Wednesday, October 30, 2013

Identity Management 11G Rel 2: RCU

Repository Creation Utility

Running the Repository Creation Utility (RCU) for Linux is troublesome for some reasons.
One of the reasons is it is 32-bits software, whereas the Linux platforms now are predominantly 64 bits.
The other is java...

Running it off my Ubuntu LTS host, using
linux32 ./bin/rcu"
resulted in the following error:
frank@ubuntu64:~/Downloads/rcuHome$ linux32 ./bin/rcu ./bin/rcu: 276: ./bin/rcu: /home/frank/Downloads/rcuHome/jdk/jre/bin/java: not found
Java is actually installed:
frank@ubuntu64:~/Downloads/rcuHome$ which java /usr/bin/java
The line 276 is OK; it contains $JRE_DIR - it is the definition of this variable that is wrong (at line 133). Just change
JRE_DIR=$ORACLE_HOME/jdk/jre
into
JRE_DIR=/usr
Then change permissions (if needed), and rerun.
Happy RCU-ing!

Wednesday, October 23, 2013

Enterprise Install of Identity & Access Management 11.1.2

Hardware

Virtual hardware added to the Database and OUD/OVD installs: an 8GB/4CPU VM.

Basic Software

Of course, jrockit (the 37 release, the 45 does not always work with OFM 11GR2...) and WebLogic 10.3.6. WLS 12 is not yet certified against OFM I&AM 11GR2, as far as I know.

Software install

Start off with I&AM software 11.1.2.1: V37472.
[oracle@idm ~]$ /oracle/install/Software/OFM/11.1.2.1/V37472/Disk1/runInstaller -jreLoc /oracle/jrockit-jdk1.6.0/ Starting Oracle Universal Installer... Checking if CPU speed is above 300 MHz. Actual 3378 MHz Passed Checking Temp space: must be greater than 150 MB. Actual 22018 MB Passed Checking swap space: must be greater than 512 MB. Actual 6127 MB Passed Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed

Skip the Software updates.
All green, due to the oracle-rdbms-server-11gR2--pre-install package install.

Leave default; matter of taste.
The list of software, note the Privileged Account Manager, and Entitlements server. The Entitlements server is needed for the IAM stack, and comes licensed as such; using it as stack on it's own requires a license.
Takes a while, you might want to check rngd is ok...

Monday, October 07, 2013

Access Manager 11G Rel 2 and APEX 4.2

There is some documentation regarding APEX and OAM, but it is flawed.
  1. Make sure APEX functions with standard (APEX user based) security, even through OAM; this means
    • Allow /APEX/**
    • Allow /i/**
    • Protect /apex/apex_authentication.callback

  2. Page 9 states "OAM_REMOTE_USER with a value of $user.userid is created by default".
    Not true, just add it. What the extra entries are for is beyond me, APEX will just recognize one value in the header...
  3. Page 12: The PlsqlCGIEnvironmentList mentiones HTTP_OAM_ variables; this is an error, the variables should be called as defined in OAM: OAM_REMOTE_USER, not HTTP_OAM_REMOTE_USER.
  4. Page 14 states the Header Variable Name in the APEX configuration should be called HTTP_OAM_REMOTE_USER.
    No, it should be called whatever you named it in Access Manager: OAM_REMOTE_USER.
 Just some common sense, and it works. 

Next step: WNA+OAM+APEX - anyone done that?