Oracle Identity and Access Management 11.1.2.3 Installation and Configuration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone the Saddam Allah here today I will show you how to install and configure Oracle Identity and Access Management 11 1 2 3 version a replied Indian access management suit has many components all like Oracle Identity Manager or core access manager Oracle adapt to access manager entitlements were privileged account manager and Oracle access management mobile I'll be configuring the main and most commonly used components today which are Oracle Identity Manager and Oracle access manager let me briefly tell you about these two components before jumping into the installation process Oracle Identity Manager is used to manage identities so that's nothing but users on their privileges it also provides self-service and password management functionalities and it automates the process of creating updating and deleting user accounts and it's capable of synchronizing identities from different sources like LDAP servers and databases and oim acts as a central management system from which you can manage identities from different sources this process of synchronization is called as reconciliation and OAM also provides extensive auditing capabilities it helps administrators to keep track of what changes are done by who and when and in what context why'm comes with built-in bi publisher as well or for reporting functionalities now coming to the access manager access manager is an enterprise single sign-on solution it provides authentication and authorization capabilities for web bar or desktop applications it provides SSO capabilities which eliminates the need for multiple authentications it basically adds a filter called as web gate in front of web server or application server which basically filters all HTTP requests and bypasses it to access manager which authenticates and authorized 'as the end-user before passing the request to the application this web gate is a component which is installed on each application server or web server where the protected application is hosted and all these web gates will be talking to a central access manager server which can be configured as a single node or clustered node based on the policies set by the administrator ym allows or restricts access sort of applications and Wayne can also be integrated with any LDAP server to act as user store for authentication purposes and we can also integrate Oracle Identity Manager on Oracle access manager when these two components are integrated OEM adds user and password management capabilities to OAM like forgot password or forgot user ID setting challenge questions and answers self registration and password policy management etc for this integration we need to enable something called as LDAP synchronization feature which I'll be showing as well during ym configuration today this synchronization happens in both directions that is when you make changes directly in the backend LDAP you can see those changes in no a.m. and vice-versa that's a brief overview of Oracle Identity Manager and Oracle access manager now let me tell you about the environment we'll be building today I will be using Oracle Linux 6 virtual machine first we'll create a middleware home by installing Oracle WebLogic server 10 dot 3.6 and in the same middleware home we'll be installing Oracle Java Suite 11 1 1 9 version so what suit is required only for Oracle Identity Manager and will be used for our approval workflows if you don't intend to use om you can skip past or suit installation next we'll be installing Oracle Identity and Access Management product again in the same middleware home once the product boundaries are installed we'll be creating oh I am domain inside which will have an admin server wls om which our identity manager and wls underscore so ah it is so a suit managed server and we'll have wls underscore VIP which is business intelligence publisher used for reporting and I will have wls underscore om which is Oracle access manager and we'll also have what I am p.m. which is om policy manager and finally MSM which is mobile security manager MSM is optional here but it's advisable to create it otherwise you'll get a lot of errors while starting up admin server I have my Oracle database loving 204 already installed on my old machine which I'll be using to store Y in schema I also have my LDAP that is Oracle unified directory already installed which I'll use to show you how to enable and configure LDAP synchronization feature if you want to know how to set up what you do from scratch please watch my video on o UD I leave the link in the description and I also have jdk 1.7 installed on my virtual machine make sure you are using a 1.7 of jdk 1.8 is not fully supported and you might get issues during why I'm configuration if you're using jdk 1.8 so better go with 1 or 7 and this is the software we'll be needing today for Oracle Identity and Access Management you need to download three zip files and you need to download two zip files for so a suit and WebLogic server generic jar file you also need the ass you version 11 one one nine to create our repository and before installing make sure these operating system packages are installed on your server or virtual machine the packaged version should be equal to or higher than the version specified here please do visit my blog on this topic for the list of all these packages and commands I will be using in this video along with the screenshots I'll leave the link in the description or you can click on the information icon on top right corner of this video so let's get started with the repository creation first make sure your database is running so here I am in my a software directory we have already extracted all the software here so I'm navigating to ah see you I see you bin and then execute repository creation utility ok this is the welcome screen of our see you click Next here and select create here you need to provide the database details so in my case my host name is Oracle ionic 6 port 1 Phi 2 1 so his name is Ross he'll then you need to use sis user here and then your sis password now the DB prerequisites will be done make sure all the prerequisites are successful click OK here you need to provide a new prefix I'll call mine as who I am and then expand identity management and we'll be configuring identity manager access manager on mobile security manager so select identity manager you can see that other dependent schemas will be selected automatically then select access manager and mobile security manager so the dependent schemas or metadata services audit services platform security services and then bi platform and so our infrastructure and ums that is user messaging service so make sure all these components are selected here and click Next and now the component specific prerequisites will be done make sure everything is successful here and click OK now you need to provide the password for your schema you can either use same password for all the schema or we can use a different password for each schema this is the tablespace screen so you can accept the default tablespaces or else you can customize your table spaces by clicking on this manage table spaces button so I am going ahead with the default table spaces click Next and then it will ask you for the confirmation to create the table spaces click OK now the table spaces creation process will start okay now the tablespace creation is complete click OK this is the summary screen you can click create now the actual repository your creation process will start it should take approximately a couple of minutes I'll just pause the video here and I will get back when it's complete okay now the repository creation process complete it took around 4 minutes 50 seconds so you can click close here now we need to create a new middleware home by installing Oracle WebLogic server so at this stage you need to make sure that your raw Java environment is set properly so this is my JDK path so now get to software directory on an execute Java - jar and then your logic jar file name so this is the WebLogic installations welcome screen click Next here you need to provide the path for your new middleware home I'll call - you 0 1 app Oracle product fmw and click Next you can uncheck the security updates here then you can select the typical installation which installs WebLogic server and oracle coherence and then verify your raw jdk path and click Next and these are your Rob logic and coherence directories you can leave them as default or if you want you can change it here this is the summary screen click Next here and then your raw installation should begin ok now the installation is complete and check run quick start and click done so now our middleware home is created next we need to install Oracle so a suit so now get to your source software directory disk one and execute run installer along with the JRE location - tre elbow C and then your JRE or raw and Jerrica location okay this is over Sutra installations our welcome screen click Next here can skip software updates and click Next now the prerequisite checks will be performed make sure all the prerequisites are met here I'll click Next here you need to provide the same middleware whom you store during our WebLogic installation and then you can provide the name for your raw so Oracle home directory I'll call - Oracle underscores over and click Next and you need to select your application so over here so in our case it's WebLogic server click Next this is a summary screen and click install ok now the installation is complete click Next here and then finish now we need to install our Oracle Identity and Access Management software so go to your software directory again and then disc one connects your uninstall along with the JRE location okay this is the welcome screen click Next skip software updates and then click Next make sure all the prerequisites are successful here you need to provide the same middleware home again and a name for your Oracle home I'll call - Oracle underscore oh I am that's our own identity and access management and click Next and install so this will install all the product binaries into the same middleware home and after this installation we'll be creating a domain and configuring identity manager and access manager so I'll pause the video here and I'll get back when it's done okay now the identity and access management installation process complete and click Next and then finish now we need to create a domain for our Oracle Identity and Access Management so now get to I am home let's use 0 1 app Oracle product fmw Oracle underscore Oia and then common bin so you need to run the configuration script from this directory and this is your domain configuration wizard so select create new WebLogic domain and click Next here we need to select Oracle Identity Manager template and Oracle access management on mobile security suit template so as you can see all the dependent or templates will be automatically selected at circle so uh suit Enterprise Manager bi publisher and bi JDBC WSM Policy Manager GRF platform security services so once these templates are selected and click Next here you need to provide a name for your domain I'll call - oh I am domain and I'll leave the domain location and application location as default which is under your Fusion Middleware user projects domains and applications now you need to provide a password for your logic administrator that is WebLogic click Next here you need to select a mode for your domain startup I'll go with production mode and verify your JDK and click Next here you need to provide details of your OEM schema so I will select all the schema here and then provide the common are details the DBMS our service is all sealed and then my host name is Oracle Linux 6 the port is 1 phi2 one schema password is same for all the schema and then I'll select a one by one and provide the schema owner so let me unselect you can just replace this div with your schema prefix in my case it's over a so I'll select one by one and change the prefix okay so I have provided all my schema details here and then click Next now the JDBC connection test will be performed make sure all the tests are successful here and click Next here you need to select admin server and manage service clusters and machines click Next so you need to provide name listen address and all is on port for your rom admin server i'll leave where everything has default if you want you can change the values here you need to configure your managed service here so i'll just rename my managed service and call WL s underscore am WL s underscores / WL s underscore who MSM that's our mobile security manager and then WL s underscore OAM p.m. that's our OEM Policy Manager then WL s underscore oh I am let's all call identity manager and then WL s underscore VIP that's bi publisher I leave the listen Pozzo as default if you want you can change them click Next here you can configure the clusters for the sake of demo I will just create a single node clusters so let's say om cluster oh I am cluster VIP cluster or am/pm cluster OMS em cluster and then SWA cluster then click Next and add the managed service into their respective clusters so B IP will go into be ap cluster OAM into om cluster o am/pm into AM PM cluster who I am o MSM this is not mandatory for your test environments I am just doing it for the sake of demo and finally so I will go into so a cluster click Next next we need to configure a machine so as we are using or Linux so I'll just create a UNIX machine so go to UNIX machine tab and then click Add you can rename your machine I'll just call - Oracle Linux 6 and you can leave the port the default value if you only can change it here and then I'll assign my your managed service to the newly created UNIX machine and click Next and this is the configuration summary screen and click create now the domain creation will begin ok now the domain creation process is complete you can click done here once the domain is created before starting the domain for the first time we need to create a database or security store using a configure security store dot py script so this should be executed once per domain if you have created a separate domains for om and om if you Dex get it for both the domains in my case I have why I am and I am in the same domain so I'll execute it once so navigate to Oracle common common bin that's you 0 1 app Oracle product fmw or a two common common bin and you need to execute configure security stored or py script using W listing so I'll execute WL st dot SH and then the part of your py script that's you 0 1 app Oracle product fmw and then our Columbus core why a common tools so this is the location of your py script next you need to provide the path of your domain using - T option that's - D then now let me copy the path fmw user projects domains OAM domain next you need to provide the component name using - C option in our case the component is I am that's I am next you need to provide a password for your database security store using - P option I'll just give my password s working and then you need to provide the mode using - M so here you have two types of modes you can either create a new database security store or you can join an existing database security store so if we have already created a database security store you can add this domain to the same security store so in our case we are creating a new database security store so I'll use - M create option it'll connect to your database and create database security store ok you should see this create operation has completed successfully so now our database security store is created now we can start up our domain admin servers and manage servers before that we need to create a boot or properties file so let me go to my domain home that's user projects domains OAM domain and then I'll create a security directory mkdir - P service admin server and then security and I'll create boudoir properties under security that's VI dot properties and you need to provide your WebLogic username and password here username is equal to WebLogic and your password save this wife now you can start your admin server using start with logic dot message so you can tain the log till take a couple of minutes so I'll just pause the video here and I will get back when our admin server is started completely okay my admin server is started in running mode now next we need to start our raw node manager before starting node manager it's mandatory to execute set an improv strata such a script otherwise you might get a lot of errors while starting up your managed service so let me execute set and M props now so you need to execute it from Oracle common common bin so that's Oracle common common bin and then set an improper lot SH command so once this is set you can navigate to your raw WebLogic server so bin that will be under your Fusion Middleware WL server 10.3 so our bin then execute start node manager dot Sh okay as you can see my node manager is started on both triple five six now let's access the WebLogic our administration comes soon and start our raw managed service okay that will be Oracle Linux six seven thousand one console log in with your raw WebLogic credentials now get to service okay these are the managed service we created I'll just start I am related manage servers so go to your control tab select om o AM PM and OMS then click start click YES on the confirmation screen this should take around five five minutes maybe so I'll just pause the video here and get back when it's done okay as you can see all my managed services started it took around 15 minutes for all these three minute servers to start now let's verify om consoles so in lovin dot 1.2.3 version we have two consoles the regular Oracle access manager console running on admin server and OAM Policy Manager console running on am/pm managed server when console as you might know is the main administration console with full functionality of access manager and can be accessed at port 7001 / OAM console om policy manager console is deployed on om PM managed server and does not contain full functionality of M console it has only the policy administration functionality in addition to this you will have a mobile security manager and mobile security access server sections on this policy manager console and this can be accessed on port 1 4 1 5 0 / access so let's first login to om console now so that will be on Oracle Linux 6 7001 slash away in console and login with your raw WebLogic ID okay this is our OEM consoles homepage so from this console you can administer your rom access manager like creating application domains host identifier creating authentication authorization policies and so on now let's access policy manager or console or kalanick 6 and then 1 4 1 5 0 / axis okay this is your policy manager console so that's about oracle access manager so on my virtual machine I have a 12 GB of RAM but sometimes you might get out of memory exceptions when you have all 6 managed so was running on a virtual machine so to save some memory I will stop who I am related service so let me select OAM service and then shutdown okay now my I am servers are dumb so let me start oh I am related service so it's always better to start us off first before starting Hawaii because ym is our dependent on so so let me start so ah okay my so I started now and it took around eight minutes to start next I'll start w LS underscore oh I am actually can start oh I am and VIP together so let me start both of them these two should take around or 10 minutes I'll just pause the video yeah okay my I am and VIP managed services started no it took around 12 minutes to start so before configuring Oracle Identity Manager we need to do LDAP reconfiguration this is because I'm planning to enable LDAP sync so I need to reconfigure my LDAP ah in my case I am using Oracle unified directory as part of this pre configuration will be you're creating for containers in LDAP and adding some om specific schema to or ah oh you D so let's start the pre configuration now so let me start my oh you D so I have my OED instance created here I'll go to my bin directory oops and then start my oh you D so I have my Oracle unified directory running on port 1 3 8 9 and my base domain is DC is equal to i am comedy c is equal to comm so if you want to know how to configure oracle unified directory from scratch please do watch my video i'll leave the link in the description so my boy is started now so we need to create l defined with the containers I'll call my LD file as Who I am dot I'll differ and then you need to add these values so we have three containers here I have my people's container created during the installation itself so I'm not adding that people's container in my LD file here so people's container is used to store all your raw users and will be used for authentications and oh you is equal to groups contains the application groups which will be used for authorizations and reserve is the temporary container for users when a new user is created it will be first created under reserved container and will be moved to users or people's container once it's fully approved and then you have another container called as system IDs which is used to create system IDs such as oh I am admin and I am admin which are used to login to your OEM and OAM consoles after integration so let me save this file now let's execute LDAP modify command to add these containers to UD so - H that is our host name in my case Oracle Linux 6 and then - port that's 1 3 8 9 and then the administrator username of your raw o UD that's a - D in my case it's en is equal to directory manager then you need to provide the password and the file name - f oh I am dot LF so this will create all these containers in your raw Rho UD so if you want to verify your the creation process you can execute a lab search command again now - H - P and then - W the password and additionally you need to provide the base domain as well during the LDAP search that is - B in my case my base - - or DC is equal to o I am this is equal to calm and then your search string say for example let's search for raw for u is equal to deserve as you can see we have our reserve container created let me show you people container as well which God created during the installation this is how u is equal to people where we will be storing all our raw user IDs okay once your containers are created we need to import volumes specific schema to Oracle unified directory okay for that you need to navigate to your IDM tools directory first so that will be under your Fusion Middleware Oracle underscore Oh am i diem tools then so here you need to create a property file first so I'll call my properties file as prepare you can call anything prepare I restore properties let me copy the content so this is the content so but you'll be specifying the details of your row you D or whatever LDAP you're using so the ID store host in my case Oracle Linux 6 and then the port number the administrator username CN is equal to directory manager and then the username attributes and then your containers that is oh u is equal to people or U is equal to groups and then your base domain your system IDs container and then you are away a madman user so this admin user will be created in your row UD so if you are using UD you need to specify these last three lines if you are using any other LDAP you don't need these last three lines so these three are specific to IOD so this is your robbery administration port and then your o UD or keystore file and then you need to provide a password for your rom y UD key store so that will be under the same directory let me go to another console and the file name is admin key store dot pin so the password will be encrypted in this particular file so you need to provide this password in your prepare ID stored or props ok save this file okay once your raw properties file is created you need to execute IDM config tool dot asset script under the same directory so before that we need to set a couple of environment variables the first one is Oracle home export Oracle home is equal to plus u01 app Oracle product fmw and then you are ah why Emma Oracle home ok and the next one is middleware home so you need to set MW underscore home is equal to your fmw directory okay now you need to execute IDM config tool dot Sh that's not slash IDM convict to Lotus H and then flag - prepare I restore and then mode is equal to o a.m. and then your input file that is prepare I restored or properties okay it's not input file its input underscore file so it will ask you for your directory manager password that's nothing but your raw or the administrator password and then you need to set a new password for your wrong oh I am admin and then confirm your password and the script will import oh I am specific schema to your oh you D now we can start our OEM configuration so before starting we need to set domain home environment variable so let me save that export domain underscore home is equal to u 0 1/2 Oracle product with NW use the project's domains ym domain so this is my domain home so once this environment variable is set you can navigate to your oh I am bin directory so that's our fmw oracle underscore oh I am /bin and then execute config dot Sh so this is oh I am configuration wizard so click next on the welcome screen here you need to select the component you want to configure in my case I'm selecting oh I am server click Next and then you need to provide the schema details so the connection string would be Oracle Linux 6 : port 1 Phi 2 1 and then service name was here and then my om schema name would be om underscore om that is nothing but your raw suffix which we have provided during your ROM RCU or deposit Recreation and provides the password for your schema and then again same for MDS that would be oh I am underscore MDS and then the password next you need to provide your WebLogic admin server details so in my case it is Oracle Linux 6 : 7000 won and then your WebLogic username and password here you need to provide the password for ym administrator that is nothing but x CL c CA diem which is the super user of y and 4 ym HTTP URL if you have load balancer in front of him you need to provide a load balancer URL here otherwise you can provide om managed server URL so in my case it is Oracle Linux 6 : 1 for raw triple 0 and 400 m external print end URL if volume is not print ended with any HTTP server you can leave this field blank or else provide your web server URL that is HS front in url so in our case we don't have any voyages in front of M so I am leaving this field as blank and then I'm selecting enable ym for suit integration as I'm planning to enable law LDAP sync it's mandatory that you need to perform a previous step where we pre configured LDAP if you want to enable LDAP sync and then click Next next you need to specify the details of your LDAP in my case it's oh you D ok you can confer any compatible LDAP like Hawaii or Oda see that is directory server Enterprise Edition Active Directory or Oracle virtual laboratory so in my case I am selecting oh you D you can specify any us over ID it does not matter so I will just leave it as default and then your Ross our URL a lab colon slash slash Oracle Linux 6 and then port 1 3 8 9 then the user administrator user would be C n is equal to directory manager and then your round directory manager password and then your search DN so I'll just give my base VM DC is equal to oh I am comma this is equal to so you will get a warning saying that you should have supported a directory server and we have done the reconfiguration of LDAP so we have done that already so you can click OK here now you need to provide the containers here so for role container that's nothing but our groups container that is why u is equal to groups comedy C is equal to com1 DS sorry this is equal to oh I am comedy C is equal to calm next our user container would be over U is equal to people then that is that oh container that is oh you is equal to reserve so provide these containers and click Next this is your configuration summary screen can verify the details here and click configure and this configuration process again will take around 10 to 15 minutes approximately so you can monitor the log file here this is the log file location for any errors during the configuration process I will pause the video here and I will come back when the configuration process is complete okay the configuration process is complete now you can click Next here and then finish and once your OEM configuration is complete we need to execute one last trip that's LDAP post configuration and this LDAP post configuration is required only if we have enabled LDAP sink during om configuration so this utility enables LDAP sink related reconciliation jobs which are visible by default in om it also retrieves the last change number from UD or whatever Rob LDAP you are using and updates the reconciliation jobs so the synchronisation jobs will be based on this change number so let's execute the post configuration utility now so before that you need to set some environment variables so these are the environment variables which we need to set my upon risk or server is equal to AB logic and then your raw Java home and middleware home who I am Oracle home that's nothing but you are wrong oh I am home and then your WebLogic home WL underscore home and finally domain home so it's mandatory or to set these environment variables before executing post configuration so once the environment variables were set you need to navigate to slash u01 app Oracle product fmw and then you are Oracle underscore Oh a server LDAP configurable so here you will have a properties file called as LDAP configured props so we need to edit that properties file we need to provide a couple of parameters here so why am server type is wls you can leave it as it is next you need to provide ym provider URL that is nothing but your why a man is over URL so t3 colon slash slash Oracle Linux 6 and then your man it's our port 1 for triple 0 you can leave LDAP URL and LDAP admin username we don't need these two parameters these two are required only if you are using Oracle virtual directory so in our case we are using Oracle Unified directory so we don't need to specify these two parameters next we need to specify the path of your OVD library file so that will be under your rom fmw config OVD om so in our case it would be you 0 1 Oracle product fmw user projects domains oh I am domain config f MW config Rho VD / oh I so these are the parameters you need to provide in this properties file save the file and then you need to execute LDAP config post setup broad Sh so this is the script and then you need to provide the location of the properties file so here you need to provide the directory not the properties file itself and then execute this it will ask you for your I am admin password that's nothing but you are wrong XE LC Sadie and password which you have provided during your ROM I am configuration so provide your password now it will connect to a I am and enable LDAP sync related reconciliation jobs so the post set up dot asset script are completed successfully so as we don't have any changes in our raw LDAP the last change number would be your 0 which will be updated in the reconciliation jobs after running a LDAP configured up dot SH we need to restart to admin so over on all I am an it service so let me do that quickly ok now my admin server under manager was what we started it took around or 25 minutes to start off the whole la om stack so let's have a look at am soul snow ym has two consoles the main system administration console and self-service console system administration console will be running on port 1 for triple 0 so the colonic six one four triple zero slash sysadmin so you need to login with your ex ELC stadium and the password you provided during ym own figuration so this is the system administration homepage and this is the main administration console of OAM from this console you can administer all OAM policies you can administer system entities system configuration provisioning configuration and so on so that is our system administration console next let's see identity console or self-service console which will be running again on one for triple zero and then slash identity and during your first login you need to set your challenge questions and answers so this console can be accessed by any valid user in LDAP it's not just for X ELC sodium you can use any user ID to log into identity console so I'll just set my challenge questions and answers I'll just put some dummy values and then sub mech oops okay this is your identity self-service homepage and this is used for managing the self user profile like you're not changing your passwords updating your profile attributes etc and you can use this console to approve any pending requests if you are a manager or something you can view your profile under my information this is your basic user information you can modify this values your email ID display name etc then you can change your password from here you can change your challenge questions around sirs so that is your identity self-service console and that's it you know have a working Oracle Identity and Access Management environment or with our collide entity manager under access manager configured so if you have any questions please post them in the comments I'll try to answer them as soon as possible and please have a look at my blog on this topic for step-by-step instructions on the screenshots I leave the link in the description or I can click on the information icon on top right corner of this video I'll be making videos on how to protect web applications using OEM soon and also how to integrate om and om so please do subscribe to my youtube channel and my blog to get notified when it goes live hope you all liked the video and found it helpful if you did please hit that like button down below that's all for today bye for now and see you in the next one
Info
Channel: Prasad Domala
Views: 32,171
Rating: undefined out of 5
Keywords: configuration, installation, OAM, oiam, OIM, oracle access manager, oracle identity manager, rcu, soa suite, 11.1.2.3, identity management, access management
Id: vn6v9dphkaQ
Channel Id: undefined
Length: 56min 43sec (3403 seconds)
Published: Mon Apr 25 2016
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.