Automating Oracle IAM Suite 11gR2 PS3 (11.1.2.3.0) Installation in Oracle Linux 7.1 [Article]

Version 6

    The Oracle Identity and Access Management Suite 11gR2 Patchset 3 introduces important new features and improvements to the user interface,  expansion of Oracle's Mobile Security offering, directory virtualization with Oracle Unified Directory, enhanced Privilege Account Management, and automation tools for patching and deploying the IAM Suite among other capabilities. This article describes the steps to use the new Life Cycle Management (LCM) tools to automate the deployment of the Oracle IAM Suite 11g R2 PS3 in Oracle Linux 7.1


     

    By Ricardo Gutierrez-Oracle

     

    Oracle IAM Suite 11gR2 Patchset 3 Overview

     

    This new update introduces important new features and improvements to the user interface that simplify the tasks associated with the provisioning and management of identities within organizations. The new features include: expansion of Oracle's Mobile Security offering, with capabilities for mobile device management; a policy framework to facilitate the provisioning of devices; directory virtualization with Oracle Unified Directory; enhanced Privilege Account Management with windows session recording; and extended automation tools for patching and installing the IAM Suite.

     

    Oracle IAM 11gR2 Patchset 3 can be installed as a new product or applied to existing installations, including:

     

    • 11g Release 2 (11.1.2.0)
    • 11g Release 2 Patchset 1 (11.1.2.1)
    • 11g Release 2 Patchset 2 (11.1.2.2)

     

    Automated Installation using LCM Tools

     

    The Life Cycle Management (LCM) tools are provided to automate the deployment of the IAM Suite; they represent a major step in reducing deployment times and potentially eliminating human errors. The automation capability was introduced in 11.1.2.2.0 and was known as the Deployment Wizard tool.

     

    In 11.1.2.3.0, the LCM tools allow only the installation of single-host scenarios. While this can be seen as limited to proof-of-concept and development deployments, future releases will add capabilities to support multiple hosts, topologies and production environments.

     

    Some of the benefits you will find with the LCM tools are:

     

    • Use of Oracle IAM Deployment Repository, a single software distribution containing all software required to deploy, patch and upgrade the IAM Suite
    • Automatic installing, configuring, deploying, and patching the IAM software
    • Use of the Environment Health Check Utility to verify your system requirements before you deploy and to verify the environment after you deploy
    • Component-by-component upgrading of the environment deployed with the LCM tools, so as to minimize downtime

     

    Here are the supported topologies for a single-host scenario:

     

    • Oracle Identity Manager (OIM) Only[RG1]
    • Oracle Access Manager (OAM) Suite and Oracle Mobile Security Suite (OMSS) Only [RG2]
    • OIM-OAM-OMSS Integrated with Directory

     

    Figures 1, 2 and 3 (below) depict these topologies. This article will focus on describing how to automate the deployment of the OIM-OAM-OMSS Integrated with Directory topology.

     

    01-topo-deploy.jpg

     

    Figure 1. OIM Deployment Topology

     

    02-topo-deploy.jpg

     

    Figure 2. OAM-OMSS Deployment Topology

     

    03-topo-deploy.jpg

     

    Figure 3. OIM-OAM-OMSS Deployment Topology

     

    Roadmap for Automated Deployment

     

     

    Figure 4 shows the roadmap for automated deployment of the IAM Suite using the LCM tools. Note the different steps that can be executed automatically in sequence or manually on a step-by-step basis, using either a graphical or command line interface.

     

    04-lcm-phases.jpg
      Figure 4. Stages for Automated Deployment

     

    Deployment Prerequisites

     

    The following list summarizes the tasks that you will need to do before automating the deployment of the IAM Suite:

     

    • Download the compressed Oracle IAM Deployment Repository files. These can be obtained from the Oracle Software Delivery Cloud (requires registration or login) or from My Oracle Support (using a customer account). Figure 5 (below) shows how to get the files from the Software Delivery Cloud; search for Patchset 21037613 in My Oracle Support to find the location to download the files. You will need at least 20 GB of disk space to download all the files.
    • Optionally, you can install the JDK included in the repository or download the latest Java SE Development Kit. At the time of this writing we downloaded the Java SE Development Kit 7u80 or rpm file jdk-7u80-linux-x64.rpm.
    • Unzip the repository files into a staging folder; you will need an additional 20 GB of space to hold the uncompressed files. The LCM tools and Health Check Utility are included, so you don't need to download additional files. Figure 6 (below) shows the top-level directory structure of the staging folder containing the uncompressed files.
    • Although the documentation recommends installing some mandatory patches for middleware components like the Oracle Database and WebLogic Server, you will find out later that the built-in patches in the repository supersede most of the mandatory patches listed in the documentation and thus not all of them need to be installed. For this demonstration we downloaded only the database patch 17501296 from My Oracle Support.

     

    05-cloud-files.jpg

     

    Figure 5. Downloading Install Media

     

    06-repository-tree.jpg

     

    Figure 6. IAM Deployment Repository – Top Level Tree

     

    Automated Deployment

     

    The following steps guide you through automating the deployment of Oracle IAM Suite 11gR2 PS3 (11.1.2.3.0) using the LCM tools, including the steps to configure the operating system (OS), as well as the installation of the underlying database.

     

    The target server used to deploy the consolidated topology was a virtual machine (VM), but you can use any physical server or virtualized infrastructure to do the deployment as long as the configuration meets the minimum requirements (click here to find more details). The following lists the VM configuration used to write this article:

     

    • OS Type : Linux
    • Virtual CPUs : 2
    • Memory : 32 GB
    • Disk : 70 GB

     

    The guest OS installed in the VM was Oracle Linux 7.1 with the Server with GUI option. The Resources section at the end of this article contain links with further information about Oracle Linux and Oracle IAM documentation.

     

    Installing the Oracle Database

     

    1. Although the Oracle database software is included in the repository, you will need first to install the database before you can deploy the IAM suite using the LCM tools. The steps below follow a manual approach to preconfiguring the operating environment. To do so, proceed to login as “root” user and run the following commands to create the groups and user needed to start the installation of the database:
           
            /usr/sbin/groupadd oinstall
            /usr/sbin/groupadd dba
            /usr/sbin/useradd -g oinstall -G dba oracle


            Define a password for the new user:
           
            passwd oracle

      Note: Simplify preconfiguration of the operating environment by running the oracle-rdbms-server-11gR2-preinstall rpm is available in the Oracle public yum repository. This link describes the process and will save you some steps in this section.

    2. If you do not have a DNS server to resolve names, then modify the host’s file to add a Fully Qualified Domain Name (FQDN) to the target server. For example, assuming the host name is ora-iambox.local, edit /etc/hosts and add the following entry:
         
          192.168.0.140 ora-iambox.local ora-iambox
         
          Note: If you need to change your host name, try the command below; you will also need to update the /etc/hosts and /etc/sysconfig/network files with the new name.
         
          hostname -b [new_host_name]
    3. Proceed to install the Java SE Development Kit. For example, assuming the rpm version was downloaded in /root/Downloads, login as “root” user and run the following commands:
         
          cd /root/Downloads
          rpm -ivh jdk-7u80-linux-x64.rpm

          Run the following commands to verify the installation:
         
          rpm -q jdk
          rpm -q --list jdk | grep "bin/java"

          Edit /etc/profile and add the following lines to export JAVA_HOME and add it to the system path:
         
          export JAVA_HOME=/usr/java/jdk1.7.0_80
          export PATH=$JAVA_HOME/bin:$PATH
         
    4. This step is optional and will depend on whether you extracted the repository files in the target server or in a network drive. In our case, we extracted all files in a SMB share drive Volume_2 in host 192.168.0.17. As “root” user, the following commands will mount a local SMB point to the share drive:
         
          mkdir /IAM
          mount -t cifs -o rw,username=smbuser,password=Passw0rd //192.168.0.17/volume_2 /IAM
         
    5. As “root” user, run the following commands to install the packages needed by the database installer:
         
          yum install libaio-devel
          yum install elfutils-libelf-devel
          yum install compat-libstdc++-33-3.2.3
          yum install gcc-c++

         
          Note: You’ll need internet access to succeed with the above commands.
    6. Log in as “oracle” user to run the installer for the Oracle database (see Figure 7, below). Since the database files are included in the deployment repository, we just need to point to the location of the repository to start the installation. For example, assuming the repository is located inside mounting point /IAM subfolder /SOFTWARE/OracleIAM, we run the following commands:
           
            cd /IAM/SOFTWARE/OracleIAM/installers/database/Disk1
            ./runInstaller

      07-db-install.jpg

      Figure 7. Database Installer

    7. Because this is a demo installation, in the Configure Security Updates window, we leave the email field empty and uncheck the box to receive security updates. Click Next to continue. Then click Yes to the warning message.
    8. In the Download Software Update window, select Skip software update and click Next to continue.
    9. In the Select Installation Option window, select Create and configure database and click Next to continue.
    10. In the System Class window, select Server Class and click Next to continue.
    11. In the Grid Installation Options window, select Single instance database installation and click Next to continue.
    12. In the Select Install Type window, select Typical install and click Next to continue.
    13. In the Typical Install Configuration window, enter the following values and click Next to continue.
         
          Oracle base : /home/oracle/app/oracle
          Software location : /home/oracle/app/oracle/product/11.2.0/dbhome_1
          Storage type : File System
          Database file loc : /home/oracle/app/oracle/oradata
          Database edition : Enterprise Edition (4.7GB)
          OSDBA Group : dba
          Global db name : iam.local
          Admin Password : Passw0rd

         
    14. In the Create Inventory window, make sure the following values are entered and selected. Click Next to continue.
         
          Inventory Directory : /home/oracle/app/oraInventory
          oraInventory Group Name : oinstall
    15. In the Perform Prerequisite Checks window, click the Fix and Check Again button to fix the warnings.
           
            Follow the instructions in the Execute Fixup Scripts window (Figure 8, below). To do so, open a terminal session as “root” user and run the requested script. E.g.:
           
            /tmp/CVU_11.2.0.4.0_oracle/runfixup.sh
           
            Then, come back to the Execute Fixup Scripts window and click OKto continue.

       

      08-db-script.jpg

      Figure 8. Execute Fixup Scripts Window

    16. Back in the Perform Prerequisite Checks window, if two warnings are displayed (swap size and pdksh), click the Ignore All checkbox and then click Next to continue.
         
          Click Yes to continue if a warning message is displayed.
         
          Note: pdksh is a package that is already installed in Oracle Linux, and the swap size can be different depending on the amount of memory installed in the server.
    17. In the Summary window (Figure 9, below), review the installation parameters and click Install
      to start the installation.
           
            Note: If during the installation, an error with “invoking target agent nmhs...” is displayed, without closing the message window proceed to open a terminal as “root” user. Edit the following file: /home/oracle/app/oracle/product/11.2.0/dbhome_1/sysman/lib/ins_emagent.mk
           
            And change the following lines, from:
            $(SYSMANBIN)emdctl:
            $(MK_EMAGENT_NMECTL)

           
            To:
            $(SYSMANBIN)emdctl:
            $(MK_EMAGENT_NMECTL) -lnnz11

           
            Then, back to the message window, click on the Retrybutton to continue with the installation.

       

      09-db-summary.jpg

      Figure 9. Summary Window

    18. During the installation, the Database Configuration Assistance window shows the progress of the database creation. Once the installation is completed, the resulting values are displayed. Click OK to continue. Here is a sample output:
         
          For details check the log file at:
          /home/oracle/app/oracle/cfgtoollogs/dbca/iam
         
          Database information:
          Global Database Name : iam.local
          System Identifier (SID) : iam
          Server Parameter File : /home/oracle/app/oracle/product/11.2.0/dbhome_1/dbs/spfileiam.ora
         
          The database Control URL is https://ora-iambox.local:1158/em
    19. In the Execute Configuration Scripts window, note the instructions and run the scripts by opening a terminal as “root” user and running the following commands:
         
          /home/oracle/app/oraInventory/orainstRoot.sh
          /home/oracle/app/oracle/product/11.2.0/dbhome_1/root.sh

         
          When running the second script, you will be prompted to enter a local bin directory. Press Enter to accept the default value of /usr/local/bin. Once the execution is completed, return to the Configuration Scripts window and click OK to continue.
    20. The Finish window is displayed in Figure 10, below. Proceed to write down the URL location to access the Enterprise Manager Database Control, then click Close to close the installer.
           
            Enterprise Manager Database Control URL – (iam)
            https://ora-iambox.local:1158/em

       

      10-db-finish.jpg

      Figure 10. Finish Window

    21. Check the installation. Open a browser window and enter the Database Control URL along with the following credentials:
         
          Console URL: https://ora-iambox.local:1158/em
          User : sys
          Pass : Passw0rd
          Connect as : SYSDBA

         
          If everything worked OK, the Enterprise Management console is displayed.
         
          Note: The IAM schema repositories are created by the LCM tools during the deployment, so there is no need to run the Repository Creation Utility (RCU) tool.
    22. Install mandatory patch 17501296. Log in as “oracle” user and unzip the patch bundle into temporary folder /tmp, then follow the instructions below.
    23. Run the following commands to shut down the database:


            export ORACLE_SID=iam
            export ORACLE_UNQNAME=iam
            export ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1
            export PATH=$PATH:$ORACLE_HOME/OPatch
            cd $ORACLE_HOME/bin
            ./sqlplus / as sysdba
            SQL> shutdown immediate;
            SQL> exit

           
            Now apply the patch by running the following commands:
            cd /tmp/p17501296_112040_Generic/17501296
            opatch apply


            Check if the patch has been applied successfully:
            opatch lsinventory
           
            Start the database:
            cd $ORACLE_HOME/bin
            ./sqlplus / as sysdba
            SQL> startup
           

    24. Finally, as “oracle” user, set the environment variables. To do so, follow the instructions below.
         
          Edit the user profile:
          vi .bash_profile
         
          Add the following lines to the end:
          export ORACLE_SID=iam
          export ORACLE_UNQNAME=iam
          export ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1
          export PATH=$ORACLE_HOME/bin:$PATH

         
          Reload the user profile
          . .bash_profile
    25. In preparation for installing the LCM tools and deploying the IAM suite, you need to configure OS kernel parameters and install some libraries. Open a terminal session as “root” user and follow the instructions below.
         
          Edit /etc/sysctl.conf and update the following lines:
          kernel.shmmax = 10737418240
          kernel.shmall = 2621440

         
          Edit /etc/security/limits.conf and update the following line:
          oracle hard nofile 150000
         
          Run the following commands:
          yum install xclock
          yum install lsb
          yum install compat-libcap1
          yum install ksh

         
          Re-start the operating system by running:
          shutdown -r now
         
          Note: After re-starting the server, you will need to start the database and enterprise console. Log in as “oracle” user and follow the instructions below.
         
          Start the database listener:
          cd $ORACLE_HOME/bin
          ./lsnrctl start

     

    Preparing the OS and Database

     

    1. In preparation for installing the LCM tools and deploying the IAM suite, you need to configure OS kernel parameters and install some libraries. Open a terminal session as “root” user and follow the instructions below.
           
            Edit /etc/sysctl.conf and update the following lines:
            kernel.shmmax = 10737418240
            kernel.shmall = 2621440

           
            Edit /etc/security/limits.conf and update the following line:
            oracle hard nofile 150000
           
            Run the following commands:
            yum install xclock
            yum install lsb
            yum install compat-libcap1
            yum install ksh

           
            Re-start the operating system by running:
            shutdown -r now
           
            Note: After re-starting the server, you will need to start the database and enterprise console. Log in as “oracle” user and follow the instructions below.
           
            Start the database listener:
            cd $ORACLE_HOME/bin
            ./lsnrctl start


            Run “sqlplus” to start the database instance:
            ./sqlplus / as sysdba
            SQL> startup


            Start the enterprise manager console:
            ./emctl start dbconsole

    2. As “oracle” user, configure the Oracle database:
           
            Run “sqlplus” to configure the database:
      ./sqlplus / as sysdba
       SQL> @$ORACLE_HOME/rdbms/admin/xaview.sql
       SQL> alter system set processes = 500 scope=spfile sid='*';
       SQL> alter system set open_cursors = 1600 scope=spfile sid='*';
       SQL> alter system set session_cached_cursors = 500 scope=spfile sid='*';
       SQL> alter system set session_max_open_files = 50 scope=spfile sid='*';
       SQL> alter system set sessions = 500 scope=spfile sid='*';

            The following commands may also needed if the Health Check Utility reported an error with DBParameterCheck. Make sure your OS virtual memory is equal or greater than MEMORY_TARGET value (4GB):
      SQL> alter system set sga_target = 536879120 scope=spfile sid='*';
       SQL> alter system set pga_aggregate_target = 104857600 scope=spfile sid='*';
       SQL> alter system set sga_max_size = 4294967296 scope=spfile sid='*';
       SQL> alter system set MEMORY_MAX_TARGET = 4294967296 scope=spfile sid='*';
       SQL> alter system set MEMORY_TARGET = 4294967296 scope=spfile sid='*';

            Re-start the database by running:
      SQL> shutdown immediate;
       SQL> startup

     

    Installing the LCM Tools

     

    11-lcm-installer.jpg

     

    Figure 11. LCM Tools Installer

     

    1. In the Welcome window (see Figure 11, above), click Next to continue.
    2. In the Install Software Updates window, select Skip Software Updates and click Next to continue.
    3. In the Prerequisite Checks window (see Figure 12, below), review the results and click Next
      to continue.
           
            Note:If the previous OS and database settings were completed, should be no errors or warnings.

      12-lcm-prerequisites.jpg

      Figure 12. Prerequisite Checks Window

    4. In the Specify Installation Location, enter the following values, then click Next to continue:
         
          Oracle Middleware Home : /home/oracle/Middleware
          Oracle HOME Location : Oracle_IDMLCM1
         
    5. In the Installation Summary window, review the results and click Install to start the installation.
    6. Once the installation is completed, click Next to continue.
    7. In the Installation Complete window (Figure 13, below), review the results and click Finishto close the installer.

       

      13-lcm-complete.jpg

      Figure 13. Installation Complete Window

     

    Copying Required Patches

     

    1. The documentation recommends installing at least mandatory patches during the installation of the IAM environment. However, the patches listed in the documentation for WebLogic at the time of this writing (see below) were all superseded by built-in patch 19637463 (12UV), included in the IAM deployment repository, and thus do not need to be installed.
         
          For WebLogic Server:
          Patch 16844206 fixes an issue in getting environment variables in Windows Server
          Patch 14404715 fixes an issue when sending JMS messages
          Patch 18398295 fixes an issue with multi-byte character set
         
          For Oracle Database:
          Patch 17501296 fixes a bug when deleting rows from a table. This patch cannot be deployed with the LCM tools; its installation is described in Step 22: Installing the Oracle Database.
    2. To automate the deployment, the LCM tools need a response file containing all the configuration parameters needed to perform the deployment. Therefore, log in as “oracle” user and run the Deployment Wizard by running the following commands:
         
          export IDMLCM_HOME=/home/oracle/Middleware/Oracle_IDMLCM1
          cd $IDMLCM_HOME/provisioning/bin
          ./iamDeploymentWizard.sh

     

    Generating the Response File

     

    1. To automate the deployment, the LCM tools need a response file containing all the configuration parameters needed to perform the deployment. Therefore, log in as "oracle" user and run the Deployment Wizard by running the following commands:
           
            export IDMLCM_HOME=/home/oracle/Middleware/Oracle_IDMLCM1
            cd $IDMLCM_HOME/provisioning/bin
            ./iamDeploymentWizard.sh
      14-deploy-welcome.jpg

      Figure 14. Welcome Window

    2. In the Welcome window (Figure 14), click Next to continue.
    3. In the Choose IAM Installation Option, select Create a New Identity and Access Management Deployment Response File and click Next to continue.
    4. In Specify Security Updates windows, uncheck “I wish to receive security updates...”. Leave the other fields blank and click Next to continue.
         
          Click Yes to the warning message to continue.
    5. In Describe Response File, leave the default values and click Next to continue.
         
          Title : Identity and Access Management Deployment Response File
          Version : 1.0
    6. In Select IAM Products window (Figure 15, below), select OIM-OAM-OMSS Integrated with Directory* and click Nextto continue.

       

      15-deploy-products.jpg

      Figure 15. Select IAM Products Window

    7. In Directory Selection, select Configure New Directory and leave the default value Oracle Unified Directory. Click Next to continue.
    8. In Select Topology, select Single Node and enter the server name. Click Next to continue.
         
          Host name : ora-iambox.local
    9. In Select Installation and Configuration Locations, enter the following values and click Next to continue:
         
          Lifecycle Management Store Location : /home/oracle/lcm_store
          Software Repository Location : /IAM/MySOFTWARE/OracleIAM
          Software Installation Location : /home/oracle/oim-oam-omss
          Shared Configuration Location : /home/oracle/oim-oam-omss/config
    10. In the Directory Configuration window, enter the following values and click Next to continue:
         
          Port : 1389
          SSL : 1636
          Realm DN : dc=acme,dc=com
          User container : cn=Users,dc=acme,dc=com
          Group container : cn=Groups,dc=acme,dc=com
          System ID container : cn=SystemIDs,dc=acme,dc=com
    11. In Configure Oracle HTTP Server, review the assigned values and click Next to continue.
         
          Hostname : ora-iambox.local
          HTTP Port : 7777
          SSL Port : 4443
          OHS Admin SSL Port : 9999
          OPMN Local Port : 6703
          OPMN Remote Port : 6704
          OAM Admin Front End Port : 7777
          OIM Admin Front End Port : 7778
          Instance Name : ohs1
    12. In Configure Oracle Identity Manager, review the assigned values and click Next to continue.
         
          AdminServer Port : 7101
          Port : 14000
          Nodemanager Port : 5556
    13. In the Oracle Identity Manager Database Configuration, enter the following values and click Next to continue.
           
            Create Schema using RCU : [checked]
            SYSDBA Username : sys
            SYSDBA Password : Passw0rd
            Schema prefix : EDGIGD
            Schema User Name : EDGIGD_OIM
            Service Name : iam.local
            Schema Password : Passw0rd


            Single Database Instance : [cheched]
            Host Name : ora-iambox.local
            Listening port : 1521

    14. In Configure SOA windows, review the default values and click Next to continue.
         
          SOA Hostname : ora-iambox.local
          Port : 8001
    15. In Configure Oracle Business Intelligence Publisher, review the default values and click Next to continue.
         
          BIP Host : ora-iambox.local
          Port : 9704
    16. In Configure Oracle Access Manager, review the default values and click Next to continue.
         
          OAM Host : ora-iambox.local
          AdminServer Port : 7001
          OAM Port : 14100
          Nodemanager port : 5556
          OAM Transfer Mode : Simple
          Cookie Domain : .local
    17. In Configure Oracle Mobile Security Manager, review the default values and click Next to continue.
         
          OMSM Host : ora-iambox.local
          OMSM Port : 14180
          OMSM SSL Port : 14181
    18. In Configure Oracle Mobile Security Access Server, review the default values and click Next to continue.
         
          OMSAS Host : ora-iambox.local
          OMSM Port : 9001
          OMSM SSL Port : 9002
          Gateway Instance : gateway1
    19. In Configure Access Policy Manager, review the default values and click Next to continue.
         
          OAM Policy Manager Host : ora-iambox.local
          OAM Policy Manager Port : 14150
          OAM Policy Manager SSL Port : 14151
    20. In Configure Oracle Access Manager Database, enter the following values and click Next to continue:
           
            Create Schema using RCU : [checked]
            SYSDBA Username : sys
            SYSDBA Password : Passw0rd
            Schema Prefix : EDGIAD
            Schema User Name : EDGIAD_OAM
            Service Name : iam.local
            Schema Password : Passw0rd


            Single Database Instance : [checked]
            Host Name : ora-iambox.local
            Listening Port : 1521

    21. In Set User Names and Passwords, enter a value for the password and click Next to continue.
         
          Enter Common IAM Password : Passw0rd
    22. In the Summary window (Figure 16, below), review the final configuration and leave the default values, then click Finish to close the wizard.
           
            Provisioning file : provisioning.rsp
            Provisioning summary : provisioning.summary
            Directory : /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin

       

      16-deploy-summary.jpg

      Figure 16. Summary Window

    23. Check the resulting response file by looking at the following location:
         
          /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp

     

    Running the Health Check Utility

     

    1. During deployment using the LCM tools, the Health Check Utility is automatically invoked as part of the pre-installation and post-installation steps. However, this utility can also be invoked manually, which is useful if you want to know if the target server has been properly configured to support the installation. Log in as “oracle” user and follow the instructions below to run the utility from a command line.
    2. To check the Oracle Identity Manager database before installing the Oracle Identity and Access Management environment, run the following commands:
             
              cd /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin
              ./idmhc.sh -manifest ../config/PreInstallChecks_db.xml

             
              If mandatory patch 17501296 for the database was applied, the following result is displayed:
             
              Oracle Identity and Access Environment Health Check Utility Version

       

      Log directory is not provided. Using /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin as default log directory

      [Executing 1 of 1 plugins]: Verifying DB patches
              Enter the ORACLE HOME path:/home/oracle/app/oracle/product/11.2.0/dbhome_1
              [Plugin succeeded]: Verifying DB patches

      [Total# of Plugins Executed]: 1
              [Total# of Plugins Succeeded]: 1
              [Total# of Plugins Failed]: 0
              [Total# of Plugins with Errors]: 0
              [Total# of Plugins with Warnings]: 0

      [HealthCheck actions summary report]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_db_2015-07-12_10_31-23PM.html

      [HealthCheck log file]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_db_2015-07-12_10_31-23PM.log

      [HealthCheck XML report]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_db_2015-07-12_10_31-23PM.xml

    3. To check all mandatory prerequisites for an Oracle Identity and Access Management environment, run the commands below. If some of the validations fail, an HTML file will be generated containing a summary of the errors and corrective actions.
             
              cd /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin
              ./idmhc.sh -manifest ../config/PreInstallChecks_mandatory.xml

             
              The following result shows three (3) errors highlighted in red:
             
              Oracle Identity and Access Environment Health Check Utility Version
              Log directory is not provided.Using /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin as default log directory

       

      [Executing 1 of 12 plugins]: Verifying Kernel Parameters
              [Plugin succeeded]: Verifying Kernel Parameters
              [Executing 2 of 12 plugins]: Verifying Operating system and release
              [Plugin succeeded]: Verifying Operating system and release
              [Executing 3 of 12 plugins]: Check whether ports are free
              [Plugin skipped]: Check whether ports are free
              [Executing 4 of 12 plugins]: Verifying available Disk space
              [Plugin failed]: Verifying available Disk space
              [Executing 5 of 12 plugins]: Verifying available Physical Memory
              [Plugin failed]: Verifying available Physical Memory
      [Executing 6 of 12 plugins]: Check Reachability of hosts
              [Plugin skipped]: Check Reachability of hosts
              [Executing 7 of 12 plugins]: Verifying DB Parameter
              [Plugin skipped]: Verifying DB Parameter
              [Executing 8 of 12 plugins]: Verifying DB Schema Connection
              [Plugin failed]: Verifying DB Schema Connection
      [Executing 9 of 12 plugins]: Verifying JDK vendor and version
              [Plugin succeeded]: Verifying JDK vendor and version
              [Executing 10 of 12 plugins]: Verifying Packages Installed
              [Plugin succeeded]: Verifying Packages Installed
              [Executing 11 of 12 plugins]: Verifying Path Permissions
              [Plugin skipped]: Verifying Path Permissions
              [Executing 12 of 12 plugins]: Verifying XClock run
              [Plugin succeeded]: Verifying XClock run

      [Total# of Plugins Executed]: 8
              [Total# of Plugins Succeeded]: 5
              [Total# of Plugins Failed]: 3
              [Total# of Plugins with Errors]: 0
              [Total# of Plugins with Warnings]: 0

      [HealthCheck actions summary report]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_mandatory_2015-07-13_09_17-48PM.html

      [HealthCheck log file]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_mandatory_2015-07-13_09_17-48PM.log

      [HealthCheck XML report]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_mandatory_2015-07-13_09_17-48PM.xml
             
              In a browser, open the summary report by typing the string below to see the details of the errors.
             
              home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_mandatory_2015-07-13_09_17-48PM.html
             

    4. Resolution of the errors varies for each scenario. Here are the corrective actions taken for the three errors in the previous step:
             
              (a) Error verifying available disk space
              The DiskSpaceCheck plugin by default checks the space available in the root volume “/”. However, in our case, the target volume “/home” has 52 GB of disk space available, so this error can be ignored.
             
              (b) Error verifying available physical memory
              The FreeMemoryCheck plugin in the Health Check Utility has a bug that prevents it from properly obtaining the free memory available in Oracle Linux 7.1. This error can be ignored if the target server has at least 32 GB of physical memory.
             
              (c) Error verifying DB schema
              This error can be ignored since we haven't run the installation, the RCU tool hasn't been executed, and thus no schema has been provisioning yet in the database.
             
              Note: The errors can be ignored by editing the Health Check Utility configuration file PreInstallChecks_mandatory.xml and deleting the sections associated with each verification task. The configuration file resides here:
              /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/config/
             
              For example, for the previous errors, we removed the following sections:
             
              <plugin id="DiskSpaceCheck"
              description="Verifying available Disk space"
              invoke=""
              plugin.class="oracle.idm.healthcheck.plugins.diskspace.DiskSpaceCheckPlugin"
              class.path="$HC_LOCATION/lib/idmhcplugins.jar"
              stoponerror="false"/>

       

              <plugin id="FreeMemoryCheck"
              description="Verifying available Physical Memory"
              invoke=""
              plugin.class="oracle.idm.healthcheck.plugins.freememcheck.FreeMemCheckPlugin"
              class.path="$HC_LOCATION/lib/idmhcplugins.jar"
              stoponerror="false"/>
                       <plugin id="DBSchemaCheck"
              description="Verifying DB Schema Connection"
              invoke="" plugin.class="oracle.idm.healthcheck.plugins.dbschemacheck.DBSchemaCheckPlugin"
              class.path="$HC_LOCATION/lib/idmhcplugins.jar;
              $HC_LOCATION/lib/ojdbc6.jar"
              stoponerror="false"/>

       

      Alternatively, if you are planning to deploy the IAM Suite using the Deployment Wizard instead of the LCM Tools command line interface, you can opt to bypass the validations when invoking the wizard with the parameter ignoreSysPrereqs. Here’s an example:
             
              /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/iamDeploymentWizard.sh -ignoreSysPrereqs

    5. If errors were generated and corrected, run the Health Check Utility again until no errors are reported.

     

    Running the Deployment with LCM Tools

     

    1. The LCM tools can be executed interactively (Deployment Wizard) or via command line. In this article we will describe the command line interface. For each stage of the deployment process, we run a task that must run sequentially; that is, each stage must be completed before the next stage can begin. Failure of a stage will require a clean and restart. The following commands run the first task “preverify” of the deployment process.
             
              cd /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin
              ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target preverify

       

      The following is a sample output of the “preverify” task:
              2015-07-15 13:35:00.751 TRACE
              BUILD SUCCESSFUL
              Total time: 1 minute 39 seconds

       

      Successfully finished preverify.
              Proceed with install.

    2. If the previous task completed successfully, run the “install” task. To do so, run the following command (all in one line):
             
              ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target install
             
              Note: At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from the beginning (preverify).
             
              The following is a sample output of the “install” task:
              2015-07-15 02:15:59.146 TRACE
              BUILD SUCCESSFUL
              Total time: 136 minutes 37 seconds

      Successfully finished install.
              Proceed with preconfigure.

    3. If the previous task completed successfully, run the “preconfigure” task by running the following command:
             
              ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target preconfigure
             
              Note: At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from the beginning (preverify).
             
              The following is a sample output of the “preconfigure” task:
              2015-07-15 03:54:01.217 TRACE
              BUILD SUCCESSFUL
              Total time: 91 minutes 10 seconds

      Successfully finished preconfigure.
              Proceed with configure.

    4. If the previous task completed successfully, run the “configure” task by running the following command:
             
              ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target configure
             
              Note: At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from post-installation (preconfigure).
             
              The following is a sample output of the “configure” task:
              2015-07-15 17:39:10.267 TRACE
              BUILD SUCCESSFUL
              Total time: 76 minutes 59 seconds

      Successfully finished configure.
              Proceed with configure-secondary.

    5. If the previous task completed successfully, run the “configure-secondary” task by running the following command:
             
              ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target configure-secondary
             
              Note: At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from post-installation (preconfigure).
             
              The following is a sample output of the “configure-secondary” task:
              2015-07-15 18:08:18.592 TRACE
              BUILD SUCCESSFUL
              Total time: 19 minutes 26 seconds

      Successfully finished configure-secondary.
              Proceed with postconfigure.

    6. If the previous task completed successfully, run the “postconfigure” task by running the following command:
             
              ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target postconfigure
             
              Note: At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from post-installation (preconfigure).
             
              The following is a sample output of the “postconfigure” task:
              2015-07-15 19:20:49.018 TRACE
              BUILD SUCCESSFUL
              Total time: 41 minutes 44 seconds

      Successfully finished postconfigure.
              Proceed with startup.

    7. If the previous task completed successfully, run the “startup” task by running the following command:
             
              ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target startup
             
              Note: At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from post-installation (preconfigure).
             
              The following is a sample output of the “startup” task:
              2015-07-15 20:30:38.613 TRACE
              BUILD SUCCESSFUL
              Total time: 46 minutes 53 seconds

       

      Successfully finished startup.
              Proceed with validate.

    8. If the previous task completed successfully, run the “validate” task by running the following command:
             
              ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target validate
             
              The following is a sample output of the “validate” task:
              2015-07-15 21:08:17.376 TRACE
              BUILD SUCCESSFUL
              Total time: 5 minutes 19 seconds

       

      Successfully finished validate.

     

    Post-Deployment Tasks

     

    1. Once the deployment is completed, follow the instructions below to enable help in the WebLogic Administrative Console.
           
            Open a browser window and enter the following values:
            URL : http://ora-iambox.local:7777/oamconsole
            User : oamadmin
            Pass : Passw0rd
    2. The Launch pad is displayed. In the Access Manager pad, click on Application Domains. A Search Application Domains tab opens. In the Name field, enter “IAM Suite” and click Search. In the Search Results, click IAM Suite. Then, click the Resources tab, and then Create to enter the following information:
             
              Type : HTTP
              Description : All resources for WLS console help
              Host Identifier : IAMSuiteAgent
              Resource URL : /consolehelp/**
              Query : Name Value list
              Operations Available : All
              Protection Level : Excluded

       

      Click Apply to save the changes.

     

    Verifying the Deployment

     

    1. After completing the deployment and post-deployment tasks, you can verify the installation and connectivity with all the IAM components installed. The instructions below indicate the URL and credentials needed to access the Access Management components. Figures 17 and 18 (below) show the OAM and OIM consoles.
             
              Oracle Access Manager
              WebLogic Administration Console (IAMAccessDomain)

      URL : http://ora-iambox.local:7777/console
              User : weblogic_idm
              Pass : Passw0rd

       

      Enterprise Manager Console (Farm_IAMAccessDomain)

      URL : http://ora-iambox.local:7777/em
              User : weblogic_idm
              Pass : Passw0rd

       

      Oracle Access Management Console

      URL : http://ora-iambox.local:7777/oamconsole
              User : oamadmin
              Pass : Passw0rd

       

      Oracle Access Management Policy Manager Console

      URL : http://ora-iambox.local:7777/access
              User : oamadmin
              Pass : Passw0rd

    2. The instructions below indicate the URL and credentials needed to access the Identity Management components:
             
              Oracle Identity Manager

      WebLogic Administration Console (IAMGovernanceDomain)

      URL : http://ora-iambox.local:7778/console
              User : weblogic_idm
              Pass : Passw0rd

       

      Enterprise Manager Console (Farm_IAMGovernanceDomain)

      URL : http://ora-iambox.local:7778/em
              User : weblogic_idm
              Pass : Passw0rd

       

      Oracle Identity Self Service Console

      URL : http://ora-iambox.local:7778/identity
              User : xelsysadm
              Pass : Passw0rd

       

      Oracle Identity System Administration Console

      URL : http://ora-iambox.local:7778/sysadmin
              USer : xelsysadm
              Pass : Passw0rd

       

      Oracle Entitlement Server - Authorization Policy Manager Console

      URL : http://ora-iambox.local:7778/apm
              User : weblogic_idm
              Pass : Passw0rd

       

      Oracle BI Publisher Enterprise Console

      URL : http://ora-iambox.local:7778/xmlpserver
              User : xelsysadm
              Pass : Passw0rd

     

    Start and Stop IAM Suite Components

     

    1. Along with the deployment, a set of scripts to start and stop all the IAM components are generated and placed in the software location folder. Follow the instructions below to stop and start the IAM suite.
           
            Stop IAM Suite
            cd /home/oracle/oim-oam-omss/config/scripts/
            ./stopall.sh

           
            Start IAM Suite
            cd /home/oracle/oim-oam-omss/config/scripts/
            ./startall.sh

           
            Note: The above scripts use the password stored in the wallet file cwallet.sso, located at /home/oracle/lcm_store/lcmconfig/credconfig
    2. Optionally, you can change the password stored in the cwallet.sso file. To do so, use these commands:
           
            cd /home/oracle/lcm_store/lcmconfig/credconfig
            ./csf-util.sh list
            ./csf-util.sh add

           
            Note: The script prompts for the name of the key, the user, and then the new password.

    17-oam-console.jpg

    Figure 17. Oracle Access Management Console

    18-oim-console.jpg

    Figure 18. Oracle Identity System Administration Console

     

    Notes About Cleanup and Restore

     

    When you are ready to cleanup and attempt another deployment, do one of the following:

     

    • If the deployment failed in the Preconfigure or Install phases, use Cleanup and Restore to cleanup the environment so you can start the deployment again from the beginning.
    • If deployment fails between the Preconfigure stage and the Validate stage, use the Cleanup and Restore feature to cleanup the environment and restore it to the post-install stage.

     

    Figure 4 depicts the previous approach. For example, if the deployment fails during the postconfigure stage, you can use Cleanup and Restore to clean up any changes made since you successfully completed the install stage. Cleanup and Restore can be performed using either the command line deployment tool or the Deployment Wizard.

     

    For example, task “postconfigure” failed during deployment, so we run cleanup and restore:
        ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target cleanup-postconfigure
        ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target restore-postconfigure

     

    Then, assuming the problems were fixed, we start from post-install by running:
        ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target preconfigure

     


     

    Conclusion

     

    Oracle IAM Suite 11gR2 PS3 bring a new set of features that improve the user experience and, as we have learned, also automate administrative tasks like installation, patching and configuration of the IAM components. Although the LCM tools are limited in this version, it wouldn’t be surprising to see a more versatile LCM tools in terms of deployment topologies in the next update.

     

    Resources

     

     

    About the Author

     

    Ricardo Gutierrez is a Senior IT Consultant with Oracle, specialising in Identity and Access Management, Federation, Single Sign-On, Privileged Access Management, Database Security, and Cloud Computing. With over 25 years of experience working with several technologies, Ricardo has spent the last 10 years working with the full suite of IAM products from IBM and Oracle. He is also a PMP and VMware Certified Professional, and has published several white papers, articles, and training training material covering security and cloud computing.