A
Oracle9i Application Server Configuration Files

This appendix provides information about the configuration files which can affect the connection to and the behavior of the Oracle9i Application Server and its components in the middle-tier as well as on other machines to which it is connecting.

Specific topics covered include:

• Control Points and File Locations
  • Oracle HTTP Server Configuration File (httpd.conf)

  • JServ Configuration File (zone.properties)

  • Database Access Descriptor (DAD) Configuration File (wdbsvr.app)

  • Oracle Database Connection File (tnsnames.ora)

  • Login Server Configuration Table

  • Login Server's Partner Application Table

  • Local HOSTS File

A.1 Control Points and File Locations

The following is a listing of the important Oracle9i Application Server configuration control points and their locations:

Table A-1 List of Oracle Portal Control Points

Configuration File/table	Location or Description
Oracle HTTP Server	<ORACLE_HOME>/Apache/Apache/conf/httpd.conf
Apache JServ	<ORACLE_HOME>/Apache/Jserv/servlets/zone.properties
PL/SQL Gateway	<ORACLE_HOME>/Apache/modplsql/cfg/wdbsvr.app
Database Connection	<ORACLE_HOME>/network/admin/tnsnames.ora
Login Server enabler table	Oracle Portal and Login Server's configuration table, WWSEC_ENABLER_CONFIG_INFO$.
Login server configuration table	Login Server's Partner Applications configuration table, WWSSO_PAPP_CONFIGURATION_INFO$.
Local HOSTS file	The HOSTS file is used by Microsoft TCP/IP stack for your Windows operating system and is typically located in the Windows directory on your local machine.

where <ORACLE_HOME> is the location of your Oracle9i Application Server installation.

A.1.1 Oracle HTTP Server Configuration File (httpd.conf)

The Oracle HTTP Server powered by Apache configuration file, httpd.conf, contains configuration information for running the Oracle HTTP Server. The contents of this file includes information about listening ports, server names, virtual hosts, proxy configurations, and the like. Also, configuring Secure Sockets Layer (SSL) support by defining information such as certificates and other HTTPS configuration directives is done in this file.

<ORACLE_HOME>/Apache/Apache/conf/httpd.conf 

See: "Enabling Secure Socket Layer (SSL)"

A.1.2 JServ Configuration File (zone.properties)

The zone.properties file contains information specific to the servlets being run under the Apache JServ environment. This is the environment where the Parallel Page Engine servility runs. This file sets up specific parameters which the servlets use for initialization.

This file is used by the servlets at initialization time. The Parallel Page Engine uses this file to get certain required information for it to run properly. If configuring the Portal to run in SSL mode, one of the items needed here is to tell the Parallel Page Engine which ports are secure ports. This way it knows what protocol should be used on different ports. You can add as many ports as needed for secure communication by separating the port numbers with a colon ":".

See also: "Securing Ports to Use Certificates and HTTPS"

A.1.3 Database Access Descriptor (DAD) Configuration File (wdbsvr.app)

The wdbsvr.app file contains the definition of the Database Access Descriptors (DADs) which define the connection information that the PL/SQL Gateway (mod_plsql) uses to connect to a particular database schema.

The DAD is the entity which informs the middle-tier which database to connect to, and the username and password for connecting to that database. By specifying the appropriate connect string, the middle-tier can connect to a database on any remote host, or may connect to a database on the local machine.

See also: Chapter 6, "Configuring the PL/SQL Gateway"

When setting up a DAD for use with the Login Server or Oracle Portal, the following entries must be made:

where

Table A-2 Database Access Descriptor (DAD) configuration parameters

Parameter	Description
User name	Name of the Oracle Portal product schema. Default = PORTAL30 The user name and password specifies the "trusted" user for the entire portal instance. When the Oracle9i Application Server middle-tier connects to Oracle Portal, it initially connects as the "trusted" user specified in the DAD. Once the connection is established, the trusted user becomes the actual database user for the portal user (i.e. portal30_public), using the connect through functionality supported in the database. As a result, all database users on which you want to map portal users must be granted connect through privileges through the trusted user. If you create the new schema in Oracle Portal, select the "Use this schema for Portal users" check box in the Create Schema dialog box. Oracle Portal performs this grant for you automatically.
Password	Password to the Oracle Portal product schema. Note: Any changes to this password from the database (for example, using "alter user"), should be updated in the DAD as well. Otherwise, a "Proxy Logon Failed" error may occur.
Connect String	The connect string defines where the schema specified in User name, resides. The connect string entry must also be defined in the tnsnames.ora file associated with the <ORACLE_HOME> of the Oracle9i Application Server installation.
Authentication Mode	For Oracle Portal 3.0 and the Login Server, set the mode to "Single Sign-On." This mode provides for session creation and uses N-Tier authentication to access the database.
Default Page	Set the default page to the home procedure in the Oracle Portal product schema. Default = PORTAL30.home

See also: "Using the PL/SQL Gateway" guide provided with the Oracle9i Application Server documentation library.

A.1.4 Oracle Database Connection File (tnsnames.ora)

The tnsnames.ora file defines the entries that can be used as connect strings in the DADs.

Also, the tnsnames.ora file in the Oracle Home location containing your Oracle9i Application Server must have a connect string entry pointing to the database where your Oracle Portal installation is located.

In the C shell, for example, type the following at a command line prompt:

setenv TNS_ADMIN path  

where:

path points to the tnsnames.ora file. This command differs depending on the shell.

See also: "Net8 Administrator's Guide" in the Oracle8i database documentation library.

A.1.5 Login Server Configuration Table

The WWSEC_ENABLER_CONFIG_INFO$ table is the configuration table for the Single Sign-on enabler stack.

Each Partner Application to the Login Server has such a table for configuration information. As such, one such table exists in the Oracle Portal schema as well as the Login Server schema, since the Login Server application is a Partner Application as well. This table defines the login URL for the Login Server which this Partner Application is associated with.

It is important to understand how the LSNR_TOKEN is used in the enabler configuration table in order to plan what entries are required depending on your configuration.

This table may have more than one entry. There is one entry for each way the application's server is addressed. Understanding this requires a review of the authentication sequence. For the purposes of this discussion, the main flows include:

• Initial request to the requested URL.

• Redirect to the Login Server for authentication.

• Redirect to Oracle Portal's success URL (wwsec_app_priv.process_signon).

• Redirect back to the requested URL.

The Login Server (SSO) partner enabler APIs read the WWSEC_ENABLER_CONFIG_INFO$ table for configuration information. Similarly, in the Login Server, the Login Server's private APIs read the WWSSO_PAPP_CONFIGURATION_INFO$ table. In the latter table, the URL that should be redirected to each Partner Application.

Since each Partner Application's success URL is stored in the Login Server's Partner Application configuration table, to support multiple host names for the Partner Application, each distinct host name requires its own Partner Application entry on the Login Server so that each one can specify a success URL that has the same hostname as the Partner Application so that the session cookie can be scoped appropriately. Furthermore, the domain to which cookies are scoped includes the server name (ServerName) and port, so server.domain.com:80 is treated as a different cookie domain from server.domain.com:8080.

Each entry in the enabler configuration table is then selected based on the host name and port that was used by the Partner Application.

For example, let's say that you wanted Oracle Portal to be accessible from http://www.xyz.com as well as http://www.abc.com. In this case, two Partner Applications must be registered in the Login Server. One is defined for the www.xyz.com host and the other for the www.abc.com host. Each one specifies a success URL that is appropriate:

• http://www.xyz.com/pls/portal30/portal30.wwsec_app_priv.process_signon for the www.xyz.com partner

• http://www.abc.com/pls/portal30/portal30.wwsec_app_priv.process_signon for the www.abc.com application

Each of these Partner Application entries on the Login Server would have a distinct site id, site token, and encryption key. Oracle Portal's enabler configuration table has one row for each Partner Application, for example:

LSNR_TOKEN SITE_ID LS_LOGIN_URL ...

www.xyz.com 1321 https://www.login.com/pls/...

www.abc.com 1322 https://www.login.com/pls/...

See also: For a complete understanding of Oracle's Web Single Sign-On architecture and the concept of Partner applications, see the "Oracle Single Sign-On Application Programmers Guide."

A.1.6 Login Server's Partner Application Table

The configuration table on the Login Server's side is the Partner Application Table, WWSSO_PAPP_CONFIGURATION_INFO$. Maintenance of this table is typically done using the Login Server application's user interface for Adding or Editing Partner Applications.

On an initial installation on a single database instance, the ssodatan script populates both the Login Server's partner configuration table as well as Oracle Portal's enabler configuration table.

If running the linstall script to install a standalone Login Server, this script populates the Login Server's enabler configuration table and Partner Application configuration table as part of the installation. See "Manually Installing a Login Server with the linstall Script".

A.1.7 Local HOSTS File

The HOSTS file on a network host defines mappings of IP names to IP addresses. Normally, the association of IP name to IP address is provided by a Domain Name Server (DNS). In some of the configurations described in Chapter 3, "Basic Oracle Portal Configurations", a host may need to be addressed in an internal network with a domain name that is not defined within the internal network. In these cases, the server's HOSTS file can provide the necessary name resolution.