{"id":999,"date":"2012-04-01T17:33:50","date_gmt":"2012-04-01T12:03:50","guid":{"rendered":"http:\/\/www.oratraining.com\/blog\/?p=999"},"modified":"2013-01-07T07:45:55","modified_gmt":"2013-01-07T07:45:55","slug":"integrate-oracle-identity-manager-oim-and-oracle-access-manager-oam","status":"publish","type":"post","link":"https:\/\/www.oratraining.com\/blog\/2012\/04\/integrate-oracle-identity-manager-oim-and-oracle-access-manager-oam\/","title":{"rendered":"Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)"},"content":{"rendered":"

Oracle Fusion Applications Installation<\/span>:<\/span>\u00a0<\/span><\/span>Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)
\n<\/strong><\/span><\/span><\/p>\n

Previous: Configuring Oracle Identity and Access Management components<\/strong>\u00a0<\/a><\/p>\n

Important Note: This is OLD guide for old version 11.1.1.5. Please follow instructions at\u00a0<\/span>http:\/\/www.oratraining.com\/blog\/2012\/12\/oracle-fusion-applications-installation-step-by-step-guide-11-1-5\/<\/a>\u00a0for latest guide for current version i.e. 11.1.5<\/span><\/h3>\n

 <\/p>\n

Preparing OAM for integration
\n<\/strong><\/span><\/p>\n

Create a file named config_oam2.props as follows.
\n<\/strong><\/p>\n

[oracle@fusion bin]$ more config_oam2.props<\/strong><\/span><\/p>\n

WLSHOST: fusion<\/p>\n

WLSPORT: 7001<\/p>\n

WLSADMIN: weblogic<\/p>\n

WLSPASSWD: Oracle123<\/p>\n

IDSTORE_HOST: fusion<\/p>\n

IDSTORE_PORT: 3060<\/p>\n

IDSTORE_BINDDN: cn=orcladmin<\/p>\n

IDSTORE_USERNAMEATTRIBUTE: cn<\/p>\n

IDSTORE_LOGINATTRIBUTE: uid<\/p>\n

IDSTORE_USERSEARCHBASE: cn=Users,dc=localdomain<\/p>\n

IDSTORE_SEARCHBASE: dc=localdomain<\/p>\n

IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

IDSTORE_OAMSOFTWAREUSER: oamLDAP<\/p>\n

IDSTORE_OAMADMINUSER: oamadmin<\/p>\n

PRIMARY_OAM_SERVERS: fusion:5575<\/p>\n

WEBGATE_TYPE: ohsWebgate10g<\/p>\n

ACCESS_GATE_ID: Webgate_IDM<\/p>\n

OAM11G_IDM_DOMAIN_OHS_HOST:false<\/p>\n

OAM11G_IDM_DOMAIN_OHS_PORT:7777<\/p>\n

OAM11G_IDM_DOMAIN_OHS_PROTOCOL:http<\/p>\n

OAM11G_WG_DENY_ON_NOT_PROTECTED: false<\/p>\n

OAM_TRANSFER_MODE: open<\/p>\n

OAM11G_OAM_SERVER_TRANSFER_MODE:open<\/p>\n

OAM11G_IDM_DOMAIN_LOGOUT_URLS: \/console\/jsp\/common\/logout.jsp,\/em\/targetauth\/emaslogout.jsp<\/p>\n

OAM11G_OIM_WEBGATE_PASSWD: Oracle123<\/p>\n

OAM11G_SERVER_LOGIN_ATTRIBUTE: uid<\/p>\n

COOKIE_DOMAIN: .localdomain<\/p>\n

OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators<\/p>\n

OAM11G_SSO_ONLY_FLAG: true<\/p>\n

OAM11G_OIM_INTEGRATION_REQ: true<\/p>\n

OAM11G_IMPERSONATION_FLAG:true<\/p>\n

OAM11G_SERVER_LBR_HOST:fusion<\/p>\n

OAM11G_SERVER_LBR_PORT:7777<\/p>\n

OAM11G_SERVER_LBR_PROTOCOL:http<\/p>\n

COOKIE_EXPIRY_INTERVAL: 120<\/p>\n

OAM11G_OIM_OHS_URL:http:\/\/fusion:7777\/<\/p><\/blockquote>\n

[oracle@fusion bin]$ export ORACLE_HOME=\/app\/fusion\/fmw\/iam<\/strong><\/span><\/p>\n

[oracle@fusion bin]$ export IDM_HOME=\/app\/fusion\/fmw\/idm<\/strong><\/span><\/p>\n

[oracle@fusion bin]$ export MW_HOME=\/app\/fusion\/fmw<\/strong><\/span><\/p>\n

[oracle@fusion bin]$ export JAVA_HOME=\/app\/fusion\/jdk6
\n<\/strong><\/span><\/p>\n

 <\/p>\n

[oracle@fusion bin]$ cd \/app\/fusion\/fmw\/iam\/idmtools\/bin\/<\/strong>
\n<\/span><\/p>\n

 <\/p>\n

[oracle@fusion bin]$ .\/idmConfigTool.sh -configOAM input_file=config_oam2.props<\/strong><\/span><\/p>\n

Enter ID Store Bind DN password :<\/p>\n

Enter User Password for IDSTORE_PWD_OAMSOFTWAREUSER:<\/p>\n

Confirm User Password for IDSTORE_PWD_OAMSOFTWAREUSER:<\/p>\n

Enter User Password for IDSTORE_PWD_OAMADMINUSER:<\/p>\n

Confirm User Password for IDSTORE_PWD_OAMADMINUSER:<\/p>\n

The tool has completed its operation. Details have been logged to automation.log<\/p>\n

 <\/p>\n

Restart Weblogic Admin Server.
\n<\/strong><\/span><\/p>\n

Create another file named user.props as follows.<\/strong><\/p>\n

[oracle@fusion bin]$ more user.props<\/strong><\/span><\/p>\n

IDSTORE_HOST: fusion<\/p>\n

IDSTORE_PORT: 3060<\/p>\n

IDSTORE_ADMIN_USER: cn=orcladmin<\/p>\n

IDSTORE_USERSEARCHBASE: cn=Users,dc=localdomain<\/p>\n

IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

PASSWORD_EXPIRY_PERIOD: 7300<\/p><\/blockquote>\n

[oracle@fusion bin]$ .\/idmConfigTool.sh -upgradeLDAPUsersForSSO input_file=user.props<\/span><\/strong><\/p>\n

…<\/p>\n

Enter Directory Type[OID]: OID<\/p>\n

…<\/p>\n

Finished parsing LDAP<\/p>\n

LDAP Users Upgraded.<\/p>\n

 <\/p>\n

Remove Security Providers
\n<\/strong><\/span><\/p>\n

If you have already configured signle sign-on for Administration Console then you must delete the security providers you created in that section. Otherwise this can be skipped since these providers will not be present. Still make sure that these do not exist.<\/p>\n

1. <\/strong>Log in to the WebLogic Administration Console at:<\/p>\n

http:\/\/fusion:7777\/console<\/span>
\n<\/span><\/p>\n

2. <\/strong>Click Security Realms <\/strong>from the Domain structure menu.
\n<\/span><\/p>\n

3. <\/strong>Click Lock <\/strong>and Edit <\/strong>in the Change Center.
\n<\/span><\/p>\n

4. <\/strong>Click myrealm<\/strong>.
\n<\/span><\/p>\n

5. <\/strong>Select the Providers <\/strong>tab.
\n<\/span><\/p>\n

Select the following providers:
\n<\/span><\/p>\n

OVDAuthenticator
\n<\/strong><\/span><\/p>\n

OIDAuthenticator
\n<\/strong><\/span><\/p>\n

OAMIDAssertor
\n<\/strong><\/span><\/p>\n

6. <\/strong>Click Delete<\/strong>.
\n<\/span><\/p>\n

7. <\/strong>Click Yes <\/strong>to confirm deletion.
\n<\/span><\/p>\n

8. <\/strong>Restart the administration server and all managed servers if you had to delete the above otherwise you can continue to next step.<\/span>
\n<\/span><\/p>\n

 <\/p>\n

Integrate OIM and OAM<\/strong><\/p>\n

Create a new file named oimitg.props as follows.<\/strong><\/p>\n

[oracle@fusion bin]$ more oimitg.props<\/strong><\/span><\/p>\n

LOGINURI: \/${app.context}\/adfAuthentication<\/p>\n

LOGOUTURI: \/oamsso\/logout.html<\/p>\n

AUTOLOGINURI: None<\/p>\n

ACCESS_SERVER_HOST: fusion<\/p>\n

ACCESS_SERVER_PORT: 5575<\/p>\n

ACCESS_GATE_ID: Webgate_IDM<\/p>\n

COOKIE_DOMAIN: .localdomain<\/p>\n

COOKIE_EXPIRY_INTERVAL: 120<\/p>\n

OAM_TRANSFER_MODE: open<\/p>\n

WEBGATE_TYPE: ohsWebgate10g<\/p>\n

SSO_ENABLED_FLAG: true<\/p>\n

IDSTORE_PORT: 3060<\/p>\n

IDSTORE_HOST: fusion<\/p>\n

IDSTORE_DIRECTORYTYPE: OID<\/p>\n

IDSTORE_ADMIN_USER: cn=oamLDAP,cn=Users,dc=localdomain<\/p>\n

IDSTORE_USERSEARCHBASE: cn=Users,dc=localdomain<\/p>\n

IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=localdomain<\/p>\n

MDS_DB_URL: jdbc:oracle:thin:@fusion:1521:fusiondb<\/p>\n

MDS_DB_SCHEMA_USERNAME: dev_mds<\/p>\n

WLSHOST: fusion<\/p>\n

WLSPORT: 7001<\/p>\n

WLSADMIN: weblogic<\/p>\n

DOMAIN_NAME: IDMDomain<\/p>\n

OIM_MANAGED_SERVER_NAME: wls_oim1<\/p>\n

DOMAIN_LOCATION: \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain<\/p><\/blockquote>\n

 <\/p>\n

[oracle@fusion bin]$ .\/idmConfigTool.sh -configOIM input_file=oimitg.props<\/strong><\/span><\/p>\n

Enter sso access gate password :<\/p>\n

Enter mds db schema password :<\/p>\n

Enter idstore admin password :<\/p>\n

Enter admin server user password :<\/p>\n

\u2026<\/p>\n

\u2026<\/p>\n

Changes Activated. Edit session ended.<\/p>\n

Connection closed sucessfully<\/p>\n

The tool has completed its operation. Details have been logged to automation.log<\/p>\n

Have a look at the automation.log if there are any errors. There should not be any.<\/p>\n

Restart Admin server and all managed servers.<\/strong><\/p>\n

 <\/p>\n

Manually Creating CSF Keys
\n<\/strong><\/span><\/p>\n

1. Log into Oracle Enterprise Manager Fusion Middleware Control at:<\/p>\n

http:\/\/fusion\/em<\/span><\/p>\n

2. Navigate to FARM_IDMDomain – Weblogic Domain<\/p>\n

3. Click IDMDomain.<\/p>\n

4. When the summary screen is displayed, select Security – Credentials from the list.<\/p>\n

5. Click the credential key oim and click Create Key. Create the following keys:<\/span><\/p>\n

 <\/p>\n

SSOAccessKey
\n<\/strong><\/span><\/p>\n

Field Value
\n<\/strong><\/span><\/p>\n

Map <\/strong>oim
\n<\/span><\/p>\n

Key <\/strong>SSOAccessKey
\n<\/span><\/p>\n

Type <\/strong>Password
\n<\/span><\/p>\n

User Name <\/strong>SSOAccessKey
\n<\/span><\/p>\n

Password <\/strong>Value of OAM11G_OIM_WEBGATE_PASSWD
\n<\/strong><\/span><\/p>\n

Description <\/strong>OAMAccessGatePassword
\n<\/span><\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

Before validating integration we must do the following.
\n<\/span><\/p>\n

 <\/p>\n

Assigning IDM Administrators Group to Weblogic Administration Groups<\/strong><\/span>
\n<\/span><\/span><\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

1. <\/strong>Log in to the WebLogic Administration Server Console.<\/p>\n

2. <\/strong>In the left pane of the console, click Security Realms<\/strong>.<\/p>\n

3. <\/strong>On the Summary of Security Realms page, click myrealm <\/strong>under the Realms <\/strong>table.<\/p>\n

4. <\/strong>On the Settings page for myrealm, click the Roles & Policies <\/strong>tab.<\/p>\n

5. <\/strong>On the Realm Roles page, expand the Global Roles <\/strong>entry under the Roles <\/strong>table.<\/p>\n

This brings up the entry for Roles. Click the Roles <\/strong>link to go to the Global Roles page.<\/p>\n

6. <\/strong>On the Global Roles page, click the Admin <\/strong>role to go to the Edit Global Role page:<\/p>\n

a. <\/strong>On the Edit Global Roles page, under the Role Conditions <\/strong>table, click the Add Conditions <\/strong>button.<\/p>\n

b. <\/strong>On the Choose a Predicate page, select Group <\/strong>from the drop down list for predicates and click Next<\/strong>.<\/p>\n

c. <\/strong>On the Edit Arguments Page, Specify IDM Administrators <\/strong>in the Group Argument <\/strong>field and click Add<\/strong>.<\/p>\n

7. <\/strong>Click Finish <\/strong>to return to the Edit Global Rule page.<\/p>\n

8. <\/strong>The Role Conditions <\/strong>table now shows the IDM Administrators Group as an entry.<\/p>\n

9. <\/strong>Click Save <\/strong>to finish adding the Admin role to the IDM Administrators Group.<\/p>\n

10. <\/strong>Validate that the changes were successful by bringing up the WebLogic Administration Server Console using a web browser. Log in using the credentials for the weblogic_idm user.<\/p>\n

 <\/p>\n

Important Note<\/strong>: If you skip the above step then you may get following error while accessing fusion:7777\/em with weblogic_idm user
\n<\/span><\/p>\n

“User is not authorized to login to WebLogic Domain. User should be part of one or more Administrative roles to be able to login.”
\n<\/span><\/p>\n

 <\/p>\n

\"\"<\/p><\/blockquote>\n

 <\/p>\n

Install webgate<\/strong>
\n<\/span><\/p>\n

 <\/p>\n

[oracle@fusion webgate]$ cd \/mnt\/fusion\/installers\/webgate<\/strong><\/p>\n

.\/Oracle_Access_Manager10_1_4_3_0_linux64_OHS11g_WebGate \u2013gui
\n<\/strong><\/span><\/p>\n

[Make sure you supply -gui argument]
\n<\/span><\/p>\n

\"\"<\/p>\n

\"\"<\/p>\n

Welcome screen appears. Click Next<\/strong><\/p>\n

\"\"<\/p>\n

Enter Username as “oracle<\/strong>” and group “oinstall<\/strong>“. Click Next
\n<\/strong><\/p>\n

 <\/p>\n

\"\"<\/p>\n

Enter the values as above and click Next<\/strong><\/p>\n

 <\/p>\n

\"\"<\/p>\n

Review the above information and click Next<\/strong><\/p>\n

\"\"<\/p>\n

Supply the values as above but before clicking Next, open a new terminal window and execute following steps to create symbolic links in the desired directory.<\/p>\n

[oracle@fusion oam_lib]$\u00a0mkdir \/app\/fusion\/oam_lib<\/strong><\/p>\n

[oracle@fusion oam_lib]$\u00a0ln -s \/usr\/lib64\/libstdc++.so.5 \/app\/fusion\/oam_lib\/libstdc++.so.5<\/strong><\/p>\n

[oracle@fusion oam_lib]$\u00a0ln -s \/lib64\/libgcc_s.so.1 \/app\/fusion\/oam_lib\/libgcc_s.so.1<\/strong><\/p><\/blockquote>\n

Once done, click Next<\/strong><\/p>\n

\"\"<\/p>\n

 <\/p>\n

The installation will finish and will automatically take you to the next screen.<\/p>\n

\"\"<\/p>\n

Select Open Mode<\/strong> and click Next<\/strong><\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

Enter the values as follows and click Next<\/strong>.<\/p>\n

WebGate ID: Webgate_IDM<\/strong><\/p>\n

Password: Oracle123<\/strong> (or any desired password)<\/p>\n

Access Server ID: wls_oam1<\/strong><\/p>\n

Host name: fusion<\/strong><\/p>\n

Port number (proxy port): 5575<\/strong><\/p>\n

 <\/p>\n

\"\"<\/p>\n

\"\"<\/p>\n

Select Yes to proceed with automatic update of httpd.conf with webgate parameters. Click Next<\/strong><\/p>\n

\"\"<\/p>\n

Specify the httpd.conf location from the OHS instance directory. You can take a backup of this file in another terminal window if you want. Click Next
\n<\/strong><\/p>\n

 <\/p>\n

\"\"<\/p>\n

Click Next<\/strong><\/p>\n

\"\"<\/p>\n

Click Next
\n<\/strong><\/p>\n

\"\"<\/p>\n

Click Next
\n<\/strong><\/p>\n

\"\"<\/p>\n

Click Next
\n<\/strong><\/p>\n

\"\"<\/p>\n

Click Finish<\/strong> to complete the installation.<\/p>\n

Copy the following files to Webgate.<\/p>\n

[oracle@fusion bin]$ cp -p \/app\/fusion\/fmw\/oam\/webgate\/access\/oblix\/lib\/ObAccessClient.xml \/app\/fusion\/fmw\/oam\/webgate\/access\/oblix\/lib\/ObAccessClient.xml.bak<\/span><\/strong><\/p>\n

[oracle@fusion bin]$ cp -p \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/output\/Webgate_IDM\/ObAccessClient.xml \/app\/fusion\/fmw\/oam\/webgate\/access\/oblix\/lib\/<\/strong><\/span><\/p>\n

[oracle@fusion Webgate_IDM]$ cd \/app\/fusion\/admin\/IDMDomain\/aserver\/IDMDomain\/output\/Webgate_IDM<\/strong><\/p>\n

[oracle@fusion Webgate_IDM]$ cp logout.html \/app\/fusion\/fmw\/oam\/webgate\/access\/oamsso\/
\n<\/strong><\/span><\/p>\n

 <\/p>\n

Comment out following lines from \/app\/fusion\/admin\/ohs_inst\/config\/OHS\/ohs1\/httpd.conf<\/span><\/strong><\/p>\n

#<LocationMatch “\/oamsso\/*”><\/p>\n

#Satisfy any<\/p>\n

#<\/LocationMatch><\/p>\n

 <\/p>\n

Restart HTTP server<\/strong><\/span><\/p>\n

This concludes the integration between OIM and OAM.<\/p>\n

Next:\u00a0Creating a New Provisioning Plan<\/a><\/strong><\/p>\n

Installing Oracle Fusion Applications \u2013 steps<\/a><\/strong><\/p>\n

    \n
  1. Installing Fusion Applications Provisioning Framework<\/a>
    \n<\/strong><\/li>\n
  2. Installing Oracle 11g Database (Applications Transactional Database)<\/a>
    \n<\/strong><\/li>\n
  3. Running Oracle Fusion Applications Repository Creation Utility (Applications RCU)
    \n<\/a><\/strong><\/li>\n
  4. Creating another database for Oracle \u00a0Identity Management Infrastructure\u00a0<\/strong>(optional)
    \n<\/strong><\/li>\n
  5. Running Repository Creation Utility (RCU) for Oracle Identity Management components<\/a><\/strong><\/li>\n
  6. Installing Oracle Identity and Access Management Components<\/a>
    \n<\/strong><\/li>\n
  7. Configuring Oracle Identity and Access Management components<\/a>
    \n<\/strong><\/li>\n
  8. Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)<\/a><\/strong>
    \n<\/strong><\/li>\n
  9. Creating a New Provisioning Plan<\/a>
    \n<\/strong><\/li>\n
  10. Provisioning an Applications Environment<\/a><\/strong><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"

    Oracle Fusion Applications Installation:\u00a0Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM) Previous: Configuring Oracle Identity and Access Management components\u00a0 Important Note: This is OLD guide for old version 11.1.1.5. Please follow instructions at\u00a0http:\/\/www.oratraining.com\/blog\/2012\/12\/oracle-fusion-applications-installation-step-by-step-guide-11-1-5\/\u00a0for latest guide for current version i.e. 11.1.5   Preparing OAM for integration Create a file named config_oam2.props as follows. [oracle@fusion […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-999","post","type-post","status-publish","format-standard","hentry","category-oracle"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts\/999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/comments?post=999"}],"version-history":[{"count":0,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/posts\/999\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/media?parent=999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/categories?post=999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oratraining.com\/blog\/wp-json\/wp\/v2\/tags?post=999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}