Setting up the OPSS Environment

<Do not delete this text because it is a placeholder for the generated list of "main" topics when run in a browser>

Purpose

This tutorial covers setting up the Oracle Virtual Box image associated with the hands-on exercises for Oracle Platform Security Services (OPSS). You can alternatively download and install the environment directly on a machine as well.

After completing this exercise, you should be able to:

Time to Complete

Approximately 1 hour not including download times

Overview

OPSS is Oracle's security framework for developing and managing security services in Java SE and EE environments. This tutorial is the prerequisite course for all OPSS OBE tutorials.

OBE Environment Architecture

This is the high-level architecture of the environment used for the OPSS hands-on OBE tutorials. The environment consists of the following:

Software and Hardware Requirements

The following is a list of software requirements:

         Username: oracle
         Password: oracle

The following software products are already installed on the virtual image:

The following software products must be downloaded and installed on the virtual image:

NOTE: Be sure to install the software to the locations indicated in the Prerequisites section below. Be sure to follow all notes and instructions in the Prerequisites section as well.

Prerequisites

Before starting this tutorial, you should ensure the following prerequisites are met:

.

Oracle recommends taking the online self-study course: OPSS Concepts. The online course provides the concepts for this hands-on tutorial.

.

After importing the Oracle Virtual Box image, change the following settings before starting the image:

  • Set the Base Memory to 1780MB using the System menu.
  • Ensure that the network adapter is enabled and it is attached to NAT using the Network menu.

.

Ignore the lab instructions and materials on the VM image desktop that are focused on database labs.

.

Install the following products, and in the following order, using the related installation guide from the product's documentation.

NOTE: Be sure to download software to the / file system as there is not enough space on the /home file system. You will have to remove each download installer after installing that product. This is because there is limited space on the hard drive and these products take up a lot of space. For example, after extracting the contents of the IdM zip file, you should delete the zip file itself to reclaim that space. Deleting the zip files, the wls1036_linux32.bin, and Disk1, Disk2, Disk3 files when finished using them will ensure there is a lot of space available on the drive.

ALTERNATIVELY: You can add a new disk to the virtual image to ensure you have enough disk space to serve all your needs.

The root user login for the virtual image is root/oracle if needed.

The FMW PS5 (11.1.1.6) version of Oracle Identity Management provides a full product installation option that should be used for this series of OBEs. As part of this process, be sure to choose the Install and Configure option as shown in the screen shot below:

Products to Install:

  • Oracle WebLogic Server 11g PS5 (11.1.1.6) (download) (installation guide)
  • Oracle Identity Management 11g PS5 (11.1.1.6) (download) (installation guide)
  • JXplorer 3.2.2 (download)
  • Oracle JDeveloper 11gR1 (11.1.1.5.0 or later) (download) (installation guide)
      NOTE: JDeveloper is not used or needed unless you are doing OPSS development-related tasks as part of the developer track. The JDeveloper version that is already installed on the virtual image does not work with the application and the later version must be downloaded and installed to do the JDeveloper-based OBE.

Here are my notes for configuring the IdM product during installation:

Screen Parameter Value
Create New Domain User name weblogic
  Password welcome1
  Domain IDMDomain
  Install location Leave default as /u01/app/oracle/Middleware/user_projects/domains
Configure Components Select only OID, EM, and ODSM
Port Configuration Select auto port configuration
Create Schema Connection string localhost:1521:orcl
  User name sys
  Password oracle
Enter Schema Passwords ODS password oracle
  ODSSM password oracle
Pop up window Recommended to configure 500 processes Click Yes to continue
Configure OID Realm dc=us,dc=oracle,dc=com
  User name cn=orcladmin
  Password welcome1

Click Install. This process will take a long time to complete on the VB image.

After everything has installed successfully, continue on to the next step.

.

Setup Launch Panel Icons:

Drag and drop the Firefox desktop icon to the launch panel on the top of the screen, next to the icon. After installing JXplorer and JDeveloper, drag the executable jxplorer and jdeveloper files from their installation folders to the launch panel as well so that these applications are convenient to access. Note: The JDeveloper executable should be $MW_HOME/jdeveloper/jdev/bin/jdev. You may have to change the icon in the launcher to include the coffee.png file located in the same folder.

When finished your launch panel should look similar to the following:

 

.

Install OBE lab files:

Copy the lab files for this OBE series to the virtual image or your own environment:

  • Right-click the link and select Save As to save the file to your computer
  • FTP or file copy the labs.tar file to your lab environment. Make sure the file is located in the /home/oracle folder
  • Extract lab files using tar xvf labs.tar
  • Copy /home/oracle/labs/bin/bashrc to $HOME/.bashrc to overwrite the original file. This file contains the environment variables used for the OPSS OBEs.
  • Make lab scripts executable using the following commands:

$ cd /home/oracle/labs/bin
$ chmod +x *.sh

 

Understanding the environment:

.

This set of OBE tutorials uses the following folder locations and variables for all product and lab materials:

Purpose Location
Profile set up /home/oracle/.bashrc
Lab files ($LAB_HOME) /home/oracle/labs
General lab scripts /home/oracle/labs/bin
Oracle database ($ORACLE_BASE)

/home/oracle/app/oracle

Oracle home ($ORACLE_HOME)

/home/oracle/app/oracle/product/11.2.0/dbhome_2

Oracle SID ($ORACLE_SID) orcl
Oracle FMW ($MW_HOME) /u01/app/oracle/Middleware
Java SE 1.6 ($JAVA_HOME)

/u01/app/oracle/Middleware/jdk160_29

JDeveloper 11.1.1.5 /u01/app/oracle/Middleware2/jdeveloper
JDeveloper 11.1.1.6

/u01/app/oracle/Middleware/jdeveloper

Oracle IdM Products /u01/app/oracle/Middleware/Oracle_IDM1
WebLogic domains ($DOMAINS) /u01/app/oracle/Middleware/user_projects/domains
IdM domain (not used by our OBE tutorials) /u01/app/oracle/Middleware/user_projects/domains/IDMDomain
OPSS student lab domain location ($MY_DOMAIN) /u01/app/oracle/Middleware/user_projects/domains/myxmldomain
WebLogic Server ($WL_HOME) /u01/app/oracle/Middleware/wlserver_10.3
Oracle Internet Directory (OID) commands ($OID_BIN) /u01/app/oracle/Middleware/asinst_1/bin
Lab application development folder /home/oracle/labs/apps/OpssADFDemoApp
Lab deployment files /home/oracle/labs/apps
JXplorer ($LDAP_HOME) /u01/oracle/jxplorer-3.2.2

 

.

The following convenience aliases are available to make navigation in the OBE environment easier. Please print out a copy of the folder locations and aliases for reference while performing the labs. This will save you a lot of typing. After sourcing the new environment you can easily recall these shortcuts by executing the alias command.

Alias Function
jx cd $LDAP_HOME
jh cd $JAVA_HOME
fmw cd $MW_HOME
wls cd $WL_HOME
domains cd $DOMAINS
opss cd $OPSS_DOMAIN
mydomain cd $MY_DOMAIN
oid cd $OID_BIN
labs cd $LAB_HOME

 

Start Oracle Identity Directory (OID) and Oracle Database

This series of hands-on tutorials uses an Oracle database, OID, and Enterprise Manager (EM) as the underlying infrastructure. These steps start these services for you using a simple script.

.

NOTE: If using the virtual image, the database and listener are started automatically when the image is booted. If running on your own environment start the Oracle database before running this step. And of course, if the database is not running, then start it before running this step. You can modify the $LAB_HOME/bin/startenv.sh script to match your environment to start both the database and OID.

Open a terminal window using the icon on the launch panel, and execute the following command to start OID servers:

$LAB_HOME/bin/startoid.sh

Your output should look similar to the following:

$ $LAB_HOME/bin/startoid.sh

opmnctl startall: starting opmn and all managed processes...
Waiting for all OID processes to start. This takes a little while...

Processes in Instance: asinst_1
--------------+--------------+-------+---------
ias-component | process-type | pid   | status
--------------+--------------+-------+---------
oid1          | oidldapd     | 18188 | Alive
oid1          | oidldapd     | 18177 | Alive
oid1          | oidmon       | 18159 | Alive
EMAGENT       | EMAGENT      | 18158 | Alive

/home/oracle

OID started

Now that the infrastructure required for doing the OBE series is running, let's create the WebLogic domain you will use to work with OPSS.

 

Create OPSS-Based WebLogic Domain


This section shows you how to create an OPSS-enabled WebLogic Server domain. This domain is used to perform the practices in this series of OBE tutorials. Follow the instructions below to create your domain.

.

Within the same terminal window, execute the following command to start the WebLogic Configuration Wizard that is OPSS-aware:

$MW_HOME/Oracle_IDM1/common/bin/config.sh

The WebLogic Configuration Wizard Splash screen appears:

The WebLogic Configuration Wizard Welcome screen is displayed. Leave the default "Create a new WebLogic domain" selection and click Next.

 

.

On the Select Domain Source screen, select Oracle Enterprise Manager - 11.1.1.0 [oracle_common] and Oracle JRF - 11.1.1.0 [oracle_common] and click Next. This component contains the OPSS framework and sets the domain to be OPSS-enabled:


.

On the Select Domain Name and Location screen, leave the Domain location and Application Location as their default values, enter myxmldomain as the Domain name, and click Next. This specifies that your OPSS-enabled WebLogic domain is created at /u01/app/oracle/Middleware/user_projects/domains/myxmldomain:

 

.

On the Configure Administrator User Name and Password screen, leave default user name of weblogic, enter welcome1 for the password and password confirmation fields, and click Next:

 

.

On the Configure Server Start Mode and JDK screen, leave the default settings of Development Mode for the startup mode, Sun SDK 1.6.0, and click Next:

 

.

On the Select Optional Configuration screen, leave all check boxes unchecked by default, and click Next:

 

.

On the Configuration Summary screen, feel free to look over your domain settings. When ready click Create to initiate the creation of your domain using the WebLogic Configuration Wizard:

 

.

On the Creating Domain screen, wait and watch the progress of your domain's configuration. When the progress bar reads 100% click Done to close the Configuration Wizard and complete the domain creation process. You should now how a new OPSS-enabled domain ready to use for the OPSS OBE tutorial series:

Now that you have created an OPSS-enabled domain, let's start the domain and get it configured to work with this series of OBE tutorials.

 

Start OPSS-Based WebLogic Domain

Now that you have created an OPSS-enabled WebLogic domain, you need to test it out to make sure that it works as expected. Follow the instructions below to start your domain, and check to see that it is OPSS-enabled.

.

NOTE: Before continuing, execute the following command to shut down the servers running in the IDMDomain that were started as part of the IdM product installation and configuration.

Within a terminal window:

cd $LAB_HOME/bin
./shutdownwls.sh

You should see messages stating that two WebLogic Server instances were shut down.

Next, execute the following commands to start the AdminServer in the myxmldomain:

cd $DOMAINS/myxmldomain
./startWebLogic.sh

Your output should look similar to the following:

$ ./startWebLogic.sh
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m

WLS Start Mode=Development

CLASSPATH=/u01/app/oracle/Middleware/oracle_common/modules/oracle.jdbc_11.1.1/ojdbc6dms.jar:

. . .

PATH=/u01/app/oracle/Middleware/wlserver_10.3/server/bin:/u01/app/oracle/Middleware/modules

. . .

***************************************************
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://hostname:port/console *
***************************************************
starting weblogic with Java version:
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Java HotSpot(TM) Client VM (build 20.4-b02, mixed mode)
Starting WLS with line:
/u01/app/oracle/Middleware/jdk160_29/bin/java -client -Xms256m -Xmx512m

. . .

<Feb 28, 2012 4:16:57 PM PST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Feb 28, 2012 4:16:57 PM PST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Feb 28, 2012 4:16:58 PM PST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on
fe80:0:0:0:a00:27ff:fec8:2a1c:7001 for protocols iiop, t3, ldap, snmp, http.>
<Feb 28, 2012 4:16:58 PM PST> <Notice> <Server> <BEA-002613> <Channel "Default[2]" is now listening on
127.0.0.1:7001 for protocols iiop, t3, ldap, snmp, http.>
<Feb 28, 2012 4:16:58 PM PST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on
10.0.2.15:7001 for protocols iiop, t3, ldap, snmp, http.>
<Feb 28, 2012 4:16:58 PM PST> <Notice> <Server> <BEA-002613> <Channel "Default[3]" is now listening on
0:0:0:0:0:0:0:1:7001 for protocols iiop, t3, ldap, snmp, http.>
<Feb 28, 2012 4:16:58 PM PST> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "AdminServer" for domain "myxmldomain" running in Development Mode>
<Feb 28, 2012 4:16:58 PM PST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Feb 28, 2012 4:16:58 PM PST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>

Note that this domain has not yet configured an authentication provider for OID so all authentication is using the embedded LDAP server within WebLogic by default. Also note that you can ignore any errors shown in your console as long as your server is in a RUNNING state.

 

.

Validate that the Administration Console and Enterprise Manager Consoles are working. Open Firefox and browse to each of the URLs below. Login to each console using weblogic/welcome1 as the login credentials:

  • http://localhost:7001/console
  • http://localhost:7001/em

 

Explore OID LDAP Identities

This section shows you how to connect to the OID LDAP server and browse its contents. Follow the instructions below to connect to your LDAP server.

.

Open JXplorer:

Open the JXplorer LDAP browser tool using the icon on the launch panel.

 

.

Click the connect icon in JXplorer to enter the information needed to connect to your running OID instance.


.

Enter the following information into the Open LDAP/DSML Connection window, and click OK to login to OID:

Parameter Name Value
Host localhost
Port 3060
DSML Service Blank
Base DN Blank
Level User + Password
User DN cn=orcladmin
Password welcome1

Note that if you are using the accompanying virtual image for this course that these values are already filled out for you except for the password.


.

Execute the following commands in the terminal window to set up the LDAP environment:

cd $LAB_HOME/bin
./setup.sh

Your output should be similar to the following:

[oracle@localhost bin]$ ./setup.sh
add cn:
supervisors
add uniquemember:
cn=joemanager,cn=users,dc=us,dc=oracle,dc=com
add objectclass:
groupOfUniqueNames
orclGroup
top
adding new entry cn=supervisors,cn=Groups,dc=us,dc=oracle,dc=com
modify complete

add cn:
employees
add uniquemember:
cn=joeuser,cn=users,dc=us,dc=oracle,dc=com
add objectclass:
groupOfUniqueNames
orclGroup
top
adding new entry cn=employees,cn=Groups,dc=us,dc=oracle,dc=com
modify complete

add cn:
joeuser
add displayname:
Joe User
add givenname:
Joe
add objectclass:
inetorgperson
organizationalPerson
person
orcluser
orcluserV2
top
add sn:
User
add uid:
joeuser
add userpassword:
{SSHA}GYUNNf8aft6N+LbhRqezPmvijeGl6kcqixcxZQ==
adding new entry cn=joeuser,cn=Users,dc=us,dc=oracle,dc=com
modify complete

add cn:
joemanager
add displayname:
Joe Manager
add givenname:
Joe
add objectclass:
inetorgperson
organizationalPerson
person
orcluser
orcluserV2
top
add sn:
User
add uid:
joeuser
add userpassword:
{SSHA}8HknGAnApmHQuA9tm3VzkuwXzxZAMnvrVjmCTA==
adding new entry cn=joemanager,cn=Users,dc=us,dc=oracle,dc=com
modify complete

Expand the com.oracle.us nodes in the left-hand navigation pane until you see Groups and Users. Refresh the view if needed.


.

Take a few moments and explore the LDAP Groups and Users entries to see what is configured:

  • Which users or groups are members of the employees group?
  • Which users or groups are members of the Manager group?
  • Which users or groups are members of the supervisors group?

These users and groups will be used in other OBE tutorials of this series. This is not a course on OID or LDAP so we do not cover configuring users and groups in the identity store.


Summary

You have now set up your environment so you are ready to continue with the other OBE tutorials included in this series. This tutorial is a dependency for all of the other OBE tutorials in this series. Now you should complete Configuring an OID Authentication Provider in WebLogic because some of the other OPSS OBE tutorials in this series depend on it to work.

In this tutorial, you have learned:

Resources

Credits

Hardware and Software Engineered to Work Together Copyright © 2012, Oracle and/or its affiliates. All rights reserved