Install Database
advertisement
Setup for OBE : Oracle Identity Governance : Integrating Identity Manager and Identity Analytics System requirements Oracle Enterprise Linux 5.7 Install Database 1. 2. 3. 4. Obtain RDBMS 11.2.1.0 Install database software, choosing to install the database software only. Using NETCA, create a listener on the default port of 1521. Using DBCA, create a database. Choose the default options, except for the following: a. Global database name : orcl b. SID : orcl c. do not configure Enterprise Manager d. Use same administrative password for all accounts : Welcome1 e. Typical memory : 1536MB f. Select "Use Automatic Memory Management" g. Character sets : select "AL32UTF8" 5. At a terminal, start sqlplus as sys and set the following DB parameters: $ sys/Welcome1@localhost/orcl as sysdba SQL> alter system set session_cached_cursors=100 scope=spfile; SQL> alter system set processes=500 scope=spfile; SQL> shutdown immediate; SQL> startup; SQL> alter system set aq_tm_processes=1 scope=both; SQL> alter system set db_cache_size=150994944 scope=both; SQL> alter system set java_pool_size=125829120 scope=both; SQL> alter system set shared_pool_size=183500800 scope=both; SQL> alter system set open_cursors=800 scope=both; SQL> quit $ Run Repository Creation Utility (RCU) 1. Obtain RCU for Identity Management 11.2.1.0.0 (V37476-01.zip). 2. Create schemas, choosing the defaults options except for the following: a. Host name : localhost b. Port : 1521 c. Service Name : orcl d. Username : sys e. Password : Welcome1 f. Create a new Prefix : DEV g. Select the components : Oracle Identity Manager (SOA, MDS, OPSS are then also selected as dependencies) h. Use same password for all schemas : Welcome1 Install JDK 1. Obtain JDK jdk-6u43-linux-x64.bin 2. As the root user: mkdir /usr/jdk cd /usr/jdk /path/to/jdk-6u43-linux-x64.bin 3. Add the following to the .bash_profile of the oracle user JAVA_HOME=/usr/jdk/jdk1.6.0_43 export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH Install WebLogic Server 10.3.6 1. Obtain wls1036_generic.jar 2. Run the WLS installer (java -jar /path/to/wls1036_generic.jar), choosing the defaults except for the following: a. Create a new Middleware Home : /u01/app/Oracle/Middleware b. skip security updates c. choose the available JDK /usr/jdk/jdk1.6.0_43 d. Don't run Quickstart Install SOA Server 1. Obtain V29672-01 2. Install into /u01/app/Oracle/Middleware, choosing the defaults except for the following: a. skip security updates Install the Identity and Access Management Suite 1. Obtain V37472-01 2. Install into /u01/app/Oracle/Middleware, choosing the defaults except for the following: a. skip security updates Create WebLogic domain 1. Start the Identity Manager domain creation utility: cd /u01/app/Oracle/Middleware/Oracle_IDM1/common/bin ./config.sh 2. Create a domain using the following information: a. Create a new WebLogic domain b. Select "Oracle Identity Manager". SOA Suite and Enterprise Manager are automatically selected. c. Keep the default values of base_domain and the domain locations under /u01/app/Oracle/Middleware/user_projects d. Enter Welcome1 for the weblogic admin user password e. Select Development Mode, and use the JDK in /usr/jdk/jdk1.6.0_43 f. Select all schemas and enter the following, leaving the "Schema Owner" field empty: DBMS/Service: orcl Host Name: localhost Port: 1521 Schema Password: Welcome1 g. Select Administration Server and Managed Servers for Optional Configuration h. Leave Admin Server settings at the default settings i. Add a server "oia_server1" listening on port 18201 j. Leave Configure Cluster settings at the defaults (no clusters) k. Leave Configure Machines settings at the defaults (only LocalMachine) l. Move all servers to the LocalMachine Machine (click the right arrow to move them all) m. Create n. Done, to exit the utility Configure the Security Store In a terminal window, enter the following: $ cd oracle_common/common/bin $ ./wlst.sh /u01/app/Oracle/Middleware/Oracle_IDM1/common/tools/configureSecurityS tore.py -d /u01/app/Oracle/Middleware/user_projects/domains/base_domain -m create -c IAM -p Welcome1 The second command is all on the one line. When complete, you should see: Info: Create operation has completed successfully. Start AdminServer and SOA managed server 1. Start the AdminServer. Open a terminal window and enter: $ cd /u01/app/Oracle/Middleware/user_projects/domains $ ./startWebLogic.sh The terminal window will not close. Wait till you see: <Server started in RUNNING mode> 2. Start the SOA managed server. Open a terminal window and enter: $ cd /u01/app/Oracle/Middleware/user_projects/domains $ ./bin/startManagedWebLogic.sh soa_server1 Enter "weblogic" and "Welcome1" at the username and password prompts. The terminal window will not close. Wait till you see: <Server started in RUNNING mode> Patch SOA Server 1. Obtain patch 16366204. Unpack the patch into a temporary location, e.g. /stage 2. Stop the SOA managed server. Open a terminal window, and enter: $ cd /u01/app/Oracle/Middleware/user_projects/domains/base_domain $ ./bin/stopManagedWebLogic.sh soa_server1 Enter "weblogic" and "Welcome1" at the username and password prompts. 3. Run the OPatch utility: $ cd /stage/16366204 $ export ORACLE_HOME=/u01/app/Oracle/Middleware/Oracle_SOA1 $ $ORACLE_HOME/OPatch/opatch apply Respond with "y" for "Do you want to proceed" and "Is the local system ready" 4. Start the SOA managed server. In the original window where you started the SOA managed server, enter: $ cd /u01/app/Oracle/Middleware/user_projects/domains $ ./bin/startManagedWebLogic.sh soa_server1 Enter "weblogic" and "Welcome1" at the username and password prompts. The terminal window will not close. Wait till you see: <Server started in RUNNING mode> Configure Oracle Identity Manager 1. Start the Oracle Identity Manager configuration utility. In a terminal window, enter: $ cd /u01/app/Oracle/Middleware/Oracle_IDM1/bin $ ./config.sh 2. Configure OIM using the following information: a. Select OIM Server and OIM Design Console b. Connect String: localhost:1521:orcl OIM Schema User Name: DEV_OIM OIM Schema Password: Welcome1 MDS Schema User Name: DEV_MDS MDS Schema Password: Welcome1 c. WebLogic Admin Server URL : t3://localhost:7001 UserName: weblogic Password: Welcome1 d. OIM Administrator Password: Welcome1 Confirm Password: Welcome1 OIM HTTP URL: http://hostname.domain.com:14000 KeyStore Password: Welcome1 Confirm KeyStore Password: Welcome1 Enable LDAP Sync: deselected e. OIM Server Hostname: hostname.domain.com OIM Server Port: 14000 Stop and Start AdminServer and SOA server 1. In a terminal window, enter the following: $ cd /u01/app/Oracle/Middleware/user_projects/domains/base_domain $ ./bin/stopManagedWebLogic.sh soa_server1 Enter "weblogic" and "Welcome1" at the username and password prompts. $ ./bin/stopWebLogic.sh 2. Start the Admin Server and SOA Server using the instructions in "Start Admin Server and SOA Server". Start Oracle Identity Manager 1. Open a terminal window and enter: $ cd /u01/app/Oracle/Middleware/user_projects/domains $ ./bin/startManagedWebLogic.sh oimg_server1 Enter "weblogic" and "Welcome1" at the username and password prompts. The terminal window will not close. Wait till you see: <Server started in RUNNING mode> Create WebLogic client JAR file Open a terminal window and enter: $ cd /u01/app/Oracle/Middleware/wlserver_10.3/server/lib $ java –jar wljarbuilder.jar $ cp wlfullclient.jar /u01/app/Oracle/Middleware/Oracle_IDM1/designconsole/ext Deploy Oracle Identity Analytics 1. Obtain patch 14831724 2. Create the /u01/app/oia directory and unpack the patch zip file in that directory $ mkdir /u01/app/oia $ cd /u01/app/oia $ unzip /path/to/ p14831724_111150_Generic.zip 3. Unpack the WAR file to a staging directory $ mkdir /u01/app/oia/rbacx $ cd /u01/app/oia/rbacx $ jar xvf ../rbacx.war 4. Configure OIA as per the installation instructions: http://docs.oracle.com/cd/E24179_01/doc.1111/e23378/InstallingOracleIdentityAnalytics.htm# BABDIECA That is: a. copy over required JAR files b. edit log4j.properties file to set log file path) (also set DEBUG for iam for easier debugging later) c. edit and encrypt conf/jdbc.properties file jdbc.url=jdbc:oracle:thin:@localhost:1521:orcl jdbc.driverClassName=oracle.jdbc.OracleDriver jdbc.username=rbacxservice jdbc.password=Welcome1 To encrypt : $ java -jar ../rbacx/WEB-INF/lib/vaau-commons-crypt.jar encryptProperty -cipherKeyProperties ./cipherKey.properties -propertyFile ./jdbc.properties -propertyName jdbc.password d. create schema for OIA $ cd /u01/app/oia/db/oracle $ . oraenv ORACLE_SID = [oracle] ? orcl The Oracle base has been set to /u01/app/oracle $ sqlplus sys/Welcome1 as sysdba SQL> create user rbacxservice identified by Welcome1; SQL> @rbacx-11.1.1.5.1_oracle_schema.sql SQL> @migrate-rbacx-11.1.1.5.3To11.1.1.5.4-oracle.sql SQL> @migrate-rbacx-11.1.1.5.4To11.1.1.5.5-oracle.sql SQL> quit 5. Edit the /u01/app/Oracle/Middleware/user_projects/domains/base_domain/bin/ setDomainEnv.sh script to add two lines at the start : RBACX_HOME=/u01/app/oia export RBACX_HOME This is required so that OIA can locate its "home" directory for configuration etc. 6. Create a file /u01/app/oia/rbacx/WEB-INF/weblogic.xml with the contents: <?xml version="1.0" encoding="UTF-8"?> <weblogic-web-app xmlns=http://www.bea.com/ns/weblogic/90 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd"> <container-descriptor> <prefer-application-packages> <package-name>javax.wsdl.*</package-name> <package-name>com.ibm.wsdl.*</package-name> <package-name>org.springframework.*</package-name> <package-name>org.aspectj.*</package-name> <package-name>org.jdom.*</package-name> <package-name>org.codehaus.xfire.*</package-name> <package-name>org.jaxen.*</package-name> <package-name>org.apache.bcel.*</package-name> <package-name>org.apache.commons.*</package-name> <package-name>com.ctc.wstx.*</package-name> <package-name>org.codehaus.stax2.*</package-name> <package-name>org.openspml.*</package-name> <package-name>org.quartz.*</package-name> </prefer-application-packages> </container-descriptor> </weblogic-web-app> This file tells WebLogic to prefer the Java packages in the WEB-INF directory of the OIA application, preventing class version errors. 7. Start the OIA managed server. In a new terminal window: cd /u01/app/Oracle/Middleware/user_projects/domains/base_domain ./bin/startManagedWebLogic.sh oia_server1 Use weblogic and Welcome1 for the username and password. 8. Deploy OIA. a. Start the WebLogic admin console by accessing http://localhost:7001/console b. Log in as weblogic/Welcome1 c. Click Deployments -> Install d. Browse to the /u01/app/oia directory, and select the radio button for the rbacx directory entry (we are going to deploy from the directory, not the WAR file). Click Next. e. Install this deployment as an application. Click Next. f. Select oia_server1, click Next g. Under "Source accessibility", select the "I will make the deployment accessible from the following location", and click Next. h. Click Finish. Wait for the result, to see if the deployment was successful. If so, click Save. 9. Once deployed, verify that you can log into OIA. The URL is http://localhost:18201/rbacx. Log in as the rbacxadmin user (default password is "password"). You will have to change the password at first log in. Change the password to "Welcome1". You will be logged out. Log in with the new password "Welcome1" to verify that it was changed correctly. Install Oracle Unified Directory 1. Obtain OUD (V37478-01) 2. Install OUD, choosing the defaults except for: a. Skip Software Updates b. OUD Base Location Home : /u01/app/Oracle/Middleware 3. Create an instance. In a terminal window, start the OUD wizard: $ cd /u01/app/Oracle/Middleware/Oracle_OUD1 $ oud-setup Choose the default settings. The password for the Root DN should be Welcome1 4. Create two Organizational Units in OUD, using the following LDIF file: dn: ou=People,dc=example,dc=com ou: People objectclass: organizationalUnit dn: ou=Groups, dc=example,dc=com ou: Groups objectclass: organizationalUnit dn: cn=Portal Users,ou=Groups,dc=example,dc=com cn: Portal Users objectclass: groupofuniquenames dn: cn=Portal Admins,ou=Groups,dc=example,dc=com cn: Portal Admins objectclass: groupofuniquenames And the following commands: $ cd /u01/app/Oracle/Middleware/Oracle_OUD1/bin $ ./ldapmodify -p 1389 -D "cn=Directory Manager" -w Welcome1 -a f file.ldif Seed User Data to Oracle Identity Manager 1. The OIM URL is http://localhost:14000/identity. Log in as xelsysadm/Welcome1. If this is the first time you are signing in, you will have to set challenge questions and answers. Set them to any value. 2. Create the following organizations of type Department in OIM : Finance, Engineering, Sales 3. Create a user PALLEN, first name "Paul", last name "Allen", password "Welcome1", in the Sales organization, as a Full Time Employee. 4. Using the Bulk Load Utility, seed the following users, specifying the user PALLEN as the user to copy the password from: USR_FIRST_NAME,USR_LAST_NAME,MANAGER_NAME,USR_EMAIL,ORG_NAME,USR_LOGIN Teena,Semmens,,tsemmens@example.com,Finance,tsemmens Aime,McBeth,,amcbeth@example.com,Engineering,amcbeth Bettina,MacElwee,pallen,bmacelwee@example.com,Sales,bmacelwee Trudy,Auerbach,tsemmens,tauerbach@example.com,Finance,tauerbach Julieta,Hertzog,pallen,jhertzog@example.com,Sales,jhertzog Nancey,Jepson,tsemmens,njepson@example.com,Finance,njepson Richelle,Amorim,pallen,ramorim@example.com,Sales,ramorim Magdi,Dudas,amcbeth,mdudas@example.com,Engineering,mdudas Manda,Tebbe,amcbeth,mtebbe@example.com,Engineering,mtebbe Rosalia,Teerdhala,tsemmens,rteerdhala@example.com,Finance,rteerdhala Mirelle,Sauve,amcbeth,msauve@example.com,Engineering,msauve Phillipa,Becker,pallen,pbecker@example.com,Sales,pbecker Dorelia,Bratten,tsemmens,dbratten@example.com,Finance,dbratten Lesly,Aula,amcbeth,laula@example.com,Engineering,laula Tom,Thames,pallen,tthames@example.com,Sales,tthames Clarence,Saladna,tsemmens,csaladna@example.com,Finance,csaladna Geniffer,Galvin,amcbeth,ggalvin@example.com,Engineering,ggalvin Constantine,Drenan,pallen,cdrenan@example.com,Sales,cdrenan Kenny,Vesterdal,tsemmens,kvesterdal@example.com,Finance,kvesterdal Dominica,Hilder,amcbeth,dhilder@example.com,Engineering,dhilder Louisa,Schirtzinger,pallen,lschirtzinger@example.com,Sales,lschirtzinger Portia,Bradshaw,tsemmens,pbradshaw@example.com,Finance,pbradshaw Trey,Spears,amcbeth,tspears@example.com,Engineering,tspears Jon,Olsen,amcbeth,jolsen@example.com,Engineering,jolsen Kathee,Acklin,pallen,kacklin@example.com,Sales,kacklin Celine,Dayberry,amcbeth,cdayberry@example.com,Engineering,cdayberry Merissa,Railey,pallen,mrailey@example.com,Sales,mrailey Install Generic LDAP Connector in Oracle Identity Manager 1. Obtain the OID (Generic LDAP) connector - OID-11.1.1.6.0.zip 2. Unpack the connector in the /u01/app/Oracle/Middleware/Oracle_IDM1/server/ConnectorDefaultDirectory 3. Use the Connector Installer in OIM to install the connector. Manage Connectors > Install Connector > select OUD connector > install 4. Create an IT Resource instance for the OUD server. IT Resource Name : Corporate LDAP IT Resource Type : LDAP baseContexts: "dc=example,dc=com" Configuration Lookup: Lookup.LDAP.OUD.Configuration credentials: Welcome1 host: localhost port: 1389 principal: cn=Directory Manager ssl: false 5. Run the "LDAP Connector OU Lookup Reconciliation" scheduled job to pull in the organizational units from OUD. Be sure the change the IT Resource Name field in the scheduled job to "Corporate LDAP". 6. Run the "LDAP Connector Group Lookup Reconciliation" scheduled job to pull in the groups from OUD. Create Roles and Access Policies in Oracle Identity Manager 1. Create two roles in the Identity Self Service Console: Portal User Portal Administrator 2. Create two Access Policies in the System Administration Console a. Name: Portal User on Corporate LDAP Provision: Without Approval Retrofit Access Policy: <selected> Select Resources to be provisioned: LDAP User Server: Corporate LDAP Container DN: Corporate LDAP~People Set Additional Data : LDAP Group: Corporate LDAP~Portal Users Revoke if No Longer Applies : selected Roles: Portal User b. Name: Portal Administrator on Corporate LDAP Provision: Without Approval Retrofit Access Policy: <selected> Select Resources to be provisioned: LDAP User Server: Corporate LDAP Container DN: Corporate LDAP~People Set Additional Data : LDAP Group: Corporate LDAP~Portal Admins Revoke if No Longer Applies : selected Roles: Portal Administrator Assign Roles to Users in Oracle Identity Manager Using the Identity Self-Service Console, assign the Portal User role to the following users: Trudy Auerbach TAUERBACH Finance tauerbach@example.com Nancey Jepson NJEPSON Finance njepson@example.com Richelle Amorim RAMORIM Sales ramorim@example.com Magdi Dudas MDUDAS Engineering mdudas@example.com Manda Tebbe MTEBBE Engineering mtebbe@example.com Rosalia Teerdhala RTEERDHALA Finance rteerdhala@example.com Mirelle Sauve MSAUVE Engineering msauve@example.com Phillipa Becker PBECKER Sales pbecker@example.com Dorelia Bratten DBRATTEN Finance dbratten@example.com Lesly Aula LAULA Engineering laula@example.com Tom Thames TTHAMES Sales tthames@example.com Geniffer Galvin GGALVIN Engineering ggalvin@example.com Kenny Vesterdal KVESTERDAL Finance kvesterdal@example.com Dominica HilderDHILDER Engineering dhilder@example.com Louisa Schirtzinger LSCHIRTZINGER Sales lschirtzinger@example.com Portia Bradshaw PBRADSHAW Finance pbradshaw@example.com Trey Spears TSPEARS Engineering tspears@example.com Jon Olsen JOLSEN Engineering jolsen@example.com Approve the request-level request. Run the Evaluate User Policies Scheduled Job Using the Identity System Administration console, run the Evaluate User Policies scheduled job, to force the provisioning of accounts on OUD. Verify Provisioning of Accounts in Oracle Unified Directory In a terminal window, execute the following commands: $ cd /u01/app/Oracle/Middleware/Oracle_OUD1/bin $ ./ldapsearch -p 1389 -D "cn=Directory Manager" -w Welcome1 -b "dc=example,dc=com" "cn=Portal Users" The output should be: dn: cn=Portal uniqueMember: uniqueMember: uniqueMember: uniqueMember: uniqueMember: uniqueMember: Users,ou=Groups,dc=example,dc=com uid=MTEBBE,ou=People,dc=example,dc=com uid=MSAUVE,ou=People,dc=example,dc=com uid=LSCHIRTZINGER,ou=People,dc=example,dc=com uid=TSPEARS,ou=People,dc=example,dc=com uid=LAULA,ou=People,dc=example,dc=com uid=GGALVIN,ou=People,dc=example,dc=com uniqueMember: uid=PBECKER,ou=People,dc=example,dc=com uniqueMember: uid=MDUDAS,ou=People,dc=example,dc=com uniqueMember: uid=TTHAMES,ou=People,dc=example,dc=com uniqueMember: uid=KVESTERDAL,ou=People,dc=example,dc=com uniqueMember: uid=DHILDER,ou=People,dc=example,dc=com uniqueMember: uid=DBRATTEN,ou=People,dc=example,dc=com uniqueMember: uid=TAUERBACH,ou=People,dc=example,dc=com uniqueMember: uid=RTEERDHALA,ou=People,dc=example,dc=com uniqueMember: uid=PBRADSHAW,ou=People,dc=example,dc=com uniqueMember: uid=RAMORIM,ou=People,dc=example,dc=com uniqueMember: uid=JOLSEN,ou=People,dc=example,dc=com cn: Portal Users objectClass: groupofuniquenames objectClass: top Optional steps 1. Copy the boot.properties file from the Admin Server to the managed server instances, so that a password is not required when starting/stopping each managed server $ cd /u01/app/Oracle/Middleware/user_projects/domains/base_domain/servers $ mkdir oia_server1/security $ mkdir oim_server1/security $ mkdir soa_server1/security $ cp AdminServer/security/boot.properties oia_server1/security $ cp AdminServer/security/boot.properties oim_server1/security $ cp AdminServer/security/boot.properties soa_server1/security 2. Create desktop shortcuts for stopping and starting the weblogic server instances.
