Wednesday, 27 September 2017

How to edit the oam-config.xml in OAM 12c / 12.2.1.3.0 (Oracle Access Manager)

How to edit the oam-config.xml in OAM 12c / 12.2.1.3.0 (Oracle Access Manager)

Since Oracle Access Manager 12c PS3 (12.2.1.3), the editing of the oam-config.xml file in the <<fmwconfig>> directory is not supported. Starting from OAM 12c (12.2.1.3.0) release, oam-config.xml is present at the centralized DB location.
  1. The oam-config.xml is present at file system in at the same location as in earlier versions, but since 12c, we should not modify the oam-config.xml directly from the below location


  1. Create a new property file :

Update the content of the file as:

oam.entityStore.ConnectString=jdbc:oracle:thin:@//oim-internal.oracle.com:1521/SOADB.ORACLE.COM
oam.entityStore.schemaUser=DEV_OAM
oam.entityStore.schemaPassword=welcome1
oam.importExportDirPath=/oracle/OAMConfigExport
oam.frontending=params=oim-internal.oracle.com:;14100;http


  1. Export the oam-config.xml to your local system from OAM schema
Run the below query (Modify the query as per your environmental directory structure):
java -cp /oracle/Middleware/Oracle_Home/idm/oam/server/tools/config-utility/config-utility.jar:/oracle/Middleware/Oracle_Home/oracle_common/modules/oracle.jdbc/ojdbc8.jar oracle.security.am.migrate.main.ConfigCommand /oracle/Middleware/Oracle_Home/user_projects/domains/oam_domain export /oracle/OAMConfigExport/dbschema.properties


  1. Modify the oam-config.xml ( While modifying the oam-configm.xml, don’t modify the Version, which was mandatory in the earlier versions of the OAM)

Example: Just update the DirectAuthenticationServiceDescriptor is set to true to enable the unsolicited login.

From:

To:

Save and come out of modified oam-config.xml

  1. Import the oam-config.xml back to OAM Schema
java -cp /oracle/Middleware/Oracle_Home/idm/oam/server/tools/config-utility/config-utility.jar:/oracle/Middleware/Oracle_Home/oracle_common/modules/oracle.jdbc/ojdbc8.jar oracle.security.am.migrate.main.ConfigCommand /oracle/Middleware/Oracle_Home/user_projects/domains/oam_domain import /oracle/OAMConfigExport/dbschema.properties


  1. Verify whether the file and file contents have been modified at the below location:
/oracle/Middleware/Oracle_Home/user_projects/domains/oam_domain/config/fmwconfig


Saturday, 23 September 2017

Features removed in Oracle Access Manager 12.2.1.3.0 ( OAM 12c)

Features removed in Oracle Access Manager 12.2.1.3.0 ( OAM 12c)

Following features in OAM 12c have been removed as compared to OAM 11g R2 PS3

·         IDMConfigTool
OAM 12c does not support the following commands and attributes:
o   prepareIDStore= FUSION
o   prepareIDStore= OAAM
o   configPolicyStore
o   configOVD
o   disableOVDAccessConfig
o   postProvConfig
o   validate: All options are not supported
o   ovdConfigUpgrade
o   upgradeOIMTo11gWebgate
o   POLICYSTORE_SHARES_IDSTORE
o   SPLIT_DOMAIN

·         IAMSuiteAgent
OAM 12c does not support IAMSuiteAgent. Till R2PS3, IAMSuiteAgent was the OOB agent         protecting the OAM console. From 12c PS3 onwards, this is done using default OOB Login page. It is now recommended to protect OAM console using a webgate agent.

·         Oracle Mobile Security Suite (OMSS)
OAM 12c does not support OMSS.

·         OAM10g WebGate

OAM 12c server does not support OAM 10 WebGates.

Embedded BI Publisher Report in OIM 12c is not Supported

Embedded BI Publisher reports in OIM 12c are not supported

Embedded BI Publisher, the newly added feature in R2PS3 has been removed since OIM 12c. Embedded BI Publisher is not supported in this release. Standalone BI Publisher can be installed and configured to use Identity Governance reports.


LDAP Synchronization is not supported in Oracle Identity Governance (OIM) 12c (12.2.1.3.0)

LDAP synchronization is not supported in Oracle Identity Governance (OIM) 12c (12.2.1.3.0)

LDAP synchronization is required when Oracle Identity Governance is integrated with Oracle Access Management (OAM). But OAM-OIG integration using IDMConfigTool is not supported in OIM 12c.

Workaround


If you have upgraded from Release 11.1.2.3 to Release 12.2.1.3, then you can continue with LDAP synchronization, as described in Enabling LDAP Synchronization in Oracle Identity Manager in Integration Guide for Oracle Identity Management Suite for Release 11.1.2.3.

Reference: http://docs.oracle.com/middleware/12213/idmsuite/IDMRN/oracle-identity-governance.htm#IDMRN-GUID-A840A860-FDA9-4ACE-8B1E-D53D8BBDC200 

OAM 12c / 12.2.1.3.0 Installation Using Quick Installer

  1. OAM 12 c / 12.2.1.3.0 ( PS3) Installation :

Following are some of the improvements made in OAM 12c (12.2.1.3.0) with respect to Installation and Configurations:
- Reduced number of steps as compared to earlier releases
– 12c (12.2.1.3.0) allows to re-bootstrap individual components if failed. eg:  policy, system, federation. This makes the installation process easier. In case of failure, individual components can be re-run again instead of starting over from the beginning.

  1. Download the installer using below link:

  1. Make sure your operating system, DB , JDK ( Above jdk1.8.0_131) are present as per the OAM 12c Certification matrix:

  1. This quick installation installs Weblogic 12c & OAM at once. You don’t need to install them separately. Unzip the downloaded installer zip , you can find below mentioned jars:
    1. fmw_12.2.1.3.0_idmquickstart.jar
    2. fmw_12.2.1.3.0_idmquickstart2.jar
  1. Install Oracle Fusion Middleware Infrastructure, Oracle SOA Suite, OAM and Oracle Identity Governance 12.2.1.3.0 using the quick installer
Run the command :  java -jar fmw_12.2.1.3.0_idmquickstart.jar

Click on Next:


Select skip auto update and click on Next

Enter Oracle Home Path and click on Next:

Click on Skip:

Click on Install:


Click on Next:

Click on Finish:



  1. Running RCU :
The RCU utility is located at the below path:
/app/Middleware/Oracle_Home/oracle_common/bin
./rcu

At Step 1, click on Next :

Click on Next,

Enter the DB Credentials and login as SYS AS SYSDBA and click on Next:


Click on OK


Enter the Prefix name as ‘DEV’ and click on Next






Click on Next:



















  1. Weblogic Domain Configuration:
Start the Configuration Wizard to begin configuring a domain.
To start the Configuration Wizard:
Change to the following directory:
<ORACLE_HOME>/oracle_common/common/bin

Cd /oracle/Middleware/Oracle_Home/oracle_common/common/bin
./config.sh

Click on Next:



Click on Next:



Enter Weblogic Credentials and Click on Next:

Click on Next:


Click on Next:

Click on Next:

Click on Create:



Click on Finish:





  1. Updating the java.security File (Optional):

If you wish to integrate Oracle Access Management 12c (12.2.1.3.0) with Oracle Adaptive Access Manager (OAAM) 11g Release 2 (11.1.2.3.0), you must update java.security file with the following changes, post upgrade:
To do this:
1. Open the java.security file located at JAVA_HOME/jre/lib/security/ in an editor.
2. Remove TLSv1, TLSv1.1, MD5withRSA from the following key:
key - jdk.tls.disabledAlgorithms
3. Remove MD5 from the following key:
key - jdk.certpath.disabledAlgorithms

  1. Start the servers:
Weblogic:
./startWeblogic.sh



Start Policy and OAM Managed Servers:

Access OAM Admin console:


The OAM 12c is ready to use










Friday, 22 September 2017

OIM 12c / 12.2.1.3.0 Installation Using Quick Installer

  1. Download the installer using below link:


  1. Make sure your operating system, DB , JDK ( Above jdk1.8.0_131) are present as per the OIM 12c Certification matrix:


  1. This quick installation installs Weblogic, OIM , SOA at once. You don’t need to install them separately. Unzip the downloaded installer zip , you can find below mentioned jars:
    1. fmw_12.2.1.3.0_idmquickstart.jar
    2. fmw_12.2.1.3.0_idmquickstart2.jar
  1. Install Oracle Fusion Middleware Infrastructure, Oracle SOA Suite, and Oracle Identity Governance 12.2.1.3.0 using the quick installer
Run the command :  java -jar fmw_12.2.1.3.0_idmquickstart.jar


Click on Next:




Select skip auto update and click on Next


Enter Oracle Home Path and click on Next:


Click on Skip:


Click on Install:




Click on Next:


Click on Finish:

  1. Running RCU :
The RCU utility is located at the below path:
/app/Middleware/Oracle_Home/oracle_common/bin
./rcu


At Step 1, click on Next :


Click on Next,


Enter the DB Credentials and login as SYS AS SYSDBA and click on Next:




Click on OK


Enter the Prefix name as ‘DEV’ and click on Next










Click on Next:

















  1. Weblogic Domain Configuration:
Navigate to the below path and run and the config.sh


Cd /oracle/Middleware/Oracle_Home/oracle_common/common/bin
./config.sh


Click on Next:






Click on Next:




Click on Next:
Click on Next:


Click on Next:


Click on Next:
Click on Next:
Select




Click on Finish:



  1. Post Config Steps
After configuring the Oracle Identity Governance domain, run the offlineConfigManager script to perform post configuration tasks.
Ensure that you run this command before you start any server.


To run the offlineConfigManager command, do the following:
1. Set the following environment variables to the right values:
• DOMAIN_HOME
• JAVA_HOME

2. Ensure that you have execute permissions for the file OIM_HOME/server/bin/offlineConfigManager.sh.




3. Run the following command from the location OIM_HOME/server/bin/:
On Unix: ./offlineConfigManager.sh




  1. Start the servers:
Weblogic:
./startWeblogic.sh




Start SOA and OIM:





Run Deign Console: