Oracle9iAS Portal Configuration Guide Release 3.0.9 Part Number A90096-01 |
|
This chapter provides information about Oracle Portal after installation and the configuration tasks that you can perform.
Specific topics covered include:
Oracle Portal is installed primarily in the Oracle8i database, with some supporting components installed on the middle-tier in Oracle9i Application Server.
If you install Oracle Portal in the default mode, six schemas are created. The default base schema name is portal30 which you can change at installation time.
With each Oracle Portal installation, a default set of login accounts is created. If the product is installed in a schema named portal30, the following default accounts are created:
The following groups are created at installation time:
After Oracle Portal is installed, access it by entering the following URL in your browser:
http://<hostname>:<portnumber>/pls/<dad>
Table 2-4 defines the URL to enter in the browser to access Oracle Portal.
See also:
|
You can simplify the full URL created by the Oracle Portal installation to a more memorable or meaningful URL using the Apache Redirect directive. In this way, end users can access Oracle Portal by entering a simple URL.
By default, the URL for a new Oracle Portal installation requires you to enter:
http://<hostname>:<portnumber>/pls/<dad>
You can simplify this URL to:
http://<hostname>/<redirectpath>
http.conf
. By default this file is located in the following directory:
<ORACLE_HOME>/Apache/Apache/conf/
Redirect /<DADnamepath> http://<hostname>:<portnumber>/pls/<dad>
For example:
Redirect /portalhome http://mysite.oracle.com/pls/portal30
In this example, end users can enter the following:
http://mysite.oracle.com/portalhome
to access the full URL which is as follows:
http://mysite.oracle.com:80/pls/portal30
This technique also works with any valid path that is appended to the URL. For example, if you want to display the Oracle Portal Online Help Content Area, enter:
http://mysite.us.oracle.com/portalhome/url/folder/ONLINE_HELP
If you use manually started JServ processes in Oracle9i Application Server, then you need to add the Oracle Portal classpaths to the CLASSPATH variable. Manually started JServ processes do not read wrapper.classpath
entries in the jserv.properties
file.
You can choose to install and display the Oracle Portal user interface in any of the 24 supported languages from your browser. To install support for a given language, run the wwvseedus.sql and langinst.csh
scripts. Once the language is installed you use the Set Language portlet to choose which language Oracle Portal should use.
Table 2-5 lists the supported languages and their abbreviations.
To install support for a given language in Oracle Portal:
<ORACLE_HOME>/portal30/admin/plsql
directory.
langinst.csh <-s portal_schema> <-p portal_password> <-o sso_schema> <-d sso_ password> <-c portal_connect_string> -l <language> -available
langinst.cmd <-s portal_schema> <-p portal_password> <-o sso_schema> <-d sso_ password> <-c portal_connect_string> -l <language> -available
langinst.csh -s portal30 -p portal30 -o portal30_sso -d portal30_sso -c orcl -l cs -available
Table 2-6 lists the language script parameters for langinst
.
Parameter | Description |
---|---|
|
The database schema for the Oracle Portal database objects. The default is |
|
The Oracle database password for the Oracle Portal schema. The default is |
|
The Oracle database schema for Login Server objects. The default is |
|
The Oracle database password for Login Server schema. The default is |
|
The connect string for the database in which the Oracle Portal schema is installed. Provide the connect string only if the schema is located on a remote database. |
|
The abbreviation for the language you want to install. See Table 2-5, "Supported languages and abbreviations". |
|
Ensures that the tabs are translated. This is required. |
Typically, the Set Language portlet is added to your content area home page, but you can add it to any page. See the Oracle Portal Online Help for instructions on how to add portlets to pages.
Arabic and Hebrew are languages which are displayed from right to left on the screen, rather than left to right. These are also known as BiDi (bidirectional) languages. If using these languages, you need to run a script which updates certain Oracle Portal metadata to provide proper graphics support for some of the required images. To install the graphic support for BiDi languages:
<ORACLE_HOME>/portal30/admin/plsql/nlsres
sqlplus portal30/portal30
@imginst.sql
This section describes how to use Oracle Universal Installer to deinstall Oracle products (which deinstalls them from the Oracle Universal Installer inventory) instead of removing them manually.
To deinstall Oracle Portal, follow these steps:
The Welcome window for Oracle Universal Installer appears.
The Inventory dialog box appears.
The Inventory Confirmation window appears.
The products are deinstalled from your computer. The Inventory dialog box appears without the deinstalled products.
Deleting a single Oracle Portal schema and/or the Login Server is performed from the Oracle Portal Configuration Assistant.
To deinstall an Oracle Portal schema or the Login Server:
Choose Start -> Programs -> Oracle Home -> Oracle Portal Configuration Assistant
Go to the $OH/assistants/opca
directory and run the launch.sh
script
Click the option to Deinstall Oracle Portal or the Login Server.
If you want to allow users to create new accounts for themselves through a link on the Login Portlet, you do so by installing the self-registration feature as follows:
wwsso_api_user_admin
. This synonym must be called wwsso_api_user_admin
.
wwsso_api_user_admin
package in the Login Server SSO schema to the user administration access schema.
wwctx_api_vpd
package. This synonym must be called wwctx_api_vpd
.
wwctx_api_vpd
package in the Login Server SSO schema to the user administration access schema.
<ORACLE_HOME>/portal30/admin/plsql
directory of the directory in which Oracle Portal is installed.
selfreg.csh -s <portal_schema> -p <portal_password> -ua <sso_uadmin_schema> -c <portal_connect_string> -dblink <sso_uadmin_dblink>
selfreg.cmd -s <portal_schema> -p <portal_password> -ua <sso_uadmin_schema> -c <portal_connect_string> -dblink <sso_uadmin_dblink>
selfreg.csh -s myportal -p myportal -ua myportal_sso_ua -c orcl -dblink uadmin_ link
You can switch on and off Beta features from the Oracle Portal Global Settings page, in the following way:
Certificates are encrypted files which allow a client and server to pass sensitive data securely. Oracle Portal supports the x.509 certificate standard. This is the type of certificate supplied by most major certificate authorities.
Certificates can be either 40 bit or 128 bit encryption strengths. The greater the number of bits, the more secure the certificates.
Table 2-8 lists the major types of certificates.
These certificates can be purchased from many different authorities. Oracle Portal currently supports Thawte, Verisign, and Netscape certificate providers.
In addition to the certificate, you also need specific signature, and/or chain files from the provider of your certificate. These files are available from your provider's Web site or customer service.
The Certificate Authority (CA) file is the base signature file for the certificate file you have purchased. This file validates the certificate you are using. It informs clients that they can trust the certificate they have received. You require a CA file for any type of certificate you use.
The certificate chain file links your certificate to the CA file. You require one of these files if you are using a Global Site ID or if you are using other types of certificates from another provider.
There are several files involved with the certificates. Put these files in the appropriate directory. You can set up the configuration differently, however, this is the standard configuration.
Table 2-9 lists the certificate files and locations.
With HTTPS, you use certificates for ports to increase security. To set this up, edit the zone.properties
file.
Table 2-10 lists the locations of the zone.properties
files.
Operating System | Location |
---|---|
Windows NT/2000 |
<ORACLE_HOME>\Apache\Jserv\servlets\zone.properties |
UNIX |
<ORACLE_HOME>/Apache/Jserv/etc/zone.properties |
Then select a configuration method. You can configure Oracle Portal so that ports use HTTPS when needed, or at all times.
You can set up HTTPS so that the browser and middle tier use HTTPS only when needed. HTTP is used for communication within the middle tier. This saves the overhead of HTTPS when it is not needed.
First, add the following line to the zone.properties
file:
servlet.page.initArgs=useScheme=http
This specifies that the Parallel Page Engine should use HTTP for all requests to the middle tier on which it is running. The Parallel Page Engine uses HTTP for all requests to the portal.
Next, add the following line to the zone.properties
file:
servlet.page.initArgs=usePort=80 (or any other valid port)
This specifies that the Parallel Page Engine should use port 80 for all requests to the middle tier on which it is running. If a request is made on port 433, the Parallel Page Engine ignores the port and uses port 80 instead.
Finally, in the wdbsvr.app file, in the DAD configuration add the following to the cgi_env_list
parameter:
cgi_env_list=REQUEST_PROTOCOL=HTTPS,SERVER_PORT=(https port)
This provides the security of HTTPS, without the overhead of parallel connections over the secure protocol.
You can set up HTTPS so that it is used by the ports at all times. The Parallel Servlet must be aware of which port(s) are operating under HTTPS.
Add the following line to the zone.properties
file:
servlet.page.initArgs=httpsports=<port1>:<port2>:. . . :<portn>
Each port in this list operates using the HTTPS protocol, and must have a certificate created on the Oracle HTTP Server on that port.
See also:
|
This section addresses how to configure Oracle Portal for HTTPS. It is possible to configure the system so that only the Login Server is configured for HTTPS, or configure it such that both Oracle Portal and the Login Server use HTTPS.
The Apache mod_ssl documentation describes how to configure the server to support HTTPS ports. After configuring the server to support HTTPS ports, run the ssodatan
or ssodatax
script(s), specifying the appropriate protocol and ports. For example, if you wanted to configure the Login Server to use HTTPS, but have Oracle Portal on HTTP, then run the ssodatan
script as follows:
ssodatan -w http://portal.acme.com/pls/portal30/ -l https://login.acme.com/pls/portal30_sso/ -s portal30 -o portal30_sso
The following sections address the particular requirements for configuring Oracle Portal for HTTPS.
The Oracle HTTP Server configuration file, httpd.conf
, contains all of the configuration information for the Oracle HTTP Server powered by Apache, including the certificate configuration. Enter the path locations for the following configuration lines. These configuration lines should already exist in comment form (#).
Table 2-11 lists the certificate entries in the Oracle HTTP Server configuration files.
Note:
Do not use the environment variables such as your |
The following subsections indicate the configuration entries required in the httpd.conf
file, corresponding to each type of certificate. These configuration entries have been used successfully to set up Verisign certificates.
The usage varies slightly depending upon the certificate type you are installing. For example, if the certificate you are using has a chain file, then follow the Global Site ID configuration described in the following. If your certificate only uses a CA certificate file, then use the Secure Site ID configuration.
Oracle Portal and the Login Server can be configured to run in HTTPS mode if your portal requires increased security. For optimal performance, you can also choose to have a mixed configuration where Oracle Portal is run in HTTP mode and the Login Server is run in HTTPS mode.
Secure Socket Layer (SSL) is responsible for securing Web HTTP communication between a browser and a Web server in plain HTTP over SSL (named HTTPS). Enabling SSL to work with the Oracle HTTP Server is handled by the mod_ssl
package which is provided with the Apache Web server. It uses the URL scheme HTTPS rather than HTTP and a different server port.
Follow these steps to configure SSL on both Oracle Portal and the Login Server:
cd <ORACLE_HOME>\Apache\open_ssl\bin
where <ORACLE_HOME>
is the location of your Oracle9i Application Server product.
openssl.cnf
file and find the following line:
RANDFILE = $ENV::HOME/.rnd
HOME = .
before this line so that it appears as follows:
HOME = . RANDFILE = $ENV::HOME/.rnd
openssl md5 * > rand.dat openssl genrsa -rand rand.dat -des3 1024 > key.pem openssl req -new -key key.pem -out csr.pem -config openssl.cnf=
abc.oracle.com
.
This action produces a key.pem
and csr.pem
file. Send the csr.pem
file to the certificate authority to obtain the certificate. For example, in the case of a Verisign trial certificate, you would do the following:
http://www.verisign.com
and request a trial certificate by clicking "Secure Your Website."
csr.pem
file that was generated earlier in this step.
portalcert.crt
) with further instructions. One of the steps describes how to obtain the Root Trial CA from Verisign. Import this certificate into your browser according to these instructions.
trialcacert.crt
.
Exporting from Internet Explorer
Go to Tools, Internet Options, Content, Certificates, Trusted Root, Certification Authorities, and then Export.
Exporting from Netscape
Refer to Netscape documentation on exporting certificates.
On Windows NT
Remove the password from key.pem
as follows:
copy key.pem key.pem-orig
openssl rsa -in key.pem-orig -out key.pem
copy portalcert.crt to Apache\Apache\conf\ssl.crt copy trialcacert.crt to Apache\Apache\conf\ssl.crt copy key.pem to Apache\Apache\conf\ssl.key copy key.pem-orig to Apache\Apache\conf\ssl.key
Oracle Portal maintains the URL prefix of the Login Server which accesses certain information through HTTP calls from the database, using the UTL_HTTP
package. These calls must be done through HTTP rather than HTTPS.
Thus, if Oracle Portal and the Login Server are configured to use HTTPS, access to an HTTP port on the Login Server is still required to support these interfaces. The calls made across this interface are required for the following reasons:
To set this URL prefix, which is called the Login Server Query Path URL, complete these steps:
By default, it is the same prefix as specified for the Login Server when running the ssodatan
or ssodatax
scripts. However, if these scripts specify an HTTPS protocol, then manually update this parameter to use an HTTP protocol.
If you are using SSL, the default port is 443. With Oracle Portal versions prior to 3.0.8, you need to create two enabler configuration entries, and two corresponding partner configuration entries on the Login Server. Specify the :443 port for one entry, and exclude it for the additional entry.
To add the additional entry, follow the basic procedure of adding the partner entry on the Login Server using the Login Server Administration user interface, and then add the configuration entry on the Oracle Portal side by using the ssodatax
script.
If using Oracle Portal version 3.0.8 or later, you only need a single entry, one which excludes the :443 from the URL.
In the Oracle HTTP Server configuration file, httpd.conf
, comment out the following line to permit Microsoft Internet Explorer browsers to work in HTTPS mode:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
If you want to setup a virtual host, it can be done in one of two ways:
When the IP name is used, several aliases use the same IP address. In this case, Apache (or any browser supporting virtual name addresses) looks at the Host field in the HTTP request and determines which of the virtual addresses should be emulated.
However, when SSL is used, the IP name is encrypted. This causes the problem, because the software does not know which decryption key to use since the keys differ by virtual name. If there were 1000 separate virtual addresses supported, then on average the software would try 500 different keys to determine which key to use to decode the message. This is not practical, at least for performance reasons.
https://ssladdress.com/virtualname1/<page desired>
).
The Reports Security Portlet is installed as part of the Oracle Portal installation. Depending on the edition of the Oracle9i Application Server installed, the Reports Security Portlet may be hidden. To show the Reports Security Portlet:
The Reports Security Portlet displays in the Administer tab.
|
Copyright © 2001 Oracle Corporation. All Rights Reserved. |
|