{"id":1767,"date":"2012-12-31T22:41:54","date_gmt":"2012-12-31T22:41:54","guid":{"rendered":"http:\/\/www.oratraining.com\/blog\/?p=1767"},"modified":"2013-03-20T10:19:37","modified_gmt":"2013-03-20T10:19:37","slug":"configure-oracle-identity-and-access-management-components","status":"publish","type":"post","link":"https:\/\/www.oratraining.com\/blog\/2012\/12\/configure-oracle-identity-and-access-management-components\/","title":{"rendered":"Oracle Fusion Applications Installation: Configure Oracle Identity and Access Management components"},"content":{"rendered":"

Previous: <\/strong> Apply mandatory Patches<\/a>
\n<\/span><\/p>\n

Configuring Oracle Identity Management components” can be divided into following tasks. Please note that we will not configure Oracle Virtual Directory, Oracle Identity Federation etc.
\n<\/span><\/p>\n

 <\/p>\n

    \n
  1. Configuring the Web Tier
    \n<\/span><\/li>\n
  2. Create Weblogic Domain for Identity Management
    \n<\/span><\/li>\n
  3. Extend the Domain to include Oracle Internet Directory
    \n<\/span><\/li>\n
  4. Extend the Domain to include Oracle Directory Service Manager (ODSM)
    \n<\/span><\/li>\n
  5. Prepare Identity and Policy Stores
    \n<\/span><\/li>\n
  6. Extend the Domain to include Oracle Virtual Directory (Optional<\/strong>)
    \n<\/span><\/li>\n
  7. Configure Oracle Access Manager 11g (OAM)
    \n<\/span><\/li>\n
  8. Configure Oracle Identity Manager (OIM) and Oracle SOA Suite
    \n<\/span><\/li>\n
  9. \n
    Post-configure tasks
    \n<\/span><\/div>\n

     <\/p>\n

    Configure Web Tier
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Start the configuration from\u00a0<Web_Home>\/bin<\/strong><\/span>
    \n<\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/web\/bin\/<\/span><\/p>\n

    -bash-3.2$ .\/config.sh<\/span><\/p>\n

    \"configure-extra1\"<\/a><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Next<\/strong><\/p>\n

    On next page, select only Oracle HTTP Server<\/strong> and deselect other checkboxes. Click Next<\/strong><\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter following details and click Next<\/strong><\/p>\n

     <\/p>\n

    Instance Home Location: \/app\/fusion\/admin\/web1<\/strong><\/p>\n

    Instance Name: web1<\/strong><\/p>\n

    OHS Component Name: ohs1
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Specify Ports using Configuration file”. Open another shell window and copy the staticports.ini from staging directory.<\/p>\n

     <\/p>\n

    -bash-3.2$ cp -p \/u02\/stage\/installers\/webtier\/Disk1\/stage\/Response\/staticports.ini ~\/<\/span><\/p>\n

     <\/p>\n

    Click View\/Edit File<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Edit\/uncomment the following values.<\/p>\n

     <\/p>\n

    OPMN Local Port = 6700<\/p>\n

    OHS Port = 7777<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Save
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Deselect the check box and click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Yes
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review the summary and click Configure
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Once installation is successful, click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review the summary and click Finish<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ ps -ef | grep http<\/span><\/p>\n

    fusion 3568 3558 0 13:00:05 ? 0:00 \/app\/fusion\/fmw\/web\/ohs\/bin\/httpd.worker -DSSL<\/p>\n

    fusion 3558 3553 0 13:00:02 ? 0:01 \/app\/fusion\/fmw\/web\/ohs\/bin\/httpd.worker -DSSL<\/p>\n

    fusion 3567 3558 0 13:00:05 ? 0:00 \/app\/fusion\/fmw\/web\/ohs\/bin\/httpd.worker -DSSL<\/p>\n

    fusion 3566 3558 0 13:00:05 ? 0:00 \/app\/fusion\/fmw\/web\/ohs\/bin\/httpd.worker -DSSL<\/p>\n

    fusion 3584 21657 0 13:00:40 pts\/1 0:00 grep http<\/p>\n

     <\/p>\n

    -bash-3.2$ vi \/app\/fusion\/admin\/web1\/config\/OHS\/ohs1\/httpd.conf
    \n<\/span><\/p>\n

    Change to following (dba <\/strong>or oinstall<\/strong> based on fusion user group)<\/p>\n

     <\/p>\n

    User fusion
    \n<\/strong><\/p>\n

    Group dba
    \n<\/strong><\/p>\n

     <\/p>\n

    Launch http:\/\/<hostname>:7777<\/a> to make sure that HTTP home page is appearing.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Make a backup of httpd.conf<\/p>\n

     <\/p>\n

    -bash-3.2$ cp -pr \/app\/fusion\/admin\/web1\/config\/OHS\/ohs1\/httpd.conf \/app\/fusion\/admin\/web1\/config\/OHS\/ohs1\/httpd.conf_orig
    \n<\/span><\/p>\n

     <\/p>\n

    Modify following values in httpd.conf<\/p>\n

     <\/p>\n

    -bash-3.2$ vi \/app\/fusion\/admin\/web1\/config\/OHS\/ohs1\/httpd.conf<\/span><\/p>\n

    \u2026<\/p>\n

    <IfModule mpm_worker_module><\/p>\n

    ServerLimit 20<\/p>\n

    StartServers 2<\/p>\n

    MaxClients 1000<\/p>\n

    MinSpareThreads 200<\/p>\n

    MaxSpareThreads 800<\/p>\n

    ThreadsPerChild 50<\/p>\n

    MaxRequestsPerChild 10000<\/p>\n

    AcceptMutex fcntl<\/p>\n

    LockFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/${COMPONENT_TYPE}\/${COMPONENT_NAME}\/http_lock”<\/p>\n

    <\/IfModule><\/p>\n

     <\/p>\n

     <\/p>\n

    Create Weblogic Domain for Identity Management<\/span>
    \n<\/span><\/strong><\/span><\/p>\n

     <\/p>\n

    Start the configuration from <Middleware Home>\/oracle_common\/commin\/bin<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin\/
    \n<\/span><\/p>\n

    -bash-3.2$ .\/config.sh &
    \n<\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Create a new Weblogic domain<\/strong>” and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    For single domain creation, select:<\/p>\n

    \u2013 Oracle Identity Manager 11.1.1.3.0 [iam]
    \n<\/strong><\/p>\n

    \u2013 Oracle SOA Suite – 11.1.1.0 [soa]
    \n<\/strong><\/p>\n

    \u2013 Oracle Enterprise Manager [oracle_common]
    \n<\/strong><\/p>\n

    \u2013 Oracle Access Manager with Database Policy Store – 11.1.1.3.0 [iam]
    \n<\/strong><\/p>\n

    \u2013 Oracle WSM Policy Manager – 11.1.1.0 [oracle_common]
    \n<\/strong><\/p>\n

    \u2013 Oracle JRF [oracle_common] (This should be selected automatically.)
    \n<\/strong><\/p>\n

     <\/p>\n

    Click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter following values.<\/p>\n

    Domain Name: IDMDomain<\/strong><\/p>\n

    Domain location: \/app\/fusion\/admin\/IDMDomain\/aserver
    \n<\/strong><\/p>\n

    Application location: Populated automatically<\/strong><\/p>\n

    Click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter name “weblogic” and desired password. Click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Production Mode” and make sure correct JDK is selected. Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Make sure to change each username to PROD_ since we have modified the prefix earlier. Then select all checkboxes to apply same password. Enter database server details and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"
    \n\"\"<\/p>\n

     <\/p>\n

    Once connection test is successful, click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Administration Server” and “Managed servers, clusters and Machines”. Click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter following values.<\/p>\n

    Name: AdminServer<\/p>\n

    Listen address: <hostname><\/p>\n

    Listen Port: <7001><\/p>\n

     <\/p>\n

    We are not using SSL here so click Next<\/strong><\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    In the “Configure Managed Servers” screen enter following values.<\/p>\n

     <\/p>\n

    wls_oam1 , <hostname>, 14100 (OAM Server)<\/p>\n

    wls_soa1, <hostname>, 8001 (SOA Server)<\/p>\n

    wls_oim1, <hostname>, 14000 (OIM Server)<\/p>\n

     <\/p>\n

    Click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Since we are using Unix machine, we must delete this entry. Click Delete<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    This tab should look like this.<\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click on “Unix Machine” tab and enter following values. And click Next<\/strong><\/p>\n

     <\/p>\n

    Name: <hostname><\/strong><\/p>\n

    Node Manager listen address: <hostname><\/strong><\/p>\n

    Node manager listen port: 5556
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select all managed servers on left side and click on right arrow to assign all servers to our single node. Click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review the summary and click “Create<\/strong>”<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Once creation is complete, click Done<\/strong><\/p>\n

     <\/p>\n

    Prepare Admin server for startup without prompting password
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ mkdir -p \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/AdminServer\/security
    \n<\/span><\/p>\n

    -bash-3.2$
    \n<\/strong>cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/AdminServer\/security<\/span><\/p>\n

    -bash-3.2$ vi boot.properties<\/span>
    \n<\/strong><\/p>\n

     <\/p>\n

    Enter following values and save the file
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    username=weblogic
    \n<\/strong><\/p>\n

    password=Oracle123 (or whichever password you chose)
    \n<\/strong><\/p>\n

     <\/p>\n

    Note: The username and password entries in the file are not encrypted until you start the Administration Server. For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, start the server as soon as possible so that the entries are encrypted.<\/p>\n

     <\/p>\n

    Configure and start Node Manager
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/wlserver_10.3\/server\/bin\/
    \n<\/span><\/p>\n

    -bash-3.2$ .\/startNodeManager.sh &<\/span><\/p>\n

    \u2026<\/p>\n

    INFO: Secure socket listener started on port 5556<\/p>\n

     <\/p>\n

    Once you see the above message, node manager is able to start correctly.<\/p>\n

     <\/p>\n

    Kill the node manager process.
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ ps -ef | grep Node<\/span><\/p>\n

    fusion 5563 21657 0 13:32:01 pts\/1 0:00 grep Node<\/p>\n

    fusion 5511 21657 0 13:31:31 pts\/1 0:00 \/bin\/sh .\/startNodeManager.sh<\/p>\n

     <\/p>\n

    -bash-3.2$ kill -9 5511<\/span><\/p>\n

     <\/p>\n

    Set the node manager properties
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin
    \n<\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ .\/setNMProps.sh<\/span><\/p>\n

    Appending required nodemanager.properties<\/p>\n

     <\/p>\n

    To confirm the changes,<\/p>\n

     <\/p>\n

    -bash-3.2$ tail -f \/app\/fusion\/fmw\/wlserver_10.3\/common\/nodemanager\/nodemanager.properties
    \n<\/span><\/p>\n

    \u2026<\/p>\n

    \u2026<\/p>\n

    #Required NM Property overrides (append to existing nodemanager.properties)<\/p>\n

    StartScriptEnabled=true
    \n<\/strong><\/p>\n

     <\/p>\n

    Start node manager in nohup mode so that it keeps running after you close the shell.<\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/wlserver_10.3\/server\/bin\/
    \n<\/span><\/p>\n

    -bash-3.2$ nohup .\/startNodeManager.sh &<\/span><\/p>\n

     <\/p>\n

    Start Weblogic Admin server
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/bin
    \n<\/span><\/p>\n

    -bash-3.2$ nohup .\/startWebLogic.sh &<\/span><\/p>\n

    -bash-3.2$ tail -f nohup.out<\/span><\/p>\n

    Wait till you see this message.<\/p>\n

    \u2026<\/p>\n

    <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING<\/strong> mode><\/p>\n

     <\/p>\n

    ==========<\/p>\n

    Note:<\/strong>\u00a0If you ever get error like
    \n<\/span><\/p>\n

    <Info> <Management> <BEA-141281> <unable to get file lock, will retry …><\/strong>
    \n<\/span><\/p>\n

    Then do the following
    \n<\/span><\/p>\n

    Kill any running processes for startWeblogic.sh and then remove the lock files as follows.
    \n<\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ <\/span>rm \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/AdminServer\/tmp\/AdminServer.lok
    \n<\/span><\/p>\n

     <\/p>\n

    This error appears if you the admin server or managed server did not stop properly earlier.
    \n<\/span><\/p>\n

    ==========<\/p>\n

    Make sure Admin server is started properly by launching the URL http:\/\/<hostname>:7001\/console<\/a><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Login with “weblogic” user.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Launch Enterprise Manager URL
    \n<\/strong><\/p>\n

    http:\/\/<hostname>:7001\/em<\/a><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Login with weblogic<\/strong> user<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Setup Aliases
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Create a file named admin.conf<\/strong> at <web instance directory>\/config\/OHS\/ohs1\/moduleconf and enter following lines<\/p>\n

     <\/p>\n

    -bash-3.2$ more \/app\/fusion\/admin\/web1\/config\/OHS\/ohs1\/moduleconf\/admin.conf<\/span><\/p>\n

    # Admin Server and EM<\/p>\n

    <Location \/console><\/p>\n

    SetHandler weblogic-handler<\/p>\n

    WebLogicHost ad002aph01<\/p>\n

    WeblogicPort 7001<\/p>\n

    <\/Location><\/p>\n

     <\/p>\n

    <Location \/consolehelp><\/p>\n

    SetHandler weblogic-handler<\/p>\n

    WebLogicHost ad002aph01<\/p>\n

    WeblogicPort 7001<\/p>\n

    <\/Location><\/p>\n

     <\/p>\n

    <Location \/em><\/p>\n

    SetHandler weblogic-handler<\/p>\n

    WebLogicHost ad002aph01<\/p>\n

    WeblogicPort 7001<\/p>\n

    <\/Location><\/p>\n

     <\/p>\n

    Restart Web server
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ \/app\/fusion\/admin\/web1\/bin\/opmnctl stopall
    \n<\/span><\/p>\n

    opmnctl stopall: stopping opmn and all managed processes…<\/p>\n

    -bash-3.2$ \/app\/fusion\/admin\/web1\/bin\/opmnctl startall<\/span><\/p>\n

    opmnctl startall: starting opmn and all managed processes…<\/p>\n

     <\/p>\n

    Now you can launch the same URL using our main http port 7777<\/p>\n

     <\/p>\n

    http:\/\/<hostname>:7777\/console<\/a> should open fine now<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Register HTTP server with Enterprise Manager
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/admin\/web1\/bin\/<\/span><\/p>\n

    -bash-3.2$ .\/opmnctl registerinstance -adminHost ad002aph01 -adminport 7001 -adminUsername weblogic<\/span><\/p>\n

    Command requires login to weblogic admin server (ad002aph01):<\/p>\n

    Username: weblogic<\/p>\n

    Password:<\/p>\n

    \u2026<\/p>\n

    Done<\/p>\n

    Registering instance<\/p>\n

    Command succeeded.<\/p>\n

     <\/p>\n

    Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server
    \n<\/strong><\/span>
    \n-bash-3.2$ mkdir \/app\/fusion\/admin\/IDMDomain\/mserver
    \n<\/span>
    \n-bash-3.2$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin\/<\/span><\/p>\n

    -bash-3.2$ .\/pack.sh -managed=true -domain=\/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain -template=domaintemplate.jar -template_name=domain_template
    \n<\/span><\/p>\n

    ============<\/p>\n

    << read domain from “\/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain”<\/p>\n

    >> succeed: read domain from “\/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain”<\/p>\n

    << set config option Managed to “true”<\/p>\n

    >> succeed: set config option Managed to “true”<\/p>\n

    << write template to “\/app\/fusion\/fmw\/oracle_common\/common\/bin\/domaintemplate.jar”<\/p>\n

    ……………………………………………………………………………………….<\/p>\n

    >> succeed: write template to “\/app\/fusion\/fmw\/oracle_common\/common\/bin\/domaintemplate.jar”<\/p>\n

    << close template<\/p>\n

    >> succeed: close template<\/p>\n

    ============<\/p>\n

     <\/p>\n

    -bash-3.2$ .\/unpack.sh -domain=\/app\/fusion\/admin\/IDMDomain\/mserver\/IDMDomain -template=domaintemplate.jar -app_dir=\/app\/fusion\/admin\/IDMDomain\/mserver\/applications<\/span><\/p>\n

     <\/p>\n

    =============<\/p>\n

    << read template from “\/app\/fusion\/fmw\/oracle_common\/common\/bin\/domaintemplate.jar”<\/p>\n

    >> succeed: read template from “\/app\/fusion\/fmw\/oracle_common\/common\/bin\/domaintemplate.jar”<\/p>\n

    << set config option AppDir to “\/app\/fusion\/admin\/IDMDomain\/mserver\/applications”<\/p>\n

    >> succeed: set config option AppDir to “\/app\/fusion\/admin\/IDMDomain\/mserver\/applications”<\/p>\n

    << set config option DomainName to “IDMDomain”<\/p>\n

    >> succeed: set config option DomainName to “IDMDomain”<\/p>\n

    << write Domain to “\/app\/fusion\/admin\/IDMDomain\/mserver\/IDMDomain”<\/p>\n

    >> warning:write Domain to “\/app\/fusion\/admin\/IDMDomain\/mserver\/IDMDomain”<\/p>\n

    >> Server listen ports in your domain configuration conflict with ports in use by active processes on this host.<\/p>\n

    Port 7001 on AdminServer<\/p>\n

    …………………………………………………………………………………..<\/p>\n

    >> succeed: write Domain to “\/app\/fusion\/admin\/IDMDomain\/mserver\/IDMDomain”<\/p>\n

    << close template<\/p>\n

    >> succeed: close template<\/p>\n

    ============<\/p>\n

     <\/p>\n

    Copy SOA Composites to Managed Server Directory<\/strong><\/span>
    \n<\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cp -pr \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/soa \/app\/fusion\/admin\/IDMDomain\/mserver\/IDMDomain\/
    \n<\/span><\/p>\n

     <\/p>\n

    Enable Weblogic Plugin
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Open http:\/\/<hostname>:7777\/console<\/a> and login with weblogic user<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Lock & Edit.<\/strong> Click on IDMDomain -> Configuration -> Web Applications<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Scroll down and check “Weblogic Plugin Enabled<\/strong>”<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click on Environment -> Servers -> AdminServer -> Protocols -> HTTP<\/strong>. Change the Frontend port to 7777<\/strong>. Activate Changes<\/p>\n

     <\/p>\n

    Removing IDM Domain Agent
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    In the Administration console, click on “Security Realms” -> myrealm -> Providers<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

    \"configure-extra2\"<\/a><\/p>\n

    Select IAMSuiteAgent and click on Delete. Activate Changes<\/p>\n

     <\/p>\n

    Restart AdminServer
    \n<\/strong><\/p>\n

     <\/p>\n

    Extend the Domain to include Oracle Internet Directory<\/span>
    \n<\/span><\/strong><\/span><\/p>\n

     <\/p>\n

    Make sure that the port 3060 is not being used by other process.<\/p>\n

     <\/p>\n

    -bash-3.2$ netstat -an | grep “3060”
    \n<\/span><\/p>\n

     <\/p>\n

    Start the configuration from <IDM_HOME>\/bin<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/idm\/bin<\/span><\/p>\n

    -bash-3.2$ .\/config.sh &<\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Next
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Configure Without A Domain<\/strong>” and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Instance Location: \/app\/fusion\/admin\/oid1<\/strong><\/p>\n

    Instance Name: oid1<\/strong><\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Deselect checkbox and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Yes<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Oracle Internet Directory<\/strong>” and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Specify Ports using Configuration file”<\/p>\n

     <\/p>\n

    Open a shell and copy the staticports.ini file to home directory<\/p>\n

     <\/p>\n

    -bash-3.2$ cp -p \/app\/fusion\/provisioning\/idm\/Disk1\/stage\/Response\/staticports.ini ~\/<\/span><\/p>\n

     <\/p>\n

    Click View\/Edit File<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter\/uncomment Value for Non-SSL Port as 3060<\/p>\n

    And for SSL Port put value as 3061<\/p>\n

     <\/p>\n

    Click Save<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter database details and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Set Realm as the domain level DC (for example if domain is example.com then set dc=example, dc=com)<\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review the summary and click Configure<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

     <\/p>\n

    Once configuration completes, click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review the summary and click Finish<\/strong><\/p>\n

     <\/p>\n

    Validate OID
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ export ORACLE_HOME=\/app\/fusion\/fmw\/idm
    \n<\/span><\/p>\n

    -bash-3.2$ export ORACLE_INSTANCE=\/app\/fusion\/admin\/oid1
    \n<\/span><\/p>\n

    -bash-3.2$ export PATH=$ORACLE_HOME\/opmn\/bin:$ORACLE_HOME\/bin:$ORACLE_HOME\/ldap\/bin:$ORACLE_HOME\/ldap\/admin:$PATH
    \n<\/span><\/p>\n

    -bash-3.2$ ldapbind -h ad002aph01 -p 3060 -D “cn=orcladmin” -q<\/span>
    \n<\/strong><\/p>\n

    Please enter bind password:<\/p>\n

    bind successful
    \n<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ ldapbind -h ad002aph01 -p 3061 -D “cn=orcladmin” -q -U 1
    \n<\/strong><\/span><\/p>\n

    Please enter bind password:<\/p>\n

    bind successful
    \n<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ opmnctl status<\/span><\/p>\n

     <\/p>\n

    Processes in Instance: oid1<\/p>\n

    ———————————+——————–+———+———<\/p>\n

    ias-component | process-type | pid | status<\/p>\n

    ———————————+——————–+———+———<\/p>\n

    oid1 | oidldapd | 8499 | Alive<\/p>\n

    oid1 | oidldapd | 8495 | Alive<\/p>\n

    oid1 | oidmon | 8491 | Alive<\/p>\n

    EMAGENT | EMAGENT | 8266 | Alive<\/p>\n

     <\/p>\n

    Registering Oracle Internet Directory with the WebLogic Server Domain
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ export ORACLE_HOME=\/app\/fusion\/fmw\/idm
    \n<\/span><\/p>\n

    -bash-3.2$ export ORACLE_INSTANCE=\/app\/fusion\/admin\/oid1<\/span><\/p>\n

    -bash-3.2$ $ORACLE_INSTANCE\/bin\/opmnctl registerinstance -adminHost ad002aph01 -adminPort 7001 -adminUsername weblogic
    \n<\/span><\/p>\n

     <\/p>\n

    Command requires login to weblogic admin server (ad002aph01):<\/p>\n

    Username: weblogic<\/p>\n

    Password:<\/p>\n

     <\/p>\n

    Registering instance
    \n<\/strong><\/p>\n

    Command succeeded.
    \n<\/strong><\/p>\n

     <\/p>\n

    Update the Enterprise Manager Repository URL
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd $ORACLE_INSTANCE\/EMAGENT\/EMAGENT\/bin
    \n<\/span><\/p>\n

    -bash-3.2$ .\/emctl switchOMS http:\/\/<hostname>:7001\/em\/upload<\/span><\/p>\n

    Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.<\/p>\n

    Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.<\/p>\n

    SwitchOMS succeeded.<\/p>\n

     <\/p>\n

    We can now verify whether this instance is registered for monitoring agent.<\/p>\n

    Login to\u00a0<\/span>http:\/\/<hostname>:7777\/em using weblogic user
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click on\u00a0Farm->Agent monitored targets.<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Make sure that Agent URL is configured and it does not show “Needs Configuration”<\/p>\n

     <\/p>\n

    Note: We will not tune OID but it is recommended to do this on production systems.<\/p>\n

     <\/p>\n

    Extend the Domain to include Oracle Directory Service Manager (ODSM)
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Make sure that the port 7006 is not being used by any process.
    \n-bash-3.2$ netstat -an | grep “7006”
    \n<\/span><\/p>\n

     <\/p>\n

    Start the configuration from <IDM_HOME>\/bin<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/idm\/bin\/<\/span><\/p>\n

    -bash-3.2$ .\/config.sh &
    \n<\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Extend Existing Domain” and enter following values<\/p>\n

    Hostname: <hostname><\/p>\n

    Port: 7001<\/p>\n

     <\/p>\n

    Username: weblogic<\/p>\n

    Password: same as existing weblogic password<\/p>\n

     <\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Yes<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter following values.<\/p>\n

    Weblogic Server Directory: \/app\/fusion\/fmw\/wlserver_10.3<\/strong><\/p>\n

    Instance location: \/app\/fusion\/admin\/ods_inst1<\/strong><\/p>\n

    Instance Name: ods_inst1<\/strong><\/p>\n

     <\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Deselect checkbox and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Yes<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select only Oracle Directory Service Manager<\/strong> and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select “Specify Ports using Configuration file”. Open another shell window and copy the staticports.ini from staging directory.<\/p>\n

     <\/p>\n

    -bash-3.2$ cp -p \/app\/fusion\/provisioning\/idm\/Disk1\/stage\/Response\/staticports.ini ~\/<\/p>\n

     <\/p>\n

    Click View\/Edit File<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Edit\/uncomment ODS server Port No = 7006<\/strong><\/p>\n

     <\/p>\n

    Click Save<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review the summary and click Configure<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Once configuration completes, click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review the summary and click Finish<\/strong><\/p>\n

     <\/p>\n

    Check if wls_ods1 is already up in Enterprise Manager at http:\/\/<hostname>:7777\/em<\/a><\/p>\n

     <\/p>\n

    If not up the start by following commands.<\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/servers\/wls_ods1\/security\/
    \n<\/span><\/p>\n

    -bash-3.2$ cp ..\/..\/AdminServer\/security\/boot.properties .<\/span><\/p>\n

    -bash-3.2$ cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/bin\/<\/span><\/p>\n

    -bash-3.2$ nohup .\/startManagedWebLogic.sh wls_ods1 &<\/span><\/p>\n

     <\/p>\n

    Wait till you see RUNNING in the nohup.log file<\/p>\n

     <\/p>\n

    Launch ODSM using following URL<\/p>\n

     <\/p>\n

    http:\/\/<hostname>:7006\/odsm<\/a><\/p>\n

     <\/p>\n

    Create Aliases for ODSM in HTTP server
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/admin\/ohs_inst1\/config\/OHS\/ohs1\/moduleconf\/
    \n<\/span><\/p>\n

     <\/p>\n

    Append<\/strong> following entries in admin.conf file<\/p>\n

     <\/p>\n

    -bash-3.2$ vi admin.conf<\/span><\/p>\n

    Append<\/p>\n

    <Location \/odsm><\/p>\n

    SetHandler weblogic-handler<\/p>\n

    WebLogicHost ad002aph01<\/p>\n

    WeblogicPort 7006<\/p>\n

    <\/Location><\/p>\n

     <\/p>\n

    Restart Web Server<\/p>\n

     <\/p>\n

    -bash-3.2$ \/app\/fusion\/admin\/ohs_inst1\/bin\/opmnctl stopall
    \n<\/span><\/p>\n

    opmnctl stopall: stopping opmn and all managed processes…<\/p>\n

    -bash-3.2$ \/app\/fusion\/admin\/ohs_inst1\/bin\/opmnctl startall<\/span><\/p>\n

    opmnctl startall: starting opmn and all managed processes…<\/p>\n

     <\/p>\n

    Now you can also launch ODSM using following URL<\/p>\n

     <\/p>\n

    http:\/\/<hostname>:7777\/odsm<\/a><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click on Connect to a directory -><\/strong>
    \nCreate A New Connection<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter values as follows.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Connect<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    You can now view the Oracle Internet Directory from ODSM<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    You can also browse the OID data as above<\/p>\n

     <\/p>\n

    Provisioning the Managed Servers in the Managed Server Directory
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Stop the ODS
    \n<\/strong><\/p>\n

     <\/p>\n

    Use pack and unpack commands to provision the managed servers in mserver directory<\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin\/
    \n<\/span><\/p>\n

    -bash-3.2$ .\/pack.sh -managed=true -domain=\/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain -template=\/app\/fusion\/fmw\/templates\/managedServer.jar -template_name=ManagedServer_Template
    \n<\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ .\/unpack.sh -domain=\/app\/fusion\/admin\/IDMDomain\/mserver\/IDMDomain -template=\/app\/fusion\/fmw\/templates\/managedServer.jar -app_dir=\/app\/fusion\/admin\/IDMDomain\/mserver\/applications -overwrite_domain=true
    \n<\/span><\/p>\n

     <\/p>\n

    Make sure to use the switch \u2013overwrite_domain=true<\/p>\n

     <\/p>\n

    Start wls_ods1
    \n<\/strong><\/p>\n

     <\/p>\n

    Prepare Identity and Policy Stores
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Prepare Policy store
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Go to directory <IAM_HOME>\/idmtools\/bin
    \n<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/iam\/idmtools\/bin\/<\/span><\/p>\n

     <\/p>\n

    Source environment variables<\/p>\n

     <\/p>\n

    -bash-3.2$ export ORACLE_HOME=\/app\/fusion\/fmw\/iam<\/span><\/p>\n

    -bash-3.2$ export JAVA_HOME=\/app\/fusion\/jdk6<\/span><\/p>\n

    -bash-3.2$ export IDM_HOME=\/app\/fusion\/fmw\/idm<\/span><\/p>\n

    -bash-3.2$ export MW_HOME=\/app\/fusion\/fmw<\/span><\/p>\n

     <\/p>\n

    Create a file named policystore.props<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ more policystore.props<\/span><\/p>\n

    POLICYSTORE_HOST: ad002aph01<\/p>\n

    POLICYSTORE_PORT: 3060<\/p>\n

    POLICYSTORE_BINDDN: cn=orcladmin<\/p>\n

    POLICYSTORE_READONLYUSER: PolicyROUser<\/p>\n

    POLICYSTORE_READWRITEUSER: PolicyRWUser<\/p>\n

    POLICYSTORE_SEARCHBASE: dc=adm,dc=local<\/p>\n

    POLICYSTORE_CONTAINER: cn=jpsroot<\/p>\n

    Run the following command.<\/p>\n

     <\/p>\n

    -bash-3.2$ .\/idmConfigTool.sh -configPolicyStore input_file=policystore.props
    \n<\/span><\/p>\n

    Enter Policy Store Bind DN password :<\/p>\n

    \u2026<\/p>\n

    Enter User Password for PolicyROUser:<\/p>\n

    Confirm User Password for PolicyROUser:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for PolicyRWUser:<\/p>\n

    Confirm User Password for PolicyRWUser:<\/p>\n

     <\/p>\n

    -bash-3.2$ grep -i error automation.log<\/p>\n

     <\/p>\n

    Note: <\/strong>While running this command, you might see the following error message:<\/p>\n

    WARNING: Error in adding in-memory OID search filters.
    \n<\/strong><\/p>\n

     <\/p>\n

    You may safely ignore this error.
    \n<\/strong><\/p>\n

     <\/p>\n

    Run following commands to reassociate Security Store<\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/oracle_common\/common\/bin\/<\/span><\/p>\n

    -bash-3.2$ .\/wlst.sh<\/span><\/p>\n

    wls:\/offline> connect(“weblogic”,”Oracle123″,”t3:\/\/<hostname>:7001″)
    \n<\/span><\/p>\n

     <\/p>\n

    wls:\/IDMDomain\/serverConfig> reassociateSecurityStore(domain=”IDMDomain”, admin=”cn=orcladmin”,password=”Oracle123″, ldapurl=”ldap:\/\/<hostname>:3060″,servertype=”OID”, jpsroot=”cn=jpsroot”)
    \n<\/span><\/p>\n

    \u2026<\/p>\n

    wls:\/IDMDomain\/serverConfig> exit()<\/span><\/p>\n

     <\/p>\n

    Restart Admin Server
    \n<\/strong><\/p>\n

     <\/p>\n

    Prepare Identity Store
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Go to <IAM_HOME>\/idmtools\/bin<\/strong><\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/iam\/idmtools\/bin\/<\/span><\/p>\n

     <\/p>\n

    Create a file named idstore.props<\/p>\n

     <\/p>\n

    -bash-3.2$ more idstore.props<\/span><\/p>\n

    # Common<\/p>\n

    IDSTORE_HOST: ad002aph01<\/p>\n

    IDSTORE_PORT: 3060<\/p>\n

    IDSTORE_BINDDN: cn=orcladmin<\/p>\n

    IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=adm,dc=local<\/p>\n

    IDSTORE_SEARCHBASE: dc=adm,dc=local<\/p>\n

    IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

    IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

    IDSTORE_USERSEARCHBASE: cn=Users,dc=adm,dc=local<\/p>\n

    POLICYSTORE_SHARES_IDSTORE: true<\/p>\n

    # OAM<\/p>\n

    IDSTORE_OAMADMINUSER:oamadmin<\/p>\n

    IDSTORE_OAMSOFTWAREUSER:oamLDAP<\/p>\n

    OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators<\/p>\n

    # OAM and OIM<\/p>\n

    IDSTORE_SYSTEMIDBASE: cn=systemids,dc=adm,dc=local<\/p>\n

    # OIM<\/p>\n

    IDSTORE_OIMADMINGROUP: OIMAdministrators<\/p>\n

    IDSTORE_OIMADMINUSER: oimLDAP<\/p>\n

    # Required due to bug<\/p>\n

    IDSTORE_OAAMADMINUSER : oaamadmin<\/p>\n

    # Fusion Applications<\/p>\n

    IDSTORE_READONLYUSER: IDROUser<\/p>\n

    IDSTORE_READWRITEUSER: IDRWUser<\/p>\n

    IDSTORE_SUPERUSER: weblogic_fa<\/p>\n

    # Weblogic<\/p>\n

    IDSTORE_WLSADMINUSER : weblogic_idm<\/p>\n

     <\/p>\n

    Run following command<\/p>\n

     <\/p>\n

    -bash-3.2$ .\/idmConfigTool.sh -preConfigIDStore input_file=idstore.props
    \n<\/span><\/p>\n

    Enter ID Store Bind DN password :<\/p>\n

     <\/p>\n

    Make sure automation.log is created<\/p>\n

    -bash-3.2$ ls -l automation.log<\/span><\/p>\n

    -rw-r–r– 1 fusion dba 3432 Sep 20 13:49 automation.log<\/p>\n

     <\/p>\n

    Check the log for errors<\/p>\n

    -bash-3.2$ grep -i error automation.log
    \n<\/span><\/p>\n

     <\/p>\n

    Note: <\/strong>You might see a warning messages similar to this in the log.<\/p>\n

    WARNING: Error indexing displayName
    \n<\/strong><\/p>\n

     <\/p>\n

    You may safely ignore this error.
    \n<\/strong><\/p>\n

     <\/p>\n

    The above commands will create a file named idmDomainConfig.param file. This is an important file and we will seed the values from this file to the response file.<\/p>\n

     <\/p>\n

    -bash-3.2$ more idmDomainConfig.param<\/span> (Generated automatically)<\/p>\n

     <\/p>\n

    IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=adm,dc=local<\/p>\n

    POLICYSTORE_PORT: 3060<\/p>\n

    IDSTORE_HOST: ad002aph01<\/p>\n

    IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

    IDSTORE_PORT: 3060<\/p>\n

    POLICYSTORE_CONTAINER: cn=jpsroot<\/p>\n

    IDSTORE_USERSEARCHBASE: cn=Users,dc=adm,dc=local<\/p>\n

    POLICYSTORE_HOST: ad002aph01<\/p>\n

    POLICYSTORE_READWRITE_USERNAME: cn=PolicyRWUser,cn=users,dc=adm,dc=local<\/p>\n

     <\/p>\n

    Creating Users and Groups
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Run following command.<\/p>\n

     <\/p>\n

    -bash-3.2$ .\/idmConfigTool.sh -prepareIDStore mode=all input_file=idstore.props
    \n<\/span><\/p>\n

    Enter ID Store Bind DN password :<\/p>\n

    \u2026<\/p>\n

    Enter User Password for IDROUser:<\/p>\n

    Confirm User Password for IDROUser:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for IDRWUser:<\/p>\n

    Confirm User Password for IDRWUser:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for weblogic_fa:<\/p>\n

    Confirm User Password for weblogic_fa:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for weblogic_idm:<\/p>\n

    Confirm User Password for weblogic_idm:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for oblixanonymous:<\/p>\n

    Confirm User Password for oblixanonymous:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for oamadmin:<\/p>\n

    Confirm User Password for oamadmin:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for oamLDAP:<\/p>\n

    Confirm User Password for oamLDAP:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for oaamadmin:<\/p>\n

    Confirm User Password for oaamadmin:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for oimLDAP:<\/p>\n

    Confirm User Password for oimLDAP:<\/p>\n

    \u2026<\/p>\n

    Enter User Password for xelsysadm:<\/p>\n

    Confirm User Password for xelsysadm:<\/p>\n

    The tool has completed its operation. Details have been logged to automation.log<\/p>\n

     <\/p>\n

    -bash-3.2$ grep -i error automation.log<\/p>\n

     <\/p>\n

    Note: We are not using Oracle Virtual Directory (OVD) since this is optional component so skipping OVD part<\/strong><\/span>
    \n<\/span><\/p>\n

     <\/p>\n

    Configure Oracle Access Manager 11g (OAM)
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Start managed server wls_oam1 from Administration console.<\/p>\n

     <\/p>\n

    Configure Aliases for OAM in HTTP server
    \n<\/strong><\/p>\n

     <\/p>\n

    Append following in \/app\/fusion\/admin\/ohs_inst1\/config\/OHS\/ohs1\/moduleconf\/admin.conf
    \n<\/strong><\/p>\n

     <\/p>\n

    <Location \/oam><\/p>\n

    SetHandler weblogic-handler<\/p>\n

    WebLogicHost ad002aph01<\/p>\n

    WebLogicPort 14100<\/p>\n

    <\/Location><\/p>\n

     <\/p>\n

    <Location \/fusion_apps><\/p>\n

    SetHandler weblogic-handler<\/p>\n

    WebLogicHost ad002aph01<\/p>\n

    WebLogicPort 14100<\/p>\n

    <\/Location><\/p>\n

     <\/p>\n

    <Location \/oamconsole><\/p>\n

    SetHandler weblogic-handler<\/p>\n

    WebLogicHost ad002aph01<\/p>\n

    WebLogicPort 7001<\/p>\n

    <\/Location><\/p>\n

     <\/p>\n

    Restart Web server<\/p>\n

     <\/p>\n

    -bash-3.2$ \/app\/fusion\/admin\/ohs_inst1\/bin\/opmnctl stopall
    \n<\/span><\/p>\n

    opmnctl stopall: stopping opmn and all managed processes…<\/p>\n

    -bash-3.2$ \/app\/fusion\/admin\/ohs_inst1\/bin\/opmnctl startall<\/span><\/p>\n

    opmnctl startall: starting opmn and all managed processes…<\/p>\n

     <\/p>\n

    Now you can launch OAM Console with following URL<\/p>\n

     <\/p>\n

    http:\/\/<hostname>:7777\/oamconsole<\/a><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Login with weblogic user<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Configure OAM
    \n<\/strong><\/p>\n

     <\/p>\n

    Go to <IAM_HOME>\/idmtools\/bin<\/strong><\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/iam\/idmtools\/bin<\/span><\/p>\n

     <\/p>\n

    Create a file named config_oam1.props<\/p>\n

     <\/p>\n

    -bash-3.2$ more config_oam1.props<\/span><\/p>\n

    WLSHOST: ad002aph01<\/p>\n

    WLSPORT: 7001<\/p>\n

    WLSADMIN: weblogic<\/p>\n

    WLSPASSWD: Oracle123<\/p>\n

    IDSTORE_HOST: ad002aph01<\/p>\n

    IDSTORE_PORT: 3060<\/p>\n

    IDSTORE_DIRECTORYTYPE:OID<\/p>\n

    IDSTORE_BINDDN: cn=orcladmin<\/p>\n

    IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

    IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

    IDSTORE_USERSEARCHBASE: cn=Users,dc=adm,dc=local<\/p>\n

    IDSTORE_SEARCHBASE: dc=adm,dc=local<\/p>\n

    IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=adm,dc=local<\/p>\n

    IDSTORE_OAMSOFTWAREUSER: oamLDAP<\/p>\n

    IDSTORE_OAMADMINUSER: oamadmin<\/p>\n

    PRIMARY_OAM_SERVERS: ad002aph01:5575<\/p>\n

    WEBGATE_TYPE: ohsWebgate11g<\/p>\n

    ACCESS_GATE_ID: Webgate_IDM<\/p>\n

    OAM11G_IDM_DOMAIN_OHS_HOST:ad002aph01<\/p>\n

    OAM11G_IDM_DOMAIN_OHS_PORT:7777<\/p>\n

    OAM11G_IDM_DOMAIN_OHS_PROTOCOL:http<\/p>\n

    OAM11G_WG_DENY_ON_NOT_PROTECTED: false<\/p>\n

    OAM_TRANSFER_MODE: open<\/p>\n

    OAM11G_OAM_SERVER_TRANSFER_MODE:open<\/p>\n

    OAM11G_IDM_DOMAIN_LOGOUT_URLS:\/console\/jsp\/common\/logout.jsp,\/em\/targetauth\/emaslogout.jsp<\/p>\n

    OAM11G_OIM_WEBGATE_PASSWD: Oracle123<\/p>\n

    COOKIE_DOMAIN: .adm.local<\/p>\n

    OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators<\/p>\n

    OAM11G_SSO_ONLY_FLAG: true<\/p>\n

    OAM11G_OIM_INTEGRATION_REQ: true<\/p>\n

    OAM11G_IMPERSONATION_FLAG:true<\/p>\n

    OAM11G_SERVER_LBR_HOST:ad002aph01<\/p>\n

    OAM11G_SERVER_LBR_PORT:7777<\/p>\n

    OAM11G_SERVER_LBR_PROTOCOL:http<\/p>\n

    COOKIE_EXPIRY_INTERVAL: 120<\/p>\n

    OAM11G_OIM_OHS_URL:http:\/\/ad002aph01:7777\/<\/p>\n

    OAM11G_SERVER_LOGIN_ATTRIBUTE: uid<\/p>\n

     <\/p>\n

    Keep a backup of idmDomainConfig.param for safety<\/p>\n

     <\/p>\n

    -bash-3.2$ cp -pr idmDomainConfig.param idmDomainConfig.param.preOAM
    \n<\/span><\/p>\n

     <\/p>\n

    Run the following command to Configure OAM<\/p>\n

     <\/p>\n

    -bash-3.2$ .\/idmConfigTool.sh -configOAM input_file=config_oam1.props<\/span><\/p>\n

    Enter ID Store Bind DN password :<\/p>\n

    Enter User Password for IDSTORE_PWD_OAMSOFTWAREUSER:<\/p>\n

    Confirm User Password for IDSTORE_PWD_OAMSOFTWAREUSER:<\/p>\n

    Enter User Password for IDSTORE_PWD_OAMADMINUSER:<\/p>\n

    Confirm User Password for IDSTORE_PWD_OAMADMINUSER:<\/p>\n

    The tool has completed its operation. Details have been logged to automation.log<\/p>\n

     <\/p>\n

    -bash-3.2$ grep -i error automation.log<\/span><\/p>\n

    WARNING: Error in adding in-memory OID search filters<\/p>\n

    WARNING: Error indexing displayName<\/p>\n

     <\/p>\n

    Backup important files generated<\/p>\n

     <\/p>\n

    -bash-3.2$ cp -pr \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/output\/Webgate_IDM\/ ~\/backup\/
    \n<\/span><\/p>\n

     <\/p>\n

    Restart ALL managed servers and Admin server
    \n<\/strong><\/p>\n

     <\/p>\n

    Validate OAM
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Login to OAM Console using oamadmin <\/strong>user<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    In System Configuration tab, click Access Manager Settings -> SSO Agents-> OAM Agents. Search for all agents.<\/p>\n

    Edit Webgate_IDM agent<\/p>\n

     <\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Set Max. number of Connections<\/strong> to 4<\/strong> for each primary servers (in our case only one host is there)<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Do the same for Webgate_IDM_11g agent<\/p>\n

    Set Max. number of Connections<\/strong> to 4<\/strong> for each primary servers (in our case only one host is there)<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    In Policy Configurations tab, Host identifiers->IAMSuiteAgent-> Make sure our hostname and the default http port is mentioned. If already there then nothing to change in this screen.<\/p>\n

     <\/p>\n

    Perform Bug 13824816 Workaround<\/strong><\/span><\/p>\n

    http:\/\/<hostname>:7777\/console<\/a><\/p>\n

     <\/p>\n

    Security Realm->myrealm->Roles and Policies -> Expand Global Roles -> Click on Roles<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Expand Global Roles. Click on Roles<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click on Admin<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Next<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click on Add conditions<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter OAMAdministrators in text-box and click Add<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Save<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

    Note: Following is not required as per the “latest” document but for the safe side adding this as well.<\/p>\n

    1. Open http:\/\/<hostname>:7777\/odsm<\/a><\/p>\n

    2. <\/strong>Connect to a directory instance.<\/p>\n

    3. <\/strong>Click the Data Browser <\/strong>tab.<\/p>\n

    4. <\/strong>Expand the Client View <\/strong>entry in the directory tree (dc=<domain>) then expand cn=Groups<\/strong>.<\/p>\n

    5. <\/strong>Click IDMAdministrators<\/strong>.<\/p>\n

    6. <\/strong>In the Members <\/strong>box, click + <\/strong>to add a new entry.<\/p>\n

    7. <\/strong>Enter cn=oamadministrators,cn=groups,dc=adm,dc=local<\/p>\n

    8. <\/strong>Click Apply<\/strong>.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Adding the oamadmin Account to Access System Administrators
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    The oamadmin user is assigned to the Oracle Access Manager Administrators group, which is in turn assigned to the Access System Administrators group. Fusion Applications, however, requires the oamadmin user to be explicitly added to that role.
    \n<\/span><\/p>\n

     <\/p>\n

    To do this, perform the following steps:
    \n<\/span><\/p>\n

     <\/p>\n

    1. <\/strong>Log in to the oamconsole at http:\/\/<hostname>:7777\/oamconsole
    \n<\/span><\/p>\n

    2. <\/strong>Click the System Configuration <\/strong>tab.
    \n<\/span><\/p>\n

    3. <\/strong>Expand Data Sources <\/strong>– User Identity Stores<\/strong>.
    \n<\/span><\/p>\n

    4. <\/strong>Click OIMIDStore<\/strong>.
    \n<\/span><\/p>\n

    5. <\/strong>Click Open<\/strong>.
    \n<\/span><\/p>\n

    6. <\/strong>Click the + <\/strong>symbol next to Access System Adminsitrators<\/strong>.
    \n<\/span><\/p>\n

    7. <\/strong>Type oamadmin in the search box and click Search<\/strong>.
    \n<\/span><\/p>\n

    8. <\/strong>Click the returned oamadmin <\/strong>row, then click Add Selected<\/strong>.
    \n<\/span><\/p>\n

    9. <\/strong>Click Apply<\/strong>.
    \n<\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Apply.<\/p>\n

     <\/p>\n

    Create Oracle Access Manager Policies for WebGate 11g
    \n<\/em><\/strong><\/span><\/p>\n

    In order to allow WebGate 11g <\/em>to display the credential collector, you must add \/oam to the list of public policies.
    \n<\/span><\/p>\n

     <\/p>\n

    Proceed as follows:
    \n<\/span><\/p>\n

    1. <\/strong>Log in to the OAM console<\/span>
    \n<\/span><\/p>\n

    2. <\/strong>Select the Policy Configuration <\/strong>tab.
    \n<\/span><\/p>\n

    3. <\/strong>Expand Application Domains – IAM Suite
    \n<\/strong><\/span><\/p>\n

    4. <\/strong>Click Resources<\/strong>.
    \n<\/span><\/p>\n

    5. <\/strong>Click Open<\/strong>.
    \n<\/span><\/p>\n

    6. <\/strong>Click New resource<\/strong>.
    \n<\/span><\/p>\n

    7. <\/strong>Provide the following values:
    \n<\/span><\/p>\n

     <\/p>\n


    \nType<\/strong>: HTTP
    \n<\/span><\/p>\n


    \nDescription<\/strong>: OAM Credential Collector
    \n<\/span><\/p>\n


    \nHost Identifier<\/strong>: IAMSuiteAgent
    \n<\/span><\/p>\n


    \nResource URL<\/strong>: \/oam
    \n<\/span><\/p>\n


    \nProtection Level<\/strong>: Unprotected
    \n<\/span><\/p>\n


    \nAuthentication Policy<\/strong>: Public Policy
    \n<\/span><\/p>\n

     <\/p>\n

    8. <\/strong>Click Apply.
    \n<\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

    Click Apply<\/p>\n

     <\/p>\n

    Validate OAM
    \n<\/strong><\/p>\n

     <\/p>\n

    Note: The OAM validation tool is now no longer used for Solaris<\/strong> since current latest documentation<\/p>\n

     <\/p>\n

    Following is given for reference only. This is not required for Solaris due to bug mentioned below. It will work for Linux without any issues.<\/p>\n

     <\/p>\n

    -bash-3.2$ export JAVA_HOME=\/app\/fusion\/jdk6
    \n<\/span><\/p>\n

    -bash-3.2$ export PATH=$JAVA_HOME\/bin:$PATH<\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/iam\/oam\/server\/tester\/<\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ java -jar oamtest.jar<\/span><\/p>\n

     <\/p>\n

    It will throw above error due to a bug in this tool in Solaris<\/strong><\/p>\n

     <\/p>\n

    The fix is to temporarily remove Password from Webgate through oamadmin<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    It will throw above error due to a bug in this tool on Solaris Platform. On Linux\/Windows it will succeed.<\/p>\n

     <\/p>\n

    The fix is to temporarily remove Password from Webgate through oamadmin (Careful to revert it later). We suggest not to run this tool at all in Solaris.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Put the password back. (If you have changed in previous step)<\/p>\n

     <\/p>\n

    Updating Oracle Access Manager System Parameters<\/strong><\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Change to following.<\/p>\n

    Session Lifetime: 120<\/strong><\/p>\n

    Idle timeout (Minutes): 120<\/strong><\/p>\n

    Maximum number of connections per user: 200
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    This will automatically edit and change the values in \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/config\/fmwconfig\/oam-config.xml<\/p>\n

     <\/p>\n

    Please note that we are not changing the value for “NoUniqueSessionsFor10gAgents“<\/span> since it is not mentioned in the latest documentation.<\/p>\n

     <\/p>\n

    Restart OAM
    \n<\/strong><\/p>\n

     <\/p>\n

    Configure Oracle Identity Manager (OIM) and Oracle SOA Suite
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Start the configuration from <IAM_HOME>\/bin<\/strong><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/iam\/bin\/<\/span><\/p>\n

    -bash-3.2$ .\/config.sh &<\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select only “OIM Server<\/strong>” and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter database details. Make sure to use correct prefix as we selected earlier (in our case PROD). Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Admin server URL: t3:\/\/<hostname>:7001<\/p>\n

    Username and password of weblogic user<\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter required password and OIM HTTP URL as http:\/\/<hostname>:7777<\/strong><\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Check “Enable LDAP Sync” and click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter following values<\/p>\n

    Directory Server Type: OID<\/strong><\/p>\n

    ID: oid1<\/strong><\/p>\n

    URL: ldap:\/\/<hostname>:3060<\/strong><\/p>\n

    User: cn=oimLDAP,cn=systemids,dc=<domain>,dc=<com><\/strong><\/p>\n

     <\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Enter following values<\/p>\n

     <\/p>\n

    Role Container: cn=Groups,dc=<domain>,dc=<com><\/strong><\/p>\n

    User Container: cn=Users,dc=<domain>,dc=<com><\/strong><\/p>\n

    Reservation Container: cn=Reserve,dc=<domain>,dc=<com><\/strong><\/p>\n

     <\/p>\n

    Click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review summary and click Configure<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Once configure completes, click Next<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Review and click Finish<\/strong><\/p>\n

     <\/p>\n

    Note: If instead of above screen you see following error then you have missed a major patch 13399365.<\/p>\n

    Config Action Oracle Identity Manager Configuration failed<\/strong>“.<\/p>\n

    The errors in .out file<\/p>\n

    java.lang.NoSuchMethodError: oracle.jdbc.OracleConnection.setApplicationContext(Ljava\/lang\/String;Ljava\/lang\/String;Ljava\/lang\/String;)V<\/p>\n

    java.lang.IllegalStateException: Action:OIM Configuration failed with error:interrupted<\/p>\n

     <\/p>\n

    As per Oralce metalink note This is due to bug 14125012\ufffd
    \n<\/strong><\/span><\/p>\n

    Mismatched Components Version Cause Config.sh To Fail on Configure Oracle Identity Manager with Fusion Applications [ID 1467992.1]<\/strong><\/span>
    \n<\/span><\/p>\n

     <\/p>\n

    This is because the certified version of OAM with 11.1.4 applications is 11.1.1.5.2 while the supplied version is 11.1.1.5.0 so we need to apply patches to upgrade this version.<\/p>\n

     <\/p>\n

    The patches are mentioned in the release notes as well as available in \/app\/stage\/installers\/iam\/patch directory. Please apply them to fix this. We have a shortcut workaround to copy the required files only from patch. But this is not recommended so we will not post here. Just to let the geeks know J<\/span><\/p>\n

     <\/p>\n

    Stop Admin server and all managed servers and then start all servers including wls_soa1 and wls_oim1<\/p>\n

    Test OIM and SOA using following URLS<\/p>\n

     <\/p>\n

    http:\/\/<hostname>:14000\/oim<\/a><\/p>\n

    and<\/p>\n

    http:\/\/<hostname>:8001\/soa-infra<\/a><\/p>\n

     <\/p>\n

    Note: If you get 404 error for OIM or if you see following errors in OIM log files (even if OIM status shows as “RUNNING” in admin console) then OIM has not come up properly. You can see this in EM and it will show OIM as down.<\/p>\n

     <\/p>\n

    <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID ‘1356332711618’ for task ‘1’. Error is: ‘weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.sdp.client, exact-match: false].’<\/p>\n

    weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.sdp.client, exact-match: false].<\/p>\n

    at weblogic.application.internal.flow.CheckLibraryReferenceFlow.prepare(CheckLibraryReferenceFlow.java:26)<\/p>\n

    at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)<\/p>\n

    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)<\/p>\n

    at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)<\/p>\n

    at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:59)<\/p>\n

    Truncated. see log file for complete stacktrace<\/p>\n

     <\/p>\n

    As per metalink Note: 1328471.1 <\/strong>following needs to be done to fix this.
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Admin console->Deplyments->go to oracle.sdp.client page<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click on Targets. You will see that the checkbox for wls_oim1 is not selected.<\/p>\n

    Lock & Edit and select the checkbox and Activate changes.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Restart OIM<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Validate OIM
    \n<\/strong><\/p>\n

     <\/p>\n

    Launch URL http:\/\/<hostname>:14000\/oim<\/a><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Login with xelsysadm user<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    If you have not applied post-steps for patch 13399365 properly then you might get following errors.<\/strong><\/span><\/p>\n

     <\/p>\n

    oracle.iam.platform.kernel.OrchestatrionException
    \n<\/span><\/p>\n

    “ADF_FACES-60097 : For more information, please see the server’s error log for an entry beginning with: ADF_FACES-60096: Server Exception during PPR,\u00a0#8\u2033<\/span><\/p>\n

     <\/p>\n

    Internal Exception: java.sql.SQLSyntaxErrorException: ORA-00904: “CONTEXTVAL”: invalid identifier<\/span><\/span><\/p>\n

    Error Code: 904<\/span>
    \nCall: INSERT INTO ORCHPROCESS (ID, BULKPARENTID, CHANGETYPE, CONTEXTVAL, CREATEDON, ENTITYID, ENTITYTYPE, MODIFIEDON, OPERATION, ORCHESTRATION, ORCHTARGET, PARENTPROCESSID, RETRY, SEQUENCE, STAGE, STATUS) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)<\/span>
    \nbind => [16 parameters bound]
    \n<\/span><\/p>\n

     <\/p>\n

    This is because following column might not be available in PROD_OIM. ORCHPROCESS table. The post steps for above patch create this column.<\/p>\n

    CONTEXTVAL CLOB<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Validate SOA
    \n<\/strong><\/p>\n

     <\/p>\n

    Launch URL http:\/\/<hostname>:8001\/soa-infra<\/a><\/p>\n

     <\/p>\n

    Login with weblogic user<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Prepare OIM to reconcile from ID store
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ cd \/app\/fusion\/fmw\/iam\/server\/ldap_config_util\/<\/span><\/p>\n

     <\/p>\n

    Make backup of existing ldapconfig.props file<\/p>\n

     <\/p>\n

    -bash-3.2$ cp -pr ldapconfig.props ldapconfig.props_orig<\/span><\/p>\n

     <\/p>\n

    Modify ldapconfig.props<\/p>\n

     <\/p>\n

    -bash-3.2$ more ldapconfig.props<\/span><\/p>\n

    # OIMServer Type, Valid values can be WLS, JBOSS, WAS<\/p>\n

    # e.g.: OIMServerType=WLS<\/p>\n

    OIMServerType=WLS<\/p>\n

     <\/p>\n

    # OIMAdmin User Login<\/p>\n

    # e.g.: OIMAdminUser=xelsysadm<\/p>\n

    OIMAdminUser=xelsysadm<\/p>\n

     <\/p>\n

    # Skip Validation of OVD Schema<\/p>\n

    # e.g.: SkipOVDValidation=true|false, Default false<\/p>\n

    SkipOVDValidation=true<\/p>\n

     <\/p>\n

    # OIM Provider URL<\/p>\n

    # e.g.: OIMProviderURL=t3:\/\/localhost:8003<\/p>\n

    OIMProviderURL=t3:\/\/ad002aph01:14000<\/p>\n

     <\/p>\n

    # OID URL<\/p>\n

    # e.g.: OIDURL=ldap:\/\/localhost:389<\/p>\n

    OIDURL=ldap:\/\/ad002aph01:3060<\/p>\n

     <\/p>\n

    # Admin user name to connect to OID<\/p>\n

    # e.g.: OIDAdminUsername=cn=orcladmin<\/p>\n

    OIDAdminUsername=cn=oimLDAP,cn=systemids,dc=adm,dc=local<\/p>\n

     <\/p>\n

    # Search base<\/p>\n

    # e.g.: OIDSearchBase=dc=company,dc=com<\/p>\n

    OIDSearchBase=dc=adm,dc=local<\/p>\n

     <\/p>\n

    # Name of the user container<\/p>\n

    # e.g.: UserContainerName=cn=Users<\/p>\n

    UserContainerName=cn=Users<\/p>\n

     <\/p>\n

    # Name of the role container<\/p>\n

    # e.g.: RoleContainerName=cn=Roles<\/p>\n

    RoleContainerName=cn=Groups<\/p>\n

     <\/p>\n

    # Name of the reservation container<\/p>\n

    # e.g.: ReservationContainerName=cn=Reserve<\/p>\n

    ReservationContainerName=cn=Reserve<\/p>\n

     <\/p>\n

    Source environment<\/p>\n

    -bash-3.2$ export JAVA_HOME=\/app\/fusion\/jdk6
    \n<\/span><\/p>\n

    -bash-3.2$ export WL_HOME=\/app\/fusion\/fmw\/wlserver_10.3
    \n<\/span><\/p>\n

     <\/p>\n

    Run following command<\/p>\n

     <\/p>\n

    -bash-3.2$ .\/LDAPConfigPostSetup.sh<\/span><\/p>\n

    [Enter OID admin password:]<\/p>\n

    [Enter OIM admin password:]<\/p>\n

    Successfully Enabled Changelog based Reconciliation schedule jobs
    \n<\/strong><\/p>\n

     <\/p>\n

    Configure HTTP for OIM and SOA
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    Add following entries in \/app\/fusion\/admin\/ohs_inst1\/config\/OHS\/ohs1\/moduleconf\/admin.conf<\/strong>
    \n<\/span><\/p>\n

     <\/p>\n

    # oim admin console(idmshell based)
    \n<\/span><\/p>\n

    <Location \/admin>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # oim self and advanced admin webapp consoles(canonic webapp)
    \n<\/span><\/p>\n

    <Location \/oim>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # SOA Callback webservice for SOD \u2013 Provide the SOA Managed Server Ports
    \n<\/span><\/p>\n

    <Location \/sodcheck>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 8001
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # Callback webservice for SOA. SOA calls this when a request is approved\/rejected
    \n<\/span><\/p>\n

    # Provide the SOA Managed Server Port
    \n<\/span><\/p>\n

    <Location \/workflowservice>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # xlWebApp \u2013 Legacy 9.x webapp (struts based)
    \n<\/span><\/p>\n

    <Location \/xlWebApp>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # Nexaweb WebApp \u2013 used for workflow designer and DM
    \n<\/span><\/p>\n

    <Location \/Nexaweb>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # used for FA Callback service.
    \n<\/span><\/p>\n

    <Location \/callbackResponseService>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # spml xsd profile
    \n<\/span><\/p>\n

    <Location \/spml-xsd>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    <Location \/HTTPClnt>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLProxySSL OFF
    \n<\/span><\/p>\n

    WLProxySSLPassThrough OFF
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # role-sod profile
    \n<\/span><\/p>\n

    <Location \/role-sod>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 14000
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # SOA Infrastructure
    \n<\/span><\/p>\n

    <Location \/soa-infra>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 8001
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    # UMS Email Support
    \n<\/span><\/p>\n

    <Location \/ucs>
    \n<\/span><\/p>\n

    SetHandler weblogic-handler
    \n<\/span><\/p>\n

    WLCookieName oimjsessionid
    \n<\/span><\/p>\n

    WebLogicHost ad002aph01
    \n<\/span><\/p>\n

    WebLogicPort 8001
    \n<\/span><\/p>\n

    WLLogFile “${ORACLE_INSTANCE}\/diagnostics\/logs\/mod_wl\/oim_component.log”
    \n<\/span><\/p>\n

    <\/Location>
    \n<\/span><\/p>\n

     <\/p>\n

    -bash-3.2$ \/app\/fusion\/admin\/ohs_inst1\/bin\/opmnctl stopall
    \n<\/span><\/p>\n

    opmnctl stopall: stopping opmn and all managed processes…
    \n<\/span><\/p>\n

    -bash-3.2$ \/app\/fusion\/admin\/ohs_inst1\/bin\/opmnctl startall
    \n<\/span><\/p>\n

    opmnctl startall: starting opmn and all managed processes…
    \n<\/span><\/p>\n

     <\/p>\n

     <\/p>\n

    Now login to Weblogic Console at <\/span>http:\/\/<hostname>:7777\/console
    \n<\/span><\/p>\n

     <\/p>\n

    Change Host assertion in Weblogic
    \n<\/strong><\/span><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Save and Activate Changes.<\/p>\n

     <\/p>\n

    Validate OIM and SOA using HTTP port<\/p>\n

     <\/p>\n

    http:\/\/<hostname>:7777\/oim<\/a><\/p>\n

    http:\/\/<hostname>:7777\/soa-infra<\/a><\/p>\n

     <\/p>\n

    Enabling Oracle Identity Manager to Connect to SOA Using the Administrative Users Provisioned in LDAP<\/strong><\/span>
    \n<\/span><\/p>\n

     <\/p>\n

    Login to EM console<\/p>\n

    Select Farm_IDMDomain <\/strong>\u2013> Identity and Access<\/strong>\u2013> OIM <\/strong>\u2013> oim(11.1.1.3.0).
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select MBean Browser <\/strong>from the menu or right click to select it.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select Application defined Mbeans <\/strong>\u2013> oracle.iam <\/strong>\u2013> Server: wls_oim1 <\/strong>\u2013> Application: oim <\/strong>\u2013> XML Config <\/strong>-> Config <\/strong>\u2013> XMLConfig.SOAConfig <\/strong>\u2013>SOAConfig
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"
    \n<\/span><\/p>\n

     <\/p>\n

    Change the username <\/strong>attribute to weblogic_idm
    \n<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    select Weblogic Domain <\/strong>\u2013> IDMDomain <\/strong>from the Navigator.<\/p>\n

     <\/p>\n

    Select Security <\/strong>\u2013> Credentials <\/strong>from the down menu<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Expand the key oim<\/strong>.<\/p>\n

    Click SOAAdminPassword<\/strong>.<\/p>\n

    Click Edit<\/strong>.<\/p>\n

    Change the username to weblogic_idm and set the password to the accounts password.<\/p>\n

    Click OK<\/strong>.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

     <\/p>\n

    Run the reconciliation process to enable the Oracle WebLogic Server administrator, weblogic_idm, to be visible in the OIM Console. Follow these steps:<\/p>\n

     <\/p>\n

    a. <\/strong>Log in to Oracle Identity Manager at:<\/p>\n

    https:\/\/sso.mycompany.com:443\/oim as the user xelsysadm.<\/p>\n

     <\/p>\n

    b. <\/strong>If prompted, set up challenge questions. This happens on your first login to Oracle Identity Manager.<\/p>\n

    c. <\/strong>Click Advanced<\/strong>.<\/p>\n

    d. <\/strong>Click the System Management <\/strong>tab.<\/p>\n

    e. <\/strong>Click the arrow for the Search Scheduled Jobs <\/strong>to list all the schedulers.<\/p>\n

    f. <\/strong>Select LDAP User Create and Update Full Reconciliation<\/strong>.<\/p>\n

    g. <\/strong>Click Run Now <\/strong>to run the job.<\/p>\n

    h. <\/strong>Go to the Administration page and perform a search to verify that the user is visible in the Oracle Identity Manager console.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Select Administration<\/strong>. Click Advanced Search <\/strong>\u2013> Roles<\/strong><\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Search for the Administrators role. Click the Administrators <\/strong>Role.<\/p>\n

     <\/p>\n

    Click Open<\/strong>.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click the Members <\/strong>tab. Click Assign<\/strong>.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Type weblogic_idm in the Search box and Click -><\/strong>.<\/p>\n

     <\/p>\n

    Select weblogic_idm <\/strong>from the list of available users.<\/p>\n

     <\/p>\n

    Click > <\/strong>to move to Selected Users<\/strong>.<\/p>\n

     <\/p>\n

    \"\"<\/p>\n

     <\/p>\n

    Click Save<\/strong>.<\/p>\n

     <\/p>\n

    Restart Oracle Identity Manager managed server.<\/p>\n

    Installing Oracle Fusion Applications \u2013 steps<\/a>
    \n<\/strong><\/p>\n

      \n
    1. \n
    2. \n
    3. \n
    4. \n
      Create another database for Oracle Identity Management Infrastructure (optional)<\/div>\n<\/li>\n
    5. \n
    6. \n
    7. \n
    8. \n
    9. \n
    10. \n
    11. \n
      Provision an Applications Environment<\/a><\/div>\n<\/li>\n<\/ol>\n

       <\/p>\n

      Next:<\/strong> Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

      Previous: Apply mandatory Patches Configuring Oracle Identity Management components” can be divided into following tasks. Please note that we will not configure Oracle Virtual Directory, Oracle Identity Federation etc.   Configuring the Web Tier Create Weblogic Domain for Identity Management Extend the Domain to include Oracle Internet Directory Extend the Domain to include Oracle Directory […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[25,32,33,34,35,36,4,5,6,12,150,37,1,39],"tags":[40,42,46,66,70,72,74,196,98,198,99,103],"class_list":["post-1767","post","type-post","status-publish","format-standard","hentry","category-oracle-application-server","category-fusion-applications-provisioning","category-fusion-middleware-oracle","category-http-server","category-identity-management","category-installing-oracle-applications","category-oracle","category-applications","category-oracle-applications-dba","category-oracle-fusion-applications","category-oracle-fusion-applications-installation-fusion-applications-provisioning","category-oracle-internet-directory","category-uncategorized","category-webgate","tag-installing-fusion-applications","tag-oracle-fusion-applications-installation","tag-access-manager","tag-fusion-11g","tag-fusion-applications-installation","tag-guide","tag-identity-management-2","tag-oracle","tag-oracle-applications","tag-oracle-applications-dba","tag-oracle-apps","tag-oracle-fusion-applications-2"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts\/1767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/comments?post=1767"}],"version-history":[{"count":0,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts\/1767\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/media?parent=1767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/categories?post=1767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/tags?post=1767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}