You are here:>>>How To Install And Configure Oracle Identity & Access Management 11.1.2.3

How To Install And Configure Oracle Identity & Access Management 11.1.2.3

Video Tutorial

In this post I will show you how to install Oracle Identity & Access Management 11.1.2.3 and configure Oracle Access Manager and Oracle Identity Manager on Oracle Linux 6.7.

Please watch the video for detailed explanation and demo of installation and configuration steps.

My Environment

  • Oracle Linux 6.7 Virtual Machine
  • Java Development Kit 1.7
  • Oracle Database 11.2.0.4
  • Oracle Weblogic Server 10.3.6
  • Oracle SOA Suite 11.1.1.9
  • Oracle Identity & Access Management 11.1.2.3
  • Repository Creation Utility 11.1.1.9
  • Oracle Unified Directory (This is optional and required only if you want to integrate OAM & OIM with LDAP. You can use any LDAP of your choice)

Software Required

  • ofm_iam_generic_11.1.2.3.0_disk1_1of3.zip
  • ofm_iam_generic_11.1.2.3.0_disk1_2of3.zip
  • ofm_iam_generic_11.1.2.3.0_disk1_3of3.zip
  • ofm_rcu_linux_11.1.1.9.0_64_disk1_1of1.zip
  • wls1036_generic.jar
  • SOA_p20995651_111190_Generic_1of2.zip
  • SOA_p20995651_111190_Generic_2of2.zip

Architecture Diagram

OS Prerequisites

  • binutils-2.20.51.0.2-5.11.el6-x86_64
  • compat-libcap1-1.10-1-x86_64
  • compat-libstdc++-33-3.2.3-69.el6-x86_64
  • compat-libstdc++-33-3.2.3-69.el6-i686
  • libgcc-4.4.4-13.el6-i686
  • libgcc-4.4.4-13.el6-x86_64
  • libstdc++-4.4.4-13.el6-x86_64
  • libstdc++-4.4.4-13.el6-i686
  • libstdc++-devel-4.4.4-13.el6-x86_64
  • sysstat-9.0.4-11.el6-x86_64
  • gcc-4.4.4-13.el6-x86_64
  • gcc-c++-4.4.4-13.el6-x86_64
  • glibc-2.12-1.7.el6-i686
  • glibc-2.12-1.7.el6-x86_64
  • glibc-devel-2.12-1.7.el6-x86_64
  • glibc-devel-2.12-1.7.el6
  • libaio-0.3.107-10.el6-x86_64
  • libaio-devel-0.3.107-10.el6-x86_64

OIAM Repository Creation

  • Navigate to RCU extracted directory and execute rcu

  • Click Next on the welcome screen
  • Select Create and click Next
  • Provide Database details and click Next
  • Make sure database prerequisites are met and click Next
  • Provide prefix and select below schema and click Next
    • Oracle Identity Manager
    • Oracle Access Manager
    • Oracle Mobile Security Manager
  • Below schema will be selected automatically
    • Metadata Services
    • Audit Services
    • Oracle Platform Security Services
    • Business Intelligence Platform
    • SOA Infrastructure
    • User Messaging Service
  • Make sure component specific prerequisites are met and click Next
  • Provide password for the schema and click Next
  • Verify the tablespaces and click Next
  • Click OK on confirmation screen
  • Make sure tablespace creation is successful and click Next
  • Click Create on the summary screen
  • Repository creation progress
  • Make sure the status of all schema is Success and click close
  • OIAM repository creation is now complete

Oracle Weblogic Server Installation

  • We need to create a Middleware home before installing SOA and OIAM. Please go through below screenshots for Oracle Weblogic Server installation steps
  • My Middleware home is /u01/app/oracle/product/fmw
  • Navigate to Oracle Weblogic Server software directory and execute below command. make sure JAVA environment is set correctly.

Oracle SOA Suite Installation

SOA Suite is required only if you are using Oracle Identity Manager. OIM uses SOA to process workflows related to approvals of various OIM requests.

  • Navigate to Disk1 of extracted SOA software directory and execute the installer along with JRE location

  • Click Next on the welcome screen
  • Skip software updates and click Next
  • Make sure the prerequisites are met and click Next
  • Provide Middleware Home, SOA Oracle Home and click Next
    • Middleware Home : /u01/app/oracle/product/fmw
    • Oracle Home : Oracle_SOA
  • Select Weblogic Server and click Next
  • Click Install on the summary screen
  • Click Next when the installation progress reaches 100%
  • Click Finish on the installation complete screen

Oracle Identity & Access Management Installation

  • Navigate to Disk1 of extracted OIAM software directory and execute the installer along with JRE location

  • Click Next on the welcome screen
  • Skip software updates and click Next
  • Make sure the prerequisites are met and click Next
  • Provide Middleware Home, OIAM Oracle Home and click Next
    • Middleware Home : /u01/app/oracle/product/fmw
    • Oracle Home : Oracle_OIAM
  • Click Install on the summary screen
  • Click Next when the installation progress reaches 100%
  • Click Finish on the installation complete screen

Oracle Identity & Access Management Domain Creation

  • Execute configuration script from OIAM home to create the Domain

  • Select “Create new Weblogic Domain” and click Next
  • Select below products and click Next.
    • Oracle Identity Manager
    • Oracle Access Management And Mobile Security Suite
    • Oracle SOA Suite
    • Oracle Enterprise Manager
    • Oracle BI Publisher
    • Oracle BI JDBC
    • Oracle WSM Policy Manager
    • Oracle JRF WebServices Asynchronous Services
    • Oracle JRF
    • Oracle Platform Security Services
    • Oracle OPSS Metadata for JRF
  • Provide Domain Name & Location.
    • Domain Name : OIAMDomain
    • Domain Location : /u01/app/oracle/product/fmw/user_projects/domains
    • Application Location : /u01/app/oracle/product/fmw/user_projects/applications
  • Provide Weblogic Administrator password and click Next
  • Select “Production Mode”, verify JDK and click Next
  • Provide Db details for each schema and click Next
  • Make sure JDBC test is successful for all schema and click Next
  • Select below items and click Next
    • Administration Server
    • Managed Servers, Clusters and Machines
  • Accept default AdminServer details and click Next (You can change the admin server name & port if you want)
  • Provide Managed Server names and ports as shown below and click Next
  • Create Clusters as shown below and click Next (This is Optional)
  • Assign Managed Servers to respective Clusters and click Next
  • Create a new UnixMachine as shown below and click Next
  • Assign Managed Servers to the Machine and click Next (Assigning AdminServer is optional)
  • Click Create on the summary screen
  • Click Done when the Domain Creation is complete

Database Security Store Configuration

Before starting the Admin and Managed Servers, you need to create Database Security Store

  • Execute configureSecurityStore.py using WLST as shown below

OIAM Domain Startup

  • Create boot.properties and start Weblogic AdminServer using below commands

  • Make sure you see below lines in the nohup.out / AdminServer.log to confirm that the AdminServer is fully started

  • Set Node Manager properties and start Node Manager using below commands

  • Make sure you see below lines in the nohup.out / nodemanager.log to confirm that the Node manager is fully started

  • You might get below error whicle starting up Managed Servers if setNMProps is not executed
[Security:097533]SecurityProvider service class name for IAMSuiteAgent is not specified
  • Login to Weblogic Administration Console using below URL and Weblogic Administrator credentials

  • Navigate to Environment -> Server -> Control tab and start WLS_OAM, WLS_OAMPM, WLS_OMSM

Oracle Access Manager Verification

  • Access OAM Console using below URL and login using Weblogic Credentials

  • OAM Console Home Page / Launch Pad
  • Access OAM Policy Manager Console using below URL and login using Weblogic Credentials ( Watch my video tutorial for explanation on the differences between OAM Console & Policy manager Console )

OUD (LDAP) Pre-Configuration For LDAP Sync

You need to preconfigure OUD or any other LDAP you are using, before configuring OIM. This is required only if you want to enable LDAP Sync

For detailed instructions on how to install and configure Oracle Unified Directory, please CLICK HERE.

For Oracle Unified Directory installation and configuration video tutoria, please CLICK HERE

  • Navigate to the location of your LDAP commands. For my OUD it is /u01/app/oracle/product/oudfmw/oud_inst1/OUD/bin.

  • Create a file oiam.ldif with below contents.

  • Execute ldapmodify command to create the entries required for LDAP Sync in OUD

  • You can verify the entrys using ldapsearch command

  • Set MW_HOME and ORACLE_HOME environment variables

  • Navigate to IDM Tools, bin directory and create prepareIDStore.properties with below content

IDSTORE_KEYSTORE_PASSWORD is the content of /u01/app/oracle/product/oudfmw/oud_inst1/OUD/config/admin-keystore.in file

  • Execute idmConfigTool command to prepare ID Store for LDAP Sync. Provide OUD password and new oimadmin password when prompted

Oracle Identity Manager Configuration

  • Start WLS_OIM,WLS_SOA & WLS_BIP from Weblogic Administration Console.

If you are running this on a Vmware with less than 12GB RAM, you might get out of memory exceptions. You can stop OAM related Managed Servers (WLS_OAM,WLS_OAMPM & WLS_OMSM) to free up some memory

  • Navigate to OIAM Home, bin directory and execute configuration script

  • Click Next on the welcome screen
  • Select OIM server and click Next
  • Provide schema details and click Next. Provide schema names and passwords used while creating repository using RCU
  • Provide Weblogic AdminServer URL (t3) and credentials as below
  • Provide new password for OIM Administrator (XELSYSADM), OIM HTTP URL.
  • OIM External Frontend URL can be left blank if you are not using any OHS as frontend to OHS otherwise provide OHS URL.
  • Check “Enable OIM for Suite Integration” to enable LDAP Sync if you are planning to integrate OIM & OAM
  • Select your type of LDAP (OUD in my case) and provide the URL, credentials & search base specific to your LDAP
  • Click OK on the warning dialog which warns you about the pre-configuration of LDAP which we have done in previous step.
  • Provide LDAP containers we created during pre-configuration and click Next
    • LDAP Role Container : This is the container for the LDAP groups which will be used in OAM to protect respective applications (ou=Groups,dc=oiam,dc=com)
    • LDAP User Container : This is the container for the LDAP users which will be used in OAM / OIM for authentication (ou=People,dc=oiam,dc=com)
    • LDAP Reserve Container : This is the temporary container for the LDAP users whose approval status is still pending. Once approved, the users will be moved to User Container (ou=Reserve,dc=oiam,dc=com)
  • Click Configure on the summary screen
  • Wait for the configuration process to complete and click Next. You can monitor the configuration log file under oraInventory/logs. This process would normally take around 15 – 20 mins depending on the hardware.
  • Click Finish on the configuration complete screen.

OUD (LDAP) Post Configuration Utility Execution

  • Set below environment variables before running LDAP Post-Configuration utility

  • Navigate to ldap_config_util directory and update ldapconfig.props file with below values

  • Execute LDAPConfigPostSetup using below command

  • Restart AdminServer, WLS_OIM, WLS_SOA, WLS_BIP

Oracle Identity Manager Verification

  • Access OIM System Administration Console using below URL and login using XELSYSADM Credentials

  • OIM System Administration Console Home Page / Launch Pad
  • Access OIM Self Service Console / OIM Identity Console using below URL and login using XELSYSADM Credentials ( Self Service Console can be accessed using any valid user in LDAP )

  • During first login, you will asked to set security question & answers which will be used while self-resetting user password. Provide your security question & answers and click Submit
  • OIM Self Service Console / OIM Identity Console Home Page

Thats It !! You now have a working Oracle Identity & Access Management system with Oracle Identity Manager & Access Manager configured.

Hope you found this post helpful. If you have any questions please post in the comments section. Please watch my video for detailed explanation and demo.

2016-12-08T18:20:42+00:00

About the Author:

I am a Senior Cloud Professional specialized in AWS Cloud with 11 years of IT experience. I am enthusiastic about Serverless Architecture. I am an expert in Oracle Fusion Middleware.