一、环境
OS: Red Hat Enterprise Linux 5.4
IP Address: 10.100.100.160
FQDN: oiam.sttg-poc.com
二、RHEL5.4系统安装
安装Redhat Linux的过程比较简单,我选用的Linux版本是Redhat Enterprise Linux 5.4,因需装Oracle10g,系统环境需求如下:
RAM:1GB(最低需求512MB)
SWAP:2GB
必须安装以下系统组件:GNOME桌面环境、编辑器、开发工具、开发库等.
A) desktop environments:
gnome desktop environment
B) applications:
editer
C) development:
development libraries
development tools
gnome software development
D) servers:
不安装
E) base system:
base
x windows system
F) cluster storage:
不安装
G) clustering:
不安装
H) virtualization:
不安装
三、安装Sun Java System Directory Server 5.2 P4
进入Xwindows图形界面并开始安装
[root@oiam ~]# /media/cdrom/setup
Fully Qualified Computer Name: oiam.sttg-poc.com
Select Server or Console Installation
[X] Sun Java(TM) System Servers
Type of Installation
[X]Custom
Select installation directory
/app/sunDirectory
Sun Java(TM) System Directory Server User and Group
System User: root
System Group: root
Configuration Directory Server
[X]The new instance will be the configuration Directory Server
Data Storage Location
[X]Store data in the new Directory Server
Directory Server Settings
Server Identifier: oiam
Server Port: 10389
Suffix: dc=sttg-poc, dc=com
Configuration Directory Server Administartor
Administartor ID: admin
Password: ********
Password (again): ********
Administration Domain
Administration Domain: sttg-poc.com
Directory Manager Settings
Directory Manager DN: cn=Directory Manager
Password: ********
Password (again): ********
Create Sample Entries
[X]Create Sample Organizational Structure
Populate Suffix
[X]Populate with sample data
Administration Server Port Selection
Administartion Port: 10390
安装过程中,会报一个找不到libdb.so.3的错误,不用理会。
启动SunDirectory目录服务守护进程(slapd-serverID)和管理服务器守护进程(admin-serv)
[root@oiam ~]# /app/sunDirectory/slapd-oiam/start-slapd
[root@oiam ~]# /app/sunDirectory/start-admin
停止
[root@oiam ~]# /app/sunDirectory/slapd-oiam/stop-slapd
[root@oiam ~]# /app/sunDirectory/stop-admin
运行控制台(必须在Xwindows下)
[root@oiam ~]# /app/sunDirectory/startconsole
指定Sun Directory环境路径:
[root@oiam ~]# vi /etc/bashrc
加入:
export PATH=$PATH:/app/sunDirectory
创建启动停止脚本
[root@oiam ~]# vi /app/sun.sh
#!/bin/sh
# description: Sun Directory Server start&stop&restart script.
#
SUN_HOME=/app/sunDirectory
SUN_SVRID=oiam
if [ ! -f $SUN_HOME/start-admin ] ; then
echo "/$SUN_HOME setting is error."
exit
fi
if [ ! -f ${SUN_HOME}/slapd-${SUN_SVRID}/start-slapd ] ; then
echo "/$SUN_SVRID setting is error."
exit
fi
case "$1" in
'start')
echo "Starting the Sun Directory Server..."
${SUN_HOME}/slapd-${SUN_SVRID}/start-slapd
echo "Starting the Sun Directory Admin..."
$SUN_HOME/start-admin
;;
'stop')
echo "Stoping the Sun Directory Admin..."
$SUN_HOME/stop-admin
echo "Stoping the Sun Directory Server..."
${SUN_HOME}/slapd-${SUN_SVRID}/stop-slapd
;;
'restart')
$0 stop
$0 start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
[root@oiam ~]# chmod 775 /app/sun.sh
运行sunDirectory控制台
[root@oiam ~]# /app/sunDirectory/startconsole
为OAM创建一个Administrator帐号为:OAM Admin,uid=oamadmin
四、安装Apache 2.0.x
使用开放的LAMPP,下载LAMPP
http://sourceforge.net/projects/xampp/files/XAMPP%20Linux/1.4.16/xampp-linux-1.4.16.tar.gz/download
解压缩安装:
[root@oiam ~]# tar xzvf xampp-linux-1.4.16.tar.gz /opt
启动Apache
[root@oiam ~]# /opt/lampp/lampp start
停止Apache
[root@oiam ~]# /opt/lampp/lampp stop
注意:安装Identity Server和WebPass及WebGate等组件时,选择运行进程的User必须一致,运行
编辑 /opt/lampp/etc/httpd.conf 文件:
[root@oiam ~]# vi /opt/lampp/etc/httpd.conf
找到
User nobody
Group nogroup
替换为
User nobody
Group nobody
五、安装OAM
1) 安装 OIM Identity Server
将GCC运行库libgcc_s.so.1和libstdc++.so.5复制到/tmp/gcc32目录
将OAM安装文件(包括语言包)复制到 /tmp/oaminst,包括:
Oracle_Access_Manager10_1_4_3_0_linux_Access_Server
Oracle_Access_Manager10_1_4_3_0_linux_APACHE2_Policy_Manager
Oracle_Access_Manager10_1_4_3_0_linux_APACHE2_WebPass
Oracle_Access_Manager10_1_4_3_0_linux_Identity_Server
Oracle_Access_Manager10_1_4_3_0_ZH_linux_LP_Access_System
Oracle_Access_Manager10_1_4_3_0_ZH_linux_LP_Identity_System
[root@oiam ~]# cd /tmp/oaminst
[root@oiam oaminst]# chmod +x *
启动 Sun Directory:
[root@oiam ~]# /app/sun.sh start
开始安装:
[root@oiam oaminst]# ./Oracle_Access_Manager10_1_4_3_0_linux_Identity_Server
The product that you are about to install needs to be owned by a dedicated
user. Only root or the dedicated user may be able to start the service. Most
of the time the server is run as `root' or `nobody'.
Enter the username the Identity server is running as [nobody]
Enter the Group for the above username [nobody]
Please specify the installation directory for Oracle Access Manager 10.1.4.3.0
Identity Server.
Please specify a directory name or press Enter [/opt/netpoint] /app/OAM
Please select the following: 1. The default language for the current
installation. 2. The locales that you would like to be installed.
Please choose one of the languages as the default language
[X] 1 - English
[ ] 2 - Simplified Chinese
Please select the languages that you would like to be installed
[X] 1 - Simplified Chinese
Oracle Access Manager 10.1.4.3.0 Identity Server will be installed in the
following location:
/app/OAM/identity
for a total size:
416.1 MB
Please make a note of the Oracle Access Manager 10.1.4.3.0 Identity Server
installation directory: /app/OAM/identity because you will need to refer to it
in the future.
To proceed with installation of Oracle Access Manager 10.1.4.3.0 Identity
Server and for successfully running the product, you must install additional
GCC runtime libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that
these libraries should be compatible with GCC 3.3.2. The libraries are
available for download from either of the following locations -
http://metalink.oracle.com (requires login), or
http://www.oracle.com/technology/products/ias/index.html. Once these libraries
are locally available, please specify the directory containing the files and
proceed with the installation.
Location of GCC runtime libraries []: /tmp/gcc32
|-----------|-----------|-----------|------------|
0% 25% 50% 75% 100%
||||||||||||||||||||||||||||||||||||||||||||||||||
Specify the transport security mode between the WebPass/Identity client and
the Identity Server.
[X] 1 - Open Mode: No Encryption
[ ] 2 - Simple Mode: Encryption through SSL and a Public Key Certificate
[ ] 3 - Cert Mode: Encryption through SSL and a Public Key Certificate
Please provide the Identity Server ID, host name, and port number for the
Identity Server connection. You must use a unique ID for each Identity Server
you install.
Identity Server ID [] IdSvr_OIAM
Host name where the Identity Server is to be installed [] oiam.sttg-poc.com
Port number the Identity Server listens to [6022]
Is this the first Identity Server installation in the network for this LDAP
directory server? If it is the first Identity Server you will be guided
through screens to setup the Directory Server.
[X] 1 - Yes
[ ] 2 - No
Please select the appropriate options if you want to setup SSL between the
Identity Server and the Directory Server
[ ] 1 - Directory Server hosting user data is in SSL
[ ] 1 - Directory Server hosting Oracle data is in SSL
The Identity Server connects to an LDAP enabled directory server to store your
User Data. Choose the appropriate directory server below, and choose Next to
continue the installation process.
Directory Server Type
[ ] 1 - Oracle Internet Directory
[X] 2 - Sun Directory Server 5.x
[ ] 3 - NDS
[ ] 4 - Active Directory
[ ] 5 - Active Directory on Windows Server 2003
[ ] 6 - Active Directory Application Mode
[ ] 7 - Siemens DirX
[ ] 8 - IBM Directory Server
[ ] 9 - Data Anywhere
The Identity Server connects to an LDAP enabled directory server to store your
User and Oracle Data. Are the User and Oracle Data stored in different
directory servers? Choose the appropriate option and then choose Next to
continue the installation process.
Are Oracle and user data separate?
[X] 1 - Oracle data will be in the user data directory.
[ ] 2 - Oracle data will be in a separate directory.
Your directory server schema must be extended to include the Oracle Access
Manager schema. You may automatically update the schema now or manually update
the schema using instructions provided later. Do you want to automatically
extend the schema now?
[X] 1 - Yes
[ ] 2 - No
Host machine or IP in which the directory server resides [] oiam.sttg-poc.com
Port Number (For SSL connection, please provide the encrypted port) [] 10389
Root DN (e.g. cn=Directory Manager) [] cn=Directory Manager
Root Password
Oracle Access Manager 10.1.4.3.0 Identity Server has been successfully
installed.
Identity Server has been configured successfully. Please start your Identity
Server by running /app/OAM/identity/oblix/apps/common/bin/start_ois_server
program from command line.
Identity Server Setup Information
Transport Security: open
Identity Server Host Name: oiam.sttg-poc.com
Identity Server ID: IdSvr
Port Number: 6022
启动OAM Identity Server:
[root@oiam ~]# /app/OAM/identity/oblix/apps/common/bin/start_ois_server_nptl
如果要使用 /app/OAM/identity/oblix/apps/common/bin/start_ois_server 去启动,报“error while loading shared libraries: libnsl.so.1”错误,需要修改 start_ois_server 脚本
[root@oiam ~]# vi /app/OAM/identity/oblix/apps/common/bin/start_ois_server
将:
LD_ASSUME_KERNEL="2.4.19";
export LD_ASSUME_KERNEL ;
修改为:
# LD_ASSUME_KERNEL="2.4.19";
# export LD_ASSUME_KERNEL ;
停止使用 /app/OAM/identity/oblix/apps/common/bin/stop_ois_server 脚本
2) 安装 OIM WebPass (确保OAM Identity Server已经启动)
[root@oiam oaminst]# ./Oracle_Access_Manager10_1_4_3_0_linux_APACHE2_WebPass
The product that you are about to install needs to be owned by the same user
as the web server is running as. Most of the time the web server is run as
`root' or `nobody'. Doing a `ps' on the server process is a quick way to find
out who the owner is.
Enter the username the web server is running as [nobody]
Enter the Group for the above username [nobody]
Please specify the installation directory for Oracle Access Manager 10.1.4.3.0
WebPass.
Please specify a directory name or press Enter
[/opt/netpoint/webcomponent] /app/OAM/webcomponent
Please select the following: 1. The default language for the current
installation. 2. The locales that you would like to be installed.
Please choose one of the languages as the default language
[X] 1 - English
[ ] 2 - Simplified Chinese
Please select the languages that you would like to be installed
[X] 1 - Simplified Chinese
Oracle Access Manager 10.1.4.3.0 WebPass will be installed in the following
location:
/app/OAM/webcomponent/identity
for a total size:
170.9 MB
Please make a note of the Oracle Access Manager 10.1.4.3.0 WebPass
installation directory: /app/OAM/webcomponent/identity because you will need
to refer to it in the future.
To proceed with installation of Oracle Access Manager 10.1.4.3.0 WebPass and
for successfully running the product, you must install additional GCC runtime
libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that these libraries
should be compatible with GCC 3.3.2. The libraries are available for download
from either of the following locations - http://metalink.oracle.com (requires
login), or http://www.oracle.com/technology/products/ias/index.html. Once
these libraries are locally available, please specify the directory containing
the files and proceed with the installation.
Location of GCC runtime libraries []: /tmp/gcc32
|-----------|-----------|-----------|------------|
0% 25% 50% 75% 100%
||||||||||||||||||||||||||||||||||||||||||||||||||
Specify the transport security mode between the WebPass/Identity client and
the Identity Server.
[X] 1 - Open Mode: No Encryption
[ ] 2 - Simple Mode: Encryption through SSL and a Public Key Certificate
[ ] 3 - Cert Mode: Encryption through SSL and a Public Key Certificate
Please provide the WebPass ID, host name, and port number for the WebPass
connection. You must use a unique ID for each WebPass you install.
WebPass ID [] WebPass_OIAM
Host name where the Identity Server is installed [] oiam.sttg-poc.com
Port number the Identity Server listens to [6022]
Oracle Access Manager 10.1.4.3.0 WebPass is installed under your Oracle Access
Manager 10.1.4.3.0 WebPass installation directory. In order to use the Oracle
Access Manager 10.1.4.3.0 WebPass module, configure your web server by
modifying the configuration in your web server directory. Oracle can
automatically update the configuration for you. Alternatively, you can
manually update it.
Proceed with automatic update of "httpd.conf"?
[X] 1 - Yes
[ ] 2 - No
Enter the absolute path of httpd.conf in your Web Server config
directory.
(e.g. "/export/apache/conf/httpd.conf") [] /opt/lampp/etc/httpd.conf
Updating web server configuration...
-------------------------------------------------------------------------------
Please read the information below.
If the web server is setup in SSL mode, then httpd.conf file needs to be
configured with the SSL related parameters. To manually tune your SSL
configuration, please follow the instructions that come up.
Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]
-------------------------------------------------------------------------------
Configure Web Server
Please launch a browser and open the /app/OAM/webcomponent/identity
/oblix/lang/en-us/docs/config.htm document for further information on
configuring your Web Server.
确定sunDirectory, OAM Identity Server,已经启动:
[root@oiam ~]# /app/sun.sh start
[root@oiam ~]# /app/OAM/identity/oblix/apps/common/bin/start_ois_server
并重启Apache:
[root@oiam ~]# /opt/lampp/lampp restart
打开IE浏览器,访问http://oiam.sttg-poc.com/identity/oblix, 点击Identity System Console 显示“System Console Application is not set up”,点击"setup"开始配置
Directory Server Type containing User Data
选择 "Sun Directory Server 5.x"
Location Of Directory Server with User Data 输入以下:
Host: oiam.sttg-poc.com
Port Number: 10389
Root DN: cn=Directory Manager
Root Password: ********
Directory Server Security Mode: Open
Is the Configuration data stored in this directory also? Yes
Location of Configuration Data and the Oracle Access Manager Searchbase
Configuration DN: dc=sttg-poc,dc=com
Search base: dc=sttg-poc,dc=com
Person Object Class
Person Object Class: inetOrgPerson
Auto configure objectclass: X
Group Object Class
Group Object Class: groupOfUniqueNames
Auto configure objectclass: X
当提示"Please restart both your Identity Server and Web Server."重启OAM Identity Server和Web Server:
[root@oiam ~]# /app/OAM/identity/oblix/apps/common/bin/stop_ois_server
[root@oiam ~]# /app/OAM/identity/oblix/apps/common/bin/start_ois_server
[root@oiam ~]# /opt/lampp/lampp restart
点击"Next"后,如何没有反响,可以刷新一下页面
显示"Is the following configuration correct for objectclass 'inetOrgPerson'?" 选择"Yes"
显示"Is the following configuration correct for objectclass 'groupOfUniqueNames'?"时,选择"Yes"
Configure Administrators,在Master Admins选择: OAM Admin
重新访问"Identity System Console", 使用oamadmin帐号登录测试
3) 安装 OIM Policy Manager
[root@oiam oaminst]# ./Oracle_Access_Manager10_1_4_3_0_linux_APACHE2_Policy_Manager
The product that you are about to install needs to be owned by the same user
as the web server is running as. Most of the time the web server is run as
`root' or `nobody'. Doing a `ps' on the server process is a quick way to find
out who the owner is.
Enter the username the web server is running as [nobody]
Enter the Group for the above username [nobody]
Please specify the installation directory for Oracle Access Manager 10.1.4.3.0
Policy Manager. Access Manager must be configured on the same Web server
instance as WebPass, and installed in the same directory as WebPass. For
example, if you specified /SunOne/doc as the install directory for WebPass, it
was installed in /SunOne/docs/identity. You must now specify /SunOne/docs as
the installation directory for Access Manager install.
Please specify a directory name or press Enter
[/opt/netpoint/webcomponent] /app/OAM/webcomponent
Please select the following: 1. The default language for the current
installation. 2. The locales that you would like to be installed.
Please choose one of the languages as the default language
[X] 1 - English
[ ] 2 - Simplified Chinese
Please select the languages that you would like to be installed
[X] 1 - Simplified Chinese
Oracle Access Manager 10.1.4.3.0 Policy Manager will be installed in the
following location:
/app/OAM/webcomponent/access
for a total size:
230.4 MB
Please make a note of the Oracle Access Manager 10.1.4.3.0 Policy Manager
installation directory: /app/OAM/webcomponent/access because you will need to
refer to it in the future.
To proceed with installation of Oracle Access Manager 10.1.4.3.0 Policy
Manager and for successfully running the product, you must install additional
GCC runtime libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that
these libraries should be compatible with GCC 3.3.2. The libraries are
available for download from either of the following locations -
http://metalink.oracle.com (requires login), or
http://www.oracle.com/technology/products/ias/index.html. Once these libraries
are locally available, please specify the directory containing the files and
proceed with the installation.
Location of GCC runtime libraries []: /tmp/gcc32
|-----------|-----------|-----------|------------|
0% 25% 50% 75% 100%
||||||||||||||||||||||||||||||||||||||||||||||||||
The Policy Manager connects to an LDAP enabled directory server to store
Policy Data. Choose the appropriate directory server below for policy data,
and choose Next to continue the installation process.
Directory Server Type
[ ] 1 - Oracle Internet Directory
[X] 2 - Sun Directory Server 5.x
[ ] 3 - NDS
[ ] 4 - Active Directory
[ ] 5 - Active Directory on Windows Server 2003
[ ] 6 - Active Directory Application Mode
[ ] 7 - Siemens DirX
[ ] 8 - IBM Directory Server
If your policy data is in a separate directory server, Oracle schema needs to
be added to this directory server. This program can automatically update the
configuration for you. Alternatively, you can manually update the schema
through the instructions given to you at setup time. If your policy data is
in a separate directory server from either the directory server containing
Oracle configuration data or user data, do you want to automatically configure
your Directory Server containing Policy data now?
[X] 1 - Yes
[ ] 2 - No
Please provide information for the Directory Server containing Policy Data
Host machine or IP in which the Directory Server for Policy Data resides
[] oiam.sttg-poc.com
Port Number (For SSL connection, please provide the encrypted port) [] 10389
Root DN (e.g. cn=Directory Manager) [] cn=Directory Manager
Root Password
Update through SSL connection?
[ ] 1 - Yes
[X] 2 - No
Updating directory schema to Directory Server oiam.sttg-poc.com:10389 ...
There is an error. Please try again.
Error 68: Oracle Access Manager System Configuration already exists on the
specified LDAP directory server.
-------------------------------------------------------------------------------
Would you like to run it again?
[ ] 1 - Yes
[X] 2 - No
(提示配置已经存在,选择不再配置)
[ ] 1 - Directory Server hosting user data is in SSL
[ ] 1 - Directory Server hosting Oracle data is in SSL
[ ] 1 - Directory Server hosting Policy data is in SSL
Specify the transport security mode between this Access Manager and Access
Servers that you plan to install in the future.
Specify the transport security mode
[X] 1 - Open Mode: No Encryption
[ ] 2 - Simple Mode: Encryption through SSL and a Public Key Certificate
[ ] 3 - Cert Mode: Encryption through SSL and a Public Key Certificate
Oracle Access Manager 10.1.4.3.0 Policy Manager is installed under your Oracle
Access Manager 10.1.4.3.0 Policy Manager installation directory. In order to
use the Oracle Access Manager 10.1.4.3.0 Policy Manager module, configure your
web server by modifying the configuration in your web server directory. Oracle
can automatically update the configuration for you. Alternatively, you can
manually update it.
Proceed with automatic update of "httpd.conf"?
[X] 1 - Yes
[ ] 2 - No
Enter the absolute path of httpd.conf in your Web Server config
directory.
(e.g. "/export/apache/conf/httpd.conf") [/opt/lampp/etc/httpd.conf] /opt/lampp/etc/httpd.conf
Updating web server configuration...
-------------------------------------------------------------------------------
Please read the information below.
If the web server is setup in SSL mode, then httpd.conf file needs to be
configured with the SSL related parameters. To manually tune your SSL
configuration, please follow the instructions that come up.
Configure Web Server
Please launch a browser and open the /app/OAM/webcomponent/access
/oblix/lang/en-us/docs/config.htm document for further information on
configuring your Web Server.
重启Apache:
[root@oiam ~]# /opt/lampp/lampp restart
打开IE浏览器,访问http://oiam.sttg-poc.com/access/oblix, 点击Access System Console 显示“Administration Console Application is not set up”,点击"setup"开始配置
User Directory Server Type, 选择: Sun Directory Server 5.x
Location Of Directory Server for User Data
Machine: oiam.sttg-poc.com
Port Number: 10389
Root DN: cn=Directory Manager
Root Password: ********
Directory Server Security Mode: Open
Directory Server Type containing Configuration data, 选择: Sun Directory Server 5.x
Directory Server containing User Data and Directory Server containing Configuration Data
[X] Store Configuration Data in the User Directory Server
[ ] Store Configuration Data in a separate Directory Server
Directory Server containing User Data and Directory Server containing Policy Data
[X] Store Policy Data in the User Directory Server
[ ] Store Policy Data in a separate Directory Server
Location Of Oracle Access Manager Configuration data, the Searchbase, and the Policybase
Directory Server = oiam.sttg-poc.com : 10389
Search Base: dc=sttg-poc,dc=com
Configuration DN: dc=sttg-poc,dc=com
Policy Base: dc=sttg-poc,dc=com
Person Object Class
Person Object Class: inetOrgPerson
显示"Please restart your web server. IIS Users must first halt the IIS Admin Service in the services control panel before restarting the web server."时,重启Apache
[root@oiam ~]# /opt/lampp/lampp restart
Root Directory for Policy Domains
Policy Domain Root: /
Configure Authentication Schemes
Do you want to configure Authentication Schemes? Yes
Which Authentication Scheme(s) do you want to configure?
[X] Basic Over LDAP [X] Client Certificate
Configure Policies to Protect NetPoint Identity System and Access Manager
Do you want to configure policies to protect Access System related URL's ? Yes
Securing Data Directories
To maintain security of the user data, you must protect some Oracle Access Manager directories against unauthorized access. Use Oracle Access Manager to control access to certain directories.
Three directories in the installation area must be protected:
<installation directory>/access/oblix/data
<installation directory>/access/oblix/config
<installation directory>/access/oblix/logs
Refer to the Oracle Access Manager Administration Guide for information about protecting these resources.
Installation Complete
Oracle Access Manager installation is now complete.
Please restart the Identity server and web server before proceeding.
Note: If you are using IIS, you must stop the IIS Admin Service in the services control panel before restarting the web server.
--------------------------------------------------------------------------------
Configuring Identity and Access Policy Domains
For both these domains, check default authentication rule and change it if needed. If Oracle Access Manager is running against an AD forest, you may need to change the authentication scheme for default authentication rules from "Oracle Access and Identity Basic Over LDAP" to "Oracle Access and Identity For AD Forest".
For both domains, check the default authorization rule and if needed modify it to restrict access.
Check the 'Anonymous' scheme used in the policies authentication rule and change it to use some other scheme if needed.
Check the 'OblixAnonymous' user definition and if necessary, modify it to some other user.
Add host IDs to the URL prefixes of policy domains.
Modify actions if Identity user type handling needs to happen through actions.
If you are doing xml->html translation at browser side, add "*.xsl" to the policy unprotecting common gifs and javascripts.
You must enable these policy domains to work.
3) 安装 OIM Access Server
Pre-installation:
访问 http://oiam.sttg-poc.com/access/oblix -> Acess System Console -> Access System Configuration
(用户: oamadmin)
选择 Access Server Configuration, 点击 Add:
Name: AccessSvr_OIAM
Hostname: oiam.sttg-poc.com
Port: 6021
Access Management Service: On
其它使用默认
开始安装:
[root@oiam oaminst]# ./Oracle_Access_Manager10_1_4_3_0_linux_Access_Server
The product that you are about to install needs to be owned by a dedicated
user. Only root or the dedicated user may be able to start the service. Most
of the time the server is run as `root' or `nobody'.
Enter the username the Access server is running as [nobody]
Enter the Group for the above username [nobody]
Please specify the installation directory for Oracle Access Manager 10.1.4.3.0
Access Server.
Please specify a directory name or press Enter [/opt/netpoint] /app/OAM
Please select the following: 1. The default language for the current
installation. 2. The locales that you would like to be installed.
Please choose one of the languages as the default language
[X] 1 - English
[ ] 2 - Simplified Chinese
Please select the languages that you would like to be installed
[X] 1 - Simplified Chinese
To proceed with installation of Oracle Access Manager 10.1.4.3.0 Access Server
and for successfully running the product, you must install additional GCC
runtime libraries, namely libgcc_s.so.1 and libstdc++.so.5. Note that these
libraries should be compatible with GCC 3.3.2. The libraries are available for
download from either of the following locations - http://metalink.oracle.com
(requires login), or http://www.oracle.com/technology/products/ias/index.html.
Once these libraries are locally available, please specify the directory
containing the files and proceed with the installation.
Location of GCC runtime libraries []: /tmp/gcc32
Specify the transport security mode between the WebGate/Access client and the
Access Server.
[X] 1 - Open Mode: No Encryption
[ ] 2 - Simple Mode: Encryption through SSL and a Public Key Certificate
[ ] 3 - Cert Mode: Encryption through SSL and a Public Key Certificate
|-----------|-----------|-----------|------------|
0% 25% 50% 75% 100%
||||||||||||||||||||||||||||||||||||||||||||||||||
The Access Server connects to an LDAP enabled directory server for Oracle
Data. Please provide following information for the directory server and choose
Next to continue the installation process.
Mode in which the Directory Server containing Oracle configuration data is
running
[X] 1 - Open
[ ] 2 - SSL
Host machine on which the Directory Server containing Oracle
configuration data resides [] oiam.sttg-poc.com
Port number on which the Directory Server containing Oracle
configuration data resides [] 10389
Root DN of the Directory Server containing Oracle configuration data
(e.g. cn=Directory Manager) [] cn=Directory Manager
Root Password of the Directory Server containing Oracle configuration data {password}
Type of the Directory Server containing Oracle configuration data
[ ] 1 - Sun Directory Server 5.x
[ ] 2 - NDS
[ ] 3 - Active Directory
[ ] 4 - Active Directory Application Mode
[ ] 5 - Siemens DirX
[ ] 6 - IBM Directory Server
[X] 7 - Oracle Internet Directory
Where is the Policy data stored?
[X] 1 - Oracle Directory
[ ] 2 - Separate Directory
Please provide the Access Server ID, Configuration DN, and Policy Base for the
Access Server. You must use a unique ID for each Access Server you install.
Access Server ID [] AccessSvr_OIAM
Configuration DN [] dc=sttg-poc,dc=com
Policy Base [] dc=sttg-poc,dc=com
Oracle Access Manager 10.1.4.3.0 Access Server has been successfully
installed. Access Server has been configured successfully. Please start your
Access Server by running
/app/OAM/access/oblix/apps/common/bin/start_access_server program from command
line. If your Access Server requires a password to start, please provide the
password through the -P option.
启动OAM Access Server:
[root@oiam ~]# /app/OAM/access/oblix/apps/common/bin/start_access_server_nptl
如果要使用 /app/OAM/access/oblix/apps/common/bin/start_access_server 去启动,报“error while loading shared libraries: libnsl.so.1”错误,需要修改 start_access_server 脚本
[root@oiam ~]# vi /app/OAM/access/oblix/apps/common/bin/start_access_server
将:
LD_ASSUME_KERNEL="2.4.19";
export LD_ASSUME_KERNEL ;
修改为:
# LD_ASSUME_KERNEL="2.4.19";
# export LD_ASSUME_KERNEL ;
停止使用 /app/OAM/access/oblix/apps/common/bin/stop_access_server 脚本
创建启动停止脚本
[root@oiam ~]# vi /app/oam.sh
#!/bin/sh
# description: OAM start&stop&restart script.
#
OAM_HOME=/app/OAM
WEBSVR_SHELL=/opt/lampp/lampp
if [ ! -f $OAM_HOME/identity/oblix/apps/common/bin/start_ois_server ] ; then
echo "/$OAM_HOME setting is error."
exit
fi
if [ ! -f $WEBSVR_SHELL ] ; then
echo "/$WEBSVR_SHELL setting is error."
exit
fi
case "$1" in
'start')
# Start the OAM Identity Server:
$OAM_HOME/identity/oblix/apps/common/bin/start_ois_server
$OAM_HOME/access/oblix/apps/common/bin/start_access_server
sleep 5
$WEBSVR_SHELL start
;;
'stop')
# Stop the OIM Server:
$WEBSVR_SHELL stop
$OAM_HOME/identity/oblix/apps/common/bin/stop_ois_server
$OAM_HOME/access/oblix/apps/common/bin/stop_access_server
;;
'restart')
$0 stop
sleep 2
$0 start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
[oracle@oiam ~]$ chmod 775 /app/oam.sh
启动 OAM:
[root@oiam ~]# /app/oam.sh start
启动 OAM:
[root@oiam ~]# /app/oam.sh stop
重启 OAM:
[root@oiam ~]# /app/oam.sh restart
访问http://oiam.sttg-poc.com/access/oblix
使用oamadmin登录