• Find us:
    +1-669-900-5138   |   +44-203-372-5553
  • Free Newsletter

    Get Latest Updates

  • Make Training Enquiry


  • Categories

  • Archive

  • Identity & Access Management configuration for Oracle Fusion Applications – Part I

    Posted by "" in "fusion, idm, im, installation, oid, OIM" on 2012-04-24

    Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInEmail this to someone

    In Today’s post I am going to cover Identity Management related configuration used during Fusion Application Installation.

    Contact Us If you are looking for Identity & Access Management or Fusion Applications Installation, Implementation or Training.

    If you are not familiar with OIM & OAM then check my book on OAM/OIM 11g available on Amazon . OAM 11g is used to login to Fusion Applications where as OIM 11g is used for User/Password management  & Provisioning accounts to Fusion Applications. Check Brian Eidelman’s post Identity Management components used in Fusion Applications.

    1. Pre-requisite for Fusion Applications is to install, configure and integrate OID/OIM/OAM. When you integrate OIM/OAM using idmConfigTool, this tool creates properties file called idmDomainConfig.param

    2. During Fusion Application Provisioning, you can use idmDomainConfig.param which will populate most Identity & Access Management screens automatically during Fusion Applications Installation.

    3. For Identity Management Configuration screen (during Fusion Applications installation), enter following :


    a) Super User Name: weblogic_fa (This is the user created during idmConfigTool.sh -preConfigIDStore more on idmConfigTool here  ) : Make sure that you can see this user in both OID (via ODSM ) and OIM (manage user screen in OIM Administration Console). If User is missing in OIM then run Recon Jobs to bring users from OID to OIM (LDAP User Create and Update Full Reconciliation)

    Note: During FA provisioning this user will be granted Administrator and Functional Setup privileges. You should use this user to login to Fusion Apps after installation.


    • weblogic_fa user in OID (via ODSM ) :


    • weblogic_fa user in OIM (via OIM Administration console):



    b) If you have already created groups in OID related to Administrator, Monitors, Operators role then you can uncheck box next to them. If these groups are not created in OID then select checkbox for Enable Seeding of Security Data, Create Administrators Group, Create Monitors Group, Create Operators Group

    c) OID by default listens on SSL (3131) and non-SSL (3060) port for any LDAP request. If you want to Fusion Apps to connect to OID on LDAPS (SSL) then select checkbox Identity Store Enabled SSL (else do not select this checkbox). I used connection to be non-ssl (LDAP) 

    d) Identity Store Server Type : Select from OVD or OID as Identity Store. OVD is optional (use OVD if you have multiple Identity Stores), I used OID (no OVD) as Identity Store. For OVD use case and how to configure OVD for split profile is covered in Oracle Fusion Applications A-Team blog  .

    e) Identity Store User DN : cn=IDRWUser, cn=User, dc=com

    Note: Change dc=com to your OID Realm (set during OID configuration). To verify your OID realm, login to ODSM and search for user IDRWUser

    f) Identity Store Password : Provide password set during this user creation.

    g) Identity Store Read-On User DN : cn=IDROUser, cn=User, dc=com

    Note: Change dc=com to your OID Realm (set during OID configuration). To verify your OID realm, login to ODSM and search for user IDROUser

    h) Identity Store Read-Only Password : Provide password set during this user creation.

    Above two users (IDROUser & IDRWUser) are created during idmConfigTool.sh -preConfigIDStore  more on idmConfigTool here

    • IDRWUser & IDROUser in OID (via ODSM  )


    • IDRWUser & IDROUser in OIM



    For more on parameters in Identity Management screen during Oracle Fusion Applications installation, stay tuned !!

    Related Posts for Fusion Apps

    1. Oracle Fusion Applications Overview
    2. Oracle Fusion Application for Apps DBAs – Concepts
    3. Install Oracle Fusion Applications in 10 Steps
    4. Oracle Fusion Applications : Provisioning Framework Overview
    5. Oracle Fusion Applications : Provisioning Framework Installation
    6. Provision Transaction Database for Oracle Fusion Applications
    7. Create Fusion Applications Schema using RCU : fusion & otbi
    8. Fusion Application is now available
    9. Fusion Apps Installation : Database Provisioning Failed during listener start
    10. Fusion Applications : 128 GB memory and 500 GB Disk space : Are you ready
    11. Fusion Applications Part I – Install Identity and Access Management (OID/OAM/OIM) 11g
    12. Fusion Applications Installation Part II – Configure Oracle Internet Directory
    13. Fusion Applications Installation Part III – Configure Policy and Identity Store
    14. Fusion Applications Installation Part IV – Extend WebLogic Domain to include OIM/OAM and configure OIM
    15. Fusion Applications Installation Part V – Integrate OIM with OAM
    16. Oracle Fusion Application 11.1.3 is now available
    17. Oracle Fusion Applications 11.1.3 Installation Experience
    18. FA Installation Error : runProvisioning-preverify FAPROV-00298 make sure password FUSION_RUNTIME schema password is valid
    19. FA Installation Error 2 – List of failed Validation in OIM OAM_Validation: Cannot perform OAM Validation as null
    20. Identity & Access Management configuration for Oracle Fusion Applications – Part I
    21. Oracle FA Installation Error 3: private-preverify-free-space The file system only has 190113 MB, but 204800 MB is needed
    22. Oracle Fusion Applications (FA) 11g R1 PS3 (11.1.4) is now available
    23. Oracle Fusion Applications (11g Release 7) 11.1.7 is now available to Download & Install
    24. Oracle Fusion Applications 11.1.8 is now available

    5 Responses to “Identity & Access Management configuration for Oracle Fusion Applications – Part I”

    1. brahmaiah says:

      after installing the OracleXE,weblogic10.3.4,ruc and soa
      then after we are creating the domain at that time we getting some problem
      system can’t find the path specified

    2. Saravanan says:

      Pls do brief us on GUID reconciliation and OIM reconciliation? Is both are same?

      • Atul Kumar says:

        @ Saravanan,
        What do you mean by GUID reconciliation and OIM reconciliation ? Are you talking about scheduled jobs in OIM or soemthing else ? Where do you see these two ?

    3. Prashant says:

      Hi Atul,

      I am new to ldap. We can search below users using ODSM. Is it possible to search them using ldapsearch? Will you please throw some light on this.

      (IDROUser & IDRWUser)

    Leave a Reply

  • K21 Technologies is among the most experienced Oracle Gold Partner for Identity Access Management service providers. We work with application development companies and in-house technology division to help achieve significant returns on their IT security investment. Our clientele includes some of the globally renowned corporate, which speaks of our expertise in our field.

    We have the most talented and experienced team that can swiftly deploy security solutions even in complex IT ecosystem. Our clients highly appreciate our timely implementation, interactive training, on-demand support and community resources.

    K21 Technologies
    8 Magnolia Place, Harrow,
    London, HA2 6DS

    UK: +44(0)7476444481
    USA: +1-888-414-1821

  • 2014, K21 Technologies. All rights reserved DMCA.com
  • TOP