There are couple of manual steps required after IdM provisioning is complete in order to get your IdM fully and correctly configured. These are mostly related to some things which could not fit into automatic provisioning process as well as various bugs that exist in the 11.1.7 version.
CORRECTING DATASOURCE CONFIGURATION
Due to Bugs 17075699 and 17076033 in Identity Management Provisioning, you must make changes to the following datasources:
To make the changes, proceed as follows:
- Log in to the WebLogic Administration Console
- Click Lock & Edit.
- Navigate to Services -> Data Sources.
- Click on the data source to be updated, for example, EDNLocalTxDataSource-rcn
- Click the Transaction tab.
- Deselect Supports Global Transactions.
- Click Save.
- Repeat Steps 4 through 7 for all the listed datasources.
- Click Activate Changes.
UPDATE OHS SERVER PARAMETERS
For Idm deployments, the default values of Oracle HTTP server must be adjusted as follows:
- Edit the file httpd.conf, which is located in /u01/app/oracle/local/instances/ohs1/config/OHS/ohs1 (please note that this is a directory $ORACLE_INSTANCE_HOME we’ve chosen during provisioning of IdM, so it might differ in your environment).
- Update the values in <IfModule mpm_worker_module> section as below:
CREATE ODSM CONNECTIONS TO OVD
Before you can manage Oracle Virtual Directory you must create connections from ODSM to each of your Oracle Virtual Directory instances. To do this, proceed as follows:
- Open ODSM in your browser. By default it will run under 7005 port, so the URL is http://<yourIDMhostname>.<yourIDMdomain>:7005/odsm
- Create a direct connection to Oracle Virtual Directory providing your host and port information in ODSM (please note that SSL needs to be checked and default port during provisioning is 8899):
Enter the common IdM password you’ve chosen during IdM provisioning. You should be able to login and see the page like this:
ADD ORACLE IDENTITY MANAGER PROPERTY
As a workaround for a bug in the Identity Management Provisioning tools (Bug 16667037), you must add an Oracle Identity Manager property. Perform the following steps:
- Log in to the WebLogic Console
- Navigate to Environment -> Servers.
- Click Lock and Edit.
- Click on the server WLS_OIM1.
- Click on the Server Start subtab
- Add the following to the Arguments field: -Djava.net.preferIPv4Stack=true
- Click Save.
- Click Activate Changes.
- Restart the managed server WLS_OIM1
UPDATE WEBGATE CONFIGURATION
To update the maximum number of WebGate connections, proceed as follows:
- Login to the Oracle Access Manager Console and select the System Configuration tab (note you have to use oamadmin user for login)
- Select Access Manager -> SSO Agents -> OAM Agent from the directory tree. Double-click or select the Open Folder icon.
- On the displayed search page, click Search to perform an empty search.
- Click the Agent Webgate_IDM.
- Select Open from the Actions menu.
- Set Maximum Number of Connections to 20
- Set AAA Timeout Threshold to 5.
- In the User Defined Parameters box, set client_request_retry_attempts to 11.
- If the following Logout URLs are not listed, add them:
CREATE OAM POLICIES FOR WEBGATE 11G
In order to allow WebGate 11g to display the credential collector, you must add /oam to the list of public policies. Proceed as follows:
- Log in to the OAM console
- Select the Policy Configuration tab.
- Expand Application Domains – IAM Suite
- Click Resources.
- Click Open.
- Click New resource.
- Provide the following values:
- Type: HTTP
- Description: OAM Credential Collector
- Host Identifier: IAMSuiteAgent
- Resource URL: /oam
- Protection Level: Unprotected
- Authentication Policy: Public Policy
PASSING CONFIGURATION PARAMETERS FILE TO FUSION APPLICATIONS
There is a properties file called idmsetup.properties that gets created and appended each time something is changed in IdM configuration. The file is required for further Fusion Applications provisioning during provisioning plan creation. Basically what happens is that all IdM related information is taken from that file and autofilled in Fusion Apps provisioning plan. Therefore it is necessary to transfer the file to Fusion Applications node. You can locate the file in $ORACLE_CONFIG_HOME. In our case it is /u01/app/oracle/config/fa. Once this has been done – we are ready for further steps in FA provisioning process that will be covered in next series of blog posts.