Student Guide - Oracle Identity Manager 11g Essentials Activity Guide
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (19.43 MB, 528 trang )
Oracle Identity Manager 11g:
Essentials
Activity Guide
D65160GC10
Edition 1.0
March 2011
D69804
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Disclaimer
This document contains proprietary information and is protected by copyright and other intellectual property laws. You may copy and
print this document solely for your own use in an Oracle training course. The document may not be modified or altered in any way.
Except where your use constitutes "fair use" under copyright law, you may not use, share, download, upload, copy, print, display,
perform, reproduce, publish, license, post, transmit, or distribute this document in whole or in part without the express authorization
of Oracle.
The information contained in this document is subject to change without notice. If you find any problems in the document, please
report them in writing to: Oracle University, 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Restricted Rights Notice
If this documentation is delivered to the United States Government or anyone using the documentation on behalf of the United
States Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or disclose these training materials are restricted
by the terms of the applicable Oracle license agreement and/or the applicable U.S. Government contract.
Trademark Notice
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective
owners.
Authors
Robert LaVallie, Terri Cantor
Technical Contributors and Reviewers
Eswar Vandanapu, Raj Kuchi, Rajesh Bhabu, Sri Subramanian, Gopal Kumarappan, Mario Lim,
Ajay Keni, Brad Donison, Ashok Maram, Bitan Biswas, Amol Dharmadhikari, Abhishek Sharma,
Semyon Shulman, Viresh Garg, Sid Choudhury, Javed Beg, Jatan Rajvanshi, Sidhartha Das,
Ashutosh Pitre, Shyam Narayan Singh, Sanjay Rallapalli, Srinivas Marni, Debapriya Datta,
Alexandre Babeanu, Don Biasotti, Gururaj B.S.
This book was published using:
Oracle Tutor
Table of Contents
Practices for Lesson 1 .....................................................................................................................................1-1
Practices for Lesson 1....................................................................................................................................1-2
Practices for Lesson 2 .....................................................................................................................................2-1
Practices for Lesson 2....................................................................................................................................2-2
Practices for Lesson 3 .....................................................................................................................................3-1
Practices for Lesson 3....................................................................................................................................3-2
Practice 3-1: Start Oracle WebLogic Server ..................................................................................................3-3
Practice 3-2: Start Oracle Identity Manager Server and Oracle SOA Server .................................................3-6
Practice 3-3: Launch the Oracle SOA and Oracle Identity Manager Administration Consoles .......................3-11
Practice 3-4: Navigate the Oracle Identity Manager Administrative and User Console ..................................3-17
Practice 3-5: Launch and Navigate the Oracle Identity Manager Design Console .........................................3-25
Practices for Lesson 4 .....................................................................................................................................4-1
Practices for Lesson 4....................................................................................................................................4-2
Practices for Lesson 5 .....................................................................................................................................5-1
Practices for Lesson 5....................................................................................................................................5-2
Practice 5-1: Create Organizations ................................................................................................................5-3
Practice 5-2: Create Suborganizations...........................................................................................................5-7
Practice 5-3: Create Users .............................................................................................................................5-10
Practice 5-4: Create a Role Category ............................................................................................................5-16
Practice 5-5: Create Roles .............................................................................................................................5-18
Practice 5-6: Assign Users to Roles ...............................................................................................................5-24
Practice 5-7: Use the Bulk Load Utility to Import a Role Category into Oracle Identity Manager ...................5-31
Practice 5-8: Use the Bulk Load Utility to Import Users into Oracle Identity Manager ....................................5-39
Practice 5-9: Use the Bulk Load Utility to Import and Assign Roles in Oracle Identity Manager ....................5-45
Practice 5-10: Use the Bulk Load Utility to Assign Users to Roles in Oracle Identity Manager ......................5-49
Practices for Lesson 6 .....................................................................................................................................6-1
Practices for Lesson 6....................................................................................................................................6-2
Practice 6-1: Copy Connector and External Code Files .................................................................................6-3
Practice 6-2: Configure Oracle Identity Manager Server ................................................................................6-7
Practice 6-3: Import an Oracle Identity Manager Connector ..........................................................................6-11
Practice 6-4: Define an IT Resource ..............................................................................................................6-18
Practice 6-5: Create a User ............................................................................................................................6-28
Practice 6-6: Assign the Connector to a User ................................................................................................6-29
Practice 6-7: Complete the Custom Process Form ........................................................................................6-33
Practice 6-8: Access the Resource ................................................................................................................6-38
Practices for Lesson 7 .....................................................................................................................................7-1
Practices for Lesson 7....................................................................................................................................7-2
Practice 7-1: Configure the Resource Object .................................................................................................7-3
Practice 7-2: Create an Auto Membership Rule .............................................................................................7-5
Practice 7-3: Assign an Auto Membership Rule to a Role..............................................................................7-8
Practice 7-4: Create an Access Policy ...........................................................................................................7-12
Practice 7-5: Create a User ............................................................................................................................7-17
Practice 7-6: Complete the Custom Process Form ........................................................................................7-21
Practice 7-7: Access the Resource ................................................................................................................7-24
Practice 7-8: Modify the Provisioning Process ...............................................................................................7-25
Practice 7-9: Modify the Custom Process Form .............................................................................................7-31
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Identity Manager 11g: Essentials Table of Contents
i
Practice 7-10: Provision a Resource to a User...............................................................................................7-34
Practice 7-11: Access the Resource ..............................................................................................................7-44
Practices for Lesson 8 .....................................................................................................................................8-1
Practices for Lesson 8....................................................................................................................................8-2
Practice 8-1: Create Prerequisite Organizations, Role Categories, and Roles ..............................................8-3
Practice 8-2: Configuring the JDeveloper Environment..................................................................................8-6
Practice 8-3: Deploy and Register Custom SOA Composites ........................................................................8-24
Practice 8-4: Import the iPlanet User Resource Request Dataset..................................................................8-40
Practice 8-5: Configure Sun Java System Directory Server Group and Role .................................................8-45
Practice 8-6: Update Lookup Definitions ........................................................................................................8-51
Practice 8-7: Create a Request Template ......................................................................................................8-61
Practice 8-8: Create Approval Policies ...........................................................................................................8-67
Practice 8-9: Create Users for the Request ...................................................................................................8-81
Practice 8-10: Create a Request ....................................................................................................................8-82
Practice 8-11: Approve Tasks and Verify Provisioning...................................................................................8-91
Practices for Lesson 9 .....................................................................................................................................9-1
Practices for Lesson 9....................................................................................................................................9-2
Practice 9-1: Start Microsoft Active Directory and Sun Java System Directory Server ..................................9-4
Practice 9-2: Configure the External Resources ............................................................................................9-9
Practice 9-3: Copy Connector and External Code Files .................................................................................9-12
Practice 9-4: Configure Oracle Identity Manager Server ................................................................................9-15
Practice 9-5: Import Oracle Identity Manager Connectors .............................................................................9-18
Practice 9-6: Define IT Resources .................................................................................................................9-22
Practice 9-7: Modify Scheduled Jobs .............................................................................................................9-27
Practice 9-8: Reconcile with a Trusted Source and a Target Resource .........................................................9-33
Practices for Lesson 10 ...................................................................................................................................10-1
Practices for Lesson 10..................................................................................................................................10-2
Practice 10-1: Create Prerequisite Entities ....................................................................................................10-4
Practice 10-2: Create and Associate Membership Rules ...............................................................................10-5
Practice 10-3: Create HelpDesk, Human Resources, and Manager User Accounts ......................................10-12
Practice 10-4: Extend the Oracle Identity Manager User Schema .................................................................10-16
Practice 10-5: Create Authorization Policies ..................................................................................................10-29
Practice 10-6: Test and Verify Authorization Policies Implementation ...........................................................10-48
Practices for Lesson 11 ...................................................................................................................................11-1
Practices for Lesson 11..................................................................................................................................11-2
Practice 11-1: Configure the Oracle BI Publisher Environment ......................................................................11-3
Practice 11-2: Create Access Policy Reports .................................................................................................11-11
Practice 11-3: Create Request and Approval Reports ...................................................................................11-14
Practice 11-4: Create a Password Report ......................................................................................................11-18
Practice 11-5: Create a Resource Report ......................................................................................................11-20
Practice 11-6: Create Role and Organization Reports ...................................................................................11-22
Practice 11-7: Create a User Report ..............................................................................................................11-26
Practices for Lesson 12 ...................................................................................................................................12-1
Practices for Lesson 12..................................................................................................................................12-2
Practice 12-1: Access Oracle Identity Manager Log Configuration Details ....................................................12-4
Practice 12-2: Create an Oracle Identity Manager User .................................................................................12-11
Practice 12-3: View Provisioning Messages in the Oracle Identity Manager Log ...........................................12-15
Practice 12-4: Resolve Provisioning Issue .....................................................................................................12-20
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Identity Manager 11g: Essentials Table of Contents
ii
Practice 12-5: Monitor Scheduled Events ......................................................................................................12-27
Practices for Lesson 13 ...................................................................................................................................13-1
Practices for Lesson 13..................................................................................................................................13-2
Practice 13-1: Export and Re-import the OIM Configuration using the MDS Utility ........................................13-4
Practice 13-2: Exporting Deployment Configuration with the Deployment Manager ......................................13-11
Practice 13-3: Import an XML File Using the Deployment Manager...............................................................13-24
Practices for Lesson B ....................................................................................................................................14-1
Practices for Lesson B ...................................................................................................................................14-2
Practices for Lesson C ....................................................................................................................................15-1
Practices for Lesson C ...................................................................................................................................15-2
Practices for Lesson D ....................................................................................................................................16-1
Practices for Lesson D ...................................................................................................................................16-2
Practices for Appendix E .................................................................................................................................17-1
Practices for Appendix E ................................................................................................................................17-2
Practice E-1: Build an Oracle Identity Manager Connector ............................................................................17-3
Practices for Appendix F .................................................................................................................................18-1
Practices for Appendix F ................................................................................................................................18-2
Practice F-1: Branding the Identity Administration Console ...........................................................................18-4
Practice F-2: Branding the Authenticated Self Service Console ....................................................................18-15
Practice F-3: Renaming Button Labels ...........................................................................................................18-20
Practice F-4: Creating Custom Skins and Style Sheets .................................................................................18-25
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Identity Manager 11g: Essentials Table of Contents
iii
Practices for Lesson 1
Chapter 1
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1
Chapter 1 - Page 1
Practices for Lesson 1
Practices Overview
There are no practices for Lesson 1.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 1
Chapter 1 - Page 2
Practices for Lesson 2
Chapter 2
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2
Chapter 2 - Page 1
Practices for Lesson 2
Practices Overview
There are no practices for Lesson 2.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 2
Chapter 2 - Page 2
Practices for Lesson 3
Chapter 3
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 1
Practices for Lesson 3
Practices Overview
In these practices, you launch Oracle Identity Manager 11g. This includes completing the
following tasks:
•
Starting Oracle WebLogic Server (the Administration server)
•
Starting two servers managed by Oracle WebLogic Server: Oracle Identity Manager
Server and Oracle SOA Server
•
Launching the Oracle SOA Administration Consoles and the Oracle Identity Manager
Administration Console
•
Launching the Oracle Identity Manager Design Console
Important: For the practices in this lesson, <hostname> represents the host name of the
machine on which the practices are completed. Because the host name for your machine is
unique, replace all references of <hostname> with the host name of your machine.
To retrieve the host name of your machine:
1. Open a DOS window.
2. At the DOS prompt, enter hostname. The host name of your machine appears.
Tip: In this practice, you launch the following Web-based consoles:
•
•
Oracle WebLogic Server Administration Console
Oracle SOA Platform Console
•
Oracle BPM Worklist Console
•
Oracle Identity Manager Administrative and User Console
For efficiency purposes, add the URL for each console to your Favorites list in Microsoft Internet
Explorer. To do so:
1. Select Favorites from the Menu Bar.
2. Select the Add to Favorites command from the menu that appears.
3. On the Add a Favorite window, click Add.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 2
Practice 3-1: Start Oracle WebLogic Server
Overview
With Oracle WebLogic Server, an administrator can define a domain for the server. A domain is
a basic administrative unit for Oracle WebLogic Server, and includes the following types of
servers:
•
An administrative server. This type of server is always included as part of a domain.
With an administrative server, an administrator can perform additional administration of
that domain, including creating and managing managed servers within the domain.
•
A managed server. This type of server is managed by the administrative server. A
managed server hosts application components and resources, which are also deployed
and managed as part of the domain.
In this practice, you start Oracle WebLogic Server. Oracle WebLogic Server is the
administrative server for your domain.
Note: In the next practice, you start two servers managed by Oracle WebLogic Server: Oracle
Identity Manager Server and Oracle SOA Server.
Assumptions
•
You installed and configured Oracle WebLogic Server 11g, Oracle Identity Manager
11g, and Oracle SOA Server 11g
•
You created a domain for Oracle WebLogic Server 11g
•
•
You created an administrative server for Oracle WebLogic Server 11g
You created two servers managed by Oracle WebLogic Server: Oracle Identity
Manager Server and Oracle SOA Server
Tasks
1. Double-click the startWebLogic.cmd file, found in the
D:\app\oracle\product\middleware\user_projects\domains\
IDMDomain\bin folder.
Important: Before proceeding to step 2, ensure that you see
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 3
2. Open an Internet Explorer Web browser.
Important: Ensure that the version of your Web browser is 7.0 (or higher).
3. Enter the following URL into the Address field:
http://<hostname>.us.oracle.com:7001/console/login/LoginForm.jsp
Tip: For efficiency purposes, Oracle strongly recommends that you bookmark this URL.
4. Log in to Oracle WebLogic Server, using the login credentials of weblogic for the User
Name and Welcome1 for the password.
Note: For security purposes, the password you enter appears as a series of bullets.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 4
5. On the Home page of the Oracle WebLogic Server Administration Console, click the
Servers link.
On the Summary of Servers page of the Administration Console, the administrative
server (AdminServer) has a status of RUNNING.
Oracle WebLogic Server is started. In this practice, you started the administrative server
for your domain (Oracle WebLogic Server). You are ready to start two servers managed
by Oracle WebLogic Server: Oracle Identity Manager Server and Oracle SOA Server.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 5
Practice 3-2: Start Oracle Identity Manager Server and Oracle SOA
Server
Overview
In this practice titled “Start Oracle WebLogic Server,” you launched Oracle WebLogic Server.
Oracle WebLogic Server is the administrative server for your domain.
You are ready to start two servers managed by Oracle WebLogic Server: Oracle Identity
Manager Server and Oracle SOA Server.
Assumptions
You started Oracle WebLogic Server.
Tasks
1. Open a DOS window.
2. Navigate to the D:\app\oracle\product\middleware\user_projects\
domains\IDMDomain\bin directory.
Note: This directory contains the startManagedWebLogic.cmd file. This file is used
to start Oracle Identity Manager Server.
3. At the DOS prompt, enter startManagedWebLogic.cmd oim_server1 (and press
Enter).
Note: For this course, oim_server1 is the name of the Oracle Identity Manager
Server.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 6
4. At the username and password prompts, enter weblogic and Welcome1 (and press
Enter).
Note: weblogic and Welcome1 are the login credentials for Oracle WebLogic Server.
Also, the password is hidden for security purposes.
You started Oracle Identity Manager Server. You are ready to start Oracle SOA Server.
Important: Before proceeding to step 5, ensure that you see
5. Open a second DOS window.
6. Navigate to the D:\app\oracle\product\middleware\user_projects\
domains\IDMDomain\bin directory.
Note: This directory contains the startManagedWebLogic.cmd file. This file is used
to start Oracle SOA Server.
7. At the DOS prompt, enter startManagedWebLogic.cmd soa_server1 (and press
Enter).
Note: For this course, soa_server1 is the name of the Oracle SOA Server.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 7
8. At the username and password prompts, enter weblogic and Welcome1 (and press
Enter).
Note: weblogic and Welcome1 are the login credentials for Oracle WebLogic Server.
Also, the password is hidden for security purposes.
You started Oracle SOA Server. You are ready to verify that both managed servers are
started.
Important: Before proceeding to step 9, ensure that you see
9. Make the Summary of Servers page of the Oracle WebLogic Server Administration
Console active. On this page, both the Oracle Identity Manager Server (oim_server1)
and the Oracle SOA Server (soa_server1) have a status of RUNNING.
Oracle Identity Manager Server and Oracle SOA Server are started.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 8
10. This is an optional step. Several shortcut scripts have been provided to start and stop
Oracle Identity Manager Server, Oracle SOA Server, and Oracle WebLogic server.
a. From a File Manager, change to the directory,
D:\stage\labs\lab_03\Shortcuts.
b. Copy all of the files located in the directory.
c. Paste these files to the desktop.
Double-click the appropriate shortcut when you need to shut down or start the Oracle
WebLogic Administration Server, Oracle Identity Manager Server, or the Oracle SOA
Server.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 9
In the practice titled “Start Oracle WebLogic Server,” you started the administrative
server for your domain (Oracle WebLogic Server). In this practice, you started the two
servers managed by this administrative server: Oracle Identity Manager Server and
Oracle SOA Server. You are ready to launch the Administration Consoles associated
with Oracle Identity Manager and Oracle SOA.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 10
Practice 3-3: Launch the Oracle SOA and Oracle Identity Manager
Administration Consoles
Overview
In the practices titled “Start Oracle WebLogic Server” and “Start Oracle Identity Manager Server
and Oracle SOA Server,” you launched Oracle WebLogic Server, Oracle Identity Manager
Server, and Oracle SOA Server.
You are ready to launch three Administration Consoles associated with Oracle Identity Manager
and Oracle SOA. They are:
•
Oracle SOA Platform Console. The primary goal of any provisioning system is to
manage requests submitted by users and provision resources to users. Request
completion involves execution of associated approval processes. These approval
processes are deployed as Service Oriented Architecture (SOA) composites running
on the SOA Server.
The Oracle SOA Platform Console is a Web-based console that contains predefined
SOA composites in Oracle Identity Manager to be used for approval processes. Oracle
Identity Manager approvers and administrators are responsible for executing and
managing such approval processes.
•
Oracle BPM Worklist Console. This Web-based console is used by approvers or
administrators to manage approval process tasks that require their attention, as well as
to view tasks that they initiate.
•
Oracle Identity Manager Administrative and User Console. This Web-based console
supports access to unauthenticated and authenticated self-service, as well as
delegated administration features for Oracle Identity Manager.
Assumptions
You started Oracle WebLogic Server, Oracle Identity Manager Server, and Oracle SOA Server.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 11
Tasks
1. Open an Internet Explorer Web browser.
2. Enter the following URL into the Address field:
http://<hostname>.us.oracle.com:7006/soa-infra
Tip: For efficiency purposes, Oracle strongly recommends that you bookmark this URL.
3. On the Connect window, enter xelsysadm in the User Name field, Welcome1 in the
Password field, and click OK.
Note: For security purposes, the password that you enter appears as a series of bullets.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 12
The Home page of the Oracle SOA Platform Console appears.
The Oracle SOA Platform Console contains predefined SOA composites in Oracle
Identity Manager to be used for approval processes. Oracle Identity Manager approvers
and administrators are responsible for executing and managing such approval
processes.
You launched the Oracle SOA Platform Console. You are ready to launch the Oracle
BPM Worklist Console.
Note: For more information about the SOA composites that compose this console, refer
to the lesson of the Oracle Identity Manager 11g: Essentials course titled “Launching
Oracle Identity Manager.”
4. Open an Internet Explorer Web browser.
5. Enter the following URL into the Address field:
http://<hostname>.us.oracle.com:7006/integration/worklistapp
Tip: For efficiency purposes, Oracle strongly recommends that you bookmark this URL.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 13
6. If prompted, on the login page, enter xelsysadm into the Username field, Welcome1
into the Password field, and click Login.
Note: For security purposes, the password that you enter appears as a series of bullets.
The Home page of the Oracle BPM Worklist Console appears.
The Oracle BPM Worklist Console is used by approvers or administrators to manage
approval process tasks that require their attention, as well as view tasks they initiate.
You launched the Oracle BPM Worklist Console. You are ready to launch the Oracle
Identity Manager Administrative and User Console.
Note: For more information about the features and functionalities of this console, refer to
the lesson of the Oracle Identity Manager 11g: Essentials course titled “Launching
Oracle Identity Manager.”
7. Open an Internet Explorer Web browser.
8. Enter the following URL into the Address field:
:7007/oim.
Tip: For efficiency purposes, Oracle strongly recommends that you bookmark this URL.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 14
9. On the Oracle Identity Manager login page, enter xelsysadm into the User Name field,
Welcome1 into the Password field, and click Sign In.
Note: Because you did not yet create an administrator account, you must log in to the
Oracle Identity Manager Administrative and User Console with your “superuser” account
(that is, xelsysadm). However, after you create your own administrator account, you
can log in to Oracle Identity Manager with that account. Also, for security purposes, the
password that you enter appears as a series of bullets.
10. Populate the Password Management screen, as follows:
Challenge Question
Challenge Answer
What is your mother’s maiden name?
agneta
What is the name of your pet?
matty
What is the city of your birth?
new york
Note: The first time that you log in to Oracle Identity Manager with a particular user
account, you must select and answer “challenge” questions. These questions are used
to verify your identity if you must reset your password. However, for all subsequent
logins with that account, these questions do not appear. Instead, you are taken directly
to the Home page of the Oracle Identity Manager Administrative and User Console.
11. Click Submit.
Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Practices for Lesson 3
Chapter 3 - Page 15
