Www.oracle.com



Setup for OBE : Oracle Identity Governance : Integrating Identity Manager and Identity Analytics

System requirements

Oracle Enterprise Linux 5.7

Install Database

1. Obtain RDBMS 11.2.1.0

2. Install database software, choosing to install the database software only.

3. Using NETCA, create a listener on the default port of 1521.

4. Using DBCA, create a database. Choose the default options, except for the following:

a. Global database name : orcl

b. SID : orcl

c. do not configure Enterprise Manager

d. Use same administrative password for all accounts : Welcome1

e. Typical memory : 1536MB

f. Select "Use Automatic Memory Management"

g. Character sets : select "AL32UTF8"

5. At a terminal, start sqlplus as sys and set the following DB parameters:

$ sys/Welcome1@localhost/orcl as sysdba

SQL> alter system set session_cached_cursors=100 scope=spfile;

SQL> alter system set processes=500 scope=spfile;

SQL> shutdown immediate;

SQL> startup;

SQL> alter system set aq_tm_processes=1 scope=both;

SQL> alter system set db_cache_size=150994944 scope=both;

SQL> alter system set java_pool_size=125829120 scope=both;

SQL> alter system set shared_pool_size=183500800 scope=both;

SQL> alter system set open_cursors=800 scope=both;

SQL> quit

$

Run Repository Creation Utility (RCU)

1. Obtain RCU for Identity Management 11.2.1.0.0 (V37476-01.zip).

2. Create schemas, choosing the defaults options except for the following:

a. Host name : localhost

b. Port : 1521

c. Service Name : orcl

d. Username : sys

e. Password : Welcome1

f. Create a new Prefix : DEV

g. Select the components : Oracle Identity Manager (SOA, MDS, OPSS are then also selected as dependencies)

h. Use same password for all schemas : Welcome1

Install JDK

1. Obtain JDK jdk-6u43-linux-x64.bin

2. As the root user:

mkdir /usr/jdk

cd /usr/jdk

/path/to/jdk-6u43-linux-x64.bin

3. Add the following to the .bash_profile of the oracle user

JAVA_HOME=/usr/jdk/jdk1.6.0_43

export JAVA_HOME

PATH=$JAVA_HOME/bin:$PATH

export PATH

Install WebLogic Server 10.3.6

1. Obtain wls1036_generic.jar

2. Run the WLS installer (java -jar /path/to/wls1036_generic.jar), choosing the defaults except for the following:

a. Create a new Middleware Home : /u01/app/Oracle/Middleware

b. skip security updates

c. choose the available JDK /usr/jdk/jdk1.6.0_43

d. Don't run Quickstart

Install SOA Server

1. Obtain V29672-01

2. Install into /u01/app/Oracle/Middleware, choosing the defaults except for the following:

a. skip security updates

Install the Identity and Access Management Suite

1. Obtain V37472-01

2. Install into /u01/app/Oracle/Middleware, choosing the defaults except for the following:

a. skip security updates

Create WebLogic domain

1. Start the Identity Manager domain creation utility:

cd /u01/app/Oracle/Middleware/Oracle_IDM1/common/bin

./config.sh

2. Create a domain using the following information:

a. Create a new WebLogic domain

b. Select "Oracle Identity Manager". SOA Suite and Enterprise Manager are automatically selected.

c. Keep the default values of base_domain and the domain locations under /u01/app/Oracle/Middleware/user_projects

d. Enter Welcome1 for the weblogic admin user password

e. Select Development Mode, and use the JDK in /usr/jdk/jdk1.6.0_43

f. Select all schemas and enter the following, leaving the "Schema Owner" field empty:

DBMS/Service: orcl

Host Name: localhost

Port: 1521

Schema Password: Welcome1

g. Select Administration Server and Managed Servers for Optional Configuration

h. Leave Admin Server settings at the default settings

i. Add a server "oia_server1" listening on port 18201

j. Leave Configure Cluster settings at the defaults (no clusters)

k. Leave Configure Machines settings at the defaults (only LocalMachine)

l. Move all servers to the LocalMachine Machine (click the right arrow to move them all)

m. Create

n. Done, to exit the utility

Configure the Security Store

In a terminal window, enter the following:

$ cd oracle_common/common/bin

$ ./wlst.sh /u01/app/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityStore.py -d /u01/app/Oracle/Middleware/user_projects/domains/base_domain -m create -c IAM -p Welcome1

The second command is all on the one line. When complete, you should see:

Info: Create operation has completed successfully.

Start AdminServer and SOA managed server

1. Start the AdminServer. Open a terminal window and enter:

$ cd /u01/app/Oracle/Middleware/user_projects/domains

$ ./startWebLogic.sh

The terminal window will not close. Wait till you see:

2. Start the SOA managed server. Open a terminal window and enter:

$ cd /u01/app/Oracle/Middleware/user_projects/domains

$ ./bin/startManagedWebLogic.sh soa_server1

Enter "weblogic" and "Welcome1" at the username and password prompts. The terminal window will not close. Wait till you see:

Patch SOA Server

1. Obtain patch 16366204. Unpack the patch into a temporary location, e.g. /stage

2. Stop the SOA managed server. Open a terminal window, and enter:

$ cd /u01/app/Oracle/Middleware/user_projects/domains/base_domain

$ ./bin/stopManagedWebLogic.sh soa_server1

Enter "weblogic" and "Welcome1" at the username and password prompts.

3. Run the OPatch utility:

$ cd /stage/16366204

$ export ORACLE_HOME=/u01/app/Oracle/Middleware/Oracle_SOA1

$ $ORACLE_HOME/OPatch/opatch apply

Respond with "y" for "Do you want to proceed" and "Is the local system ready"

4. Start the SOA managed server. In the original window where you started the SOA managed server, enter:

$ cd /u01/app/Oracle/Middleware/user_projects/domains

$ ./bin/startManagedWebLogic.sh soa_server1

Enter "weblogic" and "Welcome1" at the username and password prompts. The terminal window will not close. Wait till you see:

Configure Oracle Identity Manager

1. Start the Oracle Identity Manager configuration utility. In a terminal window, enter:

$ cd /u01/app/Oracle/Middleware/Oracle_IDM1/bin

$ ./config.sh

2. Configure OIM using the following information:

a. Select OIM Server and OIM Design Console

b. Connect String: localhost:1521:orcl

OIM Schema User Name: DEV_OIM

OIM Schema Password: Welcome1

MDS Schema User Name: DEV_MDS

MDS Schema Password: Welcome1

c. WebLogic Admin Server URL : t3://localhost:7001

UserName: weblogic

Password: Welcome1

d. OIM Administrator Password: Welcome1

Confirm Password: Welcome1

OIM HTTP URL:

KeyStore Password: Welcome1

Confirm KeyStore Password: Welcome1

Enable LDAP Sync: deselected

e. OIM Server Hostname: hostname.

OIM Server Port: 14000

Stop and Start AdminServer and SOA server

1. In a terminal window, enter the following:

$ cd /u01/app/Oracle/Middleware/user_projects/domains/base_domain

$ ./bin/stopManagedWebLogic.sh soa_server1

Enter "weblogic" and "Welcome1" at the username and password prompts.

$ ./bin/stopWebLogic.sh

2. Start the Admin Server and SOA Server using the instructions in "Start Admin Server and SOA Server".

Start Oracle Identity Manager

1. Open a terminal window and enter:

$ cd /u01/app/Oracle/Middleware/user_projects/domains

$ ./bin/startManagedWebLogic.sh oimg_server1

Enter "weblogic" and "Welcome1" at the username and password prompts. The terminal window will not close. Wait till you see:

Create WebLogic client JAR file

Open a terminal window and enter:

$ cd /u01/app/Oracle/Middleware/wlserver_10.3/server/lib

$ java –jar wljarbuilder.jar

$ cp wlfullclient.jar /u01/app/Oracle/Middleware/Oracle_IDM1/designconsole/ext

Deploy Oracle Identity Analytics

1. Obtain patch 14831724

2. Create the /u01/app/oia directory and unpack the patch zip file in that directory

$ mkdir /u01/app/oia

$ cd /u01/app/oia

$ unzip /path/to/ p14831724_111150_Generic.zip

3. Unpack the WAR file to a staging directory

$ mkdir /u01/app/oia/rbacx

$ cd /u01/app/oia/rbacx

$ jar xvf ../rbacx.war

4. Configure OIA as per the installation instructions:



That is:

a. copy over required JAR files

b. edit log4j.properties file to set log file path)

(also set DEBUG for iam for easier debugging later)

c. edit and encrypt conf/jdbc.properties file

jdbc.url=jdbc:oracle:thin:@localhost:1521:orcl

jdbc.driverClassName=oracle.jdbc.OracleDriver

jdbc.username=rbacxservice

jdbc.password=Welcome1

To encrypt :

$ java -jar ../rbacx/WEB-INF/lib/vaau-commons-crypt.jar -encryptProperty -cipherKeyProperties ./cipherKey.properties -propertyFile ./jdbc.properties -propertyName jdbc.password

d. create schema for OIA

$ cd /u01/app/oia/db/oracle

$ . oraenv

ORACLE_SID = [oracle] ? orcl

The Oracle base has been set to /u01/app/oracle

$ sqlplus sys/Welcome1 as sysdba

SQL> create user rbacxservice identified by Welcome1;

SQL> @rbacx-11.1.1.5.1_oracle_schema.sql

SQL> @migrate-rbacx-11.1.1.5.3To11.1.1.5.4-oracle.sql

SQL> @migrate-rbacx-11.1.1.5.4To11.1.1.5.5-oracle.sql

SQL> quit

5. Edit the /u01/app/Oracle/Middleware/user_projects/domains/base_domain/bin/setDomainEnv.sh script to add two lines at the start :

RBACX_HOME=/u01/app/oia

export RBACX_HOME

This is required so that OIA can locate its "home" directory for configuration etc.

6. Create a file /u01/app/oia/rbacx/WEB-INF/weblogic.xml with the contents:

javax.wsdl.*

com.ibm.wsdl.*

org.springframework.*

org.aspectj.*

org.jdom.*

org.codehaus.xfire.*

org.jaxen.*

org.apache.bcel.*

org.mons.*

com.ctc.wstx.*

org.codehaus.stax2.*

org.openspml.*

org.quartz.*

This file tells WebLogic to prefer the Java packages in the WEB-INF directory of the OIA application, preventing class version errors.

7. Start the OIA managed server. In a new terminal window:

cd /u01/app/Oracle/Middleware/user_projects/domains/base_domain

./bin/startManagedWebLogic.sh oia_server1

Use weblogic and Welcome1 for the username and password.

8. Deploy OIA.

a. Start the WebLogic admin console by accessing

b. Log in as weblogic/Welcome1

c. Click Deployments -> Install

d. Browse to the /u01/app/oia directory, and select the radio button for the rbacx directory entry (we are going to deploy from the directory, not the WAR file). Click Next.

e. Install this deployment as an application. Click Next.

f. Select oia_server1, click Next

g. Under "Source accessibility", select the "I will make the deployment accessible from the following location", and click Next.

h. Click Finish. Wait for the result, to see if the deployment was successful. If so, click Save.

9. Once deployed, verify that you can log into OIA. The URL is . Log in as the rbacxadmin user (default password is "password"). You will have to change the password at first log in. Change the password to "Welcome1". You will be logged out. Log in with the new password "Welcome1" to verify that it was changed correctly.

Install Oracle Unified Directory

1. Obtain OUD (V37478-01)

2. Install OUD, choosing the defaults except for:

a. Skip Software Updates

b. OUD Base Location Home : /u01/app/Oracle/Middleware

3. Create an instance. In a terminal window, start the OUD wizard:

$ cd /u01/app/Oracle/Middleware/Oracle_OUD1

$ oud-setup

Choose the default settings. The password for the Root DN should be Welcome1

4. Create two Organizational Units in OUD, using the following LDIF file:

dn: ou=People,dc=example,dc=com

ou: People

objectclass: organizationalUnit

dn: ou=Groups, dc=example,dc=com

ou: Groups

objectclass: organizationalUnit

dn: cn=Portal Users,ou=Groups,dc=example,dc=com

cn: Portal Users

objectclass: groupofuniquenames

dn: cn=Portal Admins,ou=Groups,dc=example,dc=com

cn: Portal Admins

objectclass: groupofuniquenames

And the following commands:

$ cd /u01/app/Oracle/Middleware/Oracle_OUD1/bin

$ ./ldapmodify -p 1389 -D "cn=Directory Manager" -w Welcome1 -a -f file.ldif

Seed User Data to Oracle Identity Manager

1. The OIM URL is . Log in as xelsysadm/Welcome1. If this is the first time you are signing in, you will have to set challenge questions and answers. Set them to any value.

2. Create the following organizations of type Department in OIM : Finance, Engineering, Sales

3. Create a user PALLEN, first name "Paul", last name "Allen", password "Welcome1", in the Sales organization, as a Full Time Employee.

4. Using the Bulk Load Utility, seed the following users, specifying the user PALLEN as the user to copy the password from:

USR_FIRST_NAME,USR_LAST_NAME,MANAGER_NAME,USR_EMAIL,ORG_NAME,USR_LOGIN

Teena,Semmens,,tsemmens@,Finance,tsemmens

Aime,McBeth,,amcbeth@,Engineering,amcbeth

Bettina,MacElwee,pallen,bmacelwee@,Sales,bmacelwee

Trudy,Auerbach,tsemmens,tauerbach@,Finance,tauerbach

Julieta,Hertzog,pallen,jhertzog@,Sales,jhertzog

Nancey,Jepson,tsemmens,njepson@,Finance,njepson

Richelle,Amorim,pallen,ramorim@,Sales,ramorim

Magdi,Dudas,amcbeth,mdudas@,Engineering,mdudas

Manda,Tebbe,amcbeth,mtebbe@,Engineering,mtebbe

Rosalia,Teerdhala,tsemmens,rteerdhala@,Finance,rteerdhala

Mirelle,Sauve,amcbeth,msauve@,Engineering,msauve

Phillipa,Becker,pallen,pbecker@,Sales,pbecker

Dorelia,Bratten,tsemmens,dbratten@,Finance,dbratten

Lesly,Aula,amcbeth,laula@,Engineering,laula

Tom,Thames,pallen,tthames@,Sales,tthames

Clarence,Saladna,tsemmens,csaladna@,Finance,csaladna

Geniffer,Galvin,amcbeth,ggalvin@,Engineering,ggalvin

Constantine,Drenan,pallen,cdrenan@,Sales,cdrenan

Kenny,Vesterdal,tsemmens,kvesterdal@,Finance,kvesterdal

Dominica,Hilder,amcbeth,dhilder@,Engineering,dhilder

Louisa,Schirtzinger,pallen,lschirtzinger@,Sales,lschirtzinger

Portia,Bradshaw,tsemmens,pbradshaw@,Finance,pbradshaw

Trey,Spears,amcbeth,tspears@,Engineering,tspears

Jon,Olsen,amcbeth,jolsen@,Engineering,jolsen

Kathee,Acklin,pallen,kacklin@,Sales,kacklin

Celine,Dayberry,amcbeth,cdayberry@,Engineering,cdayberry

Merissa,Railey,pallen,mrailey@,Sales,mrailey

Install Generic LDAP Connector in Oracle Identity Manager

1. Obtain the OID (Generic LDAP) connector - OID-11.1.1.6.0.zip

2. Unpack the connector in the /u01/app/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory

3. Use the Connector Installer in OIM to install the connector. Manage Connectors > Install Connector > select OUD connector > install

4. Create an IT Resource instance for the OUD server.

IT Resource Name : Corporate LDAP

IT Resource Type : LDAP

baseContexts: "dc=example,dc=com"

Configuration Lookup: Lookup.LDAP.OUD.Configuration

credentials: Welcome1

host: localhost

port: 1389

principal: cn=Directory Manager

ssl: false

5. Run the "LDAP Connector OU Lookup Reconciliation" scheduled job to pull in the organizational units from OUD. Be sure the change the IT Resource Name field in the scheduled job to "Corporate LDAP".

6. Run the "LDAP Connector Group Lookup Reconciliation" scheduled job to pull in the groups from OUD.

Create Roles and Access Policies in Oracle Identity Manager

1. Create two roles in the Identity Self Service Console:

Portal User

Portal Administrator

2. Create two Access Policies in the System Administration Console

a. Name: Portal User on Corporate LDAP

Provision: Without Approval

Retrofit Access Policy:

Select Resources to be provisioned: LDAP User

Server: Corporate LDAP

Container DN: Corporate LDAP~People

Set Additional Data : LDAP Group: Corporate LDAP~Portal Users

Revoke if No Longer Applies : selected

Roles: Portal User

b. Name: Portal Administrator on Corporate LDAP

Provision: Without Approval

Retrofit Access Policy:

Select Resources to be provisioned: LDAP User

Server: Corporate LDAP

Container DN: Corporate LDAP~People

Set Additional Data : LDAP Group: Corporate LDAP~Portal Admins

Revoke if No Longer Applies : selected

Roles: Portal Administrator

Assign Roles to Users in Oracle Identity Manager

Using the Identity Self-Service Console, assign the Portal User role to the following users:

Trudy Auerbach TAUERBACH Finance tauerbach@

Nancey Jepson NJEPSON Finance njepson@

Richelle Amorim RAMORIM Sales ramorim@

Magdi Dudas MDUDAS Engineering mdudas@

Manda Tebbe MTEBBE Engineering mtebbe@

Rosalia Teerdhala RTEERDHALA Finance rteerdhala@

Mirelle Sauve MSAUVE Engineering msauve@

Phillipa Becker PBECKER Sales pbecker@

Dorelia Bratten DBRATTEN Finance dbratten@

Lesly Aula LAULA Engineering laula@

Tom Thames TTHAMES Sales tthames@

Geniffer Galvin GGALVIN Engineering ggalvin@

Kenny Vesterdal KVESTERDAL Finance kvesterdal@

Dominica Hilder DHILDER Engineering dhilder@

Louisa Schirtzinger LSCHIRTZINGER Sales lschirtzinger@

Portia Bradshaw PBRADSHAW Finance pbradshaw@

Trey Spears TSPEARS Engineering tspears@

Jon Olsen JOLSEN Engineering jolsen@

Approve the request-level request.

Run the Evaluate User Policies Scheduled Job

Using the Identity System Administration console, run the Evaluate User Policies scheduled job, to force the provisioning of accounts on OUD.

Verify Provisioning of Accounts in Oracle Unified Directory

In a terminal window, execute the following commands:

$ cd /u01/app/Oracle/Middleware/Oracle_OUD1/bin

$ ./ldapsearch -p 1389 -D "cn=Directory Manager" -w Welcome1 -b "dc=example,dc=com" "cn=Portal Users"

The output should be:

dn: cn=Portal Users,ou=Groups,dc=example,dc=com

uniqueMember: uid=MTEBBE,ou=People,dc=example,dc=com

uniqueMember: uid=MSAUVE,ou=People,dc=example,dc=com

uniqueMember: uid=LSCHIRTZINGER,ou=People,dc=example,dc=com

uniqueMember: uid=TSPEARS,ou=People,dc=example,dc=com

uniqueMember: uid=LAULA,ou=People,dc=example,dc=com

uniqueMember: uid=GGALVIN,ou=People,dc=example,dc=com

uniqueMember: uid=PBECKER,ou=People,dc=example,dc=com

uniqueMember: uid=MDUDAS,ou=People,dc=example,dc=com

uniqueMember: uid=TTHAMES,ou=People,dc=example,dc=com

uniqueMember: uid=KVESTERDAL,ou=People,dc=example,dc=com

uniqueMember: uid=DHILDER,ou=People,dc=example,dc=com

uniqueMember: uid=DBRATTEN,ou=People,dc=example,dc=com

uniqueMember: uid=TAUERBACH,ou=People,dc=example,dc=com

uniqueMember: uid=RTEERDHALA,ou=People,dc=example,dc=com

uniqueMember: uid=PBRADSHAW,ou=People,dc=example,dc=com

uniqueMember: uid=RAMORIM,ou=People,dc=example,dc=com

uniqueMember: uid=JOLSEN,ou=People,dc=example,dc=com

cn: Portal Users

objectClass: groupofuniquenames

objectClass: top

Optional steps

1. Copy the boot.properties file from the Admin Server to the managed server instances, so that a password is not required when starting/stopping each managed server

$ cd /u01/app/Oracle/Middleware/user_projects/domains/base_domain/servers

$ mkdir oia_server1/security

$ mkdir oim_server1/security

$ mkdir soa_server1/security

$ cp AdminServer/security/boot.properties oia_server1/security

$ cp AdminServer/security/boot.properties oim_server1/security

$ cp AdminServer/security/boot.properties soa_server1/security

2. Create desktop shortcuts for stopping and starting the weblogic server instances.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download