How to Install SSO with Oracle Fusion Middleware 11g [ID 1069426.

1]  

  Modified 04-AUG-2010     Type HOWTO     Status  

PUBLISHED

In this Document
  Goal
  Solution
     How to Install SSO with Oracle Fusion Middleware 11g
     1. Install Oracle Internet Directory 11g  - SSO Documentation
     2. Install Metadata Repository Creation Assistant (MRCA)
     3. Install Oracle Identity Management 10g (10.1.4.0.1) SSO+DAS Only
     4. Apply the Identity Management 10g 10.1.4.3.0 Patchset
     Using an Existing Identity Management 10g for SSO
  References

Applies to:
Oracle Fusion Middleware - Version: 11.1.1.1.0 to 11.1.1.3.0]
Information in this document applies to any platform.

Goal
To Answer Frequently Asked Questions Specific to Using SSO with FMW 11g...

I am trying to find Single Sign-On (SSO) installation and configuration for Oracle Fusion
Middleware (FMW) 11g, but am finding out that SSO is not available in FMW 11g. What is
supposed to be done for middle tier applications (such as Oracle Portal) which require its use?
According to documentation there is a Metadata Repository Creation Assistant (MRCA)
10.1.4.3.1. What is the difference between MRCA 10.1.4.3.1 and Identity Management
10.1.4.0.1 patched with the 10.1.4.3.0 Patchset?

[ Taken from Note:858748.1 - Oracle Fusion Middleware 11g - Getting Started FAQ ]

Solution

How to Install SSO with Oracle Fusion Middleware 11g

Oracle Fusion Middleware 11g is released with an option to use an Identity Management 10g
Single Sign-On (SSO) solution which requires the use of Metadata Repository Creation Assistant
(MRCA) in order to install SSO schemas in the Oracle Database Server. A new MRCA
10.1.4.3.1 release is delivered with Oracle Fusion Middleware 11g which is certified with Oracle
Database Server 11g releases, and is available in the 11g download location:

Oracle Fusion Middleware 11gR1 Software Downloads

[ http://www.oracle.com/technology/software/products/middleware/htdocs/fmw_11_download.ht
ml ]

Note:
In the original FMW 11g release (11.1.1.1.0) the MRCA 10.1.4.3.0 was used. With the releases
of 11.1.1.2.0/11.1.1.3.0, there is an updated version of MRCA available - version 10.1.4.3.1. The
updated version has fixes which allow it to be successfully run against Oracle Database 11.1
and 11.2 versions.

1. Install Oracle Internet Directory 11g  - SSO Documentation

Documentation for Oracle Fusion Middleware 11g Single Sign-On installation and configuration
is within the Oracle Identity Management 10g (10.1.4) Installation Guide. After you have
installed Oracle Internet Directory 11g, see Chapter 10 to begin the steps for Single Sign-On:

Oracle Identity Management Installation Guide

 - Part Number E12002-03 (updated with 11.1.1.3.0 documentation release)
[ http://download.oracle.com/docs/cd/E14571_01/install.1111/e12002/toc.htm ]
10 Installing Oracle Single Sign-On and Oracle Delegated Administration Services Against
Oracle Internet Directory

Note:

 Chapter 10 is the main documentation for installing SSO for Oracle Fusion Middleware
11g. Chapter 10 has been revised from the original and re-released with the 11.1.1.3.0
documentation library. The "11.1.1.3.0" Install Guide would be applicable to 11.1.1.2.0
and 11.1.1.3.0 because IDM 11.1.1.2.0 installation is required before updating to
11.1.1.3.0...See "Understanding Your Installation Starting Point". The remainder of this
My Oracle Support document is outlining the major steps and important points, as it goes
through each stage.

 Using Chapter 10 instructions, it is very important to run the inspre11.pl with the proper
options at the proper times. It is also important that it executes and makes changes, as
required. Ensure that the the script runs and returns a message to your screen. If the file is
0 bytes, (for whatever reason) it will not run and return nothing. If you need another file,

download this . There are various issues surrounding this, and data collected from the
 following commands will help troubleshoot:

SQL> select ATTRNAME,ATTRVAL from ds_attrstore where

ATTRNAME='orcldirectoryversion'

ldapsearch -h <oid_host> -p <oid_port> -D "cn=orcladmin" -w <pwd> -b "cn=IAS

Infrastructure Databases,cn=IAS,cn=Products,cn=oraclecontext" objectclass=*

2. Install Metadata Repository Creation Assistant (MRCA)

Referring to IDM 11g Installation Guide Chapter 10, the first step of installing SSO is to install
the required objects in the database using a special version of the Metadata Repository Creation
Assistant. MRCA 10.1.4.3.1 is released only on Linux x86 and Windows x86 platforms, and is to
be executed remotely to connect to any certified Oracle Database version, (10.2.0.4+, 11.1.0.7+,
11.2.0.1+).

This part of the installation comes in two parts:

 MRCA files are installed on the system, into a new Oracle home directory.

 RepCA tool is run to connect to your Oracle Database to install required schemas and
objects, then register with your OID 11g. At the screen prompts, choose install and
register and ensure you provide both non-SSL and SSL connection details to your
existing OID 11g.

Important:
Documentation has not been written specifically for MRCA 10.1.4.3.1 besides Chapter 10 of the
11g IDM Installation Guide. It is important use the MRCA 10.1.4.0.1 User's Guide during these
steps:
Oracle Application Server Metadata Repository Creation Assistant User's Guide
Microsoft Windows
[ http://download.oracle.com/docs/cd/B28196_01/repca.1014/b28216/toc.htm ]
Linux x86
[ http://download.oracle.com/docs/cd/B28196_01/repca.1014/b28214/toc.htm ]

Certification Information:

When installing from the IM 10.1.4 media, it is important to first verify the IM 10.1.4
Certification Guide, "Section 8, "Oracle Internet Directory and Oracle Application Server
Single Sign-On Certification", taking note that there may be footnotes applicable to your
platform, as there are patches required in order to start the installer on newer platforms:
Oracle Identity Management (10.1.4.0.1) Certification Guide
[http://www.oracle.com/technology/software/products/ias/files/idm_certification_101401.html]

Windows Vista/2008, SLES 10, RHEL 5 and OEL 5:

On the above OS versions, there has been a certification performed where there are requirements,
known issues and patches required before starting the installer. Use these patches if the Installer
provides an error that the OS is not supported, which are provided in the following document
from original IM 10.1.4.0.1 Certification Guide

Note 465847.1 Oracle Identity Management 10g (10.1.4.0.1) Release Notes Addendum

Extra MRCA 10.1.4.3.1 Requirement on Windows 2008 R1:

 Apply Patch 7391123 in order to start the MRCA 10.1.4.3.1 installer

 Apply Patch 9188117 before loading schemas through MRCA 10.1.4.3.1

Bug 9865293 is filed on Patch 9188117 not applying with OPatch. Until this is resolved,
manually replace the repca.jar in the patch area to your MRCA home, then run the repca
tool as per the MRCA Install Guide. 

 Follow Note 465847.1 for Identity Management 10.1.4.0.1 remaining certification

 Please note that Windows 2008 R2 is NOT certified/supported with this Oracle Fusion
Middleware 11g topology.  It is currently going through testing and documentation.

3. Install Oracle Identity Management 10g (10.1.4.0.1) SSO+DAS Only

After MRCA 10.1.4.3.1 is installed, an Identity Management 10g (10.1.4.0.1) installation would
be performed choosing the Oracle Single Sign-On and Oracle Delegated Administration Services
(SSO+DAS) installation  option. For use with Oracle Fusion Middleware 11g, its important to
only choose the SSO+DAS installation option. This is available in the 10g download location:
Oracle Identity Management 10g (10.1.4.0.1) Download
[ http://www.oracle.com/technology/software/products/ias/htdocs/101401.html ]
-- Pick "Oracle Identity Management Infrastructure and Oracle Identity Federation"

Be sure to follow the Identity Management 10g (10.1.4) Installation Guide, in particular the steps
to choose the SSO+DAS without OID and DIP (which would already be installed as 11g). Below
is a Linux x86 Install Guide with a direct link to section of importance
Oracle Application Server Installation Guide10g (10.1.4.0.1) for Linux x86
4.24 Installing Oracle Identity Management Components Only (Excluding Oracle Internet
Directory)
[ http://download.oracle.com/docs/cd/B28196_01/install.1014/b28194/infra.htm#BABDDJIB ]

Notes

 The IDM 11g Chapter 10 says Patch 5649850 is required for the 10.1.4.3
Patchset. It is actually required when installing the 10.1.4.0.1 SSO/DAS
home. During the OC4J Instance Configuration Assistant, there will be a
"java.sql.SQLException: ORA-01017: invalid username/password; logon
denied" error when deploying OC4J_SECURITY applications.

If this happens, perform the following actions while leaving the OUI
Installer up and running:

o Download Patch 6880880, choosing the 10.1.0.5 choice for your

platform. Extract the contents replacing ORACLE_HOME/OPatch
o Download Patch 5649850 and install using
ORACLE_HOME/OPatch/opatch apply. Note it may say all
processes need to be down, but in this case, its only affecting
ORACLE_HOME/jdbc/lib jar files which can be managed while
other processes are running.
o Retry the OC4J Instance Configuration Assistant
(On UNIX systems, the installer stops to let you run root.sh, in
which you can take action to prevent the Configuration Assistant
failure).

 Certification Information:

When installing from the IM 10.1.4 media, it is important to first verify

the IM 10.1.4 Certification Guide, "Section 8, "Oracle Internet Directory
and Oracle Application Server Single Sign-On Certification", taking note
that there may be footnotes applicable to your platform, as there may be
patches required in order to start the installer:

Oracle Identity Management (10.1.4.0.1) Certification Guide

[http://www.oracle.com/technology/software/products/ias/files/idm_certifi
cation_101401.html]

 Windows Vista/2008, SLES 10, RHEL 5 and OEL 5:

On the newer OS versions, there has been a certification performed where

patches are required before starting the installer. Use these patches if the
 Installer provides an error that the OS is not supported, which are provided
in the following document from the original IM 10.1.4 Certification:

Note 465847.1 Oracle Identity Management 10g (10.1.4.0.1) Release

Notes Addendum

Please note that Windows 2008 R2 is NOT certified/supported with this

Oracle Fusion Middleware 11g topology.  It is currently going through
testing and documentation.

4. Apply the Identity Management 10g 10.1.4.3.0 Patchset

After SSO+DAS 10.1.4.0.1 is installed, the Identity Management 10g 10.1.4.3 Patchset (Patch
7215628) needs to be applied to the SSO+DAS home. Where an Oracle Database Server release
2 (11.2) is associated, its important to first download Patch 6265268, following its readme file.

Chapter 10 of the IDM 11g Installation Guide says Patch 5649850 is required for a pre-requisite
failure during the 10.1.4.3 Patchset. It is actually required when installing the 10.1.4.0.1
SSO/DAS home. See the previous section, as this should already be applied.

Using an Existing Identity Management 10g for SSO

If you have an already existing Identity Management 10g (10.1.4 or 10.1.2), it is an option to use
the Oracle Single Sign-On ((SSO) you already have installed and configured when installing
products such as Oracle Portal, (which requires SSO). Interoperability considerations will need
to be managed between the installed Oracle Internet Directory and Oracle Database Server while
planning the upgrade process.If installing an installation type which does not require SSO at
installation time, it may be a post-install configuration, depending on the components involved. 
If considering this, refer to the Upgrade and Planning Guide and Security Guide for more
details:

Oracle Fusion Middleware Upgrade Planning Guide 11g Release 1 (11.1.1)

Part Number E10125-05
4 Understanding Version Compatibility and Interoperability
[ http://download.oracle.com/docs/cd/E14571_01/upgrade.1111/e10125/compatibility_r1plus.ht
m]

Oracle Fusion Middleware Upgrade Guide for Oracle Identity Management 11g Release 1
(11.1.1)
Part Number E10129-04
2 Supported Starting Points for Oracle Identity Management Upgrade
[http://download.oracle.com/docs/cd/E14571_01/upgrade.1111/e10129/starting_points.htm ]

Oracle Fusion Middleware Security Guide 11g Release 1 (11.1.1)

Part Number E10043-06
9 Configuring Single Sign-On in Oracle Fusion Middleware
[ http://download.oracle.com/docs/cd/E14571_01/core.1111/e10043/osso.htm ]

References
NOTE:858748.1 - Oracle Fusion Middleware 11g - Getting Started FAQ

Attachments

inspre11.pl (18.23 KB)

Related

Products

 Middleware > Application Servers > Oracle Application Server > Oracle Fusion
Middleware

Keywords

DIRECTORY; OID; SSO; INSTALL; INTERNET~DIRECTORY; ORACLEAS;

ORACLE~INTERNET~DIRECTORY; SINGLE~SIGN-ON
Errors

ORA-1017

Back to top

Rate this document