oam install & config

124
Oracle Access Manager Install & Config Software Version Details: Software Version Oracle Jrocket JDK 1.6.0_31-R28.2.3-4.1.0 Oracle Weblogic 10.3.6 Oracle Access Manager 11.1.2.1.0 Oracle HTTP Server 11.1.1.7.0 Oracle Webgate 11.1.2.1.0 Oracle RCU 11.1.2.1.0for OAM Oracle Database 11.2.0.4.0

Upload: vigilant-technologies

Post on 07-Aug-2015

45 views

Category:

Software


1 download

TRANSCRIPT

Page 1: OAM Install & Config

Oracle Access Manager Install & Config

Software Version Details:

Software Version

Oracle Jrocket JDK 1.6.0_31-R28.2.3-4.1.0

Oracle Weblogic 10.3.6

Oracle Access Manager 11.1.2.1.0

Oracle HTTP Server 11.1.1.7.0

Oracle Webgate 11.1.2.1.0

Oracle RCU 11.1.2.1.0for OAM

Oracle Database 11.2.0.4.0

Page 2: OAM Install & Config

Installing RCU for Oracle Access Manager:

Click Next

Page 3: OAM Install & Config

Click Next

Provide database details in below screen

Page 4: OAM Install & Config

Click Next

Select only oracle access manager component in below screen give prefix name as meaningful

name

Page 5: OAM Install & Config

Click Next

Provide password details in below screen

Page 6: OAM Install & Config

Click Next

Page 7: OAM Install & Config

Click Next

Page 8: OAM Install & Config

Click Create

Completed RCU installation

Install Java

Latest JRockit - Patch 16863120: JDK160 ORACLE JROCKIT R28.2.8 p16863120_2828_Linux-x86-64.zip cd /apps unzip /apps/p16863120_2828_Linux-x86-64.zip

Create Inventory Directory

mkdir /apps/Middleware/oraInventory vi /etc/oraInst.loc inst_group=oinstall inventory_loc=/apps/Middleware/oraInventory

Page 9: OAM Install & Config

Instillaing weblogic

[appoam@slcr12devtap1 WEBLOGIC_1036]$ export JAVA_HOME=/apps/jrockit-jdk1.6.0_51 [appoam@slcr12devtap1 WEBLOGIC_1036]$ export PATH=$JAVA_HOME/bin:$PATH [appoam@slcr12devtap1 WEBLOGIC_1036]$ which java /apps/jrockit-jdk1.6.0_51/bin/java [appoam@slcr12devtap1 WEBLOGIC_1036]$ java -version java version "1.6.0_51" Java(TM) SE Runtime Environment (build 1.6.0_51-b11) Oracle JRockit(R) (build R28.2.8-10-156881-1.6.0_51-20130611-1146-linux-x86_64, compiled mode)

Click Next

Please give middleware path and click Next

Page 10: OAM Install & Config

Unceck check box press “yes”

Page 11: OAM Install & Config

Click “yes”

Page 12: OAM Install & Config
Page 13: OAM Install & Config

Select Typical Click Next

Page 14: OAM Install & Config
Page 15: OAM Install & Config

Click Next

Make sure below JROCKET path is correct and Click Next

Page 16: OAM Install & Config

Click Next

Page 17: OAM Install & Config

Click Next

Page 18: OAM Install & Config

Uncheck “run Quick start” and click done

Page 19: OAM Install & Config

Completed Weblogic Installation

==============================================================================

=======

Page 20: OAM Install & Config

Installation Oracle Access Manager

[appoam@slcr12devtap1 Disk1]$ ./runInstaller Starting Oracle Universal Installer... Checking if CPU speed is above 300 MHz. Actual 2294 MHz Passed Checking Temp space: must be greater than 150 MB. Actual 8411 MB Passed Checking swap space: must be greater than 512 MB. Actual 7684 MB Passed Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed Preparing to launch Oracle Universal Installer from /tmp/OraInstall2014-04-18_07-22-22PM. Please wait ... Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :/apps/jrockit-jdk1.6.0_51

Click Next

Page 21: OAM Install & Config

Click Next

Page 22: OAM Install & Config

Please provide Middleware Home Directory

Page 23: OAM Install & Config

Click Next

Page 24: OAM Install & Config
Page 25: OAM Install & Config

Click Next

Page 26: OAM Install & Config

Click Finish

Completed installing the oracle accessmanager

Configuring the Oracle Access Manager

[appoam@slcr12devtap1 Disk1]$ export WL_HOME=/apps/Middleware/MW_HOME/OAM/ [appoam@slcr12devtap1 Disk1]$ export ORACLE_HOME=/apps/Middleware/MW_HOME/OAM/Oracle_OAM [appoam@slcr12devtap1 Disk1]$ cd $ORACLE_HOME [appoam@slcr12devtap1 Oracle_OAM]$ pwd /apps/Middleware/MW_HOME/OAM/Oracle_OAM [appoam@slcr12devtap1 Oracle_OAM]$ cd common [appoam@slcr12devtap1 common]$ cd bin [appoam@slcr12devtap1 bin]$

Page 27: OAM Install & Config
Page 28: OAM Install & Config
Page 29: OAM Install & Config
Page 30: OAM Install & Config
Page 31: OAM Install & Config
Page 32: OAM Install & Config
Page 33: OAM Install & Config
Page 34: OAM Install & Config
Page 35: OAM Install & Config
Page 36: OAM Install & Config
Page 37: OAM Install & Config
Page 38: OAM Install & Config
Page 39: OAM Install & Config
Page 40: OAM Install & Config
Page 41: OAM Install & Config
Page 42: OAM Install & Config
Page 43: OAM Install & Config
Page 44: OAM Install & Config
Page 45: OAM Install & Config
Page 46: OAM Install & Config

Completed configuring the Oracle Access Manager

==============================================================================

=======

Configuring Database Security Store for an Oracle Identity and Access Management Domain

appoam@slcr12devtap1 domains]$ cd

/apps/Middleware/MW_HOME/OAM/user_projects/domains/oamdomain

[appoam@slcr12devtap1 oamdomain]$ /apps/Middleware/MW_HOME/OAM/oracle_common/common/bin/wlst.sh /apps/Middleware/MW_HOME/OAM/Oracle_OAM/common/tools/configureSecurityStore.py -d /apps/Middleware/MW_HOME/OAM/user_projects/domains/oamdomain -c IAM -u dev_opss -p Passw0rd -m create Below Is the output of above script

CLASSPATH=/apps/Middleware/MW_HOME/OAM/patch_wls1036/profiles/default/sys_manife

st_classpath/weblogic_patch.jar:/apps/Middleware/MW_HOME/OAM/patch_ocp371/profiles/

default/sys_manifest_classpath/weblogic_patch.jar:/apps/jrockit-

Page 47: OAM Install & Config

jdk1.6.0_51/lib/tools.jar:/apps/Middleware/MW_HOME/OAM/wlserver_10.3/server/lib/weblo

gic_sp.jar:/apps/Middleware/MW_HOME/OAM/wlserver_10.3/server/lib/weblogic.jar:/apps/

Middleware/MW_HOME/OAM/modules/features/weblogic.server.modules_10.3.6.0.jar:/apps/

Middleware/MW_HOME/OAM/wlserver_10.3/server/lib/webservices.jar:/apps/Middleware/M

W_HOME/OAM/modules/org.apache.ant_1.7.1/lib/ant-

all.jar:/apps/Middleware/MW_HOME/OAM/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-

contrib.jar::/apps/Middleware/MW_HOME/OAM/oracle_common/modules/oracle.jrf_11.1.1/j

rf-

wlstman.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/lib/adfscripti

ng.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/lib/adf-share-

mbeans-

wlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/lib/mdswlst.jar:/

apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/auditwlst.jar:/a

pps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/igfwlsthelp.jar:/

apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/jps-

wlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/jrf-

wlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/oama

p_help.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/oa

mAuthnProvider.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/reso

urces/ossoiap_help.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/r

esources/ossoiap.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/res

ources/ovdwlsthelp.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/r

esources/sslconfigwlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wls

t/resources/wsm-wlst.jar:/apps/Middleware/MW_HOME/OAM/utils/config/10.3/config-

launch.jar::/apps/Middleware/MW_HOME/OAM/wlserver_10.3/common/derby/lib/derbynet.j

ar:/apps/Middleware/MW_HOME/OAM/wlserver_10.3/common/derby/lib/derbyclient.jar:/ap

ps/Middleware/MW_HOME/OAM/wlserver_10.3/common/derby/lib/derbytools.jar::

Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Info: Data source is: opss-DBDS Info: DB JDBC driver: oracle.jdbc.OracleDriver Info: DB JDBC URL: jdbc:oracle:thin:@usaslcoamdbr12t.goldbar.barrick.com:1531/oamd Connected:oracle.jdbc.driver.T4CConnection@1e28e947

Page 48: OAM Install & Config

Disconnect:oracle.jdbc.driver.T4CConnection@1e28e947 2014-04-19 10:02:09.640 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 23 2014-04-19 10:02:09.660 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 24 2014-04-19 10:02:09.660 rcu:Extracted SQL Statement: [SET ECHO ON] 2014-04-19 10:02:09.660 rcu:Skipping Unsupported Statement 2014-04-19 10:02:09.660 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 25 2014-04-19 10:02:09.660 rcu:Extracted SQL Statement: [SET FEEDBACK 1] 2014-04-19 10:02:09.660 rcu:Skipping Unsupported Statement 2014-04-19 10:02:09.660 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 26 2014-04-19 10:02:09.660 rcu:Extracted SQL Statement: [SET NUMWIDTH 10] 2014-04-19 10:02:09.660 rcu:Skipping Unsupported Statement 2014-04-19 10:02:09.661 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 27 2014-04-19 10:02:09.661 rcu:Extracted SQL Statement: [SET LINESIZE 80] 2014-04-19 10:02:09.661 rcu:Skipping Unsupported Statement 2014-04-19 10:02:09.661 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 28 2014-04-19 10:02:09.661 rcu:Extracted SQL Statement: [SET TRIMSPOOL ON] 2014-04-19 10:02:09.661 rcu:Skipping Unsupported Statement 2014-04-19 10:02:09.661 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 29 2014-04-19 10:02:09.661 rcu:Extracted SQL Statement: [SET TAB OFF] 2014-04-19 10:02:09.661 rcu:Skipping Unsupported Statement 2014-04-19 10:02:09.662 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 30 2014-04-19 10:02:09.662 rcu:Extracted SQL Statement: [SET PAGESIZE 100] 2014-04-19 10:02:09.662 rcu:Skipping Unsupported Statement 2014-04-19 10:02:09.662 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 31 2014-04-19 10:02:09.665 rcu:Extracted SQL Statement: [ALTER SESSION SET CURRENT_SCHEMA=&&1 ]

Page 49: OAM Install & Config

2014-04-19 10:02:09.668 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:10.511 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 35 2014-04-19 10:02:10.512 rcu:Extracted SQL Statement: [DELETE FROM JPS_ATTRS attr WHERE attr.JPS_ATTRS_ID IN (SELECT JPS_ATTRS_ID FROM CT_8 ct WHERE ct.ATTRVAL IS NULL)] 2014-04-19 10:02:10.513 rcu:Statement Type: 'DELETE Statement' 2014-04-19 10:02:11.117 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 36 2014-04-19 10:02:11.117 rcu:Extracted SQL Statement: [DELETE FROM JPS_ATTRS attr WHERE attr.JPS_ATTRS_ID IN (SELECT JPS_ATTRS_ID FROM CT_10 ct WHERE ct.ATTRVAL IS NULL)] 2014-04-19 10:02:11.117 rcu:Statement Type: 'DELETE Statement' 2014-04-19 10:02:11.150 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 37 2014-04-19 10:02:11.150 rcu:Extracted SQL Statement: [DELETE FROM JPS_ATTRS attr WHERE attr.JPS_ATTRS_ID IN (SELECT JPS_ATTRS_ID FROM CT_11 ct WHERE ct.ATTRVAL IS NULL)] 2014-04-19 10:02:11.150 rcu:Statement Type: 'DELETE Statement' 2014-04-19 10:02:11.182 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 38 2014-04-19 10:02:11.182 rcu:Extracted SQL Statement: [DELETE FROM JPS_ATTRS attr WHERE attr.JPS_ATTRS_ID IN (SELECT JPS_ATTRS_ID FROM CT_22 ct WHERE ct.ATTRVAL IS NULL)] 2014-04-19 10:02:11.183 rcu:Statement Type: 'DELETE Statement' 2014-04-19 10:02:11.215 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 39 2014-04-19 10:02:11.215 rcu:Extracted SQL Statement: [DELETE FROM CT_8 ct WHERE ct.ATTRVAL IS NULL] 2014-04-19 10:02:11.215 rcu:Statement Type: 'DELETE Statement' 2014-04-19 10:02:11.223 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 40 2014-04-19 10:02:11.223 rcu:Extracted SQL Statement: [DELETE FROM CT_10 ct WHERE ct.ATTRVAL IS NULL] 2014-04-19 10:02:11.223 rcu:Statement Type: 'DELETE Statement' 2014-04-19 10:02:11.232 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 41 2014-04-19 10:02:11.232 rcu:Extracted SQL Statement: [DELETE FROM CT_11 ct WHERE ct.ATTRVAL IS NULL] 2014-04-19 10:02:11.232 rcu:Statement Type: 'DELETE Statement'

Page 50: OAM Install & Config

2014-04-19 10:02:11.351 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 42 2014-04-19 10:02:11.351 rcu:Extracted SQL Statement: [DELETE FROM CT_22 ct WHERE ct.ATTRVAL IS NULL] 2014-04-19 10:02:11.351 rcu:Statement Type: 'DELETE Statement' 2014-04-19 10:02:11.361 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 43 2014-04-19 10:02:11.362 rcu:Extracted SQL Statement: [] 2014-04-19 10:02:11.367 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 43 2014-04-19 10:02:11.367 rcu:Extracted SQL Statement: [COMMIT;] 2014-04-19 10:02:11.372 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 47 2014-04-19 10:02:11.374 rcu:Extracted SQL Statement: [declare v_count NUMBER := 0 ; BEGIN SELECT COUNT(*) INTO v_count FROM CT_8 WHERE LENGTH(ATTRVAL) > 3000; IF (v_count = 0) THEN EXECUTE IMMEDIATE 'ALTER TABLE CT_8 MODIFY (ATTRVAL VARCHAR2(3000))'; EXECUTE IMMEDIATE 'CREATE TABLE CT_8_TMP (JPS_DN_ENTRYID, JPS_ATTRS_ID, ATTRVAL, PRIMARY KEY (JPS_DN_ENTRYID, ATTRVAL, JPS_ATTRS_ID)) ORGANIZATION INDEX OVERFLOW AS SELECT JPS_DN_ENTRYID, JPS_ATTRS_ID, ATTRVAL FROM CT_8'; EXECUTE IMMEDIATE 'DROP TABLE CT_8'; EXECUTE IMMEDIATE 'ALTER TABLE CT_8_TMP RENAME TO CT_8'; EXECUTE IMMEDIATE 'ALTER TABLE CT_8 ADD CONSTRAINT CT_8_FK FOREIGN KEY(JPS_ATTRS_ID) REFERENCES JPS_ATTRS(JPS_ATTRS_ID) ON DELETE CASCADE'; END IF; SELECT COUNT(*) INTO v_count FROM CT_10 WHERE LENGTH(ATTRVAL) > 3000; IF (v_count = 0) THEN EXECUTE IMMEDIATE 'ALTER TABLE CT_10 MODIFY (ATTRVAL VARCHAR2(3000))'; EXECUTE IMMEDIATE 'CREATE TABLE CT_10_TMP (JPS_DN_ENTRYID, JPS_ATTRS_ID, ATTRVAL, PRIMARY KEY (JPS_DN_ENTRYID, ATTRVAL, JPS_ATTRS_ID)) ORGANIZATION INDEX OVERFLOW AS SELECT JPS_DN_ENTRYID, JPS_ATTRS_ID, ATTRVAL FROM CT_10'; EXECUTE IMMEDIATE 'DROP TABLE CT_10'; EXECUTE IMMEDIATE 'ALTER TABLE CT_10_TMP RENAME TO CT_10'; EXECUTE IMMEDIATE 'ALTER TABLE CT_10 ADD CONSTRAINT CT_10_FK FOREIGN KEY(JPS_ATTRS_ID) REFERENCES JPS_ATTRS(JPS_ATTRS_ID) ON DELETE CASCADE'; END IF;

Page 51: OAM Install & Config

SELECT COUNT(*) INTO v_count FROM CT_11 WHERE LENGTH(ATTRVAL) > 3000; IF (v_count = 0) THEN EXECUTE IMMEDIATE 'ALTER TABLE CT_11 MODIFY (ATTRVAL VARCHAR2(3000))'; EXECUTE IMMEDIATE 'CREATE TABLE CT_11_TMP (JPS_DN_ENTRYID, JPS_ATTRS_ID, ATTRVAL, PRIMARY KEY (JPS_DN_ENTRYID, ATTRVAL, JPS_ATTRS_ID)) ORGANIZATION INDEX OVERFLOW AS SELECT JPS_DN_ENTRYID, JPS_ATTRS_ID, ATTRVAL FROM CT_11'; EXECUTE IMMEDIATE 'DROP TABLE CT_11'; EXECUTE IMMEDIATE 'ALTER TABLE CT_11_TMP RENAME TO CT_11'; EXECUTE IMMEDIATE 'ALTER TABLE CT_11 ADD CONSTRAINT CT_11_FK FOREIGN KEY(JPS_ATTRS_ID) REFERENCES JPS_ATTRS(JPS_ATTRS_ID) ON DELETE CASCADE'; END IF; SELECT COUNT(*) INTO v_count FROM CT_22 WHERE LENGTH(ATTRVAL) > 3000; IF (v_count = 0) THEN EXECUTE IMMEDIATE 'ALTER TABLE CT_22 MODIFY (ATTRVAL VARCHAR2(3000))'; EXECUTE IMMEDIATE 'CREATE TABLE CT_22_TMP (JPS_DN_ENTRYID, JPS_ATTRS_ID, ATTRVAL, PRIMARY KEY (JPS_DN_ENTRYID, ATTRVAL, JPS_ATTRS_ID)) ORGANIZATION INDEX OVERFLOW AS SELECT JPS_DN_ENTRYID, JPS_ATTRS_ID, ATTRVAL FROM CT_22'; EXECUTE IMMEDIATE 'DROP TABLE CT_22'; EXECUTE IMMEDIATE 'ALTER TABLE CT_22_TMP RENAME TO CT_22'; EXECUTE IMMEDIATE 'ALTER TABLE CT_22 ADD CONSTRAINT CT_22_FK FOREIGN KEY(JPS_ATTRS_ID) REFERENCES JPS_ATTRS(JPS_ATTRS_ID) ON DELETE CASCADE'; END IF; END; ] 2014-04-19 10:02:11.378 rcu:Statement Type: 'BEGIN/END Anonymous Block' 2014-04-19 10:02:13.187 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 90 2014-04-19 10:02:13.187 rcu:Extracted SQL Statement: [ALTER TABLE JPS_ATTRS ADD ( ATTRKIND NUMBER )] 2014-04-19 10:02:13.187 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:13.254 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 93 2014-04-19 10:02:13.254 rcu:Extracted SQL Statement: [CREATE INDEX JPS_ATTRS_KIND ON JPS_ATTRS (ATTRKIND)] 2014-04-19 10:02:13.255 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:13.295 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 94

Page 52: OAM Install & Config

2014-04-19 10:02:13.295 rcu:Extracted SQL Statement: [UPDATE JPS_ATTRS SET ATTRKIND = 1 WHERE lower(ATTRNAME) = 'orcljpsassignee'] 2014-04-19 10:02:13.296 rcu:Statement Type: 'DML Statement' 2014-04-19 10:02:13.307 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 96 2014-04-19 10:02:13.307 rcu:Extracted SQL Statement: [UPDATE JPS_ATTRS SET ATTRKIND = 0 WHERE ATTRKIND IS NULL] 2014-04-19 10:02:13.307 rcu:Statement Type: 'DML Statement' 2014-04-19 10:02:13.320 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 97 2014-04-19 10:02:13.320 rcu:Extracted SQL Statement: [] 2014-04-19 10:02:13.325 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 97 2014-04-19 10:02:13.325 rcu:Extracted SQL Statement: [COMMIT;] 2014-04-19 10:02:13.329 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 100 2014-04-19 10:02:13.329 rcu:Extracted SQL Statement: [CREATE INDEX IDX_JPS_CONCAT_DN ON JPS_DN (CONCAT(PARENTDN, RDN))] 2014-04-19 10:02:13.329 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:13.370 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 103 2014-04-19 10:02:13.370 rcu:Extracted SQL Statement: [ALTER TABLE CT_9 ADD ( GRANTEEDNATTR VARCHAR2(1024), PERMSETREFATTR VARCHAR2 (1024), POLICYREFATTR VARCHAR2 (1024), POLICYSETREFATTR VARCHAR2 (1024), RULEREFATTR VARCHAR2 (1024) )] 2014-04-19 10:02:13.371 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:13.420 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 113 2014-04-19 10:02:13.421 rcu:Extracted SQL Statement: [ALTER TABLE CT_6 ADD ( PRINCIPAL_CLASS VARCHAR2(1024), NAME VARCHAR2 (1024), UNIQUENAME VARCHAR2 (1024), GUID VARCHAR2(1024), REFER_TYPE NUMBER, REFER_ENTRYID NUMBER)]

Page 53: OAM Install & Config

2014-04-19 10:02:13.422 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:13.476 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 122 2014-04-19 10:02:13.476 rcu:Extracted SQL Statement: [CREATE INDEX IDX_CT_6_CLASS ON CT_6 (PRINCIPAL_CLASS) ] 2014-04-19 10:02:13.477 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:13.512 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 123 2014-04-19 10:02:13.512 rcu:Extracted SQL Statement: [CREATE INDEX IDX_CT_6_NAME ON CT_6 (NAME) ] 2014-04-19 10:02:13.512 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:13.540 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 124 2014-04-19 10:02:13.540 rcu:Extracted SQL Statement: [CREATE INDEX IDX_CT_6_PRINCIPAL ON CT_6 (CONCAT(PRINCIPAL_CLASS, NAME))] 2014-04-19 10:02:13.541 rcu:Statement Type: 'DDL Statement' 2014-04-19 10:02:13.568 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 127 2014-04-19 10:02:13.568 rcu:Extracted SQL Statement: [UPDATE JPS_ATTRS SET ATTRVAL='11.1.1.6.1' WHERE ATTRNAME='orclProductVersion' AND (ATTRVAL='11.1.1.6.0')] 2014-04-19 10:02:13.569 rcu:Statement Type: 'DML Statement' 2014-04-19 10:02:13.579 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 128 2014-04-19 10:02:13.579 rcu:Extracted SQL Statement: [] 2014-04-19 10:02:13.584 rcu:Extracting Statement from File Name: '/apps/Middleware/MW_HOME/OAM/oracle_common/common/sql/opss/oracle/upgrade/opss_upgrade_111160_111161.sql'Line Number: 128 2014-04-19 10:02:13.584 rcu:Extracted SQL Statement: [COMMIT;] [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done Apr 19, 2014 10:02:47 AM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator schemaCompatibleHandler INFO: Credential store schema upgrade not required. Store Schema version 11.1.1.6.1 is compatible to the seed schema version 11.1.1.4.0 [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done

Page 54: OAM Install & Config

Apr 19, 2014 10:02:50 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData INFO: Migration of Credential Store data in progress..... Apr 19, 2014 10:02:59 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:08 [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done Apr 19, 2014 10:02:59 AM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.6.1 is compatible to the seed schema version 11.1.1.4.0 [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done Apr 19, 2014 10:03:03 AM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler INFO: Policy schema upgrade not required. Store Schema version 11.1.1.6.1 is compatible to the seed schema version 11.1.1.4.0 [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done WLS ManagedService is not up running. Fall back to use system properties for configuration. Apr 19, 2014 10:03:23 AM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData INFO: Migration of Admin Role Members started Apr 19, 2014 10:03:24 AM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateData INFO: Migration of Admin Role Members completed in 00:00:00 [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] migrateData - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] testJpsService - done [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done

Page 55: OAM Install & Config

Apr 19, 2014 10:03:24 AM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator schemaCompatibleHandler INFO: Audit store schema upgrade not required. Store Schema version 11.1.1.6.1 is compatible to the seed schema version 11.1.1.4.0 [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done Apr 19, 2014 10:03:25 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData INFO: Migration of Audit Store data in progress..... [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done Apr 19, 2014 10:04:52 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData INFO: Migration of Audit Store data completed, Time taken for migration is 00:01:27 [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done persist to output: /apps/Middleware/MW_HOME/OAM/user_projects/domains/oamdomain/config/fmwconfig - done [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done Apr 19, 2014 10:05:24 AM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator checkIfConfigurationValid INFO: Audit store re-association not supported. [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - Audit store re-association not supported. persist to output: /apps/Middleware/MW_HOME/OAM/user_projects/domains/oamdomain/config/fmwconfig – done Apr 19, 2014 10:03:24 AM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator schemaCompatibleHandler INFO: Audit store schema upgrade not required. Store Schema version 11.1.1.6.1 is compatible to the seed schema version 11.1.1.4.0

Page 56: OAM Install & Config

[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done Apr 19, 2014 10:03:25 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData INFO: Migration of Audit Store data in progress..... [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done Apr 19, 2014 10:04:52 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData INFO: Migration of Audit Store data completed, Time taken for migration is 00:01:27 [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done persist to output: /apps/Middleware/MW_HOME/OAM/user_projects/domains/oamdomain/config/fmwconfig - done [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done [oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done Apr 19, 2014 10:05:24 AM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator checkIfConfigurationValid INFO: Audit store re-association not supported. [oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - Audit store re-association not supported. persist to output: /apps/Middleware/MW_HOME/OAM/user_projects/domains/oamdomain/config/fmwconfig - done INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used. Using default context in /apps/Middleware/MW_HOME/OAM/user_projects/domains/oamdomain/config/fmwconfig/jps-config-migration.xml file for credential store. Credential store location : jdbc:oracle:thin:@usaslcoamdbr12t.goldbar.barrick.com:1531/oamd Credential with map Oracle-IAM-Security-Store-Diagnostics key Test-Cred stored successfully!

Page 57: OAM Install & Config

Credential for map Oracle-IAM-Security-Store-Diagnostics and key Test-Cred is: GenericCredential

Info: diagnostic credential created in the credential store.

Info: Create operation has completed successfully.

appoam@slcr12devtap1 lib]$ ls -ltr rdbms* -rwxr-x--- 1 appoam oinstall 8310 Apr 18 19:21 rdbms_security_store_db2.sql -rwxr-x--- 1 appoam oinstall 801 Apr 18 19:21 rdbms_security_store_db2_remove.sql -rwxr-x--- 1 appoam oinstall 8302 Apr 18 19:21 rdbms_security_store_derby.sql -rwxr-x--- 1 appoam oinstall 801 Apr 18 19:21 rdbms_security_store_derby_remove.sql -rwxr-x--- 1 appoam oinstall 8508 Apr 18 19:21 rdbms_security_store_oracle.sql -rwxr-x--- 1 appoam oinstall 801 Apr 18 19:21 rdbms_security_store_oracle_remove.sql -rwxr-x--- 1 appoam oinstall 8172 Apr 18 19:21 rdbms_security_store_sqlserver.sql -rwxr-x--- 1 appoam oinstall 801 Apr 18 19:21 rdbms_security_store_sqlserver_remove.sql -rwxr-x--- 1 appoam oinstall 10591 Apr 18 19:21 rdbms_security_store_sybase.sql -rwxr-x--- 1 appoam oinstall 801 Apr 18 19:21 rdbms_security_store_sybase_remove.sql [appoam@slcr12devtap1 lib]$ scp -r rdbms_security_store_oracle.sql oraOAMD@usaslcomadbr12t:/home/oraOAMD ssh: Could not resolve hostname usaslcomadbr12t: Name or service not known lost connection [appoam@slcr12devtap1 lib]$ scp -r rdbms_security_store_oracle.sql oraOAMD@usaslcoamdbr12t:/home/oraOAMD The authenticity of host 'usaslcoamdbr12t (10.13.80.176)' can't be established. RSA key fingerprint is 9c:e2:b5:d5:f3:69:58:53:0c:d6:7a:6c:1c:bb:74:90. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'usaslcoamdbr12t,10.13.80.176' (RSA) to the list of known hosts. oraOAMD@usaslcoamdbr12t's password: rdbms_security_store_oracle.sql 100% 8508 8.3KB/s 00:00 [appoam@slcr12devtap1 lib]$ pwd /apps/Middleware/MW_HOME/OAM/wlserver_10.3/server/lib -rwxr-x--- 1 oraOAMD dba 8508 Apr 19 10:09 rdbms_security_store_oracle.sql [oraOAMD@usaslcoamdbr12t ~]$ sqlplus dev_opss SQL*Plus: Release 11.2.0.4.0 Production on Sat Apr 19 10:09:54 2014 Copyright (c) 1982, 2013, Oracle. All rights reserved.

Page 58: OAM Install & Config

Enter password: Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> @rdbms_security_store_oracle.sql; Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created.

Page 59: OAM Install & Config

Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. Table created. 1 row created. Commit complete. SQL> exit

Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit

Production

With the Partitioning, OLAP,

OAM patches:

18138998 --- Oracle Identity Management Suite BP patch of 11.1.2.1.3

17496113: WARNING: COULD NOT OBTAIN LOCK ON POLLTRACKING.LCK

Page 60: OAM Install & Config

Start OAM services

/apps/Middleware/MW_HOME/OAM/oracle_common/common/bin/setNMProps.sh

~/bin/start_node_manager.sh

/apps/Middleware/MW_HOME/OAM/user_projects/domains/OAMdomain/bin/startWebLogic.

sh

/apps/Middleware/MW_HOME/OAM/user_projects/domains/OAMdomain/bin/startManaged

WebLogic.sh oam_server1

Installing Oracle HTTP Server

[appoam@slcr12devtap1 common]$ cd /mnt/shared/software_dump/HTTP_WEB_SERVER/ [appoam@slcr12devtap1 HTTP_WEB_SERVER]$ ls -ltr total 1760516 drwxr-xr-x 6 appoam oinstall 4096 Mar 2 2013 Disk1 drwxrwxr-x 3 appoam oinstall 4096 Mar 2 2013 Disk2 drwxrwxr-x 3 appoam oinstall 4096 Mar 2 2013 Disk3 -rw-r--r-- 1 appoam oinstall 22806 Mar 12 2013 readme.html -rw-r--r-- 1 appoam oinstall 1802723467 Apr 17 16:47 V37384-01.zip [appoam@slcr12devtap1 HTTP_WEB_SERVER]$ cd Disk1 [appoam@slcr12devtap1 Disk1]$ ls -ltr total 36 -rwxrwxr-x 1 appoam oinstall 16532 Oct 25 2012 runInstaller drwxrwxr-x 3 appoam oinstall 4096 Mar 2 2013 plugins drwxrwxr-x 6 appoam oinstall 4096 Mar 2 2013 doc drwxr-xr-x 12 appoam oinstall 4096 Mar 2 2013 stage drwxrwxr-x 3 appoam oinstall 4096 Mar 2 2013 install [appoam@slcr12devtap1 Disk1]$ ./runInstaller

Starting Oracle Universal Installer...

Checking Temp space: must be greater than 400 MB. Actual 8339 MB Passed

Checking swap space: must be greater than 500 MB. Actual 7553 MB Passed

Checking monitor: must be configured to display at least 256 colors. Actual 16777216

Passed

Page 61: OAM Install & Config

Preparing to launch Oracle Universal Installer from /tmp/OraInstall2014-04-28_04-51-50PM.

Please wait ...[appoam@slcr12devtap1 Disk1]$ Log: /apps/oraInventory/logs/install2014-04-

28_04-51-50PM.log

Page 62: OAM Install & Config
Page 63: OAM Install & Config
Page 64: OAM Install & Config
Page 65: OAM Install & Config
Page 66: OAM Install & Config
Page 67: OAM Install & Config
Page 68: OAM Install & Config
Page 69: OAM Install & Config
Page 70: OAM Install & Config
Page 71: OAM Install & Config
Page 72: OAM Install & Config

Completed installation of oracle HTTP server

Installing oracle webgate

[appoam@slcr12devtap1 Disk1]$ ls -ltr total 100 -rwxrwxr-x 1 appoam oinstall 73728 Sep 15 2011 setup.exe -rwxrwxr-x 1 appoam oinstall 16454 Sep 19 2011 runInstaller drwxrwxr-x 12 appoam oinstall 4096 Apr 18 2013 install drwxr-xr-x 13 appoam oinstall 4096 Apr 18 2013 stage [appoam@slcr12devtap1 Disk1]$ ./runInstaller Starting Oracle Universal Installer... Checking if CPU speed is above 300 MHz. Actual 2294 MHz Passed Checking Temp space: must be greater than 150 MB. Actual 8345 MB Passed Checking swap space: must be greater than 512 MB. Actual 7537 MB Passed

Page 73: OAM Install & Config

Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed Preparing to launch Oracle Universal Installer from /tmp/OraInstall2014-04-28_05-15-54PM. Please wait ... Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :^C [appoam@slcr12devtap1 Disk1]$ echo $JAVA_HOME /apps/jrockit-jdk1.6.0_51 [appoam@slcr12devtap1 Disk1]$ ./runInstaller Starting Oracle Universal Installer... Checking if CPU speed is above 300 MHz. Actual 2294 MHz Passed Checking Temp space: must be greater than 150 MB. Actual 8345 MB Passed Checking swap space: must be greater than 512 MB. Actual 7537 MB Passed Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed Preparing to launch Oracle Universal Installer from /tmp/OraInstall2014-04-28_05-16-11PM. Please wait ... Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :/apps/jrockit-jdk1.6.0_51 [appoam@slcr12devtap1 Disk1]$ [WARN ][jrockit] MaxPermSize=512m ignored: Not a valid option for JRockit Log: /apps/oraInventory/logs/install2014-04-28_05-16-11PM.log

Page 74: OAM Install & Config
Page 75: OAM Install & Config
Page 76: OAM Install & Config
Page 77: OAM Install & Config
Page 78: OAM Install & Config
Page 79: OAM Install & Config

Completed installation of wegate

==============================================================================

=======

Install and Configure WebGate on the WebTier

[appoam@slcr12devtap1 deployWebGate]$ pwd /apps/Middleware/MW_HOME/OAM/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate [appoam@slcr12devtap1 deployWebGate]$ echo $MW_HOME [appoam@slcr12devtap1 deployWebGate]$ pwd /apps/Middleware/MW_HOME/OAM/Oracle_OAMWebGate1/webgate/ohs/tools/deployWebGate [appoam@slcr12devtap1 deployWebGate]$ export MW_HOME=/apps/Middleware/MW_HOME/OAM

Page 80: OAM Install & Config

[appoam@slcr12devtap1 deployWebGate]$ ./deployWebGateInstance.sh -w $MW_HOME/Oracle_WT1/instances/instance1/config/OHS/ohs1 -oh $MW_HOME/Oracle_OAMWebGate1 Copying files from WebGate Oracle Home to WebGate Instancedir [appoam@slcr12devtap1 Oracle_OAMWebGate1]$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/apps/Middleware/MW_HOME/OAM/Oracle_WT1/lib [appoam@slcr12devtap1 Oracle_OAMWebGate1]$ cd /apps/Middleware/MW_HOME/OAM/Oracle_OAMWebGate1/webgate/ohs/tools/setup/InstallTools [appoam@slcr12devtap1 InstallTools]$ [appoam@slcr12devtap1 InstallTools]$ ./EditHttpConf -w $MW_HOME/Oracle_WT1/instances/instance1/config/OHS/ohs1 -oh $MW_HOME/Oracle_OAMWebGate1 The web server configuration file was successfully updated /apps/Middleware/MW_HOME/OAM/Oracle_WT1/instances/instance1/config/OHS/ohs1/httpd.conf has been backed up as /apps/Middleware/MW_HOME/OAM/Oracle_WT1/instances/instance1/config/OHS/ohs1/httpd.conf.ORIG [appoam@slcr12devtap1 InstallTools]$ Setting Up the RREG Tool To set up the RREG tool, complete the following steps: On UNIX After installing and configuring Oracle Access Manager, go to the following directory: Oracle_IDM2/oam/server/rreg/client Untar the RREG.tar.gz file. Example: gunzip RREG.tar.gz tar -xvf RREG.tar

/apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/rreg/client

[appoam@slcr12devtap1 client]$ ls -ltr

Page 81: OAM Install & Config

total 26272

-rw-r----- 1 appoam oinstall 9512960 Mar 17 2013 RREG.tar

-rw-r----- 1 appoam oinstall 8935304 Mar 17 2013 rreg-toolkit.jar

-rw-r----- 1 appoam oinstall 8446505 Apr 29 16:55 RREG.tar.gz_bkp

[appoam@slcr12devtap1 client]$ tar -xvf RREG.tar

rreg/

rreg/lib/

rreg/lib/rreg.jar

rreg/lib/identitystore.jar

rreg/lib/jps-common.jar

rreg/lib/utilities.jar

rreg/lib/jps-api.jar

rreg/lib/osdt_core.jar

rreg/lib/jps-ee.jar

rreg/lib/osdt_xmlsec.jar

rreg/lib/ojmisc.jar

rreg/lib/RequestResponse.jar

rreg/lib/commons-httpclient-3.1.jar

rreg/lib/osdt_cert.jar

rreg/lib/jps-unsupported-api.jar

rreg/lib/commons-codec-1.3.jar

rreg/lib/oraclepki.jar

rreg/lib/commons-logging-1.1.1.jar

rreg/lib/jps-internal.jar

Page 82: OAM Install & Config

rreg/lib/nap-api.jar

rreg/bin/

rreg/bin/oamreg.sh

rreg/bin/oamreg.bat

rreg/config/

rreg/config/RequestResponseXMLSchema.xsd

rreg/input/

rreg/input/OAMRequest_short.xml

rreg/input/OSSORequest.xml

rreg/input/OpenSSORequest_short.xml

rreg/input/OSSOUpdateAgentRequest.xml

rreg/input/OAM11GRequest.xml

rreg/input/OAM11GRequest_short.xml

rreg/input/CreatePolicyRequest.xml

rreg/input/OpenSSOUpdateAgentRequest.xml

rreg/input/OAMUpdateAgentRequest.xml

rreg/input/OpenSSORequest.xml

rreg/input/OAM11GUpdateAgentRequest.xml

rreg/input/UpdatePolicyRequest.xml

rreg/input/OAMRequest.xml

rreg/output/

rreg/logs/

rreg/tester/

rreg/tester/oamtest.jar

Page 83: OAM Install & Config

rreg/tester/nap-api.jar

rreg/truststore/

rreg/truststore/rregcerts.jks

rreg/templates/

rreg/templates/opensso/

rreg/templates/opensso/webagents/

rreg/templates/opensso/webagents/OpenSSOAgentConfiguration.template

rreg/templates/opensso/webagents/OpenSSOAgentBootstrap.template

rreg/templates/opensso/j2eeagents/

rreg/templates/opensso/j2eeagents/OpenSSOAgentBootstrap.template

rreg/templates/opensso/j2eeagents/OpenSSOAgentConfiguration.template

Now go to /apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/rreg/input

[appoam@slcr12devtap1 client]$ ls -ltr

total 26276

drwxr-xr-x 11 appoam oinstall 4096 Mar 17 2013 rreg

-rw-r----- 1 appoam oinstall 9512960 Mar 17 2013 RREG.tar

-rw-r----- 1 appoam oinstall 8935304 Mar 17 2013 rreg-toolkit.jar

-rw-r----- 1 appoam oinstall 8446505 Apr 29 16:55 RREG.tar.gz_bkp

Create EBS_OAM11gRequest_short.xml

appoam@slcr12devtap1 input]$ vi EBS_OAM11gRequest_short.xml [appoam@slcr12devtap1 input]$ pwd /apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/rreg/input

<OAM11GRegRequest> <serverAddress>http://usaslcoamr12t.goldbar.barrick.com:7001</serverAddress> <hostIdentifier>usaslcoamr12t.goldbar.barrick.com</hostIdentifier> <agentName>usaslcoamr12t.goldbar.barrick.com</agentName>

Page 84: OAM Install & Config

<agentBaseUrl>http://usaslcoamr12t.goldbar.barrick.com:7777</agentBaseUrl> <logOutUrls><url>/logout</url></logOutUrls> </OAM11GRegRequest>

[appoam@slcr12devtap1 input]$ pwd

/apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/rreg/input

Create ebs.oam.conf file

[appoam@slcr12devtap1 input]$ vi ebs.oam.conf [appoam@slcr12devtap1 input]$

############################################################################### # Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. # # This is a configuration file, to be used with the OAM Config Tool, for # configuring policies in OAM in order to facilitate Single Sign On. # # Protected URIs:- # A Protected URI (resource) implies that an user must be authenticated # before he could access that resource. Upon accessing a protected uri, the # user would be redirected to the OAM login page for authentication. # Subsequently, upon successful authentication, he would be redirected to the # original requested resource. # # Public URIs:- # A Public URI (resource), on the contrary, implies that a user be allowed # access to that resource without authentication. # # This file essentially contains a list of protected and public URIs belonging # to an Application. # # Please refer to the documentation of OAM Config Tool for anything related to # the OAM Config tool's usage and the documentation of OAM for anything # related to OAM in general. # ########################## # File format description ########################## # 1. Any line beginning with '#' is considered a comment and would be ignored

Page 85: OAM Install & Config

# 2. Likewise any empty line or any line beginning with ' ' (space) would be # ignored # 3. All the Protected URIs must be listed followed by the key-word: # "protected_uris". # 4. All the Public URIs must be listed followed by the key-word: "public_uris" # # Note that Public URIs are optional. But you need to have at least one # Protected URI listed # # ######################## #Product Name: E-Business Suite ######################## ########################### protected_uris ########################### /ebsauth_devt12 /index.html ########################### public_uris ########################### /ebsauth_devt12/style/ /ebsauth_devt12/ssologin /ebsauth_devt12/ssologout.do /ebsauth_devt12/ssologout_callback /public/oacleanup.html /public/index.html export JAVA_HOME=/apps/jrockit-jdk1.6.0_51 export OAM_REG_HOME=/apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/rreg/bin ./bin/oamreg.sh inband input/EBS_OAM11g_DEVT12.xml Enter admin password: Do you want to enter a Webgate password?(y/n): n Do you want to import an URIs file?(y/n):

Page 86: OAM Install & Config

y Please enter URIs filename (full path) (ex: /config/fa.oam.conf) : /apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/rreg/config/ebs_oam_dev12.conf Apr 29, 2014 6:00:23 PM oracle.security.am.engines.rreg.client.util.RegClientUtil getURIsFilename INFO: Filename accepted. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler readProtAndPubUrisFromFileAndSet INFO: Success: URI:[/ebsauth_devt12*] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler readProtAndPubUrisFromFileAndSet INFO: Success: URI:[/ebsauth_devt12/**] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler readProtAndPubUrisFromFileAndSet INFO: Success: URI:[/index.html] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler readProtAndPubUrisFromFileAndSet INFO: Success: URI:[/index.html/**] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/ebsauth_devt12/style/*] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/ebsauth_devt12/style/**] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/ebsauth_devt12/ssologin*] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/ebsauth_devt12/ssologin/**] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/ebsauth_devt12/ssologout.do] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/ebsauth_devt12/ssologout.do/**] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/ebsauth_devt12/ssologout_callback*] is added. Apr 29, 2014 6:00:24 PM

Page 87: OAM Install & Config

oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/ebsauth_devt12/ssologout_callback/**] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/public/oacleanup.html] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/public/oacleanup.html/**] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/public/index.html] is added. Apr 29, 2014 6:00:24 PM oracle.security.am.engines.rreg.client.util.RegClientFusionCfgURIsFileHandler setUriInPolicy INFO: Success: URI:[/public/index.html/**] is added. ---------------------------------------- Request summary: OAM11G Agent Name:usaslcoamr12t.goldbar.barrick.com Base URL:http://usaslcoamr12t.goldbar.barrick.com:7777 URL String:usaslcoamr12t.goldbar.barrick.com Registering in Mode:inband Your registration request is being sent to the Admin server at: http://usaslcoamr12t.goldbar.barrick.com:7003 ---------------------------------------- Apr 29, 2014 6:04:04 PM oracle.security.jps.util.JpsUtil disableAudit INFO: JpsUtil: isAuditDisabled set to true Inband registration process completed successfully! Output artifacts are created in the output folder. rw------- 1 appoam oinstall 3181 Apr 29 18:04 cwallet.sso -rw-r--r-- 1 appoam oinstall 2963 Apr 29 18:04 ObAccessClient.xml Copy above files to below directory Copy the generated registration artifacts to your WebTier [appoam@slcr12devtap1 usaslcoamr12t.goldbar.barrick.com]$ cp * /apps/Middleware/MW_HOME/OAM/Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config [appoam@slcr12devtap1 usaslcoamr12t.goldbar.barrick.com]$ pwd /apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/rreg/output/usaslcoamr12t.goldbar.barrick.com [appoam@slcr12devtap1 usaslcoamr12t.goldbar.barrick.com]$

Page 88: OAM Install & Config

Start WebTier appoam@slcr12devtap1 bin]$ ls -ltr total 48 -rwx------ 1 appoam oinstall 46053 Apr 28 17:10 opmnctl [appoam@slcr12devtap1 bin]$ ./opmnctl startall opmnctl startall: starting opmn and all managed processes... [appoam@slcr12devtap1 bin]$ ./opmnctl status -l Processes in Instance: instance1 ---------------------------------+--------------------+---------+----------+------------+----------+-----------+------ ias-component | process-type | pid | status | uid | memused | uptime | ports ---------------------------------+--------------------+---------+----------+------------+----------+-----------+------ ohs1 | OHS | 5411 | Alive | 1609438392 | 1369016 | 25:02:18 | https:9999,https:4443,http:7777 [appoam@slcr12devtap1 bin]$ Verify registration using OAM Console http://usaslcoamr12t.goldbar.barrick.com:7003/oamconsole Logon to the OAM Console http://<host>.<domain>:<adminport>/oamconsole Verify that the following artifacts are visible now in the OAM Console. System Configuration tab > Access Manager section > SSO Agents node > OAM Agents (double click) > Search for {Identifier for your WebGate} Policy Configuration tab > Browse tab > Shared Components node > Host Identifiers node > Search for {Identifier for your WebGate} Policy Configuration tab > Browse tab > Application Domains node > Search for {Identifier for your WebGate} Test your WebGate apps/Middleware/MW_HOME/OAM/Oracle_WT1/instances/instance1/config/OHS/ohs1/htdocs/public [appoam@slcr12devtap1 public]$ cd .. [appoam@slcr12devtap1 htdocs]$ ls -ltr total 108 -rw------- 1 appoam oinstall 2585 Apr 28 17:10 index.html.hu -rw------- 1 appoam oinstall 726 Apr 28 17:10 README.rus

Page 89: OAM Install & Config

-rw------- 1 appoam oinstall 2326 Apr 28 17:10 apache_pb.gif -rw------- 1 appoam oinstall 81 Apr 28 17:10 index.html -rw------- 1 appoam oinstall 1062 Apr 28 17:10 index.html.zh-tw.big5 drwx------ 2 appoam oinstall 4096 Apr 28 17:10 error_docs drwx------ 2 appoam oinstall 4096 Apr 28 17:10 images drwx------ 2 appoam oinstall 4096 Apr 28 17:10 css drwx------ 2 appoam oinstall 4096 Apr 28 17:10 JSLibrary drwx------ 9 appoam oinstall 4096 Apr 28 17:10 welcome_images -rw------- 1 appoam oinstall 11028 Apr 28 17:10 welcome-index.html -rw------- 1 appoam oinstall 6348 Apr 28 17:10 welcome_as.html -rw------- 1 appoam oinstall 4155 Apr 28 17:10 welcome_em.html -rw------- 1 appoam oinstall 3736 Apr 28 17:10 welcome_classic.html -rw------- 1 appoam oinstall 5635 Apr 28 17:10 welcome_soa.html -rw------- 1 appoam oinstall 5231 Apr 28 17:10 welcome_idm.html -rw------- 1 appoam oinstall 7584 Apr 28 17:10 welcome_grid.html -rw------- 1 appoam oinstall 5787 Apr 28 17:10 welcome_webcenter.html drwxrwxrwx 2 appoam oinstall 4096 Apr 29 19:02 public [appoam@slcr12devtap1 htdocs]$ cp index.html /apps/Middleware/MW_HOME/OAM/Oracle_WT1/instances/instance1/config/OHS/ohs1/htdocs/public [appoam@slcr12devtap1 htdocs]$ Access a Public Resource http://usaslcoagr12t.goldbar.barrick.com:7777/public/index.html Access a Protected Resource http://usaslcoagr12t.goldbar.barrick.com:7777/index.html Configure Identity Store export MW_HOME=/apps/Middleware/MW_HOME/OAM export ORACLE_HOME=/apps/Middleware/MW_HOME/OAM/Oracle_OAM export JAVA_HOME=/apps/jrockit-jdk1.6.0_51/bin export IDM_ORACLE_HOME=/apps/Middleware/MW_HOME/OAM/Oracle_OAM [appoam@slcr12devtap1 OAM]$ cd $ORACLE_HOME [appoam@slcr12devtap1 Oracle_OAM]$ cd idmtools/ [appoam@slcr12devtap1 idmtools]$ cd bin [appoam@slcr12devtap1 bin]$ vi extend.props [appoam@slcr12devtap1 bin]$ ./idmConfigTool.sh -preConfigIDStore input_file=extend.props IDSTORE_HOST : usaslcoamr12t.goldbar.barrick.com IDSTORE_PORT : 3060 IDSTORE_BINDDN : cn=orcladmin IDSTORE_USERNAMEATTRIBUTE: cn

Page 90: OAM Install & Config

IDSTORE_LOGINATTRIBUTE: uid IDSTORE_USERSEARCHBASE:cn=Users,dc=goldbar,dc=barrick,dc=com IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=goldbar,dc=barrick,dc=com IDSTORE_SEARCHBASE: dc=goldbar,dc=barrick,dc=com IDSTORE_SYSTEMIDBASE: cn=systemids,dc=goldbar,dc=barrick,dc=com Enter ID Store Bind DN password : Apr 29, 2014 7:33:33 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/idm_idstore_groups_template.ldif Apr 29, 2014 7:33:35 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/idm_idstore_groups_acl_template.ldif Apr 29, 2014 7:33:37 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/systemid_pwdpolicy.ldif Apr 29, 2014 7:33:37 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/idstore_tuning.ldif Apr 29, 2014 7:33:37 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/oid_schema_extn.ldif Apr 29, 2014 7:33:42 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/oim-intg/ldif/oid/schema/OID_oblix_pwd_schema_add.ldif Apr 29, 2014 7:33:43 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/oim-intg/ldif/oid/schema/OID_oim_pwd_schema_add.ldif Apr 29, 2014 7:33:48 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/oim-intg/ldif/oid/schema/OID_oblix_schema_add.ldif Apr 29, 2014 7:34:32 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/oim-intg/ldif/oid/schema/OID_oblix_schema_index_add.ldif Apr 29, 2014 7:45:34 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/fa_pwdpolicy.ldif The tool has completed its operation. Details have been logged to automation.log

Page 91: OAM Install & Config

Create Users and Groups in LDAP [appoam@slcr12devtap1 bin]$ vi oam.props [appoam@slcr12devtap1 bin]$ ./idmConfigTool.sh -prepareIDStore mode=OAM input_file=oam.props Enter ID Store Bind DN password : *** Creation of Oblix Anonymous User *** Apr 29, 2014 7:49:29 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/oam_10g_anonymous_user_template.ldif Enter User Password for oblixanonymous: Confirm User Password for oblixanonymous: *** Creation of oamadmin *** Apr 29, 2014 7:49:43 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/oam_user_template.ldif Enter User Password for oamadmin: Confirm User Password for oamadmin: *** Creation of oamLDAP *** Apr 29, 2014 7:49:54 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/oim_user_template.ldif Enter User Password for oamLDAP: Confirm User Password for oamLDAP: Apr 29, 2014 7:50:04 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/common/oam_user_group_read_acl_template.ldif Apr 29, 2014 7:50:04 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/oim_group_template.ldif Apr 29, 2014 7:50:04 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/common/oam_group_member_template.ldif Apr 29, 2014 7:50:04 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/common/oam_group_member_template.ldif

Page 92: OAM Install & Config

Apr 29, 2014 7:50:04 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/oam_user_write_acl.ldif Apr 29, 2014 7:50:05 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/oam_config_acl.ldif Apr 29, 2014 7:50:05 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/oid_schemaadmin.ldif Apr 29, 2014 7:50:05 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/fa_add_pwdpolicy.ldif Apr 29, 2014 7:50:05 PM oracle.ldap.util.LDIFLoader loadOneLdifFile INFO: -> LOADING: /apps/Middleware/MW_HOME/OAM/Oracle_OAM/idmtools/templates/oid/fa_add_pwdpolicy.ldif The tool has completed its operation. Details have been logged to automation.log IDSTORE_HOST : usaslcoamr12t.goldbar.barrick.com IDSTORE_PORT : 3060 IDSTORE_BINDDN : cn=orcladmin IDSTORE_USERNAMEATTRIBUTE: cn IDSTORE_LOGINATTRIBUTE: uid IDSTORE_USERSEARCHBASE: cn=Users,dc=goldbar,dc=barrick,dc=com IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=goldbar,dc=barrick,dc=com IDSTORE_SEARCHBASE: dc=goldbar,dc=barrick,dc=com POLICYSTORE_SHARES_IDSTORE: true OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators IDSTORE_OAMSOFTWAREUSER:oamLDAP IDSTORE_OAMADMINUSER:oamadmin IDSTORE_SYSTEMIDBASE:cn=systemids,dc=goldbar,dc=barrick,dc=com

Page 93: OAM Install & Config

Create a User Identity Store

Page 94: OAM Install & Config

Set LDAP to System and Default Store

Page 95: OAM Install & Config

Verify Login as OID User At this point, test your WebGate again. Refer to section Test your WebGate. Access the protected test page from your browser: http://usaslcoagr12t.goldbar.barrick.com:7777/index.html Login as oamadmin user Configure Response Headers Add Response Headers to the Authentication Policies In the OAM Console, navigate to Policy Configuration tab > Browse tab > Application Domains

node > Search for {Identifier for your WebGate} usaslcoagr12t > Authentication Policies >

Protected Resource Policy.

Page 96: OAM Install & Config

Double-click the node Protected Resource Policy.

In the Authentication Policy configuration window, click on the Responses tab. Use the "+" icon

and add the following two rows.

Name Type Value

USER_NAME Header $user.userid

USER_ORCLGUID Header $user.attr.orclguid

Leave the Identity Assertion checkbox unchecked.

Click Apply to save your changes.

Add Response Headers to the Authorization Policies In the OAM Console, navigate to Policy Configuration tab > Browse tab > Application Domains

node > Search for {Identifier for your WebGate} usaslcoagr12t> Authorization Policies node >

Protected Resource Policy.

Double-click the node Protected Resource Policy.

In the Authorization Policy configuration window, click on the Responses tab. Use the "+" icon

and add the following two rows.

Name Type Value

USER_NAME Header $user.userid

USER_ORCLGUID Header $user.attr.orclguid

Click Apply to save your changes.

Page 97: OAM Install & Config
Page 98: OAM Install & Config

OAMADMIN Relogin issue: In OAM console under security relam create OID Authenticator And change order as like below. Make sure Control Flag: set to Sufficient.

Page 99: OAM Install & Config

Test Response Headers [appoam@usaslcoamr12t htdocs]$ ls -ltr [appoam@usaslcoamr12t htdocs]$ pwd /apps/Middleware/MW_HOME/OAM/Oracle_WT1/instances/instance1/config/OHS/ohs1/htdocs [appoam@usaslcoamr12t htdocs]$ ln -s ../cgi-bin cgi-bin [appoam@usaslcoamr12t htdocs]$ chmod 755 cgi-bin/printenv Logon to the OAM Console

In the OAM Console, navigate to Policy Configuration tab > Application Domains node > Search for {Identifier for your WebGate} > Resources node.

Page 100: OAM Install & Config

Double-click the node Resources. Click the "New Resource" button at the upper right hand side of the window. Enter the following information in the Create Resource region, and click Apply: •Type = HTTP •Description = Test Response Headers •Host Identifier = {Identifier for your WebGate} •Resource URL= /cgi-bin/printenv •Protection Level = Protected •Authentication Policy = Protected Resource Policy •Authorization Policy = Protected Resource Policy Access the protected printenv script from your browser. For example: http://usaslcoagr12t.goldbar.barrick.com:7777/cgi-bin/printenv Configure OAM to support long URLs Long URLs may exceed a cookie limit on your Internet browser. Configure Oracle Access Manager to support long URLs by changing the serverRequestCacheType from COOKIE to FORM in Oracle Access Manager configuration file $DOMAIN_HOME/config/fmwconfig/oam-config.xml: [appoam@usaslcoamr12t fmwconfig]$ cp -r oam-config.xml oam-config.xml_05042014 [appoam@usaslcoamr12t fmwconfig]$ vi oam-config.xml [appoam@usaslcoamr12t fmwconfig]$ pwd /apps/Middleware/MW_HOME/OAM/user_projects/domains/OAMDomain/config/fmwconfig [appoam@usaslcoamr12t fmwconfig]$ Change <Setting Name="serverRequestCacheType" Type="xsd:string">COOKIE</Setting> to <Setting Name="serverRequestCacheType" Type="xsd:string">FORM</Setting> Session Timeout parameter: Check Ebiz session timeout parameter and match with same values.

Page 101: OAM Install & Config

Configure Oracle Access Manager Whitelist [appoam@usaslcoamr12t bin]$ ./wlst.sh CLASSPATH=/apps/Middleware/MW_HOME/OAM/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/apps/Middleware/MW_HOME/OAM/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/apps/jrockit-jdk1.6.0_51/lib/tools.jar:/apps/Middleware/MW_HOME/OAM/wlserver_10.3/server/lib/weblogic_sp.jar:/apps/Middleware/MW_HOME/OAM/wlserver_10.3/server/lib/weblogic.jar:/apps/Middleware/MW_HOME/OAM/modules/features/weblogic.server.modules_10.3.6.0.jar:/apps/Middleware/MW_HOME/OAM/wlserver_10.3/server/lib/webservices.jar:/apps/Middleware/MW_HOME/OAM/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/apps/Middleware/MW_HOME/OAM/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/lib/wlst/configupgrade.jar:/apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/lib/wlst/oam-wlst.jar:/apps/Middleware/MW_HOME/OAM/Oracle_OAM/oam/server/lib/wlst/sts-wlst.jar:/apps/Middleware/MW_HOME/OAM/utils/config/10.3/config-launch.jar:/apps/Middleware/MW_HOME/OAM/Oracle_OAM/common/wlst/resources/oes-common.jar:/apps/Middleware/MW_HOME/OAM/Oracle_OAM/common/wlst/resources/oic-wlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/lib/adfscripting.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/lib/mdswlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/auditwlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/igfwlsthelp.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/jps-wlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/jps-wls-

Page 102: OAM Install & Config

trustprovider.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/jrf-wlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/oamap_help.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/ossoiap_help.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/ossoiap.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/sslconfigwlst.jar:/apps/Middleware/MW_HOME/OAM/oracle_common/common/wlst/resources/wsm-wlst.jar:/apps/Middleware/MW_HOME/OAM/utils/config/10.3/config-launch.jar::/apps/Middleware/MW_HOME/OAM/wlserver_10.3/common/derby/lib/derbynet.jar:/apps/Middleware/MW_HOME/OAM/wlserver_10.3/common/derby/lib/derbyclient.jar:/apps/Middleware/MW_HOME/OAM/wlserver_10.3/common/derby/lib/derbytools.jar:: Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands wls:/offline> connect() Please enter your username :weblogic Please enter your password : Please enter your server URL [t3://localhost:7001] :t3://usaslcoamr12t.goldbar.barrick.com:7003 Connecting to t3://usaslcoamr12t.goldbar.barrick.com:7003 with userid weblogic ... [ERROR][thread ] Could not start thread Timer-0. Resource temporarily unavailable [ERROR][thread ] Could not start thread weblogic.transaction.TxTimer: '1'. Resource temporarily unavailable Successfully connected to Admin Server 'AdminServer' that belongs to domain 'OAMDomain'. Warning: An insecure protocol was used to connect to the server. To ensure on-the-wire security, the SSL port or Admin port should be used instead. wls:/OAMDomain/serverConfig> domainRuntime() wls:/OAMDomain/domainRuntime> oamSetWhiteListMode(oamWhiteListMode="true") The enableWhitelistValidation is set successfully wls:/OAMDomain/domainRuntime> oamWhiteListURLConfig (Name="EBS",Value="http://slcr12devtap1.goldbar.barrick.com:8080", Operation="Update") The whitelist URL with key EBS has been updated. wls:/OAMDomain/domainRuntime> oamWhiteListURLConfig (Name="OAMCONSOLE",Value="http://usaslcoamr12t.goldbar.barrick.com:7003", Operation="Update")

Page 103: OAM Install & Config

The whitelist URL with key OAMCONSOLE has been updated. Configure Oracle E-Business Suite Create WebLogic Domain and Managed Server for Oracle E-Business Suite AccessGate

Page 104: OAM Install & Config
Page 105: OAM Install & Config
Page 106: OAM Install & Config
Page 107: OAM Install & Config
Page 108: OAM Install & Config
Page 109: OAM Install & Config

Start WebLogic server for Oracle E-Business Suite AccessGate Deploy Oracle E-Business Suite AccessGate /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12 appoam@usaslcoamr12t devt12]$ unzip p18006775_R12_GENERIC.zip creating: sample/ inflating: fndauth.war inflating: fndauth_deployment_plan.tmp inflating: fndext.jar inflating: sample/logging.properties inflating: sample/samplecleanup.html inflating: txkEBSAuth.xml inflating: Readme.txt creating: plan/ [appoam@usaslcoamr12t devt12]$ ls -ltr total 660 drwxr-xr-x 2 appoam oinstall 4096 Apr 16 2013 plan -rw-r--r-- 1 appoam oinstall 30387 Jul 12 2013 txkEBSAuth.xml drwxr-xr-x 2 appoam oinstall 4096 Jul 12 2013 sample

Page 110: OAM Install & Config

-rw-r--r-- 1 appoam oinstall 4246 Jul 12 2013 fndauth_deployment_plan.tmp -rw-r--r-- 1 appoam oinstall 240550 Jul 12 2013 fndext.jar -rw-r--r-- 1 appoam oinstall 378475 Jul 12 2013 fndauth.war -rw-r--r-- 1 appoam oinstall 1610 Jul 12 2013 Readme.txt [appoam@usaslcoamr12t devt12]$ cd sample/ [appoam@usaslcoamr12t sample]$ ls -ltr total 12 -rw-r--r-- 1 appoam oinstall 6536 Jul 12 2013 samplecleanup.html -rw-r--r-- 1 appoam oinstall 1395 Jul 12 2013 logging.properties [appoam@usaslcoamr12t sample]$ cp -r samplecleanup.html /apps/Middleware/MW_HOME/OAM/Oracle_WT1/instances/instance1/config/OHS/ohs1/htdocs/public/oacleanup.html http://usaslcoamr12t.goldbar.barrick.com:7777/public/oacleanup.html [appoam@usaslcoamr12t devt12]$ ls -ltr total 660 drwxr-xr-x 2 appoam oinstall 4096 Apr 16 2013 plan -rw-r--r-- 1 appoam oinstall 30387 Jul 12 2013 txkEBSAuth.xml drwxr-xr-x 2 appoam oinstall 4096 Jul 12 2013 sample -rw-r--r-- 1 appoam oinstall 4246 Jul 12 2013 fndauth_deployment_plan.tmp -rw-r--r-- 1 appoam oinstall 240550 Jul 12 2013 fndext.jar -rw-r--r-- 1 appoam oinstall 378475 Jul 12 2013 fndauth.war -rw-r--r-- 1 appoam oinstall 1610 Jul 12 2013 Readme.txt [appoam@usaslcoamr12t devt12]$ cp -r fndext.jar /apps/Middleware/MW_HOME/OAM/user_projects/domains/EAGDomain/lib/ Generate DBC file In Ebiz: java -Duser.language=en -Duser.region=US oracle.apps.fnd.security.AdminDesktop apps/apps12 CREATE NODE_NAME=usaslcoamr12t IP_ADDRESS=10.13.80.134 DBC=$FND_SECURE/DEVT12.dbc [oraDEVT12@slcr12devtap1 secure]$ java -Duser.language=en -Duser.region=US oracle.apps.fnd.security.AdminDesktop apps/apps12 CREATE NODE_NAME=usaslcoamr12t IP_ADDRESS=10.13.80.134 DBC=$FND_SECURE/DEVT12.dbc Application node exists, using server ID of node. Committing changes CREATE executed successfully - DEVT12_USASLCOAMR12T.dbc

Page 111: OAM Install & Config

Scp Generated file to OAM server at location /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12 Set Up Necessary Oracle E-Business Suite Users ASADMIN is default account we are using here. Set up a necessary Oracle E-Business Suite user with role UMX|APPS Schema Connect. After setting up the user, logon locally to Oracle E-Business Suite as the user with role UMX|Apps Schema Connect. http://<ebshost>.<domain>:<port>/OA_HTML/AppsLocalLogin.jsp If this user has just been created, you will be prompted on logon to Oracle E-Business Suite to reset the password. Reset the password. Verify that you can successfully logon locally with the new password as the user with role UMX|Apps Schema Connect. Create Datasource for Oracle E-Business Suite AccessGate using txkEBSAuth.xml [appoam@usaslcoamr12t devt12]$ ant -f txkEBSAuth.xml createDataSource -DuseDefaults=false -Dwlshosturl=usaslcoamr12t.goldbar.barrick.com:7041 -Dwlsuser=weblogic -Dwlspwd=Passw0rd -DdataSourceName=devt12 -DdataSourceJNDIName=jndi/devt12 -DasadminUser=asadmin -DasadminPassword=0racle1 -DserverName=eag_server1 -DdbcFile=/apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/DEVT12_USASLCOAMR12T.dbc -DforceDataSource=true Buildfile: txkEBSAuth.xml findOS: getServerDetails: [input] skipping input as property wlshosturl has already been set. [input] skipping input as property wlsuser has already been set. getWLSAdminPasswordWindows: getWLSAdminPasswordUnix: echoON: [input] skipping input as property wlspwd has already been set. echoOFF:

Page 112: OAM Install & Config

getDataSourceDetails: [input] skipping input as property dataSourceName has already been set. [input] skipping input as property dataSourceJNDIName has already been set. [input] skipping input as property dbcFile has already been set. [input] skipping input as property asadminUser has already been set. getappsDBDetails: [echo] DBC File is /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/DEVT12_USASLCOAMR12T.dbc [echo] APPS_JDBC_URL is APPS_JDBC_URL=jdbc\:oracle\:thin\:@(DESCRIPTION\=(ADDRESS_LIST\=(LOAD_BALANCE\=YES)(FAILOVER\=YES)(ADDRESS\=(PROTOCOL\=tcp)(HOST\=slcr12devtdb1.goldbar.barrick.com)(PORT\=1601)))(CONNECT_DATA\=(SERVICE_NAME\=DEVT12))) [echo] [echo] Following values are retrieved from DBC File: [echo] SID/SERVICE:DEVT12 [echo] APPS_JDBC_URL:jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(LOAD_BALANCE=YES)(FAILOVER=YES)(ADDRESS=(PROTOCOL=tcp)(HOST=slcr12devtdb1.goldbar.barrick.com)(PORT=1601)))(CONNECT_DATA=(SERVICE_NAME=DEVT12))) getASADMINPasswordWindows: getASADMINPasswordUnix: echoON: [input] skipping input as property asadminPassword has already been set. echoOFF: getTargetServerDetails: [input] skipping input as property serverName has already been set. getDataSourceParameters: checkDBCExists: checkFndextWarExits: createDataSource: [echo] ******************************************************************** [echo] STEP 1: CREATING DATA SOURCE [echo] ********************************************************************

Page 113: OAM Install & Config

[wlst] Connecting to server using username:weblogic url:usaslcoamr12t.goldbar.barrick.com:7041 [wlst] Connecting to t3://usaslcoamr12t.goldbar.barrick.com:7041 with userid weblogic ... [wlst] Successfully connected to Admin Server 'AdminServer' that belongs to domain 'EAGDomain'. [wlst] [wlst] Warning: An insecure protocol was used to connect to the [wlst] server. To ensure on-the-wire security, the SSL port or [wlst] Admin port should be used instead. [wlst] [wlst] Check if data source devt12 already exits [wlst] [wlst] [wlst] Check if JNDI Name jndi/devt12 already exists [wlst] [wlst] Changing to Edit Mode [wlst] Location changed to edit tree. This is a writable tree with [wlst] DomainMBean as the root. To make changes you will need to start [wlst] an edit session via startEdit(). [wlst] [wlst] For more help, use help(edit) [wlst] [wlst] Starting an edit session ... [wlst] Started edit session, please be sure to save and activate your [wlst] changes once you are done. [wlst] [wlst] Creating data source : devt12 [wlst] [wlst] Setting JDBCDataSourceParams for the data source devt12 [wlst] [wlst] Setting JNDI name for the data source devt12 [wlst] [wlst] Setting JDBCDriverParams for the data source devt12 [wlst] [wlst] Setting User and dbcFile properties for the data source devt12 [wlst] [wlst] Setting JDBCConnectionPoolParams for the data source devt12 [wlst] [wlst] Setting GlobalTransactionsProtocol for the data source devt12 [wlst] [wlst] Setting target for the data source devt12 [wlst] [wlst] Saving all your changes ... [wlst] Saved all your changes successfully.

Page 114: OAM Install & Config

[wlst] Activating all your changes, this may take a while ... [wlst] The edit lock associated with this edit session is released [wlst] once the activation is completed. [wlst] Activation completed [wlst] Successfully created data source devt12. [wlst] Disconnected from weblogic server: AdminServer BUILD SUCCESSFUL Total time: 42 seconds [appoam@usaslcoamr12t devt12]$ Deploy Oracle E-Business Suite AccessGate using txkEBSAuth.xml [appoam@usaslcoamr12t devt12]$ ant -f txkEBSAuth.xml deployApplication -DuseDefaults=false -Dwlshosturl=usaslcoamr12t.goldbar.barrick.com:7041 -Dwlsuser=weblogic -Dwlspwd=Passw0rd -DdataSourceName=devt12 -DasadminUser=asadmin -DasadminPassword=0racle1 -DdataSourceJNDIName=jndi/devt12 -DdbcFile=/apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/DEVT12_USASLCOAMR12T.dbc -DserverName=eag_server1 -DdeploymentName=ebsauth_devt12 -DfndauthWarFile=/apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/fndauth.war -DplanPath=/apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/plan/Plan.xml -DSSOServerRelease=11 -DSSOServerURL=http://usaslcoamr12t.goldbar.barrick.com:7777 -DWebgateLogoutURL=http://usaslcoamr12t.goldbar.barrick.com:7777/public/oacleanup.html -DcontextRoot=ebsauth_devt12 -DforceDeployment=true -DOAMLogoutURL=http://usaslcoamr12t.goldbar.barrick.com:7777/oam/server/logoutant -f txkEBSAuth.xml deployApplication -DuseDefaults=false -Dwlshosturl=usaslcoamr12t.goldbar.barrick.com:7041 -Dwlsuser=weblogic -Dwlspwd=Passw0rd -DdataSourceName=devt12 -DasadminUser=asadmin -DasadminPassword=0racle1 -DdataSourceJNDIName=jndi/devt12 -DdbcFile=/apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/DEVT12_USASLCOAMR12T.dbc -DserverName=eag_server1 -DdeploymentName=ebsauth_devt12 -DfndauthWarFile=/apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/fndauth.war -DplanPath=/apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/plan/Plan.xml -DSSOServerRelease=11 -DSSOServerURL=http://usaslcoamr12t.goldbar.barrick.com:7777 -DWebgateLogoutURL=http://usaslcoamr12t.goldbar.barrick.com:7777/public/oacleanup.html -DcontextRoot=ebsauth_devt12 -DforceDeployment=true -DOAMLogoutURL=http://usaslcoamr12t.goldbar.barrick.com:7777/oam/server/logout Buildfile: txkEBSAuth.xml findOS:

Page 115: OAM Install & Config

getServerDetails: [input] skipping input as property wlshosturl has already been set. [input] skipping input as property wlsuser has already been set. getWLSAdminPasswordWindows: getWLSAdminPasswordUnix: echoON: [input] skipping input as property wlspwd has already been set. echoOFF: getTargetServerDetails: [input] skipping input as property serverName has already been set. getDeploymentDetails: [input] skipping input as property deploymentName has already been set. [input] skipping input as property contextRoot has already been set. [input] skipping input as property fndauthWarFile has already been set. [input] skipping input as property planPath has already been set. [input] skipping input as property dbcFile has already been set. [input] skipping input as property dataSourceJNDIName has already been set. getOAMDetails: [input] skipping input as property WebgateLogoutURL has already been set. [input] skipping input as property SSOServerRelease has already been set. [input] skipping input as property SSOServerURL has already been set. getDeploymentParameters: checkWarExists: checkDBCExists: copyDeploymentPlan: [echo] Copying fndauth_deployment_plan.tmp to /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/plan/Plan.xml [copy] Copying 1 file to /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/plan checkPlanDirExists: creatPlandirAndWeblogicXML:

Page 116: OAM Install & Config

[touch] Creating /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/plan/plan/WEB-INF/weblogic.xml checkPlanExists: getAPPServerID: updateDeploymentPlan: [echo] Updating Deployment Plan deployApplication: [echo] ******************************************************************** [echo] STEP 2: DEPLOYING APPLICATION [echo] ******************************************************************** [wlst] Connecting to server using username:weblogic url:usaslcoamr12t.goldbar.barrick.com:7041 [wlst] [wlst] Connecting to t3://usaslcoamr12t.goldbar.barrick.com:7041 with userid weblogic ... [wlst] Successfully connected to Admin Server 'AdminServer' that belongs to domain 'EAGDomain'. [wlst] [wlst] Warning: An insecure protocol was used to connect to the [wlst] server. To ensure on-the-wire security, the SSL port or [wlst] Admin port should be used instead. [wlst] [wlst] [wlst] Check if deployment ebsauth_devt12 already exists. [wlst] [wlst] Location changed to serverRuntime tree. This is a read-only tree with ServerRuntimeMBean as the root. [wlst] For more help, use help(serverRuntime) [wlst] [wlst] [wlst] [wlst] Deploying application to eag_server1 [wlst] [wlst] Changing to Edit Mode [wlst] Location changed to edit tree. This is a writable tree with [wlst] DomainMBean as the root. To make changes you will need to start [wlst] an edit session via startEdit(). [wlst] [wlst] For more help, use help(edit) [wlst]

Page 117: OAM Install & Config

[wlst] Starting an edit session ... [wlst] Started edit session, please be sure to save and activate your [wlst] changes once you are done. [wlst] Deploying application from /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/fndauth.war to targets eag_server1 (upload=false) ... [wlst] <May 4, 2014 4:02:08 PM MDT> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating deploy operation for application, ebsauth_devt12 [archive: /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/fndauth.war], to eag_server1 .> [wlst] You have an edit session in progress, hence WLST will not [wlst] block for your deployment to complete. [wlst] Started the Deployment of Application. Please refer to the returned WLSTProgress object or variable LAST to track the status. [wlst] [wlst] Successfully deployed fndauth.war application. [wlst] [wlst] Saving all your changes ... [wlst] Saved all your changes successfully. [wlst] Activating all your changes, this may take a while ... [wlst] The edit lock associated with this edit session is released [wlst] once the activation is completed. [wlst] Activation completed [wlst] Disconnected from weblogic server: AdminServer [wlst] <May 4, 2014 4:02:17 PM MDT> <Warning> <JNDI> <BEA-050001> <WLContext.close() was called in a different thread than the one in which it was created.> findOS: getServerDetails: [input] skipping input as property wlshosturl has already been set. [input] skipping input as property wlsuser has already been set. getWLSAdminPasswordWindows: getWLSAdminPasswordUnix: echoON: [input] skipping input as property wlspwd has already been set. echoOFF: getTargetServerDetails: [input] skipping input as property serverName has already been set.

Page 118: OAM Install & Config

getDeploymentDetails: [input] skipping input as property deploymentName has already been set. [input] skipping input as property contextRoot has already been set. [input] skipping input as property fndauthWarFile has already been set. [input] skipping input as property planPath has already been set. [input] skipping input as property dbcFile has already been set. [input] skipping input as property dataSourceJNDIName has already been set. getOAMDetails: [input] skipping input as property WebgateLogoutURL has already been set. [input] skipping input as property SSOServerRelease has already been set. [input] skipping input as property SSOServerURL has already been set. getDeploymentParameters: checkWarExists: checkDBCExists: copyDeploymentPlan: [echo] Copying fndauth_deployment_plan.tmp to /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/plan/Plan.xml [copy] Copying 1 file to /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/plan checkPlanDirExists: creatPlandirAndWeblogicXML: checkPlanExists: getAPPServerID: updateDeploymentPlan: [echo] Updating Deployment Plan deployApplication: [echo] ******************************************************************** [echo] STEP 2: DEPLOYING APPLICATION [echo] ******************************************************************** [wlst] Connecting to server using username:weblogic url:usaslcoamr12t.goldbar.barrick.com:7041 [wlst]

Page 119: OAM Install & Config

[wlst] Connecting to t3://usaslcoamr12t.goldbar.barrick.com:7041 with userid weblogic ... [wlst] Successfully connected to Admin Server 'AdminServer' that belongs to domain 'EAGDomain'. [wlst] [wlst] Warning: An insecure protocol was used to connect to the [wlst] server. To ensure on-the-wire security, the SSL port or [wlst] Admin port should be used instead. [wlst] [wlst] [wlst] Check if deployment ebsauth_devt12 already exists. [wlst] [wlst] ************************************************************************ [wlst] WARNING: Application with name ebsauth_devt12 already exists. [wlst] ************************************************************************ [wlst] Location changed to serverRuntime tree. This is a read-only tree with ServerRuntimeMBean as the root. [wlst] For more help, use help(serverRuntime) [wlst] [wlst] [wlst] [wlst] Deploying application to eag_server1 [wlst] [wlst] Changing to Edit Mode [wlst] Location changed to edit tree. This is a writable tree with [wlst] DomainMBean as the root. To make changes you will need to start [wlst] an edit session via startEdit(). [wlst] [wlst] For more help, use help(edit) [wlst] [wlst] Starting an edit session ... [wlst] Started edit session, please be sure to save and activate your [wlst] changes once you are done. [wlst] Deploying application from /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/fndauth.war to targets eag_server1 (upload=false) ... [wlst] <May 4, 2014 4:02:39 PM MDT> <Info> <J2EE Deployment SPI> <BEA-260121> <Initiating deploy operation for application, ebsauth_devt12 [archive: /apps/Middleware/MW_HOME/OAM/appsutil/accessgate/devt12/fndauth.war], to eag_server1 .> [wlst] You have an edit session in progress, hence WLST will not [wlst] block for your deployment to complete.

Page 120: OAM Install & Config

[wlst] Started the Deployment of Application. Please refer to the returned WLSTProgress object or variable LAST to track the status. [wlst] [wlst] Successfully deployed fndauth.war application. [wlst] [wlst] Saving all your changes ... [wlst] Saved all your changes successfully. [wlst] Activating all your changes, this may take a while ... [wlst] The edit lock associated with this edit session is released [wlst] once the activation is completed. [wlst] Activation completed [wlst] Disconnected from weblogic server: AdminServer [wlst] <May 4, 2014 4:02:42 PM MDT> <Warning> <JNDI> <BEA-050001> <WLContext.close() was called in a different thread than the one in which it was created.> BUILD SUCCESSFUL Total time: 57 seconds [appoam@usaslcoamr12t devt12]$ Redirect HTTP Server to WebLogic Server for Oracle E-Business Suite AccessGate cd /apps/Middleware/MW_HOME/OAM/Oracle_WT1/instance/web1/config/OHS/ohs1 vi mod_wl_ohs.conf <IfModule mod_weblogic.c> WebLogicHost usaslcoagr12t.goldbar.barrick.com WebLogicPort 7047 </IfModule> #EBS Accessgate for crp2 <Location /ebsauth_crp2> SetHandler weblogic-handler WLProxySSL ON WLProxySSLPassThrough ON WebLogicHost usaslcoagr12t.goldbar.barrick.com WebLogicPort 7047 </Location> #for OAM <IfModule weblogic_module> <Location /oam> SetHandler weblogic-handler WLProxySSL ON

Page 121: OAM Install & Config

WLProxySSLPassThrough ON WLCookieName jsessionid WebLogicHost usaslcoagr12t.goldbar.barrick.com WebLogicPort 14100 WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location> </IfModule> SSOlogout test: We should get blank page here. http://usaslcoagr12t.goldbar.barrick.com:7043/ebsauth_devt12/ssologout_callback

http://slcr12devtap1.goldbar.barrick.com:8080/OA_HTML/AppsLogout

Page 122: OAM Install & Config

Set Oracle E-Business Suite profile options Application Authenticate Agent -- http://usaslcoagr12t.goldbar.barrick.com:7777/ebsauth_crp2 Applications SSO Type --- SSWA w/SSO Applications Single Sign On Hint Cookie Name --- Blank Applications SSO Auto Link User -- Enabled Applications SSO Login Types -- Both Ebiz Patches: Make below patches applied to ebiz instance. 12387976 14196434 16015113 Softlink Creation for oblog_config.xml /apps/Middleware/MW_HOME/OAM/Oracle_OAMWebGate1/webgate/ohs/config oblog_config.xml -> /apps/Middleware/MW_HOME/OAM/Oracle_OAMWebGate1/webgate/ohs/config/oblog_config_wg.xml Integrate E-Business with OID [oraDEVT12@slcr12devtap1 ~]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registerinstance=yes You are registering ORACLE HOME only. Enter the host name where Oracle iAS Infrastructure database is installed ? usaslcoamr12t.goldbar.barrick.com Enter the LDAP Port on Oracle Internet Directory server ? 3060 Enter SSL LDAP Port on Oracle Internet Directory server ? 3131 Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? [oraDEVT12@slcr12devtap1 ~]$ [oraDEVT12@slcr12devtap1 ~]$ [oraDEVT12@slcr12devtap1 ~]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registerinstance=yes

Page 123: OAM Install & Config

You are registering ORACLE HOME only. Enter the host name where Oracle iAS Infrastructure database is installed ? usaslcoamr12t.goldbar.barrick.com Enter the LDAP Port on Oracle Internet Directory server ? 3060 Enter SSL LDAP Port on Oracle Internet Directory server ? 3131 Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? Enter Oracle E-Business apps database user password ? *** Log File = /apps/DEVT12/inst/apps/DEVT12_slcr12devtap1/logs/appl/rgf/TXK/txkSetSSOReg_Thu_May_8_16_48_47_2014.xml Beginning input parameter validation for Oracle Home Instance registration. Input parameter validation for Oracle Home Instance registration completed. BEGIN ORACLE HOME INSTANCE REGISTRATION: Oracle Home Instance preferences stored successfully. Oracle Home Instance registered successfully. End of /apps/DEVT12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/txkSetSSOReg.pl : No Errors encountered [oraDEVT12@slcr12devtap1 ~]$ [oraDEVT12@slcr12devtap1 ~]$ $FND_TOP/bin/txkrun.pl -script=SetSSOReg -registeroid=yes -provisiontype=4 You are registering this instance with OID Server. Enter LDAP Host name ? usaslcoamr12t.goldbar.barrick.com Enter the LDAP Port on Oracle Internet Directory server ? 3060 Enter the Oracle Internet Directory Administrator (orcladmin) Bind password ? Enter the instance password that you would like to register this application instance with ? Enter Oracle E-Business apps database user password ? *** Log File = /apps/DEVT12/inst/apps/DEVT12_slcr12devtap1/logs/appl/rgf/TXK/txkSetSSOReg_Thu_May_8_16_51_42_2014.xml Beginning input parameter validation for OID registration. Input parameters validation for OID registration completed.

Page 124: OAM Install & Config

BEGIN OID REGISTRATION: Beginning to register Application and Service containers if necessary. Application and Service containers were created successfully if necessary. Beginning to register application in Oracle Internet Directory. Registration of application in Oracle Internet Directory completed successfully. -> LOADING: /apps/DEVT12/apps/apps_st/appl/fnd/12.0.0/admin/template/AppsOIDRegistration.tmp Beginning to register provisioning profile in Oracle Internet Directory. Registration of provisioning profile in Oracle Internet Directory completed successfully. Application is now registered successfully with provisioning in Oracle Internet Directory. End of /apps/DEVT12/apps/apps_st/appl/fnd/12.0.0/patch/115/bin/txkSetSSOReg.pl : No Errors encountered [oraDEVT12@slcr12devtap1 ~]$ [oraDEVT12@slcr12devtap1 ~]$