This OBE tutorial describes and shows you how to install, configure, and launch Oracle Identity Manager. This process involves:
This OBE tutorial also lists the preinstallation requirements for Oracle Identity Manager.
Approximately 2 hours
This OBE tutorial covers the following topics:
Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response
time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.
The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Identity Manager.
Oracle Identity Manager is a component of the suite of Oracle Identity and Access Management products. It administers and selectively automates tasks to manage user access privileges across a company’s resources throughout the identity management life cycle. Specifically, Oracle Identity Manager handles tasks for creating user access privileges, modifying these privileges dynamically (based on changes to user and business requirements), and removing user access privileges. As a result, Oracle Identity Manager handles user identity information across multiple identity data stores to maintain data accuracy.
Features and benefits of Oracle Identity Manager include identity and role administration (user and group management, self-service functionalities for users, and delegated administration), provisioning (approval and request management, and configurable workflow models), policy-based entitlements, reconciliation, and attestation support (for audit, regulatory, and compliance purposes).
Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, Linda is responsible for managing access privileges for user groups to resources within the organization. To perform such user management tasks, she must install, configure, and launch Oracle Identity Manager. By using Oracle Identity Manager, Linda can create access privileges to resources for users, modify these privileges, and remove access privileges from the users. As a result, Linda can manage user identities across the enterprise setup of Mydo Main.
Before installing Oracle Identity Manager, make sure your system environment meets the following requirements:
Software Requirements
The following products and conditions should apply to your setup:
Hardware Requirements
| Item | Specification |
| Processor Type | Intel Xeon or Pentium IV |
| Processor Speed | 2.4 GHz or higher |
| Number of Processors | 1 or more (if required) |
| Memory | 2 GB |
| Hard Disk Space | 40 GB (initial size) |
| Operating System | MS Windows 2003 Server with SP1 |
Installing Oracle Database 10g
| Specification | Value |
| Memory | 2 GB RAM |
| Disk Space | 40 GB of storage space (for both Oracle and one database) |
| Database Type | Transactional |
| Database Name | orcl |
| sys account | Use the sys password |
| system account | Use the sys password |
Installing Oracle Application Server 10g
Important: First you must install and configure version 10.1.3.1.0 of this application server. Then, you need to upgrade to version 10.1.3.3.0.
To install Oracle Application Server 10g, perform the following steps:
1. |
Launch the setup.exe file of the Oracle SOA Suite 10g (10.1.3.1.0) CD. |
||||||||||||||||||
2. |
Use the following table to complete the installation:
Important: Oracle Identity Manager 9.1.0 is certified to work with Oracle Application Server 10.1.3.3.0 through a series of one-off patches and patchset exceptions on 10.1.3.3.0. For more information, refer to the OC4J installation guide.
|
Installing and Configuring Java JDK 1.42_15
Launch the j2re-1_4_2_15-windows-i586-p.exe file. Click here to obtain this file.
Important: Do not change the default selections that appear throughout the installation script.
Linda is a network administrator for Mydo Main Corporation, responsible for implementing and configuring Oracle Application Server 10g (10.1.3.3.0) to function with Oracle Identity Manager. This application server provides the life-cycle management, security, deployment, and run-time services to logical components that support Oracle Identity Manager.
Linda must first set the application server’s JAVA_HOME and Path environment variables. As a result, Oracle Application Server functions with Oracle Identity Manager. Linda then modifies the server’s Remote Method Invocation (RMI) port to reserve it for Oracle Identity Manager. Finally, Linda starts and stops processes specific to the application server so that Oracle Application Server recognizes these modifications.
To configure Oracle Application Server to work with Oracle Identity Manager, perform the following steps:
1. |
Open the Control Panel. To do so, from the Windows Start Menu, select Control Panel.
|
||||||
2. |
Double-click the System icon.
|
||||||
3. |
Click the Advanced tab. Then, click the Environment Variables button.
|
||||||
4. |
From the “User variables for stcurr” region of this window, click New.
The New User Variable window appears:
|
||||||
5. |
For the New User Variable window, fill in the parameter values, as follows:
Note: The directory Linda enters in the “Variable value” field is the directory that contains the application server’s JDK.
|
||||||
| 6. | Click OK to commit the entry.
The Environment Variables window is active. Within the “User variables for stcurr” region of this window, the JAVA_HOME environment variable appears. Linda set this variable. She is ready to configure the Path environment variable.
|
||||||
7. |
Locate and highlight the Path environment variable that appears in the “System variables” region of the Environment Variables window. Click Edit.
The Edit System Variable window appears:
|
||||||
8. |
Make sure the cursor appears to the extreme left of the string of text in the “Variable value” field. Then add the following value to this field.
Note: The directory Linda enters in the “Variable value” field is the directory that contains the application server’s binary files.
|
||||||
| 9. | Click OK to commit the change.
The Environment Variables window is active. Within the “System variables” region of this window, the Path environment variable displays the name of the directory specified in step 8. Linda set this variable.
|
||||||
10. |
Click OK twice to commit all of the changes. Linda is ready to specify a Remote Method Invocation (RMI) port for Oracle Identity Manager. Oracle Process Manager and Notification server (OPMN) dynamically assigns port numbers to each instance within Oracle Application Server. Therefore, each time Oracle Application Server is launched, the RMI port, reserved for Oracle Identity Manager, changes. This occurs because, by default, a range of 12401-12500 is specified for this port. This may cause problems, as the port can be occupied by another service, system, or application. To ensure that an RMI port is always available for Oracle Identity Manager, Linda can specify a unique, fixed port for RMI (as opposed to a range). This ensures Linda can access the Oracle Identity Manager Administrative and User Console and the Design Console on Oracle Application Server. To designate an RMI port for Oracle Identity Manager, Linda must set the RMI port number range to be unique in the opmn.xml file.
|
||||||
11. |
Using a text editor, open the opmn.xml file, found in the C:\product\10.1.3.1\OracleAS_1\opmn\conf folder.
|
||||||
12. |
In this file, locate the following piece of code: <port id="rmi" range="12401-12500"/>
|
||||||
13. |
Modify this code, as follows: <port id="rmi" range="12401"/>
Note: By modifying this code, Linda designates 12401 to be the RMI port for Oracle Identity Manager.
|
||||||
14. |
Save and close the opmn.xml file. In this procedure, Linda configured two environment variables (JAVA_HOME and Path) and specified an RMI port for Oracle Identity Manager. For Oracle Application Server to recognize these modifications, Linda must start and stop Oracle Process Manager. This application manages processes specific to Oracle Application Server.
|
||||||
15. |
From the Windows Start Menu, select Start > Command Prompt. A DOS window appears.
|
||||||
16. |
At the DOS prompt, navigate to the C:\product\10.1.3.1\OracleAS_1\opmn\bin folder. Enter opmnctl.exe startall. Press Enter. The following text appears: opmnctl: starting opmn and all managed processes...
The DOS prompt appears. Linda started Oracle Process Manager. She is ready to stop it.
|
||||||
17. |
At the DOS prompt, enter opmnctl.exe stopall. Press Enter. The following text appears: opmnctl: stopping opmn and all managed processes...
The DOS prompt appears again. Linda stopped Oracle Process Manager. Tip: To verify that Oracle Application Server recognizes the RMI port Linda designated for Oracle Identity Manager, restart Oracle Application Server. Then, enter opmnctl.exe status -l at the DOS prompt. Press Enter. The following text appears: jms:12601,ajp:8888,rmis:12701,rmi:12401
The RMI port for Oracle Identity Manager is 12401. Oracle Application Server recognizes the RMI port Linda specified for Oracle Identity Manager. She is ready to configure a predefined Oracle database for Oracle Identity Manager.
|
Linda is ready to configure a predefined Oracle database for Oracle Identity Manager. To prepare this database, she must first modify the init.ora file. This file contains parameters and values that Linda must set so that database tables can be created for Oracle Identity Manager. Then, Linda must run the prepare_xl_db.bat script, which creates these database tables.
To prepare a database, perform the following steps:
1. |
Using a text editor, open the init.ora file, located in the C:\oracle\product\10.2.0\admin\orcl\pfile directory. This init.ora file is appended by a unique identification number (for example, init.ora.226200834023).
|
||||||||||||||||||
2. |
Scroll to the bottom of the init.ora file. |
||||||||||||||||||
3. |
Add the following lines of code to this file:
|
||||||||||||||||||
| 4. | Save and close the init.ora file.
|
||||||||||||||||||
| 5. | Open a DOS window. Go to the C:\stage\Oracle Identity Manager\installServer\Xellerate\db\ oracle directory. Note: For this OBE, C:\stage\Oracle Identity Manager represents the directory for Oracle Identity Manager installation and configuration files.
|
||||||||||||||||||
| 6. | Run the prepare_xl_db.bat script, as follows: prepare_xl_db.bat orcl C:\oracle\product\10.2.0\db_1 sysadm sysadm orcltbs C:\oracle\product\10.2.0\oradata orcltbs_01 TEMP oracle The following table explains each value in greater detail:
The script returns a message that errors and warnings occurred, along with a subsequent message, asking Linda to check the prepare_xell_db.lst file. She prepared the Oracle database correctly. Note: By opening the prepare_xell_db.lst file, located in the C:\stage\Oracle Identity Manager\installServer\Xellerate\db\oracle folder, Linda sees an ORA-00942 error message.
Linda can disregard this error message because the prepare_xl_db.bat script attempted to drop a table that does not exist in Oracle Database. This table, specific to Oracle Identity Manager, is created in the section of this OBE titled Installing the Oracle Identity Manager Server. Linda is ready to install the Oracle Identity Manager Diagnostic Dashboard. This tool is used to verify that the Oracle database is created and prepared properly.
|
Linda is ready to install the Oracle Identity Manager Diagnostic Dashboard. The Diagnostic Dashboard is a Web application that is used to check preinstallation requirements for Oracle Identity Manager. These requirements include whether the Oracle database is created and prepared properly.
To install the Diagnostic Dashboard, perform the following steps:
1. |
Restart Oracle Application Server. Important: Make sure Oracle Application Server 10g is running. Otherwise, the Oracle Identity Manager Diagnostic Dashboard cannot be launched. For more information about starting and stopping Oracle Application Server, refer to the section of this OBE titled Configuring Oracle Application Server.
|
||||||
2. |
Open a Web browser. |
||||||
3. |
In the Address field, enter the following:
As a result, the URL should have the following naming convention: http://localhost/em/console/ias/cluster/topology
|
||||||
4. |
Use the following table to populate the Application Server Control login screen:
|
||||||
| 5. | Click Login.
|
||||||
| 6. | Click the “home” link in the Groups panel of the Cluster Topology screen.
Important: Do not click the “home” link in the Members panel of the Cluster Topology screen.
|
||||||
| 7. | Click the Applications tab on the OC4J: Home screen. Then, click Deploy.
|
||||||
| 8. | On the Deploy: Select Archive screen, make sure the “Archive is present on local host. Upload the archive to the server where Application Control Server is running” option is selected. Then, click Browse.
|
||||||
| 9. | On the File Upload window, navigate to the C:\stage\Oracle Identity Manager 9.1\DiagnosticDashboard directory. Select the XIMDD.war file in this directory, and click Open.
|
||||||
| 10. | On the Deploy: Select Archive screen, click Next.
|
||||||
| 11. | On the Deploy: Application Attributes screen, enter XIMDD in the Application Name field. Click Next.
|
||||||
| 12. | On the Deploy: Deployment Settings screen, click Deploy.
|
||||||
| 13. | On the Confirmation screen, click Return.
The OC4J: Home screen is active. Note: The Confirmation screen indicates that the Oracle Identity Manager Diagnostic Dashboard is deployed successfully. Linda is ready to launch the Oracle Identity Manager Diagnostic Dashboard and use it to verify that she created and prepared the Oracle database properly.
|
In the previous section of this OBE, Linda installed the Oracle Identity Manager Diagnostic Dashboard. She is ready to launch this tool, and use it to check the preinstallation requirements for components that Oracle Identity Manager must have. One such check is the Oracle Database Prerequisites Check. This check verifies that an Oracle database is created and prepared correctly.
To run the Oracle Database Prerequisites Check, Linda must select it, and fill out the test parameters, as follows:
| Parameter | Value |
| Database Server | localhost |
| Port | 1521 |
| Database Name | orcl |
| OIM Database User Name | sysadm |
| System User Name | SYSTEM |
| System User Password | sys |
To launch and use the Diagnostic Dashboard, perform the following steps:
1. |
Open a Web browser.
|
||||||||||||||
2. |
In the Address field, enter the following:
As a result, the URL should have the following naming convention: http://localhost/XIMDD The Oracle Identity Manager Diagnostic Dashboard appears.
Linda started the Diagnostic Dashboard. She is ready to use it to verify that she created and prepared the Oracle database properly.
|
||||||||||||||
| 3. | On the Oracle Identity Manager Explorer, click the Diagnostic Dashboard link.
|
||||||||||||||
| 4. | Select the Oracle Database Prerequisites Check check box.
|
||||||||||||||
| 5. | Fill out the test parameters of the Oracle Database Prerequisites Check, as follows:
|
||||||||||||||
| 6. | Scroll to the bottom of the page. Click Verify.
A green mark indicates the Oracle Database Prerequisites Check passed.
Linda is ready to install the Oracle Identity Manager Server.
|
In the previous section of this OBE, Linda launched the Oracle Identity Manager Diagnostic Dashboard and used it to verify that she created and prepared the Oracle database properly. Linda is ready to install the Oracle Identity Manager Server. For this OBE, she installs this server on the same computer that runs Oracle Application Server and Oracle Database.
To install the Oracle Identity Manager Server,
perform the following steps:
1. |
Double-click the setup_server.exe file, located in the C:\stage\Oracle Identity Manager\installServer directory.
|
||||||||||||
2. |
On the Installer window, select English from the combo box. Click OK.
|
||||||||||||
3. |
On the Welcome Message screen, click Next.
|
||||||||||||
4. |
Populate the fields of the Admin User Information screen, as follows (and click Next):
Note: For security purposes, the password Linda enters appears as a series of asterisks.
|
||||||||||||
5. |
On the Oracle Identity Manager Application Options screen, select the “Oracle Identity Manager with Audit and Compliance Module” option (because, in subsequent OBEs, Linda is to use the attestation features of Oracle Identity Manager for audit and compliance purposes). Click Next.
|
||||||||||||
6. |
On the Directory field of the “Target directory“ screen, enter the base directory where Oracle Identity Manager Server is to be installed. For this OBE, the base directory for the server is C:\OIM91_server. Click Next.
|
||||||||||||
7. |
On the “Base Directory settings” window, click OK.
Important: This window appears because the directory path Linda specified does not exist. As a result, Oracle Identity Manager creates this directory for its server automatically. Also, do not include any spaces in the name of the base directory.
|
||||||||||||
8. |
On the Database Server Selection screen, select the Oracle Database option (because Oracle and not Microsoft SQL Server is to serve as the data repository for Oracle Identity Manager). Click Next.
|
||||||||||||
9. |
Populate the fields of the Database Information screen, as follows (and click Next):
The Oracle Identity Manager installer verifies a database schema exists. Because Linda used the Oracle Identity Manager Diagnostic Dashboard to test this condition, the check passes. Note: The “Database Host name or IP Address” field contains the name (or IP address) of the computer on which the database resides. The host name for the database (that is, localhost) is case-sensitive. Leave the default setting of 1521 in the Port Number field. This value represents the Transmission Control Protocol (TCP) port on which the Oracle database listens for connections. The Database SID field displays the name of the Oracle database prepared in the section of this OBE titled Preparing a Database. The User Name and Password fields contain the ID and password of the database user account created for Oracle Identity Manager. For security purposes, the password appears as a series of asterisks.
|
||||||||||||
10. |
On the Authentication Information screen, use the default settings of Oracle Identity Manager to authenticate its Administrative and User Console (that is, select the Oracle Identity Manager Default Authentication option). Click Next.
|
||||||||||||
11. |
On the Application Server screen, select the Oracle Application Server option (because Oracle Application Server is to be used to deploy Oracle Identity Manager). Click Next.
|
||||||||||||
12. |
On the Cluster Information screen, select the No option (as the application server configuration for this OBE is nonclustered). Click Next.
|
||||||||||||
13. |
On the Application Server Information screen, verify that the path where Oracle Application Server is located is correct (that is, C:\product\10.1.3.1\OracleAS_1). Then, confirm that the path of the Java JDK, used to run this application server, is also correct (that is, C:\product\10.1.3.1\OracleAS_1\jdk). Click Next.
|
||||||||||||
14. |
Populate the fields of the Oracle Application Server Information screen, as follows (and click Next):
Note: The User Name and Password fields contain administrative credentials to access Oracle Application Server as an administrator. For security purposes, the password appears as a series of asterisks. The OC4J Instance Name field displays the instance name of Oracle Application Server that works with Oracle Identity Manager. Leave the default setting of 12401 in the RMI Port No field. This value represents the Remote Method Invocation (RMI) port reserved for Oracle Identity Manager.
|
||||||||||||
15. |
On the Application Server Configuration Backup screen, click Next.
|
||||||||||||
16. |
On the Summary screen, click Install.
|
||||||||||||
17. |
On the Completed screen, click Finish.
The script ends. Linda installed the Oracle Identity Manager Server. She is ready to install the Oracle Identity Manager Design Console.
|
In the previous section of this OBE, Linda installed the Oracle Identity Manager Server. She is ready to install the Oracle Identity Manager Design Console. The Design Console is a stand-alone, feature-rich Java application that provides the functionality Linda requires to work with Oracle Identity Manager’s system configuration, development, and design capabilities, including form and workflow design and adapter creation and management.
To install the Oracle Identity Manager Design Console, perform the following steps:
1. |
Double-click the setup_client.exe file, located in the C:\stage\Oracle Identity Manager\installServer directory.
|
||||||||
2. |
On the Installer window, select English from the combo box. Click OK.
|
||||||||
3. |
On the Welcome screen, click Next.
|
||||||||
4. |
On the Directory field of the “Target directory“ screen, enter the base directory where the Oracle Identity Manager Design Console is to be installed. For this OBE, the base directory for the Design Console is C:\OIM91_client. Click Next.
|
||||||||
5. |
On the “Base Directory settings” window, click OK.
Important: This window appears because the directory path Linda specified does not exist. As a result, Oracle Identity Manager creates this directory for the Design Console automatically. Also, do not include any spaces in the name of the base directory. Finally, make sure that this base directory differs from the one specified for the Oracle Identity Manager Server.
|
||||||||
6. |
On the Application Server screen, select the Oracle Application Server option (because Oracle Application Server is to be used to deploy the Oracle Identity Manager Design Console). Click Next.
|
||||||||
7. |
On the JRE screen, select the “Install JRE bundled with Oracle Identity Manager.“ option (because Linda is using the Java Runtime Environment (JRE) packaged with Oracle Identity Manager). Click Next.
|
||||||||
8. |
Populate the fields of the Application Server Configuration screen, as follows (and click Next):
Note: The Host Name field contains the name of the computer where Oracle Application Server resides. The Naming Port field displays the RMI port number of Oracle Application Server. Important: The computer name for Oracle Application Server (that is, localhost) is case-sensitive.
|
||||||||
9. |
Populate the fields of the Graphical Workflow Rendering Information screen, as follows (and click Next):
Note: The Oracle Identity Manager Web Server Host IP Address field contains the computer name where Oracle Identity Manager Web Server resides. Through this Web server, the Design Console can display approval and provisioning processes from a Web browser. The Port Number field displays the port number for this Web server. On the SSL region, select the No option for performance reasons (because a non-SSL connection between the Oracle Identity Manager Server and Design Console is faster than an SSL connection). Important: The host name for Oracle Identity Manager Web Server is case-sensitive. Also, make sure the port number for the Web server is different from the port number specified for the application server. Finally, verify the Web server’s port number is not occupied (by opening a DOS window and entering netstat -a at the DOS prompt).
|
||||||||
10. |
On the Shortcut screen, verify all check boxes are selected. Click Next.
|
||||||||
11. |
On the Summary screen, click Install.
Note: After clicking Install, the following pop-up window appears, asking Linda to copy certain JAR files, specific to Oracle Application Server, into an Oracle Identity Manager folder.
Click OK. For more information about copying JAR files into an Oracle Identity Manager folder, refer to the section of this OBE titled Configuring the Design Console.
|
||||||||
12. |
On the Completed screen, click Finish.
The script ends. Linda installed the Oracle Identity Manager Design Console. She is ready to configure this console to make it operable.
|
In the previous section of this OBE, Linda installed the Oracle Identity Manager Design Console. She is ready to perform postinstallation tasks for this console to make it operable. These tasks include copying the ejb.jar and oc4jclient.jar files into the C:\OIM91_client\xlclient\ext directory.
To configure the Oracle Identity Manager Design Console, perform the following steps:
1. |
Copy the ejb.jar file, from the C:\product\10.1.3.1\OracleAS_1\j2ee\home\lib directory to the C:\OIM91_client\xlclient\ext directory.
|
2. |
Copy the oc4jclient.jar file, from the C:\product\10.1.3.1\OracleAS_1\j2ee\home directory to the C:\OIM91_client\xlclient\ext directory.
|
3. |
Restart Oracle Application Server to ensure that the configurations made to the Design Console take effect. Linda is ready to launch the two Oracle Identity Manager consoles: Design Console, and Administrative and User Console. Note: For more information about starting and stopping Oracle Application Server, refer to the section of this OBE titled Configuring Oracle Application Server.
|
In the previous section of this OBE, Linda configured the Oracle Identity Manager Design Console. She is ready to start this console.
To launch the Oracle Identity Manager Design Console, perform the following steps:
1. |
Double-click the Oracle Identity Manager Client icon on the desktop.
|
||||||
2. |
Populate the fields of the Oracle Identity Manager Design Console login window, as follows (and click Login):
The Oracle Identity Manager Design Console appears:
Linda started this console. She is ready to launch the other Oracle Identity Manager console: the Administrative and User Console.
|
In this previous section of this OBE, Linda started the Oracle Identity Manager Design Console. She is ready to launch the other console: the Oracle Identity Manager Administrative and User Console. The Administrative and User Console provides self-service and delegated administration features that serve the bulk of a company's users. It is also used to create requests for resources and to approve provisioning of resources for users and organizations. With this console, administrators such as Linda search for, edit, and delete account information in a company's database.
Note: Linda configured her company's database to work with Oracle Identity Manager in the section of this OBE titled Preparing a Database.
Unlike the Design Console, the Administrative and User Console is not a stand-alone application. Therefore, Linda does not have to install or configure this console. To launch it, she starts the Oracle Identity Manager Server, opens a Web browser, and enters a URL in the Address field.
To launch the Oracle Identity Manager Administrative and User Console, perform the following steps.
1. |
Open a Web browser.
|
||||||||||
2. |
In the Address field, enter the following:
As a result, the URL should have the following naming convention: http://localhost/xlWebApp
|
||||||||||
3. |
Populate the fields of the Oracle Identity Manager Administrative and User Console login page, as follows (and click Login):
|
||||||||||
4. |
Populate the check boxes of the Select Challenge Questions screen, as follows (and click Select):
Note: The first time Linda logs in to Oracle Identity Manager with a particular user account, she must select and answer “challenge” questions. These questions are used to verify her identity if she must reset her password. However, for all subsequent logins with that account, these questions do not appear. Instead, she is taken directly to the Home page of the Administrative and User Console.
|
||||||||||
5. |
Populate the fields of the Provide Challenge Answers screen, as follows (and click Save):
|
||||||||||
6. |
On the “Challenge Question and Answer confirmation“ screen, click OK.
The Home page of the Oracle Identity Manager Administrative and User Console appears:
Linda started this console. In this OBE, she learned how to install, configure, and launch Oracle Identity Manager.
|
In this lesson, you learned how to:
|
Configure Oracle Application Server | |
|
Prepare a database | |
|
Install the Diagnostic Dashboard | |
|
Launch and use the Diagnostic Dashboard | |
|
Install the Oracle Identity Manager Server | |
|
Install the Design Console | |
|
Configure the Design Console | |
|
Launch the Design Console | |
|
Launch the Administrative and User Console | |
Place the cursor over this icon to hide all screenshots.