Oracle Unified Directory 12c 12.2.1.3 (as Directory Server)

Oracle Unified Directory as a directory server, the server acts as an LDAP directory server that contains directory data.

In this post I will be configuring OUD and OUDSM in single domain (Collocated Mode)

Directory Structure
Refer below post section “Directory Structure”
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

Install Infrastructure 12c
Refer below post section “Install Infrastructure 12c”
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

Install Oracle Unified Directory 12c

Set Variables

[oracle@oel1 OUD12c]$ export JAVA_HOME=/u02/java/jdk1.8.0_141
[oracle@oel1 OUD12c]$ export PATH=$JAVA_HOME/bin:$PATH

[oracle@oel1 OUD12c]$ unzip fmw_12.2.1.3.0_oud_Disk1_1of1.zip
[oracle@oel1 OUD12c]$ java -jar fmw_12.2.1.3.0_oud.jar

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.
image
image
image
image

Configure OUD Domain
You can either create new or extend existing domain.
Note: If creating new domain you must first create schemas for domain. Run rcu from $ORACLE_HOME/oracle_common/bin/rcu and select “Oracle Platform Security Services” schema (all dependent components will be automatically selected) and proceed with other screens for schema creation.

In this post I am going to extend existing domain which I created earlier in below post
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

[oracle@oel1 OUD12c]$ cd /u01/oracle/product/Oracle_Home/oracle_common/common/bin/
[oracle@oel1 bin]$ ./config.sh

image
Select the following templates:
• Oracle Unified Directory – 12.2.1.3.0 [oud]
• Oracle Unified Directory Services Manager – 12.2.1.3.0 [oud]
When you select OUDSM, Oracle JRF – 12.2.1.3.0 [oracle_common] is automatically selected.
image
image
image
XWin_MobaX_2018-03-14_11-13-47
image
image
image
image
image
image
image
imageXWin_MobaX_2018-03-14_10-59-23XWin_MobaX_2018-03-14_11-04-31XWin_MobaX_2018-03-14_11-16-31XWin_MobaX_2018-03-14_11-17-07XWin_MobaX_2018-03-14_11-17-27

Setting up Directory Server

[oracle@oel1 Oracle_Home]$ cd /u01/oracle/product/Oracle_Home/oud
[oracle@oel1 oud]$ ./oud-setup

image
image
image
image
image
image
image
Note: Allocate memory as per your requirement
image
image

Start Servers

OUD server will be automatically started if you select check box “Start server when configuration has completed” in directory setup.

If you want to start OUD from startComponent.sh script in domain, follow below

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/system_components/OUD/oud1/bin
[oracle@oel1 bin]$ ./stop-ds

[oracle@oel1 lib]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin/
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &
[oracle@oel1 bin]$ nohup ./startNodeManager.sh &
[oracle@oel1 bin]$ ./startComponent.sh oud1

image

OUDSM: http://oel1.mylab.com:7001/oudsm
image
There will a prompt to accept the certificate, accept it.
image

Advertisements

SOA Suite 12c – Gmail as mail provider

Get the certificate for smtp.gmail.com

openssl s_client -connect smtp.gmail.com:465 | sed -n ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’

MobaXterm_Personal_10.5_2018-03-15_12-17-33

Copy the above highlighted into a text file.

Login to Enterprise Manager, got o keystore
firefox_2018-03-15_12-21-13
Select trust under system and click manage
firefox_2018-03-15_12-22-04
Click on import
firefox_2018-03-15_12-23-01
Enter the details as below, paste the earlier copied certificate text and click ok.
firefox_2018-03-15_12-25-47firefox_2018-03-15_12-26-33

Edit Set Domain Environment Script
Modifying the $DOMAIN_HOME/bin/setDomainEnv.sh script, remove the following from EXTRA_JAVA_PROPERTIES
-Djavax.net.ssl.trustStore=${WL_HOME}/server/lib/DemoTrust.jks

Below is edited EXTRA_JAVA_PROPERTIES

EXTRA_JAVA_PROPERTIES=”${EXTRA_JAVA_PROPERTIES} -Dsoa.archives.dir=${SOA_ORACLE_HOME}/soa -Dsoa.oracle.home=${SOA_ORACLE_HOME} -Dsoa.instance.home=${DOMAIN_HOME} -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Doracle.xml.schema/Ignore_Duplicate_Components=true -Doracle.xdkjava.compatibility.version=11.1.1 -Doracle.soa.compatibility.version=11.1.1 -Ddisable-implicit-bean-discovery=true”
export EXTRA_JAVA_PROPERTIES

Restart WebLogic servers.

Configure UMS mail driver
Login to Enterprise Manager, got
firefox_2018-03-15_12-40-41
firefox_2018-03-15_12-41-09
firefox_2018-03-15_12-41-37
firefox_2018-03-15_12-44-24
Specify sender email. (Format “EMAIL:sender@example.com”)firefox_2018-03-15_12-51-29
firefox_2018-03-15_12-50-29
firefox_2018-03-15_14-45-32firefox_2018-03-15_14-46-21
You can also verify from SOA server log
image

Set workflow properties
firefox_2018-03-15_14-47-01
firefox_2018-03-15_14-47-42

Test
firefox_2018-03-15_14-50-25
firefox_2018-03-15_14-50-55
firefox_2018-03-15_14-51-37
You can verify SOA server log
image
Check mailbox
image

Oracle Identity Manager 12c 12.2.1.3 in collocated mode

To install OIM in collocated mode, we must first install Oracle Fusion Middleware Infrastructure 12c followed by Oracle identity Manager 12c. Infrastructure and and OIM must be installed in same Oracle Home.

Directory Structure

[oracle@oel1 /]$ cd /u02/
[oracle@oel1 u02]$ mkdir -p oracle/product/Oracle_Home
[oracle@oel1 u02]$ mkdir -p oracle/config/Domain_Home
[oracle@oel1 u02]$ mkdir -p oracle/config/Application_Home

[oracle@oel1 u02]$ tree oracle/
oracle/
├── config
│   ├── Application_Home
│   └── Domain_Home
└── product
     └── Oracle_Home

Install Infrastructure 12c
Refer below post section “Install Infrastructure 12c”
https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/

Install Oracle Identity Manager 12c
Refer below post section “Install Oracle Access Manager 12c”
https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/

Install SOA 12c

[oracle@oel1 SOA12c]$ java -jar fmw_12.2.1.3.0_soa_quickstart.jar

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.image
image
image

Verify Memory Settings

Edit /etc/security/limits.conf

#OIM Memory Settings
oracle soft nofile 32767
oracle hard nofile 327679

Ensure that you set UsePAM to Yes in the /etc/ssh/sshd_config file.

Note: Before you start the Oracle Identity Governance 12c Server, post configuration, run the following command to increase the limit of open files, so that you do not run into memory issues: limit maxproc 16384

Oracle Database 12c Pre requisite

The following packages must be installed as SYS user on Oracle databases prior to creating Oracle Identity Management schemas:
DBMS_SHARED_POOL
XAVIEWS

To create the above packages, run the below SQL files from the $ORACLE_HOME/rdbms/admin directory as the SYS user for the connected database (regular or PDB).
dbmspool.sql
prvtpool.plb
xaview.sql

[oracle@oel1 ~]$ cd /u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/
[oracle@oel1 admin]$ sqlplus
SQL> conn sys@pdb as sysdba

SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/dbmspool.sql
SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/prvtpool.plb
SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/xaview.sql

Note:
For Database12c CDB config: execute xaview.sql from PDB SYS user
For Database12c NON-CDB config: execute xaview.sql from CDB SYS user

Create Schemas

[oracle@oel1 Oracle_Home]$ cd /u02/oracle/product/Oracle_Home/oracle_common/bin/
[oracle@oel1 bin]$ ./rcu

image
image
select the Oracle Identity Governance schema. This action automatically selects the following schemas as dependencies:
• User Messaging Service (UMS)
• Metadata Services (MDS)
• Oracle Platform Security Services (OPSS)
• Audit Services (IAU)
• Audit Services Append (IAU_Append)
• Audit Services Viewer (IAU_Viewer)
• WebLogic Services (WLS)
• Common Infrastructure Services (STB)
• SOA Infrastructure (SOAINFRA)
image
image
image
image
image
image

Configure Oracle Identity Governance Domain

[oracle@oel1 bin]$ cd /u02/oracle/product/Oracle_Home/oracle_common/common/bin/
[oracle@oel1 bin]$ ./config.sh

image
select the Oracle Identity Manager — 12.2.1.3.0 [idm] template, along with the following dependencies:
• Basic WebLogic Server Domain
• Oracle SOA Suite — 12.2.1.3.0
• Oracle Enterprise Manager — 12.2.1.3.0 [em]
• Oracle WSM Policy Manager — 12.2.1.3 [oracle_common]
• Oracle JRF — 12.2.1.3.0 [oracle_common]
• WebLogic Coherence Cluster Extension — 12.2.1.3.0
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image

Post Configuration
After you configure the Oracle Identity Governance domain, run the offlineConfigManager script to perform post configuration tasks.

Set the following environment variables to the right values:

[oracle@oel1 bin]$ export JAVA_HOME=/u02/java/jdk1.8.0_141
[oracle@oel1 bin]$ export DOMAIN_HOME=/u02/oracle/config/Domain_Home/OIG_Domain

Ensure that you have execute permissions for the file OIM_HOME/server/bin/ offlineConfigManager.sh

[oracle@oel1 bin]$ ls -alrt | grep offlineConfigManager
-rw-r—–.  1 oracle oracle  3739 Aug 21  2017 offlineConfigManager.sh
-rw-r—–.  1 oracle oracle  2569 Aug 21  2017 offlineConfigManager.bat
[oracle@oel1 bin]$ chmod +x offlineConfigManager.sh
[oracle@oel1 bin]$ ls -alrt | grep offlineConfigManager
-rwxr-x–x.  1 oracle oracle  3739 Aug 21  2017 offlineConfigManager.sh
-rw-r—–.  1 oracle oracle  2569 Aug 21  2017 offlineConfigManager.bat
[oracle@oel1 bin]$

Execute

[oracle@oel1 bin]$ ./offlineConfigManager.sh

Start Server

[oracle@oel1 bin]$ cd /u02/oracle/config/Domain_Home/OIG_Domain/bin
[oracle@oel1 bin]$ nohup ./startNodeManager.sh &
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &

Start Managed servers from Weblogic Console: http://oel1.mylab.com:7021/console
image

Integrate Oracle Identity Governance with SOA
Go to enterprise manager
http://oel1.mylab.com:7021/em

firefox_2018-03-13_15-55-52
In the search box, enter OIMSOAIntegrationMBean, and click Search
firefox_2018-03-13_15-56-53
Go to the Operations tab of mbean, and select integrateWithSOAServer.
firefox_2018-03-13_15-58-02
Enter the required attributes and click Invoke.
XWin_MobaX_2018-03-13_16-06-46

Consoles
Identity Console: http://oel1.mylab.com:14000
XWin_MobaX_2018-03-13_16-08-08

Sysadmin Console: http://oel1.mylab.com:14000/sysadmin/
XWin_MobaX_2018-03-13_16-09-15

Troubleshoot:
If you face below error while creating schemas

ERROR – RCU-6107 The database initialization parameter prerequisite check failed.
CAUSE – RCU-6107 The database initialization parameter prerequisite check failed for open_cursors.
Current Value is 500. It should be greater than or equal to 800.

Check with DB Team to set the processes and open_cursors to 500 at database and restart

SQL> alter system set open_cursors=800 scope=spfile;

Oracle Access Management WebGate on OHS 12c

Pre- Requisite:
– OAM 12c installed and configured : https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/
– OHS 12c installed and configured : https://oraidam.wordpress.com/2018/03/10/oracle-http-server-12c-12-2-1-3-in-collocated-mode/

Configure WebGate on OHS 12c

[oracle@oel1 deployWebGate]$ cd /u01/oracle/product/Oracle_Home/webgate/ohs/tools/deployWebGate

[oracle@oel1 deployWebGate]$ ./deployWebGateInstance.sh -w /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1 -oh /u01/oracle/product/Oracle_Home

image

Verify webgate directory

[oracle@oel1 deployWebGate]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1
[oracle@oel1 ohs1]$ ll

image

Edit HTTP conf file

[oracle@oel1 InstallTools]$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/u01/oracle/product/Oracle_Home/lib

[oracle@oel1 InstallTools]$ cd /u01/oracle/product/Oracle_Home/webgate/ohs/tools/setup/InstallTools/

[oracle@oel1 InstallTools]$ ./EditHttpConf -w /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1 -oh /u01/oracle/product/Oracle_Home

image

Register the WebGate with OAM

Login to OAM console
http://oel1.mylab.com:7011/oamconsole

Click on SSO Agent Registration

XWin_MobaX_2018-03-06_15-12-08
Specify Agent Type as Webgate and click Next.
Fill in the details for webgate as shown below
image
Click Finish.
Then click on download and save the file.
XWin_MobaX_2018-03-06_15-15-51

Copy the zip file to ohs_instance/webgate/config and unzip

[oracle@oel1 Downloads]$ cp OHS12c_WebGate.zip /u01/oracle/config/Domain_Home/ODS_Domain/config/fmwconfig/components/OHS/ohs1/webgate/config/
[oracle@oel1 Downloads]$ unzip OHS12c_WebGate.zip

Restart Servers

[oracle@oel1 Downloads]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin/
[oracle@oel1 bin]$ ./stopComponent.sh ohs1
[oracle@oel1 bin]$ ./stopManagedWebLogic.sh oam_policy_mgr1
[oracle@oel1 bin]$ ./stopManagedWebLogic.sh oam_server1
[oracle@oel1 bin]$ ./stopWeblogic.sh

[oracle@oel1 bin]$ ./startWeblogic.sh
[oracle@oel1 bin]$ ./startManagedWebLogic.sh oam_server1
[oracle@oel1 bin]$ ./startManagedWebLogic.sh oam_policy_mgr1
[oracle@oel1 bin]$ ./startComponent.sh ohs1

Test
Access OHS : http://oel1.mylab.com:7777
User will be redirected to OAM login page

XWin_MobaX_2018-03-06_15-59-05XWin_MobaX_2018-03-06_15-59-31

Oracle HTTP Server 12c 12.2.1.3 in collocated mode

Installing OHS 12c in collocated mode requires installing Oracle fusion middleware infrastructure followed by OHS 12c installation and configuration.

Check below post section “Install Infrastructure 12c” for installing Oracle fusion middleware
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

then follow below steps for installing and configuring OHS 12c.

Install OHS 12c

[oracle@oel1 OHS12c]$ unzip fmw_12.2.1.3.0_ohs_linux64_Disk1_1of1.zip
[oracle@oel1 OHS12c]$ ./fmw_12.2.1.3.0_ohs_linux64.bin

image
image
image
image
image
image

Configure HTTP Server

[oracle@oel1 OHS12c]$ cd /u01/oracle/product/Oracle_Home/oracle_common/common/bin/
[oracle@oel1 bin]$ ./config.sh

I am going to update existing domain which I created for OID in below post.
https://oraidam.wordpress.com/2018/03/08/oracle-internet-directory-12c-12-2-1-3-in-collocated-mode/

However, if you don’t have one you can create new domain. (Note: You need to create schemas if you are creating a new domain)

image
Select Oracle HTTP Server (Collocated)
image
image
image
image
Add new components ohs1 and specify component type as OHS
XWin_MobaX_2018-03-06_14-25-02XWin_MobaX_2018-03-06_14-26-37
XWin_MobaX_2018-03-06_14-27-09XWin_MobaX_2018-03-06_14-27-38XWin_MobaX_2018-03-06_14-28-30
image
image

Start Servers

Start Node manager

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin
[oracle@oel1 bin]$ nohup ./startNodeManager.sh &

image

Start Admin server

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &

image

Start OHS

[oracle@oel1 bin]$ cd /u01/oracle/config/Domain_Home/ODS_Domain/bin[oracle@oel1 bin]$ ./startComponent.sh ohs1

image

Verify
http://oel1.mylab.com:7777/
image

Oracle Access Manager 12c 12.2.1.3 in collocated mode

To install OAM in collocated mode, we must first install Oracle Fusion Middleware Infrastructure 12c followed by Oracle Access Manager 12c. Infrastructure and and OAM must be installed in same Oracle Home.

Directory Structure

[oracle@oel1 /]$ cd /u02/
[oracle@oel1 u02]$ mkdir -p oracle/product/Oracle_Home
[oracle@oel1 u02]$ mkdir -p oracle/config/Domain_Home
[oracle@oel1 u02]$ mkdir -p oracle/config/Application_Home

[oracle@oel1 u02]$ tree oracle/
oracle/
├── config
│   ├── Application_Home
│   └── Domain_Home
└── product
     └── Oracle_Home

Install Infrastructure 12c

[oracle@oel1 OAM12c]$ unzip fmw_12.2.1.3.0_infrastructure_Disk1_1of1.zip
[oracle@oel1 OAM12c]$ java -jar fmw_12.2.1.3.0_infrastructure.jar

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.
image
image_thumb6

Install Oracle Access Manager 12c

[oracle@oel1 OAM12c]$ unzip fmw_12.2.1.3.0_idm_Disk1_1of1.zip
[oracle@oel1 OAM12c]$ java -jar fmw_12.2.1.3.0_idm.jar

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.
image
image
image
image

Create Schemas

[oracle@oel1 Oracle_Home]$ cd /u02/oracle/product/Oracle_Home/oracle_common/bin/
[oracle@oel1 bin]$ ./rcu

image
image
select the Oracle Access Manager schema.
This action automatically selects the following schemas as dependencies:
• Common Infrastructure Services (STB)
• Oracle Platform Security Services (OPSS)
• Audit Services (IAU)
• Audit Services Append (IAU_Append)
• Audit Services Viewer (IAU_Viewer)
• Metadata Services (MDS)
• WebLogic Services (WLS)
image
image
image
image

Configure OAM Domain

[oracle@oel1 bin]$ cd /u02/oracle/product/Oracle_Home/oracle_common/common/bin
[oracle@oel1 bin]$ ./config.sh

image
select the template Oracle Access Management Suite. Selecting this template automatically selects the following as dependencies:
• Oracle Enterprise Manager
• Oracle JRF
• WebLogic Coherence Cluster Extension
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image

Start Servers

[oracle@oel1 bin]$ cd /u02/oracle/config/Domain_Home/OAM_Domain/bin
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &

image

[oracle@oel1 bin]$ cd /u02/oracle/config/Domain_Home/OAM_Domain/bin
[oracle@oel1 bin]$ nohup ./startNodeManager.sh &

image

Login to weblogic console
http://oel1.mylab.com:7011/console
Go to Servers –> Control
Select the server and click Start
image
image

OAM Console: http://oel1.mylab.com:7011/oamconsole
image
image

OHS Add X-Content-Type-Options Header

Missing X-Content-Type-Options header increases exposure to drive-by download attacks.

This post covers adding X-Content-Type-Options header to OHS.

Edit $INSTANCE_HOME/INSTANCE_NAME/config/OHS/INSTANCE_NAME/httpd.conf

Ensure mod_headers.so is enabled

LoadModule headers_module “${ORACLE_HOME}/ohs/modules/mod_headers.so”

Add below line

Header set X-Content-Type-Options nosniff

Restart OHS

Verify
1