While performing provisioning or reconciliation actions, Oracle Identity Manager must communicate with the target to perform the business operations. To do so, Oracle Identity Manager uses the target APIs to directly communicate with the target during provisioning and reconciliation. However, Oracle Identity Manager cannot directly communicate with the target in some instances, such as:

The target is behind a firewall, and the target communication port is not exposed.

The target does not provide APIs that can be invoked over the network.

The target APIs cannot be invoked over a secure connection.


In these instances, instead of directly communicating with the target system, Oracle Identity Manager must use an Oracle Identity Manager component that acts like a proxy. This component is known as remote manager which invokes the API on the target.


Step 1 – Install Remote Manager
For Linux, run the script “install_rm.sh”.



Step 2 – Adding the Trust Relation
To achieve this, you must import the remote manager certificate into the Oracle Identity Manager keystore and set it up as a trusted certificate.

On the remote manager computer, locate the XLREMOTE_HOME/xlremote/config/xlserver.cert file, and copy it to the server computer.

$JAVA_HOME\jre\bin\keytool -import -alias rm_trusted_cert -file RM_CERT_LOCATION\xlserver.cert -trustcacerts -keystore $DOMAIN_HOME\config\fmwconfig\default-keystore.jks -storepass KEYSTORE_PASSWORD

JAVA_HOME is the location of the Java directory for the application server, the value of alias is the name for the certificate in the store, and RM_CERT_LOCATION is the location in which you copied the certificate.

Enter Y at the prompt to trust the certificate.


Step 3 – Configure and Start the Remote Manager

On to the remote manager computer, in a text editor, open the $XLREMOTE_HOME/xlremote/config/xlconfig.xml file.
Locate the <RMIOverSSL> property and ensure that the value is set to true, for example:
<RMIOverSSL>true</RMIOverSSL>

Note:
The server certificate in OIM_HOME is also named xlserver.cert. Ensure that you do not overwrite that certificate.
Restart Oracle Identity Manager.

To start the remote manager, run the following script:

For UNIX:

$XLREMOTE_HOME/xlremote/remotemanager.sh




Step 4 – Create a New Resource to Test the Remote Manager

Create a new IT Resource instance of type “Remote Manager” and enter the name and URL for the Remote Manager installed during step 1. The URL for the Remote Manager should be of the form “rmi://hostnameort”.



Step 5–To test if the connection between remote manager and Oracle Identity Manager is established:

Login to the Design Console.
Open the Remote Manager form. This form displays the following:
The names and IP addresses of the remote managers that communicate with Oracle Identity Manager

Whether or not the remote managers are running
Whether or not the remote managers represent IT resources that Oracle Identity Manager can use