Identity Manager Installation
- 463 Downloads
In the previous two chapters, you were provided with the instructions for installing and configuring Oracle Internet Directory (OID) and Oracle Access Manager (OAM).
KeywordsIdentity Manager Database Schema Database Object Access Manager Secure Socket Layer
In the previous two chapters, you were provided with the instructions for installing and configuring Oracle Internet Directory (OID) and Oracle Access Manager (OAM). These two components set the foundation of Identity Storage and single sign–on (SSO). Identity Manager adds additional elements such as user self-service and governance to the environment, thereby completing the end-to-end identity life cycle management implementation. This chapter focuses on the installation and initial domain configuration of Oracle Identity Manager (OIM).
Operating System Users
For most Oracle application installs, operating system (OS) users and groups should be created to perform the installation and configuration tasks. Creating OS groups will allow other OS users to perform certain tasks related to the management of the application environment. The most common OS users and groups related to installing Oracle applications in Linux environments are the oracle user and oinstall or dba groups.
To create the necessary oinstall and dba groups, perform the following commands as the root directory:
After the groups are created, create the oracle user:
-g indicates the primary group to which the user should be added. -G indicates any secondary groups.
To set the password for the user, utilize the following command as the root user.
Operating System Configuration
Prior to installing the Oracle Fusion Middleware infrastructure and Oracle Identity Management software, it is important to ensure the OS meets the minimum requirements and configuration. The following presents the kernel parameters and packages and the file changes that are required.
The following kernel parameters need to be set:
To set these parameters, edit the sysctl.conf file located in the /etc directory.
Add or edit the following lines in this section of the file:
After setting these values in the sysctl.conf file, you must activate and verify the new values are shown using this command:
The open file limits must be set to 4096 to support the instance. To do so, edit the limits.conf file.
If the environment is to be installed on Oracle Linux or RedHat Linux, you must perform the edit in /etc/security/limits.d/90-nproc.conf as well. If this is missed, the values in this file could override the values in the limits.conf file.
In both of these files, ensure the following lines are added or edited:
After editing this file, the server must be rebooted to ensure all the changes take effect.
Operating System Packages
Each Oracle application has its own set of required packages. Depending on the version of Linux you are using, the installation procedure might be different. In the following list, you should note that some packages require both 32-bit and 64-bit versions to be installed on a 64-bit OS. If these packages are not installed, the installation will not complete properly. The Oracle Installer will check these and display errors during the installation.
At this point in the procedure, the OS should be fully prepared for the installation to proceed. Performing these operations prior to installing the software will ensure a problem-free installation. In many cases, the installer will provide detailed messages if anything is missed. In the event of errors during the installation process, stop the installation and fix any problems problem before proceeding.
Because this is the first time installing OIM, select the Create option on this screen. This will start the RCU in creation mode.
$ORACLE_HOME/rdbms/admin/xaview.sql must be run to enable the XA transactions views and synonyms before the OIM schemas can be created.
Each of the Fusion Middleware components has database requirements, such as maximum connections or open processes. The RCU will check these prerequisites prior to creating the database schemas and objects.
During this step, indicate the value you wish to use for the password. You can elect to use the same password for all schemas or use a different password for each. Make the decision based on security requirements and ease of management.
This completes the repository creation process for OIM. The necessary database schemas and objects for Identity Manager and its required components have been installed within the target database. It is now possible to continue with the installation process.
Identity Manager Software Installation
In the previous section, you were taken through the steps to create the OIM database schemas and objects. The following sections discuss the installation of the Identity Manager software. This process creates the necessary file system structure and lays down the binaries needed by the Fusion Middleware products presented.
OIM must be installed within a WLS home. In Chapter 6, you were presented with the steps to install OAM in a separate WLS home. You can choose to install the Identity Manager software in the same home as Access Manager, or you can create a completely separate home specifically for it. It is common to separate Access Manager from Identity Manager on different tiers of the network, or on different physical hosts. If this is required for your environment, follow the WLS installation steps in Chapter 4.
Service-Oriented Architecture Installation
OIM requires Oracle Service-Oriented Architecture (SOA ) to run properly. This installation is separate from the OIM process, but can be installed within the same WebLogic home. After the SOA installation, you can install OIM and configure the domain for both products at the same time. This is the recommended process for the two products.
As with OAM, SOA has its own set of required OS packages, kernel parameters, memory, and storage allowances. These must be met prior to continuing with the installation. Although many of these are the same as the Access Manager installation, it is important to visit the beginning of this chapter to view them.
Prerequisite failures will be shown with a red X on the Universal Installer screen. You can open a terminal window logged in as root to correct any problems and retry the prerequisite checks until all issues have been resolved.
Now the required Oracle SOA suite instance has been installed. When configuring the OIM domain, the Configuration Wizard will set up the necessary components of SOA. As you will recall, this SOA instance is installed in the same Middleware Home as the Identity Manager. The next section covers IOM installation.
Identity Manager Installation
The first screen displays important information about the software to be installed. Ensure the version displayed matches your requirements and the version of the RCU previously run.
The actual installation of the software files usually finishes in about 10 minutes. During this time you can see the actual operations on the progress screen, which also shows the location of the installation log file. You can monitor this log for any errors. Once completed, you can close the installer, as all installation operations are complete. In the next sections, you will be configuring the OIM domain.
Configure Identity Manager Domain
After the necessary software components have been installed, you can continue to configure the WebLogic domain to support OIM. This process is started by running the config script located in the IDM_HOME/common/bin directory. It is important to note that you are only configuring the WebLogic domain at this time. OIM will not be ready to run.
There are multiple instances of the config.sh script that can be found within the Middleware Home subdirectories. It is very important to run the correct version found within <MIDDLEWARE_HOME/Oracle_IDM1/common/bin.
Because this is the first time a domain is being created within the WLS environment, choose Create a New WebLogic Domain.
Locking the Administration Console prevents multiple administrators from making changes and overwriting each other.
In this environment, Access Manager and Identity Manager are installed in separate Oracle Middleware Homes. This means that each one consists of WLS, Administration server, and managed servers. As discussed previously, this was done for ease of future maintenance such as patches and upgrades. It also allows the separation of these tiers to different physical hosts at a later time if required. Because these will be running on the same physical host but within separate WLS, each Administration server will require its own listen port.
It should be noted at this point that if you only have a single node in your cluster, you might see errors in the managed server logs related to waiting for communication with other members of the cluster. These can be ignored and will go away after adding additional members to the cluster.
Once the domain configuration is complete, click Done to exit the tool. If you have followed the process up to this point, you will have installed OID, OAM, and OIM. Each component resides within its own WebLogic domain and is controlled by its own WebLogic server. This serves to simplify the management processes and facilitate future upgrades and patches. It should also be noted that in some cases, your network infrastructure might require the components to be separated in different network zones. Visit the architecture sections of this book for more information.
This chapter served to cover the steps required to install OIM in a new WebLogic domain. If followed from the beginning, you were presented with the steps for creating the necessary database objects required for the metadata repository. The chapter also covered the actual software installation and creation of a new WebLogic domain for both OIM and the required Oracle SOA installation. Future chapters cover the configuration of OIM components and the integration with each other.