Install Oracle OAM

Home‎ > ‎Oracle Access Manager‎ > ‎Operations‎ > ‎Install Oracle Access Manager‎ > ‎

Before you begin

Contents

Before the applications can be installed and configured, the system must be prepared and database must be installed.

You will need the following installers

Downloads

Component	Location
OEL 5.7 (RHEL5.3+/6.1+, OEL5.3+/6.1+, SLES10.1+/11+, Win2K8SP1+, Win2K8R2+,Win7+, Solaris10.4+/11+) x64 Only
JDK 1.6U30 (Sun1.6.0_29+/30+, JRockit6U29R28.2.0+, Sun1.7.0_02+) x64 only	Java 6 - http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase6-419409.html Java 7 - http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html
Database 11.2.0.1 (Oracle 10.2.0.4+/11.1.0.7+/11.2.0.1+)	http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
Weblogic 10.3.6 (Weblogic 10.3.6, 10.3.5(not with JDK7 and not supported with 11gR2 PS2 and later))	http://www.oracle.com/technetwork/middleware/ias/downloads/wls-main-097127.html
Oracle WebTier Utilities 11gR1 (11.1.1.7)	http://www.oracle.com/technetwork/java/webtier/downloads/index2-303202.html

Please use the Oracle Certification matrix before deciding upon the appropriate product version. The appropriate certification matrix are available at

System Requirements and Supported Platforms for Oracle Identity and Access Management 11g Release 2 (11.1.2.0.0) ( xls)
System Requirements and Supported Platforms for Oracle Identity and Access Management 11g Release 2 (11.1.2.1.0) ( xls)
System Requirements and Supported Platforms for Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) ( xls)

All the Fusion Middleware Certification matrix are maintained at http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

In case you have a valid Oracle Support in place, you should download the products from the edelivery (https://edelivery.oracle.com) website

Setting up Oracle Enterprise Linux

Start the virtual box with OEL 57 DVD in the drive. Set the following values during initial steps

Name	Value
Language for Installation	English
Keyboard	US English
Disk	Remove all partitions on selected drive and create default layout
Network Devices/Hostname	Active on boot/Uncheck Enable IP V6 support oiam11g
Timezone	Asia/Kolkata
Root	<password>
Selected items for install	Gnome Desktop Environment Base Legacy Software support X Windows System

Post reboot, the configuration setup involves, this will reboot the system and reconfigure based on selections
1. Accept License agreement
2. Firewall (Disabled)
3. SELinux Setting (Disabled)
4. Date Time (Enable Network Time Protocol)
5. Create User (OIAM Admin/oiamadmin)

Enable the yum mechanism

# wget http://public-yum.oracle.com/public-yum-el5.repo 
# cp public-yum-el5.repo /etc/yum.repos.d/el5.rep

In the el5.repo enable all the repositories that are for el5.

You can exclude kernel upgrades by adding "exclude=kernel*" in /etc/yum.conf
Update installation by running "yum update".

Install oracle-validated and one missing item

yum install oracle-validated

yum install unixODBC-2.2.11
/sbin/chkconfig sendmail off
/sbin/chkconfig cups off

Redhat Enterprise Linux (5.3) on Amazon Web Service

Since the RHEL and OEL are practically the same, we leverage the same repository to manage the setup

Start an instance of RHEL 5.9 as available in AWS store. Ensure that instance is setup with small memory size to allow you to install database with basic SGA size of 756MB. Add a separate disk of about 50GB size for the OIAM installation.
Once connected, add the following line in /etc/yum.conf
exclude=kernel*
Upgrade the installation and install all the patches
yum update

Fix the perl issue by adding the following to /etc/profile

export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8

Prepare the new disk attached to the instance by running the following process
1. Initialize the disk using /sbin/fdisk /dev/sdb
  /sbin/fdisk /dev/sdb > n > p > 1 > 1 > 6527 (default) > w
2. Create an ext3 file system
  /sbin/mkfs -t ext3 /dev/sdb1
3. Mount the new file system
  mount /dev/sdb1 /opt/idm
4. Add the following line to /etc/fstab for automatic mounting going forward
  /dev/sdb1 /opt/idm ext3 defaults 0 0
5. Create an area for installers
  cd /opt/idm/ mkdir installers

Configure the operating system

Disable SELinux by setting the following line in /etc/selinux/config
SELINUX=disabled
Install wget
yum install wget

Install oracle-validated by first installing the Oracle's PGP using for signing, then install unixODBC because there are some conflicts which are reported during installation of oracle-validated

cd /opt/idm/installers
wget http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
rpm --import ./RPM-GPG-KEY-oracle-el5
yum install unixODBC
yum localinstall oracle-validated-1.0.0-32.el5.x86_64.rpm

Change the limits in /etc/security/limits.conf by adding the following lines

*   soft   nofile    131072
*   hard   nofile    131072
*   soft   nproc    131072
*   hard   nproc    131072
*   soft   core    unlimited
*   hard   core    unlimited
*   soft   memlock    50000000
*   hard   memlock    50000000

Reboot the server

Install the UI environment

yum groupinstall "GNOME Desktop Environment"
yum install vnc-server
yum install firefox

Stop and configure some of the standard services

chkconfig iptables off
chkconfig cups off
chkconfig ip6tables off
chkconfig exim off

Reboot
set hostname to iam.demo.aps or appropriate hostname. Please note that this hostname will get embedded in the OIAM configuration for internal calls, so please choose it carefully.
hostname iam.demo.aps

Add the hostname to /etc/hosts

127.0.0.1               localhost.localdomain localhost iam.demo.aps iam

Create a demo user that will be used for all login and sharing purpose.
1. Create the user
  groupadd demo useradd -c "Demo" -d /home/demo -g demo -m -s /bin/bash demo
2. Add the following to /etc/sudoers to allow easy setup and execution through demo user id
  demo ALL=(ALL) NOPASSWD: ALL
3. Configure vncserver for user
  1. Run VNC server for the first time
    sudo su - demo vncserver
  2. Kill the server
    vncserver -kill :1
  3. Uncomment the lines where indicated in ~demo/.vnc/xstartup
  4. Start the VNC server again
4. Provide access to installer directory
  sudo chown -R demo:demo /opt/idm/installers

Setup automatic environment setup during startup

Create file /etc/init.d/oim-setup

#!/bin/sh
### BEGIN INIT INFO
# Provides:
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     3 4 5
# Default-Stop:      0 1 2 6
# chkconfig: 345 80 05
# Short-Description: Setup OIM server
# description:       Setup Operating system environment 
# processname:       oim-setup
### END INIT INFO
dir="/home/demo/Desktop"
user="demo"
cmd=""
name=`basename $0`
pid_file="/var/run/$name.pid"
stdout_log="/var/log/$name.log"
stderr_log="/var/log/$name.err"
get_pid() {
    cat "$pid_file"
}
is_running() {
    [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1
}
case "$1" in
    start)
            echo "Configuring environment with $name"
            hostname iam.demo.aps
            sudo -u demo /usr/bin/vncserver

            # Add startup scripts for database, directory, weblogic, web server here #

        ;;
    stop)
            echo "Cleaning up $name"
            sudo -u demo /usr/bin/vncserver -kill :1

            # Add shutdown scripts for web server, weblogic, directory, database here #
        ;;
    restart)
        $0 stop
        $0 start
        ;;
    status)
            echo "Capability Not available"
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|status}"
        exit 1
        ;;
esac
exit 0

Install and enable the service for running on startup

sudo /sbin/chkconfig --add oim-setup
sudo /sbin/chkconfig oiam on

Java

cd /opt
./jdk-6u30-linux-x64.bin
ln -sf jdk1.6.0_30/ java

Please check the certification matrix of corresponding product before deciding the java version that you are going to use.

Database

Setup oracle id with oper group "/usr/sbin/groupadd oper" and "/usr/sbin/usermod -g oinstall -G dba,oper

The default oracle-validate does not contain the oper group and so added this step. Not sure whether this is actually needed.

Setup the installation directories as "root"

mkdir /opt/oracle
chown oracle:oinstall /opt/oracle/
chmod 755 /opt/oracle/

Add the following to the .bash_profile of the oracle user

# Oracle Settings
TMP=/opt/oracle/tmp; export TMP
TMPDIR=$TMP; export TMPDIR
#ORACLE_HOSTNAME=hostname.localdomain
#export ORACLE_HOSTNAME
ORACLE_BASE=/opt/oracle/db
export ORACLE_BASE
DB_HOME=$ORACLE_BASE/product/11.2.0/dbhome_1
export DB_HOME
ORACLE_HOME=$DB_HOME
export ORACLE_HOME
ORACLE_SID=OIMDB
export ORACLE_SID
ORACLE_TERM=xterm
export ORACLE_TERM
JAVA_HOME=/opt/java
export JAVA_HOME
BASE_PATH=/usr/sbin:$PATH
export BASE_PATH
PATH=$JAVA_HOME/bin:$ORACLE_HOME/bin:$BASE_PATH
export PATH
LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
export LD_LIBRARY_PATH
CLASSPATH=$ORACLE_HOME/JRE:$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib
export CLASSPATH
if [ $USER = "oracle" ]; then
 if [ $SHELL = "/bin/ksh" ]; then
 ulimit -p 16384
 ulimit -n 65536
 else
 ulimit -u 16384 -n 65536
 fi
fi

Unzip the installers in one location and run installer

su - oracle cd /home/oracle/downloads
unzip linux.x64_11gR2_database_1of2.zip
unzip linux.x64_11gR2_database_2of2.zip
cd database 
./runInstaller

Provide the following information

Attribute	Value
I wish to receive Security Update via My Oracle Support	unchecked
Installation Option	Install Database Only
Grid Option	Single Database
Product Language	English
Database Edition	Standard Edition
Oracle Base	/opt/oracle/db
Software location	/opt/oracle/db/product/11.2.0/dbhome_1
Inventory Location	/opt/oracle/oraInventory
Oracle Install group Name	oinstall
OSDBA Group	dba
OSOPER Group	oper

The validation was failing for memory and swap size. Increased memory to 1.5 (min 1GB required) and created a swap file to pass the validation

cd /opt

mkdir swap

cd swap

dd if=/dev/zero of=/opt/swap/file bs=1M count=2048

chmod 600 /opt/swap/file

/sbin/mkswap /opt/swap/file

/sbin/swapon /opt/swap/file 

# Added new line in /etc/fstab file

/opt/swap/file           swap                    swap    defaults        0 0

During the installation process, installer will wait for execution of the following items "/opt/oracle/oraInventory/orainstRoot.sh" "/opt/oracle/db/product/11.2.0/dbhome_1/root.sh"

Listener Configuration

login as oracle and execute the command
su - oracle $ORACLE_HOME/bin/netca
Configure the following value

Name Value

Listener Name LISTENER

Select Protocol TCP

Standard Port 1521

Database Configuration

Start database configuration

su - oracle
cd $ORACLE_HOME/bin
./dbca

Configure following values

Name	Value
Create a database	Checked
Database Template	Custom Database
Global Database Name/SID	OIMDB
Management Options (Configure Enterprise Manager - checked)	Configure Database control for local management
Password for sys/system/dbsnmp/sysman	<password>
File System/Storage Type	Use Oracle Managed Files
Fast Recovery Area	Default Values
Database Components	Default Value, ensure all components are selected
Initialization Parameter/Memory/SGA-PGA	512MB (should be fine for demo/dev environment)
Use Automatic Memory Management	checked
Initialization Parameter/Sizing/Process Parameter Value	500
Initialization Parameter/Character set	Use Unicode
National Character Set	UTF-8
Default Language	American
Default Territory	United States
All Initialization Parameters/Show Advance Parameters/open_cursors	800 (Override Default)
java_pool_size	134217728 (Override Default)
session_cached_cursors	100 (Override Default)
SHARED_POOL_SIZE	150994944 (Override Default)

Installation takes very long time. Have patience

After installation following information is provided

Name	Value
Log files	/opt/oracle/db/cfgtoollogs/dbca/OIMDB
Global Database Name/SID	OIMDB
Server Parameters File	/opt/oracle/db/product/11.2.0/dbhome_1/dbs/spfileOIMDB.ora
Database Control File	https://oim11gr2.aps.dev:1158/em
Management Encryption Key	/opt/oracle/db/product/11.2.0/dbhome_1/oim11gr2.aps.dev_OIMDB/sysman/config/emkey.ora
Locked Account	OUTLN, FLOWS_FILES, MDSYS,ORDDATA, ORDSYS, CTXSYS, ANONYMOUS, EXFSYS, WMSYS, XDB, APPQOSSYS,ORDPLUGINS, APEX_030200, SI_INFORMTN_SCHEMA, DIP, APEX_PUBLIC_USER, ORACLE_OCM

Ensure that the following entry is configured as shown in the /etc/oratab to ensure that database can be started using dbstart utility
OIMDB:/opt/oracle/db/product/11.2.0/dbhome_1:Y

Create the following dbstart.sh startup script in the /home/oracle

. ./bash_profile
$ORACLE_HOME/bin/dbstart $ORACLE_HOME

. ./bash_profile 
bin/dbshut $ORACLE_HOME

Weblogic

Setup a new user called oimuser and create directory for OIM Installation

su -
groupadd oimgroup
useradd -c "OIM Install User" -d /home/oimuser -g oimgroup -m -s /bin/bash oimuser 
passwd oimuser 
cd /opt
mkdir fmw
chown oimuser:oimgroup fmw/
 
# Add the following line to .bash_profile
export JAVA_HOME=/opt/java
export PATH=$JAVA_HOME/bin:$PATH

su - oimuser 
mkdir /opt/fmw/temp
java -Djava.io.tmpdir=/opt/fmw/temp/ -jar wls_generic.jar

Install weblogic with following configuration

Name	Value
New Middleware Home	/opt/fmw/Middleware
Skip the security registeration
Install Type	Typical
JDK	Use the installed
Product Install (Weblogic)	/opt/fmw/Middleware/wlserver_10.3
Oracle Coherence	/opt/fmw/Middleware/coherence_3.6

Oracle HTTP Server

Oracle HTTP Server or other supported web servers are typically used to expose the Oracle Identity and Access Management Servers to end user. This allows you to develop a 3 tier infrastructure in line with standard infrastructure best practices. Please note that unless you have specific requirement to protect IAM Applications, the web server should be replaceable with standard load balancers like f5.

GCC Version Check

Ensure that the correct version of libgcc version is available

Operating System	Architecture	GCC Libraries	Required Library Version
Linux 32-bit	x86	libgcc_s.so.1 libstdc++.so.5	3.3.2
Linux 64-bit	x64	libgcc_s.so.1 libstdc++.so.6	3.4.6
Solaris 64-bit	SPARC	libgcc_s.so.1 libstdc++.so.5	3.3.2

Linux32 on i386 platform

Run the following commands and ensure that their output is always greater than 0:

cd /usr/lib strings -a libgcc_s.so.1 | grep -c "GCC_3.0" strings -a libgcc_s.so.1 | grep -v "GCC_3.3.1" | grep -c "GCC_3.3" file libgcc_s.so.1 | grep "32-bit" | grep -c "80386" file libstdc++.so.5 | grep "32-bit" | grep -c "80386"

Linux 64 on x86-64 platform

Run the following commands and ensure that their output is always greater than 0:

cd /usr/lib64 strings -a libgcc_s.so.1 | grep -c "GCC_3.0" strings -a libgcc_s.so.1 | grep -v "GCC_3.3.1" | grep -c "GCC_3.3" strings -a libgcc_s.so.1 | grep -c "GCC_4.2.0" file libgcc_s.so.1 | grep "64-bit" | grep -c "x86-64" file -L libstdc++.so.6 | grep "64-bit" | grep -c "x86-64"

Solaris 64

Run the following commands and ensure that their output is always greater than 0:

strings -a libgcc_s.so.1 | grep -c "GCC_3.0"strings -a libgcc_s.so.1 | grep -v "GCC_3.3.1" | grep -c "GCC_3.3"file libgcc_s.so.1 | grep "64-bit" | grep -c "SPARC"file libstdc++.so.5 | grep "64-bit" | grep -c "SPARC"

Installation

Setup a new user called ohs and create directory for OHS Installation

cd ~iamadmin/downloads
mkdir webtier
cd webtier
unzip ../ofm_webtier_linux_11.1.1.6.0_64_disk1_1of1.zip
su -
groupadd ohs
useradd -c "OHS User" -d /home/ohs -g ohs -m -s /bin/bash ohs 
passwd ohs 
cd /opt
mkdir ohs
chown ohs:ohs ohs/
mkdir /opt/ohs/inventory

Create the file /opt/ohs/inventory/oraInst.loc with content
inventory_loc=/opt/ohs/inventory inst_group=ohs

Run installation

su - ohs 
cd ~demo/downloads/webtier/Disk1/
./runInstaller -invPtrLoc /opt/ohs/inventory/oraInst.loc

Install with following settings

Name	Value
Skip Software Update	select
Install and Configure	select
Middleware Home	/opt/ohs/Middleware
Oracle Home Directory	Oracle_WT1
Skip Security update intimation	Select
Configure Components	Oracle HTTP Server [Not selected] Oracle Web Cache [Not selected] Associate Selected component with weblogic domain [ Not selected]

The OHS is installed and configured at
Location: /opt/ohs/Middleware/Oracle_WT1

Configuration

The following steps must be performed to configure the OHS to provide a single URL for all the various components that are part of the setup.

Create a new instance of OHS web instance
1. Start the configuration process
  cd /opt/idm/web/Middleware/Oracle_WT1/bin ./config.sh
2. Configure Components
  
  Name Value
  
  Oracle HTTP Server Checked
  
  Oracle Web Cache unchecked
  
  Associate selected component with weblogic domain unchecked
3. Specify Component Details
  
  Name Value
  
  Instance Home Location /opt/idm/web/server/oam
  
  Instance Name oamWeb
  
  OHS component name oamWeb
4. Configure Ports : Select Auto Port Configuration
5. In next step, which is "Specify security update", uncheck the check box to receive security update and click next
6. Configuration process will start
7. After the process is complete the server is running.

Stop the server to change the configuration

cd /opt/idm/web/server/oam/bin
./opmnctl stopall

Make the following changes to /opt/idm/web/server/oam/config/OHS/oamWeb/httpd.conf

Change the listening port to 80

Listen 80

Please note that in order to run the OHS on port 80, you need to do the following

cd /opt/idm/web/Middleware/Oracle_WT1/ohs/bin

sudo chown root .apachectl 

sudo chmod 6750 .apachectl

After making the above change, the server can be started on port 80 and 443

Replace the old section with this

<IfModule mpm_worker_module>
  ServerLimit 20
  StartServers 2
  MaxClients 1000
  MinSpareThreads 200
  MaxSpareThreads 800
  ThreadsPerChild 50
  MaxRequestsPerChild 10000
  AcceptMutex fcntl
  LockFile "${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/http_lock"
</IfModule>

Make the following change in /opt/idm/web/server/oam/config/OHS/oamWeb/ssl.conf
Listen 443 <VirtualHost *:443>

In order to allow the OHS to connect to OIAM specific weblogic servers over SSL, ensure that the wallet has been created.

cd /opt/idm/web/server/certs
/opt/idm/fmw/Middleware/oracle_common/bin/orapki wallet create -wallet ./default -pwd <password>
/opt/idm/fmw/Middleware/oracle_common/bin/orapki wallet add -wallet ./default/ -trusted_cert -cert ./opam-cert.pem
/opt/idm/fmw/Middleware/oracle_common/bin/orapki wallet create -wallet ./default -auto_login
/opt/idm/fmw/Middleware/oracle_common/bin/orapki wallet display -wallet ./default

Please note that opam-cert.pem is the certificate for the server in the following format

The following values must be defined in the mod_wl_ohs.conf to support all the Identity and Access Management components

###################################
## General Domain Configuration
###################################
   # Admin Server and EM
   <Location /console>
      SetHandler weblogic-handler
      WebLogicHost iam.demo.aps
      WebLogicPort 7001
   </Location>
   <Location /consolehelp>
      SetHandler weblogic-handler
      WebLogicHost iam.demo.aps
      WebLogicPort 7001
   </Location>
   <Location /em>
      SetHandler weblogic-handler
      WebLogicHost iam.demo.aps
      WebLogicPort 7001
   </Location>
###################################################
## Entries Required by Oracle Entitlements Server 
###################################################
   # APM
   <Location /apm>
      SetHandler weblogic-handler
      WebLogicHost iam.demo.aps
      WebLogicPort 7001
   </Location>
##################################################
## Entries Required by Oracle Unified Directory
##################################################
   # OUD ODSM
   <Location /odsm>
      SetHandler weblogic-handler
      WebLogicHost iam.demo.aps
      WebLogicPort 7001
   </Location>
##############################################
## Entries Required by Oracle Access Manager
##############################################
   # OAM Console
   <Location /oamconsole>
      SetHandler weblogic-handler
      WebLogicHost iam.demo.aps
      WebLogicPort 7001
   </Location>
################################################
## Entries Required by Oracle Identity Manager
################################################
   # OIM self and advanced admin webapp consoles(canonic webapp)
   <Location /oim>
     SetHandler weblogic-handler
     WLCookieName    oimjsessionid
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
    </Location>
   # OIM, xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
     SetHandler weblogic-handler
     WLCookieName    oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM self service console
   <Location /identity>
     SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM Nexaweb WebApp - used for workflow designer and DM
   <Location /Nexaweb>
     SetHandler weblogic-handler
     WLCookieName    oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   <Location /sysadmin>
   SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>

   # OAM Configuration
   <Location /oam>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName OAM_JSESSIONID
     WebLogicHost iam.demo.aps
     WebLogicPort 14100
   </Location>
   <Location /oamsso>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName OAM_JSESSIONID
     WebLogicHost iam.demo.aps
     WebLogicPort 14100
   </Location>
   # Required if using Oracle Identity Federation
   <Location /oamfed>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName OAM_JSESSIONID
     WebLogicHost iam.demo.aps
     WebLogicPort 14100
  </Location>
   # Required if using Oracle Identity Federation
   <Location /sts>
      SetHandler weblogic-handler
      WLProxySSL ON
      WLProxySSLPassThrough ON
      WLCookieName OAM_JSESSIONID
     WebLogicHost iam.demo.aps
     WebLogicPort 14100
   </Location>
##################################################
## Entries Required by Oracle Identity Manager
##################################################
   # OIM, xlWebApp - Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
     WLCookieName    oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM self service console
   <Location /identity>
     SetHandler weblogic-handler
     WLProxySSL ON
     WLProxySSLPassThrough ON
    WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
#################################################
## Entries Required by Oracle Identity Manager 
#################################################
   # Provide the OIM Managed Server Port
   <Location /workflowservice>
     SetHandler weblogic-handler
     WLCookieName    oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM, SOA Infra
   <Location /soa-infra>
     SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 8001
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM, Used for provisioning-callback.
   <Location /provisioning-callback>
     SetHandler weblogic-handler
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM, SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
   <Location /sodcheck>
     SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 8001
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM, SOA Callback
   <Location /integration>
     SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 8001
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM, spml xsd profile
   <Location /spml-xsd>
     SetHandler weblogic-handler
      WLCookieName    oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
   # OIM, spml dsml profile
   <Location /spmlws>
     SetHandler weblogic-handler
     PathTrim /weblogic
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
     
   # OIM, role-sod profile 
   <Location /role-sod>
     SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
     
   # OIM, used for Callback service.
   <Location /callbackResponseService>
     SetHandler weblogic-handler
     WLCookieName    oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
     
   # OIM, UMS Email Support
   <Location /ucs>
     SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 8001
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
     
   <Location /reqsvc>
     SetHandler weblogic-handler
     WLCookieName oimjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14000
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
   </Location>
     
     
################################
#   OAAM Configuration        ##
################################
   
   <Location /oaam_admin>
      SetHandler weblogic-handler
     WLCookieName oaamjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14200
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oaam_component.log"
   </Location>
   <Location /oaam_offline>
     SetHandler weblogic-handler
     WLCookieName oaamjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14400
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oaam_component.log"
   </Location>
   <Location /oaam_server>
     SetHandler weblogic-handler
     WLCookieName oaamjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 14300
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oaam_component.log"
   </Location>
###############################
#    OPAM Configuration      ##
###############################
   <Location /oinav>
     SetHandler weblogic-handler
     WLCookieName opamjsessionid
     WebLogicHost iam.demo.aps
     WebLogicPort 18101
     WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/opam_component.log"
   </Location>
   #<Location /opam>
   #  SetHandler weblogic-handler
   #  WLCookieName opamjsessionid
   #  WebLogicHost iam.demo.aps
   #  WebLogicPort 18102
   #  WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/opam_component.log"
   #  SecureProxy On
   #  WlSSLWallet "/opt/idm/web/server/certs/default"
   # </Location>

Enable the configuration to prevent http redirect in case of https

Access the WebLogic Server console
Click on 'Servers' → '<SSL_Managed_Server>' → 'General' → 'Advanced'
Check the 'WebLogic Plug-In Enabled' box.
Click 'Save'
Restart the Managed Server.

Search This Blog

Identity and Access Management, Identity Governance