Part V : Create Domain : #OracleIdM 11g : Step by Step Installation of OAM, OIM, OAAM, OAPM, OIN

This is part V of step by step installation of Oracle Identity Management (OAM, OIM, OAAM, OAPM & OIN) which covers creating domain for Identity and Access Management .

  • For Part I Download Software and create Schema click here 
  • For Part II Install WebLogic Server 10.3.3  click here
  • For Part III Install SOA Server and Upgrade to click here
  • For Part IV Install IDAM click here

In this post We are going to create WebLogic Domain containing one Admin Server and five managed servers
a) Admin Server listening on port 7001
b) oim_server1 listening on port 14000
c) oam_server1 listening on port 14100
d) oaam_admin_server1 listening on port 14200
e) oaam_server_server1 listening on port 14300
f) soa_server1 listening on port 8001

More on Domain in WebLogic Server here


Start configuring domain by running under $ORACLE_HOME/common/bin (where ORACLE_HOME is for Identity Management in which you installed OIM, OAM, OAAM, OIN, OAPM in Part IV of this Series) :

Note* : under $ORACLE_HOME/bin is to configure OIM server and not to create Domain 


Select components which you wish to install (Some components are dependent on other components like OIM uses SOA for Workflow)


Enter database schema details here (schemas which you created in Part I Load Schema)


  • Below screen is to customize severs (configure cluster, settings…) during install time. (It is possible to change all these steps later too.)


  • After creating domain you should see directory user_projects(default location is under MW_HOME). WebLogic related configuration, log, start-stop, application and all run time files are under this directory


  • Start Admin Server from $DOMAIN_HOME/bin/ (Default DOMAIN_HOME location is $MW_HOME/user_projects/domains/base_domain)


wait till you see listening on [IP]:7001 on console


  • Login to console using http://serverName:7001/console  (user weblogic/[password]) where username/password is one you entered during domain creation


  • click on Servers in console to see list of servers running


For OracleIdM 11g R1 PS2 : Step by Installation of OAM, OIM, OAAM, OAPM, OIN ( – Part VI : Configure OIM Server 11g !! stay tuned

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

Chrisz says August 18, 2010

Hi for all

Please, what´s the difference between [Identity Management ( + Identity Management (] and [Oracle Identity and Access Management (]?

In your example you suggest the used of IDAM, .. Why that?

Best regards,

Atul Kumar says August 18, 2010

@ Chrisz,
Oracle IdM – Identity Management
Oracle IDAM – Identity & Access Management

These two terms are used interchangebly by users and with in Oracle Team itself.

What is Oracle IdM or IDAM Suite ?
From technical point of view this is collection of various identity & access management products like OID, OIM, OAM, OVD, OIF …check full list

Oracle Initially realease with just OID, OVD, OIF, ODIP

It has now released (identity management) which covers patchset 2 for OID, OIF, OVD, ODIP.

With they also released product like OIM (earlier it was on, OAM (earlier similarly OAAM.

OIN (Oracle Identity Navigator) is brand new product launched in .

Hope this helps.

Rehan says September 2, 2010

When you last part for this post will come. Please include how to protect webapplication under weblogic by applying authentication policies.
Rehan Farooq

Atul Kumar says September 3, 2010

@ Rehan.
Sure I’ll post as soon as I find some time.

INIYA says September 3, 2010

Hi Atul,

Thanks for installation steps. It was really helpful and I did successfully setup OIM on Windows Server.

Now I am trying to setup the same in Vista and while creating weblogic domain I get the below error

Detail error messages are as follow:
CFGFWK-64060: The template you selected cannot be applied because the following dependencies have not been satisfied.
OR for Oracle soa suite:
D:\weblogic1033\Middleware\Oracle_SOA\common\templates\ applications\oracle.soa_template_11.1.1.jar Multiple dependency matches: Oracle SOA Managment Extension

D:\weblogic1033\Middleware\jdeveloper\common\templates\ applications\oracle.soa.mgmt_template_11.1.1.jar Multiple dependency matches: Oracle SOA Managment Extension

D:\weblogic1033\Middleware\oracle_common\common\templates\ applications\oracle.soa.mgmt_template_11.1.1.jar

Do you have any ideA?


Atul says September 3, 2010

@ Iniya,
This could be because of higher security in windows vista/windows 7

Check file permission and owner of MW_HOME and subdirectory (reset permission of MW_HOME directory and subdirectory) .

If you are creating domain using command line config.cmd then start command promt in administrative mode and then try.

Jacob says September 3, 2010

What is the Linux OS version you have used in your examples?
Did you have to patch OS before installation?
Did you have to patch oracle db before installation?


Atul Kumar says September 3, 2010

@ Jacob,
This is on Oracle Enterprise Linux 4 update 4 (all rpms’s selected during OS install).

Did you have to patch OS before installation?
No, changed few kernel settings limits.conf

hard nofile 4096
soft nofile 4096

Check this post

+ Changed kernel setting at required by database 11gr2

Did you have to patch oracle db before installation?
No, and are supported so I used . Make sure you select database character set as AL32UTF8 (This is prereq for RCU)

Change session , processes and open_cursor pararameter of DB to atleast 500

INIYA says September 5, 2010

Thanks Atul.

For time being , I disabled the UAC in Vista then it worked.


HOOPER says September 7, 2010

I am attempting to install Oracle Identity and Access Management Suite 11g on a Windows 7 machine…in following the installation guides I have installed the following Oracle Components

– Oracle Database
– Created Schemas using RCU
– Oracle WebLogic Server
– Oracle SOA
– Oracle SOA (Patch Set)
– Oracle IAM SUITE

When attempting to create a new weblogic domain I was getting quite a few of the following error messages:

CFGFWK-64060: The template you selected can’t be applied because the following dependencies have not been satisfied:

Missing prerequisites:

DEP for Oracle Enterprise Manager: [C:\MyApps\Oracle\Middleware\oem\
.1.0.0.jar] (Oracle WebCenter EM:

DEP for Oracle IDM Common Template: [C:\MyApps\Oracle\Middle
.1.1.jar] (Oracle WebCenter Composer Extension:

I have also installed Oracle Enterprise Manager (OEM, Oracle Application Server 11g WebCenter and Patch Set, JDeveloper and ADF, and have not been able to get past the dependency errors.

I have been trying to understand what exactly I am missing here, any suggestions or assistance to understand how I can get past this dependency error would be appreciated. The Oracle Installation Guide only mentions dependencies on WebLogic, Database, SOA Suite, and JDK.


Atul Kumar says September 7, 2010

@ Hooper, Try disabling UAC (user access control) reboot machine and then try creating domain. If this is still an issue uodate.

HOOPER says September 9, 2010

Hi Atul,

Thank you for your response. Here is an update…

Ok so I have been able to move past my initial dependency errors.

The resolution, I disabled the UAC settings, uninstalled all Oracle components and cleaned out all the registry keys, and temp files and reinstalled all components in the same order as my previous installation, with a couple of changes…

First, I installed each component while running as the administrator.

Second, I after installing the SOA Core and Patch Set I installed the Oracle AS Common Top Level Component using the Oracle Universal Installer.

Here is the order of my install:

Oracle DB 11g
Created Schemas using RCU
WebLogic 10.3.3
SOA Suite Core
SOA Suite Patchset
AS Common Top Level Component
IDM Suite
Created WebLogic Domain for OIM and SOA

Now when attempting to run config.bat under ..\Oracle\MW_HOME\idm\bin to launch the OIM Configuration Wizard I am encountering the following pop-up error message

The Java Run Time Environment was not found at
Hence, the Oracle Universal Installer cannot be run. Please visit and install JRE version 1.3.1 or higher and try again.

I have crawled through multiple forums and have attempted a wide range of ideas to try to get past this error without any success…any additional suggestions would be great.

Here is a quick rundown of what I have attempted thus far…

(note the Admin Console for my WebLogic Domain was up and running during each test, and I am using JDK and JRE installation directories that do not have spaces in the PATH)

1.) I have disabled the User Account Control settings on my Windows 7 Machine

2.) I have attempted executing all commands as the Local Administrator

3.) I have attempted setting my JAVA_HOME environment variable to C:\MyApps\Java\jdk1.6.0_21\jre or C:\MyApps\Java\jdk1.6.0_21

4.) I have updated my PATH environment variable to include paths to my JDK and JRE installations

5.) I have created a JRE_HOME and JRE_LOCATION environment variable that points to a JRE installation

Interesting to note that I can get past the initial error message below by updating the JRE_LOCATION in the oraparam.ini file located at C:\MyApps\Oracle\MW_HOME\idm\oui to point to directly to a JRE Installation. For example, any of the following JRE_LOCATION settings in the oraparam.ini file will get me past the JRE Not Found Error…

JRE_LOCATION=C:\MyApps\Java\jre6 or
JRE_LOCATION=”C:\Program Files\Java\jdk1.6.0_21\jre” or

however, the command prompt windows simply close and nothing happens??? Even though I am using the GUI Option?

I appreciate your assistance and collaboration.


witkow says October 6, 2010

According to CFGFWK-64060. I had lock on Oracle_ECM1 folder. After adding on Security tab of this folder properties all rights to “CREATOR OWNER” (I had to add this group to list) all problems disappeared.

Shiv says April 11, 2011

Hi Atul,

I have succesfully installed Oracle IDM Suite 11g (OAM)

Now I am trying to configure that with new weblogic domain. I am getting this error.

CFGFWK -64069: The following prerequisites were found to be missing: Oracle WebCenter Composer –

Please help.


Atul Kumar says April 11, 2011

From which location you are running ?

What components did you select (during domain creation screen) ?

Shiv says April 11, 2011

@ Atul,

Thanks for the reply.

This is the location, from where I am running config.cmd MWHOME\Oracle_IDM2\common\bin\

I had selected this component.
Oracle Access Manager with Database Policy Store – [Oracle_IDM2].

I need to configure only OAM for SSO.

Please help.


sheetz says July 20, 2011

Hi Atul,

I have installed the following:
– Install Oracle 11G R2 database
– Configured parameters in Oracle DB (open_cursors, processes, sessions)
– Installed WebLogic 10.3.3
– Executed RCU (I chose the AS Common Schema, Identity Management and SOA Infrastructure)
– Installed Oracle Identity Management (OID, OVD, OIF, Oracle HTTP, ODSM)
– Patched it to
– Configured it to create a new Weblogic domain called IDMDomain
– Installed SOA
– Patched it to
– Installed Identity and Access Management

When I get to the Fusion Middleware configuration wizard (app\Middleware\Oracle_IDM2\common\bin\config.cmd) and try to create or extend a weblogic domain to support the following products:
– Oracle Identity Manager –
– Oracle Identity Navigator –
– etc.

Here is the error:
CFGFWK-64060 The template you selected can’t be applied because the following dependencies have not been satisfied

sheetz says July 20, 2011

Forgot to mention I am installing all this on Windows 2003 SP2

sheetz says July 20, 2011

Hi Atul,

I forgot to mention that I am installing this on Windows 2003 SP2

Atul Kumar says July 21, 2011

List all the components you have selected .

“Are you extending an exisitng domain or creating a new domain” ?

sheetz says July 21, 2011

Thanks for the response Atul.

I have figured it out. I am Creating a new domain but what I have to do is select the products for the domain from the bottom up.

For instance I had to select the products in this order Oracle JRF, Oracle WSM Policy Manager, Oracle Enterprise Manager, Oracle SOA Suite and Oracle Identity Manager.

Then everything worked fine.

piyush says September 1, 2011

while creating domain i am getting cfgfwk 64069
error i am configuring it form start-allprograms-oracle weblogic-weblogic server 11gR1-tools-configuration wizard
i have admin privilage for my system
i have insatalled everything required for oim
what type of error is this ?
how to resolve it?

piyush says September 1, 2011

////while creating domain i am getting cfgfwk 64069
error i am configuring it form start-allprograms-oracle weblogic-weblogic server 11gR1-tools-configuration wizard
i have admin privilage for my system
i have insatalled everything required for oim
what type of error is this ?
how to resolve it?////

Atul Kumar says September 5, 2011

@ Piyush,
What all components have you selected during domain creation. Order in which you select components could create this error.

Alexandre Oliveira says September 8, 2011

Hello Atul Kumar,

Congrats for your posts. It’s very good.

Recently, after installing the OIM products, I ran into a problem like this:

Error message: JPS-03026: PDPService and PolicyStore Service instance not found in default context. Reason: null
Truncated. see log file for complete stacktrace
Caused By: JPS-03026: PDPService and PolicyStore Service instance not found in default context. Reason: null
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(
Truncated. see log file for complete stacktrace

In order to help those who ran at the same problem, in order to resolve it, one must to execute the following command:
IDM_HOME/common/bin/ IDM_HOME/oes/

Thanks for Kalyan who have posted this solution (

Kittu says November 24, 2011

Hi Atul,
Thank you for the step-by-step instructions regarding FMW11g installation.
Could you please clarify when to perform the create domain activity for the following case?

I need to install FWM11g with WebLogic server as active-passive in two dedicated servers, OAM and OIF (two servers), OID and DIP (two servers).
Oracle DB RAC and OHS in web tier (dedicated two servers) is in place.

Installed 64-bit WLS version 10.3.5 in the dedicated servers (RHEL).
Should I execute Oracle IDM or IDAM installer before creating the domain ?

Atul Kumar says November 24, 2011

@ Kittu,
What you are looking is enterprise deployment of IdM follow steps here

Follow configuration mentioned in 6, 7 ….(depending on components you need)

Kittu says November 29, 2011

Thank you Atul! Appreciate your timely help 🙂

Sean says December 21, 2011

thanks for all you have done for the community.
i used your as reference for my installation.
After the completion domain creattion, i found only AdminServer directory created under ../user_projects/domains and none of the others. I started the admin server and checked those managed servers and they are in the servers.
Did I miss something?

Atul Kumar says December 21, 2011

@ Sean,
Directory will create during first time startup. Please start managed server and then check

Sean says December 24, 2011

That worked. Thanks for the help.

Sean says December 24, 2011

Hello Atul,
I followed your steps, and I have it is I notice that you did not select any components in “Select Optional Configuration”. And I did the same for
I started the adminserver and the oam_server1.
I have the problem to access oam console:

The problem followchart:
Access oam console http://7001/oamconsole,

prompted with SSL exception,

accept the exception,

redirected to SSL 14100 oam port for login,

key in oam admin (the same as wls’), press login,

get the error page with error “The Page isn’t redirecting properly”

Seems the problem is SSL/Credential Collector related, so I’d like to make it non SSL work first and enable SSL.

So I did:
from wls admin console, disabled SSL for OAM server on port 14101; from oam console, which is accessible without having oam_server1 started, changed the oam port to non ssl port 14100. Restarted admin server and oam server1. Now I get the error for access oam server
“Unable to connect
Firefox can’t establish a connection to the server at ol32b57.localdomain:14101.

it still works for 14101!
How can we make the nonSSL conversion?

Thank you.

Sean says December 24, 2011

I have applied OAM 11gR1 Patchset1 BP01 – 12733108, tested again. The problem stays.

Atul Kumar says December 25, 2011

@ Sean,
Stop oam server and then try. if this works then remove IAMSuite agent (from providers in security realm) . restart admin and oam server and then try again.

Issue is with SSO server which for some reason is not working properly.

Sean says December 25, 2011

Thanks Atul!
Have the IAMSuiteAgent disabled from the security realms worked as without redirecting to oam server 101400 for authentication.

But seems that should not be as the worked out of the box? I have the new errors in the logs:


java.lang.RuntimeException: JPS-01520: Cannot initialize identity store.


Atul Kumar says December 27, 2011

@ Sean,
I am facing similar issue (redirecting in loop) but only one one server. I am not sure about root cause of this problem.

anna says April 6, 2012


I configured oaam_admin_server1.

I login to it using :

somehow when I click enter it redirected to authetication page with the link

I have to change localhost.localdomain to oam-dev.

Any idea how to fix this? 🙁

manohar says June 21, 2012

I am getting following error while running RCU

ORA-0145 maximum key length (6398) exceeded.

File E:\upgrade\repostory_creation_utiltiy\rcuhome\rcu\integration\cremdsinds.sql
statement create index MDS_COMPONENTS_N1

Although there is an option to ignore and contneo but want to know if this may create error in future.

Any Idea ?


AbhishekCS says July 13, 2012

@manohar, you need to set nls_length_semantics in your DB instance to BYTE. It should work.

arshadiqbal1 says November 9, 2012

Hi Atul,

Thanks for your step-by-step online help. I am blocked at the part(v) when I was configuring the domains.

At the “Test Component Schema”, I got the following error:
Component Schema=SOA Infrastructure
SQL Test=select 1 from schema_version_registry where owner=(select user from dual) and mr_type=’SOAINFRA’ and version=’′

Listener refused the connection with the following error:
ORA-12528, TNS:listener: all appropriate instances are blocking new connections

CFGFWK-60850: Test Failed!

I got the same error for all the schema.
I installed the following on Red Hat Enterprise Linux Server release 5.8 (64-bit):
-Oracle 11g database
-RCU utility
-Weblogic Server 10.3.6
-Oracle Identity & Access Management
-SOA Suite
-Oracle Identity & Access Management

Please help me and let me know what data you will need.


    Atul Kumar says November 9, 2012

    @ arshadiqbal1,
    Problem is with database listener, your database listener is blocking connection. Ask DBA to look at listener

bugra emin says March 6, 2014

i am installing and configuring OAM. when i configure Security Store for OAM Domain to Database occur a error when i do

[oracle@iamserver mw]$ . /home/oracle/oam.env
[oracle@iamserver mw]$/u02/oracle/mwoam/user_projects/domains/IAMDomain/bin/
[oracle@iamserver mw]$ cd /u02/oracle/mwoam/oracle_common/common/bin/
[oracle@iamserver bin]$ ./ /u02/oracle/mwoam/iam/common/tools/ -d /u02/oracle/mwoam/user_projects/domains/IAMDomain -c IAM -p oracle123 -m create


Initializing WebLogic Scripting Tool (WLST) …

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

Info: Data source is: opss-DBDS
Problem invoking WLST – Traceback (innermost last):
File “/u02/oracle/mwoam/iam/common/tools/”, line 896, in ?
TypeError: cannot concatenate ‘str’ and ‘NoneType’ objects

rc says October 1, 2014

I am trying to install oracle Identity Manager on a 64-bit windows 7 machine.
I already have SOA and OSB in my middleware home.

When I am trying to install my oracle Identity Manager using the command ‘setup.exe -jreLoc \jdk160_29\jre’
I was able to go through all the steps But at the Installation process I was facing an error ‘Installation Failed. Prepare Session failed OUI-10133:Invalid staging area. There are no top level components for Windows NT, Windows 2000 available for installation in this staging area’.

Can you please suggest a solution for this

steve jacobson says January 13, 2015

Hurrah! Finally I got a web site from where I be able to truly get useful data regarding my study and knowledge.

Pra says May 28, 2015


I am configuring oim. The database is up and running as well as the listener. Still I am facing the issue INST 6104 Unable to connect to database with given credentials.Listener could be down.
Any help on this isssue will be appreciated.


    Atul Kumar says May 29, 2015

    Is service name given in configuration screen is same as one that is registered with listener

    Type lsnrctl status to check service name registered with listener

kokovic says September 1, 2015

Hi, I want to change Admin password at weblogic server 11g.
Simply I just change weblogic user at Security Realms page.
But I want to know. If I change password, Is it I need to configure any files of config at other component?
such as at OracleIDMSuite_11.1.2 or any component related

    Atul Kumar says September 2, 2015

    It depends on what FMW components are deployed on WebLogic domain and if you are using components like OIM where OIM connects to SOA using WebLogic user but as part of deployment one step was to change this user from weblogic to one in LDAP Server (OID). If there is anything in domain using weblogic password then it must be in CSF (credential store) . Other place I can think of is I suggest you change it on test environment , test it thoroughly and then proceed to prod. If you hit any issue after changing password then post here.

Add Your Reply