In Today’s post I am going to cover Identity Management related configuration used during Fusion Application Installation.
Contact Us If you are looking for Identity & Access Management or Fusion Applications Installation, Implementation or Training.
1. Pre-requisite for Fusion Applications is to install, configure and integrate OID/OIM/OAM. When you integrate OIM/OAM using idmConfigTool, this tool creates properties file called idmDomainConfig.param
2. During Fusion Application Provisioning, you can use idmDomainConfig.param which will populate most Identity & Access Management screens automatically during Fusion Applications Installation.
3. For Identity Management Configuration screen (during Fusion Applications installation), enter following :
a) Super User Name: weblogic_fa (This is the user created during idmConfigTool.sh -preConfigIDStore more on idmConfigTool here ) : Make sure that you can see this user in both OID (via ODSM ) and OIM (manage user screen in OIM Administration Console). If User is missing in OIM then run Recon Jobs to bring users from OID to OIM (LDAP User Create and Update Full Reconciliation)
Note: During FA provisioning this user will be granted Administrator and Functional Setup privileges. You should use this user to login to Fusion Apps after installation.
- weblogic_fa user in OID (via ODSM ) :
- weblogic_fa user in OIM (via OIM Administration console):
b) If you have already created groups in OID related to Administrator, Monitors, Operators role then you can uncheck box next to them. If these groups are not created in OID then select checkbox for Enable Seeding of Security Data, Create Administrators Group, Create Monitors Group, Create Operators Group
c) OID by default listens on SSL (3131) and non-SSL (3060) port for any LDAP request. If you want to Fusion Apps to connect to OID on LDAPS (SSL) then select checkbox Identity Store Enabled SSL (else do not select this checkbox). I used connection to be non-ssl (LDAP)
d) Identity Store Server Type : Select from OVD or OID as Identity Store. OVD is optional (use OVD if you have multiple Identity Stores), I used OID (no OVD) as Identity Store. For OVD use case and how to configure OVD for split profile is covered in Oracle Fusion Applications A-Team blog .
e) Identity Store User DN : cn=IDRWUser, cn=User, dc=com
Note: Change dc=com to your OID Realm (set during OID configuration). To verify your OID realm, login to ODSM and search for user IDRWUser
f) Identity Store Password : Provide password set during this user creation.
g) Identity Store Read-On User DN : cn=IDROUser, cn=User, dc=com
Note: Change dc=com to your OID Realm (set during OID configuration). To verify your OID realm, login to ODSM and search for user IDROUser
h) Identity Store Read-Only Password : Provide password set during this user creation.
Above two users (IDROUser & IDRWUser) are created during idmConfigTool.sh -preConfigIDStore more on idmConfigTool here
- IDRWUser & IDROUser in OID (via ODSM )
- IDRWUser & IDROUser in OIM
For more on parameters in Identity Management screen during Oracle Fusion Applications installation, stay tuned !!
Related Posts for Fusion Apps
- Oracle Fusion Applications Overview
- Oracle Fusion Application for Apps DBAs – Concepts
- Install Oracle Fusion Applications in 10 Steps
- Oracle Fusion Applications : Provisioning Framework Overview
- Oracle Fusion Applications : Provisioning Framework Installation
- Provision Transaction Database for Oracle Fusion Applications
- Create Fusion Applications Schema using RCU : fusion & otbi
- Fusion Application 11.1.1.5.1 is now available
- Fusion Apps Installation : Database Provisioning Failed during listener start
- Fusion Applications : 128 GB memory and 500 GB Disk space : Are you ready
- Fusion Applications 11.1.1.5.1 Part I – Install Identity and Access Management (OID/OAM/OIM) 11g
- Fusion Applications 11.1.1.5.1 Installation Part II – Configure Oracle Internet Directory
- Fusion Applications 11.1.1.5.1 Installation Part III – Configure Policy and Identity Store
- Fusion Applications 11.1.1.5.1 Installation Part IV – Extend WebLogic Domain to include OIM/OAM and configure OIM
- Fusion Applications 11.1.1.5.1 Installation Part V – Integrate OIM with OAM
- Oracle Fusion Application 11.1.3 is now available
- Oracle Fusion Applications 11.1.3 Installation Experience
- FA Installation Error : runProvisioning-preverify FAPROV-00298 make sure password FUSION_RUNTIME schema password is valid
- FA Installation Error 2 – List of failed Validation in OIM OAM_Validation: Cannot perform OAM Validation as null
- Identity & Access Management configuration for Oracle Fusion Applications – Part I
- Oracle FA Installation Error 3: private-preverify-free-space The file system only has 190113 MB, but 204800 MB is needed
- Oracle Fusion Applications (FA) 11g R1 PS3 (11.1.4) is now available
Oracle WebLogic Administrator [USD 399]- 03rd Dec, 2011
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth every penny 
3 users commented in " Identity & Access Management configuration for Oracle Fusion Applications – Part I "
Follow-up comment rss or Leave a Trackbackafter installing the OracleXE,weblogic10.3.4,ruc 11.1.1.4 and soa 11.1.1.4
then after we are creating the domain at that time we getting some problem
system can’t find the path specified
Pls do brief us on GUID reconciliation and OIM reconciliation? Is both are same?
@ Saravanan,
What do you mean by GUID reconciliation and OIM reconciliation ? Are you talking about scheduled jobs in OIM or soemthing else ? Where do you see these two ?
Leave A Reply