Installing OIM,OAM,OID,OVD

Similar Messages

• OIM-OAM 11g BP 02 integration not working as expected

  Hi Experts,
  We have OIM 11g and OAM 11g both upgraded to BP02 installed on separate hosts. We are using OID 11g as the directory servers and OVD 11g fronting OID for integration. We followed the steps mentioned in Oracle Document Oracle® Fusion Middleware Integration Guide for Oracle Access Manager 11g Release 1 (11.1.1)Part Number E15740-04 for integration purpose.
  After performing all the integration tasks mentioned in the document, while testing the ingtegration, the expected results are not been serverd.
  If I access OIM admin console URL, am getting default OIM admin console URl instead of OAM SSO login page for authencation. and also I am unable to login using either xelsysadm\oimadmin\oamadmin but I can login using weblogic, so this is referin to the default embeded LDAP of weblogic for credential validation.
  OIM and OAM are deployed on separate hosts, please find the deployment details below.
  1. JDK: 1.6.0_29
  2. WLS : 10.3.5
  3. LDAP: Oracle Internet Directory: 11.1.1.5.0
  Oracle Virtual Directory: 11.1.1.2.0
  4. Webserver: Oracle HTTP Server fronting the OIM
  The Integration videa on Support.oracle assumes that all components OIM\OAM/OID/OHS being on the same host.
  I have my OIM and OAM both patched to the latest BP which is BP 02. There is a support article which specifically talks about few settings ton be made for BP 02.
  the article ID is 1447494.1.
  Even after doing all these, the integration is not working.
  As per the support article, I need to use preferred host name for agent fronting OIM as IAMSuiteAgent and if I do that, the proxying of OIM server with the webserver host will not work at all and ends with 404 not found error when I access using http://OHShost:OHSport/oim.
  but if i use the name of agent i.e webserver name in the preferred host field, the redirection would happen and i get OAM SSO login page for authentication, however with the credential validation at this page, the OIM login page (http://OIMhost:OIMport/oim) is provided prompting for login again.
  also if i access OIM login page http://OIMhost:OIMport/oim directly, the OAM SSO page is not coming for authentication.
  I am awaiting your advice\suggestions or workarounds if any one has come across this kind of issue, which i am sure is an obvious case.
  Thanks,
  Nagendra

  Hi,
  Any help in this regard please/
  Thanks
  Nagendra

• Base IDM product should consist of  OIM, OID, OVD, OAM and OIF ?

  Hi Experts,
  I want to understand what should be the very base IDM 11g Product should satisfy majority of client requirement. What is best Practices of Product combination one should have ?
  1) OIM, OID, OVD, OAM and OIF 11g
  2) OIM, OID, OVD, OAM 11g
  3)OIM, OID, OVD and OIA 11g
  Considering 11g & best pratices.
  I would like to understand what Pack is must for what kind of requirement ?
  There are so many product combination so confused what is best base Security Prodcut combination can be ?
  Help Appreciated.
  Thanks In Advance.
  Edited by: 937775 on 31/05/2012 06:01

  Thanks Gyanprakash for valuable Suggestion.
  I have one more question,
  Now to do the OIM,OID,OVD,OAM Security Stack Installaton,
  can I use two VM 1) all security product (OIM,OID,OVD,OAM) 2) DB VM (I heard we do have database VM)
  Could you mind sharing Info 1) what number of VM do I use for security Product Installation 2) Can I use DB VM or Database should be installed physically not on VM ?
  Thoughts ?

• OID, OVD, OIF, OIM, OAM version

  Hey guys, I wanted to know if there is some commands that would give me the versions of OID, OVD, OIF, OIM, OAM
  Weblogic version can be found by connecting to the console at the bottom of the page: e.g:
  "WebLogic Server Version: 10.3.3.0
  Copyright © 1996,2010, Oracle and/or its affiliates. All rights reserved."
  However, for specific product, I'm not sure if there is a way to know the version. Is there a version.property file or a command that can help me ?)
  In case of OID, OVD:
  - opmnctl services version
  - odsm version
  In case of OIF:
  - opmnctl services version
  - oif version
  In case of OAM:
  - version of identity server
  - version of access server
  - version of webgate
  In case of OIM:
  - version of OIM
  Thank you for your help.

  for OID-Step1-Make Sure DB is up and running
  Run: prompt> tnsping <connect string>
  Step2-Make sure OID processes are up
  Prompt>$ORACLE_HOME/bin/oidctl connect=<servicename from tnsnames.ora> status
  -Once u run above comnd u could see processes and ver
  for OIA-Once u complete installations Open rbacx.log for versin info
  thnks
  vishwa
  orcl

• How to change metadata database after OIM/OAM install?

  Hi everyone
  We need to change the metadata/schema database for our OIM/OAM installation.
  What I plan to do is:
  1. Create the new db
  2. Run the RCU utility for both OID and OAM.
  3. Change the connection pool data source in the OAM Weblogic console.
  Is there anything else I need to do?
  I know there was a connection to the database done when I created the Domain from the OID home (using config.sh). I've tried to run this config script again but can't find any way to amend the domain, nor can I see how to do it in any of the (many) consoles.
  Any help greatly appreciates!
  D

  Hi ,
  At the time of configuration you will get an option to set the database connection parameters there you can point to your required DB schema.
  Regards,
  Ari

• After install OIM, i how to start OID server?

  after install OIM, i how to start OID server?

  Hi,
  1) Make sure that Weblogic Node Manager is running at background.
  2) Make sure that all weblogic Managed Servers related to OIM (port 14000) and OID 11g LDAP Port 3060, LDAPS Port 3131, wls_ods1 (DIP & ODSM) is running on 7005 and WebLogic Admin Server is running on Port 7001.
  3) Check whether all the OID Services are running by following commands
  a.     export ORACLE_INSTANCE=/u01/app/oracle/admin/oid1_inst
  b.     $ORACLE_INSTANCE/bin/opmnctl status
  Regards,
  ABP

• Wrong Hostname for OIM/OAM implementation

  Hi everyone,
  I'm having some issues with OAM redirecting using the machine name instead of fully qualified hostname.
  Linux: Red Hat Enterprise Linux Server release 5.6 (Tikanga)
  In my base domain I have installed OIAM 11.1.1.5 (OIM, OAM, SOA, OAAM) and in my secondary domain sits IDM 11.1.1.5 which has OVD, OID, ODSM.
  For my base domain, OAM appears to be listening on http://machine... when I try to login using http://machinename.domain/7001/oamconsole it fails because the page redirects to https://machinename:14101/oam/server/ and this fails... likewise http://machine.domain:14000/oim sends me to the same oam link and ends up failing
  i'd like it to use the fully qualified hostname including domain... how do i do this?
  Thanks

  Hi,
  The likely suspects for this would be the settings for the OAM Server(s) and Load Balancing (if set) in the oamconsole. Please check the hostname settings in the "System Configuration" tab in the screens for the OAM servers (oam-server1 etc) under "Server Instances", and in the "Load Balancing" settigns in "Access Manager Settings".
  Regards,
  Colin

• OIM-OAM integration and LDAP Sync

  Hello All, I have deployed OIM 11g R2 and OAM/OVD 11.1.1.5. Now I need to enable LDAP sync for OIM-OAM integration and I'm not allowed to extend Oracle schema in AD. So I decided to use OUD for FMW schema and I have completed all those steps and OUD is up and running. Since my enterprise directory is AD and OUD is my FMW directory, I need to think of a split profile setting in OVD. I'm following this link http://fusionapplications-ateam.blogspot.com/2012/04/split-profiles-with-ad-and-oid-for.html for this deployment. I have OVD adapters configured for AD, OUD, Join view and changelog. The link does not clearly explain the steps in OIM for LDAP Sync.
  When I configure LDAP Sync in OIM, should I point the sync to the OUD users container?
  When and how this cn=shadowentries container will be used? I understand that the password (obattributes) are used for password management by OAM, but wondering where will that get stored in OUD?
  Please let me know your thoughts.
  Thanks.

  Hi,
  when I use url:
  http://idm1:14000/admin/faces/pages/Admin.jspx
  I get Access Manager login page, I can click links: register new user, reset password and I get correct OIM pages. But when I type xelsysadm and password I get error on the next page:
  Error 401--Unauthorized
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  10.4.2 401 Unauthorized
  I can't logon to EM, OAMconsole, Weblogic etc. when the OAM is running. In OIM log I got errors from oam-agent: "User is not authorized to access resource, MinorCode: DENY, MajorCode: DENY".
  I have got user xelsysadm in OIM and in LDAP, when the OAM is not running I can login to OIM, create users in OIM (they appear in OID) etc. The user xelsysadm is added to group: OAMAdministrators. Also when I try to logon to OAM console (http://idm1:7001/oamconsole) using orcladmin name I get error: Access to administration console is restricted. But when I use weblogic username (the user is in OAMAdministrators group in OID) i can get OAMconsole.
  How can I change logon type in OIM?
  best
  mp
  Edited by: J23 on 2011-01-10 00:47

• Install OIM 9.0.2 on Linux with JBOSS or OAS 10.1.3.1

  Hi all,
  I try to install OIM on RHEL 4 update 3 .
  First I installed OIM 9.0.2 in Oracle 10.2.0.1 with JBOSS and I obstacled with errors during compilling adapters of OEBS and OID from Connectors Pack.
  After that I desided to install OIM in existing Oracle 10.2.0.1 on OAS 10.1.3.1 during installation I obstacle with follow error "Oracle Identity Manager installer has found that Oracle Application Server is not running. So, start Oracle Application Server and then proceed with installation."
  I tested my OAS and I's starting
  Please give me advise about my abilities with installation OIM 9.0.2 on Linux.

  For JBOSS I use
  ./java -version
  java version "1.4.2_13"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_13-b06)
  Java HotSpot(TM) Client VM (build 1.4.2_13-b06, mixed mode)
  For OAS 10.1.3.1 I use
  ./java -version
  java version "1.5.0_06"
  Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_06-b05)
  Java HotSpot(TM) Server VM (build 1.5.0_06-b05, mixed mode)
  After all, I installed OIM 9.0.2 on OAS 10.1.3.1 but I have same problems which I have with JBOSS installation:
  1. I have warnings during import xml files of adapters such as
  OID User
  [Warning] Warn:Target has more recent definition.
  Lookup.OID.Department
  [Warning] Warn:Target has more recent definition.
  Lookup.OID.Location
  [Warning] Warn:Target has more recent definition.
  UD_OID_ROLE
  [Warning] Warn:Target has more recent definition.
  adpOIDADDUSERTOGROUP
  [Warning] Warn:Target has more recent definition.
  AttrName.Prov.Map.OID
  [Warning] Warn:Target has more recent definition.
  com.thortech.xl.dataobj.tcUD_OID_ROLE
  [Warning] Warn:Target has more recent definition.
  com.thortech.xl.dataobj.tcOBJ
  [Warning] Warn:Target has more recent definition.
  etc ...
  2. I have errors during compilling adapters in Design Console, It's error such as ""CODE GEN EXCEPTION" "

• Integration and reconciliation of OIM and OID

  I need to do integration with OID and OIM, when i import the XML file, there are two XML files,
  1) oimOIDuser
  2) oimUser
  which xml should be used for the integration of OIM and OID.
  and for the trusted source Reconciliation.
  -sudhan elango.

  oimOIDUser.xml
  If you are using OIM 9.1.0 or later then you don't have to import the connector
  You can install it by copying the contents of the installation in OIM_HOME/xellerate/ConnectorDefaultDirectory
  and then Deployment Manager-> Install connector and from the connector list select OID connector and Load
  Hope it helps,
  Saggu

• 11g installation for oim & oam

  Explain the steps to install Oracle Indentity Manager & Oracle Access Manager in 11g version?

  Following is high level steps for the same:
  1. Install database
  2. create Schemas using RCU utility
  3. Install weblogic
  4. Install Oracle Fusion middleware components (OIM, OAM etc)
  5. Configure Domains and servers in weblogic
  5. Configure design console
  Refer links below for detailed information:
  http://docs.oracle.com/cd/E21764_01/install.1111/e12002/overview.htm
  OIM 11g installation steps
  Hope this helps.
  regards,
  GP

• OIM and OID Domains in Weblogic

  I have a quick question:
  Can I install and make OID 11g and OIM 9.1.0.2 use the same domain (IDMDomain for example) in Weblogic 10.3.1?
  I want to see if we can use the same Weblogic domain for both OID and OIM and use the same port and domain management in Weblogic console.
  Will appreciate quick response.
  Regards!

  No

• We are getting LDAP response read timed out, timeout used:15000ms oid ovd

  Hi All,
  We are having this in prod environment
  We are getting a lot of these:
  2012-09-12 14:43:52,097 [[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] ERROR NamingException: [LDAP: error code 1 - LDAP Error 1 : LDAP response read timed out, timeout used:15000ms.]
  2012-09-12 14:44:24,720 [[ACTIVE] ExecuteThread: '7' for queue: 'weblogic.kernel.Default (self-tuning)'] ERROR NamingException: [LDAP: error code 1 - LDAP Error 1 : LDAP response read timed out, timeout used:15000ms.]
  2012-09-12 15:09:57,206 [[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] ERROR NamingException: [LDAP: error code 1 - LDAP Error 1 : LDAP response read timed out, timeout used:15000ms.]
  2012-09-12 15:25:12,029 [[ACTIVE] ExecuteThread: '23' for queue: 'weblogic.kernel.Default (self-tuning)'] ERROR NamingException: [LDAP: error code 1 - LDAP Error 1 : LDAP response read timed out, timeout used:15000ms.]
  OID/OVD is apparently not doing well!
  Regards,
  PraveenSharma

  Hi,
  OID log:
  [2012-09-12T11:27:24+02:00] [OID] [NOTIFICATION:16] [] [OIDLDAPD] [host: br2lfauth2p.intern.uc.se] [pid: 26857] [tid: 8] [ecid: 004mNrBiy2p9Pdw6wFnZ6G0006Zd007WLb,0] ServerWorker (REG):[[
  BEGIN
  ConnID:1076930 mesgID:915 OpID:914 OpName:modrdn ConnIP:::ffff:172.30.18.198 ConnDN:cn=oam,ou=ucsystemaccounts,dc=uc,dc=se
  [gsldmda_ModifyDN]:ORA-60 ORA-00060: deadlock detected while waiting for resource
  ORA-06512: at line 1
  encountered
  END
  Regards,
  PraveenSharma

• OIM & OAM's identity system?

  Hi all,
  1.I want to know the main differences between OIM & OAM's identity system.
  2.OAM includes identity system & access system,can i use OAM's identity system only without installing access system to handle user identity management ?
  thanks.need r help.

  Yes. You can install only OAM Identity System to do User/Group/Org Identity Management, without installing Access System. (Although Oracle always recommends using OIM for User Identity Management)
  The difference between OIM and OAM is that OIM is used for User Provisioning, Reconciliation and Identity Management across multiple data stores, while OAM does User Provisioning and Identity management on a single data store.
  From my experience, OAM Identity System takes an edge over OIM in the following ways:
  1. Attribute Access Control: This function lets you specify permissions that determine who can read and modify the values for each LDAP attribute. It also lets you create a list of users or groups to be notified when an attribute is changed. The audience can be defined using a role, rule(ldap filter), person or group definition.
  2. Set Searchbase: The searchbase determines the part of the directory tree that is available to a user during a search. You must set a searchbase for each structural object class configured for the Identity System before a user can view its entries. You can set multiple searchbases for each structural object class. When you set a searchbase, you determine who can search what (an object class, at a particular level of the directory tree), optionally using a search filter. The audience can be defined using a role, rule(ldap filter), person or group definition.
  3. Delegated Administration: Delegating administration allows the Master Administrator and Master Identity Administrator to delegate their responsibilities to other, more local administrators. This is particularly useful in large organizations, where it may be necessary to administer thousands or millions of users. By doing this, you determine what rights you want to grant to another user.
  4. Easy-to-use workflows: The workflow applet lets you create different kinds of workflows in minutes. Following are the interesting features in OAM workflows:
  - Email notification: On execution of each workflow step, an email notification can be sent to the participants of the next step.
  - Dynamic Participants: Instead of specifying static participants when you create a workflow, you can have a workflow plug-in or application choose dynamic participants according to runtime conditions.
  - Out-Of-Office Participants: If a static or dynamic participant is going to be out of the office or otherwise unable to process workflow tickets, he or she can set an Out of Office flag in his or her user profile so that all incoming tickets are redirected to a surrogate participant for as long as the flag remains activated.
  - Escalation Participant: If the participants receiving a given workflow ticket fail to process it within a specified interval, that ticket can be sent to an escalation participant, who assumes full responsibility for the ticket.
  5. OAM deployment is usually faster than an OIM deployment.
  One of the disadvantages of OAM Identity System is that it can manage identities in a single (LDAP only) data store. This can be overcome by the use of Oracle Virtual Directory on top of all the identity data stores being used in the enterprise.
  Let me know if you have any more questions.
  -shetty2k

• Error while installing OIM 9.1.0.1 server.

  Hi,
  I installed database10.2.0.1 with DBA Group: oinstall. i also installed the weblogic 10.3.0. Now I am trying to install OIM server 9.1.0.1 on linux.
  Before installing it i tried to run the prepare_xl_db.sh file by copying it to oracle home directory, i am getting the following error
  "user doesnot have DBA priviliege. you need to part of dba group to run this script"
  Can anybody help me how to solve this issue.
  Thanks & Regards
  SRI
  Edited by: user8913747 on Apr 1, 2010 7:20 AM

  You need a group on your box called dba. The user that installs the database should be a member of this group. Then you should be running the prepare script as a user that is a member of the dba group.
  -Kevin