This post covers part V of Fusion Applications 11.1.1.5.1 Installation, Integrate Oracle Identity Manager (OIM) with Oracle Access Manager (OAM) for Fusion Application. For previous steps check below links
OIM/OAM 11g installation and other key tasks required for administrators is also covered in my book
The steps to integrate OIM with OAM are very well documented here so I am going to cover only key points and important things to consider.
1. Creating Client Keystore (SSLClinetConfig.sh) discussed in section 17.1.2 is optional and required only if you configure Fusion Applications to Oracle Identity Management components on SSL (Fusion Applications can be configured to connect to Identity Management with NO SSL)
2. Copying OAM keystore files mentioned in 17.2.2 is required only if OAM Access Server is running in SIMPLE or SECURE mode (OAM Access Server runs in one of three modes – OPEN, SIMPLE, SECURE where OPEN is default mode)
3. For content in file config_oam2.props mentioned in 17.2.3 , note following things
a) Update WLSHOST and WLSPORT to WebLogic Machine Name and WebLogic Admin Server port resp. on which OIM/OAM is deployed (default WebLogic Admin Server port is 7001)
b) Update IDSTORE_HOST and IDSTORE_PORT to OID Server Host and LDAP Port (default OID LDAP port is 3060)
c) For IDSTORE_USERSEARCHBASE, IDSTORE_SEARCHBASE, IDSTORE_GROUPSEARCHBASE – replace dc=mycompany, dc=com with OID security realm value defined during OID Configuration.
d) For PRIMARY_OAM_SERVERS – Server Name and port number are OAM Server Machine and OAM Proxy Port resp. If there is only one OAM Server then defined only one OAMServer:Port (default OAM Proxy port is 5575)
e) OAM11G_IDM_DOMAIN_OHS_HOST : is machine name on which OHS server is going to run for OAM (If there is load balancer in front of OHS then mention Load Balancer Name here)
f) OAM11G_IDM_DOMAIN_OHS_PORT : is Port Number on which OHS server is going to run for OAM (If there is load balancer in front of OHS then mention Load Balancer Listen Port here).
g) OAM11G_IDM_DOMAIN_OHS_PROTOCOL : is Protocol for OHS Server (If there is load balancer in front of OHS then mention Load Balancer Protocol here). My OHS server is running on HTTP (No SSL) so I am using value http
h) OAM_TRANSFER_MODE : OAM Access Server can be configured one of three modes OPEN, SIMPLE, CERT (default value OPEN), change value as per OAM Server configuration. (Use value in upper case else some of OIM/OAM integration tasks will fail. This is BUG where value in lowercase result in issues during integration)
i) OAM11G_OAM_SERVER_TRANSFER_MODE : same as defined above
j) COOKIE_DOMAIN : change this to your primary domain.
k) OAM11G_SERVER_LBR_HOST, OAM11G_SERVER_LBR_PORT, OAM11G_SERVER_LBR_PROTOCOL : Change values as per your Load Balancer Configuration (If you do not have load balancer in front of OHS then use OHS hostname, OHS Port and OHS Protocol)
l) OAM11G_OIM_OHS_URL : Change it to load balancer protocol://hostname:port (If you do not have load balancer in front of OHS then use OHS hostname, OHS Port and OHS Protocol. I am using value like http://innowave12.com:7780)
4. For content in file user.props mentioned in 17.2.4 , note following things
a) Update IDSTORE_HOST and IDSTORE_PORT to OID Server Host and LDAP Port (default OID LDAP port is 3060)
b) For IDSTORE_USERSEARCHBASE and IDSTORE_GROUPSEARCHBASE – replace dc=mycompany, dc=com with OID security realm value defined during OID Configuration.
5. For content in file oimitg.props mentioned in 17.2.5.2 note following things
a) For ACCESS_SERVER_HOST and ACCESS_SERVER_PORT – Server Name and port number are OAM Server Machine and OAM Proxy Port resp. If there are multiple OAM Servers in cluster then use any one OAMServer:Port (default OAM Proxy port is 5575)
b) COOKIE_DOMAIN : change this to your primary domain.
c) OAM_TRANSFER_MODE : OAM Access Server can be configured one of three modes OPEN, SIMPLE, CERT (default value OPEN), change value as per OAM Server configuration. (Use value in upper case else some of OIM/OAM integration tasks will fail. This is BUG where value in lowercase result in issues during integration)
d) Update IDSTORE_HOST and IDSTORE_PORT to OID Server Host and LDAP Port (default OID LDAP port is 3060)
e) For IDSTORE_ADMIN_USER, IDSTORE_USERSEARCHBASE and IDSTORE_GROUPSEARCHBASE – replace dc=mycompany, dc=com with OID security realm value defined during OID Configuration.
f) For MDS_DB_URL : replace RAC Database Hostname and Port as per your OID database. If OIM database is configured in Single Node Database then use entry like jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(protocol=tcp)(host=innowave12.com)(port=1521))(ADDRESS=(protocol=tcp)))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=faidm.com)))
g) Update MDS_DB_SCHEMA_USERNAME to OIM MDS schema
h) Update WLSHOST and WLSPORT to WebLogic Machine Name and WebLogic Admin Server port resp. on which OIM/OAM is deployed (default WebLogic Admin Server port is 7001)
i) DOMAIN_NAME : WebLogic Domain Name of OIM/OAM Server
j) OIM_MANAGED_SERVER_NAME : is name of OIM managed Server (default value oim_server1)
k) DOMAIN_LOCATION : update location where OIM/OAM WebLogic Domain is configured
6. Updating OVD Authenticator as mentioned in 17.2.6 is required only if you are using OVD (If you are not using OVD then skip this step)
7. Creating CSF keys as mentioned in 17.2.7 is required only if OAM is configured in SIMPLE or CERT mode (default OAM modes is OPEN)
8. Task mention in 17.3 and 17.4 are NOT required for Fusion Apps installation.
9. After chapter 17, install Oracle HTTP Server (OHS) and configured WebGate as defined in section 18.5
10. Validate that you can login to OIM via OHS using OAM Single Sign-On (more on how to validate and screen you should for OIM login in next port )