Access Policy in OIM 12c

The Access Policy feature in OIM has been moved to /identity screen from /sysadmin since OIM 12c.

To create a new Access Policy in OIM 12c, Login to /identity console, click on Roles and Access Policies, Click on Access Policies:

Click on Create:

Fill the values as mentioned below and Click on Next:

Click on Provisioned Application Add option to add resources to be provisioned by this access Policy.

Select constraints as either of Revoke or Disable to applicable for this access policy.

From the Oracle Doc:  https://docs.oracle.com/cd/E52734_01/oim/OMADM/accesspolicies.htm#OMADM2252

“When the Revoke if no longer applies option or the Disable if no longer applies option is selected, entitlements are always revoked with the policy no longer applies. If the Disable if no longer applies option is selected, then the entitlements associated with the resource are revoked when the policy no longer applies because the entitlements have been originally granted because of the role grant. The entitlements are added to the resource instance when the role is granted once again.”

To populate the default values populated during access policy evaluation, click on Resource Object as highlighted below:

Click on Finish the complete the Access Policy creation:

Note: Assigning roles to the Access Policy is not available during the access policy creation. To associate roles with the OIM Access Policy, please perform the following additional steps:

Search the role which you want to associate with the newly created access policy:

That’s all, the Role has been associated with the Access Policy ☺

Collocated mode Oracle Identity Governance (OIM 12c) installation

1. Collocated mode Oracle Identity Governance (OIM 12c) installation

This standard installation topology can be used as a starting point in production environments. The steps mentioned here are different than the OIM 12c Quick Installation steps. This topology represents a standard WebLogic Server domain having an Administration Server and one or more clusters containing one or more Managed Servers.

For a collocated Oracle Identity Governance (OIM 12c) installation, It’s required to install Oracle Fusion Middleware Infrastructure 12c (12.2.1.3.0) and Oracle SOA Suite 12c (12.2.1.3.0) as a prerequisite. Ensure that you install Oracle SOA Suite and Oracle Identity and Access Management in the same Oracle Home as Oracle Fusion Middleware Infrastructure.

2. Download the installers using below links:

1. http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html

2. For SOA 12c: http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html

3. Make sure your operating system, DB , JDK ( Above jdk1.8.0_131) are present as per the OIM 12c Certification matrix:

http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

http://www.oracle.com/technetwork/middleware/fmw-122130-certmatrix-3867828.xlsx

4. This installation requires Infrastructure, SOA and IDM Installation at the same Oracle Home location.
1. Unzip the downloaded SOA 12c zip , you can find below mentioned jars:
1. fmw_12.2.1.3.0_soa_quickstart.jar
2. fmw_12.2.1.3.0_soa_quickstart2.jar
2. Unzip the downloaded IDM infrastructure zip, you can find below jar:
1. fmw_12.2.1.3.0_infrastructure.jar
3. Unzip the downloaded Oracle IDM 12c zip, you can find below jar:
1. fmw_12.2.1.3.0_idm.jar

5. Install Oracle Fusion Middleware Infrastructure 12c

Run the command:  java -jar fmw_12.2.1.3.0_infrastructure.jar

6. Oracle SOA Suite 12c Installation :

This step is required for collocated Oracle Identity Governance (OIM 12c) installation.

Run the command: java -jar fmw_12.2.1.3.0_soa_quickstart.jar

7. Oracle Identity Governance (OIM 12c) 12.2.1.3.0 Installation

Run the command:  java -jar fmw_12.2.1.3.0_idm.jar

Click on Next:

Select skip auto update and click on Next

Enter Oracle Home Path and click on Next:

Click on Install:

Click on Next:

Click on Finish:

8. Running RCU :

The RCU utility is located at the below path:

/app/Middleware/Oracle_Home/oracle_common/bin

./rcu

At Step 1, click on Next :

Click on Next,

Enter the DB Credentials and login as SYS AS SYSDBA and click on Next:

Click on OK

Enter the Prefix name as ‘DEV’ and click on Next

Click on Next:

9. Weblogic Domain Configuration:

Navigate to the below path and run and the config.sh

Cd /oracle/Middleware/Oracle_Home/oracle_common/common/bin

./config.sh

Click on Next:

Click on Next:

JMS JDBC Store is the recommended option for Oracle Identity and Access Management 12c (12.2.1.3.0).

Click on Next:

Click on Next:

Click on Next:

Click on Next:

Click on Next:

Select

Click on Finish:

10. Post Config Steps

After configuring the Oracle Identity Governance domain, run the offlineConfigManager script to perform post configuration tasks.

Ensure that you run this command before you start any server.

To run the offlineConfigManager command, do the following:

1. Set the following environment variables to the right values:

• DOMAIN_HOME

• JAVA_HOME

2. Ensure that you have execute permissions for the file OIM_HOME/server/bin/offlineConfigManager.sh.

3. Run the following command from the location OIM_HOME/server/bin/:

On Unix: ./offlineConfigManager.sh

11. Start the servers:

Weblogic:

./startWeblogic.sh

Start SOA and OIM: