Skip Headers
Oracle® Role Manager Installation Guide
Release 10g (10.1.4.2)
Part Number E14608-04
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

5 Configuring IBM WebSphere

This chapter contains procedures for configuring the IBM WebSphere application servers for Oracle Role Manager in preparation for deployment of the Oracle Role Manager on either nonclustered or clustered server environments. The procedures in this chapter are expected to be performed in the sequence they are presented.

This chapter includes the following sections:

5.1 Preparing WebSphere for a Nonclustered Server Installation

This procedure assumes that a WebSphere application server profile has been created for Oracle Role Manager with a host alias set for port access to Oracle Role Manager.

Note:

  • During profile creation, you must select the option to enable administrative security.

  • When configuring WebSphere, it is recommended that you save your settings after every task.

You must configure IBM WebSphere server in SSL mode to operate in a secure environment. For information about configuring SSL for WebSphere server, refer to the following URL:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.ihs.doc/info/ihs/ihs/welc6topsecureihs.html

This section includes the following topics:

5.1.1 Creating a Non-Administrative Server for Deploying Oracle Role Manager

Oracle recommends you to deploy the Oracle Role Manager system on a non-administrative server.

To create a non-administrative server:

  1. Run the following command:

    [WebSphere Install Dir]/AppServer/profiles/[Profile name]/bin/wsadmin.bat

    Note:

    You must ensure that the WebSphere server is running before performing this step.

  2. On the wsadmin prompt (wsadmin>), enter the following commands:

    $AdminTask createApplicationServer <Websphere Node Name> { -name orm -templateName default }

$AdminConfig save

quit

    Note:

    The node name specified in the first command must be same as the node name of the administrative server that gets created by default, for example server1. You can find out the node name on the admin console by going to Servers, Application Servers.

5.1.2 Configuring WebSphere to Use a Non-Default HTTP Port

If you are deploying the system on a non-administrative server, then perform the following steps:

To configure the WebSphere application server to use a non-default port:

  1. If not already on the WebSphere administrative console, in a Web browser, type the URL, for example:

    http://<appserverhost>:9060/ibm/console

  2. Select Environment, Virtual Host, default_host, Host Aliases and then click New.

  3. In the Host Name field, type *.

  4. In the Port field, enter the HTTP port number of the non-admin server on which Oracle Role Manager is going to be deployed, for example 9081.

  5. Click OK.

5.2 Preparing WebSphere for a Clustered Server Installation

This section describes the steps to prepare WebSphere for deployment of Oracle Role Manager in a clustered application server environment.

Caution:

Deploying an application in a clustered environment is a complex procedure. This document assumes that you have expertise in installing and using applications in a WebSphere cluster. These instructions provide the Oracle Role Manager-specific details only. They are not complete instructions for setting up a WebSphere cluster. For more information about clustering, refer to WebSphere documentation.

This section includes the following topics:

5.2.1 Installing Network Deployment Manager

You need to install Network Deployment Manager (NDM) if you are setting up the WebSphere cluster. Install NDM on the same computer where WebSphere Application Server is installed.

To install NDM:

  1. Launch the NDM installer (double click Install.exe).

  2. Specify the following information:

    1. Select the product installation directory.

    2. Under WebSphere Application Server environments, choose the None option.

  3. Continue with the installation. When the NDM installer launches the WebSphere "First Steps" application, exit it and finish the installation.

5.2.2 Upgrading NDM

To upgrade the NDM from 6.1 to 6.1.0.21:

  1. Install the update installer to fix pack 21.

  2. Accept default values.

5.2.3 Preparing the Database

Preparing the database includes:

  • Creating the database for finalization bus

  • Creating the database for each planned server

To create the database user for finalization bus:

To create the database user for finalization bus, for example, WSMsgFin, use the following SQL commands:

create user WSMsgFin identified by <password>

default tablespace ORM_DATA

temporary tablespace ORM_TEMP;

grant connect to WSMsgFin;

grant create session to WSMsgFin;

grant resource to WSMsgFin;

commit;

To create the database user for each planned server:

To create the database user for each planned server in the cluster, for example, WSMsgEng1 and WSMsgEng2, run the following SQL commands:

create user WSMsgEng1 identified by <password>

default tablespace ORM_DATA

temporary tablespace ORM_TEMP;

grant connect to WSMsgEng1;

grant create session to WSMsgEng1;

grant resource to WSMsgEng1;
create user WSMsgEng2 identified by <password>
default tablespace ORM_DATA

temporary tablespace ORM_TEMP;

grant connect to WSMsgEng2;

grant create session to WSMsgEng2;

grant resource to WSMsgEng2;

commit;

5.2.4 Creating Profiles on Application Servers

To create primary profile on server1:

  1. Select Start, Programs, IBM WebSphere, Application Server Network Deployment, and then select Profile Management tool.

  2. Select Cell (deployment manager and a federated application server), and then click Next.

  3. Select Typical Profile Creation, and then click Next.

  4. Select Enable administrative security, enter the user name and password and click Next.

  5. Click Create to create the primary profile.

To create secondary profile on server2:

  1. Select Start, Programs, IBM WebSphere, Application Server Network Deployment, and then select Profile Management tool.

  2. Select Custom Profile for Environments and click Next.

  3. Select Advanced Profile creation, and then click Next.

  4. In the Profile Name field, enter the profile name and click Next.

  5. In the Node Name field, enter the Hostname of the computer and click Next.

  6. Select Federate this node later, and then click Next.

  7. Click Create to create the secondary profile.

5.2.5 Setting Up the Servers

To start the deployment manager:

  1. On server1, in the command prompt, change to the WEBSPHERE_HOME\profiles\DEPLOYMENT_MANAGER_PROFILE_NAME\bin directory

    Where:

    • WEBSPHERE_HOME is the home directory of WebSphere

    • DEPLOYMENT_MANAGER_PROFILE_NAME is the name of the deployment manager profile being used

    For example:

    C:\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\bin

  2. Run the following command:

    startManager.bat

Note:

Before performing the following procedure, ensure that the WebSphere application server is down.

To start the node:

  1. On server1, in the command prompt, change to the WEBSPHERE_HOME\profiles\PRIMARY_PROFILE_NAME\bin directory

    Where:

    • WEBSPHERE_HOME is the home directory of WebSphere

    • PRIMARY_PROFILE_NAME is the name of the primary application server profile being used

    For example:

    C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\bin

  2. Run the following command:

    startNode.bat

To add a node:

  1. On server2, in the command prompt, change to the WEBSPHERE_HOME\profiles\SECONDARY_PROFILE_NAME\bin directory

    Where:

    • WEBSPHERE_HOME is the home directory of WebSphere

    • SECONDARY_PROFILE_NAME is the name of the secondary application server profile being used

    For example:

    C:\Program Files\IBM\WebSphere\AppServer\profiles\Custom01\bin

  2. Run the following command:

    addNode.bat <Primary_Node_Machine_Name> <Cell_Deployment_Manager_SOAP_Connector_Port> -username websphere -password websphere

5.2.6 Creating the Cluster

To create the cluster:

  1. Using a Web browser, connect to the Network Deployment Manager administrative console by navigating to the following URL:

    http://NDM_HOST:NDM_PORT/admin

  2. Log on to the system.

  3. Click Servers in the left panel.

  4. Click Clusters.

  5. Click New.

    1. Enter the cluster name, for example, ORM Cluster.

    2. Ensure that you select the Prefer local and Configure HttpSession memory-to-memory replication check boxes, and then click Next.

  6. Enter the first node member's name, for example, ORM Server1 and click Next.

  7. Click Add Member.

  8. Enter a name for the second node member, for example ORM Server2.

  9. Select the node for the second node member, then click Add Member.

  10. Click Next, then click Finish.

5.2.7 Distributing the Oracle Role Manager Libraries

For clustered server environments, the Oracle Role Manager libraries must exist in the identical location on all nodes where the Oracle Role Manager server exists.

To distribute the Oracle Role Manager libraries:

  1. On the primary server where Oracle Role Manager is installed, navigate to the ORM_HOME/ lib directory.

  2. Make a note of the full path, for example, C:\oracle\orm\lib.

  3. On each node for Oracle Role Manager, create a directory and path that exactly matches the path in the previous step.

  4. Copy all of the files from ORM_HOME/lib into each of the directories created in the previous step.

5.3 Configuring JDBC Providers and Data Sources

This section includes the following topics:

5.3.1 Configuring JDBC Providers

To configure the transaction (XA) and non-transaction JDBC providers:

  1. If the Oracle Role Manager database is Oracle 11g, copy the JDBC driver as follows:

    1. On the Oracle database host, navigate to ORA_HOME/jdbc/lib.

    2. Copy the ojdbc5.jar file from ORACLE_HOME/jdbc/lib into ORM_HOME/lib on the application server host.

    3. For clustered server environments, repeat these steps so the JDBC driver exists in ORM_HOME/lib on all nodes where Oracle Role Manager servers exist.

  2. If not already on the WebSphere administrative console, in a Web browser, type the URL, for example:

    http://<appserverhost>:9060/ibm/console

  3. From Resources, select JDBC, then click JDBC Providers.

  4. For nonclustered configuration, select the cell scope, Node=node_name, Server=server_name, from the Scope list.

  5. For clustered configuration, select the cluster scope, Cluster=cluster_name, from the Scope list.

  6. Click New to create the XA JDBC provider.

  7. Select Oracle as the database type.

  8. Select Oracle JDBC Driver as the provider type.

  9. Select XA datasource as the Implementation type, and then click Next.

  10. In the Directory location field, type the full path to the directory containing the Oracle JDBC driver.

    For Oracle 10g, the correct driver is ojdbc14.jar. This driver is contained in ORM_HOME/lib, so enter that path.

    For Oracle 11g, the correct driver is ojdbc5.jar. This driver was copied to ORM_HOME/lib Step 1, so enter that path.

  11. Click Next, then Finish.

  12. Click New to create the non-XA JDBC provider.

  13. Select Oracle as the database type.

  14. Select Oracle JDBC Driver as the provider type

  15. Select Connection pool data source as the Implementation type, and then click Next.

  16. Ensure that the value in the Directory location field is correct, and then click Next.

  17. Click Finish.

5.3.2 Reconfiguring JDBC Providers

This section is applicable only when you are using Oracle 11g JDBC driver (ojdbc5.jar) to connect to oracle 11g database.

Oracle recommends you to use ojdbc5.jar when configuring Oracle Role Manager with Oracle11g database. WebSphere Application Server by default creates Oracle JDBC providers using the Oracle 10g JDBC driver (ojdbc14.jar). In the administrative console, the wizard for creating new data sources does not allow you to change the name of the jar file. For example, you cannot change the entry from ojdbc14.jar to ojdbc5.jar. For more information about JDBC providers, refer to the following link:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rdat_minreqoracle.html

After you create the JDBC provider using the wizard, modify it to change the class path entry to reflect the location of ojdbc5.jar as follows:

To reconfigure the JDBC providers:

This procedure assumes that you have already performed the steps mentioned in Section 5.3.1.

  1. If not already on the WebSphere administrative console, in a Web browser, enter the URL, for example: http://<appserverhost>:9060/ibm/console.

  2. In the administrative console, go to Resources, JDBC, JDBC Providers.

  3. Select the cell scope from the Scope list, and then click on JDBC provider, Oracle JDBC Driver.

  4. In the Class path field, enter the full path of the JDBC drivers ojdbc5.jar, for example, ORM_HOME/lib/ojdbc5.jar.

  5. Click Apply.

  6. Click Save.

  7. Repeat the steps from 2 to 6 for the JDBC provider, Oracle JDBC Driver (XA).

    Note:

    You must execute these steps before creating any data sources as mentioned in "Configuring the Non-XA Data Source" and "Configuring the Transaction (XA) Data Source". If the data sources are already created, then you must recreate after deleting them.

5.3.3 Creating the Oracle Role Manager Database Credentials

To create the Oracle Role Manager database alias:

  1. From Security, select Secure administration, applications, and infrastructure.

  2. In the Authentication area, select Java Authentication and Authorization Service and then click the J2C authentication data link.

  3. Click New.

  4. Enter a name for the alias, for example, ORM Database to identify the Oracle Role Manager database.

  5. Type the user ID and password for the Oracle Role Manager application user as specified in Section 3.2.2.

  6. Click OK.

  7. For clustered environments, repeat this procedure for other messaging engines in the cluster, for example, WSMsgFin, WSMsgEng1, and WSMsgEng2.

    Note:

    The messaging engine names and passwords must match those that were used in Section 5.2.3 when preparing the database.

5.3.4 Configuring the Non-XA Data Source

To configure the non-XA data source and credentials:

  1. Go to Resources, JDBC, Data sources.

  2. For nonclustered server environments, select the same cell scope used in Section 5.3.1, then click New.

  3. For clustered server environments, select the same cluster scope used in Section 5.3.1, then click New.

  4. In the Data source name field, type a name for the non-XA data source, for example, ORM Non-XA Data source.

  5. In the JNDI name field, type orm/jdbc/ORMServerDS, and then click Next.

  6. Choose an existing JDBC provider and select the non-XA JDBC provider you created in Section 5.3.1, for example, Oracle JDBC Driver, and then click Next.

  7. In the URL field, type the JDBC connection URL:

    jdbc:oracle:thin:@<server>[:<port>]:<database_name>

    For example:

    jdbc:oracle:thin:@localhost:1521:orcl

  8. Select Oracle10g data store helper from the list, and then click Next.

    Note:

    You must use Oracle11g data store helper for Oracle 11g database.

  9. Click Finish.

    The non-XA data source for Oracle Role Manager should appear in the list.

  10. Click the name of the new non-XA data source to display details.

  11. In the Container-managed authentication alias list, select the database alias created in Step 4 of Section 5.3.3 and then click Apply.

    The reference to this option being deprecated can be ignored.

  12. On the same page, in the Additional Properties section, click Connection Pool Properties and set the Maximum connections to 30.

  13. Click OK.

    The reference to the failed test connection can be ignored because the connection will work after restarting the deployment manager.

5.3.5 Configuring the Transaction (XA) Data Source

To configure the XA data source:

  1. Go to Resources, JDBC, Data sources.

  2. For nonclustered server environments, select the same cell scope used in Section 5.3.1, then click New.

  3. For clustered server environments, select the same cluster scope used in Section 5.3.1, then click New.

  4. In the Data source name field, type a name for the XA data source, for example, ORM XA Data source.

  5. In the JNDI name field, type orm/jdbc/ORMServerXADS, and then click Next.

  6. Choose an existing JDBC provider and select the XA JDBC provider that you created in Section 5.3.1, for example, Oracle JDBC Driver (XA), and then click Next.

  7. In the URL field, type the JDBC connection URL:

    jdbc:oracle:thin:@<server>[:<port>]:<database_name>

    For example:

    jdbc:oracle:thin:@localhost:1521:orcl

  8. Select Oracle10g data store helper from the list, and then click Next.

    Note:

    You must use Oracle11g data store helper for Oracle 11g database.

  9. Click Finish.

    Both the new XA data source and non-XA data source for Oracle Role Manager must appear in the list.

  10. Click the name of the XA data source to display details.

  11. In the Container-managed authentication alias list, select the database alias created in Section 5.3.3, and then click Apply.

    The reference to this option being deprecated can be ignored.

  12. On the same page, in the Additional Properties section, click Connection Pool Properties and set the Maximum connections to 30.

  13. Click OK.

    The reference to the failed test connection can be ignored because the connection will work after restarting the deployment manager.

5.3.6 Configuring the Messaging Engine (XA) Data Source (Clustered Environments Only)

Note:

This is section is only for clustered configuration, perform the steps mentioned in this section following the order listed above.

To configure the messaging engine (XA) data source:

  1. Go to Resources, JDBC, Data sources.

  2. Select the same cluster scope used in Section 5.3.1, then click New.

  3. In the Data source name field, type a name for the XA data source, for example, ORM WSMsgEng Data source.

  4. In the JNDI name field, type orm/jdbc/WSMsgEngDS, and then click Next.

  5. Choose an existing JDBC provider and select the XA JDBC provider that you created in Section 5.3.1, for example, Oracle JDBC Driver (XA), and then click Next.

  6. In the URL field, type the JDBC connection URL:

    jdbc:oracle:thin:@<server>[:<port>]:<database_name>

    For example:

    jdbc:oracle:thin:@localhost:1521:orcl

  7. Select Oracle10g data store helper from the list, and then click Next.

    Note:

    You must use Oracle11g data store helper for Oracle 11g database.

  8. Click Finish.

    The Messaging Engine (XA) data source for Oracle Role Manager should appear in the list.

  9. Click the name of the Messaging Engine (XA) data source to display details.

  10. In the Additional Properties section, click Connection Pool Properties and set the Maximum connections to 30.

  11. Click OK.

    The reference to the failed test connection can be ignored because the connection will work after the authentication alias is configured.

5.4 Configuring JMS Messaging Buses and Bus Destinations

This section includes the following topics:

5.4.1 Configuring the JMS messaging buses (Nonclustered Environments Only)

To configure the JMS messaging buses:

  1. Select Service integration, Buses, and then click New.

  2. Type a name for the Oracle Role Manager bus, such as ORM Bus, and deselect the Bus security check box, and then click Next.

  3. Click Finish.

  4. Click New to create the finalization bus.

  5. Type a name for the finalization bus, such as ORM Finalization Bus, and deselect the Bus security check box, and then click Next.

    Note:

    • If you do not set the name to "ORM Finalization Bus", you must provide the "oracle.iam.rm.finalization.WebSphereFinalizationBusName" system property with the name that you use.

    • If you want to use a different name for the finalization bus, you must follow the Step 6 to set the WebSphereFinalizationBusName property. Otherwise, skip the next step.

  6. If you use a name other than ORM Finalization Bus:

    1. Select Servers, Application Servers.

    2. Click the server on which Oracle Role Manager is installed.

    3. In the Server Infrastructure section, click Java and Process Management, Process Definition.

    4. Click Java Virtual Machine.

    5. Click Custom Properties.

    6. Click New.

    7. In the Name field, type the following text:

      oracle.iam.rm.finalization.WebSphereFinalizationBusName

    8. In the Value field, type the name you set for the finalization bus.

    9. Click OK.

    10. Click Finish.

  7. Add the server to each of the newly created buses as follows:

    1. Click ORM Bus link, and then click Bus members.

    2. Click Add.

    3. Select the server to use for Oracle Role Manager, and then click Next.

    4. In the Select the type of message store list, select File Store, click Next, and then click Next again.

    5. Click Finish.

5.4.2 Configuring the JMS messaging buses (Clustered Environments Only)

To configure the JMS messaging buses:

  1. Select Service integration, Buses, and then click New.

  2. Type a name for the Oracle Role Manager bus, such as ORM Bus, and deselect the Bus security check box, and then click Next.

  3. Click Finish.

  4. Click New to create ORM Notification Bus, deselect the Bus Security check box and click Next.

  5. Click Finish.

  6. Click New to create the finalization bus.

  7. Type a name for the finalization bus, such as ORM Finalization Bus, deselect the Bus security check box, and click Next.

    Note:

    • If you do not set the name to "ORM Finalization Bus", you must provide the "oracle.iam.rm.finalization.WebSphereFinalizationBusName" system property with the name that you use.

    • If you want to use a different name for the finalization bus, you must follow the Step 6 to set the WebSphereFinalizationBusName property. Otherwise, skip the next step.

  8. If you use a name other than ORM Finalization Bus:

    1. Select Servers, Application Servers.

    2. Click the server on which Oracle Role Manager is installed.

    3. In the Server Infrastructure section, click Java and Process Management, Process Definition.

    4. Click Java Virtual Machine.

    5. Click Custom Properties.

    6. Click New.

    7. In the Name field, type the following text:

      oracle.iam.rm.finalization.WebSphereFinalizationBusName

    8. In the Value field, type the name you set for the finalization bus.

    9. Click OK.

    10. Click Finish.

  9. Add the server to the ORM Bus as follows:

    1. Click the ORM Bus link, then click Bus members.

    2. Click Add.

    3. Select the ORM Cluster (not either of servers) to use for Oracle Role Manager and click Next.

    4. In the Select the type of message store list, select Data Store, then click Next.

    5. Specify the following values:

      JNDI name:    orm/jdbc/WSMsgEngDS

      Schema name:     WSMsgEng1

      Authentication alias:    WSMsgEng1

    6. Click Next, then click Finish.

    7. Go to ORM Bus, Bus Members, and ORM Cluster.

    8. Click Add Messaging Engine.

    9. Select Data Store, then click Next.

    10. Specify the following values:

      JNDI name:    orm/jdbc/WSMsgEngDS

      Schema name:    WSMsgEng2

      Authentication alias:    WSMsgEng2

    11. Click Next, then click Finish.

  10. Add the server to the ORM Finalization Bus as follows:

    1. Click the ORM Finalization Bus link, then click Bus members.

    2. Click Add.

    3. Select the ORM Cluster (not either of servers) to use for Oracle Role Manager, then click Next.

    4. In the Select the type of message store list, select Data Store, then click Next.

    5. Choose the Use existing data source option and specify the following values:

      JNDI name:    orm/jdbc/WSMsgEngDS

      Schema name:     WSMsgFin

      Authentication alias:    WSMsgFin

    6. Click Next, then click Finish.

  11. Add the server to the ORM Notification Bus as follows:

    1. Click the ORM Notification Bus link, and then click Bus members.

    2. Click Add.

    3. Select the ORM Cluster (not either of servers) to use for Oracle Role Manager and click Next.

    4. In the Select the type of message store list, select File Store, then click Next.

    5. Specify the log directory path, for example, C:\WSlogs.

    6. Specify the permanent directory path, for example, C:\WSlogs.

    7. Click Next, then click Finish.

  12. Go to Servers, Core groups, Core group settings.

  13. Select DefaultCoreGroup.

  14. Click Policies.

  15. For each server in the cluster:

    1. Click New.

    2. Select One of N policy and click Next.

    3. Specify the name, for example, Server1 SIB Policy, Server2 SIB Policy.

    4. Specify 120 for the Is alive timer, select the Failback checkbox and click Apply.

    5. Click Matching Criteria and add the following criterias:

    • In the Name field enter IBM_hc and in the Value field enter ORM Cluster.

    • In the Name field enter WSAF_SIB_BUS and in the Value field enter ORM Bus.

    • In the Name field enter WSAF_SIB_MESSAGING_ENGINE and in the Value field enter the name of the messaging engine for the server in question. For example:

      For Server1 SIB Policy, in the Value field, enter ORM Cluster.000-ORM Bus.

      For Server2 SIB Policy, in the Value field, enter Cluster.001-ORM Bus.

    • In the Name field enter type and in the Value field as WSAF_SIB.

  16. Click Preferred Servers and specify ORM Server1 for the Server1 SIB Policy and ORM Server2 for the Server2 SIB Policy.

  17. Click OK.

5.4.3 Configuring Bus Destinations

To configure the Oracle Role Manager bus and finalization bus destinations:

  1. If not already on the Buses page, go to Service integration, Buses.

  2. Click the ORM Bus link, and then click Destinations.

  3. Click New.

  4. Select Queue as the destination type, and then click Next.

  5. Type Loader Queue as the identifier, and then click Next.

  6. Specify the bus member to own the queue, and then click Next.

  7. Click Finish.

  8. Repeat these steps, but this time, type Incoming Event Queue as the identifier.

  9. For nonclustered server environments:

    1. Click New.

    2. Select Topic space, then click Next.

  10. For clustered server environments:

    1. Click ORM Notification Bus.

    2. Click Destinations, then click New.

    3. Select Topic space, then click Next.

  11. Type Notification Topic as the identifier, and then click Next.

  12. Click Finish.

  13. Click ORM Finalization Bus, then click Destinations

    Note:

    The bus name you select here must match the finalization bus created in Section 5.4.1, for nonclustered environments or Section 5.4.2, for clustered environments.

  14. Click New.

  15. Choose Queue as the destination type, and then click Next.

  16. Type Finisher Queue as the identifier, and then click Next.

  17. Specify the bus member to own the queue, and then click Next.

  18. Click Finish.

5.5 Configuring JMS Queues and Connection Factories

This section includes the following topics:

5.5.1 Configuring JMS Queue Connection Factories

To configure JMS queue connection factories:

  1. Go to Resources, JMS, Queue connection factories.

  2. Select the same cell or cluster scope used in Section 5.3.1, then click New.

  3. Choose Default messaging provider, and then click OK.

  4. In the Name field, type a name for the Oracle Role Manager connection factory, such as ORM QCF.

  5. In the JNDI name field, type orm/jms/QueueConFac.

  6. In the Bus name list, select ORM Bus, and then click OK.

  7. Click New.

  8. Select Default messaging provider, and then click OK.

  9. In the Name field, type a name for the Oracle Role Manager connection factory for finalization, such as ORM Finalization QCF.

  10. In the JNDI name field, type orm/jms/FinalizationQueueConFac.

  11. In the Bus name list, select ORM Finalization Bus.

    Note:

    The bus name you select here must match the finalization bus created in Section 5.4.1, for nonclustered environments or Section 5.4.2, for clustered environments.

  12. Click OK.

5.5.2 Configuring the JMS Topic Connection Factory

To configure the JMS topic connection factory:

  1. Go to Resources, JMS, Topic connection factories.

  2. Select the same cell or cluster scope used in Section 5.3.1, then click New.

  3. Select Default messaging provider, and then click OK.

  4. In the Name field, type a name for the Oracle Role Manager topic connection factory, such

    as ORM TCF.

  5. In the JNDI name field, type orm/jms/TopicConFac.

  6. For nonclustered server environments, in the Bus name list, select ORM Finalization Bus, then click OK.

  7. For clustered server environments:

    1. In the Bus name list, select ORM Notification Bus, then click OK.

    2. In the Durable Subscription Home field, select ORM Cluster.000-ORM Notification Bus, then click OK.

5.5.3 Configuring JMS Queues

To configure the Loader queue:

  1. Go to Resources, JMS, Queues.

  2. Select the same cell or cluster scope used in Section 5.3.1, and then click New.

  3. Select Default messaging provider, then click OK.

  4. In the Name field, type ORM Loader.

  5. In the JNDI name field, type orm/jms/LoaderQueue.

  6. In the Bus name list, select ORM Bus.

  7. In the Queue name list, select Loader Queue.

  8. Click OK.

To configure the Incoming Event queue:

  1. Go to Resources, JMS, Queues.

  2. Select the same cell or cluster scope used in Section 5.3.1, then click New.

  3. Choose Default messaging provider, and then click OK.

  4. In the Name field, type ORM Incoming Event Queue.

  5. In the JNDI name field, type orm/jms/IncomingEventQueue.

  6. In the Bus name list, select ORM Bus.

  7. In the Queue name list, select Incoming Event Queue.

  8. Click OK.

To configure the Finalization queue:

  1. Go to Resources, JMS, Queues, select the same cell or cluster scope used in Section 5.3.1, then click New.

  2. Select Default messaging provider, and then click OK.

  3. In the Name field, type ORM Finisher Queue.

  4. In the JNDI name field, type orm/jms/FinisherQueue.

  5. In the Bus name list, select ORM Finalization Bus.

    Note:

    The bus name you select here must match the finalization bus created in Section 5.4.1, for nonclustered environments or Section 5.4.2, for clustered environments.

  6. In the Queue name list, select Finisher Queue.

  7. Click OK.

5.5.4 Configuring the JMS Notification Topic

To configure the Notification Topic:

  1. Go to Resources, JMS, Topics.

  2. Select the same cell or cluster scope used in Section 5.3.1, then click New.

  3. Select Default messaging provider, and then click OK.

  4. In the Name and the Topic Name fields, type ORM Notification Topic.

  5. In the JNDI name field, type orm/jms/NotificationTopic.

  6. For nonclustered server environments, in the Bus name list, select ORM Bus.

  7. For clustered server environments, in the Bus name list, select ORM Notification Bus.

  8. In the Topic space list, select Notification Topic.

  9. Click OK.

5.6 Configuring JMS Activation Specifications

To configure the Loader AS:

  1. Go to Resources, JMS, Activation specifications.

  2. Select the same cell or cluster scope used in Section 5.3.1, then click New.

  3. Select Default messaging provider, and then click OK.

  4. In the Name field, type ORM Loader AS.

  5. In the JNDI name field, type orm/jms/LoaderAS.

  6. In the Destination type list, select Queue.

  7. In the Destination JNDI name field, type orm/jms/LoaderQueue.

  8. In the Bus name list, select ORM Bus.

  9. Click OK.

To configure the Incoming Event AS:

  1. Go to Resources, JMS, Activation specifications.

  2. Select the same cell or cluster scope used in Section 5.3.1, then click New.

  3. Select Default messaging provider, and then click OK.

  4. In the Name field, type ORM Incoming Event AS.

  5. In the JNDI name field, type orm/jms/IncomingEventAS.

  6. In the Destination type list, select Queue.

  7. In the Destination JNDI name field, type orm/jms/IncomingEventQueue.

  8. In the Bus name list, select ORM Bus.

  9. Click OK.

To configure the Finisher AS:

  1. Go to Resources, JMS, Activation specifications.

  2. Select the same cell or cluster scope used in Section 5.3.1, then click New.

  3. Choose Default messaging provider, and then click OK.

  4. In the Name field, type ORM Finisher AS.

  5. In the JNDI name field, type orm/jms/FinisherAS.

  6. In the Destination type list, select Queue.

  7. In the Destination JNDI name field, type orm/jms/FinisherQueue.

  8. In the Bus name list, select ORM Finalization Bus.

    Note:

    The bus name you select here must match the finalization bus created in Section 5.4.1, for nonclustered environments or Section 5.4.2, for clustered environments.

  9. In the Maximum concurrent endpoints field, set the value to 1.

    Note:

    You must set the value of Maximum concurrent endpoints as 1 to ensure the ORM application to function properly.

  10. Click OK.

To configure the Notification AS:

  1. Go to Resources, JMS, Activation specifications.

  2. Select the same cell or cluster scope used in Section 5.3.1, then click New.

  3. Choose Default messaging provider, and then click OK.

  4. In the Name field, type ORM Notification AS.

  5. In the JNDI name field, type orm/jms/NotificationAS.

  6. In the Destination type list, select Topic.

  7. In the Destination JNDI name field, type orm/jms/NotificationTopic.

  8. For nonclustered server environments, in the Bus name list, select ORM Bus.

  9. For clustered server environments, in the Bus name list, select ORM Notification Bus.

  10. Click OK.

5.7 Configuring Security

This section includes the following topics:

5.7.1 Securing the WebSphere Installation/Console

To secure the WebSphere installation/console:

  1. In a Web browser, type the URL to connect to the WebSphere administrative console. For example:

    http://<appserverhost>:9060/ibm/console

  2. Go to Security, Secure administration, applications, and infrastructure.

  3. Click Security Configuration Wizard.

  4. Select Enable application security and Use Java 2 security to restrict application access to local resources check boxes and then click Next.

  5. In the Select user repository: section, select Federated repositories and then click

    Next.

  6. Type username and password for administrative user, for example, websphere/websphere and then click Next.

    Note:

    The username and password specified in this step must be the same as the username and password used to log in to the administrative console.

  7. Click Finish.

  8. Clear the Warn if applications are granted custom permissions check box.

  9. Click Apply, and then save your changes.

  10. Configure the server for Oracle Role Manager as follows:

    1. From Servers, select Application Servers.

    2. Select the server for Oracle Role Manager.

      Note:

      For clustered environments, the server is on the cluster to use for Oracle Role Manager.

    3. In the Server Infrastructure section, click Java and Process Management, then click Process Definition.

    4. In the Additional Properties section, click Java Virtual Machine.

    5. In the Additional Properties section, click Custom Properties.

    6. Click New.

    7. In the Name field, type com.ibm.websphere.java2secman.nolog.

    8. In the Value field, type true.

    9. In the Description field, type Stop over_logging of security warnings.

    10. Click OK, and then click Save.

    11. For clustered environments, repeat the substeps in Step 10 for all additional servers on the cluster.

5.7.2 Creating a Custom User

To create a custom user:

  1. Log in to the Administrative Console.

  2. Go to Users and Groups, Manage Users.

  3. Click Create and type the following:

    1. User ID, for example, ormserver.

    2. First Name, for example, ORM.

    3. Last Name, for example, Server.

    4. Password, for example, ormserver.

  4. Click Create, and then click Close.

  5. Go to Users and Groups, Administrative User Roles.

  6. Click Add and perform the following substeps:

    1. In the User field, type the user ID created in Step 3.

    2. In the Role(s) field, select Operator.

    3. Click OK.

5.7.3 Creating Alias for Custom User

To create alias for the custom user:

  1. Go to Security, Secure administration, applications, and infrastructure.

  2. In the Authentication section, expand Java Authentication and Authorization Service and then click J2C authentication data.

  3. Click New and perform the following substeps:

    1. In the Alias field, type the alias name, for example, ormserver.

    2. In the User field, type the User ID that you created in Step 3 of Section 5.7.2.

    3. In the Password field, type the password that you created in Step 3 of Section 5.7.2.

  4. Click OK.

5.7.4 Configuring Connection Factory Authentication

To configure authentication for the connection factories:

  1. Go to Resources, Resource Adapters, J2C connection factories.

  2. Click the title of the connection factory.

  3. Set the Container-managed authentication alias to the custom user alias created in Section 5.7.3, then click OK.

    The reference to this option being deprecated can be ignored.

  4. Repeat these steps for each of the new connection factories, then save your changes.

5.7.5 Configuring Activation Specification Authentication

To configure authentication for the activation specifications:

  1. Go to Resources, Resource Adapters, J2C activation specification.

  2. Click the title of the new activation specification.

  3. Set the Authentication alias to the user alias created in Section 5.7.3, then click OK.

  4. Repeat these steps for each of the new activation specifications, and then save your changes.

5.7.6 Securing the Message Bus

To secure the message bus:

  1. Go to Security, Bus Security.

  2. In the Security column, for each Oracle Role Manager bus, click Disabled.

  3. Select the Enable bus security check box, and then click Apply.

    Note:

    Enable bus security field is disabled if you have deselected Enable Bus Security field while configuring JMS messaging buses in the of Section 5.4.1 for nonclustered environments, or of Section 5.4.2 for clustered environments

  4. For each Oracle Role Manager bus:

    1. Click Enabled.

    2. In the Additional Properties section, click Users and groups in the bus connector role.

  5. Click New and select User Name.

  6. In the User Name field, type the User ID that you created in Step 3 of Section 5.7.2, then click OK.

5.8 Configuring Data Upload Size Limit

You can upload a DAR file to load data of maximum size 10 MB into the system. If you try to load data larger than this maximum upload size, you get an error message. Optionally, you can configure the maximum data upload size limit to a higher or lower value than the default settings.

To configure the data upload size limit:

  1. From Servers, select Application Servers.

  2. Click the server for Oracle Role Manager, for example, ORM Server.

  3. In the Server Infrastructure section, expand Java and Process Management, and then click Process Definition.

  4. In the Additional Properties section, click Java Virtual Machine, and then click Custom Properties.

  5. Click New and type the following information:

    1. In the Name field, type oracle.iam.rm.loader.max_upload_size.

    2. In the Value field, type the maximum size (in bytes) of data upload that you want to set, for example, 10485760.

      Note:

      The default value of the maximum size of data upload is 10 MB (10x1024x1024 = 10485760). You can modify this value to any other limit.

    3. In the Description field, type the description for the maximum upload size that you set, for example, maximum size limit for the Oracle Role Manager loader.

    4. Click OK.

  6. For clustered server environments, repeat these steps for each Oracle Role Manager server in the cluster.

5.9 Increasing the Transaction Timeout

To increase the transaction timeout:

  1. From Servers, select Application Servers.

  2. Click the server for Oracle Role Manager, for example, ORM Server.

  3. In the Container Settings section, expand Container Services, and then Click Transaction Service.

  4. In the Total transaction lifetime timeout field, type the new value, 1200, if you want to change the default value, which is 120.

  5. In the Maximum transaction timeout field, type the new value, 1200, if you want to change the default value, which is 300.

  6. Click Apply to save the server settings.

  7. For clustered server environments, repeat the preceding steps for each Oracle Role Manager server in the cluster.

  8. Restart the server or cluster, accordingly.

Note:

For performance tuning of the WebSphere Application Server, refer to the following link:

http://www-01.ibm.com/software/webservers/appserv/was/performance.html

5.10 Setting Up the Server Virtual Host Information (Clustered Environment Only)

The application server uses the virtual host information setup on the Node Manager to properly configure the Web server plug-ins to distribute the load and deal with failover. When you add a server to the cluster, you must update the virtual host information.

To update the virtual host information:

  1. Ensure that Node Manager is running.

  2. Using a Web browser, connect to the Node Manager administrative console by navigating to the following URL:

    http://NDM_HOST:NDM_PORT/admin

  3. Log in using the Oracle Identity Manager Administrator name and password that you specified during installation.

  4. In the left pane, click Servers.

  5. Click Application Servers, then click ORM Server1.

  6. In the Communications section, click Ports.

    Make note of the port numbers for WC_defaulthost. You will need this port number for the new host alias created later in this procedure.

  7. In the left pane, click Environment.

  8. Click Virtual Hosts, then click default_host.

  9. Click Host Aliases, then click New.

  10. In the Host Name field, enter an asterisk (*).

  11. In the Port field, enter the port that you noted as the port for WC_defaulthost, then click Apply.

  12. Select Preferences, Synchronize changes with Nodes, then click Apply.

  13. Click Save.

    Virtual host setup for the ORM Server1 server is complete.

  14. Repeat the procedure for all available servers in ORM_CLUSTER, for example, ORM Server2 and so forth.

5.11 Deploying Oracle Role Manager

This section includes the following topics:

5.11.1 Deploying the Oracle Role Manager Server

To deploy the Oracle Role Manager server:

  1. Go to Applications, Install New Application.

  2. Choose Remote file system, click Browse to navigate to the ORM_HOME/lib directory, select server.ear, and then click OK.

  3. Click Next.

  4. On the Map modules to servers page, perform the following substeps:

    1. From the Clusters and Servers list, select the server or cluster on which Oracle Role Manager is to be deployed.

    2. Select both modules, server.jar and ormconsole.

    3. Click Apply.

    4. Click Next.

  5. Click Finish.

    This could take a few moments to complete.

  6. Click Save.

  7. For clustered server environments, click OK.

To associate the custom user to the Oracle Role Manager server:

  1. Go to Applications, Enterprise Applications.

  2. Select ORM Server.

  3. In the Detail Properties section, click Security role to user/group mapping.

  4. Select ORMServer, and then click Look up users.

  5. Search and select the ormserver user that you created in Step 3 of Section 5.7.2, then move it to the Selected list by clicking the right arrow and then click OK.

  6. In the Security role to user/group mapping page, click OK.

  7. In the Detail Properties section, click User RunAs roles.

  8. Perform the following substeps:

    1. In the User Name field, type the User ID that you created in Step 3 of Section 5.7.2.

    2. In the password field, type the password that you created in Step 3 of Section 5.7.2.

    3. In the Role(s) field, select ORMServer.

  9. Click Apply, and then click OK.

  10. Restart the server or cluster on which Oracle Role Manager is installed.

    Note:

    • If you have created a non-admin server in the for Oracle Role Manager, then the non-admin server does not get started automatically when the websphere admin server is started or when the websphere windows service is started. You can start the non-admin server using the following command:

      [Websphere Profile Install Dir]/bin/startServer.bat <server-name>

    • After starting the server on which Oracle Role Manager is installed, if you see the status of the Oracle Role Manager server application through the administrative console of the administrative server, it might show as stopped though the application has actually started. You cannot start the application deployed on the non-admin server through the administrative console of the administrative server.

  11. To test the server installation, ensure that you can get to the Oracle Role Manager administrative console from a Web browser. For example:

    http://localhost:9080/ormconsole

    You should see the Home page of the Oracle Role Manager administrative console.

5.11.2 Deploying the Oracle Role Manager Web Application

To deploy the Oracle Role Manager Web application:

  1. Go to Applications, Install New Application.

  2. Select Remote file system, click Browse to navigate to the ORM_HOME/webui/websphere/6.1 directory, select webui.ear, click OK and then click Next.

  3. On the Select installation options page, accept the defaults and then click Next.

  4. On the Map modules to servers page, perform the following substeps:

    1. From the Clusters and Servers list, select the server or cluster on which Oracle Role Manager is to be deployed.

    2. Select the webui module.

    3. Click Apply.

    4. Click Next.

  5. Click Finish, and then save your changes.

  6. Go to Applications, Enterprise Applications, ORM Web UI.

  7. Click Manage Modules.

  8. Click the webui link.

  9. In the Class loader order list, select Classes loaded with application class loader first and apply.

  10. From Applications, Enterprise Applications, select ORM Web UI, and then click Start.

    (This assumes you are administering WebSphere on the same server as the ORM Web UI is installed).

    Note:

    If Web UI is deployed on a non-administrative server or cluster, then restart that server or cluster.

  11. Test the Web application installation as follows:

    1. In a Web browser, navigate to the Oracle Role Manager Web application address. For example:

      http://localhost:9080/webui

    2. Log in as the Oracle Role Manager Administrator created in Section 3.3, "Installing Role Manager."

      You should see the Home page of the Oracle Role Manager Web application.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us