You are here:>>>How To Install And Configure Oracle Identity & Access Management 11.1.2.3

How To Install And Configure Oracle Identity & Access Management 11.1.2.3

Video Tutorial

In this post I will show you how to install Oracle Identity & Access Management 11.1.2.3 and configure Oracle Access Manager and Oracle Identity Manager on Oracle Linux 6.7.

Please watch the video for detailed explanation and demo of installation and configuration steps.

My Environment

  • Oracle Linux 6.7 Virtual Machine
  • Java Development Kit 1.7
  • Oracle Database 11.2.0.4
  • Oracle Weblogic Server 10.3.6
  • Oracle SOA Suite 11.1.1.9
  • Oracle Identity & Access Management 11.1.2.3
  • Repository Creation Utility 11.1.1.9
  • Oracle Unified Directory (This is optional and required only if you want to integrate OAM & OIM with LDAP. You can use any LDAP of your choice)

Software Required

  • ofm_iam_generic_11.1.2.3.0_disk1_1of3.zip
  • ofm_iam_generic_11.1.2.3.0_disk1_2of3.zip
  • ofm_iam_generic_11.1.2.3.0_disk1_3of3.zip
  • ofm_rcu_linux_11.1.1.9.0_64_disk1_1of1.zip
  • wls1036_generic.jar
  • SOA_p20995651_111190_Generic_1of2.zip
  • SOA_p20995651_111190_Generic_2of2.zip

Architecture Diagram

OS Prerequisites

  • binutils-2.20.51.0.2-5.11.el6-x86_64
  • compat-libcap1-1.10-1-x86_64
  • compat-libstdc++-33-3.2.3-69.el6-x86_64
  • compat-libstdc++-33-3.2.3-69.el6-i686
  • libgcc-4.4.4-13.el6-i686
  • libgcc-4.4.4-13.el6-x86_64
  • libstdc++-4.4.4-13.el6-x86_64
  • libstdc++-4.4.4-13.el6-i686
  • libstdc++-devel-4.4.4-13.el6-x86_64
  • sysstat-9.0.4-11.el6-x86_64
  • gcc-4.4.4-13.el6-x86_64
  • gcc-c++-4.4.4-13.el6-x86_64
  • glibc-2.12-1.7.el6-i686
  • glibc-2.12-1.7.el6-x86_64
  • glibc-devel-2.12-1.7.el6-x86_64
  • glibc-devel-2.12-1.7.el6
  • libaio-0.3.107-10.el6-x86_64
  • libaio-devel-0.3.107-10.el6-x86_64

OIAM Repository Creation

  • Navigate to RCU extracted directory and execute rcu

  • Click Next on the welcome screen
  • Select Create and click Next
  • Provide Database details and click Next
  • Make sure database prerequisites are met and click Next
  • Provide prefix and select below schema and click Next
    • Oracle Identity Manager
    • Oracle Access Manager
    • Oracle Mobile Security Manager
  • Below schema will be selected automatically
    • Metadata Services
    • Audit Services
    • Oracle Platform Security Services
    • Business Intelligence Platform
    • SOA Infrastructure
    • User Messaging Service
  • Make sure component specific prerequisites are met and click Next
  • Provide password for the schema and click Next
  • Verify the tablespaces and click Next
  • Click OK on confirmation screen
  • Make sure tablespace creation is successful and click Next
  • Click Create on the summary screen
  • Repository creation progress
  • Make sure the status of all schema is Success and click close
  • OIAM repository creation is now complete

Oracle Weblogic Server Installation

  • We need to create a Middleware home before installing SOA and OIAM. Please go through below screenshots for Oracle Weblogic Server installation steps
  • My Middleware home is /u01/app/oracle/product/fmw
  • Navigate to Oracle Weblogic Server software directory and execute below command. make sure JAVA environment is set correctly.

Oracle SOA Suite Installation

SOA Suite is required only if you are using Oracle Identity Manager. OIM uses SOA to process workflows related to approvals of various OIM requests.

  • Navigate to Disk1 of extracted SOA software directory and execute the installer along with JRE location

  • Click Next on the welcome screen
  • Skip software updates and click Next
  • Make sure the prerequisites are met and click Next
  • Provide Middleware Home, SOA Oracle Home and click Next
    • Middleware Home : /u01/app/oracle/product/fmw
    • Oracle Home : Oracle_SOA
  • Select Weblogic Server and click Next
  • Click Install on the summary screen
  • Click Next when the installation progress reaches 100%
  • Click Finish on the installation complete screen

Oracle Identity & Access Management Installation

  • Navigate to Disk1 of extracted OIAM software directory and execute the installer along with JRE location

  • Click Next on the welcome screen
  • Skip software updates and click Next
  • Make sure the prerequisites are met and click Next
  • Provide Middleware Home, OIAM Oracle Home and click Next
    • Middleware Home : /u01/app/oracle/product/fmw
    • Oracle Home : Oracle_OIAM
  • Click Install on the summary screen
  • Click Next when the installation progress reaches 100%
  • Click Finish on the installation complete screen

Oracle Identity & Access Management Domain Creation

  • Execute configuration script from OIAM home to create the Domain

  • Select “Create new Weblogic Domain” and click Next
  • Select below products and click Next.
    • Oracle Identity Manager
    • Oracle Access Management And Mobile Security Suite
    • Oracle SOA Suite
    • Oracle Enterprise Manager
    • Oracle BI Publisher
    • Oracle BI JDBC
    • Oracle WSM Policy Manager
    • Oracle JRF WebServices Asynchronous Services
    • Oracle JRF
    • Oracle Platform Security Services
    • Oracle OPSS Metadata for JRF
  • Provide Domain Name & Location.
    • Domain Name : OIAMDomain
    • Domain Location : /u01/app/oracle/product/fmw/user_projects/domains
    • Application Location : /u01/app/oracle/product/fmw/user_projects/applications
  • Provide Weblogic Administrator password and click Next
  • Select “Production Mode”, verify JDK and click Next
  • Provide Db details for each schema and click Next
  • Make sure JDBC test is successful for all schema and click Next
  • Select below items and click Next
    • Administration Server
    • Managed Servers, Clusters and Machines
  • Accept default AdminServer details and click Next (You can change the admin server name & port if you want)
  • Provide Managed Server names and ports as shown below and click Next
  • Create Clusters as shown below and click Next (This is Optional)
  • Assign Managed Servers to respective Clusters and click Next
  • Create a new UnixMachine as shown below and click Next
  • Assign Managed Servers to the Machine and click Next (Assigning AdminServer is optional)
  • Click Create on the summary screen
  • Click Done when the Domain Creation is complete

Database Security Store Configuration

Before starting the Admin and Managed Servers, you need to create Database Security Store

  • Execute configureSecurityStore.py using WLST as shown below

OIAM Domain Startup

  • Create boot.properties and start Weblogic AdminServer using below commands

  • Make sure you see below lines in the nohup.out / AdminServer.log to confirm that the AdminServer is fully started

  • Set Node Manager properties and start Node Manager using below commands

  • Make sure you see below lines in the nohup.out / nodemanager.log to confirm that the Node manager is fully started

  • You might get below error whicle starting up Managed Servers if setNMProps is not executed
[Security:097533]SecurityProvider service class name for IAMSuiteAgent is not specified
  • Login to Weblogic Administration Console using below URL and Weblogic Administrator credentials

  • Navigate to Environment -> Server -> Control tab and start WLS_OAM, WLS_OAMPM, WLS_OMSM

Oracle Access Manager Verification

  • Access OAM Console using below URL and login using Weblogic Credentials

  • OAM Console Home Page / Launch Pad
  • Access OAM Policy Manager Console using below URL and login using Weblogic Credentials ( Watch my video tutorial for explanation on the differences between OAM Console & Policy manager Console )

OUD (LDAP) Pre-Configuration For LDAP Sync

You need to preconfigure OUD or any other LDAP you are using, before configuring OIM. This is required only if you want to enable LDAP Sync

For detailed instructions on how to install and configure Oracle Unified Directory, please CLICK HERE.

For Oracle Unified Directory installation and configuration video tutoria, please CLICK HERE

  • Navigate to the location of your LDAP commands. For my OUD it is /u01/app/oracle/product/oudfmw/oud_inst1/OUD/bin.

  • Create a file oiam.ldif with below contents.

  • Execute ldapmodify command to create the entries required for LDAP Sync in OUD

  • You can verify the entrys using ldapsearch command

  • Set MW_HOME and ORACLE_HOME environment variables

  • Navigate to IDM Tools, bin directory and create prepareIDStore.properties with below content

IDSTORE_KEYSTORE_PASSWORD is the content of /u01/app/oracle/product/oudfmw/oud_inst1/OUD/config/admin-keystore.in file

  • Execute idmConfigTool command to prepare ID Store for LDAP Sync. Provide OUD password and new oimadmin password when prompted

Oracle Identity Manager Configuration

  • Start WLS_OIM,WLS_SOA & WLS_BIP from Weblogic Administration Console.

If you are running this on a Vmware with less than 12GB RAM, you might get out of memory exceptions. You can stop OAM related Managed Servers (WLS_OAM,WLS_OAMPM & WLS_OMSM) to free up some memory

  • Navigate to OIAM Home, bin directory and execute configuration script

  • Click Next on the welcome screen
  • Select OIM server and click Next
  • Provide schema details and click Next. Provide schema names and passwords used while creating repository using RCU
  • Provide Weblogic AdminServer URL (t3) and credentials as below
  • Provide new password for OIM Administrator (XELSYSADM), OIM HTTP URL.
  • OIM External Frontend URL can be left blank if you are not using any OHS as frontend to OHS otherwise provide OHS URL.
  • Check “Enable OIM for Suite Integration” to enable LDAP Sync if you are planning to integrate OIM & OAM
  • Select your type of LDAP (OUD in my case) and provide the URL, credentials & search base specific to your LDAP
  • Click OK on the warning dialog which warns you about the pre-configuration of LDAP which we have done in previous step.
  • Provide LDAP containers we created during pre-configuration and click Next
    • LDAP Role Container : This is the container for the LDAP groups which will be used in OAM to protect respective applications (ou=Groups,dc=oiam,dc=com)
    • LDAP User Container : This is the container for the LDAP users which will be used in OAM / OIM for authentication (ou=People,dc=oiam,dc=com)
    • LDAP Reserve Container : This is the temporary container for the LDAP users whose approval status is still pending. Once approved, the users will be moved to User Container (ou=Reserve,dc=oiam,dc=com)
  • Click Configure on the summary screen
  • Wait for the configuration process to complete and click Next. You can monitor the configuration log file under oraInventory/logs. This process would normally take around 15 – 20 mins depending on the hardware.
  • Click Finish on the configuration complete screen.

OUD (LDAP) Post Configuration Utility Execution

  • Set below environment variables before running LDAP Post-Configuration utility

  • Navigate to ldap_config_util directory and update ldapconfig.props file with below values

  • Execute LDAPConfigPostSetup using below command

  • Restart AdminServer, WLS_OIM, WLS_SOA, WLS_BIP

Oracle Identity Manager Verification

  • Access OIM System Administration Console using below URL and login using XELSYSADM Credentials

  • OIM System Administration Console Home Page / Launch Pad
  • Access OIM Self Service Console / OIM Identity Console using below URL and login using XELSYSADM Credentials ( Self Service Console can be accessed using any valid user in LDAP )

  • During first login, you will asked to set security question & answers which will be used while self-resetting user password. Provide your security question & answers and click Submit
  • OIM Self Service Console / OIM Identity Console Home Page

Thats It !! You now have a working Oracle Identity & Access Management system with Oracle Identity Manager & Access Manager configured.

Hope you found this post helpful. If you have any questions please post in the comments section. Please watch my video for detailed explanation and demo.

2016-12-08T18:20:42+00:00

About the Author:

I am a Senior Cloud Professional specialized in AWS Cloud with 11 years of IT experience. I am enthusiastic about Serverless Architecture. I am an expert in Oracle Fusion Middleware.

56 Comments

  1. Karthick May 7, 2016 at 10:40 AM - Reply

    Hi Prasad,

    Can you please let me know the location of configureSecurityStore.py script in OIM Version 11.1.1.7.0.

    I tried finding using find command but no luck. because of that I am stuck with Configuring Database Security Store on 11.1.1.7.0

    Thanks !

    • pdomala May 7, 2016 at 11:01 AM - Reply

      Hello Karthick

      It should be under $IAM_HOME/common/tools. Make sure you have installed OIAM and not IDM…and search in IAM_HOME not IDM HOME.

      [oracle@oraclelinux6 tools]$ pwd
      /u01/app/oracle/product/fmw/Oracle_OIAM/common/tools
      [oracle@oraclelinux6 tools]$ ls
      configureSecurityStore.py configureSecurityStoreWas.py
      [oracle@oraclelinux6 tools]$

  2. Karthick May 8, 2016 at 2:06 PM - Reply

    Dear Prasad,

    I verified in this location there is no folder called tools…

    I have installed OIAM 11.1..2.3.0, I can see the tools folder. I think in this version (11.1.1.7.0) we have to look in different folder.

    Thanks for your help !

  3. Karthick May 8, 2016 at 3:35 PM - Reply

    Great Prasad,

    I will try to login into OAM console without configuring database security store and update the result here. This might helps others !

    Can you please explian about the step “Check “Enable OIM for Suite Integration” to enable LDAP Sync if you are planning to integrate OIM & OAM”

    I am planning to use Oracle Internet Directory ( OID ) as a LDAP for my JD Edwards System. Because I can see only OID is supported with JD Edwards.

    Whether the same steps of OUD will be applicable for this situation as well ?

    Thanks for your help !

    • pdomala May 8, 2016 at 4:03 PM - Reply

      Hello Karthick,

      For OIM – OAm Integration, you need to extend the schema by executing below LDIF files. Please refer to section 5.6.5 in 11.1.1.7 Install guide for more information.
      $IAM_HOME/oam/server/oim-intg/ldif/oid/schema/OID_oblix_pwd_schema_add.ldif
      $IAM_HOME/oam/server/oim-intg/ldif/oid/schema/OID_oblix_schema_add.ldif
      $IAM_HOME/oam/server/oim-intg/ldif/oid/schema/OID_oim_pwd_schema_add.ldif
      $IAM_HOME/oam/server/oim-intg/ldif/oid/schema/OID_oblix_schema_index_add.ldif

      FYI…I will be making a video on OIM-OAM integration soon. But it will be for 11.1.2.3 version.

  4. Karthick May 8, 2016 at 5:28 PM - Reply

    You are really great !

    I learned lot from your blog. I will be waiting for your video.

    Mean while if you share the guide for OIM – OAM Integration using OID. I will try to finish my work.

    Thanks a lot for your help !

  5. Karthick May 8, 2016 at 5:33 PM - Reply

    Version 11gR2 is supported with JD Edwards SSO so I installed 11.1.2.3

    I am requesting you to share the guide for OIM – OAM Integration using OID. (11.1.2.3 version)

  6. imtra.com.my June 27, 2016 at 8:05 AM - Reply

    Remarkable! Its genuinely remarkable article, I have got much clear idea on the topic
    of from this post.

  7. Meraj June 27, 2016 at 9:15 AM - Reply

    Hi Prasad,

    Your blogs are a great help, I have almost done all steps successfully in this post. On last step “OUD (LDAP) Post Configuration Utility Execution”

    I am getting error “Unable to get either LDAP, OIM connection or LDAPSync is not enabled and reason is:java.lang.reflect.InvocationTargetException”

    Please help, Thanks

    • pdomala June 27, 2016 at 10:13 AM - Reply

      Hello
      I hope you have enabled LDAP sync during OIM configuration. If you did that please restart all managed servers including Admin Server and rerun the post configuration utility.

  8. Balaji July 15, 2016 at 4:30 PM - Reply

    Hi Prasad,

    I have installed Oracle identity and access management following your blog, I have followed all the steps when I start Admin Server facing issue not able to load oamconsole also oam_admin(11.2.0) deployment is in failed state.

    Please help me to solve the issue.

    Please find the log below:-

    <> <Unable to set the activation state to true for the application 'oam_admin [Version=11.1.2.0.0]'.
    weblogic.application.ModuleException:
    at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1520)
    at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
    at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
    at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
    at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
    at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
    at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
    at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
    at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
    at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
    at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
    at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
    at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
    at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
    at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
    at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
    at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
    at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
    at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Caused By: java.lang.RuntimeException: Failed to start Service "Cluster" (ServiceState=SERVICE_STOPPED, STATE_ANNOUNCE)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.start(Service.CDB:38)
    at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.start(Grid.CDB:6)
    at com.tangosol.coherence.component.net.Cluster.onStart(Cluster.CDB:56)
    at com.tangosol.coherence.component.net.Cluster.start(Cluster.CDB:11)
    at com.tangosol.coherence.component.util.SafeCluster.startCluster(SafeCluster.CDB:3)
    at com.tangosol.coherence.component.util.SafeCluster.restartCluster(SafeCluster.CDB:10)
    at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluster(SafeCluster.CDB:26)
    at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.CDB:2)
    at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:427)
    at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInternal(DefaultConfigurableCacheFactory.java:973)
    at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(DefaultConfigurableCacheFactory.java:942)
    at com.tangosol.net.DefaultConfigurableCacheFactory.ensureCache(DefaultConfigurableCacheFactory.java:924)
    at com.tangosol.net.DefaultConfigurableCacheFactory.configureCache(DefaultConfigurableCacheFactory.java:1301)
    at com.tangosol.net.DefaultConfigurableCacheFactory.ensureCache(DefaultConfigurableCacheFactory.java:302)
    at com.tangosol.net.CacheFactory.getCache(CacheFactory.java:204)
    at com.tangosol.net.CacheFactory.getCache(CacheFactory.java:181)
    at oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl.init(CoherenceMapImpl.java:238)
    at oracle.security.am.foundation.mapimpl.coherence.CoherenceMapImpl.(CoherenceMapImpl.java:226)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at oracle.security.am.admin.config.util.GenericFactory.getManager(GenericFactory.java:339)
    at oracle.security.am.admin.config.util.GenericFactory.getManager(GenericFactory.java:323)
    at oracle.security.am.admin.config.util.GenericFactory.readObject(GenericFactory.java:233)
    at oracle.security.am.admin.config.util.GenericFactory.validateAndGetObjectForMap(GenericFactory.java:120)
    at oracle.security.am.admin.config.util.GenericFactory.getInstance(GenericFactory.java:104)
    at oracle.security.am.admin.config.util.NotificationLockHelper.(NotificationLockHelper.java:142)
    at oracle.security.am.admin.config.util.NotificationLockHelper.(NotificationLockHelper.java:114)
    at oracle.security.am.lifecycle.config.DistributionListenerImpl.(DistributionListenerImpl.java:59)
    at oracle.security.am.lifecycle.config.ConfigLifecycleImpl.(ConfigLifecycleImpl.java:75)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at oracle.security.am.admin.config.util.GenericFactory.getManager(GenericFactory.java:335)
    at oracle.security.am.admin.config.util.GenericFactory.getManager(GenericFactory.java:323)
    at oracle.security.am.admin.config.util.GenericFactory.readObject(GenericFactory.java:233)
    at oracle.security.am.admin.config.util.GenericFactory.validateAndGetObjectForMap(GenericFactory.java:120)
    at oracle.security.am.admin.config.util.GenericFactory.getInstance(GenericFactory.java:104)
    at oracle.security.am.admin.config.util.GenericFactory.getInstance(GenericFactory.java:191)
    at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:212)
    at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:198)
    at oracle.security.am.lifecycle.ApplicationLifecycle.contextInitialized(ApplicationLifecycle.java:109)
    at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
    at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1868)
    at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
    at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
    at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
    at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
    at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
    at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
    at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
    at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
    at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
    at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
    at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
    at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
    at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
    at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
    at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
    at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
    at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
    at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
    at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
    at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)

  9. lokesh July 21, 2016 at 6:59 PM - Reply

    Hi Prasad,

    Your Articles are simply superb!

    Can you please answer my questions.

    We installed OID/OAM in seperate Domains without SOA,BI

    1. Can we still Integrate OID/OAM without SOA,BI

    2. we have 3rd party LDAP to be synced with OID for authentication. do we need Oracle Virtual Directory ?

    Thanks so much !

    • pdomala July 21, 2016 at 7:32 PM - Reply

      1. SOA is required only for OIM. Its not mandatory for OID/OAM. BI is also optional. Its required only if you want reporting capabilities.
      2. For third party LDAP sync like AD, use DIP (Directory Integration Platform)

  10. Toto July 25, 2016 at 3:10 PM - Reply

    Hi Prasad,

    I got an errors when I starting weblogic

    at oracle.security.am.db.dataaccess.entity.impl.EntityDataAccessImpl.cre
    ateEntities(EntityDataAccessImpl.java:104)
    at oracle.security.am.foundation.entity.admin.provider.db.EntityStoreImp
    l.createEntity(EntityStoreImpl.java:106)
    at oracle.security.am.foundation.entity.admin.impl.EntityManagerImpl.cre
    ateEntity(EntityManagerImpl.java:168)
    at oracle.security.am.admin.config.util.store.EntityStore.storeAsEntity(
    EntityStore.java:661)
    at oracle.security.am.admin.config.util.store.EntityStore.doStore(Entity
    Store.java:442)
    at oracle.security.am.admin.config.util.store.EntityStore.store(EntitySt
    ore.java:299)
    at oracle.security.am.admin.config.util.store.StoreUtil.reconcile(StoreU
    til.java:289)
    at oracle.security.am.admin.config.util.store.StoreUtil.loadConfiguratio
    n(StoreUtil.java:259)
    at org.eclipse.higgins.configuration.xml.ConfigurationHandler.configure(
    ConfigurationHandler.java:417)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.callConfi
    gure(BasicFileConfigurationStore.java:839)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.loadConfi
    guration(BasicFileConfigurationStore.java:783)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.getConfig
    urationHandler(BasicFileConfigurationStore.java:755)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.getConfig
    uration(BasicFileConfigurationStore.java:189)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.update(Ba
    sicFileConfigurationStore.java:1046)
    at oracle.security.am.admin.config.util.observable.ObservableConfigStore
    $Notifier.run(ObservableConfigStore.java:282)
    >
    [14 parameters bound]
    Query: InsertObjectQuery(oracle.security.am.foundation.entity.admin.provider.db.
    beans.Entities@5c4b3105)
    at org.eclipse.persistence.exceptions.DatabaseException.sqlException(Dat
    abaseException.java:324)
    at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.exec
    uteDirectNoSelect(DatabaseAccessor.java:840)
    at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.exec
    uteNoSelect(DatabaseAccessor.java:906)
    at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basi
    cExecuteCall(DatabaseAccessor.java:592)
    at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.exec
    uteCall(DatabaseAccessor.java:535)
    at org.eclipse.persistence.internal.sessions.AbstractSession.basicExecut
    eCall(AbstractSession.java:1717)
    at org.eclipse.persistence.sessions.server.ClientSession.executeCall(Cli
    entSession.java:253)
    at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism
    .executeCall(DatasourceCallQueryMechanism.java:207)
    at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism
    .executeCall(DatasourceCallQueryMechanism.java:193)
    at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism
    .insertObject(DatasourceCallQueryMechanism.java:342)
    at org.eclipse.persistence.internal.queries.StatementQueryMechanism.inse
    rtObject(StatementQueryMechanism.java:162)
    at org.eclipse.persistence.internal.queries.StatementQueryMechanism.inse
    rtObject(StatementQueryMechanism.java:177)
    at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.inser
    tObjectForWrite(DatabaseQueryMechanism.java:472)
    at org.eclipse.persistence.queries.InsertObjectQuery.executeCommit(Inser
    tObjectQuery.java:80)
    at org.eclipse.persistence.queries.InsertObjectQuery.executeCommitWithCh
    angeSet(InsertObjectQuery.java:90)
    at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.execu
    teWriteWithChangeSet(DatabaseQueryMechanism.java:287)
    at org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery
    (WriteObjectQuery.java:58)
    at org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.j
    ava:844)
    at org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(Dat
    abaseQuery.java:743)
    at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitO
    fWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:108)
    at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitO
    fWork(ObjectLevelModifyQuery.java:85)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExec
    uteQuery(UnitOfWorkImpl.java:2871)
    at oracle.security.am.db.common.PerformanceProfiler.profileExecutionOfQu
    ery(PerformanceProfiler.java:57)
    at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuer
    y(AbstractSession.java:1514)
    at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuer
    y(AbstractSession.java:1498)
    at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuer
    y(AbstractSession.java:1449)
    at org.eclipse.persistence.internal.sessions.CommitManager.commitChanged
    ObjectsForClassWithChangeSet(CommitManager.java:265)
    at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObje
    ctsForClassWithChangeSet(CommitManager.java:190)
    at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObje
    ctsWithChangeSet(CommitManager.java:136)
    at org.eclipse.persistence.internal.sessions.AbstractSession.writeAllObj
    ectsWithChangeSet(AbstractSession.java:3799)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToData
    base(UnitOfWorkImpl.java:1415)
    at org.eclipse.persistence.internal.sessions.RepeatableWriteUnitOfWork.c
    ommitToDatabase(RepeatableWriteUnitOfWork.java:636)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToData
    baseWithPreBuiltChangeSet(UnitOfWorkImpl.java:1561)
    at org.eclipse.persistence.internal.sessions.RepeatableWriteUnitOfWork.w
    riteChanges(RepeatableWriteUnitOfWork.java:447)
    at org.eclipse.persistence.internal.jpa.EntityManagerImpl.flush(EntityMa
    nagerImpl.java:780)
    at oracle.security.am.db.jpa.JPABaseDAO$InsertObjectAction.internalPerfo
    rmAction(JPABaseDAO.java:387)
    at oracle.security.am.db.jpa.JPABaseDAO$DBAction.performAction(JPABaseDA
    O.java:99)
    at oracle.security.am.db.jpa.JPADBManager.insert(JPADBManager.java:110)
    at oracle.security.am.db.dataaccess.entity.impl.EntityDataAccessImpl.cre
    ateEntities(EntityDataAccessImpl.java:104)
    at oracle.security.am.foundation.entity.admin.provider.db.EntityStoreImp
    l.createEntity(EntityStoreImpl.java:106)
    at oracle.security.am.foundation.entity.admin.impl.EntityManagerImpl.cre
    ateEntity(EntityManagerImpl.java:168)
    at oracle.security.am.admin.config.util.store.EntityStore.storeAsEntity(
    EntityStore.java:661)
    at oracle.security.am.admin.config.util.store.EntityStore.doStore(Entity
    Store.java:442)
    at oracle.security.am.admin.config.util.store.EntityStore.store(EntitySt
    ore.java:299)
    at oracle.security.am.admin.config.util.store.StoreUtil.reconcile(StoreU
    til.java:289)
    at oracle.security.am.admin.config.util.store.StoreUtil.loadConfiguratio
    n(StoreUtil.java:259)
    at org.eclipse.higgins.configuration.xml.ConfigurationHandler.configure(
    ConfigurationHandler.java:417)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.callConfi
    gure(BasicFileConfigurationStore.java:839)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.loadConfi
    guration(BasicFileConfigurationStore.java:783)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.getConfig
    urationHandler(BasicFileConfigurationStore.java:755)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.getConfig
    uration(BasicFileConfigurationStore.java:189)
    at oracle.security.am.admin.config.BasicFileConfigurationStore.update(Ba
    sicFileConfigurationStore.java:1046)
    at oracle.security.am.admin.config.util.observable.ObservableConfigStore
    $Notifier.run(ObservableConfigStore.java:282)
    Caused By: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique
    constraint (DEV_OAM.PK_ENTITIES) violated

    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:462)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:405)
    at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:931)
    at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:481)
    at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:205)
    at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:548)

    • pdomala July 25, 2016 at 3:32 PM - Reply

      Try adding below parameter in setDomainEnv.sh and restart admin & managed servers.
      -DDISABLE_CONFIG_ENTITY=true

  11. Atul August 3, 2016 at 10:59 PM - Reply

    Thanks for the well written blog .Really helped me a lot while doing my setup .
    Cheers!!

  12. Mukesh August 12, 2016 at 11:53 AM - Reply

    Hi,

    This was a great learning while following your blog for Setup of OAM and OUD. Able to start admin server and oamconsole . Have you written anything for E-Business Suite.

    My scenarios is, I am having a third party web service for User Authentication (which provide me token or XML response). I want to use that service for EBS authentication.

    Following is my understanding after following some of oracle documentations, I have to Install OUD integrated with EBS with access-gate, and Web-gate for User Logon, which will authenticate with web service, provide the token, that token has to be some way integrated with EBS for allowing that user for access.

    Can you please advice how to take it forward.

    Best Regards,

    • pdomala August 28, 2016 at 1:42 PM - Reply

      Hi
      Sorry I haven’t got chance to try my hands on EBiz yet. May be i will post on EBiz soon.

  13. Philipp August 18, 2016 at 10:18 AM - Reply

    Great article, Prasad!

    I fount you ran into the same message at the end (while doing PostConfig)

    SEVERE: ChangelogNumber could not be retrieved from LDAP. No values returned for lastchangenumber
    SEVERE: Jobs will be updated with default value: ‘0’

    I checked with ldapsearch and i was able to retrieve lastExternalChangelogcookie. So what do you think is missing?

  14. Ahmed Mohamed Mahmoud August 22, 2016 at 1:42 AM - Reply

    Thanks for the effort
    I’ve a problem in OIM configuration it fails at:
    ava.lang.Exception: Exception occured while encrypting the configuration and database
    at oracle.as.install.oim.config.util.EncryptConfigurationAndDB.encryptConfigurationAndDatbase(EncryptConfigurationAndDB.java:241)
    at oracle.as.install.oim.config.OIMConfigManager.encryptDB(OIMConfigManager.java:2742)
    at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:1383)
    at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:713)
    at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:403)
    at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:101)
    at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:121)
    at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
    at oracle.as.install.engine.modules.configuration.action.RequestQueue.performSequentialExecution(RequestQueue.java:335)
    at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:311)
    at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:200)
    at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
    at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:86)
    at java.lang.Thread.run(Thread.java:745)
    Caused by: java.lang.Exception: Exception occured while encrypting the database
    at oracle.as.install.oim.config.util.EncryptDataBase.encryptDBContent(EncryptDataBase.java:161)
    at oracle.as.install.oim.config.util.EncryptConfigurationAndDB.encryptConfigurationAndDatbase(EncryptConfigurationAndDB.java:232)
    … 13 more
    Caused by: java.lang.Exception: Exception occured in encryptDB method while encrypting the database
    at oracle.as.install.oim.config.util.EncryptDataBase.encryptDB(EncryptDataBase.java:451)
    at oracle.as.install.oim.config.util.EncryptDataBase.encryptDBContent(EncryptDataBase.java:153)
    … 14 more
    Caused by: com.thortech.xl.crypto.tcCryptoException: Keystore was tampered with, or password was incorrect
    at com.thortech.xl.crypto.tcCryptoHelper.loadKeyStore(tcCryptoHelper.java:218)
    at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.initKeyStore(tcDefaultDBEncryptionImpl.java:67)
    at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.getCipher(tcDefaultDBEncryptionImpl.java:99)
    at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.encrypt(tcDefaultDBEncryptionImpl.java:196)
    at com.thortech.xl.crypto.tcCryptoUtil.encrypt(tcCryptoUtil.java:118)
    at com.thortech.xl.crypto.tcCryptoUtil.encrypt(tcCryptoUtil.java:184)
    at com.thortech.xl.crypto.tcCryptoUtil.encrypt(tcCryptoUtil.java:172)
    at oracle.as.install.oim.config.util.EncryptDataBase.encryptDB(EncryptDataBase.java:430)
    … 15 more
    Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
    at com.sun.crypto.provider.JceKeyStore.engineLoad(JceKeyStore.java:867)
    at java.security.KeyStore.load(KeyStore.java:1214)
    at com.thortech.xl.crypto.tcCryptoHelper.loadKeyStore(tcCryptoHelper.java:178)
    … 22 more
    any clue

  15. Alpesh August 24, 2016 at 5:17 AM - Reply

    Hi I have following requirement.

    1. Only one shared user in Oracle Database.
    2. 300 users mapped to this one shared user, so that we do not have to create 300 users in database.

    I was told to implement EUS. Do you agree? if Yes, do you have step by step for implementation.
    or what is the best to method to implement?

    Please reply thanks

  16. Prabhu September 13, 2016 at 7:07 AM - Reply

    Hi,

    We are receiving OIM 11.1.2.3.0 is configured with LDAP Sync to OUD 11.1.2.3.0. When we try to create a user in OIM, we receive following exception. It looks like cn=orcladmin has wrong password and we see an exception in OUD like “result=49 authFailureID=196887 authFailureReason=”The password provided by the user did not match any password(s) stored in the user’s entry”” for “cn=orclAdmin”

    Any suggestions on this please.

    <An error occurred while responding error is – {0}
    javax.naming.AuthenticationException: Error: INVALID_CREDENTIALS
    LDAP Error 49 : [LDAP: error code 49 – Invalid Credentials] [Root exception is oracle.ods.virtualization.service.Virtualizangine.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 – Invalid Credentials]]

    Regards,
    Prabhu

    • pdomala September 24, 2016 at 5:05 PM - Reply

      Looks like orcladmin password is wrong. Try to reset orcladmin password and try.

  17. Mayur Dighe September 13, 2016 at 1:36 PM - Reply

    Hello,

    I am configuring OAM. I have completed Oracle Identity & Access Management Domain Creation and facing issue with Database Security Store Configuration.

    My question is that do we really need to configure Database Security Store Configuration?

    • pdomala September 24, 2016 at 5:03 PM - Reply

      Yes DB Security Store Configuration is mandatory without which you cannot start Admin or managed servers. Please send details error message and I will try to help you out.

  18. Mayur Dighe September 13, 2016 at 1:46 PM - Reply

    I am seeing following Error :

    Failed to get environment, environ will be empty: (0, ‘Failed to execute command ([\’sh\’, \’-c\’, \’env\’]): java.io.IOException: Cannot run program “sh”: CreateProcess
    Problem invoking WLST – Traceback (innermost last):

    • raj November 28, 2016 at 12:47 PM - Reply

      Hi Mayur

      i am also facing same issue.

      have u resolved your issue?

      if it’s resolved please let me know

  19. Mayur Dighe September 13, 2016 at 2:14 PM - Reply

    PS : I am doing this in Windows.

  20. Chris O September 30, 2016 at 6:21 AM - Reply

    Great instructions – I almost had it working but ran into a bunch of Coherence errors – I’ll try one more install using the non Coherence version of Web Logic like you used. I setup on Windows 2008 Server. I found when I went into the admin server console that the OAM server wasn’t deployed and each time i tried to deploy it would hang and fail with a com.tangosol.cohereence error – timeoutexception.

  21. satish October 2, 2016 at 10:26 AM - Reply

    It is really informative session. Could you help me, i want to install only oracle accessmanager. Is it possible to install from the version you mentioned.

    • pdomala October 9, 2016 at 9:12 PM - Reply

      Yes you can install only OAM. You need to install the whole OIAM Suite. But during Domain creation, you can select only OAM Components.

  22. satish October 7, 2016 at 8:07 PM - Reply

    Hi,

    Got the below error while starting up OAM servers. I have installed only accessmanagement.

    weblogic.application.ModuleException:
    at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1520)
    at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
    at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
    at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
    at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
    at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
    at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
    at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
    at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
    at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
    at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
    at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
    at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
    at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
    at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
    at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
    at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
    at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
    at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Caused By: oracle.security.am.install.AMInstallException: DB Policy not configured in mixed mode
    at oracle.security.am.install.startup.AMBootstrapListener.checkDBPolicyStoreConfigured(AMBootstrapListener.java:160)
    at oracle.security.am.install.startup.AMBootstrapListener.initialize(AMBootstrapListener.java:95)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at oracle.security.am.lifecycle.util.ComponentBootstrapHelper.invokeMethod(ComponentBootstrapHelper.java:134)
    at oracle.security.am.lifecycle.util.ComponentBootstrapHelper.invokeMethod(ComponentBootstrapHelper.java:80)
    at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:212)
    at oracle.security.am.lifecycle.ApplicationLifecycle.initComponentBootstrap(ApplicationLifecycle.java:190)
    at oracle.security.am.lifecycle.ApplicationLifecycle.contextInitialized(ApplicationLifecycle.java:101)
    at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:481)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:181)
    at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1868)
    at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:3154)
    at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1518)
    at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
    at weblogic.application.internal.flow.ScopedModuleDriver.start(ScopedModuleDriver.java:200)
    at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
    at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
    at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
    at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
    at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
    at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
    at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
    at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
    at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
    at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
    at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
    at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
    at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
    at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
    at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
    at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
    at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
    at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
    at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
    at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
    Please help me to fix it

    I am trying to install in windows.

    • pdomala October 9, 2016 at 9:13 PM - Reply

      It would seem likely that your jps-config.xml was corrupted or incomplete for some reason.

      Solution should be:

      Stop all WebLogic servers.
      Back up jps-config.xml
      Replace the below section in jps-config.xml:


      Runtime PDP service instance

      with:

      Runtime PDP service instance

  23. saravanan November 17, 2016 at 11:42 AM - Reply

    Hi Prasad,

    Could you please provide document or videos to configure Active directory instead of OUD as an LDAP.

  24. muzafar January 6, 2017 at 3:46 AM - Reply

    Hi Prasad while configuring ldap sync iam getting the below error

    ./ldapmodify -a -h wls.oracle.com -p 1389 -D “cn=Directory Manager” -w Welcome1 -q -f oiam.ldif
    The server is using the following certificate:
    Subject DN: CN=wls.oracle.com, O=Oracle Unified Directory Self-Signed Certificate
    Issuer DN: CN=wls.oracle.com, O=Oracle Unified Directory Self-Signed Certificate
    Validity: Fri Jan 06 02:59:50 IST 2017 through Sun Jan 06 02:59:50 IST 2019
    Do you wish to trust this certificate and continue connecting to the server?
    Please enter “yes” or “no”:yes
    Warning: Entry ou=Groups,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value top. The second occurrence of that objectclass has been skipped
    Warning: Entry ou=Groups,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate attribute changetype with value add. The second occurrence of that attribute value has been skipped
    Warning: Entry ou=Groups,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value organizationalunit. The second occurrence of that objectclass has been skipped
    Warning: Entry ou=Groups,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value top. The second occurrence of that objectclass has been skipped
    Processing ADD request for ou=Groups,dc=oiam,dc=com
    ADD operation failed
    Result Code: 65 (Object Class Violation)
    Additional Information: Entry ou=Groups,dc=oiam,dc=com violates the Directory Server schema configuration because it includes attribute dn which is not allowed by any of the objectclasses defined in that entry

    the ldif files looks like this

    cat oiam.ldif
    dn: ou=Groups,dc=oiam,dc=com
    changetype: add
    ou: Groups
    objectClass: organizationalunit
    objectClass: top

    dn: ou=Reserve,dc=oiam,dc=com
    changetype: add
    ou: Reserve
    objectClass: organizationalunit
    objectClass: top

    dn: ou=SystemIds,dc=oiam,dc=com
    changetype: add
    ou: SystemIds
    objectClass: organizationalunit
    objectClass: top

    At this time i have my soa ,bip,oim and odsm admin server up and running and ou=people container is already added at the time of OUD installation please help

    • James February 12, 2017 at 9:58 PM - Reply

      I encountered the same errors. Have you found a solution? Please advise.

      Thanks!

      • James February 12, 2017 at 10:58 PM - Reply

        I can add those entries using command line, but not using file.

  25. Chris January 6, 2017 at 5:34 AM - Reply

    Hello.

    I’m following your instructions and I get an error in the section “Oracle Identity & Access Management Domain Creation”. I got past the “Create a new Weblogic domain” but when you suggest to select:
    Oracle Identity Manager
    Oracle Access Management And Mobile Security Suite
    Oracle SOA Suite
    Oracle Enterprise Manager
    Oracle BI Publisher
    Oracle BI JDBC
    Oracle WSM Policy Manager
    Oracle JRF WebServices Asynchronous Services
    Oracle JRF
    Oracle Platform Security Services
    Oracle OPSS Metadata for JRF

    I get this error as soon as I select the first Oracle Identity Manager:
    CFGFWK-64072: One of the following needs to be selected:
    Oracle WebCenter Composer Extension – 11.1.1.0 [Oracle FRHome1]
    Oracle WebCenter Composer Extension – 11.1.1.0 [oracle_common]

    I have searched the list for these entries about 10 times and I cannot find them. Hence, I cannot proceed to create the domain. I have tried to select the above entries in different orders, but it keeps coming back with the same message.

    What am I missing?

  26. Uday January 6, 2017 at 10:19 PM - Reply

    Hi Prasad,

    I have consolidate questions from your post , appreciate if you could answer.

    what does configureSecurityStore.py do , it just required a database connection to store information is it?

    Why we have run domain creation utilty, config.sh twice?

    In the above architecture diagram , we have OIAM DB ; does this same as database what we used for RCU?

    one question From other posts ( OID Installation)

    There is an ODS schema that got created during OID RCU ; does ODS schema serves as user store?

    During OID installation we have created a domain ; can we use the same domain using extend existing domain option for above config.sh (2 times)

    Also i could see that SOA suite is installed , but there is nowhere in the screens SOA suite home is referred.How the integration happens?

    Thanks,
    Uday

  27. SriniK January 7, 2017 at 6:49 PM - Reply

    you supposed to install with weblogic infrastructure installation,rt?

    ***java -jar wls1036_generic.jar***

  28. Pradeep January 16, 2017 at 4:48 PM - Reply

    Hi Prasad,

    I am getting below error while doing OUD Sync OUD pre-configuration for LDAP sync. I have used the same ldif file you provided.

    [appsadm@CLDDEVAPP0125 bin]$ ./ldapmodify -h clddevapp0125.corpzone.internalzone.com -p 1389 -D “cn=Directory Manager” -w welcome1 -f oiam.ldif
    Warning: Entry ou=People,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value organizationalunit. The second occurrence of that objectclass has been skipped
    Warning: Entry ou=People,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value top. The second occurrence of that objectclass has been skipped
    Warning: Entry ou=People,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate attribute changetype with value add. The second occurrence of that attribute value has been skipped
    Warning: Entry ou=People,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value organizationalunit. The second occurrence of that objectclass has been skipped
    Warning: Entry ou=People,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value top. The second occurrence of that objectclass has been skipped
    Warning: Entry ou=People,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate attribute changetype with value add. The second occurrence of that attribute value has been skipped
    Warning: Entry ou=People,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value organizationalunit. The second occurrence of that objectclass has been skipped
    Warning: Entry ou=People,dc=oiam,dc=com read from LDIF starting at line 1 includes a duplicate objectclass value top. The second occurrence of that objectclass has been skipped
    Processing ADD request for ou=People,dc=oiam,dc=com
    ADD operation failed
    Result Code: 32 (No Such Entry)
    Additional Information: The provided entry ou=People,dc=oiam,dc=com cannot be added because its suffix is not defined as one of the suffixes within the Directory Server

    Could you help to resolve this.

    Thanks,
    Pradeep

    • Pradeep January 16, 2017 at 10:39 PM - Reply

      Hi Prasad,

      This got resolved. But when I am trying to access Identity Self Service. I logged in with xelsysadm credentials. But immediately it’s taking to OAM login page. Could you let me know what credentials need to give there as I am not able to login with xelsysadm or weblogic.

      Thanks,
      Pradeep

  29. Tushar Parmar January 19, 2017 at 12:10 PM - Reply

    Hi Prasad,

    I am following your blog to setup Oracle Identity & Access Management, only difference I have is we are using Oracle Internet Directory instead of OUD. Could you please share steps similar to OUD for pre & post configuration of Oracle Internet Directory?

  30. anu March 1, 2017 at 11:10 PM - Reply

    Hi Prasad,

    Can you please give me Ldap sync enabling steps. We have already installed and configured OIM and now would like to setup ldap sync to OUD.

    Thanks in advance.

  31. Seshadri chittoor March 5, 2017 at 8:42 PM - Reply

    Hi Prasad ,
    Can you Please provide proper document for how to pack the OIM_domain1 to OIM_domain2 in cluster environment .
    If you provide document for this scenario that is great for me.

    Thanks,
    Seshadri chittoor.

  32. chandrashekar March 11, 2017 at 1:54 AM - Reply

    hi prasad
    doing Ldap sync (OUD) am getting this error

    [oracle@chandhu ldap_config_util]$ ./LDAPConfigPostSetup.sh /OIM/oracle/MiddlewareOIM/Oracle_IDM/server/ldap_config_util
    For running the Utilities the following environment variables need to be set
    APP_SERVER is weblogic
    OIM_ORACLE_HOME is /OIM/oracle/MiddlewareOIM/Oracle_IDM/
    JAVA_HOME is /usr/java/jdk1.7.0_80/
    MW_HOME is /OIM/oracle/MiddlewareOIM/
    WL_HOME is /OIM/oracle/MiddlewareOIM/wlserver_10.3/
    DOMAIN_HOME is /OIM/oracle/MiddlewareOIM/user_projects/domains/OIMdomain/
    Executing oracle.iam.platformservice.utils.LDAPConfigPostSetup in IPv4 mode
    [Enter OIM admin password:]
    WLS ManagedService is not up running. Fall back to use system properties for configuration.
    Obtained LDAP Connection…..
    UsernamePasswordLoginModule.initialize(), debug enabled
    UsernamePasswordLoginModule.login(), username xelsysadm
    UsernamePasswordLoginModule.login(), URL t3://chandhu.rsslabs.com:14000
    log4j:WARN No appenders could be found for logger (org.springframework.jndi.JndiTemplate).
    log4j:WARN Please initialize the log4j system properly.
    Authenticated with OIM Admin…..
    oracle.iam.platform.utils.NoSuchServiceException: java.lang.reflect.InvocationTargetException
    at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:278)
    at oracle.iam.platform.OIMClient.getService(OIMClient.java:255)
    at oracle.iam.platformservice.utils.LDAPConfigPostSetup.(LDAPConfigPostSetup.java:240)
    at oracle.iam.platformservice.utils.LDAPConfigPostSetup.main(LDAPConfigPostSetup.java:146)
    Caused by: java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at oracle.iam.platform.OIMClient.getServiceDelegate(OIMClient.java:274)
    … 3 more
    Caused by: oracle.iam.platform.utils.NoSuchServiceException: javax.naming.NamingException: Couldn’t connect to the specified host [Root exception is org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed: No]
    at oracle.iam.scheduler.api.SchedulerServiceDelegate.(Unknown Source)
    … 8 more
    Caused by: javax.naming.NamingException: Couldn’t connect to the specified host [Root exception is org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed: No]
    at weblogic.corba.j2ee.naming.Utils.wrapNamingException(Utils.java:83)
    at weblogic.corba.j2ee.naming.ORBHelper.getORBReferenceWithRetry(ORBHelper.java:656)
    at weblogic.corba.j2ee.naming.ORBHelper.getORBReference(ORBHelper.java:594)
    at weblogic.corba.j2ee.naming.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:85)
    at weblogic.corba.j2ee.naming.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:31)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:46)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
    at javax.naming.InitialContext.init(InitialContext.java:242)
    at javax.naming.InitialContext.(InitialContext.java:216)
    at org.springframework.jndi.JndiTemplate.createInitialContext(JndiTemplate.java:137)
    at org.springframework.jndi.JndiTemplate.getContext(JndiTemplate.java:104)
    at org.springframework.jndi.JndiTemplate.execute(JndiTemplate.java:86)
    at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:153)
    at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:178)
    … 9 more
    Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 203 completed: No
    at com.sun.corba.se.impl.logging.ORBUtilSystemException.writeErrorSend(ORBUtilSystemException.java:2259)
    at com.sun.corba.se.impl.logging.ORBUtilSystemException.writeErrorSend(ORBUtilSystemException.java:2281)
    at com.sun.corba.se.impl.transport.SocketOrChannelConnectionImpl.writeLock(SocketOrChannelConnectionImpl.java:974)
    at com.sun.corba.se.impl.encoding.BufferManagerWriteGrow.sendMessage(BufferManagerWriteGrow.java:71)
    at com.sun.corba.se.impl.encoding.CDROutputObject.finishSendingMessage(CDROutputObject.java:162)
    at com.sun.corba.se.impl.protocol.CorbaMessageMediatorImpl.finishSendingRequest(CorbaMessageMediatorImpl.java:265)
    at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete1(CorbaClientRequestDispatcherImpl.java:389)
    at com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl.marshalingComplete(CorbaClientRequestDispatcherImpl.java:370)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.invoke(CorbaClientDelegateImpl.java:147)
    at com.sun.corba.se.impl.protocol.CorbaClientDelegateImpl.non_existent(CorbaClientDelegateImpl.java:250)
    at org.omg.CORBA.portable.ObjectImpl._non_existent(ObjectImpl.java:155)
    at weblogic.corba.j2ee.naming.ORBHelper.getORBReferenceWithRetry(ORBHelper.java:633)
    … 22 more
    Unable to get either LDAP, OIM connection or LDAPSync is not enabled and reason is:java.lang.reflect.InvocationTargetException

  33. Boopathi Sundararajan May 11, 2017 at 7:36 PM - Reply

    Hi Prasad,

    I’m new to OIM and OAM. Could you please let me know if i can able to download all these S/W free in Oracle site ?

    Thanks & Regards,
    Boopathi

    • pdomala May 12, 2017 at 8:13 AM - Reply

      Hi Boopathi,
      You can download trial versions from Oracle edelivery. You need to create an Oracle account for that.

      • Boopathi Sundararajan May 12, 2017 at 8:25 AM - Reply

        Hi Prasad,

        Thanks for your response. I have an Oracle account. I’l download these required files.

        I will post you if any help needed 🙂

        Thanks & Regards,
        Boopathi

      • Boopathi Sundararajan May 17, 2017 at 9:49 PM - Reply

        Hi Prasad,

        I have downloaded all the required files which you have mentioned above. However i have few doubts in OS Prerequisites. Might be this is silly question as i’m leaning from the scratch wanted to know this details. I’m not able to find these prerequisites from edelivery. Can you please let me know how to find this. Also once we download where we have to keep packages in Linux

        binutils-2.20.51.0.2-5.11.el6-x86_64
        compat-libcap1-1.10-1-x86_64
        compat-libstdc++-33-3.2.3-69.el6-x86_64
        compat-libstdc++-33-3.2.3-69.el6-i686
        libgcc-4.4.4-13.el6-i686
        libgcc-4.4.4-13.el6-x86_64
        libstdc++-4.4.4-13.el6-x86_64
        libstdc++-4.4.4-13.el6-i686
        libstdc++-devel-4.4.4-13.el6-x86_64
        sysstat-9.0.4-11.el6-x86_64
        gcc-4.4.4-13.el6-x86_64
        gcc-c++-4.4.4-13.el6-x86_64
        glibc-2.12-1.7.el6-i686
        glibc-2.12-1.7.el6-x86_64
        glibc-devel-2.12-1.7.el6-x86_64
        glibc-devel-2.12-1.7.el6
        libaio-0.3.107-10.el6-x86_64
        libaio-devel-0.3.107-10.el6-x86_64

        Thanks & Regards,
        Boopathi

  34. Johnson May 23, 2017 at 5:45 PM - Reply

    Dear Prasad

    What is the base requirement ( Processor,Ram,HDD) to install OAM in my Laptop.

    Thanks & Regards
    Johnson

Leave A Comment