Installation

The following chapter provides details about the Identity Reporting installation.

Provided Files

The installer is provided in the identity-reporting-1.1.3.zip archive on the ForgeRock BackStage Downloads site. The top-level directory contains the following files and directories:

  • install.sh. Linux installer.

  • install.bat: Windows installer.

  • install.groovy: Common installer, invoked by both Linux and Windows installers.

  • install.properties: Properties file that can be used in place of interactive input with the installers.

  • openidm: Files to be installed in the IDM home directory. These files include configuration files, scripts, workflows, user interface configuration and file fragments that will be injected into existing files.

Installation Instructions

  1. Unzip the identity-reporting-1.1.3.zip to a temporary directory then navigate to the directory that was unzipped.

  2. Run the following command to initiate the installer:

    For Windows:
    install.bat [--properties filename | -p filename]
    
    For Linux:
    ./install.sh [--properties filename | -p filename]

The command can be run with the following optional argument:

  • -properties or `–p <location/of/properties/file>. Provides a properties file for script input. If no properties file is specified, the user must input the following properties at run time.

The following input is used for the installer:

  • openidm_location: File location of IDM home directory.

  • project_location: File location of IDM project directory.

  • openidm_url: URL where IDM can be reached. This will often be localhost.

  • openidm_version: The version of IDM. This will either be 6.5 or 7.0.

  • openidm_admin: User ID for the user with the openidm-admin role.

  • openidm_admin_password: Password for the openidm-admin role.

  • create_local_ds: Create a datasource for the IDM database. Note: IDM must be running if this is set to yes.

Names are those found in the properties file. If a properties file is not used, equivalent input will be gathered directly from the installer.

The installer will print updates to the console until it successfully completes.

Clustered Environment

Currently, the installer script can only be run once per environment. In a clustered environment, manual steps need to be completed to copy artifacts to subsequent nodes once the installer has been run on the first node. The following needs to be replicated on each node after the first:

  1. Copy the following files from the installer zip into the IDM installation directory:

    1. Everything in the /IDR/openidm/script directory, copied into the script directory of the installation.

    2. Everything in the /IDR/openidm/conf directory, copied into the conf directory of the installation.

    3. All jar files under /IDR/openidm/bundle directory, copied into the bundle directory of the installation.

    4. All jar files under the /IDR/openidm/bundle/X.x/ directory corresponding to the version of IDM, copied to the bundle directory of the installation

    5. The entire /IDR/openidm/reporting directory, copied into the IDM installation directory.

  2. Copy the following files from the first node’s IDM installation directory:

    • openidm/script/access.js

  3. Delete or move the following file from the IDM installation directory:

    • openidm/bundle/httpclient-osgi-4.x.x.jar

Post-Installation Instructions

After installation steps are complete, it is recommended that the installer ZIP and the created installation folders and files be removed from the server.

IDM/AM Integration for 7.0

If installing ForgeRock Identity Reporting into an IDM environment that is configured to authenticate through ForgeRock Access Management (AM), you must configure an OAuth client in AM for the reporting context.

To start, refer to section 2.1.2 of the ForgeRock Platform Setup Guide found at the following url: https://backstage.forgerock.com/docs/platform/7/platform-setup-guide/#proc-auth-clients

In step 5 of the section, instructions are given to configure a client for the end-user UI. For Identity Reporting, please repeat those steps with the following adjustments:

  • Client ID. identity-reporting-ui

  • Core. Redirect URIs: [IDM domain]/governance/appAuthHelperRedirect.html

  • Advanced. Subject Type: Public