Oracle's Identity Management Components include -
SSO - Oracle Single Sign-On Server
OID - Oracle Internet Directory
DAS - Delegated Administrative Services
DIP - Directory Integration & Provisioning Services
OCA - Oracle Certifying authority (Optional)
I am going to cover them in detail in my future posts, These Services & Component are quite important for Apps DBA as IM (Identity Management) is part of Oracle Apps Release 12.
This post covers overview & important notes w.r.t. to Identity Management Cluster where IM component are in Active Active scenario, which means IM components (OID, SSO, DAS) are available on both nodes for High Availability .
For IM underlying database can be single Instance database or Two or Multiple Instance RAC (Preferably atleast Two Node)
Distributed / Non Distributed IM
Distributed IM means IM components (SSO, DAS, OID) are distributed on more than one machine (SSO & DAS on one machine & OID on second machine).
Non Distributed IM means all IM components are on same machine.
You can cluster both Distributed or Non Distributed Identity Management
Here are few Notes/Checks which I learnt from my various Implementations
Things you should know before starting Installation
- Check if you want Distributed or Non-distributed IM Cluster
- Virtual Name of HTTP Server (Infra for SSO & OIDDAS) and protocol (http or https)
- Virtual Name of OID including port (SSL & NON-SSL, you need both. Default is 389 & 636 resp)
- Communication protocol requirement (HTTP or HTTPS) between
CLIENT -> Load Balancer -> HTTP Server
things you must do before Installing Oracle AS Identity Management Cluster
- synchronize system clock on all server (which are part of cluster) with in 250 second
- set cookie persistence at load balancer specifically for URI /oiddas/ , If your browser doesn't support persistence setting at URI level then set for all HTTP Traffic (Set cookie to expire when browser session expires)
- Before Installing firt OID Node make sure TCP monitoring is not enabled on Load Balancer on first node
- Configure load balancer to return immediately to calling clients
Things/Tips which will be handy for AS Cluster (IM Type)
- For first OID Node Installation, make sure MR is not registered with any OID else it will fail. Installer checks that & if it finds that MR is already registered it assumes first node & asks for first OID node information to make it part of OID cluster
- Choose similar component on other node of cluster (i.e. If node first Node you have OID & DAS then on other Cluster node also Install OID & DAS)
- To access OID on any OID node in cluster , you have to use Password for ias_admin on first installation and not ias_admin password used second , third or further installation of Instance in cluster (oiddas, orasso, oidmon)
- For IM Cluster you always select IM and not IM+MR (This is during Installation Screen)
- For IM content database should already be loaded with
using Repca or MRCA (Repository Creation Assistance or Metadata Repository Creation Assistance)
- Installation steps for first OID Node is different than subsequent Node
- For IM Cluster , never select IM+MR during Installation screen , always select IM only.
- You have to select HA (High Availability) during Installation Options.
More on Indentity Management Cluster Installation..
Enable Apex Applications for SSO authentication ..
Coming soon ....
Now register for E-mail notification via "Email Subsciption" on your right Menu Bar