|Oracle® Application Server Release Notes
10g (10.1.4.0.1) for AIX 5L Based Systems (64-Bit)
Part Number B32104-06
This chapter describes management and security issues associated with Oracle Application Server. It includes the following topics:
This section describes general management issues with installation of Oracle Application Server. If includes the following topic:
After you enable SSL for Oracle Identity Management, you must modify the
targets.xml configuration file to be sure that Application Server Control can connect to the required OracleAS Single Sign-On and Oracle Delegated Administration Services URLs:
Locate and open the
targets.xml file with a text editor.
The file is located in the destination Oracle home:
targets.xml file, locate the Oracle Delegated Administration Services element:
<Target TYPE="oracle_das_server" ... > .... </Target>
oracle_das_server element, update the properties shown in Table 3-1 with the recommended values shown for each property.
Table 3-1 OracleAS Single Sign-On and Oracle Delegated Administration Services Properties to Modify in the targets.xml Configuration File
|Property||Description and Required Value|
The protocol used by the Oracle HTTP Server. The value can be either HTTP or HTTPS (for secure SSL connections).
The physical port used to monitor the Oracle Delegated Administration Services on the host. This is often the default Oracle HTTP Server port.
The physical port used to monitor Oracle Delegated Administration Services on the host. This is often the default Oracle HTTP Server port.
The complete Oracle Delegated Administration Services URL, including the protocol, physical host name, and port. Do not use the load balancer virtual host and port.
The complete URL used by Application Server Control to monitor the Oracle Delegated Administration Services, including the protocol, physical host name, and port. Do not use the load balancer virtual host and port.
Locate the OracleAS Single Sign-On element within the
<Target TYPE="oracle_sso_server" ... > .... </Target>
Edit the values for the
HTTPProtocol properties within the
Be sure to enter the port and protocol for the physical OracleAS Single Sign-On host; do not use the port and protocol used to connect to the load balancer.
Save your changes and close the
You can change the IP address of a host that contains a OracleAS Metadata Repository, whether it is one created by an installation of OracleAS Infrastructure or by running Oracle Application Server Repository Creation Assistant. The chapter, "Changing Network Configurations" in the Oracle Application Server Administrator's Guide describes how to change the IP address.
If the tnsnames.ora file contains the IP address, you must take the following steps to change the IP address of a OracleAS Metadata Repository created by the Repository Creation Assistant:
Stop all processes in the middle tier and Infrastructure.
ORACLE_HOME environment variable.
On the Metadata Repository host, if the entry in the
/network/admin/tnsnames.ora file contains the IP address for the OracleAS Metadata Repository, change the IP address.
Start the Oracle Internet Directory server instance, for example:
$ORACLE_HOME/bin/oidmon start $ORACLE_HOME/bin/oidctl connect=connect_string server=oidldapd\ instance=server_instance_number\ configset=configset_number] [host=virtual/host_name] \ start
On the middle tier host, if the entry in the
/network/admin/tnsnames.ora file contains the IP address for the Metadata Repository, change the IP address in the file.
Start the middle tier.
If you install the following:
Install a 10.1.4.0.1 OracleAS Infrastructure with Identity Management
Install Oracle Identity Management Agent Plug-in on the same host
In Oracle Enterprise Manager Grid Control, navigate to Targets > Identity Management > DIP
In the Integration Profiles table, only one profile is displayed and it shows a status of "disabled".
To workaround this issue:
Using the Directory Integration Assistant (
dipassistant), enable any profile.
Refresh the Oracle Directory Integration Platform (DIP) page in Oracle Enterprise Manager 10g Grid Control.
All fourteen Integration Profiles will be displayed.
The Oracle Application Server Administrator's Guide describes how to change the hostname of machine containing an Identity Management installation. However, the procedure may fail if SSL is enabled (in this case, the non-ssl port is not available). Therefore, if SSL is enabled, you must take the following steps before you change the hostname of the machine:
Check the values of the OIDport and SSLOnly parameters in the following file:
(UNIX) Oracle_Home/config/ias.properties (Windows) Oracle_Home\config\ias.properties
Verify that the non-SSL port for Oracle Internet Directory is enabled and up. If it is not, enable the non-SSL port for Oracle Internet Directory. Using Oracle Directory Manager, take the following steps:
In the navigator pane, expand Oracle Internet Directory Servers, then the directory server instance, then Server Management.
Expand either Directory Server or Replication Server, as appropriate. The numbered configuration sets are listed beneath your selection.
Select the configuration set that you want to change.
On the General tab, enter a port number for Non-SSL port, if there is not a port number listed.
On the SSL Settings tab page, change the SSL enabled field to Both SSL and Non-SSL.
Restart the server instance.
In the Oracle homes for the other Identity Management components, run the Change Identity Management Services wizard and associate the other Identity Management components to Oracle Internet Directory using the non-ssl port:
Using the Application Server Control Console, navigate to the Application Server Home page for instance and click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
On the Change Identity Management page, specify the Host name and, for Port, the non-SSL port number.
Follow the steps in the wizard for supplying the login information.
Verify that the ias.properties file contains the following:
Proceed with the rest of the procedure as documented in the Oracle Application Server Administrator's Guide. After you complete the procedure, you can reenable SSL using the Application Server Control Console's Identity Management Services wizard.
This section describes documentation errata in management documentation. It includes the following topic:
Application Server Control Consoleincludes references to Oracle Application Server Web Cache and Oracle Application Server Portal. In fact, these two components are not distributed as part of the Oracle Identity Management product.
These references in the Application Server Control Console online help can be ignored.