The Oracle Identity and Access Management Suite 11gR2 Patchset 3 introduces important new features and improvements to the user interface, expansion of Oracle's Mobile Security offering, directory virtualization with Oracle Unified Directory, enhanced Privilege Account Management, and automation tools for patching and deploying the IAM Suite among other capabilities. This article describes the steps to use the new Life Cycle Management (LCM) tools to automate the deployment of the Oracle IAM Suite 11g R2 PS3 in Oracle Linux 7.1

By @"Ricardo Gutierrez-Oracle"

Oracle IAM Suite 11gR2 Patchset 3 Overview

This new update introduces important new features and improvements to the user interface that simplify the tasks associated with the provisioning and management of identities within organizations. The new features include: expansion of Oracle's Mobile Security offering, with capabilities for mobile device management; a policy framework to facilitate the provisioning of devices; directory virtualization with Oracle Unified Directory; enhanced Privilege Account Management with windows session recording; and extended automation tools for patching and installing the IAM Suite.

Oracle IAM 11gR2 Patchset 3 can be installed as a new product or applied to existing installations, including:

• 11g Release 2 (11.1.2.0)
• 11g Release 2 Patchset 1 (11.1.2.1)
• 11g Release 2 Patchset 2 (11.1.2.2)

Automated Installation using LCM Tools

The Life Cycle Management (LCM) tools are provided to automate the deployment of the IAM Suite; they represent a major step in reducing deployment times and potentially eliminating human errors. The automation capability was introduced in 11.1.2.2.0 and was known as the Deployment Wizard tool.

In 11.1.2.3.0, the LCM tools allow only the installation of single-host scenarios. While this can be seen as limited to proof-of-concept and development deployments, future releases will add capabilities to support multiple hosts, topologies and production environments.

Some of the benefits you will find with the LCM tools are:

• Use of Oracle IAM Deployment Repository, a single software distribution containing all software required to deploy, patch and upgrade the IAM Suite
• Automatic installing, configuring, deploying, and patching the IAM software
• Use of the Environment Health Check Utility to verify your system requirements before you deploy and to verify the environment after you deploy
• Component-by-component upgrading of the environment deployed with the LCM tools, so as to minimize downtime

Here are the supported topologies for a single-host scenario:

• Oracle Identity Manager (OIM) Only[RG1]
• Oracle Access Manager (OAM) Suite and Oracle Mobile Security Suite (OMSS) Only [RG2]
• OIM-OAM-OMSS Integrated with Directory

Figures 1, 2 and 3 (below) depict these topologies. This article will focus on describing how to automate the deployment of the OIM-OAM-OMSS Integrated with Directory topology.

Figure 1. OIM Deployment Topology

Figure 2. OAM-OMSS Deployment Topology

Figure 3. OIM-OAM-OMSS Deployment Topology

Roadmap for Automated Deployment

Figure 4 shows the roadmap for automated deployment of the IAM Suite using the LCM tools. Note the different steps that can be executed automatically in sequence or manually on a step-by-step basis, using either a graphical or command line interface.

Figure 4. Stages for Automated Deployment

Deployment Prerequisites

The following list summarizes the tasks that you will need to do before automating the deployment of the IAM Suite:

• Download the compressed Oracle IAM Deployment Repository files. These can be obtained from the Oracle Software Delivery Cloud (requires registration or login) or from My Oracle Support (using a customer account). Figure 5 (below) shows how to get the files from the Software Delivery Cloud; search for Patchset 21037613 in My Oracle Support to find the location to download the files. You will need at least 20 GB of disk space to download all the files.
• Optionally, you can install the JDK included in the repository or download the latest Java SE Development Kit. At the time of this writing we downloaded the Java SE Development Kit 7u80 or rpm file jdk-7u80-linux-x64.rpm.
• Unzip the repository files into a staging folder; you will need an additional 20 GB of space to hold the uncompressed files. The LCM tools and Health Check Utility are included, so you don't need to download additional files. Figure 6 (below) shows the top-level directory structure of the staging folder containing the uncompressed files.
• Although the documentation recommends installing some mandatory patches for middleware components like the Oracle Database and WebLogic Server, you will find out later that the built-in patches in the repository supersede most of the mandatory patches listed in the documentation and thus not all of them need to be installed. For this demonstration we downloaded only the database patch 17501296 from My Oracle Support.

Figure 5. Downloading Install Media

Figure 6. IAM Deployment Repository – Top Level Tree

Automated Deployment

The following steps guide you through automating the deployment of Oracle IAM Suite 11gR2 PS3 (11.1.2.3.0) using the LCM tools, including the steps to configure the operating system (OS), as well as the installation of the underlying database.

The target server used to deploy the consolidated topology was a virtual machine (VM), but you can use any physical server or virtualized infrastructure to do the deployment as long as the configuration meets the minimum requirements (click here to find more details). The following lists the VM configuration used to write this article:

• OS Type : Linux
• Virtual CPUs : 2
• Memory : 32 GB
• Disk : 70 GB

The guest OS installed in the VM was Oracle Linux 7.1 with the Server with GUI option. The Resources section at the end of this article contain links with further information about Oracle Linux and Oracle IAM documentation.

Installing the Oracle Database

1. Although the Oracle database software is included in the repository, you will need first to install the database before you can deploy the IAM suite using the LCM tools. The steps below follow a manual approach to preconfiguring the operating environment. To do so, proceed to login as “root” user and run the following commands to create the groups and user needed to start the installation of the database:

     /usr/sbin/groupadd oinstall  
     /usr/sbin/groupadd dba  
     /usr/sbin/useradd -g oinstall -G dba oracle  
   
     Define a password for the new user:  
          passwd oracle  
   

   Note: Simplify preconfiguration of the operating environment by running the oracle-rdbms-server-11gR2-preinstall rpm is available in the Oracle public yum repository. This link describes the process and will save you some steps in this section.

2. If you do not have a DNS server to resolve names, then modify the host’s file to add a Fully Qualified Domain Name (FQDN) to the target server. For example, assuming the host name is ora-iambox.local, edit /etc/hosts and add the following entry:

   192.168.0.140 ora-iambox.local ora-iambox  
   
   **Note:** If you need to change your host name, try the command below; you will also need to update the **/etc/hosts** and **/etc/sysconfig/network** files with the new name.  
   
   hostname -b \[new\_host\_name\]
   

3. Proceed to install the Java SE Development Kit. For example, assuming the rpm version was downloaded in /root/Downloads, login as “root” user and run the following commands:

   cd /root/Downloads  
   rpm -ivh jdk-7u80-linux-x64.rpm  
   
   Run the following commands to verify the installation:  
   
   rpm -q jdk  
   rpm -q --list jdk | grep "bin/java"  
   
   Edit **/etc/profile** and add the following lines to export **JAVA\_HOME** and add it to the system path:  
   
   export JAVA\_HOME=/usr/java/jdk1.7.0\_80  
   export PATH=$JAVA\_HOME/bin:$PATH   
   

4. This step is optional and will depend on whether you extracted the repository files in the target server or in a network drive. In our case, we extracted all files in a SMB share drive Volume_2 in host 192.168.0.17. As “root” user, the following commands will mount a local SMB point to the share drive:

   mkdir /IAM  
   mount -t cifs -o rw,username=smbuser,password=Passw0rd //192.168.0.17/volume\_2 /IAM   
   

5. As “root” user, run the following commands to install the packages needed by the database installer:

   yum install libaio-devel  
   yum install elfutils-libelf-devel  
   yum install compat-libstdc++-33-3.2.3  
   yum install gcc-c++  
   
   **Note:** You’ll need internet access to succeed with the above commands.
   

6. Log in as “oracle” user to run the installer for the Oracle database (see Figure 7, below). Since the database files are included in the deployment repository, we just need to point to the location of the repository to start the installation. For example, assuming the repository is located inside mounting point /IAM subfolder /SOFTWARE/OracleIAM, we run the following commands:

     cd /IAM/SOFTWARE/OracleIAM/installers/database/Disk1  
     ./runInstaller
   

   

   **Figure 7. Database Installer

   **

7. Because this is a demo installation, in the Configure Security Updates window, we leave the email field empty and uncheck the box to receive security updates. Click Next to continue. Then click Yes to the warning message.

8. In the Download Software Update window, select Skip software update and click Next to continue.

9. In the Select Installation Option window, select Create and configure database and click Next to continue.

10. In the System Class window, select Server Class and click Next to continue.

11. In the Grid Installation Options window, select Single instance database installation and click Next to continue.

12. In the Select Install Type window, select Typical install and click Next to continue.

13. In the Typical Install Configuration window, enter the following values and click Next to continue.

    Oracle base : /home/oracle/app/oracle
    Software location : /home/oracle/app/oracle/product/11.2.0/dbhome_1
    Storage type : File System
    Database file loc : /home/oracle/app/oracle/oradata
    Database edition : Enterprise Edition (4.7GB)
    OSDBA Group : dba
    Global db name : iam.local
    Admin Password : Passw0rd

14. In the Create Inventory window, make sure the following values are entered and selected. Click Next to continue.

    Inventory Directory : /home/oracle/app/oraInventory
    oraInventory Group Name : oinstall

15. In the Perform Prerequisite Checks window, click the Fix and Check Again button to fix the warnings.

     Follow the instructions in the Execute Fixup Scripts window (Figure 8, below). To do so, open a terminal session as “root” user and run the requested script. E.g.:  
    
     /tmp/CVU\_11.2.0.4.0\_oracle/runfixup.sh  
    
     Then, come back to the Execute Fixup Scripts window and click **OK**to continue.
    

![08-db-script.jpg](https://objectstorage.us-phoenix-1.oraclecloud.com/p/BqK85Rn1zA5MP0vYiqbAdPgs7Z6OmMxw8SD3WCFVm5kY8uReidZ1KPIKkgJ1hCkG/n/axciphqpnohg/b/forums-legacy/o/uploads/jive_attachments/3/0/2/30264154egami.jpeg)  

**Figure 8. Execute Fixup Scripts Window  
  
**

16. Back in the Perform Prerequisite Checks window, if two warnings are displayed (swap size and pdksh), click the Ignore All checkbox and then click Next to continue.

    Click Yes to continue if a warning message is displayed.

    Note: pdksh is a package that is already installed in Oracle Linux, and the swap size can be different depending on the amount of memory installed in the server.

17. In the Summary window (Figure 9, below), review the installation parameters and click Install
    to start the installation.

     **Note:** If during the installation, an error with “invoking target agent nmhs...” is displayed, without closing the message window proceed to open a terminal as “root” user. Edit the following file: **/home/oracle/app/oracle/product/11.2.0/dbhome\_1/sysman/lib/ins\_emagent.mk**  
    
     And change the following lines, from:  
     $(SYSMANBIN)emdctl:  
     $(MK\_EMAGENT\_NMECTL)  
    
     To:  
     $(SYSMANBIN)emdctl:  
     $(MK\_EMAGENT\_NMECTL) -lnnz11  
    
     Then, back to the message window, click on the **Retry**button to continue with the installation.
    

![09-db-summary.jpg](https://objectstorage.us-phoenix-1.oraclecloud.com/p/BqK85Rn1zA5MP0vYiqbAdPgs7Z6OmMxw8SD3WCFVm5kY8uReidZ1KPIKkgJ1hCkG/n/axciphqpnohg/b/forums-legacy/o/uploads/jive_attachments/4/0/2/40264154egami.jpeg)  

**Figure 9. Summary Window  
  
**

18. During the installation, the Database Configuration Assistance window shows the progress of the database creation. Once the installation is completed, the resulting values are displayed. Click OK to continue. Here is a sample output:

    For details check the log file at:
    /home/oracle/app/oracle/cfgtoollogs/dbca/iam

    Database information:
    Global Database Name : iam.local
    System Identifier (SID) : iam
    Server Parameter File : /home/oracle/app/oracle/product/11.2.0/dbhome_1/dbs/spfileiam.ora

    The database Control URL is https://ora-iambox.local:1158/em

19. In the Execute Configuration Scripts window, note the instructions and run the scripts by opening a terminal as “root” user and running the following commands:

    /home/oracle/app/oraInventory/orainstRoot.sh
    /home/oracle/app/oracle/product/11.2.0/dbhome_1/root.sh

    When running the second script, you will be prompted to enter a local bin directory. Press Enter to accept the default value of /usr/local/bin. Once the execution is completed, return to the Configuration Scripts window and click OK to continue.

20. The Finish window is displayed in Figure 10, below. Proceed to write down the URL location to access the Enterprise Manager Database Control, then click Close to close the installer.

     Enterprise Manager Database Control URL – (iam)  
     [https://ora-iambox.local:1158/em](https://ora-iambox.local:1158/em)
    

![10-db-finish.jpg](https://objectstorage.us-phoenix-1.oraclecloud.com/p/BqK85Rn1zA5MP0vYiqbAdPgs7Z6OmMxw8SD3WCFVm5kY8uReidZ1KPIKkgJ1hCkG/n/axciphqpnohg/b/forums-legacy/o/uploads/jive_attachments/5/0/2/50264154egami.jpeg)  

**Figure 10. Finish Window  
  
**

21. Check the installation. Open a browser window and enter the Database Control URL along with the following credentials:

    Console URL: https://ora-iambox.local:1158/em
    User : sys
    Pass : Passw0rd
    Connect as : SYSDBA

    If everything worked OK, the Enterprise Management console is displayed.

    Note: The IAM schema repositories are created by the LCM tools during the deployment, so there is no need to run the Repository Creation Utility (RCU) tool.

22. Install mandatory patch 17501296. Log in as “oracle” user and unzip the patch bundle into temporary folder /tmp, then follow the instructions below.

23. Run the following commands to shut down the database:

     export ORACLE\_SID=iam  
     export ORACLE\_UNQNAME=iam  
     export ORACLE\_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome\_1  
     export PATH=$PATH:$ORACLE\_HOME/OPatch  
     cd $ORACLE\_HOME/bin  
     ./sqlplus / as sysdba  
     SQL> shutdown immediate;  
     SQL> exit  
    
     Now apply the patch by running the following commands:  
     cd /tmp/p17501296\_112040\_Generic/17501296  
     opatch apply
    
    
     Check if the patch has been applied successfully:  
     opatch lsinventory  
    
     Start the database:  
     cd $ORACLE\_HOME/bin  
     ./sqlplus / as sysdba  
     SQL> startup     
    

24. Finally, as “oracle” user, set the environment variables. To do so, follow the instructions below.

    Edit the user profile:
    vi .bash_profile

    Add the following lines to the end:
    export ORACLE_SID=iam
    export ORACLE_UNQNAME=iam
    export ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1
    export PATH=$ORACLE_HOME/bin:$PATH

    Reload the user profile
    . .bash_profile

25. In preparation for installing the LCM tools and deploying the IAM suite, you need to configure OS kernel parameters and install some libraries. Open a terminal session as “root” user and follow the instructions below.

    Edit /etc/sysctl.conf and update the following lines:
    kernel.shmmax = 10737418240
    kernel.shmall = 2621440

    Edit /etc/security/limits.conf and update the following line:
    oracle hard nofile 150000

    Run the following commands:
    yum install xclock
    yum install lsb
    yum install compat-libcap1
    yum install ksh

    Re-start the operating system by running:
    shutdown -r now

    Note: After re-starting the server, you will need to start the database and enterprise console. Log in as “oracle” user and follow the instructions below.

    Start the database listener:
    cd $ORACLE_HOME/bin
    ./lsnrctl start

Preparing the OS and Database

1. In preparation for installing the LCM tools and deploying the IAM suite, you need to configure OS kernel parameters and install some libraries. Open a terminal session as “root” user and follow the instructions below.

     Edit **/etc/sysctl.conf** and update the following lines:  
     kernel.shmmax = 10737418240  
     kernel.shmall = 2621440  
   
     Edit **/etc/security/limits.conf** and update the following line:  
     oracle hard nofile 150000  
   
     Run the following commands:  
     yum install xclock  
     yum install lsb  
     yum install compat-libcap1  
     yum install ksh  
   
     Re-start the operating system by running:  
     shutdown -r now  
   
     **Note:** After re-starting the server, you will need to start the database and enterprise console. Log in as “oracle” user and follow the instructions below.  
   
     Start the database listener:  
     cd $ORACLE\_HOME/bin  
     ./lsnrctl start
   
   
     Run “sqlplus” to start the database instance:  
     ./sqlplus / as sysdba  
     SQL> startup
   
   
     Start the enterprise manager console:  
     ./emctl start dbconsole
   

2. As “oracle” user, configure the Oracle database:

     Run “sqlplus” to configure the database:  
   

   ./sqlplus / as sysdba
   SQL> @$ORACLE_HOME/rdbms/admin/xaview.sql
   SQL> alter system set processes = 500 scope=spfile sid='*';
   SQL> alter system set open_cursors = 1600 scope=spfile sid='*';
   SQL> alter system set session_cached_cursors = 500 scope=spfile sid='*';
   SQL> alter system set session_max_open_files = 50 scope=spfile sid='*';
   SQL> alter system set sessions = 500 scope=spfile sid='*';

     The following commands may also needed if the Health Check Utility reported an error with DBParameterCheck. Make sure your OS virtual memory is equal or greater than MEMORY\_TARGET value (4GB):  
   

   SQL> alter system set sga_target = 536879120 scope=spfile sid='*';
   SQL> alter system set pga_aggregate_target = 104857600 scope=spfile sid='*';
   SQL> alter system set sga_max_size = 4294967296 scope=spfile sid='*';
   SQL> alter system set MEMORY_MAX_TARGET = 4294967296 scope=spfile sid='*';
   SQL> alter system set MEMORY_TARGET = 4294967296 scope=spfile sid='*';

     Re-start the database by running:  
   

   SQL> shutdown immediate;
   SQL> startup

Installing the LCM Tools

Figure 11. LCM Tools Installer

1. In the Welcome window (see Figure 11, above), click Next to continue.

2. In the Install Software Updates window, select Skip Software Updates and click Next to continue.

3. In the Prerequisite Checks window (see Figure 12, below), review the results and click Next
   to continue.

     **Note:**If the previous OS and database settings were completed, should be no errors or warnings.
   

   

   **Figure 12. Prerequisite Checks Window

   **

4. In the Specify Installation Location, enter the following values, then click Next to continue:

   Oracle Middleware Home : /home/oracle/Middleware  
   Oracle HOME Location : Oracle\_IDMLCM1   
   

5. In the Installation Summary window, review the results and click Install to start the installation.

6. Once the installation is completed, click Next to continue.

7. In the Installation Complete window (Figure 13, below), review the results and click Finishto close the installer.

   

   Figure 13. Installation Complete Window

Copying Required Patches

1. The documentation recommends installing at least mandatory patches during the installation of the IAM environment. However, the patches listed in the documentation for WebLogic at the time of this writing (see below) were all superseded by built-in patch 19637463 (12UV), included in the IAM deployment repository, and thus do not need to be installed.

   For WebLogic Server:  
   Patch **16844206** fixes an issue in getting environment variables in Windows Server  
   Patch **14404715** fixes an issue when sending JMS messages  
   Patch **18398295** fixes an issue with multi-byte character set  
   
   For Oracle Database:  
   Patch **17501296** fixes a bug when deleting rows from a table. This patch cannot be deployed with the LCM tools; its installation is described in Step 22: **Installing the Oracle Database**.
   

2. To automate the deployment, the LCM tools need a response file containing all the configuration parameters needed to perform the deployment. Therefore, log in as “oracle” user and run the Deployment Wizard by running the following commands:

   export IDMLCM\_HOME=/home/oracle/Middleware/Oracle\_IDMLCM1  
   cd $IDMLCM\_HOME/provisioning/bin  
   ./iamDeploymentWizard.sh
   

Generating the Response File

1. To automate the deployment, the LCM tools need a response file containing all the configuration parameters needed to perform the deployment. Therefore, log in as "oracle" user and run the Deployment Wizard by running the following commands:

     export IDMLCM\_HOME=/home/oracle/Middleware/Oracle\_IDMLCM1  
     cd $IDMLCM\_HOME/provisioning/bin  
     ./iamDeploymentWizard.sh  
   

   

   **Figure 14. Welcome Window

   **

2. In the Welcome window (Figure 14), click Next to continue.

3. In the Choose IAM Installation Option, select Create a New Identity and Access Management Deployment Response File and click Next to continue.

4. In Specify Security Updates windows, uncheck “I wish to receive security updates...”. Leave the other fields blank and click Next to continue.

   Click **Yes** to the warning message to continue.
   

5. In Describe Response File, leave the default values and click Next to continue.

   Title : Identity and Access Management Deployment Response File  
   Version : 1.0
   

6. In Select IAM Products window (Figure 15, below), select OIM-OAM-OMSS Integrated with Directory* and click Nextto continue.

   

   **Figure 15. Select IAM Products Window

   **

7. In Directory Selection, select Configure New Directory and leave the default value Oracle Unified Directory. Click Next to continue.

8. In Select Topology, select Single Node and enter the server name. Click Next to continue.

   Host name : ora-iambox.local
   

9. In Select Installation and Configuration Locations, enter the following values and click Next to continue:

   Lifecycle Management Store Location : /home/oracle/lcm\_store  
   Software Repository Location : /IAM/MySOFTWARE/OracleIAM  
   Software Installation Location : /home/oracle/oim-oam-omss  
   Shared Configuration Location : /home/oracle/oim-oam-omss/config
   

10. In the Directory Configuration window, enter the following values and click Next to continue:

    Port : 1389
    SSL : 1636
    Realm DN : dc=acme,dc=com
    User container : cn=Users,dc=acme,dc=com
    Group container : cn=Groups,dc=acme,dc=com
    System ID container : cn=SystemIDs,dc=acme,dc=com

11. In Configure Oracle HTTP Server, review the assigned values and click Next to continue.

    Hostname : ora-iambox.local
    HTTP Port : 7777
    SSL Port : 4443
    OHS Admin SSL Port : 9999
    OPMN Local Port : 6703
    OPMN Remote Port : 6704
    OAM Admin Front End Port : 7777
    OIM Admin Front End Port : 7778
    Instance Name : ohs1

12. In Configure Oracle Identity Manager, review the assigned values and click Next to continue.

    AdminServer Port : 7101
    Port : 14000
    Nodemanager Port : 5556

13. In the Oracle Identity Manager Database Configuration, enter the following values and click Next to continue.

     Create Schema using RCU : \[checked\]  
     SYSDBA Username : sys  
     SYSDBA Password : Passw0rd  
     Schema prefix : EDGIGD  
     Schema User Name : EDGIGD\_OIM  
     Service Name : iam.local  
     Schema Password : Passw0rd
    
     Single Database Instance : \[cheched\]  
     Host Name : ora-iambox.local  
     Listening port : 1521
    

14. In Configure SOA windows, review the default values and click Next to continue.

    SOA Hostname : ora-iambox.local
    Port : 8001

15. In Configure Oracle Business Intelligence Publisher, review the default values and click Next to continue.

    BIP Host : ora-iambox.local
    Port : 9704

16. In Configure Oracle Access Manager, review the default values and click Next to continue.

    OAM Host : ora-iambox.local
    AdminServer Port : 7001
    OAM Port : 14100
    Nodemanager port : 5556
    OAM Transfer Mode : Simple
    Cookie Domain : .local

17. In Configure Oracle Mobile Security Manager, review the default values and click Next to continue.

    OMSM Host : ora-iambox.local
    OMSM Port : 14180
    OMSM SSL Port : 14181

18. In Configure Oracle Mobile Security Access Server, review the default values and click Next to continue.

    OMSAS Host : ora-iambox.local
    OMSM Port : 9001
    OMSM SSL Port : 9002
    Gateway Instance : gateway1

19. In Configure Access Policy Manager, review the default values and click Next to continue.

    OAM Policy Manager Host : ora-iambox.local
    OAM Policy Manager Port : 14150
    OAM Policy Manager SSL Port : 14151

20. In Configure Oracle Access Manager Database, enter the following values and click Next to continue:

     Create Schema using RCU : \[checked\]  
     SYSDBA Username : sys  
     SYSDBA Password : Passw0rd  
     Schema Prefix : EDGIAD  
     Schema User Name : EDGIAD\_OAM  
     Service Name : iam.local  
     Schema Password : Passw0rd
    
     Single Database Instance : \[checked\]  
     Host Name : ora-iambox.local  
     Listening Port : 1521
    

21. In Set User Names and Passwords, enter a value for the password and click Next to continue.

    Enter Common IAM Password : Passw0rd

22. In the Summary window (Figure 16, below), review the final configuration and leave the default values, then click Finish to close the wizard.

     Provisioning file : provisioning.rsp  
     Provisioning summary : provisioning.summary  
     Directory : /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin
    

![16-deploy-summary.jpg](https://objectstorage.us-phoenix-1.oraclecloud.com/p/BqK85Rn1zA5MP0vYiqbAdPgs7Z6OmMxw8SD3WCFVm5kY8uReidZ1KPIKkgJ1hCkG/n/axciphqpnohg/b/forums-legacy/o/uploads/jive_attachments/2/1/2/21264154egami.jpeg)  

**Figure 16. Summary Window**

23. Check the resulting response file by looking at the following location:

    /home/oracle/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp

Running the Health Check Utility

1. During deployment using the LCM tools, the Health Check Utility is automatically invoked as part of the pre-installation and post-installation steps. However, this utility can also be invoked manually, which is useful if you want to know if the target server has been properly configured to support the installation. Log in as “oracle” user and follow the instructions below to run the utility from a command line.

2. To check the Oracle Identity Manager database before installing the Oracle Identity and Access Management environment, run the following commands:

       cd /home/oracle/Middleware/Oracle\_IDMLCM1/healthcheck/bin  
       ./idmhc.sh -manifest ../config/PreInstallChecks\_db.xml  
   
       If mandatory patch **17501296** for the database was applied, the following result is displayed:  
   
       Oracle Identity and Access Environment Health Check Utility Version
   

   Log directory is not provided. Using /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin as default log directory

   [Executing 1 of 1 plugins]: Verifying DB patches
   Enter the ORACLE HOME path:/home/oracle/app/oracle/product/11.2.0/dbhome_1
   [Plugin succeeded]: Verifying DB patches

   [Total# of Plugins Executed]: 1
   [Total# of Plugins Succeeded]: 1
   [Total# of Plugins Failed]: 0
   [Total# of Plugins with Errors]: 0
   [Total# of Plugins with Warnings]: 0

   [HealthCheck actions summary report]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_db_2015-07-12_10_31-23PM.html

   [HealthCheck log file]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_db_2015-07-12_10_31-23PM.log

   [HealthCheck XML report]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_db_2015-07-12_10_31-23PM.xml

3. To check all mandatory prerequisites for an Oracle Identity and Access Management environment, run the commands below. If some of the validations fail, an HTML file will be generated containing a summary of the errors and corrective actions.

       cd /home/oracle/Middleware/Oracle\_IDMLCM1/healthcheck/bin  
       ./idmhc.sh -manifest ../config/PreInstallChecks\_mandatory.xml  
   
       The following result shows three (3) errors highlighted in red:  
   
       Oracle Identity and Access Environment Health Check Utility Version  
       Log directory is not provided.Using /home/oracle/Middleware/Oracle\_IDMLCM1/healthcheck/bin as default log directory
   

   [Executing 1 of 12 plugins]: Verifying Kernel Parameters
   [Plugin succeeded]: Verifying Kernel Parameters
   [Executing 2 of 12 plugins]: Verifying Operating system and release
   [Plugin succeeded]: Verifying Operating system and release
   [Executing 3 of 12 plugins]: Check whether ports are free
   [Plugin skipped]: Check whether ports are free
   [Executing 4 of 12 plugins]: Verifying available Disk space
   [Plugin failed]: Verifying available Disk space
   [Executing 5 of 12 plugins]: Verifying available Physical Memory
   [Plugin failed]: Verifying available Physical Memory
   [Executing 6 of 12 plugins]: Check Reachability of hosts
   [Plugin skipped]: Check Reachability of hosts
   [Executing 7 of 12 plugins]: Verifying DB Parameter
   [Plugin skipped]: Verifying DB Parameter
   [Executing 8 of 12 plugins]: Verifying DB Schema Connection
   [Plugin failed]: Verifying DB Schema Connection
   [Executing 9 of 12 plugins]: Verifying JDK vendor and version
   [Plugin succeeded]: Verifying JDK vendor and version
   [Executing 10 of 12 plugins]: Verifying Packages Installed
   [Plugin succeeded]: Verifying Packages Installed
   [Executing 11 of 12 plugins]: Verifying Path Permissions
   [Plugin skipped]: Verifying Path Permissions
   [Executing 12 of 12 plugins]: Verifying XClock run
   [Plugin succeeded]: Verifying XClock run

   [Total# of Plugins Executed]: 8
   [Total# of Plugins Succeeded]: 5
   [Total# of Plugins Failed]: 3
   [Total# of Plugins with Errors]: 0
   [Total# of Plugins with Warnings]: 0

   [HealthCheck actions summary report]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_mandatory_2015-07-13_09_17-48PM.html

   [HealthCheck log file]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_mandatory_2015-07-13_09_17-48PM.log

   [HealthCheck XML report]: /home/oracle/Middleware/Oracle_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM_ora-iambox.local-PreInstallChecks_mandatory_2015-07-13_09_17-48PM.xml

       In a browser, open the summary report by typing the string below to see the details of the errors.  
   
       home/oracle/Middleware/Oracle\_IDMLCM1/healthcheck/bin/logs/healthchecker/IDM\_ora-iambox.local-PreInstallChecks\_mandatory\_2015-07-13\_09\_17-48PM.html       
   

4. Resolution of the errors varies for each scenario. Here are the corrective actions taken for the three errors in the previous step:

       (a) Error verifying available disk space  
       The **DiskSpaceCheck** plugin by default checks the space available in the root volume “/”. However, in our case, the target volume “/home” has 52 GB of disk space available, so this error can be ignored.  
   
       (b) Error verifying available physical memory  
       The **FreeMemoryCheck** plugin in the Health Check Utility has a bug that prevents it from properly obtaining the free memory available in Oracle Linux 7.1. This error can be ignored if the target server has at least 32 GB of physical memory.  
   
       (c) Error verifying DB schema  
       This error can be ignored since we haven't run the installation, the RCU tool hasn't been executed, and thus no schema has been provisioning yet in the database.  
   
       **Note:** The errors can be ignored by editing the Health Check Utility configuration file **PreInstallChecks\_mandatory.xml** and deleting the sections associated with each verification task. The configuration file resides here:  
       /home/oracle/Middleware/Oracle\_IDMLCM1/healthcheck/config/  
   
       For example, for the previous errors, we removed the following sections:  
   
       \<plugin id="DiskSpaceCheck"  
       description="Verifying available Disk space"  
       invoke=""  
       plugin.class="oracle.idm.healthcheck.plugins.diskspace.DiskSpaceCheckPlugin"  
       class.path="$HC\_LOCATION/lib/idmhcplugins.jar"  
       stoponerror="false"/>
   
       \<plugin id="FreeMemoryCheck"  
       description="Verifying available Physical Memory"  
       invoke=""  
       plugin.class="oracle.idm.healthcheck.plugins.freememcheck.FreeMemCheckPlugin"  
       class.path="$HC\_LOCATION/lib/idmhcplugins.jar"  
       stoponerror="false"/>                 \<plugin id="DBSchemaCheck"  
       description="Verifying DB Schema Connection"  
       invoke="" plugin.class="oracle.idm.healthcheck.plugins.dbschemacheck.DBSchemaCheckPlugin"  
       class.path="$HC\_LOCATION/lib/idmhcplugins.jar;  
       $HC\_LOCATION/lib/ojdbc6.jar"  
       stoponerror="false"/>
   

   Alternatively, if you are planning to deploy the IAM Suite using the Deployment Wizard instead of the LCM Tools command line interface, you can opt to bypass the validations when invoking the wizard with the parameter ignoreSysPrereqs. Here’s an example:

       /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/iamDeploymentWizard.sh -ignoreSysPrereqs
   

5. If errors were generated and corrected, run the Health Check Utility again until no errors are reported.

Running the Deployment with LCM Tools

1. The LCM tools can be executed interactively (Deployment Wizard) or via command line. In this article we will describe the command line interface. For each stage of the deployment process, we run a task that must run sequentially; that is, each stage must be completed before the next stage can begin. Failure of a stage will require a clean and restart. The following commands run the first task “preverify” of the deployment process.

       cd /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin  
       ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/provisioning.rsp -target preverify  
   

   The following is a sample output of the “preverify” task:
   2015-07-15 13:35:00.751 TRACE
   BUILD SUCCESSFUL
   Total time: 1 minute 39 seconds

   Successfully finished preverify.
   Proceed with install.

2. If the previous task completed successfully, run the “install” task. To do so, run the following command (all in one line):

       ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/provisioning.rsp -target install  
   
       **Note:** At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from the beginning (preverify).  
   
       The following is a sample output of the “install” task:  
       2015-07-15 02:15:59.146 TRACE  
       BUILD SUCCESSFUL  
       Total time: 136 minutes 37 seconds
   

   Successfully finished install.
   Proceed with preconfigure.

3. If the previous task completed successfully, run the “preconfigure” task by running the following command:

       ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/provisioning.rsp -target preconfigure  
   
       **Note:** At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from the beginning (preverify).  
   
       The following is a sample output of the “preconfigure” task:  
       2015-07-15 03:54:01.217 TRACE  
       BUILD SUCCESSFUL  
       Total time: 91 minutes 10 seconds
   

   Successfully finished preconfigure.
   Proceed with configure.

4. If the previous task completed successfully, run the “configure” task by running the following command:

       ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/provisioning.rsp -target configure  
   
       **Note:** At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from post-installation (preconfigure).  
   
       The following is a sample output of the “configure” task:  
       2015-07-15 17:39:10.267 TRACE  
       BUILD SUCCESSFUL  
       Total time: 76 minutes 59 seconds
   

   Successfully finished configure.
   Proceed with configure-secondary.

5. If the previous task completed successfully, run the “configure-secondary” task by running the following command:

       ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/provisioning.rsp -target configure-secondary  
   
       **Note:** At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from post-installation (preconfigure).  
   
       The following is a sample output of the “configure-secondary” task:  
       2015-07-15 18:08:18.592 TRACE  
       BUILD SUCCESSFUL  
       Total time: 19 minutes 26 seconds
   

   Successfully finished configure-secondary.
   Proceed with postconfigure.

6. If the previous task completed successfully, run the “postconfigure” task by running the following command:

       ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/provisioning.rsp -target postconfigure  
   
       **Note:** At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from post-installation (preconfigure).  
   
       The following is a sample output of the “postconfigure” task:  
       2015-07-15 19:20:49.018 TRACE  
       BUILD SUCCESSFUL  
       Total time: 41 minutes 44 seconds
   

   Successfully finished postconfigure.
   Proceed with startup.

7. If the previous task completed successfully, run the “startup” task by running the following command:

       ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/provisioning.rsp -target startup  
   
       **Note:** At this stage, if an error is generated, before you can run the same task again, you will need to cleanup and restart the installation process and then start from post-installation (preconfigure).  
   
       The following is a sample output of the “startup” task:  
       2015-07-15 20:30:38.613 TRACE  
       BUILD SUCCESSFUL  
       Total time: 46 minutes 53 seconds
   

   Successfully finished startup.
   Proceed with validate.

8. If the previous task completed successfully, run the “validate” task by running the following command:

       ./runIAMDeployment.sh -responseFile /home/oracle/Middleware/Oracle\_IDMLCM1/provisioning/bin/provisioning.rsp -target validate  
   
       The following is a sample output of the “validate” task:  
       2015-07-15 21:08:17.376 TRACE  
       BUILD SUCCESSFUL  
       Total time: 5 minutes 19 seconds
   

   Successfully finished validate.

Post-Deployment Tasks

1. Once the deployment is completed, follow the instructions below to enable help in the WebLogic Administrative Console.

     Open a browser window and enter the following values:  
     URL : [http://ora-iambox.local:7777/oamconsole](http://ora-iambox.local:7777/oamconsole)  
     User : oamadmin  
     Pass : Passw0rd
   

2. The Launch pad is displayed. In the Access Manager pad, click on Application Domains. A Search Application Domains tab opens. In the Name field, enter “IAM Suite” and click Search. In the Search Results, click IAM Suite. Then, click the Resources tab, and then Create to enter the following information:

       Type : HTTP  
       Description : All resources for WLS console help  
       Host Identifier : IAMSuiteAgent  
       Resource URL : /consolehelp/\*\*  
       Query : Name Value list  
       Operations Available : All  
       Protection Level : Excluded
   

   Click Apply to save the changes.

Verifying the Deployment

1. After completing the deployment and post-deployment tasks, you can verify the installation and connectivity with all the IAM components installed. The instructions below indicate the URL and credentials needed to access the Access Management components. Figures 17 and 18 (below) show the OAM and OIM consoles.

       **Oracle Access Manager**  
       WebLogic Administration Console (IAMAccessDomain)
   

   URL : http://ora-iambox.local:7777/console
   User : weblogic_idm
   Pass : Passw0rd

   Enterprise Manager Console (Farm_IAMAccessDomain)

   URL : http://ora-iambox.local:7777/em
   User : weblogic_idm
   Pass : Passw0rd

   Oracle Access Management Console

   URL : http://ora-iambox.local:7777/oamconsole
   User : oamadmin
   Pass : Passw0rd

   Oracle Access Management Policy Manager Console

   URL : http://ora-iambox.local:7777/access
   User : oamadmin
   Pass : Passw0rd

2. The instructions below indicate the URL and credentials needed to access the Identity Management components:

       **Oracle Identity Manager**
   

   WebLogic Administration Console (IAMGovernanceDomain)

   URL : http://ora-iambox.local:7778/console
   User : weblogic_idm
   Pass : Passw0rd

   Enterprise Manager Console (Farm_IAMGovernanceDomain)

   URL : http://ora-iambox.local:7778/em
   User : weblogic_idm
   Pass : Passw0rd

   Oracle Identity Self Service Console

   URL : http://ora-iambox.local:7778/identity
   User : xelsysadm
   Pass : Passw0rd

   Oracle Identity System Administration Console

   URL : http://ora-iambox.local:7778/sysadmin
   USer : xelsysadm
   Pass : Passw0rd

   Oracle Entitlement Server - Authorization Policy Manager Console

   URL : http://ora-iambox.local:7778/apm
   User : weblogic_idm
   Pass : Passw0rd

   Oracle BI Publisher Enterprise Console

   URL : http://ora-iambox.local:7778/xmlpserver
   User : xelsysadm
   Pass : Passw0rd

Start and Stop IAM Suite Components

1. Along with the deployment, a set of scripts to start and stop all the IAM components are generated and placed in the software location folder. Follow the instructions below to stop and start the IAM suite.

     Stop IAM Suite  
     cd /home/oracle/oim-oam-omss/config/scripts/  
     ./stopall.sh  
   
     Start IAM Suite  
     cd /home/oracle/oim-oam-omss/config/scripts/