Enabling SSL in Oracle E-Business Suite Release 12

Overview

SSL stands for Secure Socket Layer which is protocol developed by Netscape. Data Transferred between Server & Client is secured (Encrypted).
Usually data transmitted between client machine & server (Web Server on http protocol & Forms Server on Sockets ) is clear text packets. Any one can put Packet Sniffer between Client machine & Server & can open & read all data transaction between your machine & Server (If he/she has network access) Hacker can get your Username/Password or any sensitive data. This become critical when you have Internet access to Oracle Applications 11i (Usually Self Service Implementation)

Communication between Client & Oracle Applications happens via three components.

  • Oracle Web Server (Initial Connection & all self service access is via Web Server/Apache). If your Form Server is in servlet Mode then Core Applications are also accessed via Web Server (oacore Component)
  • Oracle Form Server: For Core Oracle Application Access (Forms)
  • Database : You access web server which in turn talks to database Server via UTL_HTTP package via dad (/pls/$SID)

So You enable SSL on particular component depending on your requirement & component which is accessible over Internet & should be secured. You can Implement across all three component or only one or any two.

Concept:

SSL is a technology that defines the essential functions of mutual authentication, data encryption, and data integrity for secure transactions. Exchange of data between the client and server in such secure transactions is said to use the Secure Sockets Layer (SSL).

SSL uses 2 types of Certificates:

1.  User certificates:

These are Certificates issued to servers or users to prove their identity in a public key/private key exchange.

2.  Trusted certificates:

These are Certificates representing entities that you trust – such as certificate authorities that sign the user certificates they issue.

How SSL works with Middle Tier Oracle HTTP Server:

  1. The client sends a request to the server using HTTPS connection mode.
  2. The server presents its certificate to the client. This certificate contains the server’s identifying information.
  3. The client checks its list of Trust points and compares the information in the certificate with the server’s public key. If it matches, the server is authenticated as a trusted server.
  4. The client sends the server a list of the encryption levels, or ciphers, that it can use.
  5. The server receives the list and selects the strongest level of encryption that they have in common.
  6. The client creates a session key which is used to encrypt the data and sends this session key to the server which can decrypt the data with its private key

How SSL works with Oracle Database Server:

  1. The UTL_HTTP package is used for making HTTP callouts from SQL and PL/SQL to a Web Node (Oracle HTTP server).
  2. When the package fetches data from a Web site using HTTPS, it specifies the location to the Oracle Wallet that resides on the database server. This wallet contains the certificate for the Certifying Authority (CA) who signed the Web node’s server certificate.

Process:

For converting the application into SSL we need to have a Digital certificate. A Certificate Authority is a trusted third party responsible for issuing, revoking, and renewing digital certificates. All digital certificates are signed with the Certificate Authority’s private key to ensure authenticity. The Certificate Authority’s Public Key is widely distributed.

A Certificate Signing Request (CSR) is a digital file, which contains your public key and your name. You send the CSR to a Certifying Authority (CA) to be converted into a real Certificate.

A digital certificate is an electronic document that binds an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A trusted third party, called a Certification Authority (CA), issues certificates. The document is usually in a standard X509 format and contains three elements:

  1. Entity attributes (information about your organization)
  2. Public key (which is bound to your organization)
  3. Digital signature of the trusted CA private key

Verisign (http://verisign.com/) will allow your organization to apply for a free trial certificate, which will be valid for 2 weeks for testing purposes.

Private (Server) Key:

The private key file is a digital file that you generate and for use to decrypt messages sent to you. The certificate request (CSR) that you send to your Certificate Authority (CA) is derived from this private key. Therefore, the resulting digital certificate (containing your public key), which is issued by your CA, is bound to this private key.

We will now look into the actual procedure for enabling the application with SSL. Not that below explanation is based on metalink note ID376700.1.

Middle tier setup

To start with SSL setup we have to create a certification request through Oracle wallet manager.

Step 1) Create wallet on the apps side

  • Login to application tier with applmgr user ID and navigate to $INST_TOP/ora/10.1.3 directory and source .env file present at that location. This will make 10.1.3 (IAS_ORACLE_HOME) as your ORACLE_HOME.
  • Navigate to $INST_TOP/certs/Apache directory.
  • Backup Apache directory
  • Start Oracle wallet manager

bash-2.05$ owm &
[1] 16555

  • Navigate Wallet -> New
    Answer No to: “Your default wallet directory doesn’t exist. Do you wish to create it now?”
    Set the wallet manager password (example. Welcome)
  • Click Yes when prompted “A new empty wallet has been created. Do you wish to create a certificate request at this time”.

Following screen appears

untitled.jpg

Common Name           – Your hostname
Organization Unit       – Your department name
Organization                – Your company name
Location/City              – Your city name
State/Province            – Your state name
Country                     – Your country name

Press OK once you fill all information. Save wallet in $INST_TOP/certs/Apache folder with name (server_name).cer

Once saved, it will ask, “A wallet already exist, you want to override”. You can say yes.
Click on certificate Request in the list provided on left side of Oracle wallet manager window and you can see your request contents on right side as seen in below screen.

untitled1.jpg

  • Wallet -> Autologin (Enable)
  • Wallet -> Save

Once you get the request content, you have to get the certificates from certifying Authority like verisign. Currently the certificate request that you created is your .cer file. Using this file you can get the actual certificate file, which will be .crt file. Along with that file you will also get your private key file (.key). So after getting certificate you will have 3 files with you

  1. Certificate request file (.cer)
  2. Actual certificate file (.crt)
  3. Private Key file (.key)

Once you get the certificate, you have to generate CA certification file. Since for any SSL certificate we need to have CA(Certifying Authority) file. Some of the certifying authority companies also provide CA files. But here we will see how to generate CA file from certificate file (.crt).

Step 2) Creating your certifying authority’s certificate

  • Copy/ftp (binary mode) .crt to the your PC desktop
  • Double-click the file and go to Certification Path tab
  • Double click on VeriSign/RSA Secure Server CA
  • Go to Details tab and press Copy to File…
  • Press Next and select “Base-64 encoded X.509(.CER)” and press next
  • Give the name as ca
  • Press Finish

A new ca.cer file will be present in your local PC. FTP back ca.cer file to your UNIX host.

Step 3) Converting the existing cert files

  • Source the .env file again present at location $INST_TOP/ora/10.1.3
  • Change dir to $INST_TOP/certs/Apache
  • Copy .crt, ca.crt, servername.key to the current dir.
  • Execute the following command:
    $ORACLE_HOME/Apache/Apache/bin/ssl2ossl -cert ./.crt -key ./.key -cafile ./ca.cer -wallet . -ssowallet yes

Step 4) Appstier setup
Edit the context xml file in $APPL_TOP/admin, change the SSL related variables to SSL values

SSL Related Variables in the Context File

Variable Non-SSL Value SSL Value
s_url_protocol http https
s_local_url_protocol http https
s_webentryurlprotocol http https
s_active_webport same as s_webport same as s_webssl_port
s_webssl_port not applicable default is 4443
s_https_listen_parameter not applicable same as s_webssl_port
s_help_web_agent url constructed with http protocol and s_webport for both non-SSL and SSL
s_login_page url constructed with http protocol and s_webport url constructed with https protocol and s_webssl_port
  • Execute autoconfig
  • Bounce the mid-tier services

Step 5) DB Tier Setup

Once you run autoconfig on Apps Tier, you need to do wallet setup on DB tier as well. Since R12 is autoconfig enabled, there will be a directory called appsutil in ORACLE_HOME on database side. Follow below steps to carry out the setup on database side.

  • Login to DB tier as oracle user
  • Change dir to $ORACLE_HOME/appsutil
  • Create a new dir with name as wallet
  • Start Oracle Wallet Manager (owm &)
  • Wallet -> New
  • Answer No to: “Your default wallet directory doesn’t exist. Do you wish to create it now?”
  • Click No when prompted “A new empty wallet has been created. Do you wish to create a certificate request at this time”
  • Save Wallet
  • Copy ca.crt from the appl_top to $ORACLE_HOME/appsutil/wallet
  • Navigate Operations-> Import Trusted Certificate
  • Navigate to ca.crt
  • Once import completed. Save wallet
  • Navigate wallet-> autologin (enable)
  • Save wallet

Step 6) Sanity check

  • New Appslogin url: https://(hostname):(port)/OA_HTML/AppsLogin
  • Notice the lock sign in the statusbar (bottom) of the browser. Click on the sign to verify the certificate
  • Sanity check all the components.
  • Login to db as sqlplus apps/(apps password)
  • select utl_http.request(‘https://(hostname):(port)’,null,’file:(path to ORACLE_HOME/appsutil/wallet)’, null) from dual;
  • It should display the first 2000 Chars of the html page.

 

Enabling OID/SSO for E-Business Suite R12

Following procedure shows registering Oracle E-Business suite R12 with OID and enabling SSO. This is based on metalink note ID 376811.1

There are three components that can be registered or de-registered in Release 12 with the SSO/OID registration utility. The utility automatically detects the registered components and performs registration for the un-registered components. So there is no need to pass individual registration arguments.

SSO-OID Registration can be done using a single command (Section 1.1). Even though it can be done in a single command it is divided into three parts.

  • Oracle Home Registration.
  • SSO Registration.
  • OID Registration.

Here we will see registering each component individually.

Also we need to have Oracle Application server 10g installed before proceeding for OID/SSO registration. Here are the list of component and supported version.

Components

Oracle E-Business Suite R12
The following components must be used on the E-Business Suite instance:

Component Name
Release
Oracle E-Business Suite Release 12
12.0.0
Oracle 10g Application Server
10.1.2
Oracle 10g Application Server
10.1.3
Oracle Developer 10g (includes Oracle Forms)
10.1.2
Oracle Application Server 10g Enterprise Edition

The following Oracle Application Server 10g Enterprise Edition components must be used on the standalone instance:

Component Name Release
Oracle Application Server 10g Enterprise Edition 10.1.2.0.2
Oracle Single Sign-On 10g 10.1.2.0.2
Oracle Internet Directory 10g 10.1.2.0.2
Oracle Portal 10g (optional) 10.1.4
Oracle Discoverer 10g (optional) 10.1.2.0.2

Before registering make sure to change the following profiles with the values give as below.

  • Applications SSO Type: SSWAw/SSO
  • Applications SSO Auto Link User: Enable
  • Applications SSO Login Types: Both
  • Application SSO LDAP Synchronization: Enable
  • Applications SSO Enable OID Identity Add Event: Enable
  • Link Applications user with OID user with same username: Enable

Once the profiles are set, go ahead with OID/SSO registration.

Registering with OID/SSO

Oracle Home Registration

bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -registerinstance=yes

You are registering ORACLE HOME only.

Enter the host name where Oracle iAS Infrastructure database is installed ? ocvmrh2119.us.oracle.com
Enter the LDAP Port on Oracle Internet Directory server ? 389
Enter SSL LDAP Port on Oracle Internet Directory server ? 636
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome1
Enter Oracle E-Business apps database user password ? apps

 

*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/

txkSetSSOReg_Wed_Jun_20_05_14_34_2007.xml

Beginning input parameter validation for Oracle Home Instance registration.
Input parameter validation for Oracle Home Instance registration completed.

BEGIN ORACLE HOME INSTANCE REGISTRATION:
Oracle Home Instance preferences stored successfully.
Oracle Home Instance registered successfully.

 

 

End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/

txkSetSSOReg.pl : No Errors encountered

SSO Registration

bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -registersso=yes

You are registering this instance with SSO Server.

Enter Oracle E-Business apps database user password ? apps

 

*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/

txkSetSSOReg_Wed_Jun_20_05_16_22_2007.xml

Beginning input parameter validation for SSO registration.
Input parameter validation for SSO registration completed.

BEGIN SSO REGISTRATION:
Beginning to register partner application.
Partner application has been registered successfully.
Configuration file uploaded successfully.
Single Sign-On partner application registered successfully.

 

 

End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/

txkSetSSOReg.pl : No Errors encountered

OID Registration

bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -registeroid=yes

You are registering this instance with OID Server.

Enter LDAP Host name ? ocvmrh2119.us.oracle.com
Enter the LDAP Port on Oracle Internet Directory server ? 389
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome1
Enter the instance password that you would like to register this application instance with ? welcome1
Enter Oracle E-Business apps database user password ? apps

 

*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/

txkSetSSOReg_Wed_Jun_20_05_17_54_2007.xml

Beginning input parameter validation for OID registration.
Input parameters validation for OID registration completed.

 

BEGIN OID REGISTRATION:
Beginning to register Application and Service containers if necessary.
Application and Service containers were created successfully if necessary.
Beginning to register application in Oracle Internet Directory.
Registration of application in Oracle Internet Directory completed successfully.
-> LOADING:  /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/admin/template

/AppsOIDRegistration.tmp

Beginning to register provisioning profile in Oracle Internet Directory.
Registration of provisioning profile in Oracle Internet Directory completed successfully.
Application is now registered successfully with provisioning in Oracle Internet Directory.

End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/

txkSetSSOReg.pl : No Errors encountered

Users are automatically synched up from local repository to OID repository. So when you create a user in local using AppsLocalLogin.jsp it will be automatically reflected in SSO.

Try to login to AppsLocalLogin.jsp and create a new user. Please note that if you dont give any numeric value in password then you may encounter following error.

Unable to call fnd_ldap_wrapper.create_user due to the following reason:
.
ORA-20001: Unable to call fnd_ldap_wrapper.create_user due to the following
reason:
An unexpected error occurred. Please contact your System Administrator

Example if you give your password as welcome, then you may get above error. For this, you need to give a numberic value in your password like welcome1. This behaviour is because while creating users in Apps (even via Forms) by logging via AppsLocalLogin.jsp, it will send the user to OID. In attempting to do so, it will check the OID’s password policies. According to the policies, a password should be alpha numeric.

De-Registrating OID/SSO

Deregister OID

bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -deregisteroid=yes

You are deregistering this instance from OID Server.

===============================================================

WARNING: You have selected to deregister individual components.
This might leave some components still at registered state
which might create inconsistencies at run time.
It is recommended that you use “-deregister=Yes” to completely deregister
the Oracle EBusiness instance from OID server
OR
Individually deregister components using “-deregisteroid=Yes”,
“-deregistersso=Yes” and “-deregisterinstance=Yes”.

===============================================================
Enter Oracle E-Business apps database user password ? apps
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome1

 

 

*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/

txkSetSSOReg_Thu_Jun_21_00_12_25_2007.xml

Beginning input parameter validation for OID de-registration.
Input parameters validation for OID de-registration completed.

 

BEGIN OID DE-REGISTRATION:
Beginning to delete provisioning profile for this application.
Provisioning profile for this application has been deleted successfully.
Beginning to de-register this application from Oracle Internet Directory.
This application has been de-registered successfully from Oracle Internet Directory.
-> LOADING:  /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/admin/template

/AppsOIDDeRegistration.tmp
Removing OID References Started.
Removing OID References Completed Successfully.
OID DE-REGISTRATION COMPLETED.

End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/

txkSetSSOReg.pl : No Errors encountered

Deregister SSO

bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -deregistersso=yes

You are deregistering this instance from SSO Server.

===============================================================

WARNING: You have selected to deregister individual components.
This might leave some components still at registered state
which might create inconsistencies at run time.
It is recommended that you use “-deregister=Yes” to completely deregister
the Oracle EBusiness instance from OID server
OR
Individually deregister components using “-deregisteroid=Yes”,
“-deregistersso=Yes” and “-deregisterinstance=Yes”.

===============================================================
Enter Oracle E-Business apps database user password ? apps

 

 

*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/

txkSetSSOReg_Thu_Jun_21_00_14_52_2007.xml

Beginning input parameter validation for SSO de-registration.
Input parameters validation for SSO de-registration completed.

BEGIN SSO DE-REGISTRATION:
Partner application registered with SSO Server and will be de-registered.
Partner application has been de-registered successfully.
Configuration file deleted successfully.
SSO DE-REGISTRATION COMPLETED.

 

 

End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/

txkSetSSOReg.pl : No Errors encountered

Deregister Instance

bash-2.05$ $FND_TOP/bin/txkrun.pl \
> -script=SetSSOReg \
> -deregisterinstance=yes

You are deregistering ORACLE HOME only.

===============================================================

WARNING: You have selected to deregister individual components.
This might leave some components still at registered state
which might create inconsistencies at run time.
It is recommended that you use “-deregister=Yes” to completely deregister
the Oracle EBusiness instance from OID server
OR
Individually deregister components using “-deregisteroid=Yes”,
“-deregistersso=Yes” and “-deregisterinstance=Yes”.

===============================================================
Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? welcome1
Enter Oracle E-Business apps database user password ? apps

 

 

*** Log File = /dy/oracle/product/test12/inst/apps/test12_ap101fam/logs/appl/rgf/TXK/

txkSetSSOReg_Thu_Jun_21_00_16_25_2007.xml

Beginning input parameter validation for Oracle Home Instance de-registration.
Input parameter validation for Oracle Home Instance de-registration completed.

BEGIN ORACLE HOME INSTANCE DE-REGISTRATION:
Oracle Home Instance de-registered successfully from Infrastructure Host.
Oracle Home Instance preferences removed successfully
ORACLE HOME INSTANCE DE-REGISTRATION COMPLETED.

 

 

End of /dy/oracle/product/test12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/

txkSetSSOReg.pl : No Errors encountered

Once these 3 steps are done, bounce the application system middle tier, login to application and change the profile options back to original value. Following values should be made for the profile options.

  • Applications SSO Type: SSWAw/SSO
  • Applications SSO Auto Link User: Disable
  • Applications SSO Login Types: Local
  • Application SSO LDAP Synchronization: Disable
  • Applications SSO Enable OID Identity Add Event: Disable
  • Link Applications user with OID user with same username: Disable

 

WLST (Weblogic Scripting Tool)

Introduction

With Fusion Middleware 11g, Oracle has moved from the traditional Apache and OC4J to Oracle weblogic. There are many new things that has come up with weblogic. There is a change in architecture. Changes related to managing the services, deployment procedure, changing of port and many other things.

Well, should we say that it has got better or it got worst ? I am not sure about good or bad, but I know its new. Per my opinion and experience, weblogic provides more flexibility in terms of changing the parameters or making any changes in the existing deployment. Or may be I havent worked much on OC4J or weblogic.

Anyways, this is a short post which explains about a tool called WLST (Weblogic Scripting Tool). WLST framework comes along with weblogic installation and provides a platform to carry out all the task at command line. This is a very useful tool for the people working on weblogic.

WLST Commands

For this post, I have following home

Middleware Home – /slot/ems3398/oracle/mwhome

Weblogic Home – /slot/ems3398/oracle/mwhome/wlserver_10.3

In weblogic we have a concept called domain. Domain is nothing but a project created inside weblogic which will have applications deployed within it. Every domain will have one AdminServer and multiple managed servers. Applications are deployed either on a AdminServer (less recommended) or on managed servers (more recommended).

Domains are created from a template. To begin with weblogic provides some default templates which can be used to create a domain. These templates are nothing but the jar files which has complete file system and services in side it. When a domain is created the jar file is extracted to create the required domain file system and AdminServer for that domain.

The purpose of AdminServer is for administering the services. In case you have managed server for the domain, then you can start and stop manage server only using AdminServer. If your AdminServer is down, then you cannot start or stop Managed servers. However manage servers can remain up and accessible even if AdminServer is down. Each of these servers have there own separate ports.

Default installation of weblogic does not create any domain. We need to create domain manually using the default templates provided by weblogic.

Default template for weblogic will be available at /slot/ems4179/oracle/mwhome/wlserver_10.3/common/templates/domains location

-bash-3.00$ pwd
/slot/ems4179/oracle/mwhome/wlserver_10.3/common/templates/domains
-bash-3.00$ ls -rlt
total 164
-rw-r—–  1 ora4179 ems4179  32510 Jul 28 11:27 wls.jar
-rw-r—–  1 ora4179 ems4179 130456 Jul 28 11:27 wls_starter.jar

You can create domain using this default template (.jar file) using config.sh script present in /slot/ems4179/oracle/mwhome/wlserver_10.3/common/bin location. This script will launch a GUI where all the details can be provided and it will create the required domain.

You can also create the same domain using WLST (Weblogic Scripting Tool). WLST has many commands that helps to get the required configuration. Also the complete domain is visible in WLST as directory and file listing. To connect to WLST framework just run wlst.sh script present in /slot/ems4179/oracle/mwhome/wlserver_10.3/common/bin location

Once you run wlst.sh, you will get the WLS prompt.

wls:/offline>

Creating Default Domain

For creating any domain, you need to first read the required template at WLS prompt and then create domain out of it. The command is readDomain and it takes 1 argument as complete name and location of template.

wls:/offline> readTemplate('/slot/ems4179/oracle/mwhome/wlserver_10.3/common/templates/domains/wls.jar');
wls:/offline/base_domain>ls()
drw-   Security
drw-   Server
-rw-   Active                                        false
-rw-   AdminServerName                               AdminServer
-rw-   AdministrationMBeanAuditingEnabled            false
-rw-   AdministrationPort                            9002
-rw-   AdministrationPortEnabled                     false
-rw-   AdministrationProtocol                        null
-rw-   AutoDeployForSubmodulesEnabled                true
-rw-   ClusterConstraintsEnabled                     false
-rw-   ConfigBackupEnabled                           false
-rw-   ConfigurationAuditType                        null
-rw-   ConfigurationVersion                          10.3.1.0
-rw-   ConsoleContextPath                            console
-rw-   ConsoleEnabled                                true
-rw-   ConsoleExtensionDirectory                     console-ext
-rw-   DomainVersion                                 10.3.1.0
-rw-   GuardianEnabled                               false
-rw-   InternalAppsDeployOnDemandEnabled             true
-rw-   LastModificationTime                          0
-rw-   Name                                          base_domain
-rw-   Notes                                         null
-rw-   OcmEnabled                                    true
-rw-   ProductionModeEnabled                         false
-rw-   RootDirectory                                 null

If you want to list the attributes and services of the template you can use ls() command. The command is same as that of OS command but we need to supply () along with the command. Similarly you can change directory in WLS prompt and go inside the template. Example, I want to set the password for weblogic inside the template, So I can use following command

wls:/offline/base_domain>cd('/Security/base_domain/User/weblogic');
wls:/offline/base_domain/Security/base_domain/User/weblogic>cmo.setPassword('welcome1');

Complete list of all the commands available in WLS is giving in reference section of this post.

Next, after setting the password, you can close the template using closeTemplate(); before creating the domain

wls:/offline/base_domain/Security/base_domain/User/weblogic>closeTemplate();

Next is creating the domain. The command for that is createDomain. It takes 4 argument as shown below

createDomain('/slot/ems4179/oracle/mwhome/wlserver_10.3/common/templates/domains/wls.jar','/slot/ems4179/oracle/mwhome/user_projects/domain/soa_domain1','weblogic','welcome1');

1st Argument is the template name

2nd arguement is the location where the domain is to be created

3rd argument is the weblogic username (which will be weblogic)

4th argument will be the weblogic password

This command is going to extract /slot/ems4179/oracle/mwhome/wlserver_10.3/common/templates/domains/wls.jar file completly and create a directory strucrure under /slot/ems4179/oracle/mwhome/user_projects/domain/soa_domain1

Once the domain is created you can exit the WLST command promt and start the AdminServer using the script shown below

wls:/offline>exit()

Exiting WebLogic Scripting Tool.

-bash-3.00$ cd /slot/ems4179/oracle/mwhome/user_projects/domain/soa_domain1/bin/
-bash-3.00$ ./startWebLogic.sh  &

Start of weblogic server will take some time. Wait until you see the message

<Sep 30, 2009 10:20:09 AM PDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>

Once AdminServer is started you can access the weblogic console using http://<hostname&gt;:<port>/console

The default port number will be 7001 unless you change the port number in WLST as shown below

Changing the Default port number

Connect to WLST again and read the domain that you have created just now

wls:/offline> readDomain('/slot/ems4179/oracle/mwhome/user_projects/domain/soa_domain1');
wls:/offline/soa_domain1>cd ('/Server/AdminServer');
wls:/offline/soa_domain1/Server/AdminServer>set('ListenPort',8050);
wls:/offline/soa_domain1/Server/AdminServer>updateDomain()

Once you update the domain with new port 8050, exit the WLST and bounce AdminServer. You can now access the console using new port.

Adding SOA templates to default domain

In the previous post for installing SOA, I showed you the installation procedure for SOA. In those steps we used the GUI for installing the SOA. Here I will show you the steps for installing the SOA using WLST. Basically we can convert our existing default domain into SOA domain by adding SOA template to this domain and changing few attributes of the domains.

The database required for the SOA needs to be installed separately. I have a script for installing SOA using WLST and I will walk you through that script now.

The script looks as shown below


readTemplate('/slot/ems4179/oracle/mwhome/wlserver_10.3/common/templates/domains/wls.jar');
cd('/Security/base_domain/User/weblogic');
cmo.setPassword('welcome1');
closeTemplate();
createDomain('/slot/ems4179/oracle/mwhome/wlserver_10.3/common/templates/domains/wls.jar','/slot/ems4179/oracle/mwhome/user_projects/domain/fmw_domain','weblogic','welcome1');
readDomain('/slot/ems4179/oracle/mwhome/user_projects/domain/fmw_domain');
addTemplate('/slot/ems4179/oracle/mwhome/Oracle_SOA1/common/templates/applications/oracle.soa_template_11.1.1.jar');

addTemplate('/slot/ems4179/oracle/mwhome/Oracle_SOA1/common/templates/applications/oracle.bam_template_11.1.1.jar');

cd('/Servers/AdminServer');
set('ListenPort', 15079);
cd('/Servers/soa_server1');
set('ListenPort', 16079);
cd('/Servers/bam_server1');
set('ListenPort', 17079);
cd('/JDBCSystemResources/BAMDataSource/JdbcResource/BAMDataSource/JDBCDriverParams/NO_NAME_0');
set('URL','jdbc:oracle:thin:@stasa38.us.oracle.com:1600:soaemqa');
cmo.setPasswordEncrypted('welcome1');
cd('/JDBCSystemResources/EDNDataSource/JdbcResource/EDNDataSource/JDBCDriverParams/NO_NAME_0');
set('URL','jdbc:oracle:thin:@stasa38.us.oracle.com:1600:soaemqa');
cmo.setPasswordEncrypted('welcome1');
cd('/JDBCSystemResources/EDNLocalTxDataSource/JdbcResource/EDNLocalTxDataSource/JDBCDriverParams/NO_NAME_0');
set('URL','jdbc:oracle:thin:@stasa38.us.oracle.com:1600:soaemqa');
cmo.setPasswordEncrypted('welcome1');
cd('/JDBCSystemResources/OraSDPMDataSource/JdbcResource/OraSDPMDataSource/JDBCDriverParams/NO_NAME_0');
set('URL','jdbc:oracle:thin:@stasa38.us.oracle.com:1600:soaemqa');
cmo.setPasswordEncrypted('welcome1');
cd('/JDBCSystemResources/SOADataSource/JdbcResource/SOADataSource/JDBCDriverParams/NO_NAME_0');
set('URL','jdbc:oracle:thin:@stasa38.us.oracle.com:1600:soaemqa');
cmo.setPasswordEncrypted('welcome1');
cd('/JDBCSystemResources/SOALocalTxDataSource/JdbcResource/SOALocalTxDataSource/JDBCDriverParams/NO_NAME_0');
set('URL','jdbc:oracle:thin:@stasa38.us.oracle.com:1600:soaemqa');
cmo.setPasswordEncrypted('welcome1');
cd('/JDBCSystemResources/mds-owsm/JdbcResource/mds-owsm/JDBCDriverParams/NO_NAME_0');
set('URL','jdbc:oracle:thin:@stasa38.us.oracle.com:1600:soaemqa');
cmo.setPasswordEncrypted('welcome1');
cd('/JDBCSystemResources/mds-soa/JdbcResource/mds-soa/JDBCDriverParams/NO_NAME_0');
set('URL','jdbc:oracle:thin:@stasa38.us.oracle.com:1600:soaemqa');
cmo.setPasswordEncrypted('welcome1');
updateDomain();
exit();

The first 5 steps are same as we saw above. Next step is to read the domain and add SOA & BAM template to it. SOA template will come along with SOA installation.

After adding these templates, it will automatically create ManagedServers in the domain.

Next we are just navigating to the folders and changing the ports for AdminServer and each of the ManagedSever

SOA and BAM uses datasources for connecting to database, so we have to navigate to the corresponding datasource folders and update the JDBC connection, userID and passwords.

Once all this is done, update the domain and your SOA installation is ready. You can bounce the AdminServer and start ManagedServers.

References

WLST Command Reference : http://download.oracle.com/docs/cd/E12840_01/wls/docs103/config_scripting/reference.html

Hope this helps !!

Installing Oracle Identity Management 11g R1 (11.1.1.1)

Introduction:

Oracle Identity Management enables enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources—both within and beyond the firewall. With Oracle Identity Management, you can deploy applications faster, apply the most granular protection to enterprise resources, automatically eliminate latent access privileges, and much more.

Oracle Identity Management 11g Release 1 (11.1.1) includes the following components:

  • Oracle Internet Directory
  • Oracle Directory Integration Platform
  • Oracle Virtual Directory
  • Oracle Directory Services Manager
  • Oracle Identity Federation

In this post we will see the installation of Oracle Identity Management 11g R1 (11.1.1.1). As mentioned before the approach for installing Oracle 11g FMW components is different then those of 10g components, I will mention the approach for installing Oracle Identity Management 11g.

Brief Installation Steps:

Following are the brief steps for installing Oracle Identity Management 11g

1) Install database 11g (11.1.0.6 / 11.1.0.7) including configuring TNS and listener

2) Create repository using Oracle RCU (Repository Creation Utility)

3) Install WLS (weblogic Server) and create a middleware home

4) Install Oracle Identity Management 11g inside middleware home

The installation will install and configure the complete Identity Management and provide the access URLs.

Download Locations:

You can download all the required software from following location

Oracle Database 11g (11.1.0.6/11.1.0.7) – http://www.oracle.com/technology/software/products/database/index.html

Oracle IDM 11g – http://www.oracle.com/technology/software/products/middleware/htdocs/111110_fmw.html (Download the product Identity Management)

Oracle RCU – http://www.oracle.com/technology/software/products/middleware/htdocs/111110_fmw.html

Oracle WLS 10.3.1 – http://www.oracle.com/technology/software/products/ias/htdocs/wls_main.html

Step 1) Install database 11g including configuring TNS and listener

For this you can refer previous post for database installation and create a 11g database. Also create a listener on any available port and configure TNS for the database.

Step 2) Create repository using Oracle RCU (Repository Creation Utility)

Using RCU, you can create repository for IDM. You dont have to install RCU for using it. RCU comes as a zip file along with the identity management software download. Once you unzip you run <RCU_UNZIP>/bin/rcu binary

This will invoke a GUI. On the first page you can select “Create Repository” and click on next.

On the next page RCU will ask for database details in which you want to create the repository. The page will look as shown below

1

Once you connect to database, on the next page you need to select the repository that you want to create. Here you can select “Identity Management” as shown below. Also you can use any prefix for these schema. All these schema created will have the prefix string prefixed to it. In this case it will prepend DEV before each schema name. Note that it wont prefix anything before ODS schema. This schema is used for OID and SSO configuration.

2

Once you click on next, it will show the summary and will create tablespace if they dont exists. After tablespace creation, click on create and it will create the required repository schemas.

Step 3) Install WLS (weblogic Server) and create a middleware home

Next step is to install WLS server. Carry out the basic installation of WLS. You need to provide a new location for middleware home when asked for as shown below.

wls1

Next it will ask for the location of weblogic. Here you can accept the default value as it will be created inside middleware home.

wls2

Select all other values as default and install WLS.

Step 4) Installing IDM 11g.

IDM installation involves many steps and screens. Please follow the below screen shots for installing IDM

When you start the IDM installer, you will see a welcome screen. Click on next.

Next you will see “Install option” screen. In this screen select “Install and Configure”. Click on next.

The installer will perform the pre-requisite checks. Click on next.

In the next screen “Select Domain”, click on “Create new domain” as shown below

3

On the next screen, specify the install location inside middleware home.Click Next.

Select default values for next screen – Security Updates. Click Next.

On configure components screen, keep the default values. Click Next

On configure port  screen, you can choose Automatic port assignment. Click Next.

On “Specify Oracle Virtual Directory Information” page, provide the inputs as shown in the screen below

4

Here you need to specify the password for orcladmin. Remember the password you are setting here as you will need that at many places later. Click on Next.

On “Specify Schema Database” page, you can specify the ODS schema details that we created using repository creation utility (Step 2)). Also you need to provide ODS schema password you set while running RCU in step 2) as shown below

5

On “Create Oracle Internet Directory” screen, specify the Realm and orcladmin password. Note here that this orcladmin user is different then we say couple of screens back. This orcladmin user is for OID, where as the previous orcladmin user was for OVD.

6

Next, On “Specify OIF Details” page, specify the PKCS12 password and the domain name for OIF as shown below

7

On rest of the screen, you can specify the default value and submit the installation. The installation will complete in approximately 45 mins. Once the installation and all configuration assistants completes successfully, you can login to weblogic console.

The default port for weblogic console is 7001. So the console URL becomes

http://<hostname&gt;:7001/console

user name : Weblogic

password : As specified while installing WLS in step 3)

8

Once you login, you will see the managed servers created for OID and OIF.

Hope this helps !!

Installing Oracle SOA 11g

Introduction:

In this post we will see detailed steps to install SOA 11g. The approach used in all 11g FMW components (Including SOA) is very different then 10g. The basic limitation of any 10g component involving infrastructure was that the product itself used to create database and configure the entire infrastructure. This used to put limitation on database port which always used to be 1521.

Here in 11g version, a user has a flexibility to use any port. 11g expects installed database as a pre-reqs and uses that database to create corresponding repository. This way we can have database and listener at any port and provide that information while creating repository.

Also another important feature with all 11g components is that web server used is weblogic and it is kept as another separate component in the form of pre-reqs. So any 11g components requiring web server expects weblogic as pre-reqs. With this brief introduction about 11g FMW components characteristics we will see the installation procedure for SOA 11g.

Installing SOA 11g:

Following are the brief steps for installing SOA 11g

1) Install database 11g (11.1.0.6 / 11.1.0.7) including configuring TNS and listener

2) Create repository using Oracle RCU (Repository Creation Utility)

3) Install WLS (weblogic Server) and create a middleware home

4) Install SOA 11g inside middleware home

5) Use config.sh or WLST to create and configure SOA domain and managed servers

In case of SOA 11g, BAM also gets install and configured if selected. Here we will install both SOA and BAM

Download Locations:

You can download all the required software from following location

Oracle Database 11g (11.1.0.6/11.1.0.7) – http://www.oracle.com/technology/software/products/database/index.html

Oracle SOA suite 11g – http://www.oracle.com/technology/software/products/middleware/htdocs/111110_fmw.html

Oracle RCU – http://www.oracle.com/technology/software/products/middleware/htdocs/111110_fmw.html

Oracle WLS 10.3.1 – http://www.oracle.com/technology/software/products/ias/htdocs/wls_main.html

Step 1) Install database 11g including configuring TNS and listener

For this you can refer previous post for database installation and create a 11g database. Also create a listener on any available port and configure TNS for the database.

Step 2) Create repository using Oracle RCU (Repository Creation Utility)

Using RCU, you can create repository for SOA. You dont have to install RCU for using it. RCU comes as a zip file which you need to unzip. Once you unzip you run <RCU_UNZIP>/bin/rcu binary

This will invoke a GUI. On the first page you can select “Create Repository” and click on next.

On the next page RCU will ask for database details in which you want to create the repository. The page will look as shown below

1

Once you connect to database, on the next page you need to select the repository that you want to create. Here you can select SOA as shown below. Metadata services will get selected automatically. Also you can use any prefix for these schema. All these schema created will have the prefix string prefixed to it. In this case it will prepend DEV before each schema name. Example DEV_MDS, DEV_SOAINFRA etc.

2

Once you click on next, it will show the summary and will create tablespace if they dont exists. After tablespace creation, click on create and it will create the required repository schemas.

Step 3) Install WLS (weblogic Server) and create a middleware home

Next step is to install WLS server. Carry out the basic installation of WLS. You need to provide a new location for middleware home when asked for as shown below.

wls1

Next it will ask for the location of weblogic. Here you can accept the default value as it will be created inside middleware home.

wls2

Select all other values as default and install WLS.

Step 4) Install SOA 11g inside middleware home

Installation of SOA home is again very straight. Installation of SOA will just lay down the file system, it wont configure anything. Important input while installing SOA is the middleware home location and location for SOA home

soa1

Here Oracle_SOA1 directory will get created inside mwhome directory. Rest of the inputs for SOA installation can be default.

Step 5) Use config.sh or WLST to create and configure SOA domain and managed servers

Once SOA installation is done, the last and the most important step is configuring SOA domain.

You need to navigate to <middleware_home>/Oracle_SOA1/common/bin location and run config.sh script. This script will open a new GUI window. Follow the below screen shots for configuring SOA.

soa2

Select all the required template from this screen. If you don’t need BAM installation, you can uncheck the Business Activity Monitoring template. Click on Next.

soa3

On the next screen give any domain name (soa_domain) in this case. You can keep the Domain location and Application location as default. These directories will get automatically created when this domain gets created at the end of installation. Click on Next.

soa4

On this screen, provide the weblogic password and click on Next.

soa5

On this screen you need to provide the database connection details like database name, hostname and database port. You also need to provide all the schema names and password you created using RCU. RCU will create exact 5 schemas required for SOA configuration. You need to provide details of those schemas on this screen. Once you click in next, the configurator will test the connection for all 5 schemas.

Once the connection test goes successful, you can keep rest of the values as default and create the required domain.

After domain creation start the weblogic server using <middleware_home>/user_projects/domain/<domain_name>/bin/startWeblogic.sh script

Also start the managed servers using <middleware_home>/user_projects/domain/<domain_name>/bin/startManagedWeblogic.sh script

You can then login to console using http://<SOA hostname>:<AdminServer port>/console

soa6

In the next post, I will provide the WLST details instead of config.sh for performing tasks in step 5) above.

Hope this helps !!

Automating browser activities using Selenium

While carrying out the OAM installation as mentioned in my preovious post, the challenge was to automate the installation in a single script. I have been automating installations of various components since long using the silent install response files. But this automation was different. This setup involves carring out various activites from the browser. Also it involves setup and configuration from browser at different stages in the installation.

This was a real challenge for me. I stated doing the automation for component level installation. Component level silent installation was very simple. We get a response file when we install OAM. The response files are present under $isntall_dir/oblix/config. The name of response file is install_options.txt. You will see this response file under every component installation directory.

Automation of browser task for OAM installation involves following steps

1) Creating perl script for browser activities.
You have to install OAM manually and record the browser activities in Selenium tool. From this you have to create perl scripts
2) Modifying the perl script for OAM browser task.
You have to modify the script and place the bounce script for OIS and Apache at appropriate location where the browser waits for the services to be bounced.
3) Installing selenium perl module and Selenium server on the Linux server where you want to run this perl scriptsFor browser automation, I used Selenium tool. I will show here the demo of what Selenium can do.

Selenium IDE:

Selenium is a tool for automating the browser activity. This client version of this tool is available in windows in the form of FireFox addon.
Download Selenium IDE and install in your firefox browser
Once downloaded following below steps to understand how Selenium works.

1) Open firefox browser and open google.com
2) Tools -> Selenium IDE

1
3) Search for “Selenium IDE” or anything else in the google window and navigate to some pages. I used following test case
Search for “Selenium IDE”, click on first link, click on downloads tab on that page, click on documentation tab etc..
4) Once done turn off the record button on your selenium screen.

2
What ever steps that you have followed in the browser got recorded by selenium. Now you can click on play icon on Selenium tool and it will navigate exactly as you have done before.
Selenium also takes care of entering the information on a browser if you have entered before. Example login ID and password can also be recoreded and entered by Selenium when we play the record.

Creating perl script from Selenium:

The great utility of Selenium is that it allows creating a perl script automatically for the sequence that we have recoreded. This can be used very well for automating the browser activities of OAM.
We can record the sequence and create a perl script. We can run this perl script in Linux server where we are doing the OAM installation.

For creating perl script of the sequence, you can do Options -> Format -> Perl – Selenium RC.
Note that you can get the perl script after recording the sequence. The perl script for my recorded sequence looks as below


use strict;
use warnings;
use Time::HiRes qw(sleep);
use Test::WWW::Selenium;
use Test::More "no_plan";
use Test::Exception;

my $sel = Test::WWW::Selenium->new( host => "localhost", 
 port => 4444, 
 browser => "*chrome", 
 browser_url => "http://change-this-to-the-site-you-are-testing/" );

$sel->open_ok("http://www.google.co.in/");
$sel->type_ok("q", "selenium IDE");
$sel->click_ok("btnG");
$sel->wait_for_page_to_load_ok("30000");
$sel->click_ok("//div[\@id='res']/div[1]/ol/li[1]/h3/a/em");
$sel->wait_for_page_to_load_ok("30000");
$sel->click_ok("link=Download");
$sel->wait_for_page_to_load_ok("30000");
$sel->click_ok("link=Documentation");
$sel->wait_for_page_to_load_ok("30000");
$sel->click_ok("//div[\@id='mainContent']/h3[1]/a");
$sel->wait_for_page_to_load_ok("30000");

So like wise for each browser related step in OAM configuration, I created a perl script. You will end up creating 4 Perl script

Referring to OAM install post

Script 1 – Step 3) Setting up Identity System
Script 2 – Step 5) Setup Policy Manager
Script 3 – Step 6) Installing Oracle Access Manager
Script 4 – Step 7) Installing WebGate (browser part)

You also need to edit the perl script at appropriate place in order to bounce the services for OIS and Apache. I introduced following commands in respective perl scripts in order to take care of that.

system(‘$HOME/oam/opt/netpoint/identity/oblix/apps/common/bin/stop_ois_server’);
system(‘$HOME/oam/opt/netpoint/identity/oblix/apps/common/bin/start_ois_server’);
system(‘$HOME/oam/Apache2063/bin/apachectl stop’);
system(‘$HOME/oam/Apache2063/bin/apachectl start’);

The next task that remains is, installing selenium perl module on linix server where you want to run this perl script for configuring OAM.

Installing Selenium perl module and Selenium server on Linux:

For installing Selenium perl module and Selenium server on Linux, you need to download Selenium Remote Control
This is a Selenium server setup. Once downloaded, ftp to linux server and unzip. You will see following directories

-bash-3.1$ cd selenium-remote-control-1.0-beta-2
-bash-3.1$ ls
selenium-dotnet-client-driver-1.0-beta-2
selenium-java-client-driver-1.0-beta-2
selenium-perl-client-driver-1.0-beta-2
selenium-php-client-driver-1.0-beta-2
selenium-python-client-driver-1.0-beta-2
selenium-ruby-client-driver-1.0-beta-2
selenium-server-1.0-beta-2

selenium-perl-client-driver-1.0-beta-2 is the perl module which you want to install.
In order to install perl module locally you can use PREFIX=<path> argument while running Makefile.PL as shown below. Here <path> represent path to some local directory where you want install perl module.

perl Makefile.PL PREFIX=/slot/ems3170/oracle/oam/perl/install

When you try to install this perl module you will find that some other perl modules are missing. It depends on the perl installation that you have on your linux server. If some dependent perl modules are missing, make sure to download and install the same from cpan.org.
Once the perl module is installed, source the variable PERL5LIB to include all the libraries created by different perl modules.
Example in my case PERL5LIB was as shown below
export PERL5LIB=$HOME/oam/perl/install/lib/5.6.1:$HOME/oam/perl/install/lib/5.8.1:$HOME/oam/perl/install/lib/site_perl/5.6.1:$HOME/oam/perl/install/lib/site_perl/5.8.0:$HOME/oam/perl/install/local/perl5.8/lib/site_perl/5.8.0

Once the perl module is install, you can start the selenium server. You need JDK 1.6 to start selenium server so verify your jdk version.

-bash-3.1$ java -version
java version “1.6.0_07”
Java(TM) SE Runtime Environment (build 1.6.0_07-b06)
Java HotSpot(TM) Server VM (build 10.0-b23, mixed mode)

If your java is at 1.4 level, install 1.6 and then use 1.6 version

Following is command to start selenium server

go to the location where you have unzipped Selenium remote control and go inside selenium-server

-bash-3.1$ cd selenium-server-1.0-beta-2/
-bash-3.1$ pwd
/slot/ems3170/oracle/oam/perl/selenium-remote-control-1.0-beta-2/selenium-server-1.0-beta-2
-bash-3.1$ ls
javadoc                       selenium-server-sources.jar       sslSupport
selenium-server-coreless.jar  selenium-server-tests.jar
selenium-server.jar
-bash-3.1$ java -jar selenium-server.jar &

The & at the end is important, you need to start the server in the backend, else you wont be able to use that session. Once selenium server is started, perl module installed and PERL5LIB is sourced correctly then try running the perl script that you created using Selenium IDE before. You will see that from Linux session a browser will get launched automatically and all the activities in browser will be done automatically.
Finally you can wrap all the installation and configuration steps in a shell script in correct sequence and have OAM installation automated.

Hope this helps !!

References:

http://wiki.glassfish.java.net/attach/Davisn/Selenium%20Report.pdf
http://wiki.openqa.org/download/attachments/400/Selenium+IDE.swf
http://seleniumhq.org/new_docs/03_selenium_ide.html

Installing Oracle Access Manager on Linux x86

Introduction:

Oracle Access Manager helps enterprises create greater levels of business agility, ensure seamless business partner integration, and enable regulatory compliance. Through an innovative, integrated architecture Oracle Access Manager uniquely combines identity management and access control services to provide centralized authentication, policy-based authorizations, and auditing with rich identity administration functionality such as delegated administration and workflows. Protecting resources at the point of access and delegating authentication and authorization decisions to a central authority, Oracle Access Manager helps secure web, J2EE, and enterprise applications – such as Oracle PeopleSoft – while reducing cost, complexity, and administrative burdens. Oracle Access Manager is a state-of-the-art solution for both centralized identity management and access control, providing an integrated standards-based solution that delivers authentication, web single sign-on, access policy creation and enforcement, user self-service, delegated administration, reporting, and auditing. Oracle Access Manager’s unique coupling of access management and identity administration functionality is why it is established as the leading solution for web access management. It excels in complex, heterogeneous enterprise environments and integrates out-of-the-box with all leading directory servers, application servers, web servers, and enterprise applications.

Pre-requisite:

1) You should have a directory server installed. You can use any directory server (example Oracle Internet Directory, or Microsoft Active Directory etc)
2) You should have a webserver installed (example Apache2 webserver or Oracle HTTP server)
3) You should have 2 gcc library files downloaded. You can download these GCC files from metalink note ID 400579.1 or from OTN

In my case I am installing Oracle Internet directory and Apache web server.

For installing Oracle Internet Directory, following the installation portion of Oracle Application Server 10g post and install only the infrastructure tier. Do no install mid tier as its not required.

For installing Apache
1) Download the Apache 2.0.63 web server from http://httpd.apache.org/download.cgi (httpd-2.0.63.tar.gz)
2) Unzip the same using – gunzip httpd-2.0.63.tar.gz command
3) Extract the tar using – tar xvf httpd-2.0.63.tar command
4) Configure the Apache by following steps given in http://httpd.apache.org/docs/2.0/install.html link (My web server port is 8080)

Following are the details for OID reqs installation. These details will help you in understanding the OAM installation.

hostname : adc60025sems
OID port : 13108

Installing Oracle Access Manager:

Installing OAM consists of many steps. Atul Kumar has given the complete listing very clearly.
I am basically refering to the same. In this post I will be giving the details about each step.

Lets start with the installation

Step 1) Installing Identity Server

The installer script for Identity Server is Oracle_Access_Manager10_1_4_0_1_linux_Identity_Server. I will be using console mode for installation. However you can use GUI mode by giving –gui as an argument to installer script.

-bash-3.00$ ./Oracle_Access_Manager10_1_4_0_1_linux_Identity_Server
InstallShield Wizard

Initializing InstallShield Wizard…

Preparing Java(tm) Virtual Machine…
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
…………………………
Running InstallShield Wizard…

——————————————————————————-
Welcome to the InstallShield Wizard for Oracle Access Manager 10.1.4.0.1
Identity Server

The InstallShield Wizard will install Oracle Access Manager 10.1.4.0.1 Identity
Server on your computer.
To continue, choose Next.

Oracle Access Manager 10.1.4.0.1 Identity Server
Oracle

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

The product that you are about to install needs to be owned by a dedicated
user. Only root or the dedicated user may be able to start the service. Most
of the time the server is run as `root’ or `nobody’.

Enter the username the Identity server is running as [nobody] ora1748

Enter the Group for the above username [nobody] ems1748

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please specify the installation directory for Oracle Access Manager 10.1.4.0.1
Identity Server.

Please specify a directory name or press Enter [/opt/netpoint] /slot/ems1748/oracle/oam/opt/netpoint

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 Identity Server will be installed in the
following location:
/slot/ems1748/oracle/oam/opt/netpoint/identity
for a total size:
316.4 MB
Please make a note of the Oracle Access Manager 10.1.4.0.1 Identity Server
installation directory: /slot/ems1748/oracle/oam/opt/netpoint/identity because
you will need to refer to it in the future.

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

To proceed with installation of Oracle Access Manager 10.1.4.0.1 Identity
Server and for successfully running the product, you must install additional
GCC runtime libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that
these libraries should be compatible with GCC 3.3.2. The libraries are
available for download from either of the following locations –
http://metalink.oracle.com (requires login), or
http://www.oracle.com/technology/products/ias/index.html. Once these libraries
are locally available, please specify the directory containing the files and
proceed with the installation.

Location of GCC runtime libraries []: /slot/ems1748/oracle/oam/gcc_lib

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Installing Oracle Access Manager 10.1.4.0.1 Identity Server. Please wait…

|———–|———–|———–|————|
0%         25%         50%         75%        100%
||||||||||||||||||||||||||||||||||||||||||||||||||

Creating uninstaller…

Extracting Language Packs. Please Wait…

Identity Server Configuration

Access Server SDK Configuration

Identity Server Configuration

Identity Server Configuration

Changing file ownership and permissions…

——————————————————————————-

Specify the transport security mode between the WebPass/Identity client and
the Identity Server.
[X]  1  –  Open Mode:    No Encryption
[ ]  2  –  Simple Mode:  Encryption through SSL and a Public Key Certificate
[ ]  3  –  Cert Mode:    Encryption through SSL and a Public Key Certificate

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please provide the Identity Server ID, host name, and port number for the
Identity Server connection. You must use a unique ID for each Identity Server
you install.

Identity Server ID [] identity_1748

Host name where the Identity Server is to be installed [] adc60025sems.us.oracle.com

Port number the Identity Server listens to [6022]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Is this the first Identity Server installation in the network for this LDAP
directory server?  If it is the first Identity Server you will be guided
through screens to setup the Directory Server.
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please select the appropriate options if you want to setup SSL between the
Identity Server and the Directory Server
[ ]  1  –  Directory Server hosting user data is in SSL

To select an item enter its number, or 0 when you are finished [0]:

[ ]  1  –  Directory Server hosting Oracle data is in SSL

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Configuring Identity Server…

——————————————————————————-

The Identity Server connects to an LDAP enabled directory server to store your
User Data. Choose the appropriate directory server below, and choose Next to
continue the installation process.

Directory Server Type
[X]  1  –  Oracle Internet Directory
[ ]  2  –  Sun Directory Server 5.x
[ ]  3  –  NDS
[ ]  4  –  Active Directory
[ ]  5  –  Active Directory on Windows Server 2003
[ ]  6  –  Active Directory Application Mode
[ ]  7  –  Siemens DirX
[ ]  8  –  IBM Directory Server
[ ]  9  –  Data Anywhere

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

The Identity Server connects to an LDAP enabled directory server to store your
User and Oracle Data. Are the User and Oracle Data stored in different
directory servers? Choose the appropriate option and then choose Next to
continue the installation process.

Are Oracle and user data separate?
[X]  1  –  Oracle data will be in the user data directory.
[ ]  2  –  Oracle data will be in a separate directory.

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Your directory server schema must be extended to include the Oracle Access
Manager schema. You may automatically update the schema now or manually update
the schema using instructions provided later.  Do you want to automatically
extend the schema now?
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Host machine or IP in which the directory server resides [] adc60025sems.us.oracle.com

Port Number (For SSL connection, please provide the encrypted port) [] 13108

Root DN (e.g. cn=Directory Manager) [] cn=orcladmin

Root Password

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Updating directory schema to Directory Server adc60025sems.us.oracle.com:13108

Changing file ownership and permissions…

——————————————————————————-
Please read the information below.

Oracle COREid 10.1.4.0.1 ReadMe

—————————————
Contents
—————————————

—————————————
Contacting Oracle
—————————————

If you have questions about installing or configuring NetPoint, please contact
Oracle Customer Care at (800) 833-3536 or check this link
http://www.oracle.com/corporate/contact/index.html.

Oracle
http://www.oracle.com
Corporate Headquarters
500 Oracle Parkway

Press ENTER to read the text [Type q to quit] q

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 Identity Server has been successfully
installed.
Identity Server has been configured successfully. Please start your Identity
Server by running
/slot/ems1748/oracle/oam/opt/netpoint/identity/oblix/apps/common/bin/start_ois_
server program from command line.
Identity Server Setup Information
Transport Security: open
Identity Server Host Name: adc60025sems.us.oracle.com
Identity Server ID: identity_1748
Port Number: 6022

Press 3 to Finish or 4 to Redisplay [3]

This completes the identity server installation. Next step is to install webpass

Step 2) Installing WebPass

Here you will see multiple installers. One installer will be for Apache2, other webpass installer will be for OHS as shown below

-bash-3.1$ ls
Oracle_Access_Manager10_1_4_0_1_linux_Access_Server
Oracle_Access_Manager10_1_4_0_1_linux_AccessServerSDK
Oracle_Access_Manager10_1_4_0_1_linux_APACHE2_Policy_Manager
Oracle_Access_Manager10_1_4_0_1_linux_APACHE2_WebGate
Oracle_Access_Manager10_1_4_0_1_linux_APACHE2_WebPass   ——-> Apache2 Installer
Oracle_Access_Manager10_1_4_0_1_linux_GCClib.zip
Oracle_Access_Manager10_1_4_0_1_linux_Identity_Server
Oracle_Access_Manager10_1_4_0_1_linux_OHS_Policy_Manager
Oracle_Access_Manager10_1_4_0_1_linux_OHS_WebGate
Oracle_Access_Manager10_1_4_0_1_linux_OHS_WebPass      ——–> OHS installer

Since we used Apache2 as web browser, we need to use Oracle_Access_Manager10_1_4_0_1_linux_APACHE2_WebPass installer. If some one has used OHS, please use Oracle_Access_Manager10_1_4_0_1_linux_OHS_WebPass installer.

-bash-3.00$ ./Oracle_Access_Manager10_1_4_0_1_linux_APACHE2_WebPass
InstallShield Wizard

Initializing InstallShield Wizard…

Preparing Java(tm) Virtual Machine…
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
…………………..
Running InstallShield Wizard…

——————————————————————————-
Welcome to the InstallShield Wizard for Oracle Access Manager 10.1.4.0.1
WebPass

The InstallShield Wizard will install Oracle Access Manager 10.1.4.0.1 WebPass
on your computer.
To continue, choose Next.

Oracle Access Manager 10.1.4.0.1 WebPass
Oracle

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

The product that you are about to install needs to be owned by the same user
as the web server is running as. Most of the time the web server is run as
`root’ or `nobody’. Doing a `ps’ on the server process is a quick way to find
out who the owner is.

Enter the username the web server is running as [nobody] ora1748

Enter the Group for the above username [nobody] ems1748

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please specify the installation directory for Oracle Access Manager 10.1.4.0.1
WebPass.

Please specify a directory name or press Enter
[/opt/netpoint/webcomponent] /slot/ems1748/oracle/oam/opt/netpoint/webcomponent

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 WebPass will be installed in the following
location:
/slot/ems1748/oracle/oam/opt/netpoint/webcomponent/identity
for a total size:
144.5 MB
Please make a note of the Oracle Access Manager 10.1.4.0.1 WebPass
installation directory:
/slot/ems1748/oracle/oam/opt/netpoint/webcomponent/identity because you will
need to refer to it in the future.

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

To proceed with installation of Oracle Access Manager 10.1.4.0.1 WebPass and
for successfully running the product, you must install additional GCC runtime
libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that these libraries
should be compatible with GCC 3.3.2. The libraries are available for download
from either of the following locations – http://metalink.oracle.com (requires
login), or http://www.oracle.com/technology/products/ias/index.html. Once
these libraries are locally available, please specify the directory containing
the files and proceed with the installation.

Location of GCC runtime libraries []: /slot/ems1748/oracle/oam/gcc_lib

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Installing Oracle Access Manager 10.1.4.0.1 WebPass. Please wait…

|———–|———–|———–|————|
0%         25%         50%         75%        100%
||||||||||||||||||||||||||||||||||||||||||||||||||

Creating uninstaller…

Extracting Language Packs. Please Wait…

WebPass Configuration

Identity Server Configuration

Changing file ownership and permissions…

——————————————————————————-

Specify the transport security mode between the WebPass/Identity client and
the Identity Server.
[X]  1  –  Open Mode:    No Encryption
[ ]  2  –  Simple Mode:  Encryption through SSL and a Public Key Certificate
[ ]  3  –  Cert Mode:    Encryption through SSL and a Public Key Certificate

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please provide the WebPass ID, host name, and port number for the WebPass
connection. You must use a unique ID for each WebPass you install.

WebPass ID [] webpass_1748

Host name where the Identity Server is installed [] adc60025sems.us.oracle.com

Port number the Identity Server listens to [6022]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Configuring WebPass…

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 WebPass is installed under your Oracle Access
Manager 10.1.4.0.1 WebPass installation directory. In order to use the Oracle
Access Manager 10.1.4.0.1 WebPass module, configure your web server by
modifying the configuration in your web server directory. Oracle can
automatically update the configuration for you. Alternatively, you can
manually update it.

Proceed with automatic update of “httpd.conf”?
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Enter the absolute path of httpd.conf in your Web Server config
directory.
(e.g. “/export/apache/conf/httpd.conf”) [] /slot/ems1748/oracle/oam/Apache2063/conf/httpd.conf

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Updating web server configuration…

——————————————————————————-
Please read the information below.

If the web server is setup in SSL mode, then httpd.conf file needs to be
configured with the SSL related parameters. To manually tune your SSL
configuration, please follow the instructions that come up.

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Information on the rest of the product setup and your Web server configuration
is available in the document :

/slot/ems1748/oracle/oam/opt/netpoint/webcomponent/identity/oblix/lang/en-us/do
cs/config.htm
Would you like the installer to launch a browser to view this document?
Alternatively, please make note of the document path and launch the browser
yourself.
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

Changing file ownership and permissions…

——————————————————————————-
Please read the information below.

Oracle COREid 10.1.4.0.1 ReadMe

—————————————
Contents
—————————————

—————————————
Contacting Oracle
—————————————

If you have questions about installing or configuring NetPoint, please contact
Oracle Customer Care at (800) 833-3536 or check this link
http://www.oracle.com/corporate/contact/index.html.

Oracle
http://www.oracle.com
Corporate Headquarters
500 Oracle Parkway

Press ENTER to read the text [Type q to quit] q

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 WebPass has been successfully installed.
Oracle Access Manager 10.1.4.0.1 WebPass Setup Information
Transport Security: open
WebPass ID: webpass_1748
Identity Server Host Name: adc60025sems.us.oracle.com
Identity Server Port Number: 6022

Press 3 to Finish or 4 to Redisplay [3]

This completes our WebPass installation. Next step is setting up identity system

Step 3) Setting up Identity System

if you are using RHEL (Red Hat Enterprise Linux), you need to set the following environment variable

export LD_ASSUME_KERNEL=2.4.19

1) Start the Identity Server using following command

$HOME/oam/opt/netpoint/identity/oblix/apps/common/bin/start_ois_server

2) Bounce the web server

$HOME/oam/Apache2063/bin/apachectl stop
$HOME/oam/Apache2063/bin/apachectl start

3) Launch identity server URL : http://adc60025sems.us.oracle.com:8080/identity/oblix/
($HOME/oam/Apache2063/bin/apachectl stop)

1

Click on “Identity System Console”, you will see following screen

2

Click on Setup

3

For Directory Server Type – Select “Oracle Internet Directory”. Click on Next, following page will be seen.

4

Click on Next.

For Location of Directory Server with User Data, enter the OID information as shown below and click on next

5

On the next page, enter the correct searchbase and click on next. Searchbase for my setup is shown.

6

For Person Object Class – Enter inetorgperson. Click Next

7

For Group Object Class – Enter groupOfUniqueNames. Click Next

8

On this screen you will see following message

9

Go to OS level prompt and restart Identity Server and webserver and then click on next on this screen

$HOME/oam/opt/netpoint/identity/oblix/apps/common/bin/stop_ois_server
$HOME/oam/opt/netpoint/identity/oblix/apps/common/bin/start_ois_server
$HOME/oam/Apache2063/bin/apachectl stop
$HOME/oam/Apache2063/bin/apachectl start

Next screen is a confirmation screen for objectclass ‘inetorgperson’. Click on Yes

10

Next screen is a confirmation screen for objectclass ‘groupOfUniqueNames’. Click on Yes

11

On “Configure Administrators” screen, you can either select any other user or continue with orcladmin as the administrator. In my case, I will be usign orcladmin user. Click on Next.
Final screen is a summary screen. Just click on Done.

If you now click on “Identity System Console”, it will ask for the userID and Password. Here you need to enter Administrator ID and password. (orcladmin/welcome1)

12

After logging in, you should be able to see the console.

13

Step 4) Installing Policy Manager

-bash-3.00$ ./Oracle_Access_Manager10_1_4_0_1_linux_APACHE2_Policy_Manager
InstallShield Wizard

Initializing InstallShield Wizard…

Preparing Java(tm) Virtual Machine…
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………
Running InstallShield Wizard…

——————————————————————————-
Welcome to the InstallShield Wizard for Oracle Access Manager 10.1.4.0.1 Policy
Manager

The InstallShield Wizard will install Oracle Access Manager 10.1.4.0.1 Policy
Manager on your computer.
To continue, choose Next.

Oracle Access Manager 10.1.4.0.1 Policy Manager
Oracle

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

The product that you are about to install needs to be owned by the same user
as the web server is running as. Most of the time the web server is run as
`root’ or `nobody’. Doing a `ps’ on the server process is a quick way to find
out who the owner is.

Enter the username the web server is running as [nobody] ora1748

Enter the Group for the above username [nobody] ems1748

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please specify the installation directory for Oracle Access Manager 10.1.4.0.1
Policy Manager. Access Manager must be configured on the same Web server
instance as WebPass, and installed in the same directory as WebPass. For
example, if you specified /SunOne/doc as the install directory for WebPass, it
was installed in /SunOne/docs/identity. You must now specify /SunOne/docs as
the installation directory for Access Manager install.

Please specify a directory name or press Enter
[/opt/netpoint/webcomponent] /slot/ems1748/oracle/oam/opt/netpoint/webcomponent

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 Policy Manager will be installed in the
following location:
/slot/ems1748/oracle/oam/opt/netpoint/webcomponent/access
for a total size:
187.4 MB
Please make a note of the Oracle Access Manager 10.1.4.0.1 Policy Manager
installation directory:
/slot/ems1748/oracle/oam/opt/netpoint/webcomponent/access because you will
need to refer to it in the future.

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

To proceed with installation of Oracle Access Manager 10.1.4.0.1 Policy
Manager and for successfully running the product, you must install additional
GCC runtime libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that
these libraries should be compatible with GCC 3.3.2. The libraries are
available for download from either of the following locations –
http://metalink.oracle.com (requires login), or
http://www.oracle.com/technology/products/ias/index.html. Once these libraries
are locally available, please specify the directory containing the files and
proceed with the installation.

Location of GCC runtime libraries []: /slot/ems1748/oracle/oam/gcc_lib

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Installing Oracle Access Manager 10.1.4.0.1 Policy Manager. Please wait…

|———–|———–|———–|————|
0%         25%         50%         75%        100%
||||||||||||||||||||||||||||||||||||||||||||||||||

Creating uninstaller…

Extracting Language Packs. Please Wait…

Policy Manager Configuration

Policy Manager Configuration

Changing file ownership and permissions…

——————————————————————————-

The Policy Manager connects to an LDAP enabled directory server to store
Policy Data. Choose the appropriate directory server below for policy data,
and choose Next to continue the installation process.

Directory Server Type
[X]  1  –  Oracle Internet Directory
[ ]  2  –  Sun Directory Server 5.x
[ ]  3  –  NDS
[ ]  4  –  Active Directory
[ ]  5  –  Active Directory on Windows Server 2003
[ ]  6  –  Active Directory Application Mode
[ ]  7  –  Siemens DirX
[ ]  8  –  IBM Directory Server

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

If your policy data is in a separate directory server, Oracle schema needs to
be added to this directory server.  This program can automatically update the
configuration for you.  Alternatively, you can manually update the schema
through the instructions given to you at setup time.  If your policy data is
in a separate directory server from either the directory server containing
Oracle configuration data or user data, do you want to automatically configure
your Directory Server containing Policy data now?
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]: 2

If your policy data is in a separate directory server, Oracle schema needs to
be added to this directory server.  This program can automatically update the
configuration for you.  Alternatively, you can manually update the schema
through the instructions given to you at setup time.  If your policy data is
in a separate directory server from either the directory server containing
Oracle configuration data or user data, do you want to automatically configure
your Directory Server containing Policy data now?
[ ]  1  –  Yes
[X]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

[ ]  1  –  Directory Server hosting user data is in SSL

To select an item enter its number, or 0 when you are finished [0]:

[ ]  1  –  Directory Server hosting Oracle data is in SSL

To select an item enter its number, or 0 when you are finished [0]:

[ ]  1  –  Directory Server hosting Policy data is in SSL

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]
——————————————————————————-

Specify the transport security mode between this Access Manager and Access
Servers that you plan to install in the future.

Specify the transport security mode
[ ]  1  –  Open Mode:    No Encryption
[ ]  2  –  Simple Mode:  Encryption through SSL and a Public Key Certificate
[ ]  3  –  Cert Mode:    Encryption through SSL and a Public Key Certificate

To select an item enter its number, or 0 when you are finished [0]: 1

Specify the transport security mode
[X]  1  –  Open Mode:    No Encryption
[ ]  2  –  Simple Mode:  Encryption through SSL and a Public Key Certificate
[ ]  3  –  Cert Mode:    Encryption through SSL and a Public Key Certificate

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 Policy Manager is installed under your Oracle
Access Manager 10.1.4.0.1 Policy Manager installation directory. In order to
use the Oracle Access Manager 10.1.4.0.1 Policy Manager module, configure your
web server by modifying the configuration in your web server directory. Oracle
can automatically update the configuration for you. Alternatively, you can
manually update it.

Proceed with automatic update of “httpd.conf”?
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Enter the absolute path of httpd.conf in your Web Server config
directory.
(e.g. “/export/apache/conf/httpd.conf”)
[/slot/ems1748/oracle/oam/Apache2063/conf/httpd.conf]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Updating web server configuration…

——————————————————————————-
Please read the information below.

If the web server is setup in SSL mode, then httpd.conf file needs to be
configured with the SSL related parameters. To manually tune your SSL
configuration, please follow the instructions that come up.

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Information on the rest of the product setup and your Web server configuration
is available in the document :

/slot/ems1748/oracle/oam/opt/netpoint/webcomponent/access/oblix/lang/en-us/docs
/config.htm
Would you like the installer to launch a browser to view this document?
Alternatively, please make note of the document path and launch the browser
yourself.
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

Changing file ownership and permissions…

——————————————————————————-
Please read the information below.

Oracle COREid 10.1.4.0.1 ReadMe

—————————————
Contents
—————————————

—————————————
Contacting Oracle
—————————————

If you have questions about installing or configuring NetPoint, please contact
Oracle Customer Care at (800) 833-3536 or check this link
http://www.oracle.com/corporate/contact/index.html.

Oracle
http://www.oracle.com
Corporate Headquarters
500 Oracle Parkway

Press ENTER to read the text [Type q to quit]

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 Policy Manager has been successfully
installed.

Press 3 to Finish or 4 to Redisplay [3]

This completes the Policy Server installation. Once complete, kindly restart the Apache web server

-bash-3.00$ /slot/ems1748/oracle/oam/Apache2063/bin/apachectl stop
-bash-3.00$ /slot/ems1748/oracle/oam/Apache2063/bin/apachectl start

Step 5) Setup Policy Manager

Open the Policy manager URL : http://adc60025sems.us.oracle.com:8080/access/oblix/

15

Click on Access System Console

Click on setup

For User Directory Server Type – select “Oracle Internet Directory” and click next

31

For Location Of Directory Server for User Data – Enter your OID details as shown below. Click on Next

41

For Directory Server Type containing Configuration data – Select “Oracle Internet Directory” and click next

51

For Directory Server containing User Data and Directory Server containing Configuration Data – Select “Store Configuration Data in the User Directory Server ” and click next.

61

For Directory Server containing User Data and Directory Server containing Policy Data – select “Store Policy Data in the User Directory Server ” and click next.

71

For Location Of Oracle Access Manager Configuration data, the Searchbase, and the Policybase – Enter the correct DN as per your setup. Click on next.

81

Enter the Person Object Class as inetOrgPerson and click Next.

91

On the next screen you will see following message. Just restart the web server from command prompt and click on next

101

-bash-3.00$ /slot/ems1748/oracle/oam/Apache2063/bin/apachectl stop
-bash-3.00$ /slot/ems1748/oracle/oam/Apache2063/bin/apachectl start

For Root Directory for Policy Domains – put / and click Next.

111

For Configuring Authentication scheme, select Yes and click on Next.

121

For Authentication Scheme Type – Select “Basic Over LDAP”, Click on Next

131

On the next screen, retain all the default values and click Next

141

Select Yes for configure policies to protect Access System. Click on Next

151

Please restart the Identity server and web server before proceeding.

$HOME/oam/opt/netpoint/identity/oblix/apps/common/bin/stop_ois_server
$HOME/oam/opt/netpoint/identity/oblix/apps/common/bin/start_ois_server
$HOME/oam/Apache2063/bin/apachectl stop
$HOME/oam/Apache2063/bin/apachectl start

Click on Done.

16

Now if you click on Policy manager, it will ask for userID and Password. Enter the administrator userID/Password (orcladmin/welcome1)

17

You should be able to see the Policy Manager console.

Step 6) Installing Oracle Access Manager

Next step is installing Oracle Access Manager. Before staring the installation, you need to create instance for it from Access console. Follow the below steps

Open the URL : http://adc60025sems.us.oracle.com:8080/access/oblix/

18

Login as administrator (orcladmin/welcome1)

21

Click on “Access System Configuration” tab and then click on “Access Server Configuration Link”

32

Click on Add button and fill in the following details and click on “Save”

Name : Access_1748
Hostname : adc60025sems.us.oracle.com
Port     6035
Access Management Service : ON

42

Note that the AccessServer server instance is configured for the ten.mydomain.com server on port 6035. Click Logout and then OK to exit the Access administration console.

52

Logout of the console and start installing Access Server.

-bash-3.00$ ./Oracle_Access_Manager10_1_4_0_1_linux_Access_Server
InstallShield Wizard

Initializing InstallShield Wizard…

Preparing Java(tm) Virtual Machine…
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
…………………….
Running InstallShield Wizard…

——————————————————————————-
Welcome to the InstallShield Wizard for Oracle Access Manager 10.1.4.0.1 Access
Server

The InstallShield Wizard will install Oracle Access Manager 10.1.4.0.1 Access
Server on your computer.
To continue, choose Next.

Oracle Access Manager 10.1.4.0.1 Access Server
Oracle

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

The product that you are about to install needs to be owned by a dedicated
user. Only root or the dedicated user may be able to start the service. Most
of the time the server is run as `root’ or `nobody’.

Enter the username the Access server is running as [nobody] ora1748

Enter the Group for the above username [nobody] ems1748

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please specify the installation directory for Oracle Access Manager 10.1.4.0.1
Access Server.

Please specify a directory name or press Enter [/opt/netpoint] /slot/ems1748/oracle/oam/opt/netpoint

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 Access Server will be installed in the
following location:
/slot/ems1748/oracle/oam/opt/netpoint/access
for a total size:
211 MB
Please make a note of the Oracle Access Manager 10.1.4.0.1 Access Server
installation directory: /slot/ems1748/oracle/oam/opt/netpoint/access because
you will need to refer to it in the future.

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

To proceed with installation of Oracle Access Manager 10.1.4.0.1 Access Server
and for successfully running the product, you must install additional GCC
runtime libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that these
libraries should be compatible with GCC 3.3.2. The libraries are available for
download from either of the following locations – http://metalink.oracle.com
(requires login), or http://www.oracle.com/technology/products/ias/index.html.
Once these libraries are locally available, please specify the directory
containing the files and proceed with the installation.

Location of GCC runtime libraries []: /slot/ems1748/oracle/oam/gcc_lib

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Installing $L(com.oblix.installshield.ObStrings, AAA, $P(productNumber),
$L(com.oblix.installshield.ObStrings, minorVersion)). Please wait…

|———–|———–|———–|————|
0%         25%         50%         75%        100%
||||||||||||||||||||||||||||||||||||||||||||||||||

Installing Oracle Access Manager 10.1.4.0.1 Access Server. Please wait…

Creating uninstaller…

Extracting Language Packs. Please Wait…

Access Server Configuration

Access Server Configuration

Changing file ownership and permissions…

——————————————————————————-

Specify the transport security mode between the WebGate/Access client and the
Access Server.
[X]  1  –  Open Mode:    No Encryption
[ ]  2  –  Simple Mode:  Encryption through SSL and a Public Key Certificate
[ ]  3  –  Cert Mode:    Encryption through SSL and a Public Key Certificate

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

The Access Server connects to an LDAP enabled directory server for Oracle
Data. Please provide following information for the directory server and choose
Next to continue the installation process.

Mode in which the Directory Server containing Oracle configuration data is
running
[X]  1  –  Open
[ ]  2  –  SSL

To select an item enter its number, or 0 when you are finished [0]:

Host machine on which the Directory Server containing Oracle
configuration data resides [] adc60025sems.us.oracle.com

Port number on which the Directory Server containing Oracle
configuration data resides [] 13108

Root DN of the Directory Server containing Oracle configuration data
(e.g. cn=Directory Manager) [] cn=orcladmin

Root Password of the Directory Server containing Oracle configuration data

Type of the Directory Server containing Oracle configuration data
[X]  1  –  Sun Directory Server 5.x
[ ]  2  –  NDS
[ ]  3  –  Active Directory
[ ]  4  –  Active Directory Application Mode
[ ]  5  –  Siemens DirX
[ ]  6  –  IBM Directory Server
[ ]  7  –  Oracle Internet Directory

To select an item enter its number, or 0 when you are finished [0]: 7

Type of the Directory Server containing Oracle configuration data
[ ]  1  –  Sun Directory Server 5.x
[ ]  2  –  NDS
[ ]  3  –  Active Directory
[ ]  4  –  Active Directory Application Mode
[ ]  5  –  Siemens DirX
[ ]  6  –  IBM Directory Server
[X]  7  –  Oracle Internet Directory

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Where is the Policy data stored?
[X]  1  –  Oracle Directory
[ ]  2  –  Separate Directory

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please provide the Access Server ID, Configuration DN, and Policy Base for the
Access Server. You must use a unique ID for each Access Server you install.

Access Server ID [Access_1748]

Configuration DN [cn=orcladmin] dc=us,dc=oracle,dc=com

Policy Base [dc=us,dc=oracle,dc=com]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Changing file ownership and permissions…

Configuring Access Server…

Changing file ownership and permissions…

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 Access Server has been successfully
installed. Access Server has been configured successfully. Please start your
Access Server by running
/slot/ems1748/oracle/oam/opt/netpoint/access/oblix/apps/common/bin/start_access
_server program from command line. If your Access Server requires a password
to start, please provide the password through the -P option.

Press 3 to Finish or 4 to Redisplay [3]

Once the installation completes, start the Access Server.

Step 7) Installing WebGate

Similar to the Access Server installation, a WebGate must be defined in the configuration store before the WebGate can be installed. Open the browser and enter the URL to open the Access System in the following format, and then click Access System Console.

Open URL : http://adc60025sems.us.oracle.com:8080/access/oblix/

Login as Administrator (orcladmin/welcome1)

Click on “Access System Configuration” tab and then click on “Add New Access Gate”. Enter the following information as per your setup

AccessGate Name : AccessGate_1748
Description       : Access Gate
Hostname        : adc60025sems.us.oracle.com
Port               : 7777
Access Gate Password : welcome1
Access Management Service : ON
Primary HTTP Cookie Domain : .us.oracle.com
Preferred HTTP Host : adc60025sems.us.oracle.com:7777

19

Once the information is entered. Save it. You will see following warning on the top of the page
“Please associate an Access Server or Access Server Cluster with this AccessGate”

Scroll down and click on “List Access Servers”

22

Click on Add button and select your server from dropdown.

33

logout of the console and start installing Web Gate.

-bash-3.00$ ./Oracle_Access_Manager10_1_4_0_1_linux_APACHE2_WebGate
InstallShield Wizard

Initializing InstallShield Wizard…

Preparing Java(tm) Virtual Machine…
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
……………………………..
………………………….
Running InstallShield Wizard…

——————————————————————————-
Welcome to the InstallShield Wizard for Oracle Access Manager 10.1.4.0.1
WebGate

The InstallShield Wizard will install Oracle Access Manager 10.1.4.0.1 WebGate
on your computer.
To continue, choose Next.

Oracle Access Manager 10.1.4.0.1 WebGate
Oracle

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

The product that you are about to install needs to be owned by the same user
as the web server is running as. Most of the time the web server is run as
`root’ or `nobody’. Doing a `ps’ on the server process is a quick way to find
out who the owner is.

Enter the username the web server is running as [nobody] ora1748

Enter the Group for the above username [nobody] ems1748

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please specify the installation directory for Oracle Access Manager 10.1.4.0.1
WebGate.

Please specify a directory name or press Enter [/opt/netpoint/webgate] /slot/ems1748/oracle/oam/opt/netpoint/webgate

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 WebGate will be installed in the following
location:
/slot/ems1748/oracle/oam/opt/netpoint/webgate/access
for a total size:
159.7 MB
Please make a note of the Oracle Access Manager 10.1.4.0.1 WebGate
installation directory: /slot/ems1748/oracle/oam/opt/netpoint/webgate/access
because you will need to refer to it in the future.

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

To proceed with installation of Oracle Access Manager 10.1.4.0.1 WebGate and
for successfully running the product, you must install additional GCC runtime
libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that these libraries
should be compatible with GCC 3.3.2. The libraries are available for download
from either of the following locations – http://metalink.oracle.com (requires
login), or http://www.oracle.com/technology/products/ias/index.html. Once
these libraries are locally available, please specify the directory containing
the files and proceed with the installation.

Location of GCC runtime libraries []: /slot/ems1748/oracle/oam/gcc_lib

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Installing $L(com.oblix.installshield.ObStrings, WEBGATE, $P(productNumber),
$L(com.oblix.installshield.ObStrings, minorVersion)). Please wait…

|———–|———–|———–|————|
0%         25%         50%         75%        100%
||||||||||||||||||||||||||||||||||||||||||||||||||

Installing Oracle Access Manager 10.1.4.0.1 WebGate. Please wait…

Creating uninstaller…

Extracting Language Packs. Please Wait…

WebGate Configuration

WebGate Configuration

Changing file ownership and permissions…

——————————————————————————-

Specify the transport security mode
[X]  1  –  Open Mode:    No Encryption
[ ]  2  –  Simple Mode:  Encryption through SSL and a Public Key Certificate
[ ]  3  –  Cert Mode:    Encryption through SSL and a Public Key Certificate

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Please provide the WebGate ID, host name, and port number for the WebGate
connection. You must use a unique ID for each WebGate you install.

WebGate ID [] AccessGate_1748

Password for WebGate

Access Server ID [] Access_1748

Host name where an Access Server is installed [] adc60025sems.us.oracle.com

Port number the Access Server listens to [6021] 6035

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Configuring WebGate…

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 WebGate is installed under your Oracle Access
Manager 10.1.4.0.1 WebGate installation directory. In order to use the Oracle
Access Manager 10.1.4.0.1 WebGate module, configure your web server by
modifying the configuration in your web server directory. Oracle can
automatically update the configuration for you. Alternatively, you can
manually update it.

Proceed with automatic update of “httpd.conf”?
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Enter the absolute path of httpd.conf in your Web Server config
directory.
(e.g. “/export/apache/conf/httpd.conf”) [] /slot/ems1748/oracle/oam/Apache2063/conf/httpd.conf

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

Updating web server configuration…

——————————————————————————-
Configure Web Server

Web Server Configuration has been modified for WebGate

Please restart your WebServer to complete the installation of WebGate.

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-
Configure Web Server

If the web server is setup in SSL mode, then httpd.conf file needs to be
configured with the SSL related parameters. To manually tune your SSL
configuration, please follow the instructions that come up.

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Information on the rest of the product setup and your Web server configuration
is available in the document :

/slot/ems1748/oracle/oam/opt/netpoint/webgate/access/oblix/lang/en-us/docs/conf
ig.htm
Would you like the installer to launch a browser to view this document?
Alternatively, please make note of the document path and launch the browser
yourself.
[X]  1  –  Yes
[ ]  2  –  No

To select an item enter its number, or 0 when you are finished [0]:

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

Changing file ownership and permissions…

——————————————————————————-
Please read the information below.

Oracle COREid 10.1.4.0.1 ReadMe

—————————————
Contents
—————————————

—————————————
Contacting Oracle
—————————————

If you have questions about installing or configuring NetPoint, please contact
Oracle Customer Care at (800) 833-3536 or check this link
http://www.oracle.com/corporate/contact/index.html.

Oracle
http://www.oracle.com
Corporate Headquarters
500 Oracle Parkway

Press ENTER to read the text [Type q to quit] q

Press 1 for Next, 3 to Cancel or 4 to Redisplay [1]

——————————————————————————-

Oracle Access Manager 10.1.4.0.1 WebGate has been successfully installed.
Oracle Access Manager 10.1.4.0.1 WebGate Setup Information
Transport Security: open
WebGate ID: AccessGate_1748
Access Server Host Name: adc60025sems.us.oracle.com
Access Server Port Number: 6035

Press 3 to Finish or 4 to Redisplay [3]

This completes the installation of Oracle Access Manager and all its components.

Hope this helps !!

References:

http://becomeappsdba.blogspot.com/2007/03/installing-oracle-access-manager-oblix.html
http://www.oracle.com/technology/obe/fusion_middleware/im1014/ovd-oam/oam-ovd/install_oam2/install_oam2.htm
http://www.oracle.com/technology/obe/fusion_middleware/im1014/ovd-oam/oam-ovd/install_oam/install_oam.htm
http://download.oracle.com/docs/cd/B31017_01/core.1013/b28939/coreid.htm