Pages

Sunday, May 20, 2018

Basics of IDAM

Basics of IDAM


Oracle Identity and Access Management (IDAM) components are Java applications deployed on WebLogic Server with database as repository. Consider the following components when starting and stopping an Oracle Identity and Access management server:

-One and only one Admin server
-One or more SOA Suite Managed servers
-One or more OIM Managed servers
-One or more OAM Managed servers
-Database server used as repository for Oracle Identity and Access Management
-Node Manager per machine (optional component)
-External LDAP server as User store (optional component)

Note
Oracle Access Manager's default identity store is an embedded LDAP server (shipped as part of WebLogic server). It is recommended to configure Oracle Access Manager's Identity Store to external LDAP server, such as Oracle Internet directory or Microsoft Active directory.

Top-level directories and HOMES used in Identity and Access Management:

Middleware Home: MW_HOME
WebLogic Home: WL_HOME
Coherence Home: COHERENCE_HOME
Oracle Home for IDAM: IDAM ORACLE_HOME
Oracle Home for common: COMMON ORACLE_HOME
Oracle Home for SOA: SOA ORACLE_HOME
Domain Home: DOMAIN_HOME

why SOA is required in IDAM?
SOA Suite is required only if you are using Oracle Identity Manager. OIM uses Service Oriented Architecture (SOA) to process workflows related to approvals of various OIM requests


Why does EBS require OID with OAM?
Oracle Access Manager itself doesn't require Oracle Internet Directory.  However, Oracle Internet Directory is a mandatory requirement when Oracle Access Manager is integrated with the E-Business Suite.
Why?  The short answer is that the E-Business Suite has hardcoded dependencies on Oracle Internet Directory for this configuration. These dependencies mean that you cannot replace Oracle Internet Directory with any third-party LDAP directory for this particular configuration.


Weblogic

WebLogic Server is a J2EE application server on which both Oracle Identity Manager (OIM) and Oracle Access Manager (OAM) are deployed.

-WebLogic Server Domain: WebLogic server domain is logical grouping of resources and services. It contains Admin Server, Managed server, JDBC data Sources, Java Messaging Server, and coherence.

-WebLogic Administration (Admin) Server: Administration server is a WebLogic server that maintains configuration data for a domain. There is always one and only one administration server in a Weblogic domain.

-WebLogic Managed Server: Any WebLogic server other than the Admin server is called a Managed server. When you configure both OAM and OIM in same domain, domain creation creates three Managed servers one for OAM (oam_server1); the second for OIM (oim_server1); and the third for SOA (soa_server1).

Note:

These are default names used by the doamin configuration.

-7001 is WebLogic's default Admin server port which the installer will assign during domain configuration. If 7001 is in use by another process during domain configuration then the installer will use the next available port, that is 7002.

-If you are not sure about the port used by Weblogic server's (Admin and Managed servers) (OAM, OIM and SOA), you can verify it from the configuration file $DOMAIN_HOME/config/config.xml.

-It is recommended that you create the file boot.properties under $DOMAIN_HOME/servers/<server_name>/security/ so that you don't have to provide username and password manually. This file should contain two lines:

USERNAME=<weblogic_user_name>
PASSWORD=<weblogic_user_password>

-WebLogic server will automatically encrypt the boot.properties file during next start-up.

-WebLogic configuration is stored in the XML file $DOMAIN_HOME/config/config.xml and contains information such as Admin/Managed server hostname, port, and name of managed server. Check this file to find the information required to start/stop IDAM components.

-Boot identity file (boot.properties) is a text file that contains user credentials for starting and stopping an instance of WebLogic server. For more information on Boot Identity File: http://download.oracle.com/docs/cd/E12839_01/web.1111/e13708/overview.htm#START128.

-Each WebLogic server instance runs in its own JVM. If you are unable to shut down a server instance using the methods described in the previous sections, you can use an operating system command to kill the JVM.

Note:
Killing a java process will do a forceful shutdown of WebLogic server instance.

-There is no script to stop the node manager. If you want to stop the node manager use kill -9 <PID>

- Start/Stop Overview
- OAM/OIM Start
- OAM/OIM Stop
- Start/StopLogs

OIM/OAM: Start

-Start OID/OIM/OAM Database & Listener
lsnrctl start
sqlplus “/as sysdba”
startup;

-Start OID(System) Component
:*Only if Integrated with OIM/OAM
opmnctl startall

-Start Java Component

==>Start Admin Server:
$DOMAIN_HOME/bin/startWebLogic.sh
==>Start OAM Managed Server:
$DOMAIN_HOME/bin/startManagedWebLogic.sh oam_server1
==>Start SOA Managed Server:
$DOMAIN_HOME/bin/startManagedWebLogic.sh soa_server1
==>Start OIM Managed Server:
$DOMAIN_HOME/bin/startManagedWebLogic.sh oim_server1


OIM/OAM: Stop

Stop Java Component

==>Stop SOA Managed Server:
$DOMAIN_HOME/bin/stopManagedWebLogic.sh soa_server1
==>Stop OIM Managed Server:
$DOMAIN_HOME/bin/stopManagedWebLogic.sh oim_server1
==>Stop OAM Managed Server:
$DOMAIN_HOME/bin/stopManagedWebLogic.sh oam_server1
==>Stop Admin Server:
$DOMAIN_HOME/bin/stopWebLogic.sh

Stop System Component:*Only if Integrated with OIM/OAM
opmnctl stopall

Stop OIM/OAM Database & Listener

sqlplus “/as sysdba”
shutdown immediate;
lsnrctl stop


OIM/OAM: Start/Stop Logs

Admin Server
$DOMAIN_HOME/servers/<server_name>/logs/
OIM/OAM/SOA Server
$DOMAIN_HOME/servers/<server_name>/logs/
OID:OPMN
$ORACLE_INSTANCE/diagnosVcs/logs/OPMN/opmn/
OID:LDAP
$ORACLE_INSTANCE/diagnosVcs/logs/OID/[oid1]/
OID:ODSM/DIP
$DOMAIN_HOME/servers/<server_name>/logs/

Installation:

-Oracle Linux 5.7 Virtual Machine
-Java Development Kit 1.7
-Oracle Database 11.2.0.4
-Oracle Weblogic Server 10.3.6
-Oracle SOA Suite 11.1.1.9
-Oracle Identity & Access Management 11.1.2.3
-Repository Creation Utility 11.1.1.9
-Oracle Unified Directory (This is optional and required only if you want to integrate OAM & OIM with LDAP. You can use any LDAP of your choice)

Reposity Creation Utility (11.1.1.9):
Note: 11.1.1.9 RCU is used to create schema in 11.1.2.3 IDAM) by running
pre-requisite:
-Database and listener should be up and running while configuring RCU.
-We need to set two parameters:
alter system set open_cursors=800 scope=spfile;
alter system set processes=800 scope=spfile;

During the installtion RCU will ask database connection details like:
-Database type
-Hostname
-Port number
-Service name/SID
-Username
-Password

which components you have selecte while installing RCU?
After creating a new prefix (bydefault DEV), we have to choose below components.
-Oracle Identity Manager
-Oracle Access Manager
-Oracle Mobile Security Manager
Below schema will be selected automatically
-Metadata Services
-Audit Services
-Oracle Platform Security Services
-Business Intelligence Platform
-SOA Infrastructure
-User Messaging Service

Note:
The default and temporary tablespaces are created for all the compoenents.



No comments:

Post a Comment