Operating System: Oracle Linux 6.5 (Virtual Machine)
Oracle Database: 11.2.0.1.0
Prerequisites
References
- Oracle Identity Management 11g Documentation
- Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0)
- Oracle Software Delivery Cloud
- JRockit Installation
- WebLogic 10.3.6 Installation
- Using Repository Creation Utility 11.1.2.2.0 to Create Schema
- SOA 11.1.1.7.0 Installation
- Apply SOA Mandatory Patches
- IDM 11.1.2.2.0 Installation
- Create WebLogic Domain
- Upgrade OPSS Schema
- Configure Database Security Store
- Configure OIM 11.1.2.2
- Post-Installation Tasks
JRockit Installation
The latest JRockit downloads can be found in following Oracle Support document:
- Information Center: Using Oracle JRockit (Doc ID 1384221.2)
- All Java SE Downloads on MOS (Doc ID 1439822.1)
File Name: p18763693_2833_Linux-x86-64.zip
Extracting the zip file will create a "jrockit-jdk1.6.0_81" directory. This directory can be placed anywhere. Set JAVA_HOME variable in your bash profile to the location where "jrockit-jdk1.6.0_81" is placed the (E.g. JAVA_HOME=/home/oracle/jrockit-jdk1.6.0_81).
WebLogic 10.3.6 Installation
File Name: V29856-01.zip
After extracting the zip file, an executable jar file is created. Execute the "wls1036_generic.jar" jar file to start the WebLogic installation (E.g. java -jar wls1036_generic.jar). Below are screen shots of the installation process:
Using Repository Creation Utility 11.1.2.2.0 to Create Schema
File Name: V43024-01.zip
After extracting the zip file, navigate to "rcuHome/bin" directory and execute "rcu" script. Given below are screen shots:
 |
 |
SOA 11.1.1.7.0 Installation
File Names: V37380-01_1of2.zip and V37380-01_2of2.zip
Install Package: sudo yum install compat-libcap1
After extracting both zip files, six Disk directories should have been created. Navigate to "Disk1/" and execute the "runInstaller" script (E.g. ./runInstaller -jreLoc $JAVA_HOME). Below are screen shots of the installation process:
Apply SOA Mandatory Patches
File Names: OIM_11.1.2.2_SOAPS6_PREREQS.zip and p18292842_111170_Generic.zip
Refer to "Oracle® Fusion Middleware Identity Management Release Notes 11g Release 2 (11.1.2.2) E56629-01" section "2.2.2 Mandatory Patches Required for Installing Oracle Identity Manager" for more information on other mandatory patches that you may need for your environment.
The "OIM_11.1.2.2_SOAPS6_PREREQS.zip" file can be found after extracting the IDM binaries ({Location of IDM binaries}/Disk1/OIM_11.1.2.2_SOAPS6_PREREQS.zip).
#Include the SOA OPatch in Path export PATH=/home/oracle/Oracle/Middleware/Oracle_SOA1/OPatch:$PATH #Set the ORACLE_HOME to the SOA Directory export ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_SOA1 # Unzip the file unzip p18292842_111170_Generic.zip # Apply SOA one-off patch cd <18292842 directory>/oui opatch apply # Apply SOA bundle patches # SOAPATCH is created after extracting OIM_11.1.2.2_SOAPS6_PREREQS.zip opatch napply SOAPATCH -oh /home/oracle/Oracle/Middleware/Oracle_SOA1
IDM 11.1.2.2.0 Installation
File: ofm_iam_generic_11.1.2.2.0_disk1_1of2.zip and
ofm_iam_generic_11.1.2.2.0_disk1_2of2.zip (V43017-01)
After extracting both files, three Disk directories should have been created. Navigate to "Disk1" directory and then execute the "runInstaller" script (./runInstaller -jreLoc $JAVA_HOME). Below are screen shots of the installation process:
Create WebLogic Domain
Navigate to "$MW_HOME/Oracle_IDM1/common/bin" directory and execute the "config.sh" script. Given below are screen shots of creating a new WebLogic domain.
Upgrade the OPSS schema using Patch Set Assistant
Navigate to "/home/oracle/Oracle/Middleware/oracle_common/bin" and execute "psa" script. Below are screen shots of upgrading the OPSS schema version.
Configure Database Security Store
# Command to configure DB security store $MW_HOME/oracle_common/common/bin/wlst.sh $MW_HOME/Oracle_IDM1/common/tools/configureSecurityStore.py -d $MW_HOME/user_projects/domains/$DOMAIN_NAME -c IAM -p Password1 -m create # Example /home/oracle/Oracle/Middleware/oracle_common/common/bin/wlst.sh /home/oracle/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py -d /home/oracle/Oracle/Middleware/user_projects/domains/base_domain -c IAM -p Password1 -m create
Output Logs
CLASSPATH=/home/oracle/Oracle/Middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/oracle/Oracle/Middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/oracle/jrockit-jdk1.6.0_81/lib/tools.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/home/oracle/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/home/oracle/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/home/oracle/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/home/oracle/Oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/lib/adfscripting.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/lib/mdswlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/auditwlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/igfwlsthelp.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/jps-wls-trustprovider.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/oamap_help.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/sslconfigwlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/wsm-wlst.jar:/home/oracle/Oracle/Middleware/utils/config/10.3/config-launch.jar::/home/oracle/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbynet.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbytools.jar:: Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Info: Data source is: opss-DBDS Info: DB JDBC driver: oracle.jdbc.OracleDriver Info: DB JDBC URL: jdbc:oracle:thin:@localhost:1521/orcl Connected:oracle.jdbc.driver.T4CConnection@1e75cc82 Disconnect:oracle.jdbc.driver.T4CConnection@1e75cc82 INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done Sep 28, 2014 10:11:38 PM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator schemaCompatibleHandler INFO: Credential store schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0 [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] seedSchemaAndCreateDIT - done Sep 28, 2014 10:11:48 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData INFO: Migration of Credential Store data in progress..... Sep 28, 2014 10:11:48 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:00 [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done Sep 28, 2014 10:11:49 PM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0 [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done Sep 28, 2014 10:11:53 PM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler INFO: Policy schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0 [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done WLS ManagedService is not up running. Fall back to use system properties for configuration. Sep 28, 2014 10:12:04 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData INFO: Migration of Admin Role Members started Sep 28, 2014 10:12:04 PM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData INFO: Migration of Admin Role Members completed in 00:00:00 [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] migrateData - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] testJpsService - done [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done Sep 28, 2014 10:12:04 PM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator schemaCompatibleHandler INFO: Audit store schema upgrade not required. Store Schema version 11.1.1.7.2 is compatible to the seed schema version 11.1.1.4.0 [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] seedSchemaAndCreateDIT - done Sep 28, 2014 10:12:05 PM oracle.security.jps.internal.audit.AuditServiceImpl registerInternal WARNING: Cannot register to audit service for component "JPS". Sep 28, 2014 10:12:05 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData INFO: Migration of Audit Store data in progress..... Sep 28, 2014 10:14:26 PM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData INFO: Migration of Audit Store data completed, Time taken for migration is 00:02:21 [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done persist to output: /home/oracle/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig - done INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done persist to output: /home/oracle/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig - done INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. Using default context in /home/oracle/Oracle/Middleware/user_projects/domains/base_domain/config/fmwconfig/jps-config-migration.xml file for credential store. Credential store location : jdbc:oracle:thin:@localhost:1521/orcl Credential with map Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully! Credential for map Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is: GenericCredential Info: diagnostic credential created in the credential store. Info: Create operation has completed successfully.
# Validate DB Security Store /home/oracle/Oracle/Middleware/oracle_common/common/bin/wlst.sh /home/oracle/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py -d /home/oracle/Oracle/Middleware/user_projects/domains/base_domain -m validate
Validation Output Logs
CLASSPATH=/home/oracle/Oracle/Middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/oracle/Oracle/Middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/home/oracle/jrockit-jdk1.6.0_81/lib/tools.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/home/oracle/Oracle/Middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/home/oracle/Oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/home/oracle/Oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/home/oracle/Oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/lib/adfscripting.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/lib/mdswlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/auditwlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/igfwlsthelp.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/jps-wls-trustprovider.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/oamap_help.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/ossoiap.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/sslconfigwlst.jar:/home/oracle/Oracle/Middleware/oracle_common/common/wlst/resources/wsm-wlst.jar:/home/oracle/Oracle/Middleware/utils/config/10.3/config-launch.jar::/home/oracle/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbynet.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/home/oracle/Oracle/Middleware/wlserver_10.3/common/derby/lib/derbytools.jar:: Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Info: Data source is: opss-DBDS INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. WLS ManagedService is not up running. Fall back to use system properties for configuration. Info: Diagnostics data was saved to the credential store. Info: Validate operation has completed successfully.
Configure Oracle Identity Manager 11.1.2.2
Start AdminServer and SOA servers. Navigate to "/home/oracle/Oracle/Middleware/Oracle_IDM1/bin" directory and execute "config.sh" script. Below are screen shots of the configuration process.
Post Installation Tasks
Enable Design Console
You need to create the "wlfullclient.jar" and get it the proper permissions. This file needs to be copied into "<MW_HOME>/wlserver_10.3/server/lib/" and "<IDM_HOME>/Oracle_IDM1/designconsole/ext/". WebLogic Administration Server and "oim_server1" managed server must be running.
Execute the following commands: cd /home/oracle/Oracle/Middleware/wlserver_10.3/server/lib/ java -jar /home/oracle/Oracle/Middleware/modules/com.bea.core.jarbuilder_1.7.0.0.jar chmod 750 wlfullclient.jar cp wlfullclient.jar /home/oracle/Oracle/Middleware/Oracle_IDM1/designconsole/ext/
If you are seeing the following exception when starting the OIM server, you may need to increase the database processes and sessions:
Received exception while creating connection for pool "oimOperationsDB": Listener refused the connection with the following error: ORA-12516, TNS:listener could not find available handler with matching protocol stack
Run the following SQL queries as SYS to adjust the number of database processes and sessions:
alter system set processes=300 scope=spfile; alter system set sessions=300 scope=spfile;
Restart the entire stack.
No comments:
Post a Comment