Oracle Identity Management


OIM helps organizations to effectively manage the end-to-end business lifecycle of user identities across all enterprise resources, both within and beyond the firewall and into the cloud. The OIM platform delivers scalable solutions for identity governance, access management and directory services. This modern platform helps organizations strengthen security, simplify compliance and capture business opportunities around mobile and social access.

Oracle Identity Management is part of Oracle Fusion Middleware family of products, which brings greater agility, better decision-making, and reduced cost and risk to diverse IT environments today. The list of products are under the identity management solution

Access Management

  • Oracle Access Manager
  • Oracle Mobile and Social Access Service OIM OAM installation
  • Oracle Identity Federation
  • Oracle Adaptive Access Manager
  • Oracle Entitlements Server
  • Oracle Web Services Manager
  • Oracle Security Token Service
  • Oracle Enterprise Gateway
  • Oracle Enterprise SSO Suite Plus

Identity Governance

  • Oracle Identity Manager
  • Oracle Identity Analytics
  • Oracle Privileged Account Manager

Directory Services

  • Oracle Unified Directory
  • Oracle Internet Directory
  • Oracle Virtual Directory
  • Oracle Directory Server Enterprise Edition
  • Oracle Authentication Services for Operating Systems

IDAM
OIM OAM Installation Step by Step

  1. Oracle Database Installation:
  • Navigate to Database installer and run the setup as shown in below screen shot.

            $ ./runInstaller

idamins002

idamins003

idamins004

idamins005

idamins005

idamins006

idamins007

idamins008

idamins009

idamins010

  • Run the scripts from the above mentioned location as root user.

idamins011

  • RCU installation.

idamins012

idamins013

idamins014

idamins015

idamins016

idamins017

idamins018

idamins019

idamins020

idamins021

idamins022
 

  • Java Installation:

            $ gunzip jdk-7u51-linux-x64.tar.gz
            $ tar -xvf jdk-7u51-linux-x64.tar

  • Weblogic installation:

            $ java -jar wls1036_generic.jar
 
idamins026

idamins027

idamins028

idamins029

idamins030

idamins031

idamins032

idamins033

idamins034

idamins035

idamins036

idamins037

idamins038

idamins039

idamins040

idamins041

idamins042

idamins043

idamins044

  • Ignored this error safely, becaulse it looks for exact old version of rpms, but in new OS new version of same rpms are already installed.

idamins045

idamins046

idamins047

idamins048

idamins049

idamins050

idamins051

idamins052

idamins053

idamins054

idamins055

idamins056

idamins057

idamins058

idamins059
 

This error is due to version conflict, it expects oim schema version 11.1.2.1.0.
But available is 11.1.2.0.0, we can check this using command in sql,
select * from schema_version_registry where owner=’DEV_OIM’;
 
idamins061

idamins062

idamins063

idamins064

idamins066

idamins067

idamins068

  • Creating the schema with version 11.1.2.1.0

            $ ./rcu: /u01/dump/rcuHome/jdk/jre/bin/java: /lib/ld-linux.so.2: bad ELF Interpret error:
            No such file or directory

  • Resolution :Install glibc.1686

                # yum install glibc.i686
                # yum install libXst-1.2.1-2.el6.i686.rpm

idamins072

idamins073

idamins074

idamins074-1

idamins075

idamins076

idamins077

idamins078

idamins079

idamins080

idamins081

idamins082

Error : RCU-6130: Action failed – RCU-6136:Error while trying to execute SQLPlus action.
Solution : install the missing RPM – libaio-0.3.107-10.el6.i686.rpm

  • Restart the RCU

idamins083

  • Now continuting with FMW configuration wizard

idamins084

idamins085

idamins086

idamins087

idamins088

idamins089

idamins090

idamins091

idamins091-1

idamins092

idamins093

idamins094

  • Next configure security store :

            $ pwd /u01/Oracle/Middleware/Oracle_IDM1/common/bin
            $ ./wlst.sh /u01/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py
            -d /u01/Oracle/Middleware/user_projects/domains/idam_domain -c IAM -p taitri -m create
            Where password = schemapassword.

idamins097

Next step : Configure OIM server
Before running OIM configuration wizard,
Edit nodemanager.properties to enable startscript& stop script

            $ vim nodemanager.properties
            $ pwd /u01/Oracle/Middleware/wlserver_10.3/commom/nodemanager

idamins099

Start node manager

            nohup /u01/Oracle/Middleware/wlserver_10.3/server/bin/startNodeManager.sh >
            /u01/logs/nm.out&

Create folder AdminServer/security under

            /u01/Oracle/Middleware/user_projects/domains/idam_domain/servers

Create boot.properties file under security folder & update with username=weblogic password=<weblogic password>

idamins100

Username :weblogic
Password :<weblogic password.>
Start Admin server:

            nohup /u01/oracle/Oracle/Middleware/user_projects/domains/idam_domain/startWebLogic.sh >
            /u01/logs/wl.out&

idamins101

Create folder soa_server1/security under
            /u01/Oracle/Middleware/user_projects/domains/idam_domain/servers

Create boot.properties file under security folder & update with username=weblogic password=<weblogic password>

Start SOA server :
            nohup /u01/Oracle/Middleware/user_projects/domains/idam_domain
            /bin/startManagedWebLogic.sh >nohup /u01/logs/soa.out&

idamins102

            $ pwd /u01/Oracle/Middleware/Oracle_IDM1/bin
            $ ./config.sh

Starting Fusion Middleware Configuration Wizard

idamins104

idamins105

idamins106

idamins107 idamins108

 

To workaround this issue:

Apply patch 16366204.

Start Admin and SOA Server.

Update the JpsContextNameMBean. To do so:

Login to Oracle Enterprise Manager.

On the left pane, expand Weblogic Domain.

Right-click WLS_DOMAIN, and select System MBeans Browser.

Go to Application Defined MBeans, com.oracle.sdp.messaging, Server: soa_server1, Application:usermessagingserver,SDPMessagingServerConfig, ServerConfig, JpsContextName.

Enter oim as the value, and click Apply.

Restart the SOA Server.

 

idamins109 idamins110 idamins111

  • Restart SOA server

Continue with IDM config wizard again.
idamins112

idamins113

idamins114

idamins115

idamins116

idamins117

  1. OIM Design Console StepsMake sure you have JRE (1.6 or higher) installed on machine on the machine, which you are planning to install/configure OIM design console (If you don’t have JRE 1.6 you can download standalone JRE from Sun/Oracle website or install WebLogic and use JRE shipped with WebLogic)
  2. Install Oracle Identity and Access Management 11.1.1.3 Software (This will create         filesystem for IDAM and ORACLE_HOME)

idamins118 idamins119

idamins120

idamins121

idamins122

idamins123

idamins124

3.Start $ORACLE_HOME/bin/config.bat , select OIM design Console

idamins125

idamins126

idamins127

idamins128

4.Enter OIM server hostname and port (default OIM server portis 14000. OIM server and WebLogic Admin Server should be running at this stage)

idamins129

idamins130

idamins131

  1. Create wlfullclient.jar on OIM server (Do this on OIM Server and NOT on OIM design console)

            – cd $MW_HOME\wlserver_10.3\server\lib
            – java -jar $MW_HOME/modules/com.bea.core.jarbuilder_1.5.0.0.jar
            (ensure that you have java 1.6 in classpath)
            $ echo $CLASSPATH :/u01/jdk1.7.0_51/jre/lib
            $ java -jar /u01/Oracle/Middleware/modules/com.bea.core 1.7.0.0.jar

6.Copy wlfullclient.jar from server to $ORACLE_HOME\designconsole\ext directory on Design Console Machine

idamins134

7.Start OIM design console from $ORACLE_HOME\designconsole\xlclient.cmd

idamins135

8.Login to Design Console using xelsysadm user

idamins136 idamins137

idamins138

Login Url’s
Weblogic,OIM and SOA URL’s
http://192.168.1.11:7001/console
Admin User: weblogic
http://192.168.1.11:7001/em
Admin User: weblogic
http://192.168.1.11:14000/identity
Admin User: xelsysadm
http://192.168.1.11:14000/syadmin
Admin User: xelsysadm
http://192.168.1.11:8001/soa-infra
Admin User: weblogic
http://192.168.1.11:8001/integration/worklistapp
Admin User: weblogic
http://192.168.1.11:8001/soa/composer
Admin User: weblogic
http://192.168.1.11:14000//SchedulerService-web/Login.jsp
Admin User: weblogic

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *