Oracle Fusion Applications installation steps on Linux

Oracle Fusion Applications installation steps on Linux.

we will be performing two node installation this time with following components installed on each node.

Node 1
Includes Oracle Identity and Access Management and database

Node 2
Includes Fusion Applications domains

We are using following configuration for our 2 nodes installation.
Server: 
Oracle Identity and Access Management & Database on Linux x86-64 VM (8GB RAM)
Oracle Fusion Applications 11.1.6 on Physical server – HP ML350 with 64 GB RAM OS:
Oracle Linux 5.9 64 bit

Memory: 64GB RAM (More the memory, smoother the installation)

Swap disk: 100 GB

Local available Disk space: 300 GB on both servers (VM and Physical)



Architecture for Fusion Applications.

Now if you install Oracle Identity and Access Management components as well as databases on one node (for practice purpose only, not recommended to keep DB on same node for production), or you use our VM then each of these 2 nodes will contain following components.

Node:-1

 which includes Oracle Identity and Access Management and database will have these components. You might notice another hostname fdbhost here. Though this is pointing to same IP in the hosts file, but since database is configured with separate hostname, we can any time move it to another machine without making major changes.

Node:-2

 where you provision Fusion Applications will contain following components.

With this the architecture of complete Fusion Applications will look as follows where each component is highlighted with the color code for that particular node.

You must make sure that both the nodes are accessible to user as well as to each other. Following diagram shows that they must be in same network or in accessible network. You need to make sure to have DNS or local /etc/hosts entry for IDM/DB host in the Fusion Application node and vice versa so that they can reach each other.

Also if you are planning to keep any firewall between these 2 servers and if they are in different subnet/VLANs then make sure that all required DB and middleware ports are allowed in the firewall.

Preparing for Oracle Fusion Applications installation

1. Downloading Oracle Fusion Applications media
2. Creating Oracle VirtualBox Virtual Machine with Oracle Linux

OR
Install Oracle Linux or Solaris on a Physical machine (We are using physical machine with Oracle Linux this time).
3. Staging/Creating Oracle Fusion Applications provisioning repository

Installing Oracle Fusion Applications – steps

1. Install Fusion Applications Provisioning Framework
2. Install Oracle 11g Database (Applications Transactional Database)
3. Run Oracle Fusion Applications Repository Creation Utility (Applications RCU)
4. Create another database for Oracle Identity Management Infrastructure (optional)
   
5. Run Repository Creation Utility (RCU) for Oracle Identity Management components
   
6. Install Oracle Identity and Access Management Components
7. Apply mandatory Patches
8. Configure Oracle Identity and Access Management components
   
9. Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)
10. Install provisioning framework on Node 2
11. Create new Response File
12. Provision an Applications Environment

We are going to install Fusion Applications 11.1.6 for Oracle Linux x86-64 Operating system. So we will download the installation media for Oracle Fusion Applications 11.1.6 for Linux x86-64 fromhttp://edelivery.oracle.com
Login to access the following screen.



Select “Oracle Fusion Applications” and required platform from the list. Click Go. Open the first pack.



Download the first 17 media files (excluding README and documentation library). We will not need rest of the media for this installation. Unzip all these files into one Stage directory.
Important Note:
 Since some of the files have very long directory path (very close to 255 characters), please unzip these files into stage folder name to keep short name. At least 2 files have very long path so let us try to avoid this.
We must have OS installed either on physical or a virtual machine in order to proceed with the installation.
Note:
 We can also use VMWare to host the Virtual Machine. We will post another guide on setting up VMWare virtual machine. But the good thing is that the virtual machine/disks which we create in VirtualBox, same we can use in VMWare as well since we will create .vmdk format disks. This will add flexibility for you to use it anywhere later.

1. Install Fusion Applications Provisioning Framework

Prerequisites (Linux only)

Make sure that the host name is correctly set. I our case it is fmwhost.paramlabs.com

[root@rfmwhost~]# hostname

fmwhost.paramlabs.com

If not correct, set it using following command.

[root@ rfmwhost ~]# hostname fmwhost.paramlabs.com

[root@fmwhost ~]# more /etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6=yes

HOSTNAME=fmwhost.paramlabs.com

If not correct, modify the value here to correct hostname.

If you changed hostname or IP address, please make sure to update in all following files if not automatically updated.

[root@fmwhost ~]# more /etc/sysconfig/network-scripts/ifcfg-eth0

[root@fmwhost ~]# more /etc/sysconfig/networking/devices/ifcfg-eth0

[root@fmwhost ~]# more /etc/sysconfig/networking/profiles/default/ifcfg-eth0

Restart the machine if you changed the hostname or IP to make sure it remains persistent.

Make sure to have following entries in hosts file.

[root@fmwhost ~]# more /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

#::1 localhost6.localdomain6 localhost6

192.168.112.111 fmwhost.paramlabs.com fmwhost

192.168.112.111 fdbhost.paramlabs.com fdbhost

Important Note: If you noticed, we have made 2 entries here for same IP. The reason being, in case if you want to keep DB on different server or move it to different server later, we can easily do it since our all configuration will use different DB host name.

If you are not using DNS resolution then comment out following entries in /etc/resolve.conf to speed up name resolution directly through hosts file.

[root@r12host ~]# more /etc/resolv.conf

#search paramlabs.com

If you have not already created the user fusion, please create as follows.

[root@fmwhost ~]# useradd -g dba -G oinstall fusion

[root@fmwhost ~]# passwd fusion

Changing password for user fusion.

New UNIX password:

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

Change the system file /etc/security/limits.conf as follows.

[root@fmwhost ~]# cp -pr /etc/security/limits.conf /etc/security/limits.conf.bak

[root@fmwhost ~]# vi /etc/security/limits.conf

Edit the values as follows.

[root@fmwhost ~]# tail -3 /etc/security/limits.conf

# Fusion Applications specific changes

fusion soft nofile 327679

fusion hard nofile 327679

Also make sure UsePAM is set to Yes in /etc/ssh/sshd_config file

[root@fmwhost ~]# vi /etc/ssh/sshd_config

Edit /proc/sys/fs/file-max and set it to 6553600. No need for any changes if set to this or more.

The change becomes effective immediately but does not persist after a reboot. To make the change 

permanent edit /etc/sysctl.conf and set fs.file-max = 6553600

[root@fmwhost ~]# ulimit -u

24064

This should be 16384 or more

Make sure tmpfs size is more than the size you want to keep for the database SGA and PGA. In our case we are going to reduce DB memory to only 2GB since this is demo installation on VM, hence changing tmpfs to 3GB or more

[root@fmwhost ~]# cp -pr /etc/fstab /etc/fstab.bak

[root@fmwhost ~]# vi /etc/fstab

Change values as follows (only if it is less this 3G)

[root@fmwhost ~]# grep tmpfs /etc/fstab

tmpfs /dev/shm tmpfs size=3G 0 0

Restart machine

Note: If this size is less than memory_target then you will get error

ORA-00845: MEMORY_TARGET not supported on this system

Make sure that ip_local_port_range value is 32768 to 61000

First checking existing value.

[root@fmwhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range

9000 65500

Now let’s change as per the requirement.

[root@fmwhost ~]# echo “32768 61000″ > /proc/sys/net/ipv4/ip_local_port_range

[root@fmwhost ~]# cat /proc/sys/net/ipv4/ip_local_port_range

32768 61000

To make this change persistent across reboots, change value in /etc/sysctl.conf

[root@fmwhost ~]# cp -p /etc/sysctl.conf /etc/sysctl.conf.bak

[root@fmwhost ~]# vi /etc/sysctl.conf

Edit the values as follows.

[root@fmwhost ~]# grep 61000 /etc/sysctl.conf

net.ipv4.ip_local_port_range = 32768 61000

Before you install the Oracle Database using the Provisioning Wizard, ensure that the value of the kernel parameter shmmax on the database host is greater than the value of the System Global Area (SGA) Memory.

The value of SGA Memory (sga_target) is 9 GB in the default Database Configuration Assistant (DBCA) template for the Starter database. If you are running DBCA using the production DBCA template packaged with Oracle Fusion Applications Provisioning, the value of the SGA Memory is 18 GB. Ensure that shmmax > (shmall * shmmni) > SGA Memory, where shmmax, shmall, shmmni are kernel parameters.

For example, to retrieve the values of these kernel parameters on Linux, use the following command:

[root@fmwhost ~]# /sbin/sysctl -a | grep shm

kernel.shmmax = 4398046511104

kernel.shmall = 1073741824

kernel.shmmni = 4096

vm.hugetlb_shm_group = 0

To set the value of a kernel parameter:

user@host> /sbin/sysctl -w sys.kernel.shmmax=value

If you are using VMWare or virtualbox, you can share the installation stage folder to the VM using shared folders option.

[fusion@fmwhost ~]$ cd /mnt/hgfs/setup/installers/faprov/Disk1/

[fusion@fmwhost Disk1]$ ./runInstaller

(make sure NOT TO use “&” since this will prompt for java directory if java home is not set)

Starting Oracle Universal Installer…

…

Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :/mnt/hgfs/setup/jdk6

…

If this is the first Oracle software on this machine using this user, it will prompt for inventory directory location.

Once prompted, run the following script as root.

[root@fmwhost ~]# /home/fusion/oraInventory/createCentralInventory.sh

Setting the inventory to /home/fusion/oraInventory

Setting the group name to dba

Creating the Oracle inventory pointer file (/etc/oraInst.loc)

Changing permissions of /home/fusion/oraInventory to 770.

Changing groupname of /home/fusion/oraInventory to dba.

The execution of the script is complete.

Click Next

Once prerequisite check is completed, click Next

Create the root directory for installation as follows.

[root@fmwhost ~]# mkdir /app

[root@fmwhost ~]# chown fusion:dba /app

Enter /app/fusion and click Next

Review summary and click Install

Save inventory if required.

Once installation is finished click Next

Review the summary and click Finish.

 Install Oracle 11g Database (Applications Transactional Database)

Fusion Applications 11.1.6 ships with Oracle 11g (11.2.0.3.0) database. You can either install it separately (if you want to install RAC database) or use Fusion provisioning Wizard to create one.
To install Applications Transactional Database we need to run Oracle Fusion Applications Provisioning Wizard from <framework_location>/provisioning/bin
<framework_location> is same where we installed the framework in previous post. i.e. /app/fusion
[fusion@fmwhost Disk1]$ cd /app/fusion/provisioning/bin/
We need to temporarily set JAVA_HOME to jdk6 directory shipped with the installation media
[fusion@fmwhost bin]$ export JAVA_HOME=/mnt/hgfs/setup/jdk6

[fusion@fmwhost bin]$ ./provisioningWizard.sh – ignoreSysPrereqs true &
Please use “ignoreSysPrereqs true” flag since you might need to skip some memory prerequisite warnings if required.


Click Next



Select “Install an Applications Transactional Database” option. Click Next



Deselect the checkbox if you wish and click Next

Click Yes

Enter values as mentioned here and click Next.

Port: 1521 (we have kept it default, you can change it)

Installers directory location: /mnt/hgfs/stage (directory where we created the stage)

Oracle Base: /app/fusion/database

Software Location: Will be populated automatically

OSDBA group: dba

Global Database Name: fusiondb (you can keep any name you want)

Password: Oracle123 (We have used Oracle123 for any passwords during the installation since it satisfies all requirements during this installation. You can keep any complex password you want)

Once prerequisites check is successful, click Next. Save summary if required


Save summary if required.

Once Installation completes (20% progress), it will prompt as follows.

Open another window and run the following script.

root@fmwhost # /app/fusion/database/product/11.2.0/dbhome_1/root.sh

Check /app/fusion/database/product/11.2.0/dbhome_1/install/root_fmwhost.paramlabs.com_2013-02-28_17-06-18.log for the output of root script
[root@fmwhost ~]# tail -f /app/fusion/database/product/11.2.0/dbhome_1/install/root_fmwhost.paramlabs.com_2013-02-28_17-06-18.log
The following environment variables are set as:
ORACLE_OWNER= fusion
ORACLE_HOME= /app/fusion/database/product/11.2.0/dbhome_1

Creating /etc/oratab file…
Entries will be added to the /etc/oratab file as needed by
Database Configuration Assistant when a database is created
Finished running generic part of root script.
Now product-specific root actions will be performed.
Finished product-specific root actions.

Click OK

Once installation till validation is complete, click Next. If you get minimum memory related warning, you can ignore here, provided you have used “ignoreSysPrereqs true” flag

Click Close to complete the installation.

Reduce memory size of database

We will reduce the size of SGA and PGA to avoid getting out of memory in server since fusion requires too much memory.

Important Note: We are reducing the SGA and PGA (from 10GB to 2GB). We are doing this since we are running on lesser RAM than required. This is not recommended for production installation but since this is only a demo/development installation, you can safely do this. If you wish to keep it 10GB you can do it but this will increase the swap usage exponentially.

Since we are reducing the size of SGA and PGA, next step (RCU) may fail in pre-requisite check. So we will need to change the pre-req check xml file to look for lower value. We will explain this in next post.

[fusion@fmwhost bin]$ export ORACLE_HOME=/app/fusion/database/product/11.2.0/dbhome_1

[fusion@fmwhost bin]$ export ORACLE_SID=fusiondb

[fusion@fmwhost bin]$ export PATH=$PATH:$PATH:$ORACLE_HOME/bin

[fusion@fmwhost bin]$ sqlplus / as sysdba

SQL> create pfile from spfile;

File created.

SQL> shut immediate;

[fusion@fmwhost bin]$ more /app/fusion/database/product/11.2.0/dbhome_1/dbs/initfusiondb.ora

#fusiondb.__db_cache_size=7516192768

#fusiondb.__java_pool_size=33554432

#fusiondb.__large_pool_size=33554432

fusiondb.__oracle_base=’/app/fusion/database’#ORACLE_BASE set from environment

#fusiondb.__pga_aggregate_target=4294967296

#fusiondb.__sga_target=9663676416

#fusiondb.__shared_io_pool_size=536870912

#fusiondb.__shared_pool_size=1442840576

#fusiondb.__streams_pool_size=33554432

#*.pga_aggregate_target=4294967296

#*.sga_target=9663676416

*.memory_target=2147483648

-bash-3.2$ sqlplus / as sysdba

Connected to an idle instance.

SQL> create spfile from pfile;

File created.

SQL> startup

ORACLE instance started.

Total System Global Area 2138521600 bytes

Fixed Size 2161024 bytes

Variable Size 1795163776 bytes

Database Buffers 335544320 bytes

Redo Buffers 5652480 bytes

Database mounted.

Database opened.

Run Oracle Fusion Applications Repository Creation Utility (Applications RCU)

Please note that RCU are available only for Windows and Linux platforms. Hence we may need to run the RCU on Windows or Linux machine which can connect to this database.

Fusion Applications stage already has both Applications and Fusion Middleware RCUs for Linux but for Windows only apps RCU is included in the installer.

For Windows Fusion Middleware RCU, you need to download V29675-01.zip or ofm_rcu_win_11.1.1.6.0_disk1_1of1.zip from
Oracle website or support website.

Since this installation is on Linux and in our last post for 11.1.5 we had shown steps for Windows, we will go with Linux version here.

For Linux, the RCU is included in repository_location/installers/apps_rcu location.

Create a directory on physical partition and call it APPS_RCU_HOME

[fusion@fmwhost dbs]$ mkdir /app/fusion/provisioning/apps_rcu

Go to repository_location/installers/apps_rcu and locate the rcuHome_fusionapps_linux.zip file. This file was staged when you created the installer repository.

Extract the contents of rcuHome_fusionapps_linux.zip to a directory (APPS_RCU_HOME) on the database server. All dependent components that Applications RCU needs are included in this zipped file.

[fusion@fmwhost dbs]$ cd /app/fusion/provisioning/apps_rcu

[fusion@fmwhost apps_rcu]$ unzip /mnt/hgfs/setup/installers/apps_rcu/linux/rcuHome_fusionapps_linux.zip

Create a temporary directory on the database server. Make a note of the location.

You will need to enter this location when you specify a value for FUSIONAPPS_DBINSTALL_DP_DIR

[fusion@fmwhost apps_rcu]$ mkdir /app/fusion/provisioning/apps_rcu/dp_dir

Locate and copy APPS_RCU_HOME/rcu/integration/fusionapps/export_fusionapps_dbinstall.zip to the directory you specified for FUSIONAPPS_DBINSTALL_DP_DIR.

Unzip export_fusionapps_dbinstall.zip to FUSIONAPPS_DBINSTALL_DP_DIR.

[fusion@fmwhost apps_rcu]$ cd /app/fusion/provisioning/apps_rcu/dp_dir

[fusion@fmwhost dp_dir]$ unzip /app/fusion/provisioning/apps_rcu/rcu/integration/fusionapps/export_fusionapps_dbinstall.zip

Go to APPS_RCU_HOME/rcu/integration/biapps/schema and locate the otbi.dmp file.

Copy otbi.dmp to FUSIONAPPS_DBINSTALL_DP_DIR (where you unzipped the contents of export_fusionapps_dbinstall.zip)
[fusion@fmwhost dp_dir]$ cp -p ../rcu/integration/biapps/schema/otbi.dmp /app/fusion/provisioning/apps_rcu/dp_dir/

Launch Repository Creation Utility (RCU)

[fusion@fmwhost dp_dir]$ cd /app/fusion/provisioning/apps_rcu/bin

[fusion@fmwhost bin]$ ./rcu

Click Next

Click Next

Enter the values as mentioned here and click Next. Change host name to fdbhost if you have kept different hostname for database host. In our case we will change from fmwhost to fdbhost (the screenshot is before changing the value)

Once the prerequisites check is finished, click OK

Select all components and click Next

Important Note: If you had reduced SGA and PGA size after DB installation then this prerequisites check may fail with following error.

RCU-6083:Failed – Check prerequisites requirement for selected component:FUSIONAPPS Please refer to RCU log at apps_rcu/rcuHome/rcu/log/logdir.2013-02-28_23-28/rcu.log for details. RCU-6107:DB Init Param Prerequisite failure for: pga_aggregate_target Current Value is 0. It should be greater than or equal to 4294967296. RCU-6107:DB Init Param Prerequisite failure for: sga_target Current Value is 0. It should be greater than or equal to 9663676416. RCU-6092:Component Selection validation failed. Please refer to log at apps_rcu/rcuHome/rcu/log/2013-02-28_23-28/rcu.log for details.

To fix this issue, we need to modify the minimum requirement of SGA and PGA in installer pre-requisite config file located at apps_rcu /rcu/integration/fusionapps/fusionapps.xml

[fusion@fmwhost ~]$ cp -p /app/fusion/provisioning/apps_rcu/rcu/integration/fusionapps/fusionapps.xml /app/fusion/provisioning/apps_rcu/rcu/integration/fusionapps/fusionapps.xml.bak

RCU-6083:Failed – Check prerequisites requirement for selected component:FUSIONAPPS

RCU-6107:DB Init Param Prerequisite failure for: pga_aggregate_target

Current Value is 2147483648. It should be greater than or equal to 4294967296.

RCU-6107:DB Init Param Prerequisite failure for: sga_target

Current Value is 2147483648. It should be greater than or equal to 9663676416.

To fix this issue, we need to modify the minimum requirement of SGA and PGA in installer pre-requisite config file located at /app/fusion/provisioning/apps_rcu/rcu/integration/fusionapps/fusionapps.xml

Change these values as follows.

<DBPrerequisite COMPARE_OPERATOR=”GE” DATA_TYPE=”NUMBER” PREREQ_TYPE=”InitParameter”>

<ValidIf DBTYPE=”ORACLE”/>

<PrereqIdentifier>sga_target</PrereqIdentifier>

<PrereqValue>0</PrereqValue>

</DBPrerequisite>

…

<DBPrerequisite COMPARE_OPERATOR=”GE” DATA_TYPE=”NUMBER” PREREQ_TYPE=”InitParameter”>

<ValidIf DBTYPE=”ORACLE”/>

<PrereqIdentifier>pga_aggregate_target</PrereqIdentifier>

<PrereqValue>0</PrereqValue>

</DBPrerequisite>

Note: You may need to click Back go to the database details window and click Next again to retry.

Once prerequisites check is successful, click OK

Enter same password (for example Oracle123) for all schemas for now. Click Next

Open another terminal window. Create following directories for custom environment variables.

[fusion@fmwhost ~]$ mkdir /app/fusion/database/applcp
[fusion@fmwhost ~]$ mkdir /app/fusion/database/appllog
[fusion@fmwhost ~]$ mkdir /app/fusion/database/obieebkp

Specify these following values in the same screen under Fusion Applications Component (expect first value which is the temporary DP directory created before /app/fusion/provisioning/apps_rcu/dp_dir)

Supervisor Password: You must enter the same password you set up as ODI SUPERVISOR in Applications RCU. Since we kept all passwords as Oracle123, nothing much to remember. Enter the same password.

Work Repository Password: Default = None. You must enter the same password set up as ODI SUPERVISOR in Applications RCU.

Oracle Transactional BI : Directory on the database server where Oracle Transactional Business Intelligence import and export files are stored. Enter /app/fusion/provisioning/apps_rcu/dp_dir again.

Click Next

Click OK

Once Tablespaces creation is complete, click OK

Review the summary and click Create to import the required users and data.

Above timings are just for your reference to know how much time each may take.

You can also monitor the import logs at /app/fusion/dp_dir

Once completed, click Close

Make sure that no component failed. Also check the import log files at /app/fusion/dp_dir for any errors

SQL> select comp_name from schema_version_registry where status=’LOADING’;

It should not return any rows.

Run Repository Creation Utility (RCU) for Oracle Identity Management components

Important Note: Please note that we are not creating a separate database here for Oracle Identity Management components, though it is recommended but not mandatory to have a separate database for this. But since we are doing single node installation for Fusion Middleware and database node, we have to manage memory properly and hence we are not creating separate database instance.

We will create these schemas in our Fusion Database (fusiondb) itself since the schema names are distinct compared to Fusion Application schemas. We will save a lot of Memory for our Virtual Machine.

In order to run RCU for Identity Management on same database, we must set the open_cursors parameter to 800.

Open a new database session and set following values.

SQL> show parameter open_cursors
NAME TYPE VALUE
———————————— ———– ——————————
open_cursors integer 500
SQL> alter system set open_cursors=800 scope=both sid=’*';

System altered.
SQL> show parameter open_cursors
NAME TYPE VALUE
———————————— ———– ——————————
open_cursors integer 800

As we mentioned in the previous post, RCU for Oracle Identity Management components is only available for Linux and Windows platforms and the Fusion Application setup ships with Linux only RCU for Identity Management components.

If you want to run from Widnows (if your FA installation is on Windows, Solaris, HP-UX or AIX) then the RCU file can be downloaded from oracle website. The name on edelivery is V29675-01.zip while the name on technetwork download site is ofm_rcu_win_11.1.1.6.0_disk1_1of1.zip or any newer file (if available) which includes Repository Creation Utility for 11.1.1.6.0 Fusion Middleware Components.

[fusion@fmwhost fmw_rcu]$ mkdir /app/fusion/provisioning/fmw_rcu

[fusion@fmwhost fmw_rcu]$ cd /app/fusion/provisioning/fmw_rcu

[fusion@fmwhost fmw_rcu]$ unzip /mnt/hgfs/setup/installers/fmw_rcu/linux/rcuHome.zip


Launch Repository Creation Utility for Oracle Identity Management from<Framework_location>/fmw_rcu/bin location

Launch the utility using ./rcu command
[fusion@fmwhost fmw_rcu]$ cd /app/fusion/provisioning/fmw_rcu/bin
[fusion@fmwhost bin]$ ./rcu &

Click Next


Select Create and click Next


Enter details of our existing database and click Next

Once prerequisites check completes, click OK


Mention any prefix for Identity Management related schemas. The default value is DEV while we have changed it to FA. As per fusion applications documentations, they have given example as EDG or ISA. You can use whichever you want but please make a note of this since at many places you will need to mention the schema name.
Select all “Identity Management” components and click Next




Once prerequisites check is completed, click OK



We have specified single password for all users i.e. Oracle123. Click Next



Review the information and click Next


Click OK to create the tablespaces.


Once tablespaces creation is complete, click OK


Click Create to create users and start import.


Once import completes, above script appears. Click Close to finish RCU.

Make sure that there are no invalid objects after the import.
SQL> select owner, count(1) from dba_objects where status=’INVALID’ group by owner;
OWNER COUNT(1)
—————————— ———-
FA_OIM 3
FA_SOAINFRA 2

Since we can see some invalids, we can compile them.
SQL> @?/rdbms/admin/utlrp
SQL> select owner, count(1) from dba_objects where status=’INVALID’ group by owner;
no rows selected

Install Oracle Identity and Access Management Components

JDK installation

Installation of JDK is very simple. Just unzip the jdk6.zip file located at <repository_location>/installers/jdk to any location where we want to extract the JDK files.

We will extract the files at /app/fusion and it will create /app/fusion/jdk6 directory. So we can setJAVA_HOME to /app/fusion/jdk6

[fusion@fmwhost fusion]$ cd /app/fusion/

[fusion@fmwhost fusion]$ unzip /mnt/hgfs/setup/installers/jdk/jdk6.zip

Install Web tier 11.1.1.6.0 (HTTP server 2.0)

Start runInstaller script from <REPOSITORY_LOCATION>/installers/Webiter/Disk1

(Please note that we do not need to upgrade it as we did in earlier installation since this is already at the required version level)

Make sure following 2 variables are not set.

[fusion@fmwhost ~]$ env | grep LD_ASSUME_KERNEL

[fusion@fmwhost ~]$ env | grep ORACLE_INSTANCE

[fusion@fmwhost fusion]$ cd /mnt/hgfs/setup/installers/webtier/Disk1/

[fusion@fmwhost Disk1]$ ./runInstaller

Click Next

“Skip Software Updates” and click Next

Select “Install Software – Do Not Configure” and click Next

Once Prerequisites check completes, click Next

Enter following values and click Next

Oracle Middleware Home: /app/fusion/fmw

Oracle Home Directory: web

Deselect the checkbox and click Next

Click Yes

Review Summary and click Install. Save response file if required.

Save response file if required.

Once installation completes, click Next

Review and click Finish

Install Weblogic Server

Make sure the java version is 1.6.x

[fusion@fmwhost patch]$ /app/fusion/jdk6/bin/java -version

java version “1.6.0_31″

Java(TM) SE Runtime Environment (build 1.6.0_31-b05)

Oracle JRockit(R) (build R28.2.3-13-149708-1.6.0_31-20120327-1523-linux-x86_64, compiled mode)

[fusion@fmwhost ~]$ export PATH=/app/fusion/jdk6/bin:$PATH

Start Weblogic Server installation from <REPOSITORY_LOCATION>/installers/weblogic direcotry

[fusion@fmwhost ~]$ cd /mnt/hgfs/setup/installers/weblogic/

[fusion@fmwhost weblogic]$ java -d64 -jar wls_generic.jar

Click Next

Provide location of Middleware Home directory “/app/fusion/fmw” and click Next

Click Yes

Deselect the checkbox and click Next

Due to a bug in Linux/Solaris installation of Weblogic, following screen will keep on coming despite you click Yes. (only for Linux/Solaris installation)

Click Yes

Select the Checkbox and click Continue

Select Typical and click Next

“Oracle Weblogic Server” and “Oracle Coherence” are installed when you select Typical

Oracle JDK will be automatically selected, if not browse for the same. Click Next

Make sure the values are as above and click Next

Review the summary and click Next

This starts the weblogic installation

Deselect Quickstart and click Done

Install Oracle Identity Management 11.1.1.6.0

We need to first unzip the installation files from <repository_location>/installers/idm directory.

[fusion@fmwhost weblogic]$ cd /app/fusion/provisioning

[fusion@fmwhost provisioning]$ unzip /mnt/hgfs/setup/installers/idm/idm.zip

(Please note that we don’t need to upgrade this as well like earlier installations since it is already at the required version level. There is a patchset included in the installer but that is required only if you have existing lower version of IDM installed)

Start the installation by executing runInstaller from <provisioning_repository>/idm/Disk1

[fusion@fmwhost provisioning]$ cd /app/fusion/provisioning/idm/Disk1/

[fusion@fmwhost Disk1]$ ./runInstaller

Click Next

Select “Skip software upgrade” and click Next

Select “Install Software – Do Not Configure” and click Next

Once prerequisites check completes, click Next

Select value “/app/fusion/fmw” as Middleware home and “idm” as Home directory. Click Next

Deselect the checkbox and click Next

Click Yes

Review the Summary and click Install. Save summary if required.

Save summary if required.

Once installation completes, click Next

The above dialog box will appear. Open another window and execute following as root.

[root@fmwhost ~]# /app/fusion/fmw/idm/oracleRoot.sh

Review the summary and click Finish

Patch Oracle Identity Management

Following step can be skipped as on publishing this article, but this is just to make sure that you are already on correct patchset at the time you are installing this.

Important Note: There is a patchset included in installers directory so let us try to install this. In our case it will exit saying we already have higher version included but make sure to run this since when you are installing it later, your installer directory might have higher version.

[fusion@fmwhost idm_patchset]$ cd /app/fusion/provisioning/idm/

[fusion@fmwhost idm]$ unzip /mnt/hgfs/setup/installers/idm/idm_patchset.zip

[fusion@fmwhost Disk1]$ cd /app/fusion/provisioning/idm/idm_patchset/Disk1/

[fusion@fmwhost Disk1]$ ./runInstaller

Click Next

Enter values as above and click Next

This means that this patchset is not required since we already have 11.1.1.6 installed. If at the time of your installation, the newer installers directory includes newer patchset then it will go ahead. Here we will cancel this at this point.

Install SOA suite 11.1.1.6.0

Start the installation by executing runInstaller from <repository_location>/installers/soa/Disk1

[fusion@fmwhost Disk1]$ cd /mnt/hgfs/setup/installers/soa/Disk1/

[fusion@fmwhost Disk1]$ ./runInstaller

Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :/app/fusion/jdk6

Click Next

Select “Skip software update” and click Next

Once prerequisites check completes, click Next

Select “/app/fusion/fmw” as Middleware home and “SOA” as Home Directory. Click Next

Weblogic Server will be detected. Click Next

Review the summary and click Install. Save response file if required

Once completed, click Next

Review the summary and click Finish

Install Identity and Access Management

We need to first unzip the installation files from <repository_location>/installers/oam directory.

[fusion@fmwhost provisioning]$ cd /app/fusion/provisioning/

[fusion@fmwhost provisioning]$ mkdir iam

[fusion@fmwhost provisioning]$ cd iam/

[fusion@fmwhost iam]$ unzip ‘/mnt/hgfs/setup/installers/oam/iamsuite*.zip’

Start the installation by executing runInstaller from <provisioning_repository>/oam/iamsuite/Disk1

[fusion@fmwhost ~]$ cd /app/fusion/provisioning/iam/iamsuite/Disk1/

[fusion@fmwhost Disk1]$ ./runInstaller

…

Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :/app/fusion/jdk6

Click Next

Select “Skip software update” and click Next

Once prerequisites check finishes, click Next

Enter “/app/fusion/fmw” as Middleware home and “iam” as Home directory. Click Next

Review the summary and click Install. Save response file if required

Once installation completes click Next

Review the summary and click Finish to complete the installation.

The last 2 steps “Provisioning the OIM Login Modules Under the WebLogic Server Library Directory” and “Creating the wlfullclient.jar File” will be done now after applying the patches in next post.

Apply mandatory Patches

Database Patches
1. PSU 11.2.0.3.4

This patch is already applied as part of database installation
2. Apply other database patches
[fusion@fmwhost patch]$ /app/fusion/database/product/11.2.0/dbhome_1/OPatch/opatch napply
All the patches are already installed as part of database creation using provisioning wizard.
The following patch(es) are already installed in the Oracle Home.
[10263668 11837095 12312133 12317925 12646746 12772404 12889054 12977501 12985184 13014128 13078786 13365700 13404129 13454210 13508115 13615767 13632653 13714926 13743987 13787482 13790109 13918644 14013094 14029429 14058884 14110275 14143796 14164849 14207317 14226599 14499293 14653598 14679292 14698700 14725518 14743385 14793168 14840138 15832953 15885799]
Please roll back the existing identical patch(es) first.

Weblogic Server Patches
We have 2 options to apply Weblogic patches. Here is the first method using GUI.
[fusion@fmwhost weblogic]$ mkdir /app/fusion/fmw/utils/bsu/cache_dir/

[fusion@fmwhost weblogic]$ pwd
/mnt/hgfs/setup/installers/smart_update/weblogic
[fusion@fmwhost weblogic]$ cp -pr *.jar /app/fusion/fmw/utils/bsu/cache_dir/

[fusion@fmwhost weblogic]$ cp -pr *.xml /app/fusion/fmw/utils/bsu/cache_dir/

Start Weblogic Smart Update using bsu command at <MW_HOME>/utils/bsu location

[fusion@fmwhost weblogic]$ cd /app/fusion/fmw/utils/bsu/
[fusion@fmwhost bsu]$ ./bsu.sh



Click on the green icon under Apply column for each of the patch to validate and apply the same.




Do the same for all other patches.






Once you see above screen, it means all patches are successfully applied to Weblogic.

Or alternatively we can use following method

The WebLogic server patches are available under the FA Repository/installers/smart_update/weblogic directory. Follow the patch Readme and apply all the patches in the directory. Use the following command to apply all the patches:

java -jar FA Repository/installers/smart_update/suwrapper/bsu-wrapper.jar \

-bsu_home=/bea/mw_home/utils/bsu -meta=./suw_metadata.txt -install \

-patchlist=<WLS Patch List>\

-patch_download_dir=FA Repository/installers/smart_update/weblogic\ -prod_dir=/u01/oim/wlserver_10.3

For the WLS Patch List, provide a comma-separated list of WLS patches from the
following directory in the FA Repository: FA Repository/installers/smart_
update/weblogic

IDM Patches


[fusion@fmwhost bsu]$ cd /mnt/hgfs/setup/installers/pltsec/patch/
[fusion@fmwhost patch]$ ls -ltr
total 0
drwxrwxrwx 1 root root 0 Jan 2 2012 13531666
drwxrwxrwx 1 root root 0 May 11 2012 14034245
drwxrwxrwx 1 root root 0 Jun 27 2012 14249414
drwxrwxrwx 1 root root 0 Oct 9 03:18 14735846
drwxrwxrwx 1 root root 0 Oct 16 12:49 14726667

[fusion@fmwhost patch]$ export ORACLE_HOME=/app/fusion/fmw/idm
[fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply
OPatch detects the Middleware Home as “/app/fusion/fmw”

Invoking utility “napply”
Checking conflict among patches…
Conflicts/Supersets for each patch are:
Patch : 14249414
Bug SubSet of 14735846
Subset bugs are:
14203797, 14177175

Patch : 14735846
Bug Superset of 14249414
Super set bugs are:
14203797, 14177175
Skip these patches because they are subset of other patches in the list: 14249414
Proceed with these patches: 13531666 14034245 14726667 14735846
Checking if Oracle Home has components required by patches…

Running prerequisite checks…
Checking conflicts against Oracle Home…

OPatch found that the following patches are not required.
They are either subset of the patches in Oracle Home (or) subset of the patches in the given list
(or) duplicate :
14249414
OPatch continues with these patches: 13531666 14034245 14726667 14735846

Do you want to proceed? [y|n]
y
User Responded with: Y

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = ‘/app/fusion/fmw/idm’)

Is the local system ready for patching? [y|n]
y
UtilSession: N-Apply done.
——————————————————————————–
The following warnings have occurred during OPatch execution:
1) OUI-67302:
OPatch found that the following patches are not required.
They are either subset of the patches in Oracle Home (or) subset of the patches in the given list
(or) duplicate :
14249414

——————————————————————————–
OPatch Session completed with warnings.
OPatch completed with warnings.

Post step for 14735846
[fusion@fmwhost ~]$ cd /app/fusion/fmw/idm/ldap/admin/

[fusion@fmwhost admin]$ sqlplus ods@fusiondb
spool OID_Patch.txt

@oidtblkl.sql

@oidx11116.sql

@ldapxpkg.sql


[fusion@fmwhost admin]$ ls -ltr OID_Patch.txt

-rw-r–r– 1 fusion dba 425948 Mar 4 15:25 OID_Patch.txt

Patch Common Oracle Homes


[fusion@fmwhost patch]$ cd /mnt/hgfs/setup/installers/oracle_common/patch
[fusion@fmwhost patch]$ export ORACLE_HOME=/app/fusion/fmw/oracle_common
[fusion@fmwhost patch]$ ls -ltr
total 0
drwxrwxrwx 1 root root 0 Dec 22 2011 12556084
drwxrwxrwx 1 root root 0 Feb 3 2012 13639146
drwxrwxrwx 1 root root 0 Feb 13 2012 13713159
drwxrwxrwx 1 root root 0 Feb 13 2012 13713541
drwxrwxrwx 1 root root 0 Feb 16 2012 13511837
drwxrwxrwx 1 root root 0 Mar 2 2012 13805105
drwxrwxrwx 1 root root 0 Mar 8 2012 13807335
drwxrwxrwx 1 root root 0 May 9 2012 14054792
drwxrwxrwx 1 root root 0 May 24 2012 14109342
drwxrwxrwx 1 root root 0 Jul 20 2012 14336421
drwxrwxrwx 1 root root 0 Aug 3 2012 14311636
drwxrwxrwx 1 root root 0 Sep 21 06:49 14656857
drwxrwxrwx 1 root root 0 Oct 15 13:07 14763194
drwxrwxrwx 1 root root 0 Oct 18 00:49 14776651
drwxrwxrwx 1 root root 0 Oct 23 09:28 14740858
drwxrwxrwx 1 root root 0 Nov 7 04:57 15842871
drwxrwxrwx 1 root root 0 Nov 16 03:50 15878911
drwxrwxrwx 1 root root 0 Nov 20 18:01 14781147
drwxrwxrwx 1 root root 0 Nov 29 13:11 15935215
drwxrwxrwx 1 root root 0 Nov 30 03:55 15937259
[fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply
…
The local system has been patched and can be restarted.
UtilSession: N-Apply done.
OPatch succeeded.

IAM Patches


[fusion@fmwhost patch]$ cd /mnt/hgfs/setup/installers/idm/patch/
[fusion@fmwhost patch]$ ls -ltr
total 2
drwxrwxrwx 1 root root 4096 Jan 23 2012 13399365
drwxrwxrwx 1 root root 0 Feb 2 2012 13115859
drwxrwxrwx 1 root root 0 Jul 19 2012 14345968
drwxrwxrwx 1 root root 0 Oct 10 07:04 14741964
drwxrwxrwx 1 root root 0 Oct 26 15:33 14810463
drwxrwxrwx 1 root root 0 Nov 12 02:55 15860686
drwxrwxrwx 1 root root 0 Nov 26 06:07 15908418
drwxrwxrwx 1 root root 0 Dec 21 17:12 15903122
drwxrwxrwx 1 root root 0 Dec 21 17:12 15938034
drwxrwxrwx 1 root root 0 Dec 21 17:12 12418680
[fusion@fmwhost patch]$ export ORACLE_HOME=/app/fusion/fmw/iam
[fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply
Do you want to proceed? [y|n]
y
…
Is the local system ready for patching? [y|n]
y
…
The local system has been patched and can be restarted.

UtilSession: N-Apply done.

OPatch succeeded.

Post step for 13115859 – not required since we have not yet created any domain
Post step for 15903122 – only for existing Fusion Applications installation
Post step for 15938034 – only for systems using DevOps, remaining environments need not apply this


Post-Patch Instructions for IDM and IAM

Patch SOA


[fusion@fmwhost patch]$ cd /mnt/hgfs/setup/installers/soa/patch/
[fusion@fmwhost patch]$ ls -ltr
total 0
drwxrwxrwx 1 root root 0 Mar 20 2012 13263008
drwxrwxrwx 1 root root 0 Aug 16 2012 14501468
drwxrwxrwx 1 root root 0 Nov 20 18:00 14781147
[fusion@fmwhost patch]$ export ORACLE_HOME=/app/fusion/fmw/SOA
[fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply
Do you want to proceed? [y|n]
y
…
The local system has been patched and can be restarted.

UtilSession: N-Apply done.

OPatch succeeded.

Patch OHS/Web

[fusion@fmwhost patch]$ cd /mnt/hgfs/setup/installers/webtier/patch/
[fusion@fmwhost patch]$ export ORACLE_HOME=/app/fusion/fmw/web
[fusion@fmwhost patch]$ ls -ltr
total 0
drwxrwxrwx 1 root root 0 Jul 2 2012 14264658
drwxrwxrwx 1 root root 0 Oct 1 02:00 14695345
[fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply
Do you want to proceed? [y|n]
y
…
Is the local system ready for patching? [y|n]
Y
…
The local system has been patched and can be restarted.

UtilSession: N-Apply done.

OPatch succeeded.

Applying Workarounds


Provisioning the OIM Login Modules Under the WebLogic Server Library Directory


Due to issues with versions of the configuration wizard, some environmental variables are not added to the DOMAIN_HOME/bin/setDomainenv.sh script. This causes certain install sequences to fail. This is a temporary workaround for that problem.

1. Copy the files located under the IAM_ORACLE_HOME/server/loginmodule/wls directory to the MW_HOME/wlserver_10.3/server/lib/mbeantypes directory.

[fusion@fmwhost ~]$ ls -ltr /app/fusion/fmw/wlserver_10.3/server/lib/mbeantypes/

total 2896
-rwxr-x— 1 fusion dba 225160 Mar 3 17:23 xacmlSecurityProviders.jar
-rwxr-x— 1 fusion dba 89950 Mar 3 17:23 wlManagementMBean.jar
-rwxr-x— 1 fusion dba 231618 Mar 3 17:23 wlManagementImplSource.jar
-rwxr-x— 1 fusion dba 54884 Mar 3 17:23 systemPasswordValidatorProvider.jar
-rwxr-x— 1 fusion dba 163566 Mar 3 17:23 saml2IdentityAsserter.jar
-rwxr-x— 1 fusion dba 181014 Mar 3 17:23 saml2CredentialMapper.jar
-rwxr-x— 1 fusion dba 1662107 Mar 3 17:23 cssWlSecurityProviders.jar
-rwxr-x— 1 fusion dba 8139 Mar 3 17:23 commo.dtd
-rwxr-x— 1 fusion dba 306020 Mar 3 17:23 WLSSSecurityProviders.jar

[fusion@fmwhost ~]$ ls -ltr /app/fusion/fmw/iam/server/loginmodule/wls/
total 1604
-rwxrwxrwx 1 fusion dba 430383 Oct 10 07:04 oimsignaturembean.jar
-rwxrwxrwx 1 fusion dba 432248 Oct 10 07:04 oimsigmbean.jar
-rwxrwxrwx 1 fusion dba 421374 Oct 10 07:04 oimmbean.jar
-rwxrwxrwx 1 fusion dba 333397 Oct 10 07:04 OIMAuthenticator.jar

[fusion@fmwhost ~]$ cp -pr /app/fusion/fmw/iam/server/loginmodule/wls/* /app/fusion/fmw/wlserver_10.3/server/lib/mbeantypes/


2. Change directory to MW_HOME/wlserver_10.3/server/lib/mbeantypes/

[fusion@fmwhost ~]$ cd /app/fusion/fmw/wlserver_10.3/server/lib/mbeantypes/


3. Change the permissions on these files to 750 by using the chmod command.

[fusion@fmwhost mbeantypes]$ chmod 750 *


Creating the wlfullclient.jar File


Oracle Identity Manager uses the wlfullclient.jar library for certain operations. Oracle does not ship this library, so you must create this library manually. We will see mention of this during provisioning.

[fusion@fmwhost ~]$ cd /app/fusion/fmw/wlserver_10.3/server/lib

[fusion@fmwhost lib]$ ls -l wlfullclient.jar
wlfullclient.jar: No such file or directory

[fusion@fmwhost lib]$ java -jar wljarbuilder.jar
…
Created new jar file: /app/fusion/fmw/wlserver_10.3/server/lib/wlfullclient.jar

[fusion@fmwhost lib]$ ls -l wlfullclient.jar
-rw-r–r– 1 fusion dba 55004433 Mar 4 17:14 wlfullclient.jar

This concludes the installation of Oracle Identity Management components. Instead of directly configuring these components, we need to apply the mandatory patches first. These patches are listed in the latest release notes. Please refer to the latest release notes for the list of updated patches when you are installing.
Please note that the Webgate Patch is pending since we are yet to install webgate. We will install if required after installing webgate later

Configure Oracle Identity and Access Management components

Configuring Oracle Identity Management components” can be divided into following tasks. Please note that we will not configure Oracle Virtual Directory, Oracle Identity Federation etc.

1. Configure the Web Tier
2. Create Weblogic Domain for Identity Management
3. Extend the Domain to include Oracle Internet Directory
4. Prepare Identity and Policy Stores
5. Extend the Domain to include Oracle Directory Service Manager (ODSM)
6. Extend the Domain to include Oracle Virtual Directory (Optional)
7. Configure Oracle Access Manager 11g (OAM)
8. Configure Oracle Identity Manager (OIM) and Oracle SOA Suite
9. Post-configure tasks
   Configure Web Tier
   
   Start the configuration from <Web_Home>/bin
   [fusion@fmwhost ~]$ cd /app/fusion/fmw/web/bin/
   [fusion@fmwhost bin]$ ./config.sh
   
   
   
   Click Next
   
   
   Select only Oracle HTTP Server and deselect other checkboxes. Click Next
   
   
   
   
   Enter following details and click Next
   Instance Home Location: /app/fusion/config/instances/web1
   
   (Please note that the paths, instance/component name etc are different from what we used during 11.1.5 installation steps)
   
   Instance Name: web1
   OHS Component Name: ohs1
   
   
   Select “Specify Ports using Configuration file”. Open another shell window and copy the staticports.ini from staging directory.
   [fusion@fmwhost bin]$ cp -p /mnt/hgfs/setup/installers/webtier/Disk1/stage/Response/staticports.ini ~/
   
   
   Click View/Edit File
   
   
   
   Edit/uncomment the following values.
   OPMN Local Port = 6700
   OHS Port = 7777
   Click Save
   
   
   
   
   
   Deselect the check box and click Next
   
   
   
   Click Yes
   
   
   
   Review the summary and click Configure
   
   
   
   Once installation is successful, click Next
   
   
   
   Review the summary and click Finish
   
   Check if the HTTP processes already started.
   
   [fusion@fmwhost bin]$ ps -ef | grep http
   fusion 5410 5383 1 13:13 ? 00:00:00 /app/fusion/fmw/web/ohs/bin/httpd.worker -DSSL
   fusion 5419 5410 0 13:13 ? 00:00:00 /app/fusion/fmw/web/ohs/bin/httpd.worker -DSSL
   fusion 5420 5410 0 13:13 ? 00:00:00 /app/fusion/fmw/web/ohs/bin/httpd.worker -DSSL
   fusion 5422 5410 0 13:13 ? 00:00:00 /app/fusion/fmw/web/ohs/bin/httpd.worker -DSSL
   fusion 5518 4052 0 13:14 pts/1 00:00:00 grep http
   
   [fusion@fmwhost bin]$ vi /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf
   
   Change to following (dba or oinstall based on fusion user group)
   
   User fusion
   Group dba
   
   Launch http://<hostname>:7777 to make sure that HTTP home page is appearing.
   
   
   Make a backup of httpd.conf
   [fusion@fmwhost bin]$ cp -pr /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf.bak.original
   
   …
   <IfModule mpm_worker_module>
   ServerLimit 20
   StartServers 2
   MaxClients 1000
   MinSpareThreads 200
   MaxSpareThreads 800
   ThreadsPerChild 50
   MaxRequestsPerChild 10000
   AcceptMutex fcntl
   LockFile “${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/http_lock”
   </IfModule>
   
   Restart Web server as follows.
   
   
   
   Create Weblogic Domain for Identity Management
   
   Start the configuration from <Middleware Home>/oracle_common/commin/bin
   [fusion@fmwhost bin]$ /app/fusion/config/instances/web1/bin/opmnctl stopall
   
   opmnctl stopall: stopping opmn and all managed processes…
   [fusion@fmwhost bin]$ /app/fusion/config/instances/web1/bin/opmnctl startall
   opmnctl startall: starting opmn and all managed processes…
   
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/oracle_common/common/bin/
   [fusion@fmwhost bin]$ ./config.sh &
   
   
   
   
   
   Select “Create a new Weblogic domain” and click Next
   
   
   
   For single domain creation, select:
   – Oracle Identity Manager 11.1.1.3.0 [iam]
   – Oracle SOA Suite – 11.1.1.0 [soa]
   – Oracle Enterprise Manager [oracle_common]
   – Oracle Access Manager with Database Policy Store – 11.1.1.3.0 [iam]
   – Oracle WSM Policy Manager – 11.1.1.0 [oracle_common]
   – Oracle JRF [oracle_common] (This should be selected automatically.)
   Click Next
   
   
   
   
   
   Enter following values.
   Domain Name: IDMDomain
   Domain location: /app/fusion/config/domains
   Application location: /app/fusion/config/domains/IDMDomain/applications
   
   [Please note that above paths are different from what we used in previous installations]
   
   Click Next
   
   
   
   Enter name “weblogic” and desired password. Click Next
   
   
   
   Select “Production Mode” and make sure correct JDK is selected. Click Next
   
   
   
   Make sure to change each username to FA_ manually since we have modified the prefix earlier. Once that is changed, select all checkboxes to apply same password. Enter database server details and click Next
   
   
   
   
   Once connection test is successful, click Next
   
   
   
   Select “Administration Server” and “Managed servers, clusters and Machines”. Click Next
   
   
   
   Enter following values.
   Name: AdminServer
   Listen address: <hostname>
   Listen Port: <7001>
   We are not using SSL here so click Next
   
   
   
   In the “Configure Managed Servers” screen enter following values.
   WLS_OAM1, <hostname>, 14100 (OAM Server)
   WLS_SOA1, <hostname>, 8001 (SOA Server)
   WLS_OIM1, <hostname>, 14000 (OIM Server)
   Click Next
   
   
   
   Click Next
   
   
   
   Since we are using Unix machine, we must delete this entry. Click Delete
   
   
   
   This tab should look like this now.
   
   
   Click on “Unix Machine” tab and enter following values. And click Next
   Name: <hostname>
   Node Manager listen address: <hostname>
   Node manager listen port: 5556
   
   Import Note: Make sure to use machine name same as hostname. In this case change this to fmwhost.paramlabs.com instead of just fmwhost. Check this using “hostname” command on your OS, even though both point to same IP, the node manager treats both name as different machines.
   
   
   
   Select all managed servers on left side and click on right arrow to assign all servers to our single node.
   
   
   It should look as above. Click Next
   
   
   
   
   Review the summary and click “Create“
   
   
   
   Once creation is complete, click Done
   
   
   Prepare Admin server for startup without prompting password
   
   [fusion@fmwhost bin]$ mkdir -p /app/fusion/config/domains/IDMDomain/servers/AdminServer/security
   [fusion@fmwhost bin]$ cd /app/fusion/config/domains/IDMDomain/servers/AdminServer/security
   [fusion@fmwhost security]$ vi boot.properties
   [fusion@fmwhost security]$ more boot.properties
   username=weblogic
   
   password=Oracle123 (whichever password you chose)
   
   
   Note: The username and password entries in the file are not encrypted until you start the Administration Server. For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, start the server as soon as possible so that the entries are encrypted.
   
   
   
   Configure and start Node Manager
   [fusion@fmwhost security]$ cd /app/fusion/fmw/wlserver_10.3/server/bin/
   [fusion@fmwhost bin]$ ./startNodeManager.sh
   …
   INFO: Secure socket listener started on port 5556
   …
   Once you see above messege, press CTRL+C to kill the process (if you started with “&” then kill using kill -9 command)
   
   ^C+ set +x
   
   
   
   Set the node manager properties
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/oracle_common/common/bin
   
   [fusion@fmwhost bin]$ ./setNMProps.sh
   Appending required nodemanager.properties
   
   To confirm the changes,
   [fusion@fmwhost bin]$ tail -f /app/fusion/fmw/wlserver_10.3/common/nodemanager/nodemanager.properties
   
   …
   #Required NM Property overrides (append to existing nodemanager.properties)
   StartScriptEnabled=true
   
   
   Start node manager in nohup mode so that it keeps running after you close the shell.
   
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/wlserver_10.3/server/bin/
   
   [fusion@fmwhost bin]$ nohup ./startNodeManager.sh &
   
   
   Start Weblogic Admin server
   
   [fusion@fmwhost bin]$ cd /app/fusion/config/domains/IDMDomain/bin/
   [fusion@fmwhost bin]$ nohup ./startWebLogic.sh &
   
   Wait till you see this message.
   …
   <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
   
   ==========
   Note: If you ever get error like
   
   <Info> <Management> <BEA-141281> <unable to get file lock, will retry …>
   Then do the following
   Kill any running processes for startWeblogic.sh and then remove the lock files as follows.
   -bash-3.2$ rm /app/fusion/config/domains/IDMDomain/servers/AdminServer/tmp/AdminServer.lok
   
   This error appears if you the admin server or managed server did not stop properly earlier.
   ==========
   
   Make sure Admin server is started properly by launching the URL http://<hostname>:7001/console
   
   Login with “weblogic” user
   
   
   
   Launch Enterprise Manager URL
   
   http://<hostname>:7001/em
   
   
   Login with “weblogic” user
   
   
   
   
   
   Setup HTTP Aliases
   
   Create a file named admin.conf at <web instance directory>/config/OHS/ohs1/moduleconf and enter following lines
   
   
   [fusion@fmwhost bin]$ more /app/fusion/config/instances/web1/config/OHS/web1/moduleconf/admin.conf
   RewriteEngine On
   RewriteOptions inherit
   RewriteRule ^/em/targetauth/emaslogout.jsp “/oamsso/logout.html?end_url=/em” [R]
   RewriteRule ^/console/jsp/common/logout.jsp “/oamsso/logout.html?end_url=/console” [R]
   
   ###################################
   ## General Domain Configuration
   ###################################
   # Admin Server and EM
   <Location /console>
   SetHandler weblogic-handler
   WebLogicHost fmwhost.paramlabs.com
   WeblogicPort 7001
   </Location>
   
   <Location /consolehelp>
   SetHandler weblogic-handler
   WebLogicHost fmwhost.paramlabs.com
   WeblogicPort 7001
   </Location>
   
   <Location /em>
   SetHandler weblogic-handler
   WebLogicHost fmwhost.paramlabs.com
   WeblogicPort 7001
   </Location>
   
   Restart Web server
   
   [fusion@fmwhost bin]$ /app/fusion/config/instances/web1/bin/opmnctl stopall
   
   opmnctl stopall: stopping opmn and all managed processes…
   [fusion@fmwhost bin]$ /app/fusion/config/instances/web1/bin/opmnctl startall
   opmnctl startall: starting opmn and all managed processes…
   
   Now you can launch the same URL using our main http port 7777
   
   http://<hostname>:7777/console should open fine now
   
   
   
   Register HTTP server with Enterprise Manager
   
   
   [fusion@fmwhost bin]$ ./opmnctl registerinstance -adminHost fmwhost -adminport 7001 -adminUsername weblogic
   
   Command requires login to weblogic admin server (fmwhost):
   Username: weblogic
   Password:
   …
   
   Done
   Registering instance
   Command succeeded.
   
   
   Removing IDM Domain Agent
   
   In the Administration console, click on “Security Realms” -> myrealm -> Providers
   
   
   
   Select IAMSuiteAgent and click on Delete.
   
   
   Activate Changes
   
   
   Enable Weblogic Plugin
   
   Open http://<hostname>:7777/console and login with weblogic user
   Click Lock & Edit. Click on IDMDomain -> Configuration -> Web Applications
   
   
   Scroll down and check “Weblogic Plugin Enabled“
   
   
   
   Click on Environment -> Servers -> AdminServer -> Protocols -> HTTP. Change the Frontend port to 7777.
   
   Activate Changes
   Restart Welogic Admin Server
   
   [fusion@fmwhost bin]$ cd /app/fusion/config/domains/IDMDomain/bin/
   [fusion@fmwhost bin]$ ./stopWebLogic.sh
   [fusion@fmwhost bin]$ nohup ./startWebLogic.sh &
   
   
   Extend the Domain to include Oracle Internet Directory
   
   Make sure that the port 3060 is not being used by other process.
   [fusion@fmwhost bin]$ netstat -an | grep “3060″
   Start the configuration from <IDM_HOME>/bin
   
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/idm/bin
   
   [fusion@fmwhost bin]$ ./config.sh &
   
   
   
   
   
   Click Next
   
   
   
   Select “Configure Without A Domain” and click Next
   
   
   
   Instance Location: /app/fusion/config/instances/oid1
   Instance Name: oid1
   Click Next
   
   
   
   Deselect checkbox and click Next
   
   
   
   Click Yes
   
   
   
   Select “Oracle Internet Directory” and click Next
   
   
   
   Select “Specify Ports using Configuration file”
   Open a shell and copy the staticports.ini file to home directory
   [fusion@fmwhost bin]$ cp -p /app/fusion/provisioning/idm/Disk1/stage/Response/staticports.ini ~/
   
   
   Click View/Edit File
   
   
   
   Enter/uncomment Value for Non-SSL Port as 3060
   And for SSL Port put value as 3061
   Click Save
   
   
   
   
   
   Enter database details and click Next
   
   
   
   Set Realm as the domain level DC (for example if domain is example.com then set dc=example, dc=com)
   Click Next
   
   
   
   Review the summary and click Configure
   
   
   
   Once configuration completes, click Next
   
   
   
   Review the summary and click Finish
   
   
   Validate OID
   
   
   [fusion@fmwhost bin]$ export ORACLE_HOME=/app/fusion/fmw/idm
   
   [fusion@fmwhost bin]$ export ORACLE_INSTANCE=/app/fusion/config/instances/oid1
   
   [fusion@fmwhost bin]$ export PATH=$ORACLE_HOME/opmn/bin:$ORACLE_HOME/bin:$ORACLE_HOME/ldap/bin:$ORACLE_HOME/ldap/admin:$PATH
   
   [fusion@fmwhost bin]$ ldapbind -h fmwhost -p 3060 -D “cn=orcladmin” -q
   
   Please enter bind password:
   bind successful
   [fusion@fmwhost bin]$ ldapbind -h fmwhost -p 3061 -D “cn=orcladmin” -q -U 1
   
   Please enter bind password:
   bind successful
   
   [fusion@fmwhost bin]$ opmnctl reload
   opmnctl reload: reconfiguring opmn…
   [fusion@fmwhost bin]$ opmnctl status agent
   
   Processes in Instance: oid1
   ———————————+——————–+———+———
   ias-component | process-type | pid | status
   ———————————+——————–+———+———
   oid1 | oidldapd | 11217 | Alive
   oid1 | oidldapd | 11221 | Alive
   oid1 | oidmon | 11203 | Alive
   EMAGENT | EMAGENT | 10839 | Alive
   
   
   Registering Oracle Internet Directory with the WebLogic Server Domain
   
   [fusion@fmwhost bin]$ export ORACLE_HOME=/app/fusion/fmw/idm
   [fusion@fmwhost bin]$ export ORACLE_INSTANCE=/app/fusion/config/instances/oid1
   [fusion@fmwhost bin]$ $ORACLE_INSTANCE/bin/opmnctl registerinstance -adminHost fmwhost -adminPort 7001 -adminUsername weblogic
   
   Command requires login to weblogic admin server (fmwhost):
   Username: weblogic
   Password:
   
   Registering instance
   Command succeeded.
   
   
   Update the Enterprise Manager Repository URL
   
   
   [fusion@fmwhost bin]$ cd $ORACLE_INSTANCE/EMAGENT/EMAGENT/bin
   
   [fusion@fmwhost bin]$ ./emctl switchOMS http://fmwhost:7001/em/upload
   Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
   Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
   SwitchOMS succeeded.
   
   
   We can now verify whether this instance is registered for monitoring agent.
   Login to http://<hostname>:7777/em using weblogic user
   
   
   
   
   
   Click on Farm->Agent monitored targets.
   
   
   
   Make sure that Agent URL is configured and it does not show “Needs Configuration”
   Tune Oracle Internet Directory for Fusion Applications Installation
   
   
   
   In EM console, select oid1 from farm tree. On right pan click on oid1->Administration->Shared Properties
   
   
   Select Skip referral for search (in OID term orclskiprefinsql = 1)
   
   
   Deselect Match DN (orclMatchDnEnabled = 0)
   Click Apply
   
   
   Now click on oid1->Administration->Server Properties
   
   
   
   Set following values.
   Number of Oracle Internet Directory LDAP Server Processes    orclserverprocs        4
   
   Number of DB Connections per Server Process            orclmaxcc        4
   
   Maximum Number of LDAP connections per Server Process    orclmaxldapconns    4096
   
   
   Restart OID processes to make sure that the changes are now in effect.
   
   [fusion@fmwhost bin]$ /app/fusion/config/instances/oid1/bin/opmnctl stopall
   
   opmnctl stopall: stopping opmn and all managed processes…
   [fusion@fmwhost bin]$ /app/fusion/config/instances/oid1/bin/opmnctl startall
   
   opmnctl startall: starting opmn and all managed processes…
   
   [fusion@fmwhost bin]$ opmnctl status agent
   
   Processes in Instance: oid1
   ———————————+——————–+———+———
   ias-component | process-type | pid | status
   ———————————+——————–+———+———
   oid1 | oidldapd | 17192 | Alive
   oid1 | oidldapd | 17188 | Alive
   oid1 | oidldapd | 17184 | Alive
   oid1 | oidldapd | 17166 | Alive
   oid1 | oidldapd | 17142 | Alive
   oid1 | oidmon | 17104 | Alive
   EMAGENT | EMAGENT | 17103 | Alive
   
   
   Prepare Identity and Policy Stores
   Prepare Policy store
   Go to directory <IAM_HOME>/idmtools/bin
   -bash-3.2$ cd /app/fusion/fmw/iam/idmtools/bin/
   Source environment variables
   -bash-3.2$ export ORACLE_HOME=/app/fusion/fmw/iam
   
   -bash-3.2$ export JAVA_HOME=/app/fusion/jdk6
   -bash-3.2$ export IDM_HOME=/app/fusion/fmw/idm
   -bash-3.2$ export MW_HOME=/app/fusion/fmw
   
   
   Create a file named policystore.props
   [fusion@fmwhost bin]$ more policystore.props
   POLICYSTORE_HOST: fmwhost.paramlabs.com
   POLICYSTORE_PORT: 3060
   POLICYSTORE_BINDDN: cn=orcladmin
   POLICYSTORE_READONLYUSER: PolicyROUser
   POLICYSTORE_READWRITEUSER: PolicyRWUser
   POLICYSTORE_SEARCHBASE: dc=paramlabs,dc=com
   POLICYSTORE_CONTAINER: cn=idm_jpsroot
   
   [fusion@fmwhost bin]$ ./idmConfigTool.sh -configPolicyStore input_file=policystore.props
   
   
   Enter Policy Store Bind DN password :
   …
   Enter User Password for PolicyROUser:
   Confirm User Password for PolicyROUser:
   …
   Enter User Password for PolicyRWUser:
   Confirm User Password for PolicyRWUser:
   Check for errors in the log file.
   
   -bash-3.2$ grep -i error automation.log
   
   Note: While running this command, you might see the following error message:
   WARNING: Error in adding in-memory OID search filters.
   You may safely ignore this error.
   
   
   
   Run following commands to reassociate Security Store
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/oracle_common/common/bin/
   [fusion@fmwhost bin]$ ./wlst.sh
   wls:/offline> connect(“weblogic”,”Oracle123″,”t3://fmwhost.paramlabs.com:7001″)
   Connecting to t3://fmwhost.paramlabs.com:7001 with userid weblogic …
   Successfully connected to Admin Server ‘AdminServer’ that belongs to domain ‘IDMDomain’.
   
   Warning: An insecure protocol was used to connect to the
   server. To ensure on-the-wire security, the SSL port or
   Admin port should be used instead.
   
   wls:/IDMDomain/serverConfig> reassociateSecurityStore(domain=”IDMDomain”, admin=”cn=orcladmin”,password=”Oracle123″, ldapurl=”ldap://fmwhost.paramlabs.com:3060″,servertype=”OID”, jpsroot=”cn=idm_jpsroot”)
   
   
   wls:/IDMDomain/serverConfig> exit()
   
   Restart Admin Server
   
   
   
   Prepare Identity Store
   
   
   [fusion@fmwhost bin]$ more idstore.props
   # Common
   IDSTORE_HOST: fmwhost.paramlabs.com
   IDSTORE_PORT: 3060
   IDSTORE_BINDDN: cn=orcladmin
   IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=paramlabs,dc=com
   IDSTORE_SEARCHBASE: dc=paramlabs,dc=com
   IDSTORE_USERNAMEATTRIBUTE: cn
   IDSTORE_LOGINATTRIBUTE: uid
   IDSTORE_USERSEARCHBASE: cn=Users,dc=paramlabs,dc=com
   POLICYSTORE_SHARES_IDSTORE: true
   # OAM
   IDSTORE_OAMADMINUSER:oamadmin
   IDSTORE_OAMSOFTWAREUSER:oamLDAP
   OAM11G_IDSTORE_ROLE_SECURITY_ADMIN:OAMAdministrators
   # OAM and OIM
   IDSTORE_SYSTEMIDBASE: cn=systemids,dc=paramlabs,dc=com
   # OIM
   IDSTORE_OIMADMINGROUP: OIMAdministrators
   IDSTORE_OIMADMINUSER: oimLDAP
   # Required due to bug
   IDSTORE_OAAMADMINUSER : oaamadmin
   # Fusion Applications
   IDSTORE_READONLYUSER: IDROUser
   IDSTORE_READWRITEUSER: IDRWUser
   IDSTORE_SUPERUSER: weblogic_fa
   # Weblogic
   IDSTORE_WLSADMINUSER : weblogic_idm
   
   [fusion@fmwhost bin]$ ./idmConfigTool.sh -preConfigIDStore input_file=idstore.props
   
   
   Enter ID Store Bind DN password :
   
   
   Check the log for errors
   [fusion@fmwhost bin]$ grep -i error automation.log
   The above commands will automatically create a file named idmDomainConfig.param file. This is an important file and we will seed the values from this file to the response file.
   
   [fusion@fmwhost bin]$ more idmDomainConfig.param
   IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=paramlabs,dc=com
   POLICYSTORE_PORT: 3060
   IDSTORE_HOST: fmwhost.paramlabs.com
   IDSTORE_LOGINATTRIBUTE: uid
   IDSTORE_PORT: 3060
   POLICYSTORE_CONTAINER: cn=idm_jpsroot
   IDSTORE_USERSEARCHBASE: cn=Users,dc=paramlabs,dc=com
   POLICYSTORE_HOST: fmwhost.paramlabs.com
   POLICYSTORE_READWRITE_USERNAME: cn=PolicyRWUser,cn=users,dc=paramlabs,dc=com
   
   
   Creating Users and Groups
   
   Run following command.
   [fusion@fmwhost bin]$ ./idmConfigTool.sh -prepareIDStore mode=all input_file=idstore.props
   Enter ID Store Bind DN password :
   …
   Enter User Password for IDROUser:
   Confirm User Password for IDROUser:
   …
   Enter User Password for IDRWUser:
   Confirm User Password for IDRWUser:
   …
   Enter User Password for weblogic_fa:
   Confirm User Password for weblogic_fa:
   …
   Enter User Password for weblogic_idm:
   Confirm User Password for weblogic_idm:
   …
   Enter User Password for oblixanonymous:
   Confirm User Password for oblixanonymous:
   …
   Enter User Password for oamadmin:
   Confirm User Password for oamadmin:
   …
   Enter User Password for oamLDAP:
   Confirm User Password for oamLDAP:
   …
   Enter User Password for oaamadmin:
   Confirm User Password for oaamadmin:
   …
   Enter User Password for oimLDAP:
   Confirm User Password for oimLDAP:
   …
   Enter User Password for xelsysadm:
   Confirm User Password for xelsysadm:
   The tool has completed its operation. Details have been logged to automation.log
   
   [fusion@fmwhost bin]$ grep -i error automation.log
   WARNING: Error in adding in-memory OID search filters
   
   
   Note: We are not using Oracle Virtual Directory (OVD) since this is optional component so skipping OVD part
   
   
   Extend the Domain to include Oracle Directory Service Manager (ODSM)
   
   Make sure that the port 7006 is not being used by any process.
   [fusion@fmwhost bin]$ netstat -an | grep 7006
   
   Start the configuration from <IDM_HOME>/bin
   
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/idm/bin/
   [fusion@fmwhost bin]$ ./config.sh &
   
   
   
   
   Click Next
   
   
   
   Select “Extend Existing Domain” and enter following values
   Hostname: <hostname>
   Port: 7001
   Username: weblogic
   Password: same as existing weblogic password
   Click Next
   
   
   
   Click Yes
   
   
   
   Enter following values.
   Weblogic Server Directory: /app/fusion/fmw/wlserver_10.3
   Instance location: /app/fusion/config/instances/ods1
   Instance Name: ods1
   Click Next
   
   
   
   Deselect checkbox and click Next
   
   
   
   Click Yes
   
   
   
   Select only Oracle Directory Service Manager and click Next
   
   
   
   Select “Specify Ports using Configuration file”. Open another shell window and copy the staticports.ini from staging directory.
   [fusion@fmwhost bin]$ cp -p /app/fusion/provisioning/idm/Disk1/stage/Response/staticports.ini ~/
   
   Click View/Edit File
   
   
   
   Edit/uncomment ODS server Port No = 7006
   Click Save
   
   
   
   
   
   Review the summary and click Configure
   
   
   
   Once configuration completes, click Next
   
   
   
   Review the summary and click Finish
   
   
   Check if wls_ods1 is already up in Enterprise Manager at http://<hostname>:7777/em
   If not up the start by following commands.
   [fusion@fmwhost IDMDomain]$ cp -pr /app/fusion/config/domains/IDMDomain/servers/AdminServer/security/boot.properties /app/fusion/config/domains/IDMDomain/servers/wls_ods1/security/
   [fusion@fmwhost IDMDomain]$ cd /app/fusion/config/domains/IDMDomain/bin/
   
   [fusion@fmwhost IDMDomain]$ nohup ./startManagedWebLogic.sh wls_ods1 &
   Wait till you see RUNNING in the nohup.log file
   Launch ODSM using following URL
   http://<hostname>:7006/odsm
   
   
   
   
   Create Aliases for ODSM in HTTP server
   
   
   [fusion@fmwhost bin]$ vi /app/fusion/config/instances/web1/config/OHS/web1/moduleconf/admin.conf
   <Append following lines>
   
   # ODSM
   <Location /odsm>
   SetHandler weblogic-handler
   WebLogicCluster fmwhost.paramlabs.com:7006
   </Location>
   
   
   Restart Web Server as follows
   [fusion@fmwhost bin]$ /app/fusion/config/instances/web1/bin/opmnctl stopall
   
   opmnctl stopall: stopping opmn and all managed processes…
   [fusion@fmwhost bin]$ /app/fusion/config/instances/web1/bin/opmnctl startall
   opmnctl startall: starting opmn and all managed processes…
   
   Now you can also launch ODSM using following URL
   http://<hostname>:7777/odsm
   
   
   Click on Connect to a directory ->
   Create A New Connection
   
   
   
   
   Enter values as above. Click Connect
   
   
   
   You can now view the Oracle Internet Directory from ODSM
   
   
   
   You can also browse the OID data as above
   
   Configure Oracle Access Manager (OAM)
   
   Append following entries in /app/fusion/config/instances/web1/config/OHS/web1/moduleconf/admin.conf
   ##############################################
   ## Entries Required by Oracle Access Manager
   ##############################################
   # OAM console
   <Location /oamconsole>
   SetHandler weblogic-handler
   WebLogicHost fmwhost.paramlabs.com
   WebLogicPort 7001
   </Location>
   ##############################################
   ## Entries Required by Oracle Access Manager
   ##############################################
   # OAM
   <Location /oam>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WebLogicCluster fmwhost.paramlabs.com:14100
   </Location>
   ##############################################
   ## Entries Required by Fusion Applications
   ##############################################
   # FAAuthScheme
   <Location /fusion_apps>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WebLogicCluster fmwhost.paramlabs.com:14100
   </Location>
   Restart Web Server as follows.
   [fusion@fmwhost ldap_config_util]$ /app/fusion/config/instances/web1/bin/opmnctl stopall
   opmnctl stopall: stopping opmn and all managed processes…
   [fusion@fmwhost ldap_config_util]$ /app/fusion/config/instances/web1/bin/opmnctl startall
   opmnctl startall: starting opmn and all managed processes…
   
   Go to <IAM_HOME>/idmtools/bin
   [fusion@fmwhost bin]$ export ORACLE_HOME=/app/fusion/fmw/iam
   
   [fusion@fmwhost bin]$ export MW_HOME=/app/fusion/fmw
   [fusion@fmwhost bin]$ export JAVA_HOME=/app/fusion/jdk6
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/iam/idmtools/bin
   
   
   Create a file named config_oam1.props
   [fusion@fmwhost bin]$ more config_oam1.props
   WLSHOST: fmwhost.paramlabs.com
   WLSPORT: 7001
   WLSADMIN: weblogic
   WLSPASSWD: Oracle123
   IDSTORE_HOST: fmwhost.paramlabs.com
   IDSTORE_PORT: 3060
   IDSTORE_DIRECTORYTYPE:OID
   IDSTORE_BINDDN: cn=orcladmin
   IDSTORE_USERNAMEATTRIBUTE: cn
   IDSTORE_LOGINATTRIBUTE: uid
   IDSTORE_USERSEARCHBASE: cn=Users,dc=paramlabs,dc=com
   IDSTORE_SEARCHBASE: dc=paramlabs,dc=com
   IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=paramlabs,dc=com
   IDSTORE_OAMSOFTWAREUSER: oamLDAP
   IDSTORE_OAMADMINUSER: oamadmin
   PRIMARY_OAM_SERVERS: fmwhost.paramlabs.com:5575
   WEBGATE_TYPE: ohsWebgate11g
   ACCESS_GATE_ID: Webgate_IDM
   OAM11G_IDM_DOMAIN_OHS_HOST:fmwhost.paramlabs.com
   OAM11G_IDM_DOMAIN_OHS_PORT:7777
   OAM11G_IDM_DOMAIN_OHS_PROTOCOL:http
   OAM11G_WG_DENY_ON_NOT_PROTECTED: false
   OAM_TRANSFER_MODE: open
   OAM11G_OAM_SERVER_TRANSFER_MODE:open
   OAM11G_IDM_DOMAIN_LOGOUT_URLS:/console/jsp/common/logout.jsp,/em/targetauth/emaslogout.jsp
   OAM11G_OIM_WEBGATE_PASSWD: Oracle123
   COOKIE_DOMAIN: .paramlabs.com
   OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators
   OAM11G_SSO_ONLY_FLAG: true
   OAM11G_OIM_INTEGRATION_REQ: true
   OAM11G_IMPERSONATION_FLAG:true
   OAM11G_SERVER_LBR_HOST:fmwhost.paramlabs.com
   OAM11G_SERVER_LBR_PORT:7777
   OAM11G_SERVER_LBR_PROTOCOL:http
   COOKIE_EXPIRY_INTERVAL: 120
   OAM11G_OIM_OHS_URL:http://fmwhost.paramlabs.com:7777/
   OAM11G_SERVER_LOGIN_ATTRIBUTE: uid
   
   
   Keep a backup of idmDomainConfig.param for safety
   [fusion@fmwhost bin]$ cp -pr idmDomainConfig.param idmDomainConfig.param.preOAM
   
   
   
   Run the following command to Configure OAM
   [fusion@fmwhost bin]$ ./idmConfigTool.sh -configOAM input_file=config_oam1.props
   
   Enter ID Store Bind DN password :
   Enter User Password for IDSTORE_PWD_OAMSOFTWAREUSER:
   Confirm User Password for IDSTORE_PWD_OAMSOFTWAREUSER:
   Enter User Password for IDSTORE_PWD_OAMADMINUSER:
   Confirm User Password for IDSTORE_PWD_OAMADMINUSER:
   …
   The tool has completed its operation. Details have been logged to automation.log
   
   [fusion@fmwhost bin]$ grep -i error automation.log
   WARNING: Error in adding in-memory OID search filters
   
   Restart Admin server and all managed servers
   
   
   Validate OAM
   
   
   Login to OAM Console using oamadmin user
   
   http://fmwhost:7777/oamconsole/
   
   
   
   
   In System Configuration tab, click Access Manager Settings -> SSO Agents-> OAM Agents. Search for all agents.
   Edit Webgate_IDM agent
   
   
   
   Set Max. number of Connections to 4 for each primary servers (in our case only one host is there)
   
   
   
   Do the same for Webgate_IDM_11g agent
   Set Max. number of Connections to 4 for each primary servers (in our case only one host is there)
   
   
   
   In Policy Configurations tab, Host identifiers->IAMSuiteAgent-> Make sure our hostname and the default http port is mentioned. If already there then nothing to change in this screen.
   
   Adding the oamadmin Account to Access System Administrators
   
   The oamadmin user is assigned to the Oracle Access Manager Administrators group, which is in turn assigned to the Access System Administrators group. Fusion Applications, however, requires the oamadmin user to be explicitly added to that role.
   
   
   To do this, perform the following steps:
   1. Log in to the oamconsole at http://<hostname>:7777/oamconsole
   2. Click the System Configuration tab.
   3. Expand Data Sources - User Identity Stores.
   4. Click OIMIDStore.
   5. Click Open.
   6. Click the + symbol next to Access System Adminsitrators.
   7. Type oamadmin in the search box and click Search.
   8. Click the returned oamadmin row, then click Add Selected.
   9. Click Apply.
   
   
   
   
   
   
   Click Apply.
   Create Oracle Access Manager Policies for WebGate 11g
   
   In order to allow WebGate 11g to display the credential collector, you must add /oam to the list of public policies.
   Proceed as follows:
   1. Log in to the OAM console
   2. Select the Policy Configuration tab.
   3. Expand Application Domains – IAM Suite
   4. Click Resources.
   5. Click Open.
   6. Click New resource.
   7. Provide the following values:
   Type:
   HTTP
   Description:
   OAM Credential Collector
   
   Host Identifier:
   IAMSuiteAgent
   Resource URL:
   /oam
   Protection Level:
   Unprotected
   Authentication Policy:
   Public Policy
   8. Click Apply.
   
   
   
   Click Apply
   
   
   Updating Oracle Access Manager System Parameters
   
   
   1. Log in to the OAM console at http://<hostname>:7777/oamconsole as the WebLogic administration user.
   2. Select the System Configuration tab.
   3. Click Common Settings under the Common Configuration entry.
   4. Click Open.
   5. Set the following values:
   Idle Timeout (minutes): 120
   Session Lifetime: 120
   Maximum Number of Sessions per user: 200
   6. Click Apply
   
   
   
   Restart OAM
   
   
   
   Configure Oracle Identity Manager (OIM) and Oracle SOA Suite
   
   Start the configuration from <IAM_HOME>/bin
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/iam/bin/
   [fusion@fmwhost bin]$ ./config.sh &
   
   
   
   
   
   Click Next
   
   
   
   Select only “OIM Server” and click Next
   
   
   
   Enter database details. Make sure to use correct prefix as we selected earlier (in our case PROD). ClickNext
   
   
   
   Admin server URL: t3://<hostname>:7001
   Username and password of weblogic user
   Click Next
   
   
   
   Enter required password and OIM HTTP URL as http://<hostname>:14000
   Click Next
   
   
   
   Check “Enable LDAP Sync” and click Next
   
   
   
   Enter following values
   Directory Server Type: OID
   ID: oid1
   URL: ldap://<hostname>:3060
   User: cn=oimLDAP,cn=systemids,dc=<domain>,dc=<com>
   Click Next
   
   
   
   Enter following values
   Role Container: cn=Groups,dc=<domain>,dc=<com>
   User Container: cn=Users,dc=<domain>,dc=<com>
   Reservation Container: cn=Reserve,dc=<domain>,dc=<com>
   Click Next
   
   
   
   Review summary and click Configure
   
   
   
   Once configure completes, click Next
   
   
   
   Review and click Finish
   
   Launch OIM URL
   http://<hostname>:14000/oim
   
   Important Note: If you get HTTP 404
   error for OIM or if you see following errors in OIM log files (even if OIM status shows as “RUNNING” in admin console) then OIM has not come up properly. You can see this in EM and it will show OIM as down.
   
   <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID ’1356332711618′ for task ’1′. Error is: ‘weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.sdp.client, exact-match: false].’
   
   weblogic.management.DeploymentException: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.sdp.client, exact-match: false].
   at weblogic.application.internal.flow.CheckLibraryReferenceFlow.prepare(CheckLibraryReferenceFlow.java:26)
   at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
   at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
   at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
   at weblogic.application.internal.EarDeployment.prepare(EarDeployment.java:59)
   
   Truncated. see log file for complete stacktrace
   
   As per metalink Note: 1328471.1 following needs to be done to fix this.
   
   
   Admin console->Deplyments->go to oracle.sdp.client page
   
   
   
   
   
   Select Lock & Edit on left pan and on right pan click the checkboxes for WLS_OIM1 and WLS_SOA1
   
   Restart OIM
   
   
   Now launch OIM URL again.
   
   
   Login with xelsysadm user
   
   Enter answers for challenge questions.
   
   If you have not applied post-steps for patch 13399365 properly then you might get following errors.
   
   
   oracle.iam.platform.kernel.OrchestatrionException
   “ADF_FACES-60097 : For more information, please see the server’s error log for an entry beginning with: ADF_FACES-60096: Server Exception during PPR, #8″
   
   Internal Exception: java.sql.SQLSyntaxErrorException: ORA-00904: “CONTEXTVAL”: invalid identifier
   Error Code: 904
   Call: INSERT INTO ORCHPROCESS (ID, BULKPARENTID, CHANGETYPE, CONTEXTVAL, CREATEDON, ENTITYID, ENTITYTYPE, MODIFIEDON, OPERATION, ORCHESTRATION, ORCHTARGET, PARENTPROCESSID, RETRY, SEQUENCE, STAGE, STATUS) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
   bind => [16 parameters bound]
   
   This is because following column might not be available in PROD_OIM. ORCHPROCESS table. The post steps for above patch create this column.
   
   
   CONTEXTVAL CLOB
   
   Apply Post steps for patch 13399365 to fix this issue as follows.
   
   
   [fusion@fmwhost patch]$ cd /mnt/hgfs/setup/installers/idm/patch/13399365
   
   [fusion@fmwhost 13399365]$ mv /app/fusion/fmw/iam/server/bin/weblogic.profile /app/fusion/fmw/iam/server/bin/weblogic.profile_bak
   
   [fusion@fmwhost 13399365]$ cp -p sample_weblogic.profile.fa /app/fusion/fmw/iam/server/bin/weblogic.profile
   
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/iam/server/bin/
   
   [fusion@fmwhost bin]$ more weblogic.profile
   
   # For passwords if you dont want to put password </optional> in this file just comment it out from here, you will be promted for it in rumtime.
   
   #Neccessary env variables [Mandatory]
   ant_home=/app/fusion/fmw/modules/org.apache.ant_1.7.1
   java_home=/app/fusion/jdk6
   mw_home=/app/fusion/fmw
   oim_oracle_home=/app/fusion/fmw/iam
   
   #DB configuration variables [Mandatory]
   operationsDB.user=FA_OIM
   # Database password is optional. if you want to give it on terminal itself leave it commented. Otherwise uncomment it.
   OIM.DBPassword=Oracle123
   operationsDB.driver=oracle.jdbc.OracleDriver
   operationsDB.host=fdbhost.paramlabs.com
   operationsDB.serviceName=fusiondb
   operationsDB.port=1521
   appserver.type=wls
   
   isMTEnabled=false
   # If you have milty-tenancy enabled in your environment
   mdsDB.user=FA_MDS
   #Password is optional, if you want to give it on terminal itself leave it commented. Otherwise uncomment it.
   mdsDB.password=Oracle123
   mdsDB.host=fdbhost.paramlabs.com
   mdsDB.port=1521
   mdsDB.serviceName=fusiondb
   
   #For domain level configurations [Mandatory]
   # put here your admin server related credentials
   weblogic_user=weblogic
   #Password is optional, if you want to give it on terminal itself leave it commented. Otherwise uncomment it.
   weblogic_password=Oracle123
   weblogic_host=fmwhost
   weblogic_port=7001
   weblogic.server.dir=/app/fusion/fmw/wlserver_10.3
   
   #oim specific domain level parameters [Mandatory]
   oimserver_host=fmwhost.paramlabs.com
   oimserver_port=14000
   oim_managed_server=WLS_OIM1
   oim_domain_dir=/app/fusion/config/domains/IDMDomain
   
   isSODEnabled=false
   
   #SOA specific details [Mandatory]
   soa_home=/app/fusion/fmw/SOA
   soa_managed_server=WLS_SOA1
   soaserver_host=fmwhost.paramlabs.com
   soaserver_port=8001
   #put here the name of the targets of taskdetails. in non cluster it will be soa server name and in cluster it will be something like cluster_soa
   taskdetails_target_name=WLS_SOA1
   isOHSEnabled=true
   #Following params is needed only if you have enabled OHS in your env
   ohs_home=/app/fusion/fmw/web
   
   #If your env is FA, you can set this var false or ignore this if your env is non FA.
   isFAEnabled=true
   
   Now let’s apply the weblogic patch script.
   
   
   [fusion@fmwhost bin]$ export MW_HOME=/app/fusion/fmw
   [fusion@fmwhost bin]$ export JAVA_HOME=/app/fusion/jdk6
   
   [fusion@fmwhost bin]$ export ANT_HOME=/app/fusion/fmw/modules/org.apache.ant_1.7.1
   
   [fusion@fmwhost bin]$ export OIM_ORACLE_HOME=/app/fusion/fmw/iam
   [fusion@fmwhost bin]$ export PATH=$JAVA_HOME/bin:$PATH
   [fusion@fmwhost bin]$ ./patch_weblogic.sh
   
   It takes long time so be patient till it completes.
   
   Launch OIM again to make sure you can login successfully and enter security answers successfully.
   
   
   
   
   
   
   Now Launch SOA using following URL
   http://<hostname>:8001/soa-infra
   Login with weblogic username and password when prompted.
   
   
   
   Prepare OIM to reconcile from ID store
   
   
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/iam/server/ldap_config_util/
   [fusion@fmwhost ldap_config_util]$ cp -pr ldapconfig.props ldapconfig.props_orig
   
   [fusion@fmwhost ldap_config_util]$ vi ldapconfig.props
   [fusion@fmwhost ldap_config_util]$ cat ldapconfig.props
   # OIMServer Type, Valid values can be WLS, JBOSS, WAS
   # e.g.: OIMServerType=WLS
   OIMServerType=WLS
   
   # OIMAdmin User Login
   # e.g.: OIMAdminUser=xelsysadm
   OIMAdminUser=xelsysadm
   
   # Skip Validation of OVD Schema
   # e.g.: SkipOVDValidation=true|false, Default false
   SkipOVDValidation=true
   
   # OIM Provider URL
   # e.g.: OIMProviderURL=t3://localhost:8003
   OIMProviderURL=t3://fmwhost.paramlabs.com:14000
   
   # OID URL
   # e.g.: OIDURL=ldap://localhost:389
   OIDURL=ldap://fmwhost.paramlabs.com:3060
   
   # Admin user name to connect to OID
   # e.g.: OIDAdminUsername=cn=orcladmin
   OIDAdminUsername=cn=oimLDAP,cn=systemids,dc=paramlabs,dc=com
   
   # Search base
   # e.g.: OIDSearchBase=dc=company,dc=com
   OIDSearchBase=dc=paramlabs,dc=com
   
   # Name of the user container
   # e.g.: UserContainerName=cn=Users
   UserContainerName=cn=Users
   
   # Name of the role container
   # e.g.: RoleContainerName=cn=Roles
   RoleContainerName=cn=Groups
   
   # Name of the reservation container
   # e.g.: ReservationContainerName=cn=Reserve
   ReservationContainerName=cn=Reserve
   
   [fusion@fmwhost ldap_config_util]$ export JAVA_HOME=/app/fusion/jdk6
   
   [fusion@fmwhost ldap_config_util]$ export WL_HOME=/app/fusion/fmw/wlserver_10.3
   
   Run following command
   [fusion@fmwhost ldap_config_util]$ ./LDAPConfigPostSetup.sh /app/fusion/fmw/iam/server/ldap_config_util
   
   [Enter OIM admin password:]
   
   Authenticated with OIM Admin…..
   Obtained Scheduler Service…..
   Successfully Enabled Changelog based Reconciliation schedule jobs.
   Successfully Updated Changelog based Reconciliation schedule jobs with last change number : <number>
   
   Login to Enterprise Manager to make sure every required component is up.
   
   
   
   
   Configure HTTP for OIM and SOA
   
   
   Append following entries in /app/fusion/config/instances/web1/config/OHS/web1/moduleconf/admin.conf
   ################################################
   ## Entries Required by Oracle Identity Manager
   ################################################
   # oim admin console(idmshell based)
   <Location /admin>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # oim self and advanced admin webapp consoles(canonic webapp)
   <Location /oim>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # xlWebApp – Legacy 9.x webapp (struts based)
   <Location /xlWebApp>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # Nexaweb WebApp – used for workflow designer and DM
   <Location /Nexaweb>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # used for FA Callback service.
   <Location /callbackResponseService>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # spml xsd profile
   <Location /spml-xsd>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # role-sod profile
   <Location /role-sod>
   SetHandler weblogic-handler
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   <Location /HTTPClnt>
   SetHandler weblogic-handler
   #WLProxySSL ON
   #WLProxySSLPassThrough ON
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   ################################################
   ## Entries Required by Oracle Identity Manager and SOA
   ################################################
   
   # SOA Infrastructure
   <Location /soa-infra>
   SetHandler weblogic-handler
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:8001
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # UMS Email Support
   <Location /ucs>
   SetHandler weblogic-handler
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:8001
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # SOA Callback webservice for SOD – Provide the SOA Managed Server Ports
   <Location /sodcheck>
   SetHandler weblogic-handler
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:8001
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   # Callback webservice for SOA. SOA calls this when a request is approved/rejected
   # Provide the SOA Managed Server Port
   <Location /workflowservice>
   SetHandler weblogic-handler
   WLCookieName oimjsessionid
   WebLogicCluster fmwhost.paramlabs.com:14000
   WLLogFile “${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log”
   </Location>
   
   A copy of my admin.conf file can be found here. This is just sample admin.conf, you must make changes to host name and ports accordingly.
   Restart Web Server.
   [fusion@fmwhost ldap_config_util]$ /app/fusion/config/instances/web1/bin/opmnctl stopall
   opmnctl stopall: stopping opmn and all managed processes…
   [fusion@fmwhost ldap_config_util]$ /app/fusion/config/instances/web1/bin/opmnctl startall
   opmnctl startall: starting opmn and all managed processes…
   
   
   Change Host assertion in Weblogic
   
   
   
   Click Save and Activate Changes.
   Verify OIM and SOA using HTTP port
   
   
   http://<hostname>:7777/oim
   http://<hostname>:7777/soa-infra
   
   
   Enabling Oracle Identity Manager to Connect to SOA Using the Administrative Users Provisioned in LDAP
   Login to EM console
   Select Farm_IDMDomain –> Identity and Access–> OIM –> oim(11.1.1.3.0).
   Select MBean Browser from the menu or right click to select it.
   
   
   
   Select Application defined Mbeans –> oracle.iam –> Server: wls_oim1 –> Application: oim –> XML Config -> Config –> XMLConfig.SOAConfig –>SOAConfig
   Change the username attribute to weblogic_idm
   
   
   
   
   select Weblogic Domain –> IDMDomain from the Navigator.
   Select Security –> Credentials from the down menu
   
   
   
   Expand the key oim.
   Click SOAAdminPassword.
   Click Edit.
   
   
   
   Change the username to weblogic_idm and set the password to the accounts password.
   Click OK.
   
   
   Run the reconciliation process to enable the Oracle WebLogic Server administrator, weblogic_idm, to be visible in the OIM Console. Follow these steps:
   a. Log in to Oracle Identity Manager at:
   <hosname>:7777/oim as the user xelsysadm
   b. If prompted, set up challenge questions. This happens on your first login to Oracle Identity Manager.
   c. Click Advanced.
   d. Click the System Management tab.
   e. Click the arrow for the Search Scheduled Jobs to list all the schedulers.
   f. Select LDAP User Create and Update Full Reconciliation.
   g. Click Run Now to run the job.
   h. Go to the Administration page and perform a search to verify that the user is visible in the Oracle Identity Manager console.
   
   
   
   
   
   
   
   Now click on Administration
   
   
   Click Advanced Search –> Roles
   
   
   
   
   Search for the Administrators role. Click the Administrators Role.
   Click Open.
   
   
   
   Click the Members tab. Click Assign.
   
   
   
   Type weblogic_idm in the Search box and Click ->.
   Select weblogic_idm from the list of available users.
   Click > to move to Selected Users.
   
   
   
   Click Save.
   
   1. Log in to the weblogic console using at:
   http://<hostname>:7777/console
   2. Click Lock and Edit.
   3. Expand the Environment Node in the Domain Structure window.
   4. Click Servers to open the Summary of Servers Page.
   5. Click on a server to show the server properties page.
   6. Click the Server Start tab.
   7. Add the following values to the Arguments field:
   -Djps.subject.cache.key=5
   
   -Djps.subject.cache.ttl=600000.
   
   8. Click Save.
   9. Repeat for each of the managed servers.
   
   10. Click Activate Changes.
   
   
   Restart Admin server and all managed servers
   
    Integrate Oracle Identity Manager (OIM) and Oracle Access Manager (OAM)
   
   
   
   Update Existing LDAP Users with Required Object Classes
   
   Create a property file user.props as follows
   [fusion@fmwhost bin]$ export ORACLE_HOME=/app/fusion/fmw/iam
   [fusion@fmwhost bin]$ export IDM_HOME=/app/fusion/fmw/idm
   [fusion@fmwhost bin]$ export MW_HOME=/app/fusion/fmw
   [fusion@fmwhost bin]$ export JAVA_HOME=/app/fusion/jdk6
   [fusion@fmwhost bin]$ cd /app/fusion/fmw/iam/idmtools/bin/
   [fusion@fmwhost bin]$ more user.props
   IDSTORE_HOST: fmwhost.paramlabs.com
   IDSTORE_PORT: 3060
   IDSTORE_ADMIN_USER: cn=orcladmin
   IDSTORE_DIRECTORYTYPE: OID
   IDSTORE_USERSEARCHBASE: cn=Users,dc=paramlabs,dc=com
   IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=paramlabs,dc=com
   PASSWORD_EXPIRY_PERIOD: 7300
   IDSTORE_LOGINATTRIBUTE: uid
   Run the following command
   [fusion@fmwhost bin]$ ./idmConfigTool.sh -upgradeLDAPUsersForSSO input_file=user.props
   
   Enter LDAP admin user password :
   Finished parsing LDAP
   LDAP Users Upgraded.
   Integrate Oracle Access Manager 11g with Oracle Identity Manager 11g
   Create a property file as follows.
   [fusion@fmwhost bin]$ more oimitg.props
   LOGINURI: /${app.context}/adfAuthentication
   LOGOUTURI: /oamsso/logout.html
   AUTOLOGINURI: None
   ACCESS_SERVER_HOST: fmwhost.paramlabs.com
   ACCESS_SERVER_PORT: 5575
   ACCESS_GATE_ID: Webgate_IDM
   COOKIE_DOMAIN: .paramlabs.com
   COOKIE_EXPIRY_INTERVAL: 120
   OAM_TRANSFER_MODE: open
   WEBGATE_TYPE: ohsWebgate11g
   SSO_ENABLED_FLAG: true
   IDSTORE_PORT: 3060
   IDSTORE_HOST: fmwhost.paramlabs.com
   IDSTORE_DIRECTORYTYPE: OID
   IDSTORE_ADMIN_USER: cn=oamLDAP,cn=Users,dc=paramlabs,dc=com
   IDSTORE_USERSEARCHBASE: cn=Users,dc=paramlabs,dc=com
   IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=paramlabs,dc=com
   MDS_DB_URL: jdbc:oracle:thin:@fdbhost.paramlabs.com:1521:fusiondb
   MDS_DB_SCHEMA_USERNAME: fa_mds
   WLSHOST: fmwhost.paramlabs.com
   WLSPORT: 7001
   WLSADMIN: weblogic
   DOMAIN_NAME: IDMDomain
   OIM_MANAGED_SERVER_NAME: WLS_OIM1
   DOMAIN_LOCATION: /app/fusion/config/domains/IDMDomain
   IDSTORE_LOGINATTRIBUTE: uid
   Run the following command.
   [fusion@fmwhost bin]$ ./idmConfigTool.sh -configOIM input_file=oimitg.props
   Enter sso access gate password :
   Enter mds db schema password :
   Enter idstore admin password :
   Enter admin server user password :
   …
   The tool has completed its operation. Details have been logged to automation.log
   Check for errors in the log file.
   [fusion@fmwhost bin]$ grep -i error automation.log
   
   Assigning Groups and Roles
   
   Assigning WLSAdmins Group to WebLogic Administration Groups
   
   1. Log in to the WebLogic Administration Server Console.
   2. In the left pane of the console, click Security Realms.
   3. On the Summary of Security Realms page, click myrealm under the Realms table.
   4. On the Settings page for myrealm, click the Roles & Policies tab.
   5. On the Realm Roles page, expand the Global Roles entry under the Roles table. This brings up the entry for Roles. Click the Roles link to go to the Global Roles page.
   6. On the Global Roles page, click the Admin role to go to the Edit Global Role page:
   a. On the Edit Global Roles page, under the Role Conditions table, click the Add Conditions button.
   b. On the Choose a Predicate page, select Group from the drop down list for predicates and click Next.
   c. On the Edit Arguments Page, Specify IDM Administrators in the Group Argument field and click Add.
   7. Click Finish to return to the Edit Global Rule page.
   8. The Role Conditions table now shows the IDM Administrators Group as an entry.
   9. Click Save to finish adding the Admin role to the IDM Administrators Group.
   10. Validate that the changes were successful by bringing up the WebLogic Administration Server Console using a web browser. Log in using the credentials for the weblogic_idm user.
   
   
   
   
   
   
   
   Validate that the changes were successful by bringing up the WebLogic Administration Server Console using a web browser. Log in using the credentials for the weblogic_idm user.
   
   Perform Bug 13824816 Workaround
   
   1. Since you are already on the Global Roles page, click the Admin role to go to the Edit Global Role page:
   2. On the Edit Global Roles page, under the Role Conditions table, click Add Conditions.
   3. On the Choose a Predicate page, select Group from the predicates list and click Next.
   4. On the Edit Arguments Page, specify OAMAdministrators in the Group Argument field and click Add.
   5. Click Finish to return to the Edit Global Rule page. The Role Conditions table now shows the OAMAdministrators Group as an entry.
   6. Click Save to finish adding the Admin role to the OAMAdministrators Group.
   
   
   
   Updating the boot.properties File
   
   Update the boot.properties file for the Administration Server and the managed servers with the WebLogic admin user (weblogic_id) created in Oracle Internet Directory.
   [fusion@fmwhost security]$ cd /app/fusion/config/domains/IDMDomain/servers/AdminServer/security
   [fusion@fmwhost security]$ cp -pr boot.properties boot.properties_preOAM
   [fusion@fmwhost security]$ more boot.properties
   username=weblogic_idm
   
   password=Param123
   
   [fusion@fmwhost security]$ cp -pr boot.properties ../../WLS_OAM1/security/
   [fusion@fmwhost security]$ cp -pr boot.properties ../../WLS_OIM1/security/
   [fusion@fmwhost security]$ cp -pr boot.properties ../../WLS_SOA1/security/
   [fusion@fmwhost security]$ cp -pr boot.properties ../../wls_ods1/security/
   Restart all services manually to encrypt the file
   
   [fusion@fmwhost bin]$ nohup ./startWebLogic.sh &
   [fusion@fmwhost bin]$ nohup ./startManagedWebLogic.sh wls_ods1 &
   [fusion@fmwhost bin]$ nohup ./startManagedWebLogic.sh WLS_OAM1 &
   [fusion@fmwhost bin]$ nohup ./startManagedWebLogic.sh WLS_OIM1 &
   [fusion@fmwhost bin]$ nohup ./startManagedWebLogic.sh WLS_SOA1 &
   Install Webgate
   
   
   Versions of GCC Third-Party Libraries for Linux and Solaris

   Operating System	Architecture	GCC Libraries Required	Library Version
   Linux 32-bit	x86	libgcc_s.so.1 libstdc++.so.5	3.3.2
   Linux 64-bit	x64	libgcc_s.so.1 libstdc++.so.6	3.4.6
   Solaris 64-bit	SPARC	libgcc_s.so.1 libstdc++.so.5	3.3.2

   Verifying the GCC Libraries Version on Linux and Solaris Operating Systems
   
   Make sure we have the required libraries for Webgate installation. If you have installed Oracle Linux then you should have them.
   Perform the following checks to verify the version of GCC libraries:
   On the Linux32 on i386 platform:
   Run the following commands and ensure that their output is always greater than 0:
   strings -a libgcc_s.so.1 | grep -c “GCC_3.0″
   strings -a libgcc_s.so.1 | grep -v “GCC_3.3.1″ | grep -c “GCC_3.3″
   file libgcc_s.so.1 | grep “32-bit” | grep -c “80386″
   file libstdc++.so.5 | grep “32-bit” | grep -c “80386″
   On the Linux 64 on x86-64 platform:
   Run the following commands and ensure that their output is always greater than 0:
   strings -a libgcc_s.so.1 | grep -c “GCC_3.0″
   strings -a libgcc_s.so.1 | grep -v “GCC_3.3.1″ | grep -c “GCC_3.3″
   strings -a libgcc_s.so.1 | grep -c “GCC_4.2.0″
   file libgcc_s.so.1 | grep “64-bit” | grep -c “x86-64″
   file -L libstdc++.so.6 | grep “64-bit” | grep -c “x86-64″
   On the Solaris 64 on SPARC platform:
   Run the following commands and ensure that their output is always greater than 0:
   strings -a libgcc_s.so.1 | grep -c “GCC_3.0″
   strings -a libgcc_s.so.1 | grep -v “GCC_3.3.1″ | grep -c “GCC_3.3″
   file libgcc_s.so.1 | grep “64-bit” | grep -c “SPARC”
   file libstdc++.so.5 | grep “64-bit” | grep -c “SPARC”
   Since we have Oracle Linux x86-64 platform, let us verify the same.
   [fusion@fmwhost Disk1]$ strings -a /lib64/libgcc_s.so.1 | grep -v “GCC_3.3.1″ | grep -c “GCC_3.3″
   
   1
   [fusion@fmwhost Disk1]$ strings -a /lib64/libgcc_s.so.1 | grep -c “GCC_3.0″
   
   1
   [fusion@fmwhost Disk1]$ strings -a /lib64/libgcc_s.so.1 | grep -v “GCC_3.3.1″ | grep -c “GCC_3.3″
   
   1
   [fusion@fmwhost Disk1]$ strings -a /lib64/libgcc_s.so.1 | grep -c “GCC_4.2.0″
   1
   [fusion@fmwhost Disk1]$ file -L /lib64/libgcc_s.so.1 | grep “64-bit” | grep -c “x86-64″
   1
   [fusion@fmwhost Disk1]$ file -L /usr/lib64/libstdc++.so.6 | grep “64-bit” | grep -c “x86-64″
   1
   This all looks good so we don’t need to download any additional files.
   Start webgate installation
   
   
   We need to have the required libraries in a dedicated directory before we install webgate.
   [fusion@fmwhost Disk1]$ mkdir /app/fusion/oam_lib
   [fusion@fmwhost Disk1]$ cp -p /lib64/libgcc_s.so.1 /app/fusion/oam_lib/
   [fusion@fmwhost Disk1]$ cp -p /usr/lib64/libstdc++.so.6 /app/fusion/oam_lib/
   [fusion@fmwhost Disk1]$ ls -ltr /app/fusion/oam_lib/
   total 1024
   -rwxr-xr-x 1 fusion dba 976312 Sep 26 05:09 libstdc++.so.6.0.8
   -rwxr-xr-x 1 fusion dba 58400 Sep 26 05:09 libgcc_s-4.1.2-20080825.so.1
   lrwxrwxrwx 1 fusion dba 28 Mar 7 00:03 libgcc_s.so.1 -> libgcc_s-4.1.2-20080825.so.1
   lrwxrwxrwx 1 fusion dba 18 Mar 7 00:03 libstdc++.so.6 -> libstdc++.so.6.0.8
   Start webgate installation from <Repository_location>/webgate/Disk1
   
   [fusion@fmwhost ~]$ cd /mnt/hgfs/setup/installers/webgate/Disk1/
   [fusion@fmwhost Disk1]$ ./runInstaller
   …
   Please specify JRE/JDK location ( Ex. /home/jre ), <location>/bin/java should exist :/app/fusion/jdk6
   
   
   Click Next
   
   
   Once prerequisites check completes, click Next
   
   
   Middleware Home: /app/fusion/fmw
   Home Directory: webgate
   Click Next
   
   
   GCC Library Location: /app/fusion/oam_lib and click Next
   
   
   Review the summary and click Install
   
   
   Once installation completes, click Next
   
   
   Review the summary and click Finish
   Deploy WebGate to Oracle HTTP
   
   
   Make a backup of httpd.conf for safety.
   [fusion@fmwhost ~]$ cp -pr /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf_preWebgate
   
   
   
   1. Execute the command deployWebGate which is located in:
   WEBGATE_ORACLE_HOME/webgate/ohs/tools/deployWebGate
   The command takes the following arguments:
   Oracle HTTP Instance configuration Directory
   WebGate Home Directory
   [fusion@fmwhost deployWebGate]$ ./deployWebGateInstance.sh -w /app/fusion/config/instances/web1/config/OHS/web1 -oh /app/fusion/fmw/webgate
   
   Copying files from WebGate Oracle Home to WebGate Instancedir
   
   
   2. Set the library path to include the WEB_ORACLE_HOME/lib directory
   
   [fusion@fmwhost deployWebGate]$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/app/fusion/fmw/web/lib
   
   Change directory to: WEBGATE_ORACLE_HOME/webgate/ohs/tools/setup/InstallTools
   
   [fusion@fmwhost deployWebGate]$ cd /app/fusion/fmw/webgate/webgate/ohs/tools/setup/InstallTools/
   
   
   3. Run the following command to copy the file apache_webgate.template from the WebGate home directory to the WebGate instance location (renamed to webgate.conf) and update the httpd.conf file to add one line to include the name of webgate.conf
   
   [fusion@fmwhost InstallTools]$ ./EditHttpConf -w /app/fusion/config/instances/web1/config/OHS/web1 -oh /app/fusion/fmw/webgate
   
   The web server configuration file was successfully updated
   /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf has been backed up as /app/fusion/config/instances/web1/config/OHS/web1/httpd.conf.ORIG
   
   Note: If you get error like “Error: You are not authorized to configure this web server” then you need to check the Group value in /app/fusion/admin/ohs_inst1/config/OHS/ohs1/httpd.conf
   It should be dba or oinstall based on the default group of the fusion user.
   [fusion@fmwhost web1]$ ls -ltr /app/fusion/config/instances/web1/config/OHS/web1/webgate/config/
   
   total 20
   drwxr-xr-x 2 fusion dba 4096 Mar 7 00:08 simple
   -rwxr-x— 1 fusion dba 14337 Mar 7 00:08 oblog_config_wg.xml
   [fusion@fmwhost web1]$ ls -ltr /app/fusion/config/domains/IDMDomain/output/Webgate_IDM_11g/
   
   total 8
   -rw-r—– 1 fusion dba 2967 Mar 6 01:23 ObAccessClient.xml
   -rw——- 1 fusion dba 3141 Mar 6 01:23 cwallet.sso
   4. Copy the files ObAccessClient.xml, cwallet.sso, and password.xml, which were generated when you created the agent from the directory ASERVER_HOME/output/Agent Name on IDMHOST1, to the directory ORACLE_INSTANCE/config/OHS/component/webgate/config
   
   
   [fusion@fmwhost web1]$ cp -pr /app/fusion/config/domains/IDMDomain/output/Webgate_IDM_11g/* /app/fusion/config/instances/web1/config/OHS/web1/webgate/config/
   
   [fusion@fmwhost web1]$ ls -ltr /app/fusion/config/instances/web1/config/OHS/web1/webgate/config/
   
   total 32
   -rw——- 1 fusion dba 3141 Mar 6 01:23 cwallet.sso
   drwxr-xr-x 2 fusion dba 4096 Mar 7 00:08 simple
   -rwxr-x— 1 fusion dba 14337 Mar 7 00:08 oblog_config_wg.xml
   -rw-r—– 1 fusion dba 0 Mar 7 01:07 ObAccessClient.xml.lck
   -rw-r—– 1 fusion dba 0 Mar 7 01:07 polltracking.lck
   -rw-r—– 1 fusion dba 4774 Mar 7 01:07 ObAccessClient.xml
   
   Restart web service
   
   
   [fusion@fmwhost web1]$ /app/fusion/config/instances/web1/bin/opmnctl stopall
   opmnctl stopall: stopping opmn and all managed processes…
   [fusion@fmwhost web1]$ /app/fusion/config/instances/web1/bin/opmnctl startall
   opmnctl startall: starting opmn and all managed processes…
   
   Now launch http:<hostname>:7777/console and this should redirect to OAM login page.
   
   Once logged in, it should redirect back to Weblogic Console home page.
   
   Now SSO Logout function will also work.
   
   
   
   Patch Webgate
   
   We had skipped webgate patch in earlier steps of patching since webgate was not yet installed. Let us apply the patch now.
   Go to <repository location>/installers/webate/patch
   [fusion@fmwhost patch]$ export ORACLE_HOME=/app/fusion/fmw/webgate
   [fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply
   [fusion@fmwhost patch]$ export JAVA_HOME=/app/fusion/jdk6
   
   [fusion@fmwhost patch]$ export WL_HOME=/app/fusion/fmw/wlserver_10.3
   [fusion@fmwhost patch]$ $ORACLE_HOME/OPatch/opatch napply
   Do you want to proceed? [y|n]
   y
   …
   Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
   (Oracle Home = ‘/app/fusion/fmw/webgate’)
   Is the local system ready for patching? [y|n]
   y
   …
   Patching component oracle.as.oam.webgate.ohs, 11.1.1.5.0…
   Copying file to “/app/fusion/fmw/webgate/webgate/ohs/tools/t2p/oam-webgate-t2p.jar”
   Copying file to “/app/fusion/fmw/webgate/webgate/ohs/config/np1111_wg.txt”
   Copying file to “/app/fusion/fmw/webgate/webgate/ohs/lib/webgate.so”
   Copying file to “/app/fusion/fmw/webgate/webgate/ohs/lib/libxmlengine.so”
   Copying file to “/app/fusion/fmw/webgate/webgate/ohs/tools/setup/InstallTools/EditHttpConf”
   Copying file to “/app/fusion/fmw/webgate/webgate/ohs/tools/deployWebGate/deployWebGateInstance.sh”
   …
   The local system has been patched and can be restarted.
   UtilSession: N-Apply done.
   OPatch succeeded.
   Restart all services and reconfirm that everything comes up successfully. The EM should look as follows.
   
   
   
    Create new Response File 
   
   
   This step has to be done on node 2 (Fusion Applications Node). Make sure you are having /etc/hosts or DNS entry for  node 1 in node 2 and vice versa and you can reach both servers from each other.
   Since Provisioning Wizard comes as part of Provisioning framework, you must Install Fusion Applications Provisioning Framework on node 2 as well. Follow this link for steps of the same.
   Install Fusion Applications Provisioning Framework
   Once this is done, in order to create a new fusion applications Response File we should launch the provisioning wizard again from <framework_location>/bin
   <framework_location> is same what we mentioned in previous post. i.e. /app/fusion/provisioning
   
   Note: The step which was earlier called “Provisioning Plan” is now called “Response File” since last couple of releases.
   Unzip the JDK from stage directory.
   [fusion@fahost ~]$ cd /app/fusion/
   [fusion@fahost ~]$ unzip /mnt/hgfs/setup/installers/jdk/jdk6.zip
   [fusion@fahost ~]$ export JAVA_HOME=/app/fusion/jdk6
   [fusion@fahost ~]$ cd /app/fusion/provisioning/bin
   [fusion@fahost bin]$ ./provisioningWizard.sh &
   
   
   Click Next
   
   
   Select “Create a New Applications Environment Provisioning Response File” and click Next
   
   
   Deselect the checkbox and click Next
   
   
   Click Yes
   
   
   We are installing Oracle Fusion Accounting Hub here. You can select the product which you want to configure. Please note that just like eBusiness Suite, here also it will configure other modules regardless which module you have selected due to the dependencies between modules.
   You can see how many Admin and managed servers will be created for this configuration in the below panel.
   Click on details to see how many Domains, Admin and managed servers will be created with this selected configuration.
   
   
   
   
   Enter desired values here and click Next
   
   
   Enter following values.
   User Name: weblogic
   Installers Directory Location: <Repository_location> (for our case /stage or /mnt/hgfs/stage)
   Applications Base: /app/fusion
   Applications Configuration: /app/fusion/instance
   
   RDP Password: <Enter the same password as earlier here>
   Note: You would see a change in this screen. We don’t specify the idmDomainConfig.param file here in this screen as we used to do till 11.1.4 release. There is a dedicated screen for this later.
   
   
   The default Base port is 7000 and since now we have 2 nodes installation, there will not be any conflict with IDM node which also has few overlapping ports. Remaining are automatically selected based on what value you give as base port.
   
   
   
   Enter the database details here and click Next
   
   
   Enter same password for all accounts and click Next
   
   
   Enter password here and click Next. Must have one uppercase and number in the password. Click Next
   
   
   Since we are doing single node installation, enter our host name here. Click Next
   
   
   We are not publishing any URLs outside so don’t select DMZ. Enter values as follows.
   DMZ : Unchecked
   Host: <hostname>
   Virtual Host mode: Port based
   Domain name: Full domain name
   HTTP Port and HTTPS ports: Don’t change
   Click Next
   
   
   Review the information and click Next
   
   
   Click Next
   
   
   Click Next
   
   
   This is new screen since 11.1.5. Here you can browse for the idmDomainConfig.param file as generated in previous steps.
   Make sure that you have copied the idmDomainConfig.param file from node 1 (IDM node) from $IAM_HOME/idmtools/bin/ idmDomainConfig.param to any location on this node 2. You can FTP this file in ascii mode since it contains text values.
   
   [root@fahost ~]# ls -ltr /app/fusion/idmDomainConfig.param
   -rw-r—– 1 fusion dba 1231 Apr 6 04:43 /app/fusion/idmDomainConfig.param
   
   
   Most of the values will be populated from the idmDomainConfig.param file.
   Enter remaining values as follows.
   Super User name: weblogic_fa
   Check all following 3 check boxes.
   Enter all passwords.
   
   
   OIM Administrator User name: weblogic_idm
   OIM Managed Server Port: 14000
   HTTP endpoint URL: http://<hostname>:7777
   Click Next
   
   
   Again here most values will be populated.
   OAM Administrator User Name: oamadmin
   AAA Server Port: 5575
   Access Server Identifier: WLS_OAM1
   Due to a known bug, Set to Simple, enter password and again change to Open. Click Next
   
   
   OPSS Policy store JPS Root Node: cn=FAPolicies
   Make sure to select “Create OPSS Policy Store JPS Root Node”
   Click Next
   
   
   Enter database details and for schema owner, enter the same value as created during RCU. In our case prefix was FA so value is FA_MDS. Enter password and click Next
   
   
   
   Review the summary and click Finish to create the response file and provisioning summary files.
   
   Keep a backup of the Response file if you want.
   [fusion@fahost bin]$ cp -pr provisioning.rsp provisioning.rsp.bak
   
   [fusion@fahost bin]$ cp -pr provisioning.summary provisioning.summary.bak
   
    Provision an Applications Environment  
   
   
   Note: If you are using VMWare, it is advisable to keep the staging directory path to be short to avoid any file path going more than 255 characters.
   [root@fahost ~]# umount /mnt/hgfs
   [root@fahost ~]# mkdir /stage
   [root@fahost ~]# mount -t vmhgfs .host:/stage /stage
   Since we have copied required Webgate libraries on node 1, we must copy them on node 2 as well.
   [fusion@fahost bin]$ mkdir /app/fusion/oam_lib/
   
   [fusion@fahost bin]$ cd /app/fusion/oam_lib/
   
   [fusion@fahost oam_lib]$ scp fusion@fmwhost:/app/fusion/oam_lib/* .
   
   [fusion@fahost oam_lib]$ ls -ltr
   
   total 1024
   -rwxr-xr-x 1 fusion dba 58400 Apr 6 15:01 libgcc_s.so.1
   -rwxr-xr-x 1 fusion dba 976312 Apr 6 15:01 libstdc++.so.6
   [fusion@fahost oam_lib]$ cp -pr /app/fusion/oam_lib/* /stage/installers/webgate/
   Following file is also required for provisioning phase in addition to above.
   [fusion@fahost oam_lib]$ cp -p /usr/lib64/libstdc++.so.5 /app/fusion/oam_lib/
   [fusion@fahost oam_lib]$ cp -p /usr/lib64/libstdc++.so.5 / stage/installers/webgate/
   
   Make sure that the IDM infrastructure is started on Node 1. (only if not already started)
   1. Source profile
   more ~/.bash_profile
   ORACLE_HOME=/app/fusion/database/product/11.2.0/dbhome_1
   export ORACLE_HOME
   ORACLE_SID=fusiondb
   export ORACLE_SID
   JAVA_HOME=/app/fusion/jdk6
   export JAVA_HOME
   PATH=$PATH:$ORACLE_HOME/bin
   export PATH
   2. Start Listener
   lsnrctl start LISTENER_FUSIONDB
   3. Start Database
   sqlplus / as sysdba
   SQL> startup
   4. Start OID
   /app/fusion/admin/oid1/bin/opmnctl startall
   5. Start Web
   /app/fusion/admin/web1/bin/opmnctl startall
   6. Start Weblogic Admin Server for IDMDomain
   cd /app/fusion/admin/IDMDomain/aserver/IDMDomain/bin/
   nohup ./startWebLogic.sh &
   (Wait till you see RUNNING in nohup.out log file)
   7. Start Node Manager
   cd /app/fusion/fmw/wlserver_10.3/server/bin/
   nohup ./startNodeManager.sh &
   (Wait till you see “started on port 5556″ in nohup.out log file)
   8. Start OAM managed server for IDMDomain (since we cannot login to console without OAM)
   cd /app/fusion/admin/IDMDomain/aserver/IDMDomain/bin/
   nohup ./startManagedWebLogic.sh wls_oam1 &
   (Wait till you see RUNNING in nohup.out log file)
   9. Start remaining managed servers
   Either from command prompt
   cd /app/fusion/admin/IDMDomain/aserver/IDMDomain/bin/
   nohup ./startManagedWebLogic.sh wls_ods1 &
   nohup ./startManagedWebLogic.sh wls_oim1 &
   nohup ./startManagedWebLogic.sh wls_soa1 &
   (Wait till you see RUNNING in nohup.out log file for each of them. You can start them in in parallel, just make sure all start fine)
   Or by logging into Weblogic Console->Servers->Control screen.
   10. ONLY In case if restarting from postconfigure phase, do the following on Node 2 (FA node)
   For 11.1.4 and earlier versions
   cd /app/fusion/fusionapps/wlserver_10.3/common/nodemanager/ad002aph01
   nohup ./startNodeManagerWrapper.sh &
   For 11.1.5 onwards releases
   cd /app/fusion/instance/nodemanager/ad002aph01
   nohup ./startNodeManagerWrapper.sh &
   -bash-3.2$ /app/fusion/instance/CommonDomain_webtier/bin/opmnctl startall
   Start Fusion Applications Provisioning
   
   Launch the installer from <provisioning_repository>/bin
   It is important to start it with “-ignoreSysPrereqs true” switch as mentioned in the release notes.
   [fusion@fahost bin]$ ./provisioningWizard.sh -ignoreSysPrereqs true &
   
   
   Click Next
   
   Select “Provision an Applications Environment” and browse for the response file created in last step. Click Next
   
   
   Review and click Next
   
   Validate the information and click Next
   
   In case if you want to revisit some of the section in the Response File then you can do so here. Click Next
   
   Review the summary and click Next to begin. Good luck J
   
   You can ignore following error since we are not using OVD. Also since we have used “ignoreSysPrereqs true” you will see Next button. Click Next to continue.
   
   Once the Installation phase finishes, click Next
   Note: If you are using longer path for stage directory on Linux then install phase may fail with errors. This is due to more than 255 characters path for certain patch files. Check following link for solution for the same.
   http://www.oratraining.com/blog/2013/04/solution-for-atgpf-build-failure-during-install-phase-with-oui-67073utilsession-failed-null-error/
   
   Once Preconfigure phase completes, click Next
   Important Notes:
   You may see a lag between 100% completion of the phase and “Next” button being enabled. This is the time where the status changes from COMPLETED to ENDED. Here it takes backup of the instance directory at /app/fusion/provisioning/restart so that it can cleanup and restore from next step if it fails.
   The installation logs are being created at/app/fusion/logs/provisioning/plan<timestamp>/<hostname> directory. This is the most useful place to troubleshoot.
   The status flags like STARTED, COMPLETED, FAILED, ENDED are stored in/app/fusion/provisioning/phaseguards directory. Please be careful while removing, renaming or creating flag files here since it will change the current status of the provisioning.
   And for status of each domain within the particular phase, the flag files are written at/app/fusion/provisioning/phaseguards/pf directory
   Good thing in new Fusion applications setup is that when you retry it only performs the actions for failed products but those actions of completed products are not repeated. This saves a lot of time compared to our last installation of 11.1.1.5
   
   
   Once configure completes, click Next
   Note: If configure fails with following error then do this workaround.
   “Caused by: java.lang.RuntimeException: IO Error: Connection reset”
   Workaround:
   
   SQLNET.INBOUND_CONNECT_TIMEOUT = 0 in at $ORACLE_HOME/network/admin/sqlnet.ora on node 1 (or DB node)
   LSNRCTL> set inbound_connect_timeout =0 on DB node
   INBOUND_CONNECT_TIMEOUT_LISTENER_FUSIONDB = 0 in $ORACLE_HOME/network/admin/listener.ora on DB node
   You can remove this once provisioning is complete.
   Note: The name of next phase has changed to “Configure Primary/Secondary” instead of “Configure Secondary” as in 11.1.1.5 release since it was misleading.
   
   Click Next once Configure Primary/Secondary phase completes.
   
   Post configure is the most important and most error-prone part of Fusion Applications provisioning. Most of the people don’t get such a clean screen like above in first attempt (neither did I earlier). Don’t worry pr panic if you get errors, rest assured that if you have followed all earlier steps correctly, they are mostly random errors due to out of memory, network etc. make sure that you have sufficient free memory on node while running this. Also make sure that all components in IDM node (odi is optional at this phase) are up and running.
   Validate that you are able to login to all IDM components before running this phase. Login to EM console to see the status: http://<fmwhost>:7777/em
   Even if postconfigure has completed on some products and failed on others, when you click on retry, it will restore the failed products only and skip the phase for completed products.
   You will see following screen when you click on Retry if any phase has errored out. Once you press OK it will restart the same phase only for failed product families.
   
   
   Be patient when startup brings up all required managed servers. please note that if some components fail to startup and if you retry, it will do startup phase for all domains again including those have completed successfully. Make sure sufficient memory is available during this point.
   Click Next once completed.
   
   Validation phase has known bug and you will see following error for each domain validation.
   
   
   During the Validate phase, you will encounter WebGate validation errors and the error messages in the provisioning log are as follows:
   Webgate: private-validate validateWegPageStatus – BUILD_ERROR: The HTTP request to http://<host>:<port>/oberr.cgi?progid=1 returned status: 404
   [runProvisioning-validate] [NOTIFICATION] [] [runProvisioning-validate] [tid: 11] [ecid: 0000JgMcCTD9lZOLIih8if1GeQ7k000002,0] [logStatus] STATE=BUILD_ERROR!TIMESTAMP=<> PST!TARGET=private-validate!CATEGORY=BUILD_ERROR!DOMAIN=CommonDomain!HOSTNAME=<host>!PRODUCTFAMILY=fs!PRODUCT=WebGate!TASK=validate WebPageStatus!TASKID=fs.WebGate.BUILD_ERROR.private-validate.validate WebPageStatus!MESSAGE=The HTTP request to http://<host>:<port>/oberr.cgi?progid=1 returned status: 404.!DETAIL=The HTTP request to http://<host>:<port>/oberr.cgi?progid=1 returned status: 404.!BUILDFILE=<framework_location>/provisioning/provisioning-build/webgate-build.xml!LINENUMBER=992!
   These WebGate web page validation errors can be ignored. If there are any other validation errors you must resolve them before proceeding to the Summary phase. After resolving all validation errors, if the Next button on the Provisioning Wizard is not enabled, perform these steps from the command line to enable it:
10. cd <APPLICATIONS_CONFIG>/phaseguards (for example /app/fusion/provisioning/phaseguards)
11. rm validate-<host>-FAILED.grd.
12. touch validate-<host>-COMPLETED.grd.
13. touch validate-<host>-ENDED.grd (this last part is not mentioned in Oracle documents but this is required)
14. The Next button should be enabled on the Provisioning Wizard.

WARNING:

Deleting and creating files in the phase guard directory should be used as a workaround to resolve validation phase issues ONLY if none of the other options work. In any other case, you should never modify or make changes to the phase guard files.

[fusion@fahost]$ cd /app/fusion/provisioning/phaseguards

[fusion@fahost phaseguards]$ rm validate-fahost-FAILED.grd
[fusion@fahost phaseguards]$ touch validate-fahost-COMPLETED.grd
[fusion@fahost phaseguards]$ touch validate-fahost-ENDED.grd

Now you can see the Next button enabled. Click Next to go to post-installation summary.


Summary:
ComonDomain

Admin Console: http://fahost:10633/console
EM Welcome page: http://fahost:10633/em
Homepage – Application URL: https://fahost:10634/homePage
CRM Domain

Admin Console: http://fahost:10635/console
EM: http://fahost:10635/em
Financial Domain

Admin Console: http://fahost:10623/console
EM: http://fahost:10623/em

HCM Domain

Admin Console: http://fahost:10639/console
EM: http://fahost:10639/em
BI Domain

Admin Console: http://fahost:10641/console
OIM

HTTP URL: http://fmwhost.paramlabs.com:7777
HTTPS URL: https://fmwhost.paramlabs.com:7777
Login to homepage URL with weblogic_fa user.







You can see that “Fusion Accounting Hub” is showing up as “Provisioned” but implementation is “Not Started” yet. This is the next step after installing Fusion Applications and not part of this guide.