Part IV – Install IDAM 11.1.1.3 : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN

This is part IV of step by step installation of Oracle Identity Management (OAM, OIM, OAAM, OAPM & OIN) which covers Identity and Access Management 11.1.1.3.0 .

  • For Part I Download Software and create Schema click here 
  • For Part II Install WebLogic Server 10.3.3  click here
  • For Part III Install SOA Server and Upgrade to 11.1.1.3 click here

IDAM – IDentity & Access Management

.

Key points for OIM 11.1.1.3 installation

  1. IDAM 11.1.1.3 is installed using runInstaller (on Linux/Unix) from IDAM software and would need JRE (Java Runtime Environment) Location which you can enter using option -jreLoc as shown in picture 1 below
  2. For JRE location on 32 bit machines use JDK or JRockit(under MW_HOME)  and for 64 bit Machine use pre-install 64 bit JDK location (Sun or JRockit)
  3. For any installation issues check logs at oraInventory/logs where location of oraInventory directory mentioned in oraInst.loc. For location of oraInst.loc click here, more information on oraInventory in Oracle here

.

.

  • When prompted for Middleware Home, Enter directory which you created during WebLogic Installation in Part II of this series here

.

.

After IDAM installation you should see three ORACLE_HOMEs under MW_HOME

  • oracle_common – This Oracle_Home contains Java Required Files ()
  • Oracle_SOA1 – This Oracle_Home contains SOA related Files
  • Oracle_IDM1– This Oracle_Home contains IDAM (oam, oim, oaam, oapm & oin) related Files

.

.

  • Under IDAM Oracle_Home you will see binaries/software for IDAM components like OAAM, OIN

.

 .

OracleIdM 11g R1 PS2 : Step by Installation of OAM, OIM, OAAM, OAPM, OIN (11.1.1.3.0) – Part V : Configure WebLogic Domain for OAM, OIM, OAAM & OIN

About the Author Masroof Ahmad

Leave a Comment:

19 comments
suresh says August 12, 2010

Hi Atul,

I installed Oracle Identity Manager 11g(11.1.1.3) with weblogic server(10.3.3) and database11g(11.2.0.1) successfully with out any errors or warnings.

I am able to run the OIM Server and I can find the security questions for UserName: xelsysadm, but I am unable to move further due to following exception

#### SessionContainer:valueUnbound: Session timed out Event name is: Xellerate.Session
<Class/Method: tcLogonAction/execute encounter some problem
s: {1}
Thor.API.Exceptions.tcColumnNotFoundException
at Thor.API.tcMetaDataSet.getBooleanValue(tcMetaDataSet.java:661)
at com.thortech.xl.webclient.actions.tcLogonAction.login(tcLogonAction.java:163)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:269)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(tcLookupDispatchAction.java:133)
at com.thortech.xl.webclient.actions.tcActionBase.execute(tcActionBase.java:894)
at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58)
at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67)
at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:305)
at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:191)
at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:526)
at weblogic.servlet.internal.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:253)
at jsp_servlet.__tjspindex._jspService(__tjspindex.java:157)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.ServletStubImpl.onAddToMapException(ServletStubImpl.java:416)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:326)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at com.thortech.xl.webclient.security.CSRFFilter.doFilter(CSRFFilter.java:61)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:115)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:100)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:330)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.doIt(WebAppServletContext.java:3684)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3650)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2268)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2174)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1446)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

Can’t load ESAPI properties from classpath, trying FileIO
The LOG-LEVEL property in the ESAPI properties file is not defined.

Eventhough I am able to Login to Design console with UserName: xelsysadm.

Could you please suggest me how to solve this issue.

Thanks
Suresh

Reply
Satish says August 20, 2010

Hi Suresh,

Even I was facing the same problem till yesterday but now you I can able to login to OIM 11g web console
The problem was with OIM11g URL
The old OIM 9.1 url which is http://:/xlWebApp still works only till you enter the challenge questionnaire but once you enter the answers and hit on submit it just goes blank..

Some how I have found the new url for OIM 11g which is
http://:/oim/faces/pages/Admin.jspx

This is working fine for me

Note – to get the complete functionalities of OIM such as tasks and other approval related stuffs you need to start the SOA server as well
Fyi – you need to start 1) weblogic domain server 2) OIM Node manager 3) SOA node manager

Hope it helps you

Thanks
Satish

Reply
Krishna says December 10, 2010

Hi Atul,

I worked as a DBA for a While and by curiosity Joined as Infrastructure/Middleware eng. Now I am implementing IDM suite by following Oracle’s EDG. Some how I am unable to validate OIM Verification by typing url http://oimhost1:port/oim/self it throws me 404 error!. can you please shed some light on this issue.

Reply
Atul Kumar says December 11, 2010

@ Krishna,
Did you configure OIM as mentioned in part VI of this series ?

Did you start OIM managed server ?

If yes then
Check OIM managed server log file on weblogic under $DOMAIN_HOME/servers/[oim_server1]/logs

Reply
Ramasamy says August 2, 2011

Atul,

We are running on AIX 6.1 64 bit machine, but installed 32-bit JDK.

For installing OAM, OID, OHS, WLS 11gR1, can we use the default 32-bit JDK/JRE (installed on the machine) or do we have to use only 64-bit jdk/jre?

Thanks
Ramasamy

Reply
Atul Kumar says August 2, 2011

@ Ramasamy,
Any reason for not installing 64 bit JDK ? Its not late yet so my recommendation would be to configure using 64 bit JDK.

From JDK point of view you could install 32 bit JDK on 64 bit OS but with some Oracle Fusion Middleware Products you can’t use 32 bit software on 64 bit machine (if OAM, OID, OHS falls under that I am not sure)

In my opinion , go for 64 bit JDK

Reply
Ramasamy says August 3, 2011

Atul,

For integrating Oracle EBS R12 with OAM 11gR1 for SSO (using AccessGate 1.1), I have installed the following:
1. Repository DB 11.2.0.2
2. Ran RCU 11.1.1.4
3. Installed WLS 10.3.3
4. Installed OID 11.1.1.2 – OH=Oracle_IDM1 under FMWHOME
5. Installed OID PS2 (11.1.1.3)
6. Installed OAM 11.1.1.3 using IMAM Suite – OH=Oracle_OAM1 under FMWHOME

Is it correct that I have to install OAM in a separate OH or use the OID OH? When I use the separate OH for OAM, I am having by running the opatch command in OAM OH?

Thanks
Ramasamy

Reply
Ramasamy says August 3, 2011

Atul,

Also, I noticed that in OAM OH, lot of directories are missing such as lib, jlib, rdms, etc.

I installed OID 11.1.1.2 using IM media and OAM using IMAM Suite media…

Thanks for your help.

– Ramasamy

Reply
Atul Kumar says August 4, 2011

@ Ramasamy

Q: I noticed that in OAM OH, lot of directories are missing such as lib, jlib, rdms, etc.

A: Yes these may not be required. OIM and OID are two different software and hence different file and hence required to be installed in different Oracle Homes (OH)

Reply
Atul Kumar says August 4, 2011

@ Ramasamy,

Q: Is it correct that I have to install OAM in a separate OH or use the OID OH? When I use the separate OH for OAM, I am having by running the opatch command in OAM OH?

A: Yes, OAM and OID must be installed in different Oracle Homes (OH). opatch can be run from any directory as long as opatch version is corrent but when you apply patch for OAM component then set ORACLE_HOME to OAM OH and if you are patching OID component then set ORACLE_HOME to OID OH

Reply
Viraf says October 14, 2011

HI Atul,

Thank you for your excellent step by step installation guide.

I installed OIM11g r5 on Linux and started all the “oim_server1” server and the ./startManagedWebLogic.sh “soa_server1” “http://idmlab.com:7001″. However when I click on the TASK under Self Service to view the pending approvals. I am getting the following error message:

An error occurred while searching tasks from the SOA Server.

When I configured the schema using RCU I selected SOA Infrastructure, BAM and User Messaging Service.
I configured the setSOADomainEnv.sh file and increased the below parameters as follows:

DEFAULT_MEM_ARGS=”-Xms1024m -Xmx2048m”
PORT_MEM_ARGS=”-Xms1536m -Xmx3072m”

increased the ulimit in linux

and updated the jdbc connection pool in weblogic admin console.

I restarted all the servers several times but not sure why I am still getting the above error message. Please let me know if I am missing anything or why I am unable to view pending approvals in OIM.

For weblogic user in OIM I gave same permissions as xelsysadm. My oim_server1 logs showing the following errors I gave same permissions
——-
[2011-10-14T16:30:43.879-04:00] [oim_server1] [NOTIFICATION] [] [oracle.jps.policymgmt] [tid: Thread-101] [userId: oiminternal] [ecid: 0000JC35UPGBT8WzLwrI8A1Ea5U5000001,1:18983] [APP: oim#11.1.1.3.0] Ignore PDP “OIMMicroSM_idmlab.com_file__home_oracle_Oracle_Middleware_Oracle_IDM1_modules_oracle_oes_11_1_1” in this distribution because no policies need to be distributed to it.
[2011-10-14T16:32:21.155-04:00] [oim_server1] [NOTIFICATION] [IAM-0060016] [oracle.iam.platform.auth.impl] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 4f9b09c8e6b106ab:34db70c3:1330315e0de:-8000-00000000000003d9,0] [APP: oim#11.1.1.3.0] The IP address from which browser is triggered is 192.168.112.1
[2011-10-14T16:32:21.157-04:00] [oim_server1] [ERROR] [] [] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 4f9b09c8e6b106ab:34db70c3:1330315e0de:-8000-00000000000003d9,0] [APP: oim#11.1.1.3.0] Failed to communicate with any of configured Access Server, ensure that it is up and running.
[2011-10-14T16:32:21.193-04:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.consoles.faces.mvc.canonic] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 4f9b09c8e6b106ab:34db70c3:1330315e0de:-8000-00000000000003d9,0] [APP: oim#11.1.1.3.0] Canonic Model – selectSecondaryNavigation – source = oracle.iam.consoles.faces.navigation.canonic.SubNavigationPanel@5d83ca9e
[2011-10-14T16:32:21.193-04:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.consoles.faces.mvc.canonic] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 4f9b09c8e6b106ab:34db70c3:1330315e0de:-8000-00000000000003d9,0] [APP: oim#11.1.1.3.0] Canonic Model – selectSecondaryNavigation – subPanel Id = APPROVALS_FORM
[2011-10-14T16:32:21.193-04:00] [oim_server1] [NOTIFICATION] [] [oracle.iam.consoles.faces.mvc.canonic] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 4f9b09c8e6b106ab:34db70c3:1330315e0de:-8000-00000000000003d9,0] [APP: oim#11.1.1.3.0] Canonic Model – selectSecondaryNavigation – Panel [APPROVALS_FORM] not yet prepared. Preparing now …
[2011-10-14T16:32:21.326-04:00] [oim_server1] [ERROR] [IAM-2060012] [oracle.iam.tasklist.agentry.task] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 4f9b09c8e6b106ab:34db70c3:1330315e0de:-8000-00000000000003d9,0] [APP: oim#11.1.1.3.0] Error occurred while connecting to BPEL
[2011-10-14T16:32:21.326-04:00] [oim_server1] [ERROR] [] [oracle.iam.tasklist.agentry.task] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 4f9b09c8e6b106ab:34db70c3:1330315e0de:-8000-00000000000003d9,0] [APP: oim#11.1.1.3.0] Insufficient privileges to authenticate on behalf of another user.[[
User weblogic cannot authenticate on behalf of user xelsysadm without admin privileges.
Only users with admin privileges can authenticate on behalf of another user.

]]
[2011-10-14T16:32:21.327-04:00] [oim_server1] [WARNING] [] [oracle.iam.consoles.faces.mvc.common] [tid: [ACTIVE].ExecuteThread: ‘0’ for queue: ‘weblogic.kernel.Default (self-tuning)’] [userId: xelsysadm] [ecid: 4f9b09c8e6b106ab:34db70c3:1330315e0de:-8000-00000000000003d9,0] [APP: oim#11.1.1.3.0] oracle.iam.platform.canonic.base.NoteException: An error occurred while searching tasks from the SOA Server.
[2011-10-14T16:32:49.516-04:00] [oim_server1] [NOTIFICATION] [IAM-1020004] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-2] [userId: oiminternal] [ecid: 0000JC35UPGBT8WzLwrI8A1Ea5U5000001,1:18944] [APP: oim#11.1.1.3.0] Job Listener, Job to be executed Description null FullName DEFAULT.Issue Audit Messages Task Name Issue Audit Messages Task
[2011-10-14T16:32:49.519-04:00] [oim_server1] [NOTIFICATION] [IAM-1020014] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-2] [userId: oiminternal] [ecid: 0000JC35UPGBT8WzLwrI8A1Ea5U5000001,1:18944] [APP: oim#11.1.1.3.0] Method details Method details: executeJob
[2011-10-14T16:32:49.519-04:00] [oim_server1] [NOTIFICATION] [IAM-1020014] [oracle.iam.scheduler.vo] [tid: OIMQuartzScheduler_Worker-2] [userId: oiminternal] [ecid: 0000JC35UPGBT8WzLwrI8A1Ea5U5000001,1:18944] [APP: oim#11.1.1.3.0] Method details executeJob Issue Audit Messages Task
[2011-10-14T16:32:49.573-04:00] [oim_server1] [NOTIFICATION] [IAM-1020005] [oracle.iam.scheduler.impl.quartz] [tid: OIMQuartzScheduler_Worker-2] [userId: oiminternal] [ecid: 0000JC35UPGBT8WzLwrI8A1Ea5U5000001,1:18944] [APP: oim#11.1.1.3.0] Job Listener, Job was executed QuartzJobListener.jobWasExecuted Description null FullName DEFAULT.Issue Audit Messages Task Name Issue Audit Messages Task
————-

——–
soa_server1 logs shows:

#### <>
####
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>

Please advise.

Reply
Viraf says October 14, 2011

SOA Server Logs
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
####
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
####
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
#### <>
####
#### <>
####

Reply
Viraf says October 14, 2011

Oct 14, 2011 3:35:37 PM EDT> <>
Oct 14, 2011 3:35:39 PM EDT> <>
Oct 14, 2011 3:35:39 PM EDT> <>
Oct 14, 2011 3:35:39 PM EDT> <>

Reply
Viraf says October 27, 2011

In windows environment this is working but I have to start the soa_server1 as an administrator (not with any other user). In linux I don’t know why this is not working.

Reply
Atul Kumar says October 31, 2011

@ Viraf,
Do you mean SOA server is not working on Linux ?

How did you start SOA server on linux ? Did it start successfully ?

Check logs under $DOMAIN_HOME/servers/soa_server1/logs

Reply
Viraf says October 31, 2011

Atul, thank you for your reply.

I am starting soa server from the base_domain/bin directory.

./startManagedWebLogic.sh soa_server1 http://mydomain.com:7001

Please see the logs above. I am unable to post the soa logs here.

After the soa_server status shows in the running mode. Sometimes the soa-Inra is coming up and resource adapters like SOA DefaultToDoTaskFlow, SOA composer tasks adapters are not coming up. Now the resource adapters are coming but not the soa-infra.
Don’t know whats going on right now.

Thanks,
Viraf

Reply
Atul Kumar says November 3, 2011

@ Viraf,
Check log files under $DOMAIN_HOME/servers/soa_server1/logs to find root cause of issue

Reply
Add Your Reply