3 Installing and Configuring the Oracle Access Management Software
- Installing the Oracle Access Management Software
Follow the steps in this section to install the Oracle Access Management software. - Configuring the Oracle Access Management Domain
After you have installed Oracle Access Management, you can configure the domain, which you can also extend for high availability.
Installing the Oracle Access Management Software
Note:
If you are using both Oracle Access Management and Oracle Identity Governance then you must install them in separateORACLE_HOMEs
.
The only supported method of installation for Oracle Access Management 14c (14.1.2.1.0) is the traditional method, where you individually install Oracle Fusion Middleware Infrastructure and then install Oracle Access Management.
Dependant Software for Oracle Access Management:
-
Oracle Fusion Middleware Infrastructure 14c (14.1.2.0.0)
For information about installing Oracle Fusion Middleware Infrastructure 14c (14.1.2.0.0), see Installing the Infrastructure Software in Installing and Configuring the Oracle Fusion Middleware Infrastructure.
For information about supported installation methods, see About Supported Installation Methods.
- Verifying the Installation and Configuration Checklist
The installation and configuration process requires specific information. - Starting the Installation Program
Before running the installation program, you must verify the JDK and prerequisite software is installed. - Navigating the Installation Screens
The installer shows a series of screens where you verify or enter information. - Verifying the Installation
After you complete the installation, verify whether it was successful by completing a series of tasks.
Verifying the Installation and Configuration Checklist
The installation and configuration process requires specific information.
Note:
This installation requires a minimum of 32GB memory and 2 core CPU machine.
Table 3-1 Installation and Configuration Checklist
Information | Example Value | Description |
---|---|---|
|
|
Environment variable that points to the Java JDK home directory. |
Database host |
|
Name and domain of the host where the database is running. |
Database port |
|
Port number that the database listens on. The
default Oracle database listen port is
|
Database service name |
|
Oracle databases require a unique service name. The
default service name is |
DBA username |
|
Name of user with database administration privileges.
The default DBA user on Oracle databases is
|
DBA password |
|
Password of the user with database administration privileges. |
|
|
Directory in which you will install your software. This directory will include Oracle Fusion Middleware Infrastructure and Oracle Access Management, as needed. |
WebLogic Server hostname |
|
Host name for Oracle WebLogic Server and Oracle Access Management consoles. |
Console port |
|
Port for Oracle WebLogic Server and Oracle Access Management consoles. |
|
|
Location in which your domain data is stored. |
|
|
Location in which your application data is stored. |
Administrator user name for your WebLogic domain |
|
Name of the user with Oracle WebLogic Server administration privileges. The default
administrator user is |
Administrator user password |
|
Password of the user with Oracle WebLogic Server administration privileges. |
RCU |
|
Path to the Repository Creation Utility (RCU). |
RCU schema prefix |
|
Prefix for names of database schemas used by Oracle Access Management. |
RCU schema password |
|
Password for the database schemas used by Oracle Access Management. |
Configuration utility |
|
Path to the Configuration Wizard for domain creation and configuration. |
Parent topic: Installing the Oracle Access Management Software
Starting the Installation Program
Before running the installation program, you must verify the JDK and prerequisite software is installed.
To start the installation program:
- Sign in to the host system.
- Change to the directory where you downloaded the installation program.
- You must have installed the Oracle Fusion Middleware Infrastructure 14c (14.1.2.0.0). For instructions, see Installing the Infrastructure Software in Installing and Configuring the Oracle Fusion Middleware Infrastructure.
- Start the installation program by running the
java
executable from the JDK directory.-
On UNIX operating systems:
/home/Oracle/Java/jdk17.0.12/bin/java -jar
fmw_14.1.2.1.0_idm.jar
- On Windows:
C:\home\Oracle\Java\jdk17.0.12\bin\java -jar
fmw_14.1.2.1.0_idm.jar
-
Note:
You can also start the installer in silent mode using a saved response file instead of launching the installer screens. For more about silent or command line installation, see Using the Oracle Universal Installer in Silent Mode in Installing Software with the Oracle Universal Installer.
When the installation program appears, you are ready to begin the installation.
Parent topic: Installing the Oracle Access Management Software
Navigating the Installation Screens
The installer shows a series of screens where you verify or enter information.
Table 4-4 lists the order in which installer screens appear. If you need additional help with an installation screen, click Help.
Table 3-2 Install Screens
Screen | Description |
---|---|
Installation Inventory Setup |
On Linux or Unix operating systems, this screen opens if this is the first time you are installing any Oracle product on this host. Specify the location where you want to create your central inventory. Make sure that the operating system group name selected on this screen has write permissions to the central inventory location. See About the Oracle Central Inventory in Installing Software with the Oracle Universal Installer. This screen does not appear on Windows operating systems. |
Welcome |
Review the information to make sure that you have met all the prerequisites, then click Next. |
Auto Updates |
Select to skip automatic updates, select patches, or search for the latest software updates, including important security updates, through your My Oracle Support account. |
Installation Location |
Specify your Oracle home directory location. This Oracle home must include Oracle Fusion Middleware Infrastructure 14c (14.1.2.0.0) You can click View to verify and ensure that you are installing in the correct Oracle home. Note: Ensure that the Oracle Home path does not contain space. |
Installation Type |
Use the Collocated Installation Type. Collocated mode is a type of installation that is managed through WebLogic Server. To install in collocated mode, you must have installed the required dependant softwares. |
JDK Selection |
Note: This screen appears for certain distributions only. Use this screen to select the JDK to use for this installation. Refer to the Oracle Fusion Middleware Supported System Configurations information on the Oracle Technology Network (OTN) to verify that the JDK you are using is supported. |
Prerequisite Checks |
This screen verifies that your system meets the minimum necessary requirements. To view the list of tasks that gets verified, select View Successful Tasks. To view log details, select View Log. If any prerequisite check fails, then an error message appears at the bottom of the screen. Fix the error and click Rerun to try again. To ignore the error or the warning message and continue with the installation, click Skip (not recommended). |
Installation Summary |
Use this screen to verify installation options you selected. If you want to save these options to a response file, click Save Response File and enter the response file location and name. The response file collects and stores all the information that you have entered, and enables you to perform a silent installation (from the command line) at a later time. Click Install to begin the installation. |
Installation Progress |
This screen shows the installation progress. When the progress bar reaches 100% complete, click Finish to dismiss the installer, or click Next to see a summary. |
Installation Complete |
This screen displays the Installation Location and the Feature Sets that are installed. Review this information and click Finish to close the installer. |
Parent topic: Installing the Oracle Access Management Software
Verifying the Installation
After you complete the installation, verify whether it was successful by completing a series of tasks.
- Reviewing the Installation Log Files
Review the contents of the installation log files to make sure that the installer did not encounter any problems. - Checking the Directory Structure
The contents of your installation vary based on the options that you selected during the installation. - Viewing the Contents of the Oracle Home
You can view the contents of the Oracle home directory by using theviewInventory
script.
Parent topic: Installing the Oracle Access Management Software
Reviewing the Installation Log Files
Review the contents of the installation log files to make sure that the installer did not encounter any problems.
By default, the installer writes logs files to the Oracle_Inventory_Location/logs
(on UNIX operating systems) or Oracle_Inventory_Location\logs
(on Windows operating systems) directory.
For a description of the log files and where to find them, see Installation Log Files in Installing Software with the Oracle Universal Installer.
Parent topic: Verifying the Installation
Checking the Directory Structure
The contents of your installation vary based on the options that you selected during the installation.
See What Are the Key Oracle Fusion Middleware Directories? in Understanding Oracle Fusion Middleware.
Parent topic: Verifying the Installation
Viewing the Contents of the Oracle Home
You can view the contents of the Oracle home directory by using the viewInventory
script.
See Viewing the Contents of an Oracle Home in Installing Software with the Oracle Universal Installer.
Parent topic: Verifying the Installation
Configuring the Oracle Access Management Domain
After you have installed Oracle Access Management, you can configure the domain, which you can also extend for high availability.
Refer to the following sections to create the database schemas, configure a WebLogic domain, and verify the configuration:
- Creating the Database Schemas
Before you can configure a domain, you must install required schemas on a certified database for use with this release of Oracle Fusion Middleware. - Configuring the Domain
Use the Configuration Wizard to create and configure a domain. - Starting the Servers
After a successful configuration, start all processes and servers, including the Administration Server and any Managed Servers. - Verifying the Configuration
After completing all configuration steps, you can perform additional steps to verify that your domain is properly configured. - Setting the Memory Parameters for OAM Domain (Optional)
If the initial startup parameter in Oracle Access Management domain, which defines the memory usage, is insufficient, you can increase the value of this parameter. - Troubleshooting
This section lists the common issues encountered while configuring Oracle Access Management and their workarounds.
Creating the Database Schemas
Before you can configure a domain, you must install required schemas on a certified database for use with this release of Oracle Fusion Middleware.
Note:
As of Oracle Fusion Middleware 14c (14.1.2.1.0), new schemas are created with editions-based redefinition (EBR) views enabled by default. Oracle Identity and Access Management schemas do not support EBR, therefore, in order to use the EBR functionality with your non-OAM schemas, you will have to run the RCU twice.
When EBR is enabled, the schema objects can be upgraded online to a future Fusion Middleware release without any downtime. For more information about using editions-based redefinition, see Using Edition-based Redefinition.
- Installing and Configuring a Certified Database
Before you create the database schemas, you must install and configure a certified database, and verify that the database is up and running. - Starting the Repository Creation Utility
Start the Repository Creation Utility (RCU) after you verify that a certified JDK is installed on your system. - Navigating the Repository Creation Utility Screens to Create Schemas
Enter required information in the RCU screens to create the database schemas.
Parent topic: Configuring the Oracle Access Management Domain
Installing and Configuring a Certified Database
Before you create the database schemas, you must install and configure a certified database, and verify that the database is up and running.
Note:
For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), you must modify the wallet settings and set the environment variables as described in Settings to connect to Autonomous Transaction Processing Database, and apply patches on ORACLE HOME
as described in Applying Patches on ORACLE HOME.
See About Database Requirements for an Oracle Fusion Middleware Installation.
Parent topic: Creating the Database Schemas
Starting the Repository Creation Utility
Start the Repository Creation Utility (RCU) after you verify that a certified JDK is installed on your system.
To start the RCU:
Parent topic: Creating the Database Schemas
Navigating the Repository Creation Utility Screens to Create Schemas
Enter required information in the RCU screens to create the database schemas.
- Introducing the RCU
The Welcome screen is the first screen that appears when you start the RCU. - Selecting a Method of Schema Creation
Use the Create Repository screen to select a method to create and load component schemas into the database. - Providing Database Connection Details
On the Database Connection Details screen, provide the database connection details for the RCU to connect to your database. - Specifying a Custom Prefix and Selecting Schemas
- Specifying Schema Passwords
On the Schema Passwords screen, specify how you want to set the schema passwords on your database, then enter and confirm your passwords. - Completing Schema Creation
Navigate through the remaining RCU screens to complete schema creation.
Parent topic: Creating the Database Schemas
Introducing the RCU
The Welcome screen is the first screen that appears when you start the RCU.
Click Next.
Selecting a Method of Schema Creation
Use the Create Repository screen to select a method to create and load component schemas into the database.
-
If you have the necessary permissions and privileges to perform DBA activities on your database, select System Load and Product Load. This procedure assumes that you have SYSDBA privileges.
-
If you do not have the necessary permissions or privileges to perform DBA activities in the database, you must select Prepare Scripts for System Load on this screen. This option generates a SQL script that you can give to your database administrator. See About System Load and Product Load in Creating Schemas with the Repository Creation Utility.
-
If the DBA has already run the SQL script for System Load, select Perform Product Load.
Note:
For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), you must create schemas as a
Normal
user, and though, you do not have full SYS or SYSDBA privileges on the database, you must select System Load and Product Load.
Providing Database Connection Details
On the Database Connection Details screen, provide the database connection details for the RCU to connect to your database.
To provide the database connection details:
For information about specifying connection credentials when connecting to an Oracle database, see Connection Credentials for Oracle Databases and Oracle Databases with Edition-Based Redefinition.
Specifying a Custom Prefix and Selecting Schemas
Select Create new prefix, specify a custom prefix, then expand IDM Schemas and select the Oracle Access Manager schema. This action automatically selects the following schemas as dependencies:
-
Common Infrastructure Services (STB)
-
Oracle Platform Security Services (OPSS)
-
Audit Services (IAU)
-
Audit Services Append (IAU_Append)
-
Audit Services Viewer (IAU_Viewer)
-
Metadata Services (MDS)
-
WebLogic Services (WLS)
The schema Common Infrastructure Services (STB) is automatically created. This schema is dimmed; you cannot select or deselect it. This schema enables you to retrieve information from RCU during domain configuration. For more information, see "Understanding the Service Table Schema" in Creating Schemas with the Repository Creation Utility.
Note:
You must invoke RCU twice. When you invoke RCU the first time select Database type as Oracle Database enabled for edition-based redefinition and load the EBR dependent components (STB, OPSS, IAU, IAU_Append, IAU_Viewer, MDS and WLS). When you invoke RCU the second time, select Database type as Oracle Database, provide the prefix used the first time, and select Oracle Access Manager only.The custom prefix is used to logically group these schemas together for use in this domain only; you must create a unique set of schemas for each domain. Schema sharing across domains is not supported.
Tip:
For more information about custom prefixes, see "Understanding Custom Prefixes" in Creating Schemas with the Repository Creation Utility.
For more information about how to organize your schemas in a multi-domain environment, see "Planning Your Schema Creation" in Creating Schemas with the Repository Creation Utility.
Tip:
You must make a note of the custom prefix you choose to enter here; you will need this later on during the domain creation process.
Click Next to proceed, then click OK on the dialog window confirming that prerequisite checking for schema creation was successful.
Specifying Schema Passwords
On the Schema Passwords screen, specify how you want to set the schema passwords on your database, then enter and confirm your passwords.
Note:
For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), the schema password must be minimum 12 characters, and must contain at least one uppercase, one lower case, and one number.
You must make a note of the passwords you set on this screen; you will need them later on during the domain creation process.
Click Next.
Completing Schema Creation
Navigate through the remaining RCU screens to complete schema creation.
On the Map Tablespaces screen, the Encrypt Tablespace check box appears only if you enabled Transparent Data Encryption (TDE) in the database (Oracle or Oracle EBR) when you start the RCU.
To complete schema creation:Configuring the Domain
Use the Configuration Wizard to create and configure a domain.
For information on other methods to create domains, see Additional Tools for Creating, Extending, and Managing WebLogic Domains in Creating WebLogic Domains Using the Configuration Wizard.
- Starting the Configuration Wizard
Start the Configuration Wizard to begin configuring a domain. - Navigating the Configuration Wizard Screens to Create and Configure the Domain
Enter required information in the Configuration Wizard screens to create and configure the domain for the topology. - Updating the System Properties for SSL Enabled Servers
For SSL enabled servers, you must set the required properties in thesetDomainEnv
file in the domain home.
Parent topic: Configuring the Oracle Access Management Domain
Starting the Configuration Wizard
Start the Configuration Wizard to begin configuring a domain.
Note:
For an Autonomous Transaction Processing Shared (ATP-S) database, before you start the Configuration Wizard, you must set the TNS_ADMIN
property using the following command:
export
TNS_ADMIN=/<$ORACLE_HOME>/network/admin
.
You must change $ORACLE_HOME
to your Oracle
Home location. For example: export
TNS_ADMIN=/users/test/network/admin
Where, /users/test/
is the Oracle Home
location.
To start the Configuration Wizard:
Parent topic: Configuring the Domain
Navigating the Configuration Wizard Screens to Create and Configure the Domain
Enter required information in the Configuration Wizard screens to create and configure the domain for the topology.
Note:
You can use this procedure to extend an existing domain. If your needs do not match the instructions in the procedure, be sure to make your selections accordingly, or see the supporting documentation for more details.
- Selecting the Domain Type and Domain Home Location
Use the Configuration Type screen to select a Domain home directory location, optimally outside the Oracle home directory. - Selecting the Configuration Templates for Oracle Access Management
- Selecting the Application Home Location
Use the Application Location screen to select the location to store applications associated with your domain, also known as the Application home directory. - Configuring the Administrator Account
Use the Administrator Account screen to specify the username and password for the default WebLogic Administrator account for the domain. - Specifying the Domain Mode and JDK
Use the Domain Mode and JDK screen to specify the domain mode and Java Development Kit (JDK) for your production environment. - Specifying the Database Configuration Type
Use the Database Configuration type screen to specify details about the database and database schema. - Specifying JDBC Component Schema Information
Use the JDBC Component Schema screen to verify or specify details about the database schemas. - Testing the JDBC Connections
Use the JDBC Component Schema Test screen to test the data source connections. - Selecting Advanced Configuration
Use the Advanced Configuration screen to complete the domain configuration. - Configuring the Administration Server Listen Address
Use the Administration Server screen to select the Listen Address and configure the Administration Server ports. - Configuring Node Manager
Use the Node Manager screen to select the type of Node Manager you want to configure, along with the Node Manager credentials. - Configuring Managed Servers for Oracle Access Management
- Configuring a Cluster for Oracle Access Management
Use the Clusters screen to create a new cluster. - Defining Server Templates
If you are creating dynamic clusters for a high availability setup, use the Server Templates screen to define one or more server templates for the domain. - Configuring Dynamic Servers
You can skip this screen for Oracle Access Management configuration. - Assigning Oracle Access Management Managed Servers to the Cluster
If you are configuring a non-clustered setup, click Next and go to next screen. Use the Assign Servers to Clusters screen to assign Managed Servers to a new configured cluster. A configured cluster is a cluster you configure manually. You do not use this screen if you are configuring a dynamic cluster, a cluster that contains one or more generated server instances that are based on a server template. - Configuring Coherence Clusters
Use the Coherence Clusters screen to configure the Coherence cluster. - Creating a New Oracle Access Management Machine
Use the Machines screen to create new machines in the domain. A machine is required so that Node Manager can start and stop servers. - Assigning Servers to Oracle Access Management Machines
Use the Assign Servers to Machines screen to assign the Administration Server and Managed Servers to the new machine you just created. - Virtual Targets
You can skip this screen for Oracle Access Management configuration. - Partitions
The Partitions screen is used to configure partitions for virtual targets in WebLogic Server Multitenant (MT) environments. Select Next without selecting any options. - Configuring Domain Frontend Host
The Domain Frontend Host screen can be used to configure the frontend host for the domain. - Targeting the Deployments
The Deployments Targeting screen can be used to target the available deployments to the servers. - Targeting the Services
The Services Targeting screen can be used to target the available services to the Servers. - Reviewing Your Configuration Specifications and Configuring the Domain
The Configuration Summary screen shows detailed configuration information for the domain you are about to create. - Writing Down Your Domain Home and Administration Server URL
The End of Configuration screen shows information about the domain you just configured.
Parent topic: Configuring the Domain
Selecting the Domain Type and Domain Home Location
Use the Configuration Type screen to select a Domain home directory location, optimally outside the Oracle home directory.
Note:
Use different domain_homes for Oracle Access Management and Oracle Identity Governance.To specify the Domain type and Domain home directory:
- On the Configuration Type screen, select Create a new domain.
- In the Domain Location field, specify your Domain home directory.
For more details about this screen, see Configuration Type in Creating WebLogic Domains Using the Configuration Wizard.
Selecting the Configuration Templates for Oracle Access Management
On the Templates screen, make sure Create Domain Using Product Templates is selected, then select the template Oracle Access Management Suite - 14.1.2.1.0 [idm].
Selecting this template automatically selects the following as dependencies:
-
Oracle Enterprise Manager - 14.1.2.0.0 [em]
-
Oracle JRF - 14.1.2.0.0 [oracle_common]
-
WebLogic Coherence Cluster Extension - 14.1.2.0.0 [wlsserver]
Note:
The basic WebLogic domain is pre-selected.More information about the options on this screen can be found in Templates in Creating WebLogic Domains Using the Configuration Wizard.
Selecting the Application Home Location
Use the Application Location screen to select the location to store applications associated with your domain, also known as the Application home directory.
Oracle recommends that you locate your Application home in accordance with the directory structure in What Are the Key Oracle Fusion Middleware Directories? in Understanding Oracle Fusion Middleware, where the Application home is located outside the Oracle home directory. This directory structure helps avoid issues when you need to upgrade or re-install your software.
For more about the Application home directory, see About the Application Home Directory.
For more information about this screen, see Application Location in Creating WebLogic Domains Using the Configuration Wizard.
Configuring the Administrator Account
Use the Administrator Account screen to specify the username and password for the default WebLogic Administrator account for the domain.
Oracle recommends that you make a note of the username and password that you enter on this screen; you need these credentials later to boot and connect to the domain's Administration Server.
Specifying the Domain Mode and JDK
Use the Domain Mode and JDK screen to specify the domain mode and Java Development Kit (JDK) for your production environment.
On the Domain Mode and JDK screen:
-
Select Production in the Domain Mode field.
-
Disable secured mode for the domain by selecting the Disable Secure Mode check-box.
-
Select the Oracle HotSpot JDK in the JDK field.
Specifying the Database Configuration Type
Use the Database Configuration type screen to specify details about the database and database schema.
On the Database Configuration type screen, select RCU Data. This option instructs the Configuration Wizard to connect to the database and Service Table (STB) schema to automatically retrieve schema information for schemas needed to configure the domain.
Note:
If you select Manual Configuration on this screen, you must manually fill in parameters for your schema on the next screen.
For an Autonomous Transaction Processing database, (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), you must select only the RCU Data option.
After selecting RCU Data, specify details in the following fields:
Field | Description |
---|---|
Host Name |
Enter the name of the server hosting the database. Example:
|
DBMS/Service |
Enter the database DBMS name, or service name if you selected a service type driver. Example: |
Port |
Enter the port number on which the database listens. Example: |
Schema Owner Schema Password |
Enter the username and password for connecting to the database's Service Table schema. This is the schema username and password entered for the Service Table component on the Schema Passwords screen in the RCU (see Specifying Schema Passwords). The default username is
|
For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), specify the connection credentials using only the Connection URL String option, and enter the connect string in the following format described in Connection Credentials for an Autonomous Transaction Processing Database.
Click Get RCU Configuration when you finish specifying the database connection information. The following output in the Connection Result Log indicates that the operation succeeded:
Connecting to the database server...OK Retrieving schema data from database server...OK Binding local schema components with retrieved data...OK Successfully Done.
For more information about the schema installed when the RCU is run, see About the Service Table Schema in Creating Schemas with the Repository Creation Utility.
See Database Configuration Type in Creating WebLogic Domains Using the Configuration Wizard .
Specifying JDBC Component Schema Information
Use the JDBC Component Schema screen to verify or specify details about the database schemas.
Note:
If you create schemas as a user with limited privileges and select RCU Data, you must manually replace the auto-populated values for Oracle Access Manager (OAM) and Oracle WebLogic Server only.For Oracle WebLogic Server, ensure that you use the same schema prefix that you specified when you created schemas for components that support EBR and those that do not. For more information, see Creating Schemas for Oracle Access Manager As a User with Limited Database Privileges.
For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing Shared (ATP-S)), specify the connection credentials using only the Connection URL String option, and enter the connect string in the following format:
@TNS_alias?TNS_ADMIN=<path of the wallet files, ojdbc.properties, and tnsnames.ora>
In the connect string, you must pass TNS_alias
as the
database service name found in tnsnames.ora
, and
TNS_ADMIN
property to the location of the wallet files,
ojdbc.properties
, and tnsnames.ora
.
Example connect string for Autonomous Transaction Processing-Dedicated (ATP-D) database:
@dbname_tp?TNS_ADMIN=/users/test/wallet_dbname/
Example connect string for Autonomous Transaction Processing Shared (ATP-S) database:
@dbname_tp?TNS_ADMIN=/users/test/wallet_dbname/
For high availability environments, see the following sections in High Availability Guide for additional information on configuring data sources for Oracle RAC databases:
See JDBC Component Schema in Creating WebLogic Domains Using the Configuration Wizard for more details about this screen.
Testing the JDBC Connections
Use the JDBC Component Schema Test screen to test the data source connections.
A green check mark in the Status column indicates a successful test. If you encounter any issues, see the error message in the Connection Result Log section of the screen, fix the problem, then try to test the connection again.
By default, the schema password for each schema component is the password you specified while creating your schemas.
For more information about this screen, see JDBC Component Schema Test in Creating WebLogic Domains Using the Configuration Wizard.
Selecting Advanced Configuration
Use the Advanced Configuration screen to complete the domain configuration.
On the Advanced Configuration screen, select:
-
Administration Server
Required to properly configure the listen address of the Administration Server.
-
Node Manager
Required to configure Node Manager.
-
Topology
Required to configure the Oracle Access Management Managed Server.
Optionally, select other available options as required for your desired installation environment. The steps in this guide describe a standard installation topology, but you may choose to follow a different path. If your installation requirements extend to additional options outside the scope of this guide, you may be presented with additional screens to configure those options. For information about all Configuration Wizard screens, see Configuration Wizard Screens in Creating WebLogic Domains Using the Configuration Wizard.
Configuring the Administration Server Listen Address
Use the Administration Server screen to select the Listen Address and configure the Administration Server ports.
Note:
The default port values will vary depening on how you conifigured your domain. The Enable SSL Listen Port is enabled by default, but the default values may change. For a list of default values, see Port Numbers by Product and Component.
- Provide a name for the Administration Server. The name field must not be null or empty and cannot contain any special characters.
- Select the drop-down list next to Listen Address and select the IP
address of the host where the Administration Server will reside or use the system name or
DNS name that maps to a single IP address. Do not use
All Local Addresses
. - Verify the port settings. When the domain type is set to Production, then
the Enable SSL Listen Port option is enabled by default. Do not specify any
server groups for the Administration Server.
Note:
You can change the port values as needed, but they must be unique. If the same port numbers are used for different ports, you will not be able to navigate to the next step in the Configuration Wizard.
For more information, see Specifying the Listen Address in Creating WebLogic Domains Using the Configuration Wizard.
Configuring Node Manager
Use the Node Manager screen to select the type of Node Manager you want to configure, along with the Node Manager credentials.
Select Per Domain Default Location as the Node Manager type, then specify Node Manager credentials.
For more information about this screen, see Node Manager in Creating WebLogic Domains Using the Configuration Wizard.
For more information about Node Manager types, see About Node Manager in Administering Node Manager for Oracle WebLogic Server.
Configuring Managed Servers for Oracle Access Management
On the Managed Servers screen, the new Managed Servers named oam_server_1
and oam_policy_mgr1
are displayed:
These server names and will be referenced throughout this document; if you choose different names be sure to replace them as needed.
Tip:
More information about the options on this screen can be found in Managed Servers in Creating WebLogic Domains Using the Configuration Wizard.
Configuring a Cluster for Oracle Access Management
Use the Clusters screen to create a new cluster.
Note:
If you are configuring a non-clustered setup on a single node, skip this screen.On the Clusters screen:
By default, server instances in a cluster communicate with one another using unicast. If you want to change your cluster communications to use multicast, see Considerations for Choosing Unicast or Multicast in Administering Clusters for Oracle WebLogic Server.
You can also create clusters using Fusion Middleware Control. In this case, you can configure cluster communication (unicast or multicast) when you create the new cluster. See Create and configure clusters in Oracle WebLogic Server Administration Console Online Help.
For more information about this screen, see Clusters in Creating WebLogic Domains Using the Configuration Wizard.
Defining Server Templates
If you are creating dynamic clusters for a high availability setup, use the Server Templates screen to define one or more server templates for the domain.
Note:
The default port values will vary depening on how you conifigured your domain. The Enable SSL Listen Port is enabled by default, but the default values may change. For a list of default values, see Port Numbers by Product and Component.
- Click Add to create
new_ServerTemplate_1
. The server template name will increment automatically when an additional server template is added (new_ServerTemplate_2
). - For Secure Production Mode, verify that the
Enable SSL Port option is selected. The
default SSL Listen Port does not increment automatically
when a new server template is added. You can change the
default to Enable Listen Port, but Oracle recommends that
retain the default to enable SSL. Enabling Listen Port
disables SSL Listen Port.
Note:
You can change the port values as needed using an integer in the range of 1 and 65535, but they must be unique. If the same port numbers are used for different ports, you will receive a port conflict error and you will not be able to start the server.
- The Administration Port does not increment when an
additional server template is added.
Note:
If the Listen ports are disabled, then instead of seeing a number you will see
Disabled
.
For steps to create a dynamic cluster for a high availability setup, see Using Dynamic Clusters in High Availability Guide.
Configuring Dynamic Servers
You can skip this screen for Oracle Access Management configuration.
Assigning Oracle Access Management Managed Servers to the Cluster
If you are configuring a non-clustered setup, click Next and go to next screen. Use the Assign Servers to Clusters screen to assign Managed Servers to a new configured cluster. A configured cluster is a cluster you configure manually. You do not use this screen if you are configuring a dynamic cluster, a cluster that contains one or more generated server instances that are based on a server template.
For more information on configured cluster and dynamic cluster terms, see About Dynamic Clusters in Understanding Oracle WebLogic Server.
On the Assign Servers to Clusters screen:
For more information about this screen, see Assign Servers to Clusters in Creating WebLogic Domains Using the Configuration Wizard.
Configuring Coherence Clusters
Use the Coherence Clusters screen to configure the Coherence cluster.
Leave the default port number as the Coherence cluster listen port. After configuration, the Coherence cluster is automatically added to the domain.
Note:
Setting the unicast listen port to 0
creates an offset for the Managed Server port numbers. The offset is 5000
, meaning the maximum allowed value that you can assign to a Managed Server port number is 60535
, instead of 65535
.
For Coherence licensing information, see Oracle Coherence Products in Licensing Information.
Creating a New Oracle Access Management Machine
Use the Machines screen to create new machines in the domain. A machine is required so that Node Manager can start and stop servers.
If you plan to create a high availability environment and know the list of machines your target topology requires, you can follow the instructions in this section to create all the machines at this time. For more about scale out steps, see Optional Scale Out Procedure in High Availability Guide.
Note:
If you are extending an existing domain, you can assign servers to any existing machine. It is not necessary to create a new machine unless your situation requires it.
For more information about this screen, see Machines in Creating WebLogic Domains Using the Configuration Wizard.
Assigning Servers to Oracle Access Management Machines
Use the Assign Servers to Machines screen to assign the Administration Server and Managed Servers to the new machine you just created.
On the Assign Servers to Machines screen:
For more information about this screen, see Assign Servers to Machines in Creating WebLogic Domains Using the Configuration Wizard.
Virtual Targets
You can skip this screen for Oracle Access Management configuration.
Click Next and proceed.
Partitions
The Partitions screen is used to configure partitions for virtual targets in WebLogic Server Multitenant (MT) environments. Select Next without selecting any options.
For details about options on this screen, see Partitions in Creating WebLogic Domains Using the Configuration Wizard.
Configuring Domain Frontend Host
The Domain Frontend Host screen can be used to configure the frontend host for the domain.
Select Plain or SSL and specify the respective host value.
Click Next.
Targeting the Deployments
The Deployments Targeting screen can be used to target the available deployments to the servers.
Targeting the Services
The Services Targeting screen can be used to target the available services to the Servers.
Reviewing Your Configuration Specifications and Configuring the Domain
The Configuration Summary screen shows detailed configuration information for the domain you are about to create.
Review each item on the screen and verify that the information is correct. To make any changes, go back to a screen by clicking the Back button or selecting the screen in the navigation pane. Domain creation does not start until you click Create.
For more details about options on this screen, see Configuration Summary in Creating WebLogic Domains Using the Configuration Wizard.
Writing Down Your Domain Home and Administration Server URL
The End of Configuration screen shows information about the domain you just configured.
Make a note of the following items because you need them later:
-
Domain Location
-
Administration Server URL
You need the domain location to access scripts that start Node Manager and Administration Server, and you need the URL to access the Administration Server.
Click Finish to dismiss the Configuration Wizard.
Updating the System Properties for SSL Enabled Servers
For SSL enabled servers, you must set the required properties in the setDomainEnv
file in the domain home.
DOMAIN_HOME/bin/setDomainEnv.sh
file (for UNIX) or
DOMAIN_HOME\bin\setDomainEnv.cmd
(for Windows), and add
the following properties before you start the servers:
-
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-
-Dweblogic.security.TrustKeyStore=DemoTrust
Parent topic: Configuring the Domain
Starting the Servers
After a successful configuration, start all processes and servers, including the Administration Server and any Managed Servers.
The components may be dependent on each other so they must be started in the correct order.
Note:
The procedures in this section describe how to start servers and processes using the WLST command-line utility or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Remote Console. See Starting and Stopping Administration and Managed Servers and Node Manager.
As of release 14c (14.1.2.0.0), the WebLogic Server Administration Console has been removed. For comparable functionality, you should use the WebLogic Remote Console. For more information, see Oracle WebLogic Remote Console.
To start your Fusion Middleware environment, follow the steps below.
Step 1: Start Node Manager
To start Node Manager, use the startNodeManager
script:
-
(UNIX)
DOMAIN_HOME/bin/startNodeManager.sh
-
(Windows)
DOMAIN_HOME\bin\startNodeManager.cmd
Step 2: Start the Administration Server
Note:
Depending on your existing security settings, you may need to perform additional configuration before you can manage a domain with secured production mode enabled. For more information, see Connecting to the Administration Server using WebLogic Remote Console
.To start the Administration Server, use the
startWebLogic
script:
-
(UNIX)
DOMAIN_HOME/bin/startWebLogic.sh
-
(Windows)
DOMAIN_HOME\bin\startWebLogic.cmd
When you created the domain, if you selected Production Mode on the Domain Mode and JDK screen, a prompt for the Administrator user login credentials is displayed. Provide the same credentials that you provided on the Administrator Account screen.
Note:
For an Autonomous Transaction Processing database (both Autonomous Transaction Processing-Dedicated (ATP-D) and Autonomous Transaction Processing-Dedicated (ATP-S)), a benign error message may be displayed in the Administration Server logs.Example message:
<AdminServer> <[ACTIVE] ExecuteThread: '63' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <>
<16023522-e47f-40f4-a66f-7ea3729188d1-00000064> <1628079696204>
<[severity-value: 8] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] >
<BEA-240003> <Administration Console encountered the following error:
java.lang.NoSuchMethodError:
org.glassfish.jersey.internal.LocalizationMessages.WARNING_PROPERTIES()Ljava/l ang/String; at
org.glassfish.jersey.internal.config.SystemPropertiesConfigurationModel.getProperties(SystemPropertiesConfigurationModel.java:122) at
org.glassfish.jersey.internal.config.SystemPropertiesConfigurationProvider.getProperties(SystemPropertiesConfigurationProvider.java:29) at
org.glassfish.jersey.internal.config.ExternalPropertiesConfigurationFactory.readExternalPropertiesMap(ExternalPropertiesConfigurationFactory.java:55) at
org.glassfish.jersey.internal.config.ExternalPropertiesConfigurationFactory.configure(ExternalPropertiesConfigurationFactory.java:72) at
org.glassfish.jersey.internal.config.ExternalPropertiesConfigurationFeature.configure(ExternalPropertiesConfigurationFeature.java:26) at
org.glassfish.jersey.model.internal.CommonConfig.configureFeatures(CommonConfig.java:730)
This error message does not have any functional impact and can be ignored.
Step 3: Start the Managed Servers
Note:
When using secured production mode, you must provide additional parameters to start the Managed Servers. See Starting Managed Servers using a Start Script in Administering Security for Oracle WebLogic Server.
To start a WebLogic Server Managed Server, use the
startManagedWebLogic
script:
(UNIX) DOMAIN_HOME/bin/startManagedWebLogic.sh managed_server_name admin_url
(Windows) DOMAIN_HOME\bin\startManagedWebLogic.cmd managed_server_name admin_url
When prompted, enter your user name and password. This is the same user name and password which you provided in administrator account screen when creating the domain.
Parent topic: Configuring the Oracle Access Management Domain
Verifying the Configuration
After completing all configuration steps, you can perform additional steps to verify that your domain is properly configured.
You can start using the functionality of Oracle Access Management after you successfully configure it. See Getting Started with Oracle Access Management in Administering Oracle Access Management.
For information about integrating Oracle Access Management with other Identity Management components, see Introduction to IdM Suite Components Integration in Integration Guide for Oracle Identity Management Suite.
For more information about performing additional domain configuration tasks, see Performing Additional Domain Configuration Tasks.
Parent topic: Configuring the Oracle Access Management Domain
Setting the Memory Parameters for OAM Domain (Optional)
If the initial startup parameter in Oracle Access Management domain, which defines the memory usage, is insufficient, you can increase the value of this parameter.
Parent topic: Configuring the Oracle Access Management Domain
Troubleshooting
This section lists the common issues encountered while configuring Oracle Access Management and their workarounds.
Topics
- Authentication Policy Advance Rule Creation Not Working with JDK 21
After installing and configuring an Oracle Access Management domain in 14c (14.1.2.1.0), there is an error when attempting to create Authentication policy with Pre-Authentication rule when using JDK 21. - WADL Generation Does not Show Description
- MDS ReadOnlyStoreException in OAM Policy Manager Diagnostic log
After you configure Oracle Access Management 14c (14.1.2.1.0), when you start the servers, the following exception is seen in the Administration Server and OAM Policy Manager diagnostic logs: - Ignorable Warnings in the Administration Server Logs
After you configure Oracle Access Management 14c (14.1.2.1.0), when you start the Administration Server, the following warning are seen in the Administration Server logs:
Parent topic: Configuring the Oracle Access Management Domain
Authentication Policy Advance Rule Creation Not Working with JDK 21
After installing and configuring an Oracle Access Management domain in 14c (14.1.2.1.0), there is an error when attempting to create Authentication policy with Pre-Authentication rule when using JDK 21.
Issue:
When using the OAM console to apply authentication policies, the following error can be seen in the Admin server logs:
Caused by:
java.lang.ExceptionInInitializerError: Exception java.lang.InternalError:
java.lang.UnsatisfiedLinkError: Can't load library:
/home/reaugust/.cache/org.graalvm.polyglot/engine/libtruffleattach/855be25834bb645ea86aa0d0e83e8f1d55c8d56bb5e7858a90f48bfcf638e541/bin/libtruffleattach.so
[in thread "[ACTIVE] ExecuteThread: '39' for queue: 'weblogic.kernel.Default
(self-tuning)'"]
Cause:
Fails to refresh Graalvm cache when starting Admin and managed servers.
Solution:
1. Stop the OAM Admin and managed server.
2. Delete graalvm cache
"<user_home_directory>/.cache/org.graalvm.polyglot/"
.
3. Restart OAM admin and managed servers.
4. Reapply the authentication policies and save.
Parent topic: Troubleshooting
WADL Generation Does not Show Description
Issue
java.lang.IllegalStateException: ServiceLocatorImpl
is returned. Exception thrown when provider
class org.glassfish.jersey.server.internal.monitoring.MonitoringFeature$StatisticsListener
was processing MonitoringStatistics. Removing provider from further processing.
java.lang.IllegalStateException: ServiceLocatorImpl(__HK2_Generated_6,9,221656053) has been shut down
at org.jvnet.hk2.internal.ServiceLocatorImpl.checkState(ServiceLocatorImpl.java:2393)
http://<Host>:<AdminServerPort>/oam/services/rest/11.1.2.0.0/ssa/policyadmin/application.wadl
http://<Host>:<ManagedServerPort>/iam/access/api/v1/health/application.wadl
Resolution
Restart the Admin server and managed servers to resolve the wadl issue.
Parent topic: Troubleshooting
MDS ReadOnlyStoreException in OAM Policy Manager Diagnostic log
After you configure Oracle Access Management 14c (14.1.2.1.0), when you start the servers, the following exception is seen in the Administration Server and OAM Policy Manager diagnostic logs:
oracle.mds.exception.ReadOnlyStoreException: MDS-01273:
The operation on the resource /oracle/oam/ui/adfm/DataBindings.cpx
failed because source metadata store mapped to the namespace / DEFAULT
is read only.
Parent topic: Troubleshooting
Ignorable Warnings in the Administration Server Logs
After you configure Oracle Access Management 14c (14.1.2.1.0), when you start the Administration Server, the following warning are seen in the Administration Server logs:
<Warning> <oracle.adfinternal.view.faces.renderkit.rich.NavigationPaneRenderer>
<adc2140146> <AdminServer> <[ACTIVE] ExecuteThread: '42' for queue:
'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <b6ba191d-9c3f-44ce-ad9d-64bd7123baf5-000000e3>
<1502889425767> <[severity-value: 16] [rid: 0] [partition-id: 0] [partition-name: DOMAIN] >
<BEA-000000> <Warning: There are no items to render for this level>
####<Aug 16, 2017 6:17:06,241 AM PDT> <Warning> <org.apache.myfaces.trinidad.component.UIXFacesBeanImpl>
This has no impact on the functionality, and therefore you can ignore it.
After installing Oracle Access Management, go to Chapter 5: Next Steps After Configuring the Domain.
Parent topic: Troubleshooting