Setting up Oracle Identity and Access Management Suite (11g) in the Cloud: A few things that work & don’t work

Because of the nature of the Amazon cloud there are a few things to keep in mind when building on these components on the cloud and a few things to do before starting your applications. Please note this is all windows centric.

***NOTE: As with all Tips and Tricks we provide on the IDMWorks blog, use the following AT YOUR OWN RISK.  We do not guarantee this will work in your environment and make no warranties***

The Oracle IAM 11g suite consists of several different products,  Identity Federation, Identity Manager, Internet Directory, and Access Manager, to name a few.  All of the products, rather most of the products, have the same basic requirements…database, RCU, WebLogic, and IDM  that must be installed.   Because of the nature of the Amazon EC2 Cloud there are a few things to keep in mind when building these components in the Cloud and a few things to do before starting your applications.  Please note this is all MS Windows centric.

Install order…

You can install the database or WebLogic first, it really doesn’t matter, but I typically will use the following order as it provides a good restore point:

FIRST:

  1. Database (software) install
  2. WebLogic 10.3.4 install
  3. IDM (software only install)

Back EVERYTHING Up

THEN:

  1. Install the listener
  2. Create database
  3. Run RCU
  4. Install SOA (only if needed)
  5. Configure IDM

When Installing the Database:

    1. A few things to do when installing the database (Cloud or not) is to set some environment variables in Windows, (this isn’t necessarily required with 11g as with older installs but can still be a time saver).   Regarding the Cloud, setting the ORACLE_HOSTNAME=”permanent name of machine”, is very helpful as both the listener and the dbconsole have real trouble starting after a reboot with changing names.  This will allow the database as a service in Windows successfully thus making it easier to remember what to type into the IDM RCU setup and IDM configuration setup.
      1. When creating the database set open cursors to 500, session cached cursors to 100, and processes to 500.  This can be done in the DBCA when creating the database by pressing the “All Initialization Parameters” button on the Configure Options screen (where you configure both the memory and character set.)

When Installing WebLogic:

Make sure you use the generic jar file with any 64 bit install.

      1. Install Java if needed and from a command prompt go to the directory where the jar file is located and type: ” java –jar wls1034_generic.jar” (or whatever the name of the jar is).
When Installing the Oracle IAM Suite:

Once the suite is configured for your application and the WebLogic domain created there are a few things that can be done to make life a little easier:

      1. You can edit the config.xml (located at Oraclehomeuser_projectsdomainsIDMDomainconfig) file to point to the correct host name by changing all instances from ip-xxxxxxxx.ec2.internal to the hostname.cloud.<organization>.net to insure the admin console starts correctly.
      2. For those who use the Fusion Enterprise Console, it may have trouble starting due to a class path issue, however to correct the error open the setdomainenv.cmd and search for the following line

set POST_CLASSPATH=(Oracle_home)wlserver_10.3serverlibweblogic.jar:;%POST_CLASSPATH%

 

Just after that line, add the following

 

set POST_CLASSPATH=(Oracle_home)Oracle_IDM1ouijliblibhttp_client.jar:;%POST_CLASSPATH%

3.  Save and Close the file

 

4.  Restart WebLogic for it to take effect.

Last but not least:
      1. Add the  host name ” ip-xxxxxxxxxxx.internal” from when the applications were configured to your Hosts file located at c:windowssystem32driversetc pointing to 127.0.0.1 (the IP loop-back address in Windows).   This should help solve everything else not already solved.  This way, whenever you boot, any app that asks for the old name will be able to route to the server directly.  This might not be the cleanest solution but it’ll work.
      2. In fact, make sure all listening addresses in WebLogic are set to blank and the nodemanager set to localhost (if you set it to blank, it automatically sets to localhost) and launch your managed weblogic sessions with the loopback address ( to be sure it launches successfully).

The combination of these tricks should resolve most, if not all, issues in getting IDM environments up and running in the cloud.

PS: In order to start your environment:

To start WebLogic: oracle_homeuser_projectsdomainsIDMDomainstarweblogic.cmd

To start your Application: oracle_homeuser_projectsdomainsIDMDomainbinstartmanagedweblogic Appservername http://serverhostname:7001

Questions? Feel free to reach out to us at IDMWorks.