Oracle Identity Manager 12c 12.2.1.3 in collocated mode

To install OIM in collocated mode, we must first install Oracle Fusion Middleware Infrastructure 12c followed by Oracle identity Manager 12c. Infrastructure and and OIM must be installed in same Oracle Home.

Directory Structure

[oracle@oel1 /]$ cd /u02/
[oracle@oel1 u02]$ mkdir -p oracle/product/Oracle_Home
[oracle@oel1 u02]$ mkdir -p oracle/config/Domain_Home
[oracle@oel1 u02]$ mkdir -p oracle/config/Application_Home

[oracle@oel1 u02]$ tree oracle/
oracle/
├── config
│   ├── Application_Home
│   └── Domain_Home
└── product
     └── Oracle_Home

Install Infrastructure 12c
Refer below post section “Install Infrastructure 12c”
https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/

Install Oracle Identity Manager 12c
Refer below post section “Install Oracle Access Manager 12c”
https://oraidam.wordpress.com/2018/03/10/oracle-access-manager-12c-12-2-1-3-in-collocated-mode/

Install SOA 12c

[oracle@oel1 SOA12c]$ java -jar fmw_12.2.1.3.0_soa_quickstart.jar

Navigate through installation screens clicking Next, select or browse to correct Oracle Home on Installation Location screen.image
image
image

Verify Memory Settings

Edit /etc/security/limits.conf

#OIM Memory Settings
oracle soft nofile 32767
oracle hard nofile 327679

Ensure that you set UsePAM to Yes in the /etc/ssh/sshd_config file.

Note: Before you start the Oracle Identity Governance 12c Server, post configuration, run the following command to increase the limit of open files, so that you do not run into memory issues: limit maxproc 16384

Oracle Database 12c Pre requisite

The following packages must be installed as SYS user on Oracle databases prior to creating Oracle Identity Management schemas:
DBMS_SHARED_POOL
XAVIEWS

To create the above packages, run the below SQL files from the $ORACLE_HOME/rdbms/admin directory as the SYS user for the connected database (regular or PDB).
dbmspool.sql
prvtpool.plb
xaview.sql

[oracle@oel1 ~]$ cd /u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/
[oracle@oel1 admin]$ sqlplus
SQL> conn sys@pdb as sysdba

SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/dbmspool.sql
SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/prvtpool.plb
SQL> @/u01/app/oracle/product/12.1.0.2/db_1/rdbms/admin/xaview.sql

Note:
For Database12c CDB config: execute xaview.sql from PDB SYS user
For Database12c NON-CDB config: execute xaview.sql from CDB SYS user

Create Schemas

[oracle@oel1 Oracle_Home]$ cd /u02/oracle/product/Oracle_Home/oracle_common/bin/
[oracle@oel1 bin]$ ./rcu

image
image
select the Oracle Identity Governance schema. This action automatically selects the following schemas as dependencies:
• User Messaging Service (UMS)
• Metadata Services (MDS)
• Oracle Platform Security Services (OPSS)
• Audit Services (IAU)
• Audit Services Append (IAU_Append)
• Audit Services Viewer (IAU_Viewer)
• WebLogic Services (WLS)
• Common Infrastructure Services (STB)
• SOA Infrastructure (SOAINFRA)
image
image
image
image
image
image

Configure Oracle Identity Governance Domain

[oracle@oel1 bin]$ cd /u02/oracle/product/Oracle_Home/oracle_common/common/bin/
[oracle@oel1 bin]$ ./config.sh

image
select the Oracle Identity Manager — 12.2.1.3.0 [idm] template, along with the following dependencies:
• Basic WebLogic Server Domain
• Oracle SOA Suite — 12.2.1.3.0
• Oracle Enterprise Manager — 12.2.1.3.0 [em]
• Oracle WSM Policy Manager — 12.2.1.3 [oracle_common]
• Oracle JRF — 12.2.1.3.0 [oracle_common]
• WebLogic Coherence Cluster Extension — 12.2.1.3.0
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image

Post Configuration
After you configure the Oracle Identity Governance domain, run the offlineConfigManager script to perform post configuration tasks.

Set the following environment variables to the right values:

[oracle@oel1 bin]$ export JAVA_HOME=/u02/java/jdk1.8.0_141
[oracle@oel1 bin]$ export DOMAIN_HOME=/u02/oracle/config/Domain_Home/OIG_Domain

Ensure that you have execute permissions for the file OIM_HOME/server/bin/ offlineConfigManager.sh

[oracle@oel1 bin]$ ls -alrt | grep offlineConfigManager
-rw-r—–.  1 oracle oracle  3739 Aug 21  2017 offlineConfigManager.sh
-rw-r—–.  1 oracle oracle  2569 Aug 21  2017 offlineConfigManager.bat
[oracle@oel1 bin]$ chmod +x offlineConfigManager.sh
[oracle@oel1 bin]$ ls -alrt | grep offlineConfigManager
-rwxr-x–x.  1 oracle oracle  3739 Aug 21  2017 offlineConfigManager.sh
-rw-r—–.  1 oracle oracle  2569 Aug 21  2017 offlineConfigManager.bat
[oracle@oel1 bin]$

Execute

[oracle@oel1 bin]$ ./offlineConfigManager.sh

Start Server

[oracle@oel1 bin]$ cd /u02/oracle/config/Domain_Home/OIG_Domain/bin
[oracle@oel1 bin]$ nohup ./startNodeManager.sh &
[oracle@oel1 bin]$ nohup ./startWebLogic.sh &

Start Managed servers from Weblogic Console: http://oel1.mylab.com:7021/console
image

Integrate Oracle Identity Governance with SOA
Go to enterprise manager
http://oel1.mylab.com:7021/em

firefox_2018-03-13_15-55-52
In the search box, enter OIMSOAIntegrationMBean, and click Search
firefox_2018-03-13_15-56-53
Go to the Operations tab of mbean, and select integrateWithSOAServer.
firefox_2018-03-13_15-58-02
Enter the required attributes and click Invoke.
XWin_MobaX_2018-03-13_16-06-46

Consoles
Identity Console: http://oel1.mylab.com:14000
XWin_MobaX_2018-03-13_16-08-08

Sysadmin Console: http://oel1.mylab.com:14000/sysadmin/
XWin_MobaX_2018-03-13_16-09-15

Troubleshoot:
If you face below error while creating schemas

ERROR – RCU-6107 The database initialization parameter prerequisite check failed.
CAUSE – RCU-6107 The database initialization parameter prerequisite check failed for open_cursors.
Current Value is 500. It should be greater than or equal to 800.

Check with DB Team to set the processes and open_cursors to 500 at database and restart

SQL> alter system set open_cursors=800 scope=spfile;

Advertisements

Automated deployment of OIM 11gR2 PS3

For Oracle Identity and Access Management 11g Release 2 (11.1.2.3), the LCM Tools automated installation capabilities are available only for single-host scenarios. The tools can be used to evaluate and test the Oracle Identity and Access Management software and should be used for proof-of-concept and demonstration purposes only.

OIM only topology: https://docs.oracle.com/cd/E52734_01/core/IDMPV/intro.htm#IDMPV113

When you download and unpack the archives for Deployment Repository distribution, you end up with a directory structure that contains a software repository. Within this repository are all the software installers required to install and configure Oracle Identity Manager, as well as the Oracle Identity and Access Management Life Cycle Management Tools.

Directory Structure: https://docs.oracle.com/cd/E52734_01/core/IDMPV/preprov.htm#IDMPV109

image

System Requirements
OS: Oracle Linux 7
Kernel Parameters (file location /etc/sysctl.conf)

kernel.sem=256 32000 100 142
kernel.shmmax=10737418240 or higher

Run as root

/sbin/sysctl -p

Open File Limit (file location /etc/security/limits.conf)

* soft  nofile  4096
* hard  nofile  65536
* soft  nproc   2047
* hard  nproc   16384

Reboot machine to reflect limits
http://docs.oracle.com/html/E38978_01/r2_im_requirements.htm

Installation Screenshots

Run installer from

/u01/REPOS_HOME/installers/idmlcm/Disk1/runInstaller.sh

Screenshot from 2015-06-09 19%3A20%3A53

Note: If below error encountered install lsb rpms (yum install lsb)

Cannot run program “lsb_release”: error=2, No such file or directory

Screenshot from 2015-06-09 19%3A22%3A23

Screenshot from 2015-06-09 19%3A23%3A26

Screenshot from 2015-06-09 19%3A23%3A34

Screenshot from 2015-06-09 19%3A23%3A51

Screenshot from 2015-06-09 19%3A24%3A06

Screenshot from 2015-06-09 19%3A24%3A10

Screenshot from 2015-06-09 19%3A25%3A54

Screenshot from 2015-06-09 19%3A25%3A58

Screenshot from 2015-06-12 11%3A17%3A12

Screenshot from 2015-06-12 10%3A54%3A24

Screenshot from 2015-06-12 10%3A54%3A34

Screenshot from 2015-06-12 10%3A54%3A48

Screenshot from 2015-06-12 10%3A55%3A19

Screenshot from 2015-06-12 10%3A55%3A30

Screenshot from 2015-06-12 10%3A55%3A42

Screenshot from 2015-06-12 11%3A01%3A10

Screenshot from 2015-06-12 11%3A02%3A40

Screenshot from 2015-06-12 11%3A02%3A53

Screenshot from 2015-06-12 11%3A03%3A38

Screenshot from 2015-06-12 11%3A05%3A32

Screenshot from 2015-06-12 11%3A05%3A39

Screenshot from 2015-06-12 11%3A05%3A45

Screenshot from 2015-06-12 11%3A05%3A59

Screenshot from 2015-06-12 11%3A06%3A11

Screenshot from 2015-06-12 11%3A17%3A12

Screenshot from 2015-06-12 11%3A17%3A27

Screenshot from 2015-06-12 11%3A17%3A43

Screenshot from 2015-06-12 11%3A17%3A51

Screenshot from 2015-06-12 11%3A17%3A58

Screenshot from 2015-06-12 11%3A18%3A03

Screenshot from 2015-06-12 11%3A18%3A08

I encountered below error

Screenshot from 2015-06-12 11%3A20%3A28

Screenshot from 2015-06-12 11%3A20%3A36

Screenshot from 2015-06-12 11%3A21%3A01

Screenshot from 2015-06-12 11%3A21%3A11

Screenshot from 2015-06-12 11%3A22%3A39

Screenshot from 2015-06-12 11%3A22%3A55

Screenshot from 2015-06-12 11%3A26%3A28

Complete the action plan given in above health check screen shot. Close the installer (clean up and restore). Restart installer with same deployment response file.

Screenshot from 2015-06-12 13%3A31%3A46

Screenshot from 2015-06-12 14%3A02%3A15

Screenshot from 2015-06-12 14%3A49%3A46

Screenshot from 2015-06-12 15%3A25%3A57

Screenshot from 2015-06-12 16%3A02%3A27

Screenshot from 2015-06-12 16%3A21%3A56

Screenshot from 2015-06-12 17%3A59%3A41

Screenshot from 2015-06-12 18%3A01%3A31

Screenshot from 2015-06-12 18%3A01%3A41

Screenshot from 2015-06-12 18%3A01%3A48