Why should you integrate OAM with OID ?
OAM’s default user store is weblogic’s embedded ldap server which is not recommended user store for production environment. After OAM installation it is recommended to set Oracle Internet Directory as OAM’s primary identity store.
Pointing OAM’s user store to Oracle Internet directory including integration with Oracle Identity Manager is also explained in my Book “Oracle Identity and Access Manager 11g for Administrators”
Steps to configure OAM to use OID as Identity Store
1. Create a groups “Administrators” in OIDunder dc=[your_domain], cn=groups using ODSM
2. Create a user weblogicoid in OID under dc=[your_domain] , cn=users (This user will then be used to connect to login to weblogic console) – Ensure that attribute userPassword is set for this user.
3. Add user weblogicoid in OID to group “Administrator“. Use ODSM to create user/group in OID 11g. More on ODSM here
4. Login to OAM Console ( http://server:7001/oamconsolewhere 7001 is weblogic admin server port on which OAM is deployed)
5. Click tab “System Configuration” and select User Identity Stores under Data Source
6. From Actions -> select Create
7. Enter OID server details and click on Test Connections
If you get “failed to connect to Identity Store : Invalid Role Security Admin” make sure that group Administrators is created in OID
8. Click Apply when connection is successful
9. Select newly create User Store from OAM Console and click on button “Set as Primary” on top right
10. Log out from OAM console and login using newly created user in OID (weblogicoid)
Note: You can also use WebLogic Scripting Tool (WLST) to manage identity store in OAM using createUserIdentityStore, deleteUserIdentityStore, displayUserIdentityStore, editUserIdentityStore
How to use WLST commands for OAM ?
1.set environment – DOMAIN_HOME/bin/setDomainEnv.sh
2.Start WLST – cd $ORACLE_HOME/common/bin/wlst.sh
3.Connect to WebLogic Server – connect()
4. List all OAM commands – help(‘oam’)
5.To list User Identity Store with name UserIdentityStore1 – displayUserIdentityStore( name=”UserIdentityStore1″)
If you are looking for commonly asked interview questions for Oracle Access Manager then just click below and get that in your inbox.
Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.