Steps to repair oraInventory of Oracle installation

1. Identify Oracle Inventory central location
2. Run the installer as below 

${ORACLE_HOME}/oui/bin/runInstaller -attachHome -invPtrLoc /prj/oracleim/oim/Oracle_IDM1/oraInst.loc  ORACLE_HOME="<ORACLE_HOME>" ORACLE_HOME_NAME="<ORACLE_HOME_NAME>" CLUSTER_NODES="{}"

e.g.,

./runInstaller -attachHome -invPtrLoc /prj/oracleim/oim/Oracle_IDM1/oraInst.loc  ORACLE_HOME="/prj/oracleim/oim/Oracle_IDM1" ORACLE_HOME_NAME="Oracle_Home_Name" CLUSTER_NODES="{}"

An alternative to fix orainventory is to run attachhome command from below location

$ORACLE_HOME/oui/bin/attachHome.sh 

OIM Server does not start when first node of DB RAC is down

JPS configuration by default points to first node of the DB and hence OIM does not start when first node is down. Update following files with RAC JDBC url and restart servers -

<WLS_DOMAIN>/config/fmwconfig

• ./jps-config-jse.xml
• ./jps-config.xml
• ./jps-config-migration.xml

How to enable signature login in OIM 11g

Signature login in OIM 11g does not work because of the conflict of certificates (OIM and Remote Manager) in default-keystore. Follow steps below to re-generate remote manager certificate and update default-keystore. Post these updates, signature login will work as expected.

Re-generate the remote manager certificate

------------------------------------------

NOTE: Please use the passwords for keystore and key entry that you entered during Remote manager installation.

1. Backup the existing default-keystore.jks, xlserver.cert and xell.csr in $REMOTE_MANAGER/config directory

2. Using a shell, navigate to the $REMOTE_MANAGER/config directory

3. Generate a new keystore with a private key entry $JAVA_HOME/bin/keytool -genkey -alias xell -keyalg RSA -keysize 1024 -dname "CN=<COMMON_NAME>, OU=<OU>, O=<Org>, L=City, ST=NY, C=US" -validity 3650 -keypass <keypass> -keystore default-keystore.jks -storepass <storepass> -storetype jks -provider sun.security.provider.Sun

4. Generate a certificate request

"C:\Program Files\Java\jdk1.6.0_43\bin\keytool.exe" -certreq -alias xell -file xell.csr -keypass <keypass> -keystore default-keystore.jks -storepass <storepass> -storetype jks -provider sun.security.provider.Sun

5. Export and import the certificate as a trusted entry "C:\Program Files\Java\jdk1.6.0_43\bin\keytool.exe" -export -alias xell -file xlremote.cert -keypass <keypass> -keystore default-keystore.jks -storepass <storepass> -storetype jks -provider sun.security.provider.Sun

"C:\Program Files\Java\jdk1.6.0_43\bin\keytool.exe" -import -trustcacerts -alias xeltrusted -noprompt -keystore default-keystore.jks -file xlremote.cert -storepass <storepass>

Re-establish the trust relation between OIM server and Remote Manager

---------------------------------------------------------------------

1. In the OIM server default-keystore.jks, located at $DOMAIN_HOME/config/fmwconfig/default-keystore.jks, remove the existing key entry for the remote manager. In your case, you need to remove the "rm_trusted_cert" alias from the OIM server's default-keystore.jks

$JAVA_HOME/bin/keytool -delete alias rm_trusted_cert -keystore default-keystore.jks -storepass <SERVER-KEYSTORE-PASSWORD>

2. Re-import the remote manager certificate, exported earlier in the file xlremote.cert in the server keystore

keytool -import -trustcacerts -alias rm_trusted_cert -noprompt -keystore default-keystore.jks -file <ABSOLUTE_PATH_OF_CERT> -storepass <storepass>

Validation

----------

1. Test OIM server signature login works properly

2. Test that OIM server <-> Remote manager communication and functionality works properly