Lets start to learn and understand some components of Oracle Fusion Middleware. I have tried to lay down the steps required for installing & configuring Oracle Identity & Access Management Suite 11gr2.

I will try to make it as simple as I can however if there is any clarification you can email me at nazim.sk@gmail.com OR nazim.shaikh@onlinedbasupport.com

Below is the list of products required for IDM Setup.
1) Oracle DB
2) RCU
3) Weblogic
4) JDK
5) SOA Suite
6) OID/IDM
7) OAM
8) WebTier OHS
9) WebGate
10) OIM Connectors  — Optional can be downloaded later
11) Oracle Unified Directory — Optional can be downloaded later

Operating System – RHEL 5.8 x86-64 with 16 GB RAM and minimum i3 processor.

Download softwares from the link given below.

Oracle Database 11.2.0.1 –

http://download.oracle.com/otn/linux/oracle11g/R2/linux.x64_11gR2_database_1of2.zip
http://download.oracle.com/otn/linux/oracle11g/R2/linux.x64_11gR2_database_2of2.zip

SOA Suite 11.1.1.7.0 –

http://download.oracle.com/otn/nt/middleware/11g/111170/ofm_soa_generic_11.1.1.7.0_disk1_1of2.zip
http://download.oracle.com/otn/nt/middleware/11g/111170/ofm_soa_generic_11.1.1.7.0_disk1_2of2.zip

Oracle Identity Manager Connectors 11.1.2.2.0 –

https://edelivery.oracle.com/EPD/Download/process_download/V46670-01.zip?ile_id=72771919&aru=17914537&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V46670-01.zip

Oracle Unified Directory 11g 11.1.2.2.0 –

https://edelivery.oracle.com/EPD/Download/process_download/V43020-01.zip?ile_id=67310625&aru=17140821&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V43020-01.zip

Oracle Identity and Access Management 11g 11.1.2.2.0 –

https://edelivery.oracle.com/EPD/Download/process_download/V43017-01_1of2.zip?file_id=67310483&aru=17140818&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V43017-01_1of2.zip
https://edelivery.oracle.com/EPD/Download/process_download/V43017-01_2of2.zip?file_id=67310484&aru=17140818&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V43017-01_2of2.zip

Oracle Fusion Middleware Repository Creation Utility 11g 11.1.2.2.0 for Linux x86-64 –

https://edelivery.oracle.com/EPD/Download/process_download/V43024-01.zip?file_id=67310644&aru=17140825&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V43024-01.zip

Oracle Identity Management 11g Patch Set 6 (11.1.1.7.0) for Linux x86-64 –

https://edelivery.oracle.com/EPD/Download/process_download/V37386-01.zip?file_id=59444804&aru=16090986&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V37386-01.zip

Oracle Fusion Middleware Web Tier Utilities 11g Patch Set 6 (11.1.1.7.0) for Linux x86-64 –

https://edelivery.oracle.com/EPD/Download/process_download/V37384-01.zip?file_id=59444765&aru=16090978&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V37384-01.zip

Oracle WebLogic Server 11gR1 (10.3.6) Generic and Coherence –

https://edelivery.oracle.com/EPD/Download/process_download/V29856-01.zip?file_id=46448789&aru=14401412&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V29856-01.zip

Oracle Access Manager OHS 11g WebGates 11.1.2.2.0 –

https://edelivery.oracle.com/EPD/Download/process_download/V46372-01.zip?file_id=72386375&aru=17870946&userid=5865190&egroup_aru_number=15364661&country_id=634&patch_file=V46372-01.zip

———————————————————————————————————————

Lets start with Installing Oracle Database – 11.2.0.1

  1. Unzip the software to any location that has user privileges to run the setup (su – oracle)
  2. Start the Installer (runInstaller)
  3. Choose 1st option . Create and configure database. You can also choose Install database software only and later create a database using dbca.
  4. Choose System Class – Desktop / Server depending on your configuration. We chose Desktop
  5. Typical Install
  6. Provide Oracle base location,datafiles location,database name and password. Our DB Name is IDMDB
  7. Choose Characterset as UTF8 – Mandatory for IDM Setup

Post installation steps :

  1. Run root.sh as “root” user
  2. Prepare the database environment file
    export ORACLE_BASE=/u01/oracle
    export ORACLE_HOME=/u01/oracle/product/11.2.0.1
    export PATH=$PATH:$ORACLE_HOME/bin
    export ORACLE_SID=idmdb
    export TNS_ADMIN=$ORACLE_HOME/network/admin
  3. Tune the below parameters
    ALTER system SET processes=1000 scope=spfile;
    ALTER system SET sessions=1000 scope=spfile;
    ALTER system SET open_cursors=1000 scope=spfile;

Execute RCU – 11.1.2.2 to create repository for IDM,OIM and OAM.

  1. su – oraidm
  2. Unzip rcu software
  3. Run rcu setup (/u01/rcuHome/bin)  ./rcu
  4. Select create option
  5. Provide database credentials to establish a connection with the database server.
  6. From the selection component page, expand identity management and select OID,OIM, OAM. This will auto select other options as well (DEV_MDS,DEV_SOAINFRA,DEV_ORASDPM,DEV_IAU,DEV_OPSS)
  7. Set a password which will be used by these schemas. You can either provide separate passwords or same password to manage all.
  8. This will create the the schemas and corresponding tablespaces in the database.

Install Weblogic – 10.3.6

  1. Unzip custom JDK and set JAVA HOME.(File : jdk-6u45-linux-x64.bin)
    export JAVA_HOME=/u01/jdk1.6.0_45
    export PATH=$JAVA_HOME/bin:$PATH
  2. Install weblogic using custom jdk 64 bit
  3. java -jar wls1036_generic.jar OR java -jar d64 wls1036.jar (Linux) OR java -jar -D64 wls1036.jar (Windows)
  4. Set middleware home directory – /u01/weblogic/fmw – You can set this to any as long as user has a permission for read,write.
  5. Select I wish to remain uninformed about oracle updates and click on Yes-you may have to do this multiple times.
  6. Select Typical Install
  7. Installation will create following directories (/u01/weblogic/fmw/wlserver_10.3 and /u01/weblogic/fmw/coherence_3.7)
  8. Complete the installation

Install IDM – 11.1.1.7.0

  1. su – oraidm
  2. Unzip IDM software to any temp location
  3. Execute runInstaller (Disk1/runInstaller)
  4. Skip software updates
  5. Select ‘Install Software – Do Not Configure ‘
  6. Oracle Middleware Home – /u01/weblogic/fmw
  7. Oracle Home – Oracle_IDM1
  8. Click Install

Install OAM – 11.1.2.2.0

  1. su – oraidm
  2. Unzip OAM software to any temp location
  3. Execute runInstaller (Disk1/runInstaller), specify JRE location (/u01/jdk1.6.0_45)
  4. Skip software updates
  5. Oracle Middleware Home – /u01/weblogic/fmw
  6. Oracle Home – Oracle_IAM1
  7. Click Install

Install WebTier – 11.1.1.7.0

  1. su – oraidm
  2. Unzip WebTier OHS software to any temp location
  3. Execute runInstaller (Disk1/runInstaller)
  4. Skip software updates
  5. Select ‘Install Software – Do Not Configure ‘
  6. Oracle Middleware Home – /u01/weblogic/fmw
  7. Oracle Home – Oracle_WT1
  8. Click Install

Install WebGate – 11.1.2.2.0

  1. su – oraidm
  2. Unzip OAM WebGate software to any temp location
  3. Execute runInstaller (Disk1/runInstaller), specify JRE location (/u01/jdk1.6.0_45)
  4. Skip software updates
  5. Oracle Middleware Home – /u01/weblogic/fmw
  6. Oracle Home – Oracle_OAMWebGate1
  7. Click Install

Install SOA Suite – 11.1.1.7.0

  1. su – oraidm
  2. Unzip SOA Suite software to any temp location
  3. Execute runInstaller (Disk1/runInstaller), specify JRE location (/u01/jdk1.6.0_45)
  4. Skip software updates
  5. Oracle Middleware Home – /u01/weblogic/fmw
  6. Oracle Home – Oracle_SOA1
  7. Select Weblogic Server as the option
  8. Click Install

Apply Interim patches on SOA Suite

  1. Go to /u01/OAM_Soft/Disk1….OIM_11.1.2.2_SOAPS6_PREREQS.zip
  2. mkdir -p /u01/soa_patches
  3. unzip the patch from step 1 to the directory created in step 2
    [oraidm@egtapp02 soa_patches]$ unzip /u01/OAM_Soft/Disk1/OIM_11.1.2.2_SOAPS6_PREREQS.zip
    Archive:  /u01/OAM_Soft/Disk1/OIM_11.1.2.2_SOAPS6_PREREQS.zip
    creating: SOAPATCH/
    extracting: SOAPATCH/17418151.zip
    extracting: SOAPATCH/17988119.zip
    extracting: SOAPATCH/16170778.zip
    extracting: SOAPATCH/17610621.zip
    inflating: SOAPATCH/README.txt
    extracting: SOAPATCH/16024267.zip
    extracting: SOAPATCH/17538745.zip
    extracting: SOAPATCH/18011726.zip
    extracting: SOAPATCH/18011109.zip
    extracting: SOAPATCH/16535743.zip
    extracting: SOAPATCH/16899697.zip
    extracting: SOAPATCH/14126097.zip
  4. export ORACLE_HOME=/u01/weblogic/fmw/Oracle_SOA1
  5. export PATH=$ORACLE_HOME/OPatch:$PATH
  6. Go to the patch directory and apply the patch
    [oraidm@egtapp02 SOAPATCH]$ pwd
    /u01/soa_patches/SOAPATCH
    [oraidm@egtapp02 SOAPATCH]$ ls
    14126097.zip  16170778.zip  16899697.zip  17538745.zip  17988119.zip  18011726.zip
    16024267.zip  16535743.zip  17418151.zip  17610621.zip  18011109.zip  README.txt
  7. Apply the patch
    opatch napply
  8. Verify the patch
    <code>
    [oraidm@egtapp02 SOAPATCH]$ opatch lsinventory
    Oracle Interim Patch Installer version 11.1.0.9.9
    Copyright (c) 2012, Oracle Corporation.  All rights reserved.
    Oracle Home       : /u01/weblogic/fmw/Oracle_SOA1
    Central Inventory : /u01/oraInventory
    from           : /u01/weblogic/fmw/Oracle_SOA1/oraInst.loc
    OPatch version    : 11.1.0.9.9
    OUI version       : 11.1.0.9.0
    Log file location : /u01/weblogic/fmw/Oracle_SOA1/cfgtoollogs/opatch/opatch2014-11-18_13-10-04PM_1.log
    OPatch detects the Middleware Home as "/u01/weblogic/fmw"Lsinventory Output file location : /u01/weblogic/fmw/Oracle_SOA1/cfgtoollogs/opatch/lsinv/lsinventory2014-11-18_13-10-04PM.txt
    --------------------------------------------------------------------------------
    Installed Top-level Products (1):Oracle SOA Suite 11g                                                 11.1.1.7.0
    There are 1 products installed in this Oracle Home.
    Interim patches (11) :Patch  18011726     : applied on Tue Nov 18 13:09:48 AST 2014
    Unique Patch ID:  17116322
    Created on 29 Dec 2013, 19:17:47 hrs PST8PDT
    Bugs fixed:
    16305694, 16104851, 13684639, 16985247, 17180084, 17005588, 16824760
    17283663, 15870065, 17460621, 16363712Patch  18011109     : applied on Tue Nov 18 13:09:08 AST 2014
    Unique Patch ID:  17115629
    Created on 28 Dec 2013, 00:40:38 hrs PST8PDT
    Bugs fixed:
    17933421, 17191931Patch  17988119     : applied on Tue Nov 18 13:09:05 AST 2014
    Unique Patch ID:  17114873
    Created on 27 Dec 2013, 08:27:36 hrs PST8PDT
    Bugs fixed:
    17988119
    Patch  17610621     : applied on Tue Nov 18 13:08:59 AST 2014
    Unique Patch ID:  16927307
    Created on 28 Oct 2013, 14:58:58 hrs PST8PDT
    Bugs fixed:
    17610621
    Patch  17538745     : applied on Tue Nov 18 13:08:57 AST 2014
    Unique Patch ID:  16974898
    Created on 13 Nov 2013, 15:34:44 hrs PST8PDT
    Bugs fixed:
    17538745
    Patch  17418151     : applied on Tue Nov 18 13:08:55 AST 2014
    Unique Patch ID:  16769215
    Created on 6 Sep 2013, 13:53:05 hrs PST8PDT
    Bugs fixed:
    17418151
    Patch  16899697     : applied on Tue Nov 18 13:08:51 AST 2014
    Unique Patch ID:  16440766
    Created on 11 Jun 2013, 17:04:24 hrs US/Pacific
    Bugs fixed:
    16899697
    Patch  16535743     : applied on Tue Nov 18 13:08:44 AST 2014
    Unique Patch ID:  16399779
    Created on 28 May 2013, 02:41:34 hrs PST8PDT
    Bugs fixed:
    16535743
    Patch  16170778     : applied on Tue Nov 18 13:08:37 AST 2014
    Unique Patch ID:  16534730
    Created on 3 Jul 2013, 11:02:06 hrs PST8PDT
    Bugs fixed:
    16170778
    Patch  16024267     : applied on Tue Nov 18 13:08:33 AST 2014
    Unique Patch ID:  17017715
    Created on 28 Nov 2013, 04:10:28 hrs PST8PDT
    Bugs fixed:
    16024267
    Patch  14126097     : applied on Tue Nov 18 13:08:28 AST 2014
    Unique Patch ID:  16260496
    Created on 18 Apr 2013, 13:32:37 hrs PST8PDT
    Bugs fixed:
    14126097
    --------------------------------------------------------------------------------
    OPatch succeeded.

Creating Domains

  • Create IDM Domain
      1. su – oraidm
      2. Prepare IDM environment
        [oraidm@egtapp02 ~]$ cat oid.env
        export MW_HOME=/u01/weblogic/fmw
        export WL_HOME=$MW_HOME/wlserver_10.3
        export ORACLE_HOME=$MW_HOME/Oracle_IDM1
        export DOMAIN_HOME=$MW_HOME/user_projects/domains/IDMDomain
        export JAVA_HOME=/u01/jdk_soft/jdk1.6.0.45
        export ORACLE_INSTANCE=$MW_HOME/oid_ovd_instance1
        export PATH=$ORACLE_HOME/bin:$ORACLE_INSTANCE/bin:$ORACLE_HOME/OPatch:$PATH:
      3. Go to ORACLE_HOME/bin directory and execute config.sh

 

 

IDM_Domain1

 

 

 

 

 

IDM_D2

 

 

 

 

 

Provide Instance Location and Name : You can keep any name of the instance. Since this domain will be used for OID and OVD directory we have named it oid_ovd_instance1

IDM_D3

 

 

 

 

 

 

IDM_D4

 

 

 

 

 

Create custom staticports.ini file same as below and place it under any temp location. You can change the port numbers if required or keep it same.

[DOMAIN]
#This port indicates the Domain port number
Domain Port No = 7002
Node Manager Port No = 5556
########################Begin section for ovd1 ################################
#This port numbers will be considered only if OVD is selected for configuration
#######################################################################################
[OVD]
#The HTTP Admin port for OVD
Oracle Virtual Directory Port No for HTTP Admin = 8899
#The SSL LDAP port for OVD
Oracle Virtual Directory (SSL) Port No for LDAP = 6052
#The Non-SSL LDAP port for OVD
Oracle Virtual Directory (Non-SSL) Port No for LDAP = 6051
#The HTTP Web Gateway port for OVD
Oracle Virtual Directory Port No for HTTP Web Gateway = 2223
########################Begin section for oid1 ################################
#This port numbers will be considered only if OID is selected for configuration
#######################################################################################
[OID]
#The Non-SSL port for OID
Oracle Internet Directory Port No = 3060
#The SSL port for OID
Oracle Internet Directory (SSL) Port No = 3061
########################Begin section for emAgent ################################
#This port numbers will be considered only if EM is selected for configuration
#######################################################################################
[EMAGENT]
#The port for EM Agent port
Oracle EM Agent Port No = 5162
########################Begin section for ods ################################
#This port numbers will be considered if ODSM or DIP or both are selected for configuration
#######################################################################################
[ODS]
#The port for ODSM Server port
ODS Server Port No = 7005
########################Begin section for opmn ################################
#This port numbers will be considered for OPMN configuration
#######################################################################################
[OPMN]
#The Local port for OPMN
OPMN Local Port No = 6800
#The Remote port for OPMN
OPMN Remote Port No = 6801
#The Request port for OPMN
OPMN Request Port No = 6802

 

IDM_D5

 

 

 

 

 

 

Directory Services have different names in different products.

OVD – uses Name Space
OID – uses Realm Name
OUD – uses Base DN
We will use OVD in this configuration and hence will use a default name space as “ovd”.

Oracle Virtual Directory is an LDAP service that provides a single, abstracted view of enterprise directory servers and databases from a variety of vendors. Oracle Virtual Directory can serve as a single source of truth in an environment with multiple data sources.

Oracle Internet Directory  is a specialized database that stores and retrieves collections of information about objects.Associated with each entry is a number of attributes, each of which may have one or more values assigned. For example, typical attributes for a person entry might include first and last names, e-mail addresses, the address of a preferred mail server, passwords or other login credentials, or a digitized portrait.

For us domain component’ “dc” becomes “ovd” and other dc is local depending on our current domain structure in the organization.
If your domain contains .com then your dc will look like “dc=ovd,dc=com”
Container “cn=orcladmin”  is the super user to manage OID and OVD.

OVD does not hold any user information instead it keeps the metadata information of the users received from different vendors(AD,Legacy Systems,OUD etc) and passes it to OID.

IDM_D6

 

 

 

 

 

 

As we know that OVD passes the information to OID, by default this screen will have dc=[your_domain_name],dc=com/local. Our domain is = ods.local however we have given dc=oid to keep it simple to understand.

IDM_D8

 

 

 

 

 

 

IDM_D9

 

 

 

 

 

 

IDM_D10

 

 

 

 

 

 

Verify the result : Login to web logic console to verify domain (Admin Server & a Managed Server) created during domain installation process
URL- http://hostname:port/console

IDM_D12

 

 

 

 

 

Below screenshot shows the 2 server’s created during domain creation process.

  • Admin Server – Domains include a special WebLogic Server instance called the Administration Server, which is the central point from which you configure and manage all resources in the domain
  • WLS_ODS1 Server – In a domain, server instances other than the Administration Server are referred to as Managed Servers. Managed Servers host the components and associated resources that constitute an application.WLS_ODS1 server manages our directory server (ODSM).

IDM_D13_1

 

 

 

 

Verify OPMN processes which will start your background processes of OID & OVD.

cd /u01/weblogic/fmw/Oracle_IDM1/bin
opmnctl status -l

To start and opmn process execute the below commands

opmnctl startall
opmnctl stopall

As u see in the below screen shot there are 5 processes running OVD,3 OID and 1 EM).
OVD is your virtual directory running on LDAP port 6051,6052, https : 8899
OID is an internal directory running on LDAP port 3061,3060. oidmon is the process which monitors the connections and assigns the work to these 2 oid processes (oid1) which will spawn other processes.

OPMN_Status

 

 

Creating OID/OVD connections

Connect to Directory services and check the default user and group information

IDM_D11
ODSM_1

 

 

Give any name to the connection, server – server where IDM is installed or hosted, port – LDAP port 3060, User – orcladmin which is the super user for OID,OVD.

ODSM_2
ODSM_3

 

 

 

 

 

Go to Data Browser TAB and chec k the dc we have created during domain creation “dc=local”,”dc=oid” which contains user and group information
ODSM_4

 

 

 

 

 

Log out and create a connection for OVD, port use https port i.e 8899

ODSM_OVD

 

 

 

 

 

 

ODSM_OVD1

 

 

 

 

 

ODSM_OVD2

 

 

 

 

Create an adapter for OID. OVD  has a capability of creating adapters for multiple systems (OID,AD,EBS Database,Legacy Systems). OIM/OAM has a limitation of connecting to one directory server only. Lets think of a scenario where we have Oracle EBS,Active Directory to be synced with each other. In this case we will have OID to connect with these 2 systems and store user information in the identity store. Suppose we have a third party application ie. Mircosoft SQL server,MY SQL,IDM DB and getting user information is a challenge through OID, so OVD here can create an adapter with these legacy systems and pass on the data to OID.

OVD is only a virtual directory server and does not hold any information, it is only a pointer to the data source where the user actually resides(DB,AD,Legacy) and passes the info to OID.

Below we will create an LDAP adapter for OID.

ODSM_OVD3

 

 

 

 

 

 

ODSM_Adapter

 

 

 

 

 

 

 

 

ODSM_Adapter1

 

 

 

 

 

 

ODSM_Adapter2

 

 

 

 

 

 

 

 

 

ODSM_Adapter3

 

 

 

 

 

Click on the home page to see adapter information.

ODSM_Adapter4

 

 

 

 

Extend the following schemas for OID,OIM and OAM required during integration processes. Extension will bring additional Attributes and Object class files in OID,OIM & OAM which are by default missing when we install these components.

Extend_Schema

 

 

 

 

 

 

 

Create a properties file for extending OID schema

Extend OID Schema
su – oraidm

mkdir -p /home/oraidm/extend_schema
vi extend_oid.props
IDSTORE_HOST :egtapp02.ods.local
IDSTORE_PORT :3060
IDSTORE_BINDDN: cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=oid,dc=local
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=oid,dc=local
IDSTORE_SEARCHBASE: dc=oid,dc=local
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=oid,dc=local
[oraidm@egtapp02 extend_schem]$

Set the environment

export MW_HOME=/u01/weblogic/fmw/
export JAVA_HOME=/u01/jdk_soft/jdk1.6.0_45
export PATH=$JAVA_HOME/bin:$PATH
export ORACLE_HOME=/u01/weblogic/fmw/Oracle_IAM1
export IDM_HOME=/u01/weblogic/fmw/Oracle_IDM1

Go to Oracle IAM home and run the configuration tool to extend the schema. You need to supply password for “orcladmin” user.
./idmConfigTool.sh -preConfigIDStore input_file/home/oraidm/extend_schema/extend_oid.props

./idmConfigTool.sh -preConfigIDStore input_file/home/oraidm/extend_schema/extend_oid.props
Enter ID Store Bind DN password :
Nov 23, 2014 11:43:02 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: - LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/idm_idstore_groups_template.ldif
Nov 23, 2014 11:43:02 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/idm_idstore_groups_acl_template.ldif
Nov 23, 2014 11:43:03 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/systemid_pwdpolicy.ldif
Nov 23, 2014 11:43:03 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/idstore_tuning.ldif
Nov 23, 2014 11:43:03 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oid_schema_extn.ldif
Nov 23, 2014 11:43:05 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/oam/server/oim-intg/ldif/oid/schema/OID_oblix_pwd_schema_add.ldif
Nov 23, 2014 11:43:05 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/oam/server/oim-intg/ldif/oid/schema/OID_oim_pwd_schema_add.ldif
Nov 23, 2014 11:43:05 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/oam/server/oim-intg/ldif/oid/schema/OID_oblix_schema_add.ldif
Nov 23, 2014 11:43:22 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/oam/server/oim-intg/ldif/oid/schema/OID_oblix_schema_index_add.ldif
Nov 23, 2014 11:50:14 AM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/fa_pwdpolicy.ldif
The tool has completed its operation. Details have been logged to automation.log

Extend schema for OIM
su – oraidm

cd /home/oraidm/extend_schema
vi extend_oim.props
IDSTORE_HOST : egtapp02.ods.local
IDSTORE_PORT : 3060
IDSTORE_BINDDN : cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE:cn=Users,dc=oid,dc=local
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=oid,dc=local
IDSTORE_SEARCHBASE: dc=oid,dc=local
POLICYSTORE_SHARES_IDSTORE: true
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=oid,dc=local
IDSTORE_OIMADMINUSER: oimadmin
IDSTORE_OIMADMINGROUP:OIMAdministrators

./idmConfigTool.sh -prepareIDStore mode=OIM input_file=/home/oraidm/extend_schema/extend_oim.props

This will create OIM specific users and XELSYSADMIN super user to manage OIM.
[oraidm@egtapp02 bin]$ ./idmConfigTool.sh -prepareIDStore mode=OIM input_file=/home/oraidm/extend_schema/extend_oim.props
Enter ID Store Bind DN password :
*** Creation of oimadmin ***
Nov 23, 2014 1:44:25 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_user_template.ldif
Enter User Password for oimadmin:
Confirm User Password for oimadmin:
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_group_template.ldif
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/oim_group_member_template.ldif
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_groups_acl_template.ldif
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_reserve_template.ldif
*** Creation of Xel Sys Admin User ***
Nov 23, 2014 1:44:49 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/idm_xelsysadmin_user.ldif
Enter User Password for xelsysadm:
Confirm User Password for xelsysadm:
The tool has completed its operation. Details have been logged to automation.log

extend_oim_schema

 

 

 

 

 

Extend OAM Schema
su – oraidm

vi extend_oam.rsp
IDSTORE_HOST : egtapp02.ods.local
IDSTORE_PORT : 3060
IDSTORE_BINDDN : cn=orcladmin
IDSTORE_USERNAMEATTRIBUTE: cn
IDSTORE_LOGINATTRIBUTE: uid
IDSTORE_USERSEARCHBASE: cn=Users,dc=oid,dc=local
IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=oid,dc=local
IDSTORE_SEARCHBASE: dc=oid,dc=local
IDSTORE_SYSTEMIDBASE: cn=systemids,dc=oid,dc=local
POLICYSTORE_SHARES_IDSTORE: true
OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators
IDSTORE_OAMSOFTWAREUSER:oamLDAP
IDSTORE_OAMADMINUSER:oamadmin

./idmConfigTool.sh -prepareIDStore mode=OAM input_file=/home/oraidm/extend_schema/extend_oam.rsp

This will create OAMADMIN user which will be a superuser for OAM.

[oraidm@egtapp02 bin]$ ./idmConfigTool.sh -prepareIDStore mode=OAM input_file=/home/oraidm/extend_schema/extend_oam.rsp
Enter ID Store Bind DN password :
*** Creation of Oblix Anonymous User ***
Nov 23, 2014 2:06:43 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_10g_anonymous_user_template.ldif
Enter User Password for oblixanonymous:
Confirm User Password for oblixanonymous:
*** Creation of oamadmin ***
Nov 23, 2014 2:07:22 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_user_template.ldif
Enter User Password for oamadmin:
Confirm User Password for oamadmin:
*** Creation of oamLDAP ***
Nov 23, 2014 2:07:28 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_user_template.ldif
Enter User Password for oamLDAP:
Confirm User Password for oamLDAP:
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/oam_user_group_read_acl_template.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oim_group_template.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/oam_group_member_template.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/oam_group_member_template.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_user_write_acl.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_config_acl.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oid_schemaadmin.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/fa_add_pwdpolicy.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/fa_add_pwdpolicy.ldif
Nov 23, 2014 2:07:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/esso_schema_extn.ldif
*** Creation of CO ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/orgunit_template.ldif
*** Creation of People ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/orgunit_template.ldif
*** Creation of vgoLocator ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/common/orgunit_template.ldif
*** Creation of CO ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_group_acl_template.ldif
*** Creation of People ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_group_acl_template.ldif
*** Creation of vgoLocator ***
Nov 23, 2014 2:07:40 PM oracle.ldap.util.LDIFLoader loadOneLdifFile
INFO: -&gt; LOADING: /u01/weblogic/fmw/Oracle_IAM1/idmtools/templates/oid/oam_group_acl_template.ldif
The tool has completed its operation. Details have been logged to automation.log

extend_oam_schema

 

 

 

 

 

 

Creating OAM,OIM and SOA server domains

su – oraidm
cd /u01/weblogic/fmw/oracle_common/common/bin
./config.sh

 

OAM_D1

OAM_D2

OAM_D3

 

 

 

 

 

 

 

 

 

 

 

OAM_D5

 

 

 

 

 

OAM_D6

 

 

 

 

 

 

OAM_D7

 

 

 

 

 

 

OAM_D8

 

 

 

 

 

OAM_D9

 

 

 

 

OAM_D10

 

 

 

 

 

OAM_D11

 

 

 

OAM_D12

 

 

 

 

OAM_D13

 

 

 

 

 

Configure Security Store for OAM Domain to Database – This is specific to 11gr2 Patchset 2

  • Upgrade OPSS schema
    su – oraidm
    cd /u01/weblogic/fmw/oracle_common/bin
    ./psa
  • OPSS_Upgrade

 

 

 

 

OPSS_Upgrade1

 

 

 

 

OPSS_Upgrade2

 

 

 

OPSS_Upgrade3

 

 

 

 

OPSS_Upgrade4

 

 

 

OPSS_Upgrade5

 

 

 

 

Create DB security store – Mandatory step to start Admin Server for OAM,OIM & SOA server.
[oraidm@egtapp02 bin]$ ./wlst.sh /u01/weblogic/fmw/Oracle_IAM1/common/tools/configureSecurityStore.py -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/ -c IAM -m create -p oracle123

[oraidm@egtapp02 bin]$ ./wlst.sh /u01/weblogic/fmw/Oracle_IAM1/common/tools/configureSecurityStore.py -d /u01/weblogic/fmw/user_projects/domains/IAMDomain/ -c IAM -m create -p oracle123

CLASSPATH=/u01/weblogic/fmw/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/weblogic/fmw/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u01/jdk_soft/jdk1.6.0_45/lib/tools.jar:/u01/weblogic/fmw/wlserver_10.3/server/lib/weblogic_sp.jar:/u01/weblogic/fmw/wlserver_10.3/server/lib/weblogic.jar:/u01/weblogic/fmw/modules/features/weblogic.server.modules_10.3.6.0.jar:/u01/weblogic/fmw/wlserver_10.3/server/lib/webservices.jar:/u01/weblogic/fmw/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/u01/weblogic/fmw/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/u01/weblogic/fmw/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/u01/weblogic/fmw/oracle_common/common/wlst/lib/adfscripting.jar:/u01/weblogic/fmw/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/lib/mdswlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/auditwlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/igfwlsthelp.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/jps-wlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/jps-wls-trustprovider.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/jrf-wlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/oamap_help.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/ossoiap_help.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/ossoiap.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/sslconfigwlst.jar:/u01/weblogic/fmw/oracle_common/common/wlst/resources/wsm-wlst.jar:/u01/weblogic/fmw/utils/config/10.3/config-launch.jar::/u01/weblogic/fmw/wlserver_10.3/common/derby/lib/derbynet.jar:/u01/weblogic/fmw/wlserver_10.3/common/derby/lib/derbyclient.jar:/u01/weblogic/fmw/wlserver_10.3/common/derby/lib/derbytools.jar::

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Info: Data source is: opss-DBDS
Info: DB JDBC driver: oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@egtodb02.ods.local:1521/idmdb
Connected:oracle.jdbc.driver.T4CConnection@1359c03a
Disconnect:oracle.jdbc.driver.T4CConnection@1359c03a
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
Nov 23, 2014 3:31:22 PM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator schemaCompatibleHandler
INFO: Credential store schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Nov 23, 2014 3:31:26 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data in progress.....
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done
Nov 23, 2014 3:31:27 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:00
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
Nov 23, 2014 3:31:27 PM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler
INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Nov 23, 2014 3:31:29 PM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler
INFO: Policy schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Nov 23, 2014 3:31:26 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data in progress.....
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done
Nov 23, 2014 3:31:27 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:00
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
Nov 23, 2014 3:31:27 PM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler
INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Nov 23, 2014 3:31:29 PM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler
INFO: Policy schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
WLS ManagedService is not up running. Fall back to use system properties for configuration.
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData
INFO: Migration of Admin Role Members started
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] migrateData - done
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData
INFO: Migration of Admin Role Members completed in 00:00:00
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator schemaCompatibleHandler
INFO: Audit store schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.audit.AuditServiceImpl registerInternal
WARNING: Cannot register to audit service for component "JPS".
Nov 23, 2014 3:31:38 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData
INFO: Migration of Audit Store data in progress.....
Nov 23, 2014 3:32:26 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData
INFO: Migration of Audit Store data completed, Time taken for migration is 00:00:47
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done
persist to output: /u01/weblogic/fmw/user_projects/domains/IAMDomain/config/fmwconfig - done
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
persist to output: /u01/weblogic/fmw/user_projects/domains/IAMDomain/config/fmwconfig - done
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
Using default context in /u01/weblogic/fmw/user_projects/domains/IAMDomain/config/fmwconfig/jps-config-migration.xml file for credential store.
Credential store location : jdbc:oracle:thin:@egtodb02.qia.local:1521/idmdb.qia.local
Credential with map Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully!
Credential for map Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is:
GenericCredential
Info: diagnostic credential created in the credential store.
Info: Create operation has completed successfully.

Lets see the procedure to start and stop all the services involved in the process of this installation.
Follow the steps give below to successfully start services for each domain

  1. Start DB and Listener
  2. Start ovd and oid instance
  3. Start Weblogic(IDM Domain)
  4. Start Managed server(ODSM)
  5. Start Admin server(IAM Domain)
  6. Start Managed server (OIM,OAM,SOA)

To start Admin and managed servers create boot.properties and place them under the directories as shown below

mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/AdminServer/security
mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/oim_server1/security
mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/oam_server1/security
mkdir -p /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/soa_server1/security
cd /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/AdminServer/security
vi boot.properties
username=weblogic
password=vfr4bgt5

Create boot.properties file under IDMDomain Admin and managed serve

cd /u01/weblogic/fmw/user_projects/domains/IDMDomain/servers/AdminServer/security
vi boot.properties
username=weblogic
password=vfr4bgt5

Copy this file to other managed servers security folder.

cp -r boot.properties /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/oim_server1/security/
cp -r boot.properties /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/oam_server1/security/
cp -r boot.properties /u01/weblogic/fmw/user_projects/domains/IAMDomain/servers/soa_server1/security/
cp -r boot.properties /u01/weblogic/fmw/user_projects/domains/IDMDomain/servers/wls_ods1/security

Starting OVD/OID instance

su - oraidm
/u01/weblogic/fmw/Oracle_IDM1/bin
$opmnctl startall
$opmnctl status -l

Processes in Instance: oid_ovd_instance1
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ias-component | process-type | pid | status | uid | memused | uptime | ports
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ovd1 | OVD | 8748 | Alive | 788277692 | 738084 | 0:00:59 | ldaps:6052,https:8899,ldap:6051
oid1 | oidldapd | 8840 | Alive | 788277694 | 770852 | 0:00:56 | N/A
oid1 | oidldapd | 8804 | Alive | 788277693 | 288672 | 0:00:58 | N/A
oid1 | oidmon | 8746 | Alive | 788277691 | 302060 | 0:00:59 | LDAPS:3061,LDAP:3060
EMAGENT | EMAGENT | 8747 | Alive | 788277690 | 63836 | 0:00:59 | N/A

Start Admin and managed server for IDM Domain

[oraidm@egtapp02 bin]$ pwd
/u01/weblogic/fmw/user_projects/domains/IDMDomain/bin
[oraidm@egtapp02 bin]$ ls
nodemanager server_migration setDomainEnv.sh startWebLogic.sh stopWebLogic.sh
secureWebLogic.sh service_migration startManagedWebLogic.sh stopManagedWebLogic.sh
[oraidm@egtapp02 bin]$ nohup ./startWebLogic.sh &amp;
[1] 9288
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'

Check the status of the service in nohup.out file. It should show RUNNING state.

[oraidm@egtapp02 bin]$ tail -f nohup.out

Nov 24, 2014 9:20:00 AM oracle.ods.virtualization.engine.util.VDELogger info
INFO: Notification sent for Mapping config object reloaded

|
|
|

&lt;Channel "Default[2]" is now listening on 127.0.0.1:7002 for protocols iiop, t3, ldap, snmp, http.&gt;
&lt;Channel "Default" is now listening on 192.168.1.109:7002 for protocols iiop, t3, ldap, snmp, http.&gt;
&lt;Channel "Default[3]" is now listening on 0:0:0:0:0:0:0:1:7002 for protocols iiop, t3, ldap, snmp, http.&gt;
&lt;Channel "Default[1]" is now listening on fe80:0:0:0:7ae7:d1ff:fedf:f2b2:7002 for protocols iiop, t3, ldap, snmp, http.&gt;

Start ODSM managed server “WLS_ODS1”

[oraidm@egtapp02 bin]$ nohup ./startManagedWebLogic.sh wls_ods1 &
[2] 9666
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'

|
|
|
Started: ADF Library non-ADFJspResourceProvider post-deployment
Finished: ADF Library non-ADFJspResourceProvider post-deployment (millis): 5

&lt;Channel "Default" is now listening on 192.168.1.109:7005 for protocols iiop, t3, ldap, snmp, http.&gt;

Start Admin server for IAM Domain

/u01/weblogic/fmw/user_projects/domains/IAMDomain/bin
[oraidm@egtapp02 bin]$ ls
nodemanager server_migration setDomainEnv.sh setSOADomainEnv.sh startWebLogic.sh stopWebLogic.sh
secureWebLogic.sh service_migration setOIMDomainEnv.sh startManagedWebLogic.sh stopManagedWebLogic.sh
[oraidm@egtapp02 bin]$ nohup ./startWebLogic.sh &
[1] 10016
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'

Check the status of weblogic service in nohup.out, it should show RUNNIN state.
Start managed server for SOA

[oraidm@egtapp02 bin]$ nohup ./startManagedWebLogic.sh soa_server1 &
[2] 10570
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'

Check the status in nohup.out, it should show RUNNIN state.
Login to the console and check the server status. We have still not started OAM/OIM managed servers. It will be started after we configure OIM.
http://egtapp02:7001/console

Now we will configure OIM server and enable LDAP sync. Enabling LDAP sync, we will integrate OIM with OVD/OID instance.

Configure OIM server

Go to Oracle_IAM home and run config.sh script

OIM1

 

 

 

 

 

 

 

OIM2

 

 

 

 

 

OIM3

 

 

 

 

 

 

 

OIM4

 

 

 

 

 

 

OIM5

 

 

 

 

 

 

OIM6

 

 

 

 

 

 

 

OIM7

 

 

 

 

 

 

OIM8

 

 

 

 

 

 

OIM9

 

 

 

 

 

 

OIM10

 

 

 

 

 

 

OIM11

 

 

 

 

 

 

We will start OIM server now.

[oraidm@egtapp02 bin]$ pwd
/u01/weblogic/fmw/user_projects/domains/IAMDomain/bin
[oraidm@egtapp02 bin]$ nohup ./startManagedWebLogic.sh oim_server1 &amp;
[3] 13160
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'

Check the status

tail -f nohup.out
Channel "Default" is now listening on 192.168.1.109:14000 for protocols iiop, t3, ldap, snmp, http.&gt;
<Nov 24, 2014 12:00:34 PM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Nov 24, 2014 12:00:34 PM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Nov 24, 2014 12:00:35 PM AST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 192.168.1.109:14000 for protocols iiop, t3, ldap, snmp, http.>
<Nov 24, 2014 12:00:35 PM AST> <Notice> <WebLogicServer> <BEA-000330> <Started WebLogic Managed Server "oim_server1" for domain "IAMDomain" running in Production Mode>
<Nov 24, 2014 12:00:36 PM AST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Nov 24, 2014 12:00:36 PM AST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>

Start oam managed server. In order to start OAM managed service, start node manager first.

[oraidm@egtapp02 bin]$ pwd
/u01/weblogic/fmw/wlserver_10.3/server/bin
[oraidm@egtapp02 bin]$ nohup ./startNodeManager.sh &amp;
[4] 13985
[oraidm@egtapp02 bin]$ nohup: appending output to `nohup.out'
[oraidm@egtapp02 bin]$ tail -f nohup.out
StateCheckInterval=500
UseMACBroadcast=false
DomainRegistrationEnabled=false
DomainsDirRemoteSharingEnabled=false
Domain name mappings:
IDMDomain -&gt; /u01/weblogic/fmw/user_projects/domains/IDMDomain
IAMDomain -&gt; /u01/weblogic/fmw/user_projects/domains/IAMDomain
Nov 24, 2014 12:18:54 PM weblogic.nodemanager.server.SSLListener run
INFO: Secure socket listener started on port 5556

Now start OAM managed server either from Front end or command line.

oam_managed_service

 

 

 

 

 

oam_managed_service1

 

 

 

oam_managed_service2

 

 

 

 

 

 

In the next section we will see how to use OIM and integrate with EBS. Later we will integrate OIM with EBS and Active Directory.

Share →
4 comments
CB Singh
CB Singh

When Running the "LDAP Connector OU Lookup Reconciliation" job then getting below error-

org.identityconnectors.framework.common.exceptions.ConnectorException: No attribute named entryUUID found in entry

Please help if any idea about this error.

ibrahimkhan1910
ibrahimkhan1910

Hi,


When are you going to integrate this with EBS..

I am waiting since a while now

hidme
hidme

This is very helpfule instruction that solved my problem that I strugled a couple of months.

systemsplususa
systemsplususa

Clear step by step explanation of oracle installation and configuration. Thanks.

Skip to toolbar