OIM Image: 2012

Friday, 21 September 2012

ODSEE basic installation steps

ORACLE DIRECTORY SERVER ENTERPRISE EDITION BASIC INSTALL STEPS

Installation procedure of Oracle Directory Server Enterprise Edition 11.1.1.5 aka Sun Directory Server Enterprise Edition 7 The installation procedure can be divided into the following steps:

A) Laying out the software elements in the chosen place on a host filesystem.

B) Pre-configuring installation--running the minimum set of commands to make the software installation operational.

C) Checking the installation--running a few commands to confirm if the software is fully operational

--Note that DSEE 7.0 processes run as 32-bit applications on Windows systems.

A)Laying out the software elements in the chosen place on a host filesystem.

1)Unpack the .zip file 'ofm_odsee_win_11.1.1.5.0_disk1_1of1.zip' This contains two folders 'ODSEE_Identity_Synchronization_for_Windows' and 'ODSEE_ZIP_Distribution'. Open the folder 'ODSEE_ZIP_Distribution' and see it contains the following files

'idsktune.exe'-->utility, 'sun-dsee7.zip' and 'vcredist_x86.exe'-->Microsoft Visual C++ 2008 Redistributable Package

2)Directory Server Enterprise Edition 11g Release 1 (11.1.1.5.0) depends on the Microsoft Visual C++ 2008 Redistributable Package. Double-click and install vcredist_x86 if the Microsoft Visual C++ 2008 Redistributable Package is not already installed on the system.

3.Run the idsktune utility. This is for system checking.. dont worry if this shows any errors.

4.Unpack sun-dsee7.zip where you want to put the software, such as C:\Sun\dsee7. The .zip contains a dsee7 folder that houses all the files you need to keep

B)Pre-configuring installation--running the minimum set of commands to make the software installation operational.

After installing the Directory Server Enterprise Edition software successfully, you must pre-configure the software to make it functional.

This includes the following steps.

--To Pre-Configure "Directory Service Control Center" and the "DSCC Agent"

The Directory Service Control Center (DSCC) is a web-based interface to manage Directory Server and Directory Proxy Server instances.(a web app housed in an application server such as GlassFish, Tomcat, or WebLogic )

1)Initialize the DSCC registry.

(the Directory Server instance DSCC uses to keep track of managed servers. During this step, set and remember the Directory Service Manager password.Directory Service Manager is the DSCC user who has credentials to handle all managed servers.)

C:\Sun\dsee7\bin>dsccsetup ads-create

Choose password for Directory Service Manager:

Confirm password for Directory Service Manager:

Creating DSCC registry...

DSCC Registry has been created successfully

C:\Sun\dsee7\bin>

2)Create theWAR file for DSCC.

C:\Sun\dsee7\bin>dsccsetup war-file-create

Created C:\Sun\dsee7\var\dscc7.war

C:\Sun\dsee7\bin>

3)Note the port and the path assigned to DSCC registry

C:\Sun\dsee7\bin>dsccsetup status

***

DSCC Agent is not registered in Cacao

***

DSCC Registry has been created

Path of DSCC registry is C:/Sun/dsee7/var/dcc/ads

Port of DSCC registry is 3998

***

C:\Sun\dsee7\bin>

4)To create server instances on the same host where DSCC is deployed, register the DSCC agent in the CommonAgent Container (a local service residing in the Common Agent Container, aka Cacao, that allows you to access servers, in particular to start them when they are stopped, and so forth).

C:\Sun\dsee7\bin>dsccsetup cacao-reg

Configuring Cacao...

Cacao will listen on port 21162

Cacao has been successfully configured.

Registering DSCC Agent in Cacao...

Checking Cacao status...

Starting Cacao...

DSCC agent has been successfully registered in Cacao.

C:\Sun\dsee7\bin>

5)status check:::

C:\Sun\dsee7\bin>dsccsetup status

***

DSCC Agent is registered in Cacao

Cacao uses a custom port number (21162)

***

DSCC Registry has been created

Path of DSCC registry is C:/Sun/dsee7/var/dcc/ads

Port of DSCC registry is 3998

DSCC registry is not running. You may start it using:

C:/Sun/dsee7/bin/dsadm.exe start C:/Sun/dsee7/var/dcc/ads

***

C:\Sun\dsee7\bin>

6)start the dscc registry

C:\Sun\dsee7\bin>dsadm.exe start C:/Sun/dsee7/var/dcc/ads

Waiting for Directory Server instance 'C:/Sun/dsee7/var/dcc/ads' to start...

Directory Server instance 'C:/Sun/dsee7/var/dcc/ads' started: pid=2064

7)status check:::

C:\Sun\dsee7\bin>dsccsetup status

***

DSCC Agent is registered in Cacao

Cacao uses a custom port number (21162)

***

DSCC Registry has been created

Path of DSCC registry is C:/Sun/dsee7/var/dcc/ads

Port of DSCC registry is 3998

***

C:\Sun\dsee7\bin>

8)Deploy theWAR file in any of the supported application server instance.

We are choosing to deploy this war file on to admin server on weblogic server.

start admin server

Browse theWebLogic console using http://localhost:7001/console

Navigate to basic_domain/Deployments in the Domain Structure panel

Click Lock and Edit

Click Install

Click Upload your file(s).

In Deployment Archive, select install-path/var/dscc7.war and click Next

Select dscc7.war and click Next.

Select Install this deployment as an application and click Next

Provide a Name for the deployment, accept the default Optional Settings and click Finish

Click Activate Changes in the top left corner.

The dscc7 deployment must be in the active state

9)check the dscc web interface

Use http://hostname:port/dscc7 to connect to DSCC.

The default port number for Oracle WebLogic Server is 7001.

The Oracle Directory Service Control Center authentication page is displayed

username:admin

password: As given while creating the registry.

C)Checking the installation--running a few commands to confirm if the software is fully operational

1)Creation of server instances

C:\Sun\dsee7\bin>dsadm create -p 2389 -P 2636 C:\Sun\servers\dsInst2

Choose the Directory Manager password:

Confirm the Directory Manager password:

Use 'dsadm start 'C:\Sun\servers\dsInst2'' to start the instance

C:\Sun\dsee7\bin>dsadm create -p 1389 -P 1636 C:\Sun\servers\dsInst1

Choose the Directory Manager password:

Confirm the Directory Manager password:

Use 'dsadm start 'C:\Sun\servers\dsInst1'' to start the instance

C:\Sun\dsee7\bin>

2)Starting the server instances

C:\Sun\dsee7\bin>dsadm start C:\Sun\servers\dsInst2

Waiting for Directory Server instance 'C:/Sun/servers/dsInst2' to start...

Directory Server instance 'C:/Sun/servers/dsInst2' started: pid=1440

C:\Sun\dsee7\bin>dsadm start C:\Sun\servers\dsInst1

Waiting for Directory Server instance 'C:/Sun/servers/dsInst1' to start...

Directory Server instance 'C:/Sun/servers/dsInst1' started: pid=1836

C:\Sun\dsee7\bin>

3)Create and delete the server instances.

C:\Sun\dsee7\bin>dsadm create -p 3389 -P 3636 C:\Sun\servers\dsInst3

Choose the Directory Manager password:

Confirm the Directory Manager password:

Use 'dsadm start 'C:\Sun\servers\dsInst3'' to start the instance

C:\Sun\dsee7\bin>dsadm delete C:\Sun\servers\dsInst3

Removing 'C:/Sun/servers/dsInst3' directory ...

Directory Server instance 'C:/Sun/servers/dsInst3' deleted

C:\Sun\dsee7\bin>

4)Suffix creation and data population

C:\Sun\dsee7\bin>dsconf create-suffix -p 1389 -e dc=example,dc=com

Enter "cn=Directory Manager" password:

C:\Sun\dsee7\bin>dsconf import -p 1389 -e C:/Sun/dsee7/resources/ldif/Example.ldif dc=example,dc=com

Enter "cn=Directory Manager" password:

New data will override existing data of the suffix "dc=example,dc=com".

Initialization will have to be performed on replicated suffixes.

Do you want to continue [y/n] ? y

## Index buffering enabled with bucket size 40

## Beginning import job...

## Starting to process and index entries

## Processing file "C:/Sun/dsee7/resources/ldif/Example.ldif"

## Finished scanning file "C:/Sun/dsee7/resources/ldif/Example.ldif" (160 entries)

## Workers finished; cleaning up...

## Workers cleaned up.

## Cleaning up producer thread...

## Indexing complete.

## Starting numsubordinates attribute generation.

## This may take a while, please wait for further activity reports.

## Numsubordinates attribute generation complete. Flushing caches...

## Closing files...

## Import complete. Processed 160 entries in 4 seconds. (40.00 entries/sec)

Task completed (slapd exit code: 0).

C:\Sun\dsee7\bin>

5)View the entries from a normal ldap broswser

6)execute a sample ldap search command

C:\Sun\dsee7\bin>ldapsearch -h localhost -p 1389 -b dc=example,dc=com "(uid=bjensen)" mail

uid=bjensen, ou=People, dc=example,dc=com

mail=bjensen@example.com

7)Register the above created server instances with DSCC

C:\Sun\dsee7\bin>dsadm.exe start C:/Sun/dsee7/var/dcc/ads

Directory Server instance 'C:/Sun/dsee7/var/dcc/ads' started: pid=3272

C:\Sun\dsee7\bin>dsccreg add-server -h localhost -p 3998 C:\Sun\servers\dsInst1

Enter DSCC administrator's password:

C:\Sun\servers\dsInst1 is an instance of DS

Enter password of "cn=Directory Manager" for C:\Sun\servers\dsInst1:

This operation will restart C:\Sun\servers\dsInst1.

Do you want to continue ? (y/n) y

Connecting to C:/Sun/servers/dsInst1 (using ldap://127.0.0.1:1389)

Enabling DSCC access to C:/Sun/servers/dsInst1

Restarting C:/Sun/servers/dsInst1

Registering C:/Sun/servers/dsInst1 in DSCC on localhost.

C:\Sun\dsee7\bin>

adding another server...

C:\Sun\dsee7\bin>dsccreg add-server -h localhost -p 3998 C:\Sun\servers\dsInst2

Enter DSCC administrator's password:

C:\Sun\servers\dsInst2 is an instance of DS

Enter password of "cn=Directory Manager" for C:\Sun\servers\dsInst2:

This operation will restart C:\Sun\servers\dsInst2.

Do you want to continue ? (y/n) y

Starting C:/Sun/servers/dsInst2

Connecting to C:/Sun/servers/dsInst2 (using ldap://127.0.0.1:2389)

Enabling DSCC access to C:/Sun/servers/dsInst2

Restarting C:/Sun/servers/dsInst2

Registering C:/Sun/servers/dsInst2 in DSCC on localhost.

8)viewing the list of servers registered with dscc

C:\Sun\dsee7\bin>dsccreg list-servers -h localhost -p 3998

Enter DSCC administrator's password:

Hostname Port sPort Type Owner Flags iPath Description

-------------- ---- ----- ---- ----- ----- ---------------------- -----------

192.168.64.131 1389 1636 DS C:/Sun/servers/dsInst1

192.168.64.131 2389 2636 DS C:/Sun/servers/dsInst2

2 server instance(s) found in DSCC on localhost.

C:\Sun\dsee7\bin>

9) unregistering a server from dscc

C:\Sun\dsee7\bin>dsccreg remove-server -h localhost -p 3998 C:\Sun\servers\dsInst2

Enter DSCC administrator's password:

C:\Sun\servers\dsInst2 is an instance of DS

Enter password of "cn=Directory Manager" for C:\Sun\servers\dsInst2:

This operation will restart C:\Sun\servers\dsInst2.

Do you want to continue ? (y/n) y

Unregistering C:/Sun/servers/dsInst2 from DSCC on localhost.

Connecting to C:/Sun/servers/dsInst2 (using ldap://127.0.0.1:2389)

Disabling DSCC access to C:/Sun/servers/dsInst2

Restarting C:/Sun/servers/dsInst2

C:\Sun\dsee7\bin>dsccreg list-servers -h localhost -p 3998

Enter DSCC administrator's password:

Hostname Port sPort Type Owner Flags iPath Description

-------------- ---- ----- ---- ----- ----- ---------------------- -----------

192.168.64.131 1389 1636 DS C:/Sun/servers/dsInst1

1 server instance(s) found in DSCC on localhost.

C:\Sun\dsee7\bin>

10)Above basic administration activities can be done by using dscc web interface as well.

Wednesday, 25 July 2012

Changing OPMN Ports (ONS Local, Request, and Remote)

Changing OPMN Ports (ONS Local, Request, and Remote)

You might need such a scenario if you have two opmn processes in a Middleware home. In my case I had one opmn process taking care of OID and another taking care of Web Tier. So I got to change the ports for one of the opmn process for both processes to start simultaneously.

This section describes how to change any of the following port numbers:
ONS Local port
ONS Request port
ONS Remote port

To change these ports:

A. Stop OPMN, and all OPMN-managed processes:

(UNIX) ORACLE_INSTANCE/bin/opmnctl stopall

(Windows)ORACLE_INSTANCE\bin\opmnctl stopall

B. Open the opmn.xml file:

(UNIX) ORACLE_INSTANCE/config/OPMN/opmn

(Windows) ORACLE_INSTANCE\config\OPMN\opmn

C. Under the <notification-server> element, modify the local, remote, or request parameter, depending on the port you are changing, in the <port> element, and then save the file.

For example:

D.Start OPMN, and all OPMN-managed processes:

(UNIX) ORACLE_INSTANCE/bin/opmnctl startall

(Windows) ORACLE_INSTANCE\bin\opmnctl startall

Now you have to unregister OPMN with FMW and again register, so that you will not lose your ability to manage OPMN components (here OID, OVD, OHS) with the help of EM, as a result of changing the ports.

C:\Oracle\Middleware\asinst_1\bin>opmnctl unregisterinstance -adminHost localhost -adminPort 7001 -adminUsername weblogic

Command requires login to weblogic admin server (localhost):

Username: weblogic

Password:

Unregistering instance

Command succeeded.

C:\Oracle\Middleware\asinst_1\bin>opmnctl registerinstance -adminHost localhost -adminPort 7001 -adminUsername weblogic

Command requires login to weblogic admin server (localhost):

Username: weblogic

Password:

Registering instance

Command succeeded.

After the successful registration, the instance.properties file and ports.prop file gets updated, with the registration information and latest ports information respectively!

procedure to change the ports for OHS.

Below is the procedure to change the ports for OHS.

NOTE: Changing all OHS ports.

As discussed above OHS comes with three ports.

i)Non SSL http port (default 7777, range 7777-7877)

ii)SSL http port (default 4443, range 4443-4543)

iii)Proxy MBean or Admin port(default 9999)

(used internally by Oracle HTTP Server to communicate with Fusion Middleware Control.)

To change the Oracle HTTP Server Listen ports (non-SSL or SSL), there are often dependencies that must also be set. For example, if you are using Oracle Web Cache to improve the performance of your Oracle Fusion Middleware environment, you must modify the Oracle Web Cache origin server settings whenever you modify the Oracle HTTP Server Listen ports.

::Steps to change the Non SSL http port and SSL http port::

Go to EM

From the navigation pane, expand the farm, then Web Tier, then select the Oracle HTTP Server instance.

From the Oracle HTTP Server menu, choose Administration, then Ports Configuration.

Select the Listen port that uses the HTTP(S) protocol, then click Edit.

Change the port number, then click OK.

Restart Oracle HTTP Server. (From the Oracle HTTP Server menu, choose Control,then Restart.)

As a result of this, the http port gets updated in ORACLE_INSTANCE/config/OHS/<ohs_name>/httpd.conf file

and

the https port gets updated in ORACLE_INSTANCE/config/OHS/<ohs_name>/ssl.conf file

(In addition to this, if you are editing the ssl port, make additional changes in the ssl.conf file

edit the SSL Virtual Host Context to the same value as of the changed ssl port number. else

you may find wierd behavior .. the ssl port can turn into a non ssl port.)

If you are using Oracle Web Cache as a reverse proxy, you must update Oracle WebCache. From the Fusion Middleware Control navigation pane, expand the farm, then Web Tier. Select the Oracle Web Cache instance. From the Web Cache menu, choose Administration, then Origin Servers. Select the origin server for which you have changed the port, and click Edit.

The Edit Origin Server page is displayed. In the Port field, change the port number. Click OK. Restart Oracle Web Cache. (From the Web Cache menu, choose Control, then Restart.)

Note: For the OHS that comes along with OID, its not associated with Web Cache, So the above step is not necessary. But if you choose to change the ports of the OHS that was the part of Web Tier, the above step is necessary. The step is just included for sanity purpose.

Restart OPMN and all system components in that Oracle instance:

opmnctl stopall

opmnctl startall

Note: If you change the port or make other changes that affect the URL, such as changing the hostname, enabling or disabling SSL, you need to re-register partner applications with the SSO server using the new URL.

(Here its not required as such application is not configured)

::Steps to change the Proxy MBean or Admin port(default 9999)::

When editing a port number, the Admin port cannot be edited using Fusion Middleware Control.

Also The Oracle HTTP Server administration (proxy MBean) virtual host and its configuration, defined in the admin.conf file,

must not be edited with the WebLogic Scripting Tool (WLST).

Although this is a port Oracle HTTP Server uses for its

internal communication with Fusion Middleware Control, in most of the cases it

does not need to be changed. If you really want to change it, manually edit the

ORACLE_INSTANCE/config/OHS/<ohs_name>/admin.conf file.

In an Oracle Instance that is registered with a WebLogic domain, if the Oracle HTTP Server administration port (proxy MBean port in the admin.conf file) is changed after creating the component, then you must update the component registration with the WebLogic domain using the opmnctl updatecomponentregistration command, as follows:

opmnctl updatecomponentregistration -componentType OHS -componentName name

-proxyPort port

For example, if the proxy port of an Oracle HTTP Server component named ohs1 has

been changed to 9998, then use the following command:

opmnctl updatecomponentregistration -componentType OHS -componentName ohs1 -proxyPort 9998

sample run:

C:\Oracle\Middleware\asinst_1\bin>opmnctl updatecomponentregistration -componentType OHS -componentName ohs1 -proxyPort 9998

Command requires login to weblogic admin server (localhost):

Username: weblogic

Password:

Updating component registration on admin server.

Command succeeded.

Additional notes on OAM 11g

Pre requisite: OAM 11g basic install steps should have been completed.

Oracle Access Manager (OAM) : is Access Management Product acquired from Oblix in 2005.

# OAM 11g User Interface (UI) is based on Application Development Framework (ADF)

# Three type of Web Agents are supported in OAM 11g -
a) AccessGate/WebGate from 11g
b) AccessGate/WebGate from 10g (for backward compatibility) and
c) mod_osso for Oracle 10g Single Sign-On integration

You can set up either Oracle HTTP Server WebGate or mod_OSSO as an Agent for Oracle Access Manager (OAM).

Setting up an Agent involves the following steps:

1. Installing and Configuring the Agent (WebGate or mod_osso)
2. Registering the Agent as a Partner Application
3. Restarting the WebLogic Managed Servers

The Oracle HTTP Server WebGate intercepts HTTP requests from users for Web resources and forwards them to the Access Server for authentication and authorization.

Oracle HTTP Server 11g WebGate for Oracle Access Manager is not intended for use in Oracle Identity and Access Management

environments where you want to set up integration among Oracle Identity and Access Management components.

1.The following is the procedure for Installing Oracle HTTP Server 11g Webgate for Oracle Access Manager.

A. Installing Oracle HTTP Server 11g (11.1.1.3.0, 11.1.1.4.0, or 11.1.1.5.0)-- Installation steps

Since we are on 11.1.1.5 for every component, We are now installing Oracle Http Server 11.1.1.5. You may get a question, if we can use the OHS that was installed along with OID. Thats not possible. Webgate installer needs OHS that was of webtier type(Web Tier installer is a tool).

This is a restriction imposed by the webgate installer.

We should first install Oracle Http Server 11.1.1.2 and can patch it to 11.1.1.5. Which in turn means we should use Oracle Web Tier installer 11.1.1.2 and then go to 11.1.1.5 more information on Oracle Web Tier installer tool is below

FMW 11g Web Tier Utilities encompasses products such as
* Oracle HTTP Server
* Oracle Web Cache

Oracle Process Manager and Notification Server (OPMN) is also installed by default. Together, these products are responsible for managing incoming HTTP requests, caching web messages, and sending XML and HTML back to the client.

The Oracle HTTP Server 11g is based on an Apache 2.2 version.

Once it is installed with Oracle Fusion Middleware, it is supported and maintained as the Oracle HTTP Server. For this reason, it will differ from its originating Apache version, and should not be compared for all situations.

Similar to OID, Oracle Web Tier can be installed with out a domain and can be administered from command line. But to use the ability of OEM FMW to administrate Oracle Web Tier, the web logic domain with which you are going to associate web tier components, should have been configured using both the Enterprise Manager and Java Required Files (JRF) domain templates. It is not possible to create this domain during the installation of Oracle Web Tier,

and so the domain must already exist prior to installation and configuration. Alternatively, you can install Oracle Web Tier without configuring the components, then create a WebLogic Server domain, then run the configuration tool to associate your Oracle Web Tier components with that domain.

Below is the procedure to install OHS using web tier installer, associating OHS with a existing weblogic domain.

-->Ensure that the weblogic admin server is up and running.

-->execute setup.exe inside disk1 of webtier 11.1.1.2 installation package(V18762-01.zip).

-->choose the install and configure option and follow the screens.

-->first installation happens, then followed by configuration.

-->Once you installer, similar patch the installation using 11.1.1.5 webtier patch set. (V26010-01.zip)

Once the above process completes, inside MW_HOME a folder Oracle_WT1 gets created.
Run the opmnctl status command

C:\Oracle\Middleware\Oracle_WT1\instances\instance1\bin>opmnctl status
Processes in Instance: instance1
---------------------------------+--------------------+---------+---------
ias-component | process-type | pid | status
---------------------------------+--------------------+---------+---------
webcache1 | WebCache-admin | 3804 | Alive
webcache1 | WebCache | 3372 | Alive
ohs1 | OHS | 1884 | Alive
This information shows the components configured for this installation. The status
"Alive" means the component is up and running.
This opmnctl runs as a windows service. This service is similar but different from the service which
monitors oid and ovd.
C:\Oracle\Middleware\Oracle_WT1\instances\instance1\bin>opmnctl status -l
Processes in Instance: instance1
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
ias-component | process-type | pid | status | uid | memused | uptime | ports
---------------------------------+--------------------+---------+----------+------------+----------+-----------+------
webcache1 | WebCache-admin | 3804 | Alive | 1675299287 | 17372 | 23:57:34 | http_admin:7786
webcache1 | WebCache | 3372 | Alive | 1675299286 | 34268 | 23:57:34 | http_stat:7787,http_invalidation:7788,https_listen:7789,http_listen:7785
ohs1 | OHS | 1884 | Alive | 1675299285 | 20212 | 23:58:15 | https:9999,https:4443,http:7777

Use the port numbers in this display to point your browser to the appropriate pages.

Use the format:http://system_name:port_number

Below are all the urls that should be tested.

Oracle HTTP Server http://localhost:7777
Oracle HTTP Server SSL https://localhost:4443
Oracle Web Cache http://localhost:7785
Oracle Web Cache SSL https://localhost:7789

Oracle Web Cache Administration http://localhost:7786
Oracle Web Cache Statistics http://localhost:7787

username for above two urls is ias_admin and password is what you have specified during installation process.

Note:Oracle HTTP Server comes configured with two listen ports: a non-SSL port (http) and an SSL port (https). The default, non-SSL port is 7777. If port 7777 is occupied, the next available port number, within a range of 7777-7877, is assigned. The default SSL port is 4443. Similarly, if port 4443 is occupied, the next available port number, within a range of 4443-4543, is assigned.

An additional SSL port (9999) is configured to run out-of-the-box in the admin.conf file. It is called Proxy MBean or Admin port and is used internally by Oracle HTTP Server to communicate with Fusion Middleware Control.

Note: WebCache ‘invalidation port’ 7788 expects the request to send a XML message indicating the cache contents that must be invalidated.That’s the reason any request from a browser will fail.You can find more information in the product documentation

Now here is the scenario.

During the OID,OVD installation you will get a OHS along with OID and OVD.that means, if you start the opmnctl.bat at C:\Oracle\Middleware\asinst_1\bin
you can get the OID, OVD and OHS up and running.

Which implies there are two OHS in the middleware home, one that was installed along with OID (being monitored by the opmn service located at C:\Oracle\Middleware\asinst_1\bin) and the other that was installed along with Web Tier (being monitored by the OPMN Service located at C:\Oracle\Middleware\Oracle_WT1\instances\instance1\bin)

The reason we installed a separate OHS as a part of Web Tier, even if we have a OHS that we got during the OID installation is because, for the Webgate installation as a part of AM that we are actually discussing,The OHS should be in a middleware home

containing an Oracle Home for Oracle Web tier and the directory structure is important.

As discussed earlier, in OID posts, you cannot skip the installation of OHS during OID installation, but can always skip its configuration. OHS might be packaged along with OID installer for OIF. But this is an assumption.

hmm thats okay.. finally we got two opmn processes and two OHS.
Note that these two OHS were installed using the same ports.
Even these two OPMN services are installed using the same ports.
So these two cant be started at a same time, if the situation demands...So inorder to run these two services at the same time, we should change the OPMN ports and also the OHS ports for one of the servers.

For detailed procedure of how to change the opmn ports, refer to one of my posts regarding the same.

Now you have to change the ports for one of the OHS.
I choose to change the ports for the OHS that was installed along with OID installation.

For detailed procedure of how to change the OHS ports, refer to one of my posts regarding the same.

After making the necessary changes to one of the OPMN services and OHS, both OHS and OPMN services can be started simultaneously.

B. Microsoft Visual C++ libraries installation

Ensure you follow the following pre requistes if you are on Win 2003/2008 If you are using Windows 2003 or Windows 2008 64-bit operating systems, you must install Microsoft Visual C++ 2005 libraries on the machine hosting the Oracle HTTP Server 11g Webgate for Oracle Access Manager.

These libraries are included in the Microsoft Visual C++ 2005 SP1 Redistributable Package (x64), which can be downloaded from the following website:

http://www.microsoft.com/DownLoads/details.aspx?familyid=EB4EBE2
D-33C0-4A47-9DD4-B9A6D7BD44DA&displaylang=en

In addition, install the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update, which can be downloaded from the following website:

http://www.microsoft.com/en-in/download/details.aspx?id=26347

C.Run the Oracle HTTP Server Webgate Installer to install Oracle HTTP Server 11g Webgate for Oracle Access Manager D:\Softwares\Oracle Access Manager WebGates (11.1.1.5.0)\Disk1\install\win64\setup.exe

Provide the java path, middleware path, and proceed as directed by the installer.

Note: this java path is different from the java path of your computer, this is the path of the java created When you install Oracle HTTP Server. The jdk directory is created under the <WebTier_Home> directory. You must enter the absolute path of the JRE folder located in this JDK when launching the installer.

D. Post install steps::

-->Go to

C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\deployWebGate

[ <Webgate_Home>\webgate\ohs\tools\deployWebGate]

On the command line, run the following command to copy the required bits of agent from the Webgate_Home directory to the Webgate Instance location:

deployWebgateInstance.bat -w C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1 -oh C:\Oracle\Middleware\Oracle_OAMWebGate1

[deployWebgateInstance.bat -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home>]

Note:<Webgate_Oracle_Home> is the directory where you have installed Oracle HTTP Server Webgate and created as the Oracle Home for Webgate.

The <Webgate_Instance_Directory> is the location of Webgate Instance Home, which is same as the Instance Home of Oracle HTTP Server.

Sample run:

Microsoft Windows [Version 5.2.3790]

C:\Documents and Settings\Administrator>cd C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\deployWebGate

C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\deployWebGate>deployWebgateInstance.bat -w C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1 -oh C:\Oracle\Middleware\Oracle_OAMWebGate1

Copying files

C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\config\oblog_config_wg.xml

1 File(s) copied

C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\openssl\simpleCA\cacert.pem

1 File(s) copied

C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\openssl\simpleCA\cakey.pem

1 File(s) copied

C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\deployWebGate>

-->Make following modifications to 'PATH' variable

<Webgate_Installation_Directory>\webgate\ohs\lib -- "C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\lib"

and

<Oracle_Home_for_Oracle_HTTP_Server>\bin --"C:\Oracle\Middleware\Oracle_WT1\bin"

to your PATH variable

-->Go to <Webgate_Home>\webgate\ohs\tools\EditHttpConf in command line

(C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\EditHttpConf>)

and execute the following command

to copy the "apache_webgate.template" from the Webgate_Home directory to the Webgate Instance location (renamed to webgate.conf) and update the httpd.conf file to add one line to include the name of webgate.conf

EditHttpConf.exe -w <Webgate_Instance_Directory> [-oh <Webgate_Oracle_Home>] [-o <output_file>]

The -oh <WebGate_Oracle_Home> and -o <output_file> parameters are optional.

Webgate_Instance_Directory == C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1

Webgate_Oracle_Home == C:\Oracle\Middleware\Oracle_OAMWebGate1

The <output_file> is the name of the temporary output file used by the tool, say.. Edithttpconf.log

so the command is

EditHttpConf.exe -w C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1 -oh C:\Oracle\Middleware\Oracle_OAMWebGate1 -o Edithttpconf.log

sample run::

C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\EditHttpConf>EditHttpConf.exe -w C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1 -oh C:\Oracle\Middleware\Oracle_OAMWebGate1 -o Edithttpconf.log

The web server configuration file was successfully updated

C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1/httpd.conf has been backed up as C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1/httpd.conf.ORIG

C:\Oracle\Middleware\Oracle_OAMWebGate1\webgate\ohs\tools\EditHttpConf>

note: This is the additional line added to httpd.conf

include "C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1/webgate.conf"

E. Verifying the Oracle HTTP Server 11g Webgate for Oracle Access Manager

--> go to C:\Program Files\Oracle\Inventory\logs

and verify the installDATE-TIME_STAMP.out log file to verify the installation.

Before you can get started with the new Oracle HTTP Server 11g Webgate agent for
Oracle Access Manager, you have to complete a few steps.

they are
@Register the New Webgate Agent
@Copy Generated Files and Artifacts to the Webgate Instance Location
@Restart the Oracle HTTP Server Instance

2. Registering the Agent as a Partner Application

A.Register the New Webgate Agent

You can register the new Webgate agent with Oracle Access Manager by using the Oracle Access Manager Administration Console.

Alternatively, you can use the RREG command-line tool to register a new Webgate agent. The tool can be run in two modes: In-Band mode, and Out-Of-Band mode.

I am using In-Band mode.

Setting Up the RREG Tool

go to C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\client and copy RREG.tar.gz to some folder on your personal space and extract it there. a folder 'rreg' will be created.
Inside that rreg folder, go to input directory, and copy OAM11GRequest_short.xml file

Now go to C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\input and paste the above file there.

Set the following environment variable in oamreg.bat script.
(available under C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin)
OAM_REG_HOME = C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg
JAVA_HOME="C:\Program Files\Java\jdk1.6.0_25"

Updating the OAM11gRequest_short.xml File

go to C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\client\rreg\input

Modify the following required parameters in the OAM11GRequest.xml file or in the OAM11GRequest_short.xml file:

I am using OAM11GRequest_short.xml

<serverAddress>
Specify the host and the port of the Administration Server.
<serverAddress>http://localhost:7001</serverAddress>

<agentName>
Specify any custom name for the agent.
<agentName>RREG_OAM11G</agentName>

<agentBaseUrl>
Specify the host and the port of the machine where Oracle HTTP Server 11g Webgate is installed.
<agentBaseUrl>http://localhost:7777</agentBaseUrl>

<preferredHost>
Specify the host and the port of the machine where Oracle HTTP Server 11g Webgate is installed.
<preferredHost>http://localhost:7777</preferredHost>

<security>
Specify the security mode, such as open, based on the Webgate installed.
<security>open</security>

Available modes are 'open' , 'cert' and 'simple'

<primaryServerList>
Specify the host and the port of Managed Server for Oracle Access Manager proxy, under a <Server> container element.
<Server>
<primaryServerList>http://localhost:14100</primaryServerList>
</Server>

After modifying the file, save the file and close.

Running the command

Ensure Admin server and managed server for oam are up and running.
<RREG_Home>\bin\oamreg.bat inband input\OAM11GRequest_short.xml

==>
C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin\oamreg.bat inband input\OAM11GRequest_short.xml

Note: Outof Band mode is used in cases where you are an end user and dont have access to the server. For details on how to complete registration, in Outof Band mode, refer to product docs.

sample run:

C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin>oamreg.bat inband input\OAM11GRequest_short.xml
OAM_REG_HOME=C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg
CLASSPATH=C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\rreg.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\RequestResponse.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\commons-codec-1.3.jar;C:\Oracle\Middleware\Oracle
_IDM1\oam\server\rreg\lib\commons-httpclient-3.1.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\commons-logging-1.1.1.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\ojmisc.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\jps-api.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\se
rver\rreg\lib\jps-internal.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\jps-common.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\identitystore.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\identityutils.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\ldapjc
lnt11.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\dms.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\fmw_audit.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\ojdl.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\oraclepki.jar;C:\Oracle\Middleware\Oracle_IDM1\
oam\server\rreg\lib\osdt_cert.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\osdt_core.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\osdt_jce.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\osdt_saml.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\osdt_xmlsec.j
ar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\xmlparserv2.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\jps-unsupported-api.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\nap-api.jar;C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\lib\utilities.jar;
------------------------------------------------
Welcome to OAM Remote Registration Tool!
Parameters passed to the registration tool are:
Mode: inband
Filename: C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\input\OAM11GRequest_short.xml
Enter admin username:weblogic
Username: weblogic
Enter admin password:
Do you want to enter a Webgate password?(y/n):
y
Enter webgate password:
Enter webgate password again:
Password accepted. Proceeding to register..
Aug 1, 2012 5:20:51 PM oracle.security.am.engines.rreg.client.handlers.request.OAM11GRequestHandler getWebgatePassword
INFO: Passwords matched and accepted.
Do you want to import an URIs file?(y/n):
n

----------------------------------------
Request summary:
OAM11G Agent Name:RREG_OAM11G
Base URL:http://localhost:7777
URL String:RREG_HostId11G
Registering in Mode:inband
Your registration request is being sent to the Admin server at: http://localhost:7001
----------------------------------------

Inband registration process completed successfully! Output artifacts are created in the output folder.
C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\bin>

B.Copy Generated Files and Artifacts to the Webgate Instance Location
Regardless of the method or mode you use to register the new Webgate agent, the following files and artifacts are generated in the <RREG_Home>/output/<Agent
ID> directory:
¦ cwallet.sso
¦ ObAccessClient.xml

Our method is inbound and mode is open.

In OPEN mode, copy the following files from the <RREG_Home>/output/<Agent_ID> directory to the <Webgate_Instance_Home>/webgate/config directory:
ie.,

from

C:\Oracle\Middleware\Oracle_IDM1\oam\server\rreg\output\RREG_OAM11G

to

C:\Oracle\Middleware\Oracle_WT1\instances\instance1\config\OHS\ohs1\webgate\config

¦ ObAccessClient.xml
¦ cwallet.sso

3. Restarting the WebLogic Managed Servers

A.Restart the Oracle Http Server using opmn
B.Stop oam_server1
C.Stop wls admin server
D.start wls admin server
E.start oam_server1

Verification of OAM functionality and web agent's registration

A. Open a web browser and hit the non ssl http url of OHS ie.,
http://localhost:7777

B.You will be redirected to the OAM 11g SSO screen

C. Enter the weblogic user name and password and proceed

D. You will be redirected now to the OHS page

Which means, you reached the OHS page, through OAM successfully!!