Configure Oracle Identity and Access Management components in Fusion Applications 11.1.5

Configure Oracle Identity and Access Management components in Fusion Applications 11.1.5

Configuring Oracle Identity Management components” can be divided into following tasks. Please note that we will not configure Oracle Virtual Directory, Oracle Identity Federation etc.

  1. Configuring the Web Tier
  2. Create Weblogic Domain for Identity Management
  3. Extend the Domain to include Oracle Internet Directory
  4. Extend the Domain to include Oracle Directory Service Manager (ODSM)
  5. Prepare Identity and Policy Stores
  6. Extend the Domain to include Oracle Virtual Directory (Optional)
  7. Configure Oracle Access Manager 11g (OAM)
  8. Configure Oracle Identity Manager (OIM) and Oracle SOA Suite
  9. Post-configure tasks

Configure Web Tier

Start the configuration from <Web_Home>/bin

Before running this Open new terminal & give “xhost +” as a root user and continue as an oracle user

[oracle@fa bin]$cd /u03/fmw/webtier/bin
[oracle@fa bin]$./config.sh

wt1

click Next

wt2

Uncheck “Oracle Web Cache” & “Associate Selected Components with WebLogic Domain”  and click Next

wt3

Enter following details and click Next

Instance Home Location: /u03/fmw/webtier1

Instance Name: webtier1

OHS Component Name: ohs1

wt4

Select “Specify Ports using Configuration file”. Open another shell window and copy the staticports.ini from staging directory.

[oracle@fa ~]$cp /home/oracle/fa/installers/webtier/Disk1/stage/Response/staticports.ini /home/oracle

Click View/Edit File

wt5

Edit/uncomment the following values.

OPMN Local Port = 6700

OHS Port = 8888

wt6

Click Save wt7 wt8

Deselect the check box and click Next

wt9

Click Yes wt10

Review the summary and click Configure wt11

Once installation is successful, click Next wt12

Review the summary and click Finish

[oracle@fa ~]$ ps -ef | grep http
oracle 6570 6539 0 19:09 ? 00:00:01 /u03/fmw/webtier/ohs/bin/httpd.worker -DSSL
oracle 6645 6570 0 19:10 ? 00:00:00 /u03/fmw/webtier/ohs/bin/httpd.worker -DSSL
oracle 6647 6570 0 19:10 ? 00:00:00 /u03/fmw/webtier/ohs/bin/httpd.worker -DSSL
oracle 6649 6570 0 19:10 ? 00:00:00 /u03/fmw/webtier/ohs/bin/httpd.worker -DSSL
oracle 6828 3008 0 19:11 pts/1 00:00:00 grep http

wt13

[oracle@fa ~]$vi /u03/fmw/webtier1/config/OHS/ohs1/httpd.conf
Change to following (dba based on oracle user group)

Launch http://fa.fusionappsdba.com:8888 to make sure that HTTP home page is appearing.

wt15

Make a backup of httpd.conf
[oracle@fa ~]$cp /u03/fmw/webtier1/config/OHS/ohs1/http.conf /u03/fmw/webtier1/config/OHS/ohs1/http.conf.bkp

Modify following values in httpd.conf
[oracle@fa ~]$vi /u03/fmw/webtier1/config/OHS/ohs1/httpd.conf

wt14

Create Weblogic Domain for Identity Management

Start the configuration from <Middleware Home>/oracle_common/commin/bin
[oracle@fa ~]$cd /u03/fmw/oracle_common/common/bin/
[oracle@fa ~]$./config.sh &

domain1

Select “Create a new Weblogic domain” and click Next domain2

For single domain creation, select:

– Oracle Identity Manager 11.1.1.3.0 [iam]

– Oracle SOA Suite – 11.1.1.0 [soa]

– Oracle Enterprise Manager [oracle_common]

– Oracle Access Manager with Database Policy Store – 11.1.1.3.0 [iam]

– Oracle WSM Policy Manager – 11.1.1.0 [oracle_common]

– Oracle JRF [oracle_common] (This should be selected automatically.)

Click Next

domain3 domain4

Enter following values.

Domain Name: IDMDomain

Domain location: /u03/fmw/IDMDomain/aserver

Application location: /u03/fmw/IDMDomain/aserver/applications

Click Next

domain5

Enter name “weblogic” and desired password. Click Next domain6

Select “Production Mode” and make sure correct JDK is selected. Click Next domain7

domain8

Make sure to change each username to FADB_ since we have modified the prefix earlier. Then select all checkboxes to apply same password. Enter database server details and click Next


domain9

 

click Next

domain10

Once connection test is successful, click Next domain11

Select “Administration Server” and “Managed servers, clusters and Machines”. Click Next domain12

Enter following values.

Name: AdminServer

Listen address: <hostname>

Listen Port: <7001>

We are not using SSL here so click Next

domain13

In the “Configure Managed Servers” screen enter following values.

wls_oam1 , <hostname>, 14100 (OAM Server)

wls_soa1, <hostname>, 8001 (SOA Server)

wls_oim1, <hostname>, 14000 (OIM Server)

Click Next

domain14

Click Next domain15

Since we are using Unix machine, we must delete this entry. Click Delete domain16

This tab should look like this. domain17

Click on “Unix Machine” tab and enter following values. And click Next

Name: <hostname>

Node Manager listen address: <hostname>

Node manager listen port: 5556

domain18

Select all managed servers on left side and click on right arrow to assign all servers to our single node. Click Next domain19

click Nextdomain20

Review the summary and click “Createdomain21

Once creation is complete, click Done

Prepare Admin server for startup without prompting password

[oracle@fa ~]$mkdir -p /u03/fmw/IDMDomain/aserver/IDMDomain/servers/AdminServer/security
[oracle@fa ~]$cd /u03/fmw/IDMDomain/aserver/IDMDomain/servers/AdminServer/security
[oracle@fa ~]$vi boot.properties

Enter following values and save the file

username=weblogic

password=oracle123 (or whichever password you chose)

Note: The username and password entries in the file are not encrypted until you start the Administration Server. For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, start the server as soon as possible so that the entries are encrypted.

Configure and start Node Manager

[oracle@fa security]$cd /u03/fmw/wlserver_10.3/server/bin
[oracle@fa bin]$nohup ./startNodeManager.sh &

INFO: Secure socket listener started on port 5556

Once you see the above message, node manager is able to start correctly.

Kill the node manager process.

[oracle@fa bin]$ ps -ef | grep Node
oracle 4613 4005 0 16:43 pts/3 00:00:00 /bin/sh ./startNodeManager.sh

[oracle@fa bin]$kill -9 4613

Set the node manager properties

[oracle@fa bin]$cd /u03/fmw/oracle_common/common/bin
[oracle@fa bin]$./setNMProps.sh
Appending required nodemanager.properties

To confirm the changes,
[oracle@fa bin]$tail -f /u03/fmw/wlserver_10.3/common/nodemanager/nodemanager.properties

#Required NM Property overrides (append to existing nodemanager.properties)

StartScriptEnabled=true

Start node manager in nohup mode so that it keeps running after you close the shell.
[oracle@fa bin]$cd /u03/fmw/wlserver_10.3/server/bin/
[oracle@fa bin]$nohup ./startNodeManager.sh &

To check the output
[oracle@fa bin]$tail -f nohup.out

Start Weblogic Admin server

[oracle@fa bin]$cd /u03/fmw/IDMDomain/aserver/IDMDomain/bin
[oracle@fa bin]$nohup ./startWebLogic.sh &
[oracle@fa bin]$tail -f nohup.out
Wait till you see this message.

<Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>

==========

Note: If you ever get error like

<Info> <Management> <BEA-141281> <unable to get file lock, will retry …>

Then do the following

Kill any running processes for startWeblogic.sh and then remove the lock files as follows.

[oracle@fa bin]$rm /u03/fmw/IDMDomain/aserver/IDMDomain/servers/AdminServer/tmp/AdminServer.lok

This error appears if you the admin server or managed server did not stop properly earlier.
==========

Make sure Admin server is started properly by launching the URL http://<hostname>:7001/console

wlshomepage

Login with “weblogic” user. wlshomepage1

Launch Enterprise Manager URL

http://<hostname>:7001/em

wlsem

Login with weblogic user wlsem1

click Continue

wlsem2

Setup Aliases

 Create a file named admin.conf at <web instance directory>/config/OHS/ohs1/moduleconf and enter following lines

[oracle@fa bin]$more /u03/fmw/webtier1/config/OHS/ohs1/moduleconf/admin.conf

# Admin Server and EM

<Location /console>

SetHandler weblogic-handler

WebLogicHost fa.fusionappsdba.com

WeblogicPort 7001

</Location>

<Location /consolehelp>

SetHandler weblogic-handler

WebLogicHost fa.fusionappsdba.com

WeblogicPort 7001

</Location>

<Location /em>

SetHandler weblogic-handler

WebLogicHost fa.fusionappsdba.com

WeblogicPort 7001

</Location>

Restart Web server

[oracle@fa bin]$/u03/fmw/webtier1/bin/opmnctl stopall
opmnctl stopall: stopping opmn and all managed processes…

[oracle@fa bin]$/u03/fmw/webtier1/bin/opmnctl startall
opmnctl startall: starting opmn and all managed processes…

Now you can launch the same URL using our main http port 8888

http://<hostname>:7777/console should open fine now

newwls

Register HTTP server with Enterprise Manager

[oracle@fa bin]$cd /u03/fmw/webtier1/bin/
[oracle@fa bin]$./opmnctl registerinstance -adminHost fa.fusionappsdba.com -adminport 7001 -adminUsername weblogic

Command requires login to weblogic admin server (fa.fusionappsdba.com):
Username: weblogic
Password:


Task 0 initiated: [Deployer:149026]deploy application NonJ2EEManagement [Version=11.1.1] on AdminServer.
Task 0 completed: [Deployer:149026]deploy application NonJ2EEManagement [Version=11.1.1] on AdminServer.
Target state: deploy completed on Server AdminServer

Done
Registering instance
Command succeeded.

Creating a Separate Domain Directory for Managed Servers in the Same Node as the Administration Server

 

[oracle@fa bin]$mkdir /u03/fmw/IDMDomain/mserver
[oracle@fa bin]$cd /u03/fmw/oracle_common/common/bin/
[oracle@fa bin]$./pack.sh -managed=true -domain=/u03/fmw/IDMDomain/aserver/IDMDomain -template=domaintemplate.jar -template_name=domain_template
<< read domain from “/u03/fmw/IDMDomain/aserver/IDMDomain”
>> succeed: read domain from “/u03/fmw/IDMDomain/aserver/IDMDomain”
<< set config option Managed to “true”
>> succeed: set config option Managed to “true”
<< write template to “/u03/fmw/oracle_common/common/bin/domaintemplate.jar”
……………………………………………………………………………………….
>> succeed: write template to “/u03/fmw/oracle_common/common/bin/domaintemplate.jar”
<< close template
>> succeed: close template

[oracle@fa bin]$./unpack.sh -domain=/u03/fmw/IDMDomain/mserver/IDMDomain -template=domaintemplate.jar -app_dir=/u03/fmw/IDMDomain/mserver/applications
<< read domain from “/u03/fmw/IDMDomain/aserver/IDMDomain”
>> succeed: read domain from “/u03/fmw/IDMDomain/aserver/IDMDomain”
<< set config option Managed to “true”
>> succeed: set config option Managed to “true”
<< write template to “/u03/fmw/oracle_common/common/bin/domaintemplate.jar”
……………………………………………………………………………………….
>> succeed: write template to “/u03/fmw/oracle_common/common/bin/domaintemplate.jar”
<< close template
>> succeed: close template
[oracle@fa bin]$ ./unpack.sh -domain=/u03/fmw/IDMDomain/mserver/IDMDomain -template=domaintemplate.jar -app_dir=/u03/fmw/IDMDomain/mserver/applications
<< read template from “/u03/fmw/oracle_common/common/bin/domaintemplate.jar”
>> succeed: read template from “/u03/fmw/oracle_common/common/bin/domaintemplate.jar”
<< set config option AppDir to “/u03/fmw/IDMDomain/mserver/applications”
>> succeed: set config option AppDir to “/u03/fmw/IDMDomain/mserver/applications”
<< set config option DomainName to “IDMDomain”
>> succeed: set config option DomainName to “IDMDomain”
<< write Domain to “/u03/fmw/IDMDomain/mserver/IDMDomain”
>> warning:write Domain to “/u03/fmw/IDMDomain/mserver/IDMDomain”
>> Server listen ports in your domain configuration conflict with ports in use by active processes on this host.
Port 7001 on AdminServer
…………………………………………………………………………………..
>> succeed: write Domain to “/u03/fmw/IDMDomain/mserver/IDMDomain”
<< close template
>> succeed: close template

Copy SOA Composites to Managed Server Directory

[oracle@fa bin]$cp -pr /u03/fmw/IDMDomain/aserver/IDMDomain/soa /u03/fmw/IDMDomain/mserver/IDMDomain/

Enable Weblogic Plugin

Open http://<hostname>:8888/console and login with weblogic user

 wlsplugin

Click Lock & Edit. Click on IDMDomain -> Configuration -> Web Applications

wlsplugin1

Scroll down and check “Weblogic Plugin Enabled” and click “Save“.

wlsplugin2

Click on Environment -> Servers -> AdminServer -> Protocols -> HTTP.

wlsplugin3

Change the Frontend port to 8888

wlsplugin4

Activate Changes

Removing IDM Domain Agent

In the Administration console, click on “Security Realms” -> myrealm -> Providers

removeIDM removeIDM1 removeIDM2

Select IAMSuiteAgent and click on Delete. removeIDM3

Activate Changes and Restart AdminServer.

Extend the Domain to include Oracle Internet Directory

Check the port 3060 is not being used by other process.

[oracle@fa bin]$netstat -an | grep “3060?

Start the configuration from <IDM_HOME>/bin

[oracle@fa bin]$cd /u03/fmw/idm/bin
[oracle@fa bin]$./config.sh &

OID1

Click Next OID2

Select “Configure Without A Domain” and click Next OID3

Instance Location: /u03/fmw/oid1

Instance Name: oid1

Click Next

OID4

Deselect checkbox and click Next OID5

Click Yes OID6

Select “Oracle Internet Directory” and click Next OID7

Select “Specify Ports using Configuration file”
Open a separate terminal and copy the staticports.ini file to home directory

[oracle@fa bin]$cp -p /u01/provisioning/idm/Disk1/stage/Response/staticports.ini /home/oracle

Click View/Edit File

OID8

Enter/uncomment Value for Non-SSL Port as 3060

And for SSL Port put value as 3061

Click Save

OID9

Click Next OID10

Enter database details and click Next OID11

Set Realm as the domain level DC (for example if domain is example.com then set dc=example, dc=com)

Here dc=fusionappsdba dc=com

Click Next

OID12

Review the summary and click Configure OID13

Once configuration completes, click Next OID14

Review the summary and click Finish

Validate OID

 

Nagulu Polagani

"We are all apprentices in a craft where no one ever becomes a master."