|
Oracle® Application Server Portal Configuration Guide
10g Release 2 (10.1.4) B19305-03 |
|
 Previous |
 Next |
|
Oracle® Application Server Portal Configuration Guide
10g Release 2 (10.1.4) B19305-03 |
|
|
Previous |
Next |
This appendix provides information about the configuration files and tables that can affect the connection to and the behavior of the Oracle Application Server and its components in the middle tier and on other computers to which it is connecting.
Specific topics covered include:
The Oracle HTTP Server configuration file, httpd.conf, contains configuration information for running the Oracle HTTP Server. The content of this file includes information about listening ports, server names, virtual hosts, proxy configurations, and the like. This file also configures Secure Sockets Layer (SSL) support by defining information such as certificates and other HTTPS configuration directives. This file is available at the following location:
ORACLE_HOME/Apache/Apache/conf/httpd.conf
If you create additional virtual hosts in Oracle HTTP Server, then you must add the RewriteEngine and RewriteOptions mod_rewrite directives for the virtual host that is used by OracleAS Portal, in the httpd.conf file as shown in the following example (shown in bold text):
NameVirtualHost *:7778 <VirtualHost *:7778> ServerName www.xyz.com Port 7779 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit </VirtualHost>
This file contains the configuration parameters for the PL/SQL Database Access Descriptor (DAD). A DAD is a set of values that specifies how a database server should fulfill a HTTP request.
You can add a portal DAD or update a DAD by editing the dads.conf file. You can update the dads.conf file either by using Oracle Enterprise Manager 10g Application Server Control Console or by manually editing the file.
If you manually update the dads.conf file, then you must also add the necessary mod_rewrite and mod_oc4j directives in the httpd.conf and mod_oc4j.conf files respectively. You can do this in either of the following two ways:
Using Application Server Control Console
Perform the following tasks using the Application Server Control Console:
Access the mod_plsql Configuration Pages. For details about accessing these pages, refer to the Oracle Application Server mod_plsql User's Guide.
Select the portal DAD and click Edit.
Click Apply without making any changes in the Edit mode.
Restart the Oracle HTTP Server and OC4J_Portal.
This ensures that the required mod_rewrite and mod_oc4j directives are added.
Manually Editing the dads.conf File
Based on the type of updates you make in the dads.conf file, perform all or some of the following tasks:
If you added a new portal DAD in the dads.conf file, then you must add the following Rewrite directives to the httpd.conf file:
RewriteRule (^/pls/<dad>/.*) /portal$1 [PT] RewriteRule (^/pls/<dad>$) /portal$1 [PT]
where <dad> is the name of the new DAD. For example:
RewriteRule (^/pls/mydad/.*) /portal$1 [PT] RewriteRule (^/pls/mydad$) /portal$1 [PT]
If you modified a DAD name in the dads.conf file, then you must update the Rewrite directives described in the previous step with the new DAD name.
If you have manually created or updated any CGI environment variable in the dads.conf file, then you must update this variable in the mod_oc4j.conf file also. For example, an environment variable TEST_APP is available in the following format in the dads.conf file:
PlsqlCGIEnvironmentList TEST_APP
In the mod_oc4j.conf file, this variable is available in the following format:
Oc4jEnvVar TEST_APP
For details about updating the mod_oc4j.conf file, refer to the Oracle HTTP Server Administrator's Guide.
|
Note: In themod_oc4j.conf file, you must specify the environment variable only once, even if two DADs use the same environment variable.
|
To synchronize the manual configuration changes done on the middle tier, run the following commands:
MID_TIER_ORACLE_HOME/dcm/bin/dcmctl updateConfig -ct ohs MID_TIER_ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server MID_TIER_ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_Portal
SQL*Net configuration files define the entries that can be used as connect strings in the DADs. Typically, the tnsnames.ora and sqlnet.ora files in the location ORACLE_HOME/network/admin contain information on how Oracle Application Server can connect to the database where the OracleAS Portal installation is located. If you want to connect to the portal repository, you need to ensure that the TNS_ADMIN variable is properly configured. For example, in the C shell, enter the following at a command-line prompt:
setenv TNS_ADMIN path
Here, path points to the directory containing the tnsnames.ora file.
|
Note: This command differs depending on the shell used. |
If you want the Oracle Application Server installation to reference SQL*Net configuration files from another location, you must configure the TNS_ADMIN environment variable in opmn.xml, by performing the following steps:
Edit ORACLE_HOME/opmn/conf/opmn.xml.
Locate the tag for ias-instance in this file.
Locate the tag named <environment> within this tag.
Add a new variable TNS_ADMIN pointing to the path you want to use for SQL*Net name resolution. For example:
<ias-instance id="as1014.myinstance.abc.com">
<environment>
...
<variable id="TNS_ADMIN" value="/u01/app/oracle/network/admin/>
...
</environment>
Restart the middle tier by issuing the following commands:
MID_TIER_ORACLE_HOME/opmn/bin/opmnctl stopall MID_TIER_ORACLE_HOME/opmn/bin/opmnctl startall
For more details on SQL*Net configuration, refer to the Oracle Database Net Services Administrator's Guide in the Oracle Database 10g documentation library. For more details on configuring Oracle Process Manager and Notification Server (OPMN), refer to the Oracle Application Server Administrator's Guide.
The following OracleAS Web Cache configuration files can be found in the ORACLE_HOME/webcache directory:
webcache.xml
internal.xml
internal_admin.xml
The WWSEC_ENABLER_CONFIG_INFO$ table is the configuration table for the Single Sign-On enabler stack. Typically, modifications to this table are handled by running the Portal Dependency Settings tool (ptlconfig), in the case of advanced configurations. This section is provided for additional information about the SSO configuration table. Modifications are not to be made directly, but instead by using the Portal Dependency Settings tool, ptlconfig. See Appendix A, "Using the Portal Dependency Settings Tool and File" for more information.
Each partner application to the OracleAS Single Sign-On has such a table for configuration information. One such table exists in the OracleAS Portal schema and the OracleAS Single Sign-On schema, because the OracleAS Single Sign-On application is also a partner application. This table defines the login URL for the OracleAS Single Sign-On that this partner Application is configured to use.
It is important to understand how the LSNR_TOKEN is used in the enabler configuration table, to help you plan what entries are required depending on your configuration.
This table may have more than one entry. There is one entry for each way the application's server is addressed. Understanding this requires a review of the authentication sequence. For the purpose of this discussion, the main flows include:
Initial request to the requested URL
Redirect to the OracleAS Single Sign-On for authentication
Redirect to OracleAS Portal's success URL (wwsec_app_priv.process_signon)
Redirect back to the requested URL
The OracleAS Single Sign-On (SSO) partner enabler APIs read the WWSEC_ENABLER_CONFIG_INFO$ table for configuration information. Similarly, in the OracleAS Single Sign-On, the OracleAS Single Sign-On's private APIs read the WWSSO_PAPP_CONFIGURATION_INFO$ table. In the latter table, the URL should be redirected to each partner application.
Because each partner application's success URL is stored in the OracleAS Single Sign-On's partner application configuration table, to support multiple host names for the partner application, each distinct host name requires its own partner application entry on the OracleAS Single Sign-On. This is so that each one can specify a success URL that has the same hostname as the partner application, so that the session cookie can be scoped appropriately. Furthermore, the domain to which cookies are scoped includes the server name (ServerName) and port, so server.domain.com:80 is treated as a different cookie domain from server.domain.com:8080.
Each entry in the enabler configuration table is then selected based on the host name and port that was used by the partner application.
For example, let's say that you wanted OracleAS Portal to be accessible from http://www.xyz.com and http://www.abc.com. In this case, two partner applications must be registered in the OracleAS Single Sign-On. One is defined for the www.xyz.com host and the other for the www.abc.com host. Each one specifies a success URL that is appropriate:
http://www.xyz.com/portal/pls/portal/portal.wwsec_app_priv.process_signon for the www.xyz.com partner
http://www.abc.com/portal/pls/portal/portal.wwsec_app_priv.process_signon for the www.abc.com application
Each of these partner application entries on the OracleAS Single Sign-On would have a distinct site ID, site token, and encryption key. OracleAS Portal's enabler configuration table has one row for each partner application, for example:
LSNR_TOKEN SITE_ID LS_LOGIN_URL …
www.xyz.com 1321 https://www.login.com/pls/…
www.abc.com 1322 https://www.login.com/pls/…
The configuration table on the OracleAS Single Sign-On's side is the partner application Table, WWSSO_PAPP_CONFIGURATION_INFO$. Maintenance of this table is typically done using the OracleAS Single Sign-On application's user interface for adding or editing partner applications.
For an initial installation on a single database instance, running the Portal Dependency Settings Tool, ptlconfig, populates both the OracleAS Single Sign-On's partner configuration table and OracleAS Portal's enabler configuration table. For example:
ptlconfig -dad portal -sso
The HOSTS file on a network host defines mappings of IP names to IP addresses. Normally, a Domain Name Server (DNS) provides the mapping of IP name to IP address. In some of the configurations described in Chapter 4, "Performing Basic Configuration and Administration", a host may need to be addressed in an internal network with a domain name that is not defined within the internal network. In these cases, the server's HOSTS file can provide the necessary name resolution.
You can use Oracle Enterprise Manager 10g Application Server Control Console for administering OracleAS Portal. Application Server Control Console is a Web-based tool that enables you to perform some of the management tasks described in this book. Refer to Chapter 7, "Monitoring and Administering OracleAS Portal" for more information about using Oracle Enterprise Manager 10g.
