Part V : Create Domain : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN

Hi for all

Please, what´s the difference between [Identity Management (11.1.1.2.0) + Identity Management (11.1.1.3.0)] and [Oracle Identity and Access Management (11.1.1.3.0)]?

In your example you suggest the used of IDAM, .. Why that?

Best regards,

@ Chrisz,
Oracle IdM – Identity Management
Oracle IDAM – Identity & Access Management

These two terms are used interchangebly by users and with in Oracle Team itself.

What is Oracle IdM or IDAM Suite ?
From technical point of view this is collection of various identity & access management products like OID, OIM, OAM, OVD, OIF …check full list http://onlineappsdba.com/index.php/2010/06/01/oracle-identity-management-products-oid-ovd-oam-oim-orm-owsm-oif-esso-oes-oaam/

Oracle Initially realease 11.1.1.2.0 with just OID, OVD, OIF, ODIP

It has now released 11.1.1.3.0 (identity management) which covers patchset 2 for OID, OIF, OVD, ODIP.

With 11.1.1.3.0 they also released product like OIM (earlier it was on 9.1.0.2.X), OAM (earlier 10.1.4.3) similarly OAAM.

OIN (Oracle Identity Navigator) is brand new product launched in 11.1.1.3 .

Hope this helps.

When you last part for this post will come. Please include how to protect webapplication under weblogic by applying authentication policies.
Regards,
Rehan Farooq

@ Rehan.
Sure I’ll post as soon as I find some time.

Hi Atul,

Thanks for installation steps. It was really helpful and I did successfully setup OIM on Windows Server.

Now I am trying to setup the same in Vista and while creating weblogic domain I get the below error

CFGFWK-64060.
Detail error messages are as follow:
CFGFWK-64060: The template you selected cannot be applied because the following dependencies have not been satisfied.
OR for Oracle soa suite: 11.1.1.0
D:\weblogic1033\Middleware\Oracle_SOA\common\templates\ applications\oracle.soa_template_11.1.1.jar Multiple dependency matches: Oracle SOA Managment Extension 11.1.1.0

D:\weblogic1033\Middleware\jdeveloper\common\templates\ applications\oracle.soa.mgmt_template_11.1.1.jar Multiple dependency matches: Oracle SOA Managment Extension 11.1.1.0

D:\weblogic1033\Middleware\oracle_common\common\templates\ applications\oracle.soa.mgmt_template_11.1.1.jar

Do you have any ideA?

THanks
INIYA

@ Iniya,
This could be because of higher security in windows vista/windows 7

Check file permission and owner of MW_HOME and subdirectory (reset permission of MW_HOME directory and subdirectory) .

If you are creating domain using command line config.cmd then start command promt in administrative mode and then try.

What is the Linux OS version you have used in your examples?
Did you have to patch OS before installation?
Did you have to patch oracle db before installation?

J

@ Jacob,
This is on Oracle Enterprise Linux 4 update 4 (all rpms’s selected during OS install).

Did you have to patch OS before installation?
No, changed few kernel settings limits.conf

hard nofile 4096
soft nofile 4096

Check this post
http://onlineappsdba.com/index.php/2009/08/21/installing-oracle-fusion-middleware-fmw-11g-identity-management-components-oid-dip-ovd-oif/

+ Changed kernel setting at required by database 11gr2

Did you have to patch oracle db before installation?
No, 11.2.0.1 and 11.1.0.7 are supported so I used 11.2.0.1 . Make sure you select database character set as AL32UTF8 (This is prereq for RCU)

Change session , processes and open_cursor pararameter of DB to atleast 500

Thanks Atul.

For time being , I disabled the UAC in Vista then it worked.

Thanks
INIYA

I am attempting to install Oracle Identity and Access Management Suite 11g on a Windows 7 machine…in following the installation guides I have installed the following Oracle Components

– Oracle Database 11.2.0.1.0
– Created Schemas using RCU 11.1.1.3.3
– Oracle WebLogic Server 10.3.3.0
– Oracle SOA 11.1.1.2.0
– Oracle SOA 11.1.1.3.0 (Patch Set)
– Oracle IAM SUITE 11.1.1.3.0

When attempting to create a new weblogic domain I was getting quite a few of the following error messages:

CFGFWK-64060: The template you selected can’t be applied because the following dependencies have not been satisfied:

Missing prerequisites:

DEP for Oracle Enterprise Manager:11.1.1.0 [C:\MyApps\Oracle\Middleware\oem\
common\templates\applications\oracle.emgc_emcore_template_11.1
.1.0.0.jar] (Oracle WebCenter EM:11.1.1.0)

DEP for Oracle IDM Common Template:11.1.1.0 [C:\MyApps\Oracle\Middle
ware\idm\common\templates\applications\oracle.idm.common_template_11
.1.1.jar] (Oracle WebCenter Composer Extension:11.1.1.0)

I have also installed Oracle Enterprise Manager (OEM 11.1.0.1.0), Oracle Application Server 11g WebCenter 11.1.1.2.0 and Patch Set 11.1.1.3.0, JDeveloper and ADF 11.1.1.3.0, and have not been able to get past the dependency errors.

I have been trying to understand what exactly I am missing here, any suggestions or assistance to understand how I can get past this dependency error would be appreciated. The Oracle Installation Guide only mentions dependencies on WebLogic, Database, SOA Suite, and JDK.

Thanks,
-Hooper

@ Hooper, Try disabling UAC (user access control) reboot machine and then try creating domain. If this is still an issue uodate.

Hi Atul,

Thank you for your response. Here is an update…

Ok so I have been able to move past my initial dependency errors.

The resolution, I disabled the UAC settings, uninstalled all Oracle components and cleaned out all the registry keys, and temp files and reinstalled all components in the same order as my previous installation, with a couple of changes…

First, I installed each component while running as the administrator.

Second, I after installing the SOA Core and Patch Set I installed the Oracle AS Common Top Level Component 11.1.1.2.0 using the Oracle Universal Installer.

Here is the order of my install:

Oracle DB 11g
Created Schemas using RCU 11.1.1.3.3
WebLogic 10.3.3
SOA Suite Core 11.1.1.2
SOA Suite Patchset 11.1.1.3
AS Common Top Level Component 11.1.1.2.0
IDM Suite 11.1.1.3.0
Created WebLogic Domain for OIM and SOA

Now when attempting to run config.bat under ..\Oracle\MW_HOME\idm\bin to launch the OIM Configuration Wizard I am encountering the following pop-up error message

[ERROR MESSAGE]
The Java Run Time Environment was not found at
C:\Users\#psj503\AppData\Local\Temp\OraInstall2010-09-09_04-38-46PM\jre\bin\javaw.exe.
Hence, the Oracle Universal Installer cannot be run. Please visit http://www.javasoft.com and install JRE version 1.3.1 or higher and try again.
[END ERROR]

I have crawled through multiple forums and have attempted a wide range of ideas to try to get past this error without any success…any additional suggestions would be great.

Here is a quick rundown of what I have attempted thus far…

(note the Admin Console for my WebLogic Domain was up and running during each test, and I am using JDK and JRE installation directories that do not have spaces in the PATH)

1.) I have disabled the User Account Control settings on my Windows 7 Machine

2.) I have attempted executing all commands as the Local Administrator

3.) I have attempted setting my JAVA_HOME environment variable to C:\MyApps\Java\jdk1.6.0_21\jre or C:\MyApps\Java\jdk1.6.0_21

4.) I have updated my PATH environment variable to include paths to my JDK and JRE installations

5.) I have created a JRE_HOME and JRE_LOCATION environment variable that points to a JRE installation

Interesting to note that I can get past the initial error message below by updating the JRE_LOCATION in the oraparam.ini file located at C:\MyApps\Oracle\MW_HOME\idm\oui to point to directly to a JRE Installation. For example, any of the following JRE_LOCATION settings in the oraparam.ini file will get me past the JRE Not Found Error…

JRE_LOCATION=C:\MyApps\Java\jre6 or
JRE_LOCATION=”C:\Program Files\Java\jdk1.6.0_21\jre” or
JRE_LOCATION=C:\MyApps\Oracle\MW_HOME\jdk160_18\jre

however, the command prompt windows simply close and nothing happens??? Even though I am using the GUI Option?

I appreciate your assistance and collaboration.

Thanks,
-HOOPER

According to CFGFWK-64060. I had lock on Oracle_ECM1 folder. After adding on Security tab of this folder properties all rights to “CREATOR OWNER” (I had to add this group to list) all problems disappeared.

[…] For Part V Create Domain for OIM, OAM, OAAM, OAPM & OIN here […]

Hi Atul,

I have succesfully installed Oracle IDM Suite 11g (OAM) 11.1.1.3.0.

Now I am trying to configure that with new weblogic domain. I am getting this error.

CFGFWK -64069: The following prerequisites were found to be missing: Oracle WebCenter Composer – 11.1.1.0

Please help.

Thanks,
Shiv

@Shiv,
From which location you are running config.sh ?

What components did you select (during domain creation screen) ?

@ Atul,

Thanks for the reply.

This is the location, from where I am running config.cmd MWHOME\Oracle_IDM2\common\bin\

I had selected this component.
Oracle Access Manager with Database Policy Store – 11.1.1.3.0 [Oracle_IDM2].

I need to configure only OAM for SSO.

Please help.

Thanks,
Shiv

Hi Atul,

I have installed the following:
– Install Oracle 11G R2 database
– Configured parameters in Oracle DB (open_cursors, processes, sessions)
– Installed WebLogic 10.3.3
– Executed RCU (I chose the AS Common Schema, Identity Management and SOA Infrastructure)
– Installed Oracle Identity Management 11.1.1.2 (OID, OVD, OIF, Oracle HTTP, ODSM)
– Patched it to 11.1.1.3
– Configured it to create a new Weblogic domain called IDMDomain
– Installed SOA 11.1.1.2
– Patched it to 11.1.1.3
– Installed Identity and Access Management 11.1.1.3

When I get to the Fusion Middleware configuration wizard (app\Middleware\Oracle_IDM2\common\bin\config.cmd) and try to create or extend a weblogic domain to support the following products:
– Oracle Identity Manager – 11.1.1.3.0
– Oracle Identity Navigator – 11.1.1.3.0
– etc.

Here is the error:
CFGFWK-64060 The template you selected can’t be applied because the following dependencies have not been satisfied

Forgot to mention I am installing all this on Windows 2003 SP2

Hi Atul,

I forgot to mention that I am installing this on Windows 2003 SP2

@sheetz,
List all the components you have selected .

“Are you extending an exisitng domain or creating a new domain” ?

Thanks for the response Atul.

I have figured it out. I am Creating a new domain but what I have to do is select the products for the domain from the bottom up.

For instance I had to select the products in this order Oracle JRF, Oracle WSM Policy Manager, Oracle Enterprise Manager, Oracle SOA Suite and Oracle Identity Manager.

Then everything worked fine.

while creating domain i am getting cfgfwk 64069
error i am configuring it form start-allprograms-oracle weblogic-weblogic server 11gR1-tools-configuration wizard
i have admin privilage for my system
i have insatalled everything required for oim
(oim,soa,weblogic,rcu)
what type of error is this ?
how to resolve it?

////while creating domain i am getting cfgfwk 64069
error i am configuring it form start-allprograms-oracle weblogic-weblogic server 11gR1-tools-configuration wizard
i have admin privilage for my system
i have insatalled everything required for oim
(oim,soa,weblogic,rcu)
what type of error is this ?
how to resolve it?////

@ Piyush,
What all components have you selected during domain creation. Order in which you select components could create this error.

Hello Atul Kumar,

Congrats for your posts. It’s very good.

Recently, after installing the OIM products, I ran into a problem like this:

Error message: JPS-03026: PDPService and PolicyStore Service instance not found in default context. Reason: null
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: JPS-03026: PDPService and PolicyStore Service instance not found in default context. Reason: null
at oracle.security.jps.internal.policystore.PolicyDelegationController.(PolicyDelegationController.java:185)
at oracle.security.jps.internal.policystore.PolicyDelegationController.(PolicyDelegationController.java:160)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.(JavaPolicyProvider.java:280)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
Truncated. see log file for complete stacktrace

In order to help those who ran at the same problem, in order to resolve it, one must to execute the following command:
IDM_HOME/common/bin/wlst.sh IDM_HOME/oes/modifygrants.py

Thanks for Kalyan who have posted this solution (https://forums.oracle.com/forums/thread.jspa?threadID=2239495).

Hi Atul,
Thank you for the step-by-step instructions regarding FMW11g installation.
Could you please clarify when to perform the create domain activity for the following case?

I need to install FWM11g with WebLogic server as active-passive in two dedicated servers, OAM and OIF (two servers), OID and DIP (two servers).
Oracle DB RAC and OHS in web tier (dedicated two servers) is in place.

Installed 64-bit WLS version 10.3.5 in the dedicated servers (RHEL).
Should I execute Oracle IDM or IDAM installer before creating the domain ?

@ Kittu,
What you are looking is enterprise deployment of IdM follow steps here

http://docs.oracle.com/cd/E14571_01/core.1111/e12035/create_domain_im.htm#CFHIBIEG

Follow configuration mentioned in 6, 7 ….(depending on components you need)

Thank you Atul! Appreciate your timely help 🙂

Atul,
thanks for all you have done for the community.
i used your 11.1.1.3 as reference for my 11.1.1.5 installation.
After the completion domain creattion, i found only AdminServer directory created under ../user_projects/domains and none of the others. I started the admin server and checked those managed servers and they are in the servers.
Did I miss something?

@ Sean,
Directory will create during first time startup. Please start managed server and then check

That worked. Thanks for the help.

Hello Atul,
I followed your steps, and I have it is 11.1.1.5.0. I notice that you did not select any components in “Select Optional Configuration”. And I did the same for 11.1.1.5.0
I started the adminserver and the oam_server1.
I have the problem to access oam console:

The problem followchart:
Access oam console http://7001/oamconsole,

prompted with SSL exception,

accept the exception,

redirected to SSL 14100 oam port for login,

key in oam admin (the same as wls’), press login,

get the error page with error “The Page isn’t redirecting properly”

Seems the problem is SSL/Credential Collector related, so I’d like to make it non SSL work first and enable SSL.

So I did:
from wls admin console, disabled SSL for OAM server on port 14101; from oam console, which is accessible without having oam_server1 started, changed the oam port to non ssl port 14100. Restarted admin server and oam server1. Now I get the error for access oam server
“Unable to connect
Firefox can’t establish a connection to the server at ol32b57.localdomain:14101.
”
it still works for 14101!
How can we make the nonSSL conversion?

Thank you.

I have applied OAM 11gR1 Patchset1 BP01 11.1.1.5.1 – 12733108, tested again. The problem stays.

@ Sean,
Stop oam server and then try. if this works then remove IAMSuite agent (from providers in security realm) . restart admin and oam server and then try again.

Issue is with SSO server which for some reason is not working properly.

Thanks Atul!
Have the IAMSuiteAgent disabled from the security realms worked as without redirecting to oam server 101400 for authentication.

But seems that should not be as the worked out of the box? I have the new errors in the logs:

**

java.lang.RuntimeException: java.security.PrivilegedActionException: oracle.security.jps.service.idstore.IdentityStoreException: JPS-01520: Cannot initialize identity store.
at oracle.adf.share.security.providers.jps.JpsUtil.getDefaultIdentityStore(JpsUtil.java:339)
at oracle.adf.share.security.providers.jps.JpsIdentityManagementProvider.initialize(JpsIdentityManagementProvider.java:90)

***

@ Sean,
I am facing similar issue (redirecting in loop) but only one one server. I am not sure about root cause of this problem.

Hi,

I configured oaam_admin_server1.

I login to it using :
http://oam-dev:14200/oaam_admin

somehow when I click enter it redirected to authetication page with the link
http://localhost.localdomain:14200/oaam_admin/XXXXXXXX

I have to change localhost.localdomain to oam-dev.

Any idea how to fix this? 🙁

I am getting following error while running RCU 11.1.1.5

”
ORA-0145 maximum key length (6398) exceeded.

File E:\upgrade\repostory_creation_utiltiy\rcuhome\rcu\integration\cremdsinds.sql
statement create index MDS_COMPONENTS_N1
COMP_PARTITION_ID….

”

Although there is an option to ignore and contneo but want to know if this may create error in future.

Any Idea ?

Thanks

@manohar, you need to set nls_length_semantics in your DB instance to BYTE. It should work.

Hi Atul,

Thanks for your step-by-step online help. I am blocked at the part(v) when I was configuring the domains.

At the “Test Component Schema”, I got the following error:
Component Schema=SOA Infrastructure
Driver=oracle.jdbc.xa.client.OracleXADataSource
URL=jdbc:oracle:thin:@localhost.localdomain:1521/orcl
User=DEV_SOAINFRA
Password=***********
SQL Test=select 1 from schema_version_registry where owner=(select user from dual) and mr_type=’SOAINFRA’ and version=’11.1.1.5.0′

Listener refused the connection with the following error:
ORA-12528, TNS:listener: all appropriate instances are blocking new connections

CFGFWK-60850: Test Failed!

I got the same error for all the schema.
I installed the following on Red Hat Enterprise Linux Server release 5.8 (64-bit):
-Oracle 11g database 11.2.0.1.0
-RCU utility 11.1.1.5
-Weblogic Server 10.3.6
-Oracle Identity & Access Management 11.1.1.5
-SOA Suite 11.1.1.5.0
-Oracle Identity & Access Management 11.1.1.5

Please help me and let me know what data you will need.

Thanks,
-Arshad

i am installing and configuring OAM. when i configure Security Store for OAM Domain to Database occur a error when i do

[oracle@iamserver mw]$ . /home/oracle/oam.env
[oracle@iamserver mw]$/u02/oracle/mwoam/user_projects/domains/IAMDomain/bin/setDomainEnv.sh
[oracle@iamserver mw]$ cd /u02/oracle/mwoam/oracle_common/common/bin/
[oracle@iamserver bin]$ ./wlst.sh /u02/oracle/mwoam/iam/common/tools/configureSecurityStore.py -d /u02/oracle/mwoam/user_projects/domains/IAMDomain -c IAM -p oracle123 -m create

CLASSPATH=/u02/oracle/mwoam/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u02/oracle/mwoam/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/u02/oracle/mwoam/jrockit-jdk1.6.0_45-R28.2.7-4.1.0/lib/tools.jar:/u02/oracle/mwoam/wlserver_10.3/server/lib/weblogic_sp.jar:/u02/oracle/mwoam/wlserver_10.3/server/lib/weblogic.jar:/u02/oracle/mwoam/modules/features/weblogic.server.modules_10.3.6.0.jar:/u02/oracle/mwoam/wlserver_10.3/server/lib/webservices.jar:/u02/oracle/mwoam/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/u02/oracle/mwoam/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/u02/oracle/mwoam/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/u02/oracle/mwoam/oracle_common/common/wlst/lib/adfscripting.jar:/u02/oracle/mwoam/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/u02/oracle/mwoam/oracle_common/common/wlst/lib/mdswlst.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/auditwlst.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/igfwlsthelp.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/jps-wlst.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/jrf-wlst.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/oamap_help.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/ossoiap_help.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/ossoiap.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/sslconfigwlst.jar:/u02/oracle/mwoam/oracle_common/common/wlst/resources/wsm-wlst.jar:/u02/oracle/mwoam/utils/config/10.3/config-launch.jar::/u02/oracle/mwoam/wlserver_10.3/common/derby/lib/derbynet.jar:/u02/oracle/mwoam/wlserver_10.3/common/derby/lib/derbyclient.jar:/u02/oracle/mwoam/wlserver_10.3/common/derby/lib/derbytools.jar::

Initializing WebLogic Scripting Tool (WLST) …

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Info: Data source is: opss-DBDS
Problem invoking WLST – Traceback (innermost last):
File “/u02/oracle/mwoam/iam/common/tools/configureSecurityStore.py”, line 896, in ?
TypeError: cannot concatenate ‘str’ and ‘NoneType’ objects

Hi,
I am trying to install oracle Identity Manager 11.1.1.7.0_64 on a 64-bit windows 7 machine.
I already have SOA and OSB in my middleware home.

When I am trying to install my oracle Identity Manager using the command ‘setup.exe -jreLoc \jdk160_29\jre’
I was able to go through all the steps But at the Installation process I was facing an error ‘Installation Failed. Prepare Session failed OUI-10133:Invalid staging area. There are no top level components for Windows NT, Windows 2000 available for installation in this staging area’.

Can you please suggest a solution for this

Hurrah! Finally I got a web site from where I be able to truly get useful data regarding my study and knowledge.

Hi,

I am configuring oim. The database is up and running as well as the listener. Still I am facing the issue INST 6104 Unable to connect to database with given credentials.Listener could be down.
Any help on this isssue will be appreciated.

Thanks

Hi, I want to change Admin password at weblogic server 11g.
Simply I just change weblogic user at Security Realms page.
But I want to know. If I change password, Is it I need to configure any files of config at other component?
such as at OracleIDMSuite_11.1.2 or any component related