Flow of installations/pre-reqs for Oracle Access Manager with Middleware 11g.

Hello All,

This post will bring the flow of installs or configurations etc., that you do to install Oracle Access Manager 10.1.4.3 using Middleware 11g. I hope this will be a good start for Oracle IDM beginners.

For any kind of installation or configuration you do, I would suggest to check in the Certification Matrix as this will give a list of all types of system environments and install versions available and supported by Oracle. If you fail to do so, then Oracle will not provide Support in case of any issues that you come across in your environment that are NOT listed in the Matrix.

I am assuming that you are using OID for OAM as user store.

The flow to follow are:

  1. Install Oracle Database, 11.1.0.7 or 11.1.0.8. I would suggest 11.1.0.8 as there are some bugs identified with OID Schema creation in DB 11.1.0.7. This is to note that 11.1.0.8 is available as Patch to 11.1.0.7.
  2. Install WebLogic Server. This is needed for EM Console or Oracle Identity Federation which is deployed as Managed Server in this WLS.
  3. Create OID Schema using Repository Creation Utility using RCU installer. This installer will create a schema, with tables assigned to specific Owners of OID schema. You would not need to remember the schema name.
  4. Install the OID or OVD or OIF using Oracle Identity Management installer. All or any of the components OID or OVD or OIF can be installed at a time. When you select OID or OVD, a component called ODM is selected by default and this is Directory Services Manager console. There is no DAS (Directory Application Service ) console available in 11g.
  5. Install the OHS using WebTier Utilities. This is required for installing WebPass and Policy Manager on OHS. If you are using non-OHS server, this install is not required. Note: If you want to have OHS to act as reverse proxy etc., then you will need to install. Just incase you already have OHS installed using WebTier Utilities, and you need to create one more OHS instance, you can do this by running the command at WebTier_Home/instances/instance1/opmn/bin
  6. opmnctl createcomponent -componentType OHS -componentName ohs2
  7. While installing the OHS, you can select the option of monitoring the OHS instance using EM Console. If so, you need to give the WLS instance details like port, host name of WLS etc.,
  8. Install the Oracle Access Manager components Identity Server, WebPass. Configure the Identity Manager consoler.
  9. Install the Policy manager and configure the Access Management console. Install the Access Server. This completes the basic needs for working on OAM.
  10. If you want to protect applications deployed on Application Servers, then install a WebGate provided there is OOTB install availble in Oracle Downloads.

The significant consoles available with this installation are:

  • WebLogic Server Console
  • Manager Server console for ODSM and OIF
  • EM Console for monitoring the activities of OID, OVD, OIF and OHS.
  • Oracle Access Manager consoles.

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

15 comments
Atul Kumar says June 7, 2010

Hi Mahendra,
Thanks for nice post. I hope step 1,2,3,4 are required only if I am installing OAM with OID 11g.

For OAM with OID 10g – We would need just OID 10g

For OAM with other LDAP servers like AD, Sun Directory server We don’t need any OID related stuff (step1-4)

Please confirm

Reply
Mahendra says June 7, 2010

Hi Atul,

Yes, that’s why I mentioned the OAM installation flow with Middleware 11g :).

Reply
FatCatMatt says June 7, 2010

Thanks interesting article. I am currently deploying OIM with 11g Middleware, 11gR2 database, OAM and Active Directory. What I can say is it is a very complex and intensive exercise to install and configure as the OAM components required are long. If anyone has done this before I would appreciate a post with more information. Oracle does have a OBE but that is for Windows and we are deploying on Linux. Cheers Matt.

Reply
Atul Kumar says June 7, 2010

@ Mahendra,
Yes you are right, For some reason I find it difficult to put OID(Directory Server) in to middleware but I’ll have to digest that for Oracle “anything which is not apps and database is middleware”.

Fat,
I know OAM and OIM is difficult for first time but trust me once you do it, you will find it very simple.

OAM : Install LDAP (OID 11g in your case) and then install OAM
More information here http://onlineappsdba.com/index.php/2010/05/03/install-oracle-access-manager-oam-10143-identity-server-webpass-policy-manager-access-server-webgate/

OID 11g : Install Database, WebLogic Server and OID
More information here http://onlineappsdba.com/index.php/2009/08/21/installing-oracle-fusion-middleware-fmw-11g-identity-management-components-oid-dip-ovd-oif/

OIM :
1. Install Database (Oracle I suppose in your case)
2. Install application server (WebLogic I suppose in your case – I don’t think 10.3.X weblogic is certified so you may have to go with 9.X – or 10.1.3 – check certification matrix for OIM)

More on WebLogic Installation : http://onlineappsdba.com/index.php/2008/07/22/oracle-weblogic-installation-steps/

3. Install Identity Manager
More information here
http://onlineappsdba.com/index.php/2007/05/04/installing-oracle-identity-manager-thor-xellerate/

If you hit any issues or in case of doubt feel free to leave your doubt and I am sure Mahendra or someone from our team will answer that

Just to give to heads up : Identity related component of OAM will be moving to Identity Manager in 11g .

OAM is still 10.1.4.3 (called as OAM 11g)
OIM is still 9.1.X (called as OIM 10g not 100% sure)

Reply
Mahendra says June 7, 2010

Hi Matt,

You can use WebLogic 10.3.0 for OIM install.
If you are using Active Directory as user store, then you can refer Atul’s post here (http://onlineappsdba.com/index.php/2010/05/17/oam-10143-installation-part-ii-indentity-server-installation/) to install OAM with AD.

Atul,
If I am not wrong, OAM 10.1.4.3 is not OAM 11g and we are all waiting for it. It is still considered to be 10g version as the entire architecture and its ground level implementation will change in 11g.

Reply
MohanKumar says May 16, 2011

Hi…
I have already installed OIM 10g now i want upgrade my OIM 10g data base tables to OIM 11g…so can you please provide the steps how to migrate OIM 10g database to OIM 11g data base

Reply
Atul Kumar says May 17, 2011

@ MohanKumar,
As mentioned in my previous comment, there is no upgrade path yet to upgrade from OIM 10g to OIM 11g (OIM – Oracle Identity Manager)

Reply
Mohankumar says May 18, 2011

Hi..

Can you send me any doccument for installing OIM 11g in high avaliablity mode

Reply
Mohankumar says May 19, 2011

@ Atul Kumar
thank you yopur documment is help ful to me….

can check the steps in the below document and pls do necessary corrections

thank you http://download.oracle.com/docs/cd/E14571_01/core.1111/e10106/imha.htm#CHDCJBFF

Reply
ragu2k8 says July 24, 2012

Hi Atul,

Please find the attached errors that I am getting while installing oracle access manager middleware . The manged server came to running mode after very long time with errors shown in screenshots attached.

I will highly appreciate your if you could help me with this.

https://picasaweb.google.com/107742630291389085108/July242012

Regards,
Ragu

Reply
Prenan says April 17, 2013

Hi Atul/Mahendra,

We are planning to install OAM and integrate with EBS R12 which will be sync with AD.

DO i need to install OID too as a part of this?? You mentioned that no need for OID if it is sync with AD.

Moreover, not able to find RCU Installer for Solaris,Hp Unix.

Reply
    Atul Kumar says April 18, 2013

    @ Prenan,

    Q1: DO i need to install OID too as a part of this?
    A1: Yes, OID is mandatory for EBS integration with AD/OAM

    Q2: You mentioned that no need for OID if it is sync with AD.
    A2: Did I say this for EBS integration with OAM ? If yes please share link (this is not correct) ?

    Q3: Moreover, not able to find RCU Installer for Solaris,Hp Unix.
    A3: RCU is for Windows and Linux only, Use windows or linux machine to Load RCU (to create schemas) in database hosted on Soalris or HP-Ux (You need database port to be opened across firewall between Linux/Windows machine hosting RCU and database machine)

    Reply
Prenan says April 18, 2013

Atul,

Thanks for your response.

1. What all other applications can be integrated with OAM other than EBS??

2. Can we use OAM as a web portal(like Single sign on portal) to host all applications(both oracle and non-oracle).

3. heard that OAM cant be used as a portal. If not, any oracle product which suits our requirement???

Reply
Mahendra says April 19, 2013

Prenan,

1. What all other applications can be integrated with OAM other than EBS??
Mahendra: Check the OAM integration guide for supported integrations.

2. Can we use OAM as a web portal(like Single sign on portal) to host all applications(both oracle and non-oracle).
Mahendra: No.

3. heard that OAM cant be used as a portal. If not, any oracle product which suits our requirement???
Mahendra: Oracle Web Center Suite.

Reply
Add Your Reply