Skip Headers
Oracle® Application Server Release Notes
10g (10.1.4.0.1) for Solaris Operating System (SPARC 64-Bit)

Part Number B32089-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

3 General Management and Security Issues

This chapter describes management and security issues associated with Oracle Application Server. It includes the following topics:

3.1 General Management Issues

This section describes general management issues with installation of Oracle Application Server. If includes the following topic:

3.1.1 Modifying targets.xml After Enabling SSL for Oracle Identity Management 10g (10.1.4.0.1)

After you enable SSL for Oracle Identity Management, you must modify the targets.xml configuration file to be sure that Application Server Control can connect to the required OracleAS Single Sign-On and Oracle Delegated Administration Services URLs:

  1. Locate and open the targets.xml file with a text editor.

    The file is located in the destination Oracle home:

  2. In the targets.xml file, locate the Oracle Delegated Administration Services element:

    <Target TYPE="oracle_das_server" ... >
       ....
    </Target>
    
  3. Within the oracle_das_server element, update the properties shown in Table 3-1 with the recommended values shown for each property.

    Table 3-1 OracleAS Single Sign-On and Oracle Delegated Administration Services Properties to Modify in the targets.xml Configuration File

    Property Description and Required Value

    HTTPProtocol

    The protocol used by the Oracle HTTP Server. The value can be either HTTP or HTTPS (for secure SSL connections).

    MonitorPort

    The physical port used to monitor the Oracle Delegated Administration Services on the host. This is often the default Oracle HTTP Server port.

    DasPort

    The physical port used to monitor Oracle Delegated Administration Services on the host. This is often the default Oracle HTTP Server port.

    DasURL

    The complete Oracle Delegated Administration Services URL, including the protocol, physical host name, and port. Do not use the load balancer virtual host and port.

    DasMonitorURL

    The complete URL used by Application Server Control to monitor the Oracle Delegated Administration Services, including the protocol, physical host name, and port. Do not use the load balancer virtual host and port.


  4. Locate the OracleAS Single Sign-On element within the targets.xml file:

    <Target TYPE="oracle_sso_server" ... >
       ....
    </Target>
    
  5. Edit the values for the HTTPPort and HTTPProtocol properties within the oracle_sso_server element.

    Be sure to enter the port and protocol for the physical OracleAS Single Sign-On host; do not use the port and protocol used to connect to the load balancer.

  6. Save your changes and close the targets.xml file.

3.1.2 Changing the IP Address of a Metadata Repository Created with Oracle Application Server Repository Creation Assistant

You can change the IP address of a host that contains a OracleAS Metadata Repository, whether it is one created by an installation of OracleAS Infrastructure or by running Oracle Application Server Repository Creation Assistant. The chapter, "Changing Network Configurations" in the Oracle Application Server Administrator's Guide describes how to change the IP address.

If the tnsnames.ora file contains the IP address, you must take the following steps to change the IP address of a OracleAS Metadata Repository created by the Repository Creation Assistant:

  1. Stop all processes in the middle tier and Infrastructure.

  2. Set the ORACLE_HOME environment variable.

  3. On the Metadata Repository host, if the entry in the $ORACLE_HOME/network/admin/tnsnames.ora file contains the IP address for the OracleAS Metadata Repository, change the IP address.

  4. Start the Oracle Internet Directory server instance, for example:

    $ORACLE_HOME/bin/oidmon start
    $ORACLE_HOME/bin/oidctl connect=connect_string server=oidldapd\ 
    instance=server_instance_number\
    configset=configset_number] [host=virtual/host_name] \
    start
    
  5. On the middle tier host, if the entry in the $ORACLE_HOME/network/admin/tnsnames.ora file contains the IP address for the Metadata Repository, change the IP address in the file.

  6. Start the middle tier.

3.1.3 Oracle Enterprise Manager Grid Control Does not Display all Integration Profiles

If you install the following:

  • Install a 10.1.4.0.1 OracleAS Infrastructure with Identity Management

  • Install Oracle Identity Management Agent Plug-in on the same host

  • In Oracle Enterprise Manager Grid Control, navigate to Targets > Identity Management > DIP

  • In the Integration Profiles table, only one profile is displayed and it shows a status of "disabled".

To workaround this issue:

  1. Using the Directory Integration Assistant (dipassistant), enable any profile.

  2. Refresh the Oracle Directory Integration Platform (DIP) page in Oracle Enterprise Manager 10g Grid Control.

  3. All fourteen Integration Profiles will be displayed.

3.1.4 Additional Information for Changing Hostname for Identity Management Installations

The Oracle Application Server Administrator's Guide describes how to change the hostname of machine containing an Identity Management installation. However, the procedure may fail if SSL is enabled (in this case, the non-ssl port is not available). Therefore, if SSL is enabled, you must take the following steps before you change the hostname of the machine:

  1. Check the values of the OIDport and SSLOnly parameters in the following file:

    (UNIX) Oracle_Home/config/ias.properties
    (Windows) Oracle_Home\config\ias.properties
    

    If SSLOnly is set to true and OIDport has an empty value, proceed with Steps 2 through 5.

  2. Verify that the non-SSL port for Oracle Internet Directory is enabled and up. If it is not, enable the non-SSL port for Oracle Internet Directory. Using Oracle Directory Manager, take the following steps:

    1. In the navigator pane, expand Oracle Internet Directory Servers, then the directory server instance, then Server Management.

    2. Expand either Directory Server or Replication Server, as appropriate. The numbered configuration sets are listed beneath your selection.

    3. Select the configuration set that you want to change.

    4. On the General tab, enter a port number for Non-SSL port, if there is not a port number listed.

    5. On the SSL Settings tab page, change the SSL enabled field to Both SSL and Non-SSL.

    6. Click Apply.

    7. Restart the server instance.

  3. In the Oracle homes for the other Identity Management components, run the Change Identity Management Services wizard and associate the other Identity Management components to Oracle Internet Directory using the non-ssl port:

    1. Using the Application Server Control Console, navigate to the Application Server Home page for instance and click the Infrastructure link.

    2. On the Infrastructure page, in the Identity Management section, click Change.

    3. On the Change Identity Management page, specify the Host name and, for Port, the non-SSL port number.

    4. Follow the steps in the wizard for supplying the login information.

  4. Verify that the ias.properties file contains the following:

    OIDport=<non-empty_value>
    SSLonly=false
    
  5. Proceed with the rest of the procedure as documented in the Oracle Application Server Administrator's Guide. After you complete the procedure, you can reenable SSL using the Application Server Control Console's Identity Management Services wizard.

3.2 Documentation Errata

This section describes documentation errata in management documentation. It includes the following topic:

3.2.1 References to OracleAS Web Cache and OracleAS Portal in the Application Server Control Console Online Help

Application Server Control Consoleincludes references to Oracle Application Server Web Cache and Oracle Application Server Portal. In fact, these two components are not distributed as part of the Oracle Identity Management product.

These references in the Application Server Control Console online help can be ignored.