Oracle Fusion Applications Installation: Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)

Previous: Configure Oracle Identity and Access Management components 

Update Existing LDAP Users with Required Object Classes

Create a property file user.props as follows

[fusion@fmwhost bin]$ export ORACLE_HOME=/app/fusion/fmw/iam

[fusion@fmwhost bin]$ export IDM_HOME=/app/fusion/fmw/idm

[fusion@fmwhost bin]$ export MW_HOME=/app/fusion/fmw

[fusion@fmwhost bin]$ export JAVA_HOME=/app/fusion/jdk6

[fusion@fmwhost bin]$ cd /app/fusion/fmw/iam/idmtools/bin/

[fusion@fmwhost bin]$ more user.props

IDSTORE_HOST: fmwhost.paramlabs.com

IDSTORE_PORT: 3060

IDSTORE_ADMIN_USER: cn=orcladmin

IDSTORE_DIRECTORYTYPE: OID

IDSTORE_USERSEARCHBASE: cn=Users,dc=paramlabs,dc=com

IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=paramlabs,dc=com

PASSWORD_EXPIRY_PERIOD: 7300

IDSTORE_LOGINATTRIBUTE: uid

Run the following command

[fusion@fmwhost bin]$ ./idmConfigTool.sh -upgradeLDAPUsersForSSO input_file=user.props

Enter LDAP admin user password :

Finished parsing LDAP

LDAP Users Upgraded.

Integrate Oracle Access Manager 11g with Oracle Identity Manager 11g

Create a property file as follows.

[fusion@fmwhost bin]$ more oimitg.props

LOGINURI: /${app.context}/adfAuthentication

LOGOUTURI: /oamsso/logout.html

AUTOLOGINURI: None

ACCESS_SERVER_HOST: fmwhost.paramlabs.com

ACCESS_SERVER_PORT: 5575

ACCESS_GATE_ID: Webgate_IDM

COOKIE_DOMAIN: .paramlabs.com

COOKIE_EXPIRY_INTERVAL: 120

OAM_TRANSFER_MODE: open

WEBGATE_TYPE: ohsWebgate11g

SSO_ENABLED_FLAG: true

IDSTORE_PORT: 3060

IDSTORE_HOST: fmwhost.paramlabs.com

IDSTORE_DIRECTORYTYPE: OID

IDSTORE_ADMIN_USER: cn=oamLDAP,cn=Users,dc=paramlabs,dc=com

IDSTORE_USERSEARCHBASE: cn=Users,dc=paramlabs,dc=com

IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=paramlabs,dc=com

MDS_DB_URL: jdbc:oracle:thin:@fdbhost.paramlabs.com:1521:fusiondb

MDS_DB_SCHEMA_USERNAME: fa_mds

WLSHOST: fmwhost.paramlabs.com

WLSPORT: 7001

WLSADMIN: weblogic

DOMAIN_NAME: IDMDomain

OIM_MANAGED_SERVER_NAME: WLS_OIM1

DOMAIN_LOCATION: /app/fusion/config/domains/IDMDomain

IDSTORE_LOGINATTRIBUTE: uid

Run the following command.

[fusion@fmwhost bin]$ ./idmConfigTool.sh -configOIM input_file=oimitg.props

Enter sso access gate password :

Enter mds db schema password :

Enter idstore admin password :

Enter admin server user password :

The tool has completed its operation. Details have been logged to automation.log

Check for errors in the log file.

[fusion@fmwhost bin]$ grep -i error automation.log

Assigning Groups and Roles

Assigning WLSAdmins Group to WebLogic Administration Groups

1. Log in to the WebLogic Administration Server Console.

2. In the left pane of the console, click Security Realms.

3. On the Summary of Security Realms page, click myrealm under the Realms table.

4. On the Settings page for myrealm, click the Roles & Policies tab.

5. On the Realm Roles page, expand the Global Roles entry under the Roles table. This brings up the entry for Roles. Click the Roles link to go to the Global Roles page.

6. On the Global Roles page, click the Admin role to go to the Edit Global Role page:

a. On the Edit Global Roles page, under the Role Conditions table, click the Add Conditions button.

b. On the Choose a Predicate page, select Group from the drop down list for predicates and click Next.

c. On the Edit Arguments Page, Specify IDM Administrators in the Group Argument field and click Add.

7. Click Finish to return to the Edit Global Rule page.

8. The Role Conditions table now shows the IDM Administrators Group as an entry.

9. Click Save to finish adding the Admin role to the IDM Administrators Group.

10. Validate that the changes were successful by bringing up the WebLogic Administration Server Console using a web browser. Log in using the credentials for the weblogic_idm user.

Validate that the changes were successful by bringing up the WebLogic Administration Server Console using a web browser. Log in using the credentials for the weblogic_idm user.

Perform Bug 13824816 Workaround

1. Since you are already on the Global Roles page, click the Admin role to go to the Edit Global Role page:

2. On the Edit Global Roles page, under the Role Conditions table, click Add Conditions.

3. On the Choose a Predicate page, select Group from the predicates list and click Next.

4. On the Edit Arguments Page, specify OAMAdministrators in the Group Argument field and click Add.

5. Click Finish to return to the Edit Global Rule page. The Role Conditions table now shows the OAMAdministrators Group as an entry.

6. Click Save to finish adding the Admin role to the OAMAdministrators Group.

Updating the boot.properties File

Update the boot.properties file for the Administration Server and the managed servers with the WebLogic admin user (weblogic_id) created in Oracle Internet Directory.

[fusion@fmwhost security]$ cd /app/fusion/config/domains/IDMDomain/servers/AdminServer/security

[fusion@fmwhost security]$ cp -pr boot.properties boot.properties_preOAM

[fusion@fmwhost security]$ more boot.properties

username=weblogic_idm

password=Param123

[fusion@fmwhost security]$ cp -pr boot.properties ../../WLS_OAM1/security/

[fusion@fmwhost security]$ cp -pr boot.properties ../../WLS_OIM1/security/

[fusion@fmwhost security]$ cp -pr boot.properties ../../WLS_SOA1/security/

[fusion@fmwhost security]$ cp -pr boot.properties ../../wls_ods1/security/

Restart all services manually to encrypt the file

[fusion@fmwhost bin]$ nohup ./startWebLogic.sh &

[fusion@fmwhost bin]$ nohup ./startManagedWebLogic.sh wls_ods1 &

[fusion@fmwhost bin]$ nohup ./startManagedWebLogic.sh WLS_OAM1 &

[fusion@fmwhost bin]$ nohup ./startManagedWebLogic.sh WLS_OIM1 &

[fusion@fmwhost bin]$ nohup ./startManagedWebLogic.sh WLS_SOA1 &

Install Webgate

Versions of GCC Third-Party Libraries for Linux and Solaris

Operating System

Architecture

GCC Libraries Required

Library Version

Linux 32-bit

x86

libgcc_s.so.1

libstdc++.so.5

3.3.2

Linux 64-bit

x64

libgcc_s.so.1

libstdc++.so.6

3.4.6

Solaris 64-bit

SPARC

libgcc_s.so.1
libstdc++.so.5

3.3.2

Verifying the GCC Libraries Version on Linux and Solaris Operating Systems

Make sure we have the required libraries for Webgate installation. If you have installed Oracle Linux then you should have them.

Perform the following checks to verify the version of GCC libraries:

On the Linux32 on i386 platform:

Run the following commands and ensure that their output is always greater than 0:

strings -a libgcc_s.so.1 | grep -c “GCC_3.0″

strings -a libgcc_s.so.1 | grep -v “GCC_3.3.1″ | grep -c “GCC_3.3″

file libgcc_s.so.1 | grep “32-bit” | grep -c “80386″

file libstdc++.so.5 | grep “32-bit” | grep -c “80386″

On the Linux 64 on x86-64 platform:

Run the following commands and ensure that their output is always greater than 0:

strings -a libgcc_s.so.1 | grep -c “GCC_3.0″

strings -a libgcc_s.so.1 | grep -v “GCC_3.3.1″ | grep -c “GCC_3.3″

strings -a libgcc_s.so.1 | grep -c “GCC_4.2.0″

file libgcc_s.so.1 | grep “64-bit” | grep -c “x86-64″

file -L libstdc++.so.6 | grep “64-bit” | grep -c “x86-64″

On the Solaris 64 on SPARC platform:

Run the following commands and ensure that their output is always greater than 0:

strings -a libgcc_s.so.1 | grep -c “GCC_3.0″

strings -a libgcc_s.so.1 | grep -v “GCC_3.3.1″ | grep -c “GCC_3.3″

file libgcc_s.so.1 | grep “64-bit” | grep -c “SPARC”

file libstdc++.so.5 | grep “64-bit” | grep -c “SPARC”

Since we have Oracle Linux x86-64 platform, let us verify the same.

[fusion@fmwhost Disk1]$ strings -a /lib64/libgcc_s.so.1 | grep -v “GCC_3.3.1” | grep -c “GCC_3.3”

1

[fusion@fmwhost Disk1]$ strings -a /lib64/libgcc_s.so.1 | grep -c “GCC_3.0”

1

[fusion@fmwhost Disk1]$ strings -a /lib64/libgcc_s.so.1 | grep -v “GCC_3.3.1” | grep -c “GCC_3.3”

1

[fusion@fmwhost Disk1]$ strings -a /lib64/libgcc_s.so.1 | grep -c “GCC_4.2.0”

1

[fusion@fmwhost Disk1]$ file -L /lib64/libgcc_s.so.1 | grep “64-bit” | grep -c “x86-64”

1

[fusion@fmwhost Disk1]$ file -L /usr/lib64/libstdc++.so.6 | grep “64-bit” | grep -c “x86-64”

1

This all looks good so we don’t need to download any additional files.

Start webgate installation

We need to have the required libraries in a dedicated directory before we install webgate.

[fusion@fmwhost Disk1]$ mkdir /app/fusion/oam_lib

[fusion@fmwhost Disk1]$ cp -p /lib64/libgcc_s.so.1 /app/fusion/oam_lib/

[fusion@fmwhost Disk1]$ cp -p /usr/lib64/libstdc++.so.6 /app/fusion/oam_lib/

[fusion@fmwhost Disk1]$ ls -ltr /app/fusion/oam_lib/

total 1024

-rwxr-xr-x 1 fusion dba 976312 Sep 26 05:09 libstdc++.so.6.0.8

-rwxr-xr-x 1 fusion dba 58400 Sep 26 05:09 libgcc_s-4.1.2-20080825.so.1

lrwxrwxrwx 1 fusion dba 28 Mar 7 00:03 libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1

lrwxrwxrwx 1 fusion dba 18 Mar 7 00:03 libstdc++.so.6 -> libstdc++.so.6.0.8

Start webgate installation from <Repository_location>/webgate/Disk1

[fusion@fmwhost ~]$ cd /mnt/hgfs/setup/installers/webgate/Disk1/

[fusion@fmwhost Disk1]$ ./runInstaller

Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :/app/fusion/jdk6

Click Next

Once prerequisites check completes, click Next

Middleware Home: /app/fusion/fmw

Home Directory: webgate

Click Next

GCC Library Location: /app/fusion/oam_lib and click Next

Review the summary and click Install

Once installation completes, click Next

Review the summary and click Finish

Deploy WebGate to Oracle HTTP

Make a backup of httpd.conf for safety.

[fusion@fmwhost ~]$ cp -pr /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf_preWebgate

 

1. Execute the command deployWebGate which is located in:

WEBGATE_ORACLE_HOME/webgate/ohs/tools/deployWebGate

The command takes the following arguments:

Oracle HTTP Instance configuration Directory

WebGate Home Directory

[fusion@fmwhost deployWebGate]$ ./deployWebGateInstance.sh -w /app/fusion/config/instances/web1/config/OHS/web1 -oh /app/fusion/fmw/webgate

Copying files from WebGate Oracle Home to WebGate Instancedir

 

2. Set the library path to include the WEB_ORACLE_HOME/lib directory

 

[fusion@fmwhost deployWebGate]$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/app/fusion/fmw/web/lib

Change directory to: WEBGATE_ORACLE_HOME/webgate/ohs/tools/setup/InstallTools

 

[fusion@fmwhost deployWebGate]$ cd /app/fusion/fmw/webgate/webgate/ohs/tools/setup/InstallTools/

 

3. Run the following command to copy the file apache_webgate.template from the WebGate home directory to the WebGate instance location (renamed to webgate.conf) and update the httpd.conf file to add one line to include the name of webgate.conf

 

[fusion@fmwhost InstallTools]$ ./EditHttpConf -w /app/fusion/config/instances/web1/config/OHS/web1 -oh /app/fusion/fmw/webgate

The web server configuration file was successfully updated

/app/fusion/config/instances/web1/config/OHS/web1/httpd.conf has been backed up as /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf.ORIG

Note: If you get error like “Error: You are not authorized to configure this web server” then you need to check the Group value in /app/fusion/admin/ohs_inst1/config/OHS/ohs1/httpd.conf

It should be dba or oinstall based on the default group of the fusion user.

[fusion@fmwhost web1]$ ls -ltr /app/fusion/config/instances/web1/config/OHS/web1/webgate/config/

total 20

drwxr-xr-x 2 fusion dba 4096 Mar 7 00:08 simple

-rwxr-x— 1 fusion dba 14337 Mar 7 00:08 oblog_config_wg.xml

[fusion@fmwhost web1]$ ls -ltr /app/fusion/config/domains/IDMDomain/output/Webgate_IDM_11g/

total 8

-rw-r—– 1 fusion dba 2967 Mar 6 01:23 ObAccessClient.xml

-rw——- 1 fusion dba 3141 Mar 6 01:23 cwallet.sso

4. Copy the files ObAccessClient.xml, cwallet.sso, and password.xml, which were generated when you created the agent from the directory ASERVER_HOME/output/Agent Name on IDMHOST1, to the directory ORACLE_INSTANCE/config/OHS/component/webgate/config

[fusion@fmwhost web1]$ cp -pr /app/fusion/config/domains/IDMDomain/output/Webgate_IDM_11g/* /app/fusion/config/instances/web1/config/OHS/web1/webgate/config/

[fusion@fmwhost web1]$ ls -ltr /app/fusion/config/instances/web1/config/OHS/web1/webgate/config/

total 32

-rw——- 1 fusion dba 3141 Mar 6 01:23 cwallet.sso

drwxr-xr-x 2 fusion dba 4096 Mar 7 00:08 simple

-rwxr-x— 1 fusion dba 14337 Mar 7 00:08 oblog_config_wg.xml

-rw-r—– 1 fusion dba 0 Mar 7 01:07 ObAccessClient.xml.lck

-rw-r—– 1 fusion dba 0 Mar 7 01:07 polltracking.lck

-rw-r—– 1 fusion dba 4774 Mar 7 01:07 ObAccessClient.xml

 

Restart web service

 

[fusion@fmwhost web1]$ /app/fusion/config/instances/web1/bin/opmnctl stopall

opmnctl stopall: stopping opmn and all managed processes…

[fusion@fmwhost web1]$ /app/fusion/config/instances/web1/bin/opmnctl startall

opmnctl startall: starting opmn and all managed processes…

Now launch http:<hostname>:7777/console and this should redirect to OAM login page.

Once logged in, it should redirect back to Weblogic Console home page.

Now SSO Logout function will also work.

Patch Webgate

We had skipped webgate patch in earlier steps of patching since webgate was not yet installed. Let us apply the patch now.

Go to <repository location>/installers/webate/patch

[fusion@fmwhost patch]$ export ORACLE_HOME=/app/fusion/fmw/webgate

[fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply

[fusion@fmwhost patch]$ export JAVA_HOME=/app/fusion/jdk6

[fusion@fmwhost patch]$ export WL_HOME=/app/fusion/fmw/wlserver_10.3

[fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply

Do you want to proceed? [y|n]

y

Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.

(Oracle Home = ‘/app/fusion/fmw/webgate’)

Is the local system ready for patching? [y|n]

y

Patching component oracle.as.oam.webgate.ohs, 11.1.1.5.0…

Copying file to “/app/fusion/fmw/webgate/webgate/ohs/tools/t2p/oam-webgate-t2p.jar”

Copying file to “/app/fusion/fmw/webgate/webgate/ohs/config/np1111_wg.txt”

Copying file to “/app/fusion/fmw/webgate/webgate/ohs/lib/webgate.so”

Copying file to “/app/fusion/fmw/webgate/webgate/ohs/lib/libxmlengine.so”

Copying file to “/app/fusion/fmw/webgate/webgate/ohs/tools/setup/InstallTools/EditHttpConf”

Copying file to “/app/fusion/fmw/webgate/webgate/ohs/tools/deployWebGate/deployWebGateInstance.sh”

The local system has been patched and can be restarted.

UtilSession: N-Apply done.

OPatch succeeded.

Restart all services and reconfirm that everything comes up successfully. The EM should look as follows.

Next: Create new Response File

Installing Oracle Fusion Applications – steps

  1. Install Fusion Applications Provisioning Framework
  2. Install Oracle 11g Database (Applications Transactional Database)
  3. Run Oracle Fusion Applications Repository Creation Utility (Applications RCU)
  4. Create another database for Oracle Identity Management Infrastructure (optional)
  5. Run Repository Creation Utility (RCU) for Oracle Identity Management components
  6. Install Oracle Identity and Access Management Components
  7. Apply mandatory Patches
  8. Configure Oracle Identity and Access Management components
  9. Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)
  10. Install provisioning framework on Node 2
  11. Create new Response File
  12. Provision an Applications Environment (Editing in progress, this link currently points to 11.1.5 counterpart)
Mar 24th, 2013 | Posted by Tushar Thakker | In Uncategorized
  1. Gabriel
    Sep 27th, 2013 at 13:05 | #1

    Hi,

    Now I’m currently having problem accesing the console /oamconsole whether use http://hostName:PortServerAdmin/oamconsole or http://hostName:PortOAMManagedServer/oamconsole.

    I get the login screen, the user login and when I click the login button I get the following error message:

    “Access Denied

    Access to administration console is restricted”

    What am I doing wrong?

    Regards,
    Gabriel

  2. Sep 27th, 2013 at 06:46 | #2

    Hi Admin,

    Just we have completed Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM). But after this while validating the application,We are not able to access weblogic,OIM,OAM,SOA applications.Before this step I can able to access all the applications.

    Below is the error message what I am getting after successful restart of HTTP server.nt.Can you please help us to resolve this ASAP.

    This is little bit Urge

    Message from syslogd@ at Fri Sep 27 12:04:53 2013 …
    idmhost Oblix: 2013/09/27@06:34:53.29494 18495 18507 ACCESS_GATE FATAL 0x0000181C /ade/aime_h0025/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:592 “Oracle AccessGate API is not initialized.” raw_code^204

    Message from syslogd@ at Fri Sep 27 12:04:58 2013 …
    idmhost Oblix: 2013/09/27@06:34:58.50161 18707 18714 ACCESS_SDK FATAL 0x0000181C /ade/aime_h0025/ngamac/src/palantir/access_api/src/obconfig.cpp:635 “Oracle AccessGate API is not initialized.” raw_code^204

    Message from syslogd@ at Fri Sep 27 12:04:58 2013 …
    idmhost Oblix: 2013/09/27@06:34:58.50217 18707 18714 ACCESS_GATE FATAL 0x00001520 /ade/aime_h0025/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:591 “Exception thrown during WebGate initialization”

    Message from syslogd@ at Fri Sep 27 12:04:58 2013 …
    idmhost Oblix: 2013/09/27@06:34:58.50234 18707 18714 ACCESS_GATE FATAL 0x0000181C /ade/aime_h0025/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:592 “Oracle AccessGate API is not initialized.” raw_code^204

    Message from syslogd@ at Fri Sep 27 12:05:13 2013 …
    idmhost Oblix: 2013/09/27@06:35:13.26382 18495 18510 ACCESS_SDK FATAL 0x0000181C /ade/aime_h0025/ngamac/src/palantir/access_api/src/obconfig.cpp:635 “Oracle AccessGate API is not initialized.” raw_code^204

    Message from syslogd@ at Fri Sep 27 12:05:13 2013 …
    idmhost Oblix: 2013/09/27@06:35:13.26448 18495 18510 ACCESS_GATE FATAL 0x00001520 /ade/aime_h0025/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:591 “Exception thrown during WebGate initialization”

    Message from syslogd@ at Fri Sep 27 12:05:13 2013 …
    idmhost Oblix: 2013/09/27@06:35:13.26467 18495 18510 ACCESS_GATE FATAL 0x0000181C /ade/aime_h0025/ngamac/src/palantir/webgate2/src/apache2entry_web_gate.cpp:592 “Oracle AccessGate API is not initialized.” raw_code^204

    Thanks,
    Thireesh

  3. Priya
    Aug 30th, 2013 at 18:40 | #3

    Hi ,

    Hope you are doing well.

    while running the OID Connector Group Lookup Reconciliation task
    I am getting this error
    org.identityconnectors.framework.common.exceptions.ConfigurationException: Bundle oimjar://local:0ldapbp.jar is missing required attribute ‘ConnectorBundle-FrameworkVersion’.

    I ‘ve done the Pre & Post installation task of the connector software (OID-11.1.1.6.0.zip) without any Issue.

    Here is the IT resource Details and Parameters that i configured.

    Parameter Value
    Configuration Lookup Lookup.OID.Configuration
    Connector Server Name <LEFT BLNK.
    baseContexts "dc=oracle,dc=com"
    credentials ********
    failover
    host idm.oracle.com
    port 3060
    principal cn=orcladmin
    ssl false

    also Extracted ldap.jar and ldapbp.jar
    from the lib directory of ldap-1_2_4.zip. and copied these two jar files to
    the $OIM_ORACLE_HOME/server/ThirdParty directory AND run the PurgeCache.sh all without any issue.

    Could you tell what am missing here.

    Thanks
    Priy

    • Priya
      Aug 30th, 2013 at 18:42 | #4

      Just to Add more on the above Issue

      I am trying to Integrate OIM with OID
      and got stuck up with above error that i posted.

      Could you please comment.

      Really Appreciate the response.

      Thanks!!
      Priya

      • tushar
        Aug 30th, 2013 at 21:36 | #5

        Dear all,

        We have a lot of comments pending this week. I will reply to all questions one by one over the weekend and next week.

        Thanks
        Tushar

        • Priya
          Sep 8th, 2013 at 13:53 | #6

          Hi Tushar,

          Hope you are doing good.

          Wonder if you could share your thoughts on the following!!

          1. LDAP sync now is a mandatory element for OIM11G-OID-OAM11G integration.
          Do you think that OID connector is not required if you are using OIM/OID 11g. ? I am not sure could u tell
          Also
          with LDAP sync (OID LDAP sync which can be setup while installation of Oracle Identity Manager) would reconcile users from OID to OIM 11g. also Users created in OIM will always be in sync with OID ? right ?

          2. IF the EBS instance which is integrated with OAM-OID-SSO 11g
          Does it mean that by doing the LDAP SYNC OID-OIM that users created in EBS which is integrated with OID would automatically be synced with OIM or we ‘ve to Use OR
          install the EBS connectors in order to get it integerated with OIM.?

          Thanks!
          Priya

        • Priya
          Sep 9th, 2013 at 20:31 | #7

          Hi,

          Need Your Expert Advise,.

          Just to add more to the above query

          I ‘ve implemented SSO with Oracle EBS R12. as i mentioned that EBS is already integrated with OAM-SSO-OID 11g using Accessgate 11g.

          Also using LDAP sync feature I ‘ve integrated OIM with same OID successfully which is already integrated with EBS & OAM.

          As I wanna use User provisioning & responsibility assignment via OIM

          so Need to Integrate OIM with OAM.

          Could you tell how it could be done.

          After searching many metalink note and Oracle Docs. like http://docs.oracle.com/cd/E23943_01/doc.1111/e15740/oim.htm

          I could NOT find any Solution which is fitting this scanrio.

          ..

          As to Reemphasize the query.

          In Order to integarate OIM with OAM And both the server is already in sync with the Same OID. Irrespective of the authorization information

          so how to Integrate them now i mean in this Scenario ?

          Also The Mute Point is for each Partner application like EBS (Plz assume as of now this is the Only Partner application)

          Do i ‘ve to Install EBS Connectore to get It integrated it with OIM in this Scenario ?

          Really Appreciate the Response.

          Thanks & Regards
          Priya

          • Priya
            Sep 12th, 2013 at 14:45 | #8

            Hi Tushar,

            Hope you are doing good,

            I would consider myself lukcy if i could get your Expert technical input in resolving the OAM integration Issue with OIM 11g.

            I am having minimum understanding of Oracle Identity manager. And seeking your Expert
            Guidence and suggestions on the following. Greatly Appreciate the help !

            Here is the Brief !

            I want to enable SSO, Self Service Password Management including Forgot Password
            and also User provisioning & responsibility assignment via Identity management.

            For that so far I ‘ve integrated EBS with OAM-OID-Webgate 11g or rather implented SSO with EBS. And it’s working fine.

            After that Installed & configured OIM 11g with SOA and integrated it with OID, with ldap sync!

            Now The User that is created in EBS is getting reflected in OIM also using ldap role create and update full reconciliation schedule job
            I ‘ve reconcile EBS-OID users into OIM.

            as without EBS connectors the provisioning of EBS Responsibility (entitlements) is not possible via OIM.
            in order to Install the EBS Connectors .. need to Integrate OAM with OIM,

            I am Not sure How to Integrate OAM with OIM after EBS R12 integration with OAM-OID 11g using webgate !
            so how to Integrate them now i mean in this Scenario ?

            There are 2 servers One is having EBS R12 and the Other server is having all IDM component. i.e OAM,OID,OIM etc.
            installed on it.

            There are 2 Issues that am struggling with for the last few weeks.

            1. when oam server & webgate managed servers are started or running The oim url i.e http://oracle.com:14000/oim becomes inaccessible
            as instead it shows oamconsole url. as then am not able to loggin with xelsysadm user. And if the oam & webgate server are shutdown
            than Only it gets accessible. & Works fine. Not sure why (Perhaps it has something to do with httpd.conf and mod_wl_ohs.conf entries )

            2. Unable to Integrate OAM with OIM. (As this is turning out to be Herculean task for me)

            I am getting this error in the automation.log when running
            idmConfigTool –configOAM input_file=propertiesFile

            FINER: Invoking mbean
            Sep 12, 2013 12:59:26 AM oracle.idm.automation.impl.
            oam.handlers.OAM11gIntegrationHandler configOAM11gFAProperties
            SEVERE: Error while configuring OAM properties
            Sep 12, 2013 12:59:26 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gFAProperties
            FINER: RETURN
            Sep 12, 2013 12:59:26 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAM11gIdStore
            FINER: ENTRY
            Sep 12, 2013 12:59:26 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOIMIntegration
            FINER: Creating mbean connection
            Sep 12, 2013 12:59:26 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOIMIntegration
            FINER: Created mbean connection
            Sep 12, 2013 12:59:26 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler getFoundationConfigMBean
            FINER: ENTRY
            Sep 12, 2013 12:59:26 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler getFoundationConfigMBean
            FINER: RETURN com.oracle.oam:Location=AdminServer,name=OamManagement,type=oam.management,Application=oam_admin,ApplicationVersion=11.1.1.3.0
            Sep 12, 2013 12:59:26 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOIMIntegration
            FINER: Invoking mbean
            Sep 12, 2013 12:59:27 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAMPartner
            SEVERE: Error while configuring User ID Store {1}
            Sep 12, 2013 12:59:27 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOAMIntegration
            FINER: mbean invocation success.
            Sep 12, 2013 12:59:27 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler configOIMIntegration()
            FINER: RETURN
            Sep 12, 2013 12:59:27 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler createDumpParams
            FINE: OAM11gIntegrationHandler : createDumpParams()
            Sep 12, 2013 12:59:27 AM oracle.idm.automation.impl.oam.handlers.OAM11gIntegrationHandler execute

            Please see the contents of the propetriesFile

            WLSHOST: idm.oracle.com
            WLSPORT: 7001
            WLSADMIN: weblogic
            IDSTORE_HOST: idm.oracle.com
            IDSTORE_PORT: 3060
            IDSTORE_DIRECTORYTYPE:OID
            IDSTORE_BINDDN: cn=orcladmin
            IDSTORE_USERNAMEATTRIBUTE: cn
            IDSTORE_USERSEARCHBASE: cn=Users,dc=oracle,dc=com
            IDSTORE_SEARCHBASE: dc=oracle,dc=com
            IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=oracle,dc=com
            IDSTORE_OAMSOFTWAREUSER: oamadmin
            IDSTORE_OAMADMINUSER: oamadmin
            PRIMARY_OAM_SERVERS: idm.oracle.com:5575
            WEBGATE_TYPE: ohsWebgate11g
            ACCESS_GATE_ID: prdr12_agent
            COOKIE_DOMAIN: .idm.oracle.com
            OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
            OAM_TRANSFER_MODE: OPEN
            OAM11G_SSO_ONLY_FLAG: true
            OAM11G_OIM_INTEGRATION_REQ: true
            OAM11G_OIM_OHS_URL:http://idm.oracle.com:7777/ebsauth_prdr12/ssologin
            COOKIE_EXPIRY_INTERVAL: 120
            ~

            Could you please suggest what am missing here and in the entire processes.

            Thanks!

  4. SvenL
    Apr 4th, 2013 at 09:04 | #9

    Hi,
    Tnx for a great FA install insight.
    I’m trying to provision FA following the 11.1.5 ORATB description pretty much to the letter. On the last last step “restart web service” after installing and patching Webgate I get “Error 404–Not Found” for all URL:s registered in OAM. Running OHS with Webgate disabled works fine. My Farm_IDMDomain is a 100% up and running. Any ideas?
    Brgds
    /SvenL

    • Ram
      Apr 17th, 2013 at 09:12 | #10

      Hi SvenL,

      I encounter the same problem. After after installing and patching Webgate I also got: Error 404–Not Found.

      When i comment out in httpd.conf:

      include “/apps/fusion/config/instances/web1/config/OHS/ohs1/webgate.conf”

      Everything works ok then.
      Did you solve this issue?

      Regards,
      Ram

      • tushar
        Apr 30th, 2013 at 09:46 | #11

        Dear all,

        The issue is because of missing OAM alias from admin.conf file. I have updated the “configure Identity and Access management components” page to reflect the missing entries. Please accept my apologies.

        Regards
        Tushar

      • Sven Lidén
        Apr 30th, 2013 at 12:18 | #12

        Hi Ram,

        I fixed the 404 issue a while back.

        My remaining issues are:
        – When I enable Webgate when e.g. performing WLS login it seems to work through the agent but I’m not initially redirected to the OAM login page (i.e. I’m login on to the WLS Console with the standard WLS interface).
        – When logging off my active session cookie is not removed.

        Rgds
        /Sven

      • Ram
        May 5th, 2013 at 20:37 | #13

        Tushar, Sven,

        FYI,

        I ‘ve added the missing OAM alias in admin.conf. And everything looks ok now.

        Thanks.
        Ram

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>