Oracle 中间件 OIM-OUD-OAM-OHS集成配置

1                      配置环境准备

IDM产品安装版本：

• Oracle Database 19c (19.0.0.0.0)

• Oracle Identity and Access Management 12c (12.2.1.4.0)

• Oracle Unified Directory 12c (12.2.1.4.0)

• Oracle WebLogic Server 12c (12.2.1.4.0)

• Oracle HTTP Server 12c (12.2.1.4.0)

• Oracle SOA Suite 12c (12.2.1.4.0)

• Oracle Webgate 12c (12.2.1.4.0)

 

1.1                      环境变量配置

在OIM服务器所有节点配置以下环境变量，后面执行配置脚本会使用。

编辑环境变量配置文件命令：  vim ~/.bash_profile

配置完成后刷新环境变量命令：source ~/.bash_profile

 

新增的环境变量配置(下面标红色的配置需要根据实际环境进行相应修改)：

export APP_SERVER=weblogic

export MW_HOME=/home/oracle/Oracle/Middleware/Oracle_Home

export WL_HOME=$MW_HOME/wlserver

export WLS_HOME=$WL_HOME/server

export ANT_HOME=$MW_HOME/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5

export JAVA_VENDOR=Oracle

export IAM_HOME=$MW_HOME/idm

export IAM_ORACLE_HOME=$IAM_HOME

export OIM_HOME=$IAM_HOME

export OIM_ORACLE_HOME=$IAM_HOME

export ORACLE_HOME=$MW_HOME

export SOA_HOME=$MW_HOME/soa

export SOA_ORACLE_HOME=$SOA_HOME

export XL_HOME=$OIM_HOME/server

export DC_HOME=$OIM_HOME/designconsole

export DOMAIN_HOME=$MW_HOME/user_projects/domains/oim_domain

 

PATH=$PATH:$HOME/.local/bin:$HOME/bin:$ANT_HOME/bin

 

 

1.2                      开启OUD变更日志

OUD需要启用变更日志才能从OIM进行增量同步，进入OUD实例目录开启变更日志：

$OUD_INSTANCE/OUD/bin路径下执行命令：

./dsreplication enable-changelog -h jfidmdevoud.faw.com -p 3060 -D "cn=Directory Manager" -r 8989 -b "dc=com,dc=faw"

 

执行完成后需要重启OUD实例.

 

1.3                      OAM和OUD密码锁定策略

设置OAM和OUD允许用户验证失败时最大重试次数相同.

登录oamconsole,在“口令策略”配置界面修改“最大尝试次数”值为3，然后点击“应用”按钮。

 

登录OUD的oudsm管理平台，在“安全”->“口令策略”->“Default Password Policy”，修改“封锁失败计数”值为：3，然后点击“应用”按钮。

 

或者也可以使用命令设置OUD密码的封锁失败计数：

$OUD_INSTANCE/OUD/bin路径下执行命令：

./dsconfig -h jfidmdevoud.faw.com -p 3060 -D "cn=Directory Manager" -j password.txt -X -n set-password-policy-prop --policy-name 'Default Password Policy' --set lockout-failure-count:3

 

 

1.4                      修改OIM-mds-oim连接池

登录OIM console控制台中，导航到“ 服务”->“ 数据源”-> “mds-oim”

在MDS-OIM连接池中更新以下属性值：

Ø                      初始容量：50

Ø                      最大容量：150

Ø                      最小容量：50

Ø                      非活动连接超时：10 (展开下方的“高级”链接配置)

 

最后点击保存，单击激活更改。

 

 

1.5                      解压OUD连接器文件

分别登录OIM各节点服务器，复制OUD连接器文件“oid-12.2.1.3.0.zip”到路径$ORACLE_HOME/idm/server/ConnectorDefaultDirectory下，然后解压文件，进入ConnectorDefaultDirectory/OID-12.2.1.3.0/xml目录，备份以下文件：

cp ODSEE-OUD-LDAPV3-pre-config.xml ODSEE-OUD-LDAPV3-pre-config.xml.bak

cp ODSEE-OUD-LDAPV3-target-template.xml ODSEE-OUD-LDAPV3-target-template.xml_bak

cp ODSEE-OUD-LDAPV3-auth-template.xml ODSEE-OUD-LDAPV3-auth-template.xml_bak

 

2                      OIM集成配置

 

 

2.1                      配置IDStore

登录OIM管理服务器节点，进入路径：$ORACLE_HOME/idm/server/ssointg/config下.

备份以下配置文件：

cp ssointg-config.properties ssointg-config.properties_bak

cp prepareIDStore.all.config prepareIDStore.all.config_bak

cp configOAM.config configOAM.config_bak

cp populateOHSRedirectIdmConf.config populateOHSRedirectIdmConf.config_bak

cp configureWLSAuthnProviders.config configureWLSAuthnProviders.config_bak

cp configureLDAPConnector.config configureLDAPConnector.config_bak

cp configureSSOIntegration.config configureSSOIntegration.config_bak

cp enableOAMSessionDeletion.config enableOAMSessionDeletion.config_bak

cp addMissingObjectClasses.config addMissingObjectClasses.config_bak

 

编辑文件ssointg-config.properties，修改以下配置：

generateIndividualConfigFiles=false

prepareIDStore=true

configOAM=true

addMissingObjectClasses=true

populateOHSRules=true

configureWLSAuthnProviders=true

configureLDAPConnector=true

configureSSOIntegration=true

enableOAMSessionDeletion=true

## Container rules are automatically updated during configureLDAPConnector

## This is an additional option provided to update rules later on

updateContainerRules=true

 

然后编辑文件prepareIDStore.all.config，配置OUD连接信息。

参数说明：

1.       OUD连接使用负载后的地址(域名/IP)和端口

2.       DN地址按实际OUD里面结构填写

3.       配置公司邮箱地址后缀

4.       OUD类型还需要配置这三个属性：IDSTORE_ADMIN_PORT、IDSTORE_KEYSTORE_FILE、IDSTORE_KEYSTORE_PASSWORD

5.       admin-keystore文件从OUD实例目录下复制过来，再配置上路径，文件在OUD上的路径：$OUD_INSTANCE/OUD/config/admin-keystore。

6.       admin-keystore 密码来源于文件$OUD_INSTANCE/OUD/config/admin-keystore.pin，直接复制过来配置

 

配置参考：

IDSTORE_DIRECTORYTYPE: OUD

IDSTORE_HOST: 10.60.25.67

IDSTORE_PORT: 1389

IDSTORE_BINDDN: cn=Directory Manager

IDSTORE_BINDDN_PWD: welcome1

IDSTORE_USERNAMEATTRIBUTE: cn

IDSTORE_LOGINATTRIBUTE: uid

IDSTORE_SEARCHBASE: dc=FawJiefang,dc=com

IDSTORE_USERSEARCHBASE: cn=Users,dc=FawJiefang,dc=com

IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=FawJiefang,dc=com

IDSTORE_SYSTEMIDBASE: cn=systemids,dc=FawJiefang,dc=com

IDSTORE_READONLYUSER: IDROUser

IDSTORE_READWRITEUSER: IDRWUser

IDSTORE_SUPERUSER: weblogic_fa

IDSTORE_OAMSOFTWAREUSER: oamLDAP

IDSTORE_OAMADMINUSER: oamAdmin

IDSTORE_OAMADMINUSER_PWD: welcome1

IDSTORE_OIMADMINUSER: oimLDAP

IDSTORE_OIMADMINUSER_PWD: welcome1

IDSTORE_OIMADMINGROUP: OIMAdministrators

IDSTORE_WLSADMINUSER: weblogic

IDSTORE_WLSADMINUSER_PWD: welcome1

IDSTORE_XELSYSADMINUSER_PWD: welcome1

IDSTORE_WLSADMINGROUP: IDM Administrators

IDSTORE_OAAMADMINUSER: oaamAdminUser

## The domain for the email - e.g. user@company.com

IDSTORE_EMAIL_DOMAIN: fawjiefang.com.cn

POLICYSTORE_SHARES_IDSTORE: true

OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators

## If you are using OUD as the identity store, then the additional properties are:

IDSTORE_ADMIN_PORT: 3060

IDSTORE_KEYSTORE_FILE: /home/oracle/Oracle/Middleware/Oracle_Home/idm/server/ssointg/config/OUD_PIN/admin-keystore

## The value of the IDSTORE_KEYSTORE_PASSWORD parameter is the content of the /u01/config/instances/oud1/OUD/config/admin-keystore.pin

IDSTORE_KEYSTORE_PASSWORD: qXFNHKQENgfiXBZR5QU01uGAY5SDXSLYQxIl8DPBPSH4kUVOJM

 

 

以上配置完成后，进入目录：$ORACLE_HOME/idm/server/ssointg/bin执行脚本，执行过程中会设置多个管理员账号密码，统一设置成一样即可：

./OIGOAMIntegration.sh -prepareIDStore

 

 

脚本执行成功详情(参考)：

[oracle@idmkf-02 bin]$ ./OIGOAMIntegration.sh -prepareIDStore

JAVA_HOME=/usr/java/jdk1.8.0_241

APPSERVER_TYPE=wls

ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_Home

OIM_ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_Home/idm

WL_HOME=/home/oracle/Oracle/Middleware/Oracle_Home/wlserver

 

DIR_TYPE=OID

 

ARGS = -prepareIDStore

Found command -prepareIDStore

UpdateCommandFlags: true false false false false false false false false false

………. …. …. …. …. …. …. …. …. …. …. …. …. …. …. …. …. …. …. ….

Mar 12, 2020 9:09:06 PM oracle.ldap.util.LDIFLoader loadOneLdifFile

INFO: -> LOADING: /home/oracle/Oracle/Middleware/Oracle_Home/idm/idmtools/templates/oud/oim_group_template.ldif

Mar 12, 2020 9:09:06 PM oracle.ldap.util.LDIFLoader loadOneLdifFile

INFO: -> LOADING: /home/oracle/Oracle/Middleware/Oracle_Home/idm/idmtools/templates/common/group_member_template.ldif

The tool has completed its operation. Details have been logged to /home/oracle/Oracle/Middleware/Oracle_Home/idm/server/ssointg/bin/../logs/prepareIDStore_20200312210627.all.out

[2020-03-12 21:09:07]

[2020-03-12 21:09:07] Executing setPrepareIDStoreStatus

[2020-03-12 21:09:07]

[2020-03-12 21:09:07] IDStoreStatusTool::installPropertyFile: /home/oracle/Oracle/Middleware/Oracle_Home//idm/server/ssointg/config/prepareIDStore.all.config

 

2.2                      配置OAM

进入目录：$ORACLE_HOME/idm/server/ssointg/config下，编辑文件configOAM.config，填写OAM和OUD信息.

 

参数说明：

1.       OUD连接使用负载后的地址(域名/IP)和端口

2.       DN地址按实际OUD里面结构填写

3.       PRIMARY_OAM_SERVERS配置OAM节点服务器，多个之间使用英文逗号隔开，例如：oamhost1.example.com:5575,oamhost2.example.com:5575

4.       OAM11G_IDM_DOMAIN_OHS_HOST、OAM11G_SERVER_LBR_HOST地址配置负载后的地址(域名/IP)、端口、协议(硬件代理/软件代理)

5.       COOKIE_DOMAIN填写域名地址后缀

6.       WEBGATE_TYPE 指定webgate版本(ohsWebgate11g/ohsWebgate12c)

7.       ACCESS_GATE_ID指定oamconsole创建的webgate名称，如果没有会按配置的名称自动创建

8.       OAM11G_IDSTORE_NAME指定身份存储库名称，如果没有会按配置的名称自动创建

 

配置参考：

WLSHOST: 10.60.25.67

WLSPORT: 7006

WLSADMIN: weblogic

IDSTORE_HOST: 10.60.25.67

IDSTORE_PORT: 1389

IDSTORE_BINDDN: cn=Directory Manager

IDSTORE_USERNAMEATTRIBUTE: cn

IDSTORE_LOGINATTRIBUTE: uid

IDSTORE_SEARCHBASE: dc=FawJiefang,dc=com

IDSTORE_USERSEARCHBASE: cn=Users,dc=FawJiefang,dc=com

IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=FawJiefang,dc=com

IDSTORE_OAMSOFTWAREUSER: oamLDAP

IDSTORE_OAMADMINUSER: oamAdmin

PRIMARY_OAM_SERVERS: 10.60.25.67:5575

WEBGATE_TYPE: ohsWebgate12c

ACCESS_GATE_ID: FawIdm_WG

OAM11G_IDM_DOMAIN_OHS_HOST: 10.60.25.66

OAM11G_IDM_DOMAIN_OHS_PORT: 4443

OAM11G_IDM_DOMAIN_OHS_PROTOCOL: https

OAM11G_OAM_SERVER_TRANSFER_MODE: Open

OAM11G_IDM_DOMAIN_LOGOUT_URLS: /console/jsp/common/logout.jsp,/em/targetauth/emaslogout.jsp

OAM11G_WG_DENY_ON_NOT_PROTECTED: false

OAM11G_SERVER_LOGIN_ATTRIBUTE: uid 

OAM_TRANSFER_MODE: Open

COOKIE_DOMAIN: .faw.com

OAM11G_IDSTORE_ROLE_SECURITY_ADMIN: OAMAdministrators

OAM11G_SSO_ONLY_FLAG: true

OAM11G_OIM_INTEGRATION_REQ: true

OAM11G_IMPERSONATION_FLAG: true

OAM11G_SERVER_LBR_HOST: 10.60.25.66

OAM11G_SERVER_LBR_PORT: 4443

OAM11G_SERVER_LBR_PROTOCOL: https

COOKIE_EXPIRY_INTERVAL: 120

OAM11G_OIM_OHS_URL: http://10.60.25.66:80/

SPLIT_DOMAIN: true

OAM11G_IDSTORE_NAME: OUDTest

IDSTORE_SYSTEMIDBASE: cn=systemids,dc=FawJiefang,dc=com

 

以上配置完成后，进入目录：$ORACLE_HOME/idm/server/ssointg/bin执行脚本，执行过程中会设置多个管理员账号密码，统一设置成一样即可：

./OIGOAMIntegration.sh -configOAM

 

执行成功后，需要重启OAM的AdminServer和NodeManagerServer。

 

 

脚本执行成功详情(参考)：

[oracle@idmkf-02 bin]$ ./OIGOAMIntegration.sh -configOAM

JAVA_HOME=/usr/java/jdk1.8.0_241

APPSERVER_TYPE=wls

ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_Home

OIM_ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_Home/idm

WL_HOME=/home/oracle/Oracle/Middleware/Oracle_Home/wlserver

 

DIR_TYPE=OUD

 

ARGS = -configOAM

Found command -configOAM

UpdateCommandFlags: false true false false false false false false false false

[2020-03-13 12:39:48]

Enter ID Store Bind DN Password : 

Enter User Password for OAM11G_WLS_ADMIN_PASSWD:

Confirm User Password for OAM11G_WLS_ADMIN_PASSWD

………………………………………………………………….

Created OAMIDAsserter successfuly

Created OUDAuthenticator successfuly

Setting attributes for OUDAuthenticator

All attributes set. Configured inOUDAuthenticatornow

LDAP details configured in OUDAuthenticator

Control flags for authenticators set sucessfully

Reordering of authenticators done sucessfully

Saving the transaction

Transaction saved

Activating the changes

Changes Activated. Edit session ended.

Connection closed sucessfully

The tool has completed its operation. Details have been logged to /home/oracle/Oracle/Middleware/Oracle_Home/idm/server/ssointg/bin/../logs/configOAM_20200313123948.out

 

2.3                      配置OHS规则

进入目录：$ORACLE_HOME/idm/server/ssointg/config下，编辑文件populateOHSRedirectIdmConf.config，填写OIM和OAM节点信息

参数说明：

1.       填写OIM和OAM Server(oim_server1、oam_server1)的第一个节点地址(域名/IP)和端口，集群环境需要等代理配置文件生成后再做修改.

 

配置参考：

OIM_HOST: 10.60.25.67

OIM_PORT: 14000

OAM_HOST: 10.60.25.67

OAM_PORT: 14100

 

 

以上配置完成后，进入目录：$ORACLE_HOME/idm/server/ssointg/bin执行脚本，执行过程中会设置多个管理员账号密码，统一设置成一样即可：

./OIGOAMIntegration.sh -populateOHSRules

 

执行完成后，把生成的代理配置文件($ORACLE_HOME/server/ssointg/templates/oim.conf)远程拷贝到所有的OHS节点服务器上($OHS_DOMAIN_HOME/config/fmwconfig/components/OHS/ohs1/moduleconf)

 

如果OIM和OAM是集群环境，需要修改oim.conf文件中的代理配置为集群代理。

集群代理配置参考：

<Location /oam>

      SetHandler weblogic-handler

      WeblogicCluster oamhost1.example.com:14100,oamhost1.example.com:14100

      MatchExpression /oam

</Location>

 

修改完成后重启OHS实例即可。

 

脚本执行成功详情(参考)：

[oracle@idmkf-02 bin]$ ./OIGOAMIntegration.sh -populateOHSRules

JAVA_HOME=/usr/java/jdk1.8.0_241

APPSERVER_TYPE=wls

ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_Home

OIM_ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_Home/idm

WL_HOME=/home/oracle/Oracle/Middleware/Oracle_Home/wlserver

 

DIR_TYPE=OUD

 

ARGS = -populateOHSRules

Found command -populateOHSRules

…………………………………………………………………

Mar 13, 2020 12:55:49 PM oracle.idm.diagnostics.client.ContextSensitiveLogger log

INFO: Dest/home/oracle/Oracle/Middleware/Oracle_Home/idm/server/ssointg/templates/oim.conf

Mar 13, 2020 12:55:49 PM oracle.idm.diagnostics.client.ContextSensitiveLogger log

INFO:

 

copyFilesRecursively - dest file path::/home/oracle/Oracle/Middleware/Oracle_Home/idm/server/ssointg/templates/oim.conf

[2020-03-13 12:55:49] oim.conf updated successfully.

 

2.4                      配置OIM-WLS身份提供程序

进入目录：$ORACLE_HOME/idm/server/ssointg/config下，编辑文件configureWLSAuthnProviders.config，填写OIM和OAM节点信息

 

参数说明：

1.       OUD连接使用负载后的地址(域名/IP)和端口

2.       DN地址按实际OUD里面结构填写

 

配置参考：

OIM_WLSHOST: 10.60.25.67

OIM_WLSPORT: 9001

OIM_WLSADMIN: weblogic

OIM_WLSADMIN_PWD: welcome1

IDSTORE_DIRECTORYTYPE: OUD

IDSTORE_HOST: 10.60.25.67

IDSTORE_PORT: 1389

IDSTORE_BINDDN: cn=Directory Manager

IDSTORE_BINDDN_PWD: welcome1

IDSTORE_USERSEARCHBASE: cn=Users,dc=FawJiefang,dc=com

IDSTORE_GROUPSEARCHBASE: cn=Groups,dc=FawJiefang,dc=com

 

 

以上配置完成后，进入目录：$ORACLE_HOME/idm/server/ssointg/bin执行脚本：

./OIGOAMIntegration.sh -configureWLSAuthnProviders

 

 

 

 

2.5                      配置LDAP-OUD连接器

进入目录：$ORACLE_HOME/idm/server/ssointg/config下，编辑文件configureLDAPConnector.config，填写OIM和OAM节点信息

参数说明：

1.       OUD连接使用负载后的地址(域名/IP)和端口

2.       DN地址按实际OUD里面结构填写

3.       配置OIM管理服务器受管理节点服务器连接信息

 

配置参考：

IDSTORE_DIRECTORYTYPE=OUD

OIM_HOST=10.60.25.67

OIM_PORT=14000

WLS_OIM_SYSADMIN_USER=xelsysadm

WLS_OIM_SYSADMIN_USER_PWD=welcome1

OIM_WLSHOST=10.60.25.67

OIM_WLSPORT=9001

OIM_WLSADMIN=weblogic

OIM_WLSADMIN_PWD=welcome1

IDSTORE_HOST=10.60.25.67

IDSTORE_PORT=1389

IDSTORE_BINDDN=cn=Directory Manager

IDSTORE_BINDDN_PWD=welcome1

IDSTORE_OIMADMINUSERDN= cn=oimLDAP,cn=systemids,dc=FawJiefang,dc=com

IDSTORE_OIMADMINUSER_PWD=welcome1

IDSTORE_SEARCHBASE=dc=FawJiefang,dc=com

IDSTORE_USERSEARCHBASE=cn=Users,dc=FawJiefang,dc=com

IDSTORE_GROUPSEARCHBASE=cn=Groups,dc=FawJiefang,dc=com

IDSTORE_USERSEARCHBASE_DESCRIPTION=Default user container

IDSTORE_GROUPSEARCHBASE_DESCRIPTION=Default group container

IDSTORE_EMAIL_DOMAIN=fawjiefang.com.cn

## For ActiveDirectory use the values of "yes" or "no". i.e. IS_LDAP_SECURE=yes/no

IS_LDAP_SECURE=false

SSO_TARGET_APPINSTANCE_NAME=SSOTarget

## Path to expanded connector bundle: e.g. for OID and OUD

CONNECTOR_MEDIA_PATH=/home/oracle/Oracle/Middleware/Oracle_Home/idm/server/ConnectorDefaultDirectory/OID-12.2.1.3.0

## Path for AD bundle

# CONNECTOR_MEDIA_PATH=/u01/oracle/products/identity/idm/server/ConnectorDefaultDirectory/activedirectory-12.2.1.3.0

## [ActiveDirectory]

# The following attributes need to be initialized only if Active Directory is the target server

# AD_DIRECTORY_ADMIN_NAME=oimLDAP@example.com

# AD_DIRECTORY_ADMIN_PWD=<password>

# AD_DOMAIN_NAME=example.com

## Active Directory Connector Server details

# AD_CONNECTORSERVER_HOST=192.168.99.100

# AD_CONNECTORSERVER_KEY=<connectorserverkey>

# AD_CONNECTORSERVER_PORT=8759

# AD_CONNECTORSERVER_TIMEOUT=0

## Set to yes if SSL is enabled

# AD_CONNECTORSERVER_USESSL=no

 

 

以上配置完成后，进入目录：$ORACLE_HOME/idm/server/ssointg/bin执行脚本：

./OIGOAMIntegration.sh -configureLDAPConnector

 

 

脚本执行成功详情(参考)：

[oracle@idmkf-02 bin]$ ./OIGOAMIntegration.sh -configureLDAPConnector

JAVA_HOME=/usr/java/jdk1.8.0_241

APPSERVER_TYPE=wls

ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_Home

OIM_ORACLE_HOME=/home/oracle/Oracle/Middleware/Oracle_Home/idm

WL_HOME=/home/oracle/Oracle/Middleware/Oracle_Home/wlserver

 

DIR_TYPE=OUD

 

ARGS = -configureLDAPConnector

Found command -configureLDAPConnector

…………………

Mar 13, 2020 1:57:43 PM oracle.ldap.util.LDIFLoader loadOneLdifFile

INFO: -> LOADING: /home/oracle/Oracle/Middleware/Oracle_Home/idm/server/ldif/prepareidstore/oud/oim_update_xelsysadm.ldif

[2020-03-13 13:57:43] LDAP connector successfully configured.

[2020-03-13 13:57:44]

[2020-03-13 13:57:44] Now running indexSchemaAttributes

[2020-03-13 13:57:44] installPropertyFile: /home/oracle/Oracle/Middleware/Oracle_Home//idm/server/ssointg/config/configureLDAPConnector.config

[2020-03-13 13:57:44] IDStoreConfigHandler.getHandler...

[2020-03-13 13:57:44] IDStoreConfigHandler.initDirCtx...

[2020-03-13 13:57:44] IDStoreConfigHandler.initDirCtx: dirCtx: javax.naming.ldap.InitialLdapContext@7181ae3f

 

2.6                      配置OIM-SSO集成

进入目录：$ORACLE_HOME/idm/server/ssointg/config下，编辑文件configureSSOIntegration.config，填写OIM和OAM节点信息

 

参数说明：

1.       OUD连接使用负载后的地址和端口

2.       DN地址按实际OUD里面结构填写

3.       配置OAM和OIM管理服务器受管理节点服务器连接信息

 

配置参考

NAP_VERSION: 4

COOKIE_EXPIRY_INTERVAL: 120

OAM_HOST: 10.60.25.67

OAM_PORT: 14100

ACCESS_SERVER_HOST: 10.60.25.67

ACCESS_SERVER_PORT: 5557

OAM_SERVER_VERSION: 12c

WEBGATE_TYPE: ohsWebgate12c

ACCESS_GATE_ID: FawIdm_WG

ACCESS_GATE_PWD: welcome1

COOKIE_DOMAIN: .faw.com

OAM_TRANSFER_MODE: Open

SSO_ENABLED_FLAG: true

SSO_INTEGRATION_MODE: CQR

OIM_LOGINATTRIBUTE: uid

OAM11G_WLS_ADMIN_HOST: 10.60.25.67

OAM11G_WLS_ADMIN_PORT: 7006

OAM11G_WLS_ADMIN_USER: weblogic

OAM11G_WLS_ADMIN_PASSWD: welcome1

## Required if OAM_TRANSFER_MODE is not OPEN

#SSO_KEYSTORE_JKS_PASSWORD: <password>

#SSO_GLOBAL_PASSPHRASE: <passphrase>

OIM_WLSHOST: 10.60.25.67

OIM_WLSPORT: 9001

OIM_WLSADMIN: weblogic

OIM_WLSADMIN_PWD: welcome1

IDSTORE_OAMADMINUSER: oamAdmin

IDSTORE_OAMADMINUSER_PWD: welcome1

## Required in SSL mode

#OIM_TRUST_LOC=/u01/oracle/products/identity/wlserver/server/lib/DemoTrust.jks

#OIM_TRUST_PWD=<password>

#OIM_TRUST_TYPE=JKS

 

 

 

以上配置完成后，进入目录：$ORACLE_HOME/idm/server/ssointg/bin执行脚本：

./OIGOAMIntegration.sh -configureSSOIntegration

 

如果执行过程出现异常：oracle.iam.sso.oam.impl.resource.seed.exception.OIMResourceSeedException可以忽略

 

进入OAM 服务器，在$ORACLE_HOME/idm/oam/def_import_policies路径下新建文件oim-resource-policy.xml，添加以下内容：

<?xml version="1.0" encoding="UTF-8"?>

<oam-policy>

  <change-record-number value="104"/>

  <shared-components>

    <resource-types>

      <resource-type description="HTTP Description" id="3fb97290-d2c5-46ae-87df-c4e483f10eca" name="HTTP">

        <operation description="POST" name="POST"/>

        <operation description="GET" name="GET"/>

      </resource-type>

    </resource-types>

    <host-identifiers>

      <host-identifier description="Host identifier for IAM Suite resources" id="0fbecc57-6a70-40c4-b91a-f6886ad3cf96" name="IAMSuiteAgent">

      </host-identifier>

    </host-identifiers>

  </shared-components>

  <application-domains>

    <application-domain description="Policy objects enabling OAM Agent to protect deployed IAM Suite applications" id="3c146a8b-2db4-40d7-a6b7-83193098bf78" name="IAM Suite">

      <resources>

        <resource hostidentifier="0fbecc57-6a70-40c4-b91a-f6886ad3cf96" id="483ffb5a-dddf-4e60-be4a-a48714051a3f" description="SOA Worklist" type="3fb97290-d2c5-46ae-87df-c4e483f10eca">

          <url>/soa/**</url>

          <protection-level>EXCLUDED</protection-level>

        </resource>

        <resource hostidentifier="0fbecc57-6a70-40c4-b91a-f6886ad3cf96" id="0f9f786d-4f93-4ea2-a4af-8c7f254bc014" description="OIM JMX config lifecycle" type="3fb97290-d2c5-46ae-87df-c4e483f10eca">

          <url>/jmx-config-lifecycle/**</url>

          <protection-level>EXCLUDED</protection-level>

        </resource>