Register for Apps DBA Training
For Apps DBA Beginner's
  • Start From Here
  • Order of Apps Study
  • 11i Software
  • Apps Architecture
  • Install Apps 11i
  • Install Apps 11i Part II
  • Startup/Shutdown
  • Request Flow in Apps
  • Various TOP's
  • Cloning Basics
  • Cloning I
  • Cloning II
  • Autoconfig Basics
  • Autoconfig Config File
  • Template Files in Autoconfig
  • Discoverer Overview
  • Workflow Mailer in Apps
  • Printing Overview
  • Configuring Printers
  • Pasta Printing
  • Performance Overview
  • Install 10g Application Server
  • Apps DBA Certification
  • Common DBA Topics
  • Scared of RAC ?
  • Install RAC on your laptop part I
  • Step by Step build RAC part II
  • Step by Step install RAC using VMWare part III
  • Install Oracle RAC Database part IV
  • oraInventory Basics
  • Install Database
  • Upgarde DB to
  • Fusion
  • Is Fusion a conFusion ?
  • Fusion Middleware Overview I
  • Fusion Middleware Overview II
  • Application Integration Architecture
  • SOA Install Part I
  • SOA Install Part II
  • SOA Install Part III
  • Install BPEL Process Manager
  • Apps Integration OID/SSO
  • Management Qs for Apps Integration with SSO/OID
  • 25 things your DBA should know for Apps/SSO integration
  • Identity Management
  • COREid Overview
  • Oracle COREid or Idm & Access Mgmt overview
  • Installing Access Manager 10.1.4
  • WebGate request flow
  • Identity Manager Architecture
  • Installing Identity Manager
  • OAS-SSO Overview
  • OID Overview
  • OID Basics II
  • OID Cluster
  • OID Integration with Other LDAP Servers overview
  • Integrate OID with AD I
  • OID Replication Overview
  • Multi Master OID Replication
  • Migrate OID/SSO to new Host
  • Apps R 12
  • Socket or Servlet in R12
  • Startup/Shutdown Scripts in R12
  • Unified APPL_TOP
  • Apps R 12.0.1
  • Difference between 11i & R12 Technical
  • Prepare for R12 Installation
  • Install VMWare on Windows for Linux Install
  • Install Linux for Apps R12 Install
  • Install Apps R12 on Linux Virtual Machine
  • R12 Upgrade & database
  • R12 Fils System Changes
  • R12 Release Date
  • 10g Application Server
  • 10g AS Overview
  • Installing 10g AS
  • Start/Stop 10g AS
  • Web Cache Basics
  • Single Sign-On Overview
  • OID Overview
  • Cloning 10g AS
  • 10g AS Middle tier Cloning & Overview
  • OID Cluster Imp. Points
  • CPU Patch, Infra Tier
  • CPU Patch, Middle Tier
  • AS Guard / DR Overview
  • Oracle Apps 11i
  • My Site
  • Apps DBA Scripts
  • Apps DBA Interview Q's
  • 11i JVM's
  • Apps Training in India
  • 11i Health Check
  • Good Metalink Notes
  • About Me  
  • For Advanced Apps DBA
  • URL Firewall in DMZ Setup
  • Upgrade Apps to
  • Load Balancer Overview
  • Load Balancer Config
  • HTTP layer Load balancing in Apps 11i
  • Dataguard Overview
  • Configure Dataguard / Standby database
  • Standby Site for Apps 11i
  • How to change Hostname on Apps Instance
  • SSL Overview in Apps
  • Configure SSL to Web Server
  • Key Points for SSL in Apps
  • Reduce Patch Timing
  • Reduce Patch Timing II
  • Shared APPL_TOP Overview
  • Configure Shared APPL_TOP
  • 11i Database Upgrade I
  • 11i Database Upgrade II
  • Change Session TimeOut
  • Patching
  • Apps Patch Basics
  • Apps Patch Basics II
  • Apply Apps Patch
  • CPU Overview
  • Steps to Apply CPU Patch
  • CPU Patch on Infra Tier
  • CPU Patch on AS Middle Tier
  • Troubleshooting
  • Web Server TS Part I
  • Web Server TS Part II
  • CM Troubleshooting
  • 10g Discoverer with Apps
  • Discoverer Bascis in Apps
  • Discoverer 10g Upgarde Basics
  • Discoverer 10g Configuration Steps with 11i
  • Collaboration Suite
  • Collaboration Suite
  • Calendar Overview
  • Sync Calendar from Mobile I
  • Sync Calendar from Mobile II
  • OCS Mail Architecture
  • Apex / HTMLDB
  • Install Apex 2.2
  • Apex with SSO part I
  • Apex with SSO part II
  • SSO Authentication Schemes
  • Certification
  • Possible Certifications for DBA
  • Apps DBA Certification
  • 1Z0-311-OCA-10g OAS Overview
  • 1z0-312-OCP-10g OAS Overview
  • 1z0-312 - Managing Customization and Topology
  • 1z0-312 - Cloning and Staging OAS
  • Apps DBA Jobs
  • Working / Apps DBA in UK
  • Oracle Recruiting Apps DBA's
  • Apps DBA Jobs Updated Regularly
  • Apps Job at Satyam
  • Useful Links
  • Good Metalink Notes
  • petefinnigan's Oracle Security
  • Linux Basics
  • Atul Mehta's Oracle Links
  • Others
  • Apps DBA Training Institute
  • 1 Year Journey of this Blog
  • How To ?
  • Change APPS Password
  • Preserve Customizations
  • Blog Roll
    Apps / E-Business Suite
  • Steven Chan Apps
  • Anil Passi Technical
  • Fadi Apps DBA
  • Senthil Apps DBA
  • Bas Klaassen EBS DBA
  • Sam Apps DBA
  • Black Geek Apps DBA
  • Bandari Apps
  • Vikram ERP Architect
  • OraBiz
  • Eric Core DBA
  • SOA
  • Navdeep Saini Apps DBA
  • tugdualgrall Web Services
  • Mohan Dutt's Apps Certification
  • Nishant Kaushik's IdM
  • Nulli Blog, OAM
  • Identity Musing
  • Identity nd Access Management
    Core DBA
  • Vidya Bala DBA
  • Sabdar DBA
    Data Management
  • Ivan Pellegrin Data Management

  • We have moved to kindly check http://onlineAppsDBA.comin future
    Oracle AS Cluster ( Identity Management )-> Active - Active
    Saturday, November 18, 2006
    Register for R12 upgrade
    Identity Management is Infrastructure component of Application server in Fusion Middleware Family.

    Oracle's Identity Management Components include -
    SSO - Oracle Single Sign-On Server
    OID - Oracle Internet Directory
    DAS - Delegated Administrative Services
    DIP - Directory Integration & Provisioning Services
    OCA - Oracle Certifying authority (Optional)

    I am going to cover them in detail in my future posts, These Services & Component are quite important for Apps DBA as IM (Identity Management) is part of Oracle Apps Release 12.

    This post covers overview & important notes w.r.t. to Identity Management Cluster where IM component are in Active Active scenario, which means IM components (OID, SSO, DAS) are available on both nodes for High Availability .

    For IM underlying database can be single Instance database or Two or Multiple Instance RAC (Preferably atleast Two Node)

    Distributed / Non Distributed IM
    Distributed IM means IM components (SSO, DAS, OID) are distributed on more than one machine (SSO & DAS on one machine & OID on second machine).
    Non Distributed IM means all IM components are on same machine.
    You can cluster both Distributed or Non Distributed Identity Management

    Here are few Notes/Checks which I learnt from my various Implementations

    Things you should know before starting Installation
    - Check if you want Distributed or Non-distributed IM Cluster
    - Virtual Name of HTTP Server (Infra for SSO & OIDDAS) and protocol (http or https)
    - Virtual Name of OID including port (SSL & NON-SSL, you need both. Default is 389 & 636 resp)
    - Communication protocol requirement (HTTP or HTTPS) between
    CLIENT -> Load Balancer -> HTTP Server

    things you must do before Installing Oracle AS Identity Management Cluster
    - synchronize system clock on all server (which are part of cluster) with in 250 second
    - set cookie persistence at load balancer specifically for URI /oiddas/ , If your browser doesn't support persistence setting at URI level then set for all HTTP Traffic (Set cookie to expire when browser session expires)
    - Before Installing firt OID Node make sure TCP monitoring is not enabled on Load Balancer on first node
    - Configure load balancer to return immediately to calling clients

    Things/Tips which will be handy for AS Cluster (IM Type)
    - For first OID Node Installation, make sure MR is not registered with any OID else it will fail. Installer checks that & if it finds that MR is already registered it assumes first node & asks for first OID node information to make it part of OID cluster
    - Choose similar component on other node of cluster (i.e. If node first Node you have OID & DAS then on other Cluster node also Install OID & DAS)
    - To access OID on any OID node in cluster , you have to use Password for ias_admin on first installation and not ias_admin password used second , third or further installation of Instance in cluster (oiddas, orasso, oidmon)
    - For IM Cluster you always select IM and not IM+MR (This is during Installation Screen)
    - For IM content database should already be loaded with Metadata Repository using Repca or MRCA (Repository Creation Assistance or Metadata Repository Creation Assistance)
    - Installation steps for first OID Node is different than subsequent Node
    - For IM Cluster , never select IM+MR during Installation screen , always select IM only.
    - You have to select HA (High Availability) during Installation Options.

    More on Indentity Management Cluster Installation..
    Enable Apex Applications for SSO authentication ..
    Coming soon ....

    Now register for E-mail notification via "Email Subsciption" on your right Menu Bar

    Labels: , ,

    We have moved to

    kindly check in future

    add to  ¦  digg thisDigg This  ¦  My Yahoo!My Yahoo  ¦  RedditReddit  ¦  add to BlinkListBlinkList   ¦  Furl ItFurl It  ¦  Email This Email This  ¦     Leave Your Comments
    posted by Atul Kumar @ 7:30 PM  
    • At 3:54 PM, Blogger fhasweh said…

      hi atul, you promised to give us a post about changing hostname/domian name on apps, can we have this soon.

    • At 3:56 PM, Blogger Atul Kumar said…

      Apologies Fadi,

      I missed it completely. I will do it in post next to the one I am posting tomorrow (This one I have already prepared only final bits left so..)

      You should see this by thursday.


    • At 7:36 PM, Anonymous Anonymous said…


      Have you ever worked with passing certificates to OID? Have HTTPS traffic to load balancer and grabbing certificate. Want to pass that certificate to OID behind the load balancer.


    • At 7:40 PM, Blogger Atul Kumar said…

      Do you mean storing SSL Certificates into OID (LDAP Server) instead of Oracle Wallets (OWM) , if this Yes you can use ldap commands or OWM to upload certificates to OID .

      If you are looking for somthing else could you elaborate on that ..


    • At 5:25 PM, Anonymous Anonymous said…

      Looking to have client (user) certificates stored in OID so that they map to user/password/resource. We have done that part. Challenge it to configure so that the cert is passed thru a load balancer. We can login with the cert when the load balancer is not used.

      The load balancer requires the client cert and then places it in the HTML header to be passed to the SSO server. All of this traffic is encrypted so I can not get info from watching the network traffic. The Oracle DBA has put SSLVerifyClient require in the httpd.conf file. Before SSLVerifyClient require was put in the httpd.conf file, we were successfully logging in to the SSO server using userid/passwd thru the load balancer. After the variable is set to require, we get 'page not displayed'.

      Thanks for any suggestions.


    • At 8:59 PM, Blogger Atul Kumar said…

      If I understood your issue properly , You want users to verify their certificates (To make sure they are authentic users)

      Your client user certificates are stored in OID (Could you confirm if this is client certificates or server certificates ?? ) If this is client certificate in which attribute you are storing Client passwd ?

      When you set client to verify for SSL its not working (Is it not working via loadbalancer only or its not working even without loadbalancer ?)


    • At 10:41 PM, Anonymous Anonymous said…


      Thanks for following up.

      We are storing client cert and authenicating the user with the client cert (or hope to be with this new config which includes the load balancer). Working with Oracle we have determined that we do not have to have SSLVerifyClient require set, and we can pass the traffic unencrypted behind the load balancer.

      Working with a web page to display variables we have verified that the Oracle sever does not have a value in the SSL_CLIENT_CERT field. The load balancer is putting the client certificate in the HTML header with that title, I can see that in the network traffic. Seems like we are missing a setting to tell Oracle to populate that field.

      We have the following lines at the end of the httpd.conf file. As we understand it, once we get SSL_CLIENT_CERT populated, Oracle should be ready to use it.

      AddCertHeader SSL_CLIENT_CERT
      SimulateHttps on

      Again, I appreciate any suggestions.


    • At 7:44 AM, Blogger Atul Kumar said…

      I don't have idea on this at this minute but I'll check on this & will get back to you in weeks time .

      Your doubt is in my to be sorted list ...


    • At 3:21 PM, Blogger joshuasingham said…

      in the blog you said oracle OCA component can be install on
      Oracle AS Cluster ( Identity Management )-> Active - Active but the oracle notes says otherwise can you please update me on this

    • At 4:43 PM, Blogger Atul Kumar said…

      Yes You are right OCA is not certified on Active- Active Cluster

      Though figure below shows

      OCA but a line after that says that it is not supported

    • At 7:19 PM, Blogger joshuasingham said…


      just like to know if i want to connect my active directory to oid
      do when i have 2 domain controllers to i have to run dipassistant on both my server if the configuration is active - active another this is will there be a single map file or multiple map files and how can i use the plugins provided by oracle is this scenario


    • At 7:19 PM, Blogger joshuasingham said…


      just like to know if i want to connect my active directory to oid
      do when i have 2 domain controllers to i have to run dipassistant on both my server if the configuration is active - active another this is will there be a single map file or multiple map files and how can i use the plugins provided by oracle is this scenario


    • At 6:25 AM, Blogger Atul Kumar said…

      To be frank, I am not personally integrated multi domain AD controller so give me this weekend and I'll respoond you by this weekend with refernces and if you don't see my messages (for some reason) request you to ping/msg me.

    • At 2:08 PM, Anonymous Padma said…

      I have distributed installation of OID with 4 nodes cluster. (recently I have added 2 nodes for OID instances). I want to uninstall/remove first two nodes/instances of OID (Oracle AS Infra Tier (IM)) from my Oracle Application Server. Could you please guide me to find the right document?


    • At 12:08 AM, Blogger Kumar said…

      Hi Atul,

      Do we need to configure dip,bootstrapping on all the OIDS in high availability mode(app server are clustered).Both oids pointing to same database.


    Post a Comment
    << Home
    About Me

    Name: Atul Kumar
    Home: London, United Kingdom

    About Me: I am Independent Oracle consultant. If you wish to hire me on Contract or to Quote on project basis contact me at
    atul @

    See my complete profile

    View Atul Kumar's profile on LinkedIn

    E-mail Subscription

    Enter your email address:

    Delivered by FeedBurner

    Only search this Blog
  • Advanced Topics
  • Application Server
  • Apex / HTMLDB
  • Apps 11i
  • Apps R12
  • Autoconfig
  • Basics
  • Certification
  • Cloning
  • Discoverer
  • Fusion
  • OID
  • Patching
  • Printer
  • Single Sign-On
  • Useful Sites & Forum
  • Previous Post
    Add On

    Add to Technorati Favorites



    Add to Google


    Add to My AOL


    Subscribe in Bloglines


    Subscribe in NewsGator Online

    Powered by

    Hits Since 30, Jul 06

    Blog Counter

    Technology Blogs - Blog Top Sites
    Copyright © 2006 All rights reserved Presented by Atul Kumar