion:8001\/soa-infra<\/span><\/a> and login with weblogic\/Oracle123<\/p>\n

      \"\"<\/p>\n

      Apply patch 12790893. This is required patch for following steps to succeed.
      \n<\/strong><\/p>\n

       <\/p>\n

      Post steps for patch 12790893<\/strong><\/p>\n

      Post Step-1<\/strong><\/p>\n

      Edit weblogic.profile file<\/p>\n

      [oracle@fusion bin]$ cd \/app\/fusion\/fmw\/iam\/server\/bin
      \n<\/strong><\/p>\n

      [oracle@fusion bin]$ cat weblogic.profile<\/strong><\/p>\n

      # Please fill the information below before running the post-patch script.<\/p>\n

      # Put the OIM DB schema owner name here<\/p>\n

      operationsDB.user=DEV_OIM<\/p>\n

      # Put the DB driver to be used<\/p>\n

      operationsDB.driver=oracle.jdbc.xa.client.OracleXADataSource<\/p>\n

      # Put the absolute path to the Weblogic server directory here.<\/p>\n

      weblogic.server.dir=\/app\/fusion\/fmw\/wlserver_10.3<\/p>\n

      # The host on which OIM db is running<\/p>\n

      operationsDB.host=fusion<\/p>\n

      # The service name of the OIM db [Do not mention the SID here.]<\/p>\n

      operationsDB.serviceName=fusiondb<\/p>\n

      # The port of the OIM db<\/p>\n

      operationsDB.port=1521<\/p>\n

      # Application server<\/p>\n

      appserver.type=wls<\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ export JAVA_HOME=\/app\/fusion\/jdk6
      \n<\/strong><\/p>\n

      [oracle@fusion bin]$ export WL_HOME=\/app\/fusion\/fmw\/wlserver_10.3
      \n<\/strong><\/p>\n

      [oracle@fusion bin]$ export OIM_ORACLE_HOME=\/app\/fusion\/fmw\/iam<\/strong><\/p>\n

      [oracle@fusion bin]$ export ANT_HOME=\/app\/fusion\/fmw\/modules\/org.apache.ant_1.7.1<\/strong><\/p>\n

       <\/p>\n

      [oracle@fusion bin]$ .\/patch_weblogic.sh Oracle123<\/strong><\/span><\/p>\n

      Buildfile: \/app\/fusion\/fmw\/iam\/server\/setup\/deploy-files\/setup.xml<\/p>\n

      [input]Enter the oim db password:<\/p>\n

      Buildfile: \/app\/fusion\/fmw\/iam\/server\/setup\/deploy-files\/setup.xml<\/p>\n

       <\/p><\/blockquote>\n

      Post Step-2<\/strong><\/p>\n

      [oracle@fusion bin]$ mkdir $ORACLE_HOME\/temp\/log<\/strong><\/p>\n

      [oracle@fusion bin]$ cp -p ~\/patches\/12790893\/files\/temp\/RequestTemplateManagementPolicies.xml \/app\/fusion\/fmw\/iam\/temp\/<\/strong><\/p>\n

      [oracle@fusion bin]$ cd $OIM_ORACLE_HOME\/server\/setup\/deploy-files<\/strong><\/p>\n

       <\/p>\n

      [oracle@fusion deploy-files]$ \/app\/fusion\/fmw\/modules\/org.apache.ant_1.7.1\/bin\/ant -f setup.xml \\<\/strong><\/p>\n

      upgrade-oes-ootb-policies -DoperationsDB.user=DEV_OIM -DOIM.DBPassword=Oracle123 \\<\/strong><\/p>\n

      -DoperationsDB.driver=oracle.jdbc.xa.client.OracleXADataSource -DoperationsDB.host=fusion \\<\/strong><\/p>\n

      -DoperationsDB.port=1521 -DoperationsDB.SID=fusiondb -Dpolicy.dir=\/app\/fusion\/fmw\/iam\/temp \\<\/strong><\/p>\n

      -Dupdate.flag=true -Dweblogic.server.dir=\/app\/fusion\/fmw\/wlserver_10.3<\/strong><\/p>\n

      Buildfile: setup.xml<\/p>\n

      upgrade-oes-ootb-policies:<\/p>\n

      upgrade-oes-ootb-policies:<\/p>\n

      [echo] —-> UPDATING OUT OF THE BOX OES POLICIES<\/p>\n

      [java] [EL Info]: 2012-03-19 09:13:59.734–ServerSession(140283754)–EclipseLink, version: Eclipse Persistence Services – 1.1.0.r3634<\/p>\n

      [java] [EL Info]: 2012-03-19 09:14:06.151–ServerSession(140283754)–file:\/app\/fusion\/fmw\/iam\/modules\/oracle.oes_11.1.1\/jps-internal.jar-JpsDBDataManager login successful<\/p>\n

      [echo] —-> SEEDING COMPLETE LOG FILE<\/p>\n

      [echo] —-> LOG FILE : \/app\/fusion\/fmw\/iam\/temp\/log<\/p>\n

      BUILD SUCCESSFUL<\/p>\n

      Total time: 52 seconds<\/p><\/blockquote>\n

       <\/p>\n

      Post Step-3<\/strong><\/p>\n

      cd PATCH_TOP\/12790893\/files\/server\/db\/oim\/oracle\/
      \n<\/strong><\/p>\n

      Connect to the db as OIM_db_user<\/p>\n

      SQL> @Upgrade\/oim11gps1_dml_insert_pty_FAAdministratorsRole.sql
      \n<\/strong><\/p>\n

      SQL> @Upgrade\/oim11gps1_dml_insert_pty_cookie-http-only-flag-turned-on.sql
      \n<\/strong><\/p>\n

      SQL> @Upgrade\/oim11gps1_dml_update_AllowDisabledManagers.sql
      \n<\/strong><\/p>\n

      SQL> @Upgrade\/oim11gps1_dml_create_UMS_ITRes_def_instance.sql
      \n<\/strong><\/p>\n

      SQL> @StoredProcedures\/API\/oim_usr_mgmt_pkg_body.sql
      \n<\/strong><\/p>\n

      SQL> @StoredProcedures\/Recon\/OIM_SP_ReconBlkRoleCRU.sql
      \n<\/strong><\/p>\n

      SQL> @StoredProcedures\/Recon\/XL_SP_ReconBlkChildMthAcntCRUD.sql
      \n<\/strong><\/p>\n

      SQL> @StoredProcedures\/Recon\/XL_SP_ReconBlkRoleMemValMatch.sql
      \n<\/strong><\/p>\n

      SQL> @StoredProcedures\/Recon\/XL_SP_ReconRoleMemValMatch.sql
      \n<\/strong><\/p><\/blockquote>\n

       <\/p>\n

      Post-step 4<\/strong>:<\/p>\n

      Deploy OAACGRoleAssignSODCheck composite with a deployment plan to SOA server.<\/p>\n

      a) Login to EM and select\/click on OAACGRoleAssignSODCheck [1.0] composite on the home page<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

      b) From top menu, select SOA Composite->SOA Deployment->Undeploy and then click on Undeploy in step2<\/p>\n

      \"\"<\/p>\n

      Note:<\/strong> If it waits forever, just close the window and proceed to next step.<\/p>\n

      c) Unzip OAACGRoleAssignSODCheck.zip in <OIM_ORACLE_HOME>\/server\/workflows\/composites to a temporary location, lets say \/tmp<\/p>\n

      [oracle@fusion tmp]$ cd \/tmp<\/p>\n

      [oracle@fusion tmp]$ unzip \/app\/fusion\/fmw\/iam\/server\/workflows\/composites\/OAACGRoleAssignSODCheck.zip OAACGRoleAssignSODCheck\/deploy\/sca_OAACGRoleAssignSODCheck_rev1.0.jar<\/p>\n

      Archive: \/app\/fusion\/fmw\/iam\/server\/workflows\/composites\/OAACGRoleAssignSODCheck.zip<\/p>\n

      inflating: OAACGRoleAssignSODCheck\/deploy\/sca_OAACGRoleAssignSODCheck_rev1.0.jar<\/p><\/blockquote>\n

      c) Get sca_OAACGRoleAssignSODCheck_rev1.0.jar from \/tmp\/OAACGRoleAssignSODCheck\/deploy folder<\/p>\n

      d) Open the jar file and extract soaconfigplan.xml file<\/p>\n

      e) Open the soaconfigplan.xml file and replace the following @oimT3URL, (oimServerHost,)oimServerPort with appropriate values<\/p>\n

      f) Put the updated soaconfigplan.xml back into sca_OAACGRoleAssignSODCheck_rev1.0.jar file and copy this jar to <WLS_DOMAIN_HOME>\/soa\/autodeploy<\/p>\n

      folder<\/p>\n

      g) Restart SOA server<\/p>\n

       <\/p>\n

      Post-step 5<\/strong>: Start the OIM server<\/p>\n

      Post step 6<\/strong>: Use em to update OAACgConfig ResponseTimeoutvalue from 300 secs to 240<\/p>\n

      a) Login to em as admin user<\/p>\n

      b) select OIM server<\/p>\n

      c) From the top pull down menu, select Weblogic Server–>System Mbean Browser<\/p>\n

      d) Go to Application Defined Mbeans and navigate oracle.iam->oim_server1>oim>XMLConfig>Config->XMLConfig.OAACGConfig<\/p>\n

      e) Select OAACGConfig and in the Attributes, change ResponseTimeoutvalue form 300 to 240<\/p>\n

       <\/p>\n

      We skipped post steps 7, 8 and 9 for now since our aim at the moment is to complete fusion installation and show the look and feel.<\/strong><\/p>\n

       <\/p>\n

      Post-step 10<\/strong>: Steps to enable default TenantGUID value for callbacks payload:<\/p>\n

      1. Login in OIM UI as xelsysadm user. Click on ‘Advanced’ on the top right.<\/p>\n

      2. Click on ‘System Management’ tab available on the top.<\/p>\n

      3. Click on ‘System Configuration’ subtab.<\/p>\n

      4. Click on Actions ->Create a New OIM System Property.<\/p>\n

      5. Provide Property Name: OIM.DefaultTenantGUID<\/p>\n

      6. Provide Keyword: OIM.DefaultTenantGUID<\/p>\n

      7. Provide Value: 1.<\/p>\n

      8. Click Perform.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      Post-step 11<\/strong>: Restart OIM Server<\/p>\n

       <\/p>\n

      Configuring Oracle Identity Manager to Reconcile from ID Store<\/strong><\/span><\/p>\n

      [oracle@fusion ldap_config_util]$ cd \/app\/fusion\/fmw\/iam\/server\/ldap_config_util<\/strong><\/span><\/p>\n

      [oracle@fusion ldap_config_util]$ more ldapconfig.props<\/strong><\/span><\/p>\n

      # OIMServer Type, Valid values can be WLS, JBOSS, WAS<\/p>\n

      # e.g.: OIMServerType=WLS<\/p>\n

      OIMServerType=WLS<\/p>\n

      # OIMAdmin User Login<\/p>\n

      # e.g.: OIMAdminUser=xelsysadm<\/p>\n

      OIMAdminUser=xelsysadm<\/p>\n

      # Skip Validation of OVD Schema<\/p>\n

      # e.g.: SkipOVDValidation=true|false, Default false<\/p>\n

      SkipOVDValidation=true<\/p>\n

      # OIM Provider URL<\/p>\n

      # e.g.: OIMProviderURL=t3:\/\/localhost:8003<\/p>\n

      OIMProviderURL=t3:\/\/fusion:14000<\/p>\n

      # OID URL<\/p>\n

      # e.g.: OIDURL=ldap:\/\/localhost:389<\/p>\n

      OIDURL=ldap:\/\/fusion:3060<\/p>\n

      # Admin user name to connect to OID<\/p>\n

      # e.g.: OIDAdminUsername=cn=orcladmin<\/p>\n

      OIDAdminUsername=cn=orcladmin<\/p>\n

      # Search base<\/p>\n

      # e.g.: OIDSearchBase=dc=company,dc=com<\/p>\n

      OIDSearchBase=dc=localdomain<\/p>\n

      # Name of the user container<\/p>\n

      # e.g.: UserContainerName=cn=Users<\/p>\n

      UserContainerName=cn=Users<\/p>\n

      # Name of the role container<\/p>\n

      # e.g.: RoleContainerName=cn=Roles<\/p>\n

      RoleContainerName=cn=Groups<\/p>\n

      # Name of the reservation container<\/p>\n

      # e.g.: ReservationContainerName=cn=Reserve<\/p>\n

      ReservationContainerName=cn=Reserve<\/p>\n

       <\/p>\n

      [oracle@fusion ldap_config_util]$ .\/LDAPConfigPostSetup.sh<\/strong><\/span><\/p>\n

      [Enter OID admin password:]<\/p>\n

      [Enter OIM admin password:]<\/p>\n

      Successfully Enabled Changelog based Reconciliation schedule jobs
      \n<\/strong><\/p><\/blockquote>\n

       <\/p>\n

      Configuring Oracle HTTP Servers for Oracle Identity Manager and SOA<\/strong><\/span><\/p>\n

      Append<\/strong>\u00a0following entries in \/app\/fusion\/admin\/ohs_inst1\/config\/OHS\/ohs1\/moduleconf\/admin.conf<\/strong><\/span><\/p>\n

      # oim admin console(idmshell based)
      \n<\/span><\/p>\n

      <Location \/admin>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14000
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

      # oim self and advanced admin webapp consoles(canonic webapp)
      \n<\/span><\/p>\n

      <Location \/oim>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14000
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

      # SOA Callback webservice for SOD – Provide the SOA Managed Server Ports
      \n<\/span><\/p>\n

      <Location \/sodcheck>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 8001
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

      # Callback webservice for SOA. SOA calls this when a request is approved\/rejected
      \n<\/span><\/p>\n

      # Provide the SOA Managed Server Port
      \n<\/span><\/p>\n

      <Location \/workflowservice>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14000
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

      # xlWebApp – Legacy 9.x webapp (struts based)
      \n<\/span><\/p>\n

      <Location \/xlWebApp>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14000
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

      # Nexaweb WebApp – used for workflow designer and DM
      \n<\/span><\/p>\n

      <Location \/Nexaweb>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14000
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

      # used for FA Callback service.
      \n<\/span><\/p>\n

      <Location \/callbackResponseService>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14000
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

      # spml xsd profile
      \n<\/span><\/p>\n

      <Location \/spml-xsd>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14000
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location>
      \n<\/span><\/p>\n

      <Location \/HTTPClnt>
      \n<\/span><\/p>\n

      SetHandler weblogic-handler
      \n<\/span><\/p>\n

      WLProxySSL OFF
      \n<\/span><\/p>\n

      WLProxySSLPassThrough OFF
      \n<\/span><\/p>\n

      WLCookieName oimjsessionid
      \n<\/span><\/p>\n

      WebLogicHost fusion
      \n<\/span><\/p>\n

      WebLogicPort 14000
      \n<\/span><\/p>\n

      WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
      \n<\/span><\/p>\n

      <\/Location><\/span>
      \n<\/span><\/p><\/blockquote>\n

      Restart HTTP Server<\/strong>\u00a0to bring this to effect.<\/span><\/p>\n

      Validate http:\/\/fusion:7777\/oim<\/span><\/a> with xelsysadm user<\/p>\n

       <\/p>\n

      Now login to Weblogic Console at http:\/\/fusion:7777\/console<\/a><\/p>\n

      Click Lock and Edit<\/strong>. Select Servers->wls_soa1.<\/strong> In the protocols<\/strong> tab click on HTTP<\/strong> and change the following values. Now click on Activate changes.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      Restart managed server wls_soa1
      \n<\/strong><\/span><\/p>\n

       <\/p>\n

      Enabling Oracle Identity Manager to Connect to SOA Using the Administrative Users Provisioned in LDAP<\/span>
      \n<\/strong><\/span><\/p>\n

      Perform the following postinstallation steps to enable Oracle Identity Manager to work with the Oracle WebLogic Server administrator user provisioned in the central LDAP store. This enables Oracle Identity Manager to connect to SOA without any problem:<\/p>\n

      1. <\/strong>Log in to Enterprise Manager at: <\/span>http:\/\/fusion:7777\/em<\/span><\/p>\n

      2. <\/strong>Right click Identity and Access <\/strong>\u2013OIM<\/strong>\u2013oim(11.1.1.3.0) <\/strong>and select System Mbean Browser<\/strong>.<\/p>\n

      3. <\/strong>Select Application<\/strong>–defined Mbeans <\/strong>\u2013> oracle.iam<\/strong>\u2013Server: wls_oim1 <\/strong>\u2013> Application:<\/strong><\/p>\n

      oim<\/strong>\u2013> XML Config<\/strong>\u2013> Config<\/strong>\u2013XMLConfig.SOAConfig <\/strong>\u2013> SOAConfig
      \n<\/strong><\/span><\/p>\n

      4. <\/strong>View the username <\/strong>attribute. By default, the value of this attribute is weblogic. Change this to the Oracle WebLogic Server administrator username weblogic_idm<\/strong><\/p>\n

      5. <\/strong>Click Apply<\/strong>.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

      \"\"<\/p>\n

      6. <\/strong>Select Weblogic Domain<\/strong>\u2013IDM Domain <\/strong>from the Navigator.
      \n<\/span><\/p>\n

      7. <\/strong>Select Security<\/strong>\u2013Credentials <\/strong>from the down menu.<\/p>\n

      8. <\/strong>Expand the key oim<\/strong>.<\/p>\n

      9. <\/strong>Click SOAAdminPassword<\/strong>.<\/p>\n

      10. <\/strong>Click Edit<\/strong>.<\/p>\n

      11. <\/strong>Change the username to weblogic_idm and set the password to the accounts password.<\/p>\n

      12. <\/strong>Click OK<\/strong>.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      13. <\/strong>Run the reconciliation process to enable the Oracle WebLogic Server administrator,<\/p>\n

      weblogic_idm, to be visible in the OIM Console. Follow these steps:<\/p>\n

      a. <\/strong>Log in to Oracle Identity Manager at:<\/p>\n

      https:\/\/fusion:7777\/oim<\/span><\/a> as the user xelsysadm.<\/p>\n

      b. <\/strong>Click Advanced<\/strong>.<\/p>\n

      c. <\/strong>Click the System Management <\/strong>tab<\/p>\n

      d. <\/strong>Click the arrow for the Search Scheduler <\/strong>to list all the schedulers.<\/p>\n

      e. <\/strong>Select LDAP User Create <\/strong>and Update Full Reconciliation<\/strong>.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

      f. <\/strong>Click Actions->Run now <\/strong>to run the job.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      Go to the Administration page and perform a search to verify that the user is visible in the Oracle Identity Manager console.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      14. <\/strong>Select Administration<\/strong>.<\/p>\n

      15. <\/strong>Click Advanced Search<\/strong>\u2013Roles
      \n<\/strong><\/p>\n

      16. <\/strong>Search for the Administrators role.<\/p>\n

      17. <\/strong>Click the Administrators <\/strong>Role.<\/p>\n

      18. <\/strong>Click Open<\/strong>.<\/p>\n

      19. <\/strong>Click the Member <\/strong>tab.<\/p>\n

      20. <\/strong>Click Assign<\/strong>.<\/p>\n

      21. <\/strong>Type weblogic_idm in the Search box and Click -><\/strong>.<\/p>\n

      22. <\/strong>Select weblogic_idm <\/strong>from the list of available users.<\/p>\n

      23. <\/strong>Click > <\/strong>to move to Selected Users<\/strong>.<\/p>\n

      24. <\/strong>Click Save<\/strong>.<\/p>\n

       <\/p>\n

      \"\"<\/p>\n

      \"\"<\/p>\n

       <\/p>\n

      25. <\/strong>Restart Oracle Identity Manager managed server.
      \n<\/span><\/p>\n

       <\/p>\n

      Update Oracle Identity Manager JMS Queues
      \n<\/strong><\/span><\/p>\n

      Update Oracle Identity Manager JMS queues as follows:<\/p>\n

      1. <\/strong>Log in to the WebLogic console as the administrative user.<\/p>\n

      2. <\/strong>Select Services <\/strong>– Messaging <\/strong>– JMS Modules <\/strong>from the Domain Structure menu.<\/p>\n

      3. <\/strong>Click OIMJMSModule<\/strong>.<\/p>\n

      4. <\/strong>Click Lock & Edit<\/strong>.<\/p>\n

      5. <\/strong>For each of the queues, click the queue then click the Delivery Failure <\/strong>tab and change Redelivery Limit <\/strong>value from -1 to 1, then click Save<\/strong>.<\/p>\n

      6. <\/strong>Make sure you have performed Steps 4 and 5 for all the queues under OIMJMSModule<\/strong>.<\/p>\n

      7. <\/strong>Click Activate Changes<\/strong>.<\/p>\n

      8. <\/strong>Restart Oracle Identity Manager server<\/span><\/p>\n

       <\/p>\n

      This concludes the configuration of Oracle Identity and Access Management components. Next is very important step to integrate OIM and OAM.<\/p>\n

       <\/p>\n

      Next:\u00a0Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)<\/a><\/strong><\/p>\n

      Installing Oracle Fusion Applications \u2013 steps<\/a><\/strong><\/p>\n

        \n
      1. Installing Fusion Applications Provisioning Framework<\/a>
        \n<\/strong><\/li>\n
      2. Installing Oracle 11g Database (Applications Transactional Database)<\/a>
        \n<\/strong><\/li>\n
      3. Running Oracle Fusion Applications Repository Creation Utility (Applications RCU)
        \n<\/a><\/strong><\/li>\n
      4. Creating another database for Oracle \u00a0Identity Management Infrastructure\u00a0<\/strong>(optional)
        \n<\/strong><\/li>\n
      5. Running Repository Creation Utility (RCU) for Oracle Identity Management components<\/a><\/strong><\/li>\n
      6. Installing Oracle Identity and Access Management Components<\/a>
        \n<\/strong><\/li>\n
      7. Configuring Oracle Identity and Access Management components<\/a>
        \n<\/strong><\/li>\n
      8. Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)<\/a><\/strong>
        \n<\/strong><\/li>\n
      9. Creating a New Provisioning Plan<\/a>
        \n<\/strong><\/li>\n
      10. Provisioning an Applications Environment<\/a><\/strong><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

        Oracle Fusion Applications Installation: Configuring Oracle Identity and Access Management components Previous:\u00a0Installing Oracle Identity and Access Management Components Important Note: This is OLD guide for old version 11.1.1.5. Please follow instructions at\u00a0http:\/\/www.oratraining.com\/blog\/2012\/12\/oracle-fusion-applications-installation-step-by-step-guide-11-1-5\/\u00a0for latest guide for current version i.e. 11.1.5   Configuring Oracle Identity Management components” can be divided into following tasks. Please note that we […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1181","post","type-post","status-publish","format-standard","hentry","category-oracle"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts\/1181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/comments?post=1181"}],"version-history":[{"count":0,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts\/1181\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/media?parent=1181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/categories?post=1181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/tags?post=1181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}