Pages

Tuesday, September 1, 2015

Configuring Database Security Store for the Domain and server startup in 11gR2

In part 4, we saw configuration of Oracle Access Manager 11gR2 on Solaris. Now we shall configure database security store for the domain(base_domain)

Details:
  • Before starting the admin or managed servers for the first time, make  sure to create a new DB security store.
  • Each Oracle Identity and Access Management 11g  (11.1.2) domain must be configured to have a Database Security Store.
  • Run the configureSecurityStore.py script to configure the Database Security Store.
  • The script is located in the <IAM_HOME>\common\tools directory.
  • Before configuring, identify the products to be configured are in a single-domain scenario or in a multiple-domain scenario
  • The Database Security Store is created (-m create) at the time you create the first domain.
    Each newly created domain is then joined (-m join) with the Database Security Store that is
    already created.                                                                                                                                    

     How to configure database security store?


    1. On the machine where OAM server is installed execute below command:

    Syntax:

     <MW_HOME>/oracle_common/common/bin/wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <domaindir> -c IAM -p <opss_schema_password> -m create
      
    Example:

    cd $MW_HOME/oracle_common/common/bin
    ./wlst.sh $ORACLE_HOME/common/tools/configureSecurityStore.py -d
    $DOMAIN_HOME -c IDAM -m create -p ******
    where:
    MW_HOME= Middleware location of server(/u02/app/middlewwareiam)
    ORACLE_HOME= Oracle Home location for OAM server (/u02/app/middlewareiam/IDAM)
    DOMAIN_HOME=Domain Home location(/u02/app/middlewareiam/user_projects/domains/base_domain)

    2. To verify that the security store has been created correctly, execute the following command:

     

    Syntax:


    <MW_HOME>/oracle_common/common/bin/wlst.sh <IAM_HOME>/common/tools/configureSecurityStore.py -d <domaindir> -m validate

    Example: 

    cd $MW_HOME/oracle_common/common/bin
    ./wlst.sh $ORACLE_HOME/common/tools/configureSecurityStore.py -d
    $DOMAIN_HOME -m validate
    where:
    MW_HOME= Middleware location of server(/u02/app/middlewwareiam)
    ORACLE_HOME= Oracle Home location for OAM server (/u02/app/middlewareiam/IDAM)
    DOMAIN_HOME=Domain Home location(/u02/app/middlewareiam/user_projects/domains/base_domain)

    How to start Admin & OAM Manage server?


    1. On the machine, open a terminal window. Navigate to $DOMAIN_HOME/bin and start
    the WLS Admin Server using startWebLogic.sh
    cd $DOMAIN_HOME/bin
    ./startWebLogic.sh
    When prompted, enter the username and password as weblogic and ******, respectively.


    2 Make sure you observe the messages in the window to check the status of the WLS server
    in the RUNNING mode.

    3.Start the OAM managed server by using startManagedWeblogic.sh:
    cd $DOMAIN_HOME/bin
    ./startManagedWeblogic.sh oam_server1

    4.Make sure you observe the messages in the window to check the status of the OAM server in the RUNNING mode.

    5. Stop the OAM managed and WLS admin servers by pressing Ctrl + C on both tabs.

    6.Create the boot.properties file for both the servers so that you are not prompted to
    enter username/password credentials each time you start the servers.

    7. Open a new terminal window and navigate to $DOMAIN_HOME/servers/AdminServer
    cd $DOMAIN_HOME/servers/AdminServer
    mkdir security
    cd security
    vi boot.properties
    Enter i
    username=weblogic
    password=*******
    Enter Esc
    Enter :wq!


    8. Perform the same steps under $DOMAIN_HOME/servers/oam_server1 for creating the
    boot.properties file for the OAM managed server

    9. Repeat step 1 & 3 and make sure server comes up without asking for username and password.


    Sanity Check:


    1. Login to weblogic console with  http://hostname:port/console
    Username : weblogic
    Password: *****

    2. To check the status of the admin and managed servers, navigate by using the left pane:
    Domain Structure > base_domain > Environment > Servers. You should see the states of
    both servers (AdminServer and oam_server1) as RUNNING. Note the ports for the two
    servers: 7001 and 14100.

    3. To check the status of EM FMW Control and OAM console (applications deployed on the
    admin server), click AdminServer (admin) and then click the Deployments tab. Notice that
    the state of the em application is Active. Click the em application, which shows you more
    detailed Properties pages.

    4. To check the status of the OAM console application (application deployed on the admin
    server), click the AdminServer and then click the Deployments tab. Notice that the state of oam_admin (11.1.2.0.0) is Active.

    5. To check the status of the OAM server (deployed on the oam_server1 managed server),
    navigate by using the left pane to the Servers home page (click the Servers node). Click the
    oam_server1 managed server and then click the Deployments tab. Notice that the state of
    the oam_server(11.1.2.0.0) application is Active.

    6. Click the OAM console page (http://<oam_host>:7001/oamconsole) Log in by
    using weblogic and ****** as the username and password, respectively.
    Navigate through page .

    7 . Check  the status of FMW EM console with URL:
    http://hostaname:Port/em
    Username: weblogic
    Password :******

No comments:

Post a Comment