Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Portal Server 6 2004Q2 Administration Guide 

Chapter 15
Managing the Sun Java System Portal Server System

This chapter describes the various administrative tasks associated with maintaining the Sun Java™ System Portal Server system.

This chapter contains these sections:

Configuring Secure Sockets Layer (SSL)

You can configure Secure Sockets Layer (SSL) with Sun Java System Portal Server and associated components in the following ways:

To Configure SSL with Sun Java System Portal Server

Use this procedure if you chose to run SSL on your machine during the Sun Java System Portal Server installation.

  1. Create a trust database for the web server on which you installed Sun Java System Portal Server.

    2. See Chapter 5, “Creating a Trust Database” in the Sun Java System Web Server 6 2004Q2, Enterprise Edition Administration Guide at the following URL for more information:

    http://docs.sun.com/source/816-5682-10/index.htm

  2. Request a certificate for the web server on which you installed Sun Java System Portal Server software and install the certificate on the web server instance.

    3. See Chapter 5, “Requesting and Installing a VeriSign Certificate” or “Requesting and Installing Other Server Certificates” in the Sun Java System Web Server 6 2004Q2, Enterprise Edition Administration Guide for more information.

  3. Turn on encryption for the Sun Java System Portal Server web server instance.

    4. In the web server administration console, select the Preferences tab, select Add Listen Socket, then select Edit Listen Socket and turn on security.

    See Chapter 5, “Turning Security On,” in the Sun Java System Web Server 6 2004Q2, Enterprise Edition Administration Guide for more information,

  4. Click Apply and Apply Changes in the web server administration console.
  5. Restart Sun Java System Portal Server.

    6. /etc/init.d/amserver start

  6. The system prompts you for the password to get to the certificate database.

    7. This step occurs each time you restart the web server (executing /etc/init.d/amserver start).

    Note

    To avoid having to type the passphrase on each reboot, create a file named .wtpass that contains the web server passphrase and place it in the DSAME-BASEDIR/SUNWam/config directory. If you reboot the system with a secure web server without having this file, you must type in the passphrase at the system console.

  7. Verify that you can now log on to the Sun Java System Portal Server portal using SSL:
    • To log on to the Sun Java System Identity Server administration console, type:
      https://server:port/amconsole
    • To log on as a user to the Desktop, type:
      https://server:port/deploy_uri

      for example,
      https://sesta:80/portal/dt

To Modify an Existing Sun Java System Portal Server Installation to Use SSL

Use this procedure if you answered n when asked “Do you want to run SSL on hostname?” during the Sun Java System Portal Server installation. See the Sun Java System Portal Server 6 2004Q2 Installation Guide for more information.

  1. Log in to the Sun Java System Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.
  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. In the server list, change http to https.
  5. Click Save to save your changes.
  6. Install the certificate on the web server.

    7. See Step 1 through Step 4 in To Configure SSL with Sun Java System Portal Server for details.

  7. Copy the server.xml and magnus.conf files from /BaseDir/SUNWam/servers/https-hostname-domain/conf_bk directory to the /BaseDir/SUNWam/servers/https-hostname-domain/config directory. BaseDir is the Sun Java System Identity Server base directory.
  8. Add the following line to the /BaseDir/SUNWam/lib/AMConfig.properties file if the root CA is not installed for your certificate.

    9. com.sun.am.jssproxy.trustAllServerCerts=true

    This option tells JSS to trust the certificate.

  9. In the /BaseDir/SUNWam/lib/AMConfig.properties file, change http to https for the following:

    10. com.sun.am.server.protocol

    com.sun.am.naming.url

    com.sun.am.notification.url

    com.sun.am.session.server.protocol

    com.sun.services.cdsso.CDCURL

    com.sun.services.cdc.authLoginUrl

  10. Restart Sun Java System Portal Server.
    1. To restart a single Sun Java System Portal Server instance, type:

      2. /etc/init.d/amserver start

    2. To restart multiple Sun Java System Portal Server instances, type:

      3. /etc/init.d/amserver startall

  11. The system prompts you for the password to get to the certificate database.

See Chapter 11, “Managing SSL” in the Sun Java System Directory Server Administration Guide for more information.

To Configure a Sun Java System Portal Server Instance to Use SSL

  1. Log in to the Sun Java System Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.
  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. In the server list, change http to https.
  5. Click Save to save your changes.
  6. Install the certificate on the web server.

    7. See Step 1 through Step 4 in To Configure SSL with Sun Java System Portal Server for details.

  7. If this server is part of a multi-instance installation, copy the server.xml and magnus.conf files from /BaseDir/SUNWam/servers/https-instance_nickname/conf_bk directory to the /BaseDir/SUNWam/servers/https-instance_nickname/config directory.
  8. Add the following line to the /BaseDir/SUNWam/lib/AMConfig-instance_nickname.properties file if the root CA is not installed for your certificate.

    9. com.sun.am.jssproxy.trustAllServerCerts=true

    This option tells JSS to trust the certificate.

  9. In the /BaseDir/SUNWam/lib/AMConfig-instance_nickname.properties file, change http to https for the following:

    10. com.sun.am.server.protocol

    com.sun.am.naming.url

    com.sun.am.notification.url

    com.sun.am.session.server.protocol

    com.sun.services.cdsso.CDCURL

    com.sun.services.cdc.authLoginUrl

  10. Restart Sun Java System Portal Server.
    1. To restart a single Sun Java System Portal Server instance, type:

      2. /etc/init.d/amserver start

    2. To restart multiple Sun Java System Portal Server instances, type:

      3. /etc/init.d/amserver startall

  11. The system prompts you for the password to get to the certificate database.

See Chapter 11, “Managing SSL” in the Sun Java System Directory Server Administration Guide for more information.

Backing Up and Restoring Sun Java System Portal Server Configuration

The Sun Java System Portal Server user and service configuration is stored on the directory server in an LDAP Directory Information Tree (DIT). This allows you to back up and restore configuration information via a Lightweight Directory Interchange Format (LDIF) file.

To Back Up a Sun Java System Portal Server Configuration

To back up Sun Java System Portal Server configuration information use the db2ldif command. This command is available in the slapd-hostname directory within the base directory of the directory server. For example, if the directory server was installed to the default install directory (/usr/ldap) on the server sesta, the base directory would be /usr/ldap/slapd-sesta.

  1. Change directories to the directory server base directory containing the db2ldif command.

    2. cd DS_BASEDIR/slapd-HOSTNAME

  2. Save the configuration to an LDIF file using the db2ldif command with the -s option specifying the top level of the DIT for Sun Java System Portal Server. For example, to save a configuration in which the top level of the DIT is isp, type the following:

    3. ./db2ldif -s "o=isp"

    The data are saved to an LDIF file. The command saves the file to a the current directory. The following format is used to name the file:

    YYYY_MM_DD_HHMMSS.ldif

    After the file is saved, the following example output displays:

    [16/May/2002:14:11:25 -0700] - Backend Instance: userRoot

    ldiffile: /usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif

    [16/May/2002:14:11:28 -0700] - export userRoot: Processed 178 entries (100%).

To Restore a Sun Java System Portal Server Configuration

You can restore the Sun Java System Portal Server configuration information you have backed up via the db2ldif command using the ldif2db command. This command is available in the slapd-hostname directory within the base directory of the directory server. For example, if the directory server was installed to the default install directory (/usr/ldap) on the server sesta, the base directory would be /usr/ldap/slapd-sesta.

  1. Change directories to the directory server base directory containing the ldif2db command by entering:

    2. cd DS_BASEDIR/slapd-HOSTNAME

  2. Stop the directory server by entering:

    3. ./stop-slapd

  3. Restore the configuration from the LDIF file to the directory server using the ldif2db command with the -s option specifying the top level of the DIT for Sun Java System Portal Server and the -i option specifying the file name. For example, to restore the LDIF file saved in the previous procedure to the top level of the DIT of isp, type the following:

    4. ./ldif2db -s "o=isp" -i /usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif

    After the configuration is restored, the following example output displays:

    importing data ...

    [16/May/2002:16:37:02 -0700] - Backend Instance: userRoot

    [16/May/2002:16:37:03 -0700] - import userRoot: Index buffering enabled with bucket size 13

    [16/May/2002:16:37:03 -0700] - import userRoot: Beginning import job...

    [16/May/2002:16:37:03 -0700] - import userRoot: Processing file "/usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif"

    [16/May/2002:16:37:04 -0700] - import userRoot: Finished scanning file "/usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif" (178 entries)

    [16/May/2002:16:37:05 -0700] - import userRoot: Workers finished; cleaning up...

    [16/May/2002:16:37:08 -0700] - import userRoot: Workers cleaned up.

    [16/May/2002:16:37:08 -0700] - import userRoot: Cleaning up producer thread...

    [16/May/2002:16:37:08 -0700] - import userRoot: Indexing complete. Post-processing...

    [16/May/2002:16:37:08 -0700] - import userRoot: Flushing caches...

    [16/May/2002:16:37:08 -0700] - import userRoot: Closing files...

    [16/May/2002:16:37:09 -0700] - import userRoot: Import complete. Processed 178 entries in 6 seconds. (29.67 entries/sec)

  4. Restart the directory server by entering:

    5. ./start-slapd

Changing Sun Java System Portal Server Network Settings

To physically move a server running Sun Java System Portal Server software from one network to another, you need only change the fully qualified domain name mapping the IP address in the /etc/hosts file. There are no other hardcoded addresses that need to be changed.

Managing a Multiple UI Node Installation

When you install Sun Java System Portal Server software onto multiple UI nodes, you need to make a configuration change to the Platform attributes in the Sun Java System Identity Server administration console. You edit the Server List attribute to include the URLs for each UI node.

The Sun Java System Identity Server naming service reads the Server List attribute at initialization time. This list contains the Sun Java System Identity Server session servers in a single Sun Java System Identity Server configuration. For example, if two Sun Java System Identity Server servers are installed and should work as one, they must both be included in this list. If the host specified in a request for a service URL is not in this list, the naming service will reject the request. The first value in the list specifies the host name and port of the server specified during installation. Additional servers can be added using the format protocol://server:port.

To Add Additional Portal Servers to the Server List

  1. Log in to the Sun Java System Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. Edit the Server List attribute.

    5. For each server functioning as a UI node, type the server URL, for example, http://host1.sesta.com:80 and then click the Add button. The URL then appears in the Server List.

  5. Click Save.

Configuring a Sun Java System Portal Server Instance to Use an HTTP Proxy

If the Sun Java System Portal Server software is installed on a host that cannot directly access certain portions of the Internet or your intranet, you might want to configure the instance to use an HTTP proxy.

The Portal Server is configured to use an HTTP proxy by setting the http.proxyHost and http.proxyPort Java Virtual Machine (JVM) system properties in the web container that is running the Portal Server web application. The method for setting JVM system properties varies on different web containers. The procedure described in this section is specifically for configuring the Sun Java System Web Server instance to use an HTTP proxy.

  1. Change directories to the directory server base directory containing the configuration for the instance by entering:

    2. cd /BaseDir/SUNWam/servers/https-hostname-domain/config

  2. Edit the server.xml file within this directory and add the following lines:

    3. JVMOPTIONS-Dhttp.proxyHost=proxy_host/JVMOPTIONS

    JVMOPTIONS-Dhttp.proxyPort=proxy_port/JVMOPTIONS

    where proxy_host is the fully-qualified domain name of the proxy host and proxy_port is the port on which the proxy is run.

    Note

    If the server.xml file has a proxy set up (using the http.proxyHost= and http.proxyPort= options) you may want to add the http.nonProxyHosts=proxy_host option. It is possible that the portal server may not be accessible through the proxy server, unless the portal server is added to the proxy server access list.

Managing Sun Java System Portal Server Logs

You can configure Sun Java System Portal Server logging to log information to a flat file or to a database. When logging to a database, the JDBC protocol is used.

To Configure Logging to a File

  1. Log in to the Sun Java System Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to Logging.

    4. The Logging attributes appear in the data pane.

  4. Select File as the Logging Type attribute.
  5. Specify the directory path for the log files in the Log Location attribute.
  6. Specify the maximum file size in bytes for the log file in the Max Log Size attribute.
  7. Specify the number of backup logs in the Number of History Files attribute.
  8. Click Save.

To Configure Logging to a Database

  1. Log in to the Sun Java System Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to the Logging service in the navigation pane.

    4. The Logging attributes appear in the data pane.

  4. Select JDBC as the Logging Type attribute.
  5. Specify a user name and password with which to connect to the database in the Database User Name and Database User Password attributes.
  6. Specify the driver to use for logging in the Database Driver Name attribute.
  7. Click Save.

Debugging Sun Java System Portal Server

This section describes how to set the debug level to help you troubleshoot various Sun Java System Portal Server components.

To Set the Debug Level for Sun Java System Identity Server

The debug level allows you to define the types of messages sent to the debug log. The following levels are supported:

By default, debug messages are sent to log files in the /var/opt/SUNWam/debug directory.

To set the debug level:

  1. Define the debug level in the following line of the /etc/opt/SUNWps/desktopconfig.properties file:

    2. debugLevel=value

  2. Restart Sun Java System Portal Server:

    3. /etc/init.d/amserver start

  3. Examine the various log files under /var/opt/SUNWam/debug as well as the Sun Java System Web Server log file.



Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.