|
Sun Java System Portal Server Release Notes for Microsoft Windows |
Sun Java™ System Portal Server Release Notes for Microsoft Windows
Version 6 2005Q1
Part Number 819-1586-10
These Release Notes contain important information available at the time of release of Sun Java™ System Portal Server 6 2005Q1 for Windows. Known issues and limitations, and other information are addressed here. Read this document before you begin using Portal Server 6.
The most up-to-date version of these release notes can be found at the Sun Java System documentation web site: http://docs.sun.com/app/docs/coll/PortalServer_05q1. Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and product documentation.
These release notes contain the following sections:
Third-party URLs may be referenced in this document and provide additional, related information.
Release Notes Revision History
About Portal Server 6 2005Q1The Sun Java System Portal Server 6 2005Q1 product gives end users a Portal Desktop, which provides access to resources and applications. The Portal Server software also provides a search engine infrastructure that enables intranet content to be organized and accessed from the Portal Desktop. Additionally, in this release, the communication channels are now installed with the Portal Server software. The communication channels consist of mail, calendar, address book, and instant messaging channels.
Portal Server also offers Secure Remote Access support, which enables remote users to securely access their organization’s network and the services offered over the Internet. Additionally, it gives your organization a secure Internet portal, providing access to content, applications, and data to any targeted audience: employees, business partners, or the general public.
This section contains the following:
What’s New in Portal Server 6 2005Q1
The following Secure Remote Access features are new and have not been documented in the Sun Java System Portal Server Secure Remote Access 6 2005Q1 Administration Guide.
- HTTPS Support in Proxylet. This implementation has the following results:
- Decryption is done at the client server.
- You can access destination servers running in SSL mode.
- Can directly present client certificate to the destination server.
- Basic authentication single sign on is no longer available at the gateway. (The Gateway can not insert SSO information in http headers.)
- URL-based access control is no longer supported, only host-based access control,
- External accelerators and external reverse proxies in front of the GW are not currently supported.
- This support is not for Proxylet with Portal Server on HTTPS.
- The Proxylet Java applet now has rules that determine the content of the PAC file. All HTTP requests go to Proxylet. The Proxylet rules allow the administrator to specify mappings based on protocol, host, or port to domains.
- Using the Access Manager administration console, the Portal Server administrator can choose whether to launch Netlet with Java Web Start or the Netlet applet. If the administrator chooses Java Web Start, when the user clicks Netlet icon on the desktop, the browser is launched and Netlet runs. When using Java Web Start, once it is deployed, Netlet does not need to be downloaded again.
Hardware and Software Requirements
The following hardware and software are required for this release of Portal Server.
For software requirements, see the Sun Java Enterprise System Release Notes at http://docs.sun.com.
Post Installation Configuration
This section is organized as follows:
The psconfig batch file
If you have installed Portal Server with the Sun Java Enterprise System installer with the “Configure Later” option, use psconfig to configure the Portal Server component product. The following checklists in this section describe the parameters used to configure the Portal Server component product.
To run psconfig:
If you have performed a minimal installation, you will need to use the psconfig script to configure your Portal Server installation. The following checklists describe the values that you will need for a post-install configuration. Depending on the type of installation you perform, the values that you use might vary.
The Checklists are organized in the following way:
Portal Server And Secure Remote Access Configuration Checklist
is a three column table that lists all the values that you might need for a post-install configuration. Depending on the type of installation you perform, the values that you use might vary.
Gateway Configuration Checklist
The following table is a three column table for the Gateway Installation Checklist.
Netlet Proxy Configuration Checklist
The following table is a three column table for the Netlet Proxy Installation Checklist. The first column lists the parameters. The second column lists the default value. The third column lists a description for the parameter.
Rewriter Proxy Configuration Checklist
The following table is a three column table for the Rewriter Proxy Installation Checklist. The first column lists the parameters. The second column lists the default value. The third column lists a description for the parameter.
Configuring Portal Server in Interactive Mode
- As root in a terminal window, go to the directory that contains the psconfig batch file:
cd PortalServer-base/config
- To configure Portal Server in interactive mode, execute the psconfig batch file by typing psconfig-c <component name> and then enter appropriate answers for the configuration questions.
Portal Server
The following table is a three column table that lists all the values that you might need for a post-minimal install configuration. Depending on the type of installation you perform, the values that you use might vary.
Table 7 Portal Server Configuration Checklist
Question
Default Value
Description
Portal Server Configuration Information
What is the Portal Server Web Containers host
myportalbox.mydomain.com
Fully Qualified Name of the Portal Server
Is the Portal Server Web Containers port secure
No
The Protocol to be used while accessing the Portal Server. Possible values are No : If the Protocol is http. Or Yes: If the Protocol is https
What is the Portal Server Web Containers port
80
Port number to be used for accessing the Portal Server.
What is the Portal Server deployment URI
/portal
The URI is the space on the web server or application server that the Portal Server uses. The value for the deployment URI must have a leading slash and must contain only one slash. However, the deployment URI can not be a “/" by itself.
Choose the container to which the portal server needs to be configured:
1. Sun Java System Web Server
2. Sun Java System Application Server 8.1
1
The web container on which Portal Server is being deployed. Possible values are
1 = Sun Java System Web Server
Web Container Information
Sun Java System Web Server
Where is the Web Container installed
C:\Sun\Appplication Server
Directory in which the Sun Java System Web Server is installed.
What is the Web Container instance
myportalbox.mydomain.com
The web server instance you want the Portal Server to use. Note: The instance name should not contain spaces.
Web Container Information
Sun Java System Application Server 8.1
Where is the Web Container installed
C:\Sun\Appplication Server
Directory in which the Sun Java System Application Server 8.1 is installed
What is the Web Container domain
domain1
The Sun Java System Application Server domain contains a set of instances. The domain specified will contain the instance used by the Portal Server. This domain must already be configured.
What is the Web Container Deploy Instance Dir
C:\Sun\Appplication Server\domains\domain1
The full path of the domain specified that will be configured for the Portal Server.
What is the Web Container Deploy Instance
server
The name of the Sun Java System Application Server instance to which the Portal Server will be deployed. This instance must already be configured. The instance name should not contain spaces.
What is the Web Container Document Directory
C:\Sun\Appplication Server\domains\domain1\docroot
The Application Server Directory where static pages are kept.
Who is the Web Container administrator
admin
The administrator user ID.
What is the HostName of the Machine where Web Container is Installed
myportalbox.mydomain.com
The administration server hostname.
Is the Web Container administration port secure
Yes
The Protocol to be used while accessing the Portal Server. Possible values are No If the Protocol is http Or Yes If the Protocol is https.
What is the Web Container administration port
4849
The port number of the administration server. Note: The default Administrator Port for Sun Java System Application Sever 8.1 is “4849.”
What is the Web Container administrator password
This is the web-container’s Administrator Password.
Identity Server Information
What is the Access Manager Administrator (amadmin) Password
Administrator (amadmin) Password
The top level administrator (amadmin) password chosen during the Sun Java System Identity Server software installation.
Again
Re-enter the top level administrator (amadmin) password.
What is the Access Manager Internal LDAP Authentication User Password
Internal LDAP Authentication User Password
The Internal LDAP Authentication User Password chosen during the Sun Java System Identity Server installation.
Again
Re-enter the Internal LDAP Authentication User Password.
What is the Directory Manager DN
Directory Manager DN
cn=Directory Manager
The directory manager DN chosen during the installation of the Sun Java System Directory Server.
What is the Directory Manager Password
Directory Manager Password
The Directory Manager Password chosen during the installation of the Sun Java System Directory Server.
Again
Re-enter the Directory Manager Password.
PS_DEPLOY_ADMIN_PASSWORD
Deploy AdministratorPassword
This is the web-container’s Administrator Password.
Secure Remote Access Core Configuration Information (for configuring Secure Remote Access Support)
What is the Gateway protocol
Gateway Protocol
https
The Protocol used by the gateway. The gateway will communicate using Secure Sockets Layer (SSL).
What is the Portal Server domain
Portal Server Domain
portal-server-domain-name
The domain name for the machine on which the Portal Server is installed.
What is the Gateway domain
Gateway Domain
gateway-domain-name
The domain name of the gateway machine.
What is the Gateway port
Gateway Port
443
The port on which the gateway listens.
What is the Gateway profile
Gateway Profile Name
default
A gateway profile contains all the information related to gateway configuration, such as the port on which gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway administration console and associate different instances of gateway with different profiles.
See “Creating a Gateway Profile” in the Sun Java System Portal Server, Secure Remote Access 6 2005Q1 Administrator’s Guide.
What is the Gateway logging user password
Gateway Logging User Password
This allows administrators with non-root access to look at gateway log files.
Again
Re-enter the Gateway Logging User Password.
Gateway
The following table is a three column table that contains the checklist for gateway configuration. Column one lists the parameter. Column two contains the default value for the parameter. Column three lists the description.
Netlet Proxy
The following table is a three column table for the Netlet Proxy configuration checklist. Column one lists the parameter. Column two lists the default value. Column three contains the description.
Rewriter Proxy
The following table is a three column table that contains the Rewriter Proxy configuration checklist. Column one lists the parameter. Column two lists the default value. Column three contains the description.
For information on post-installation tasks see Portal Server Post-Installation Tasks.
Configuring Portal Server in Silent Mode
To configure the Portal Server using the samplesilent file, modify the pssamplesilent file located at PortalServer-base/config and execute the psconfig batch file.
For information on post-installation tasks see Portal Server Post-Installation Tasks
Portal Server Post-Installation Tasks
Post-installation tasks need to be performed for each of the following components:
Portal Server
To access the Portal Server or the Identity Server administration console the directory server and the web container must first be started.
The following post-installation tasks depend on the type of web container on which you deployed the Portal Server.
Sun Java System Web Server
To start the Sun Java System Web Server:
or
Sun Java System Application Server 8.1
To configure the Application Server Instance, do the following:
- Stop the domain instance. In a terminal window, type:
AppServer-base\bin\asadmin.bat stop-domain domainname
For example
C:\Sun\ApplicationServer\bin\asadmin.bat stop-domain domain1
- Start the domain instance. In a terminal window, type:
AppServer-base\bin\asadmin.bat start-domain --user
administrator-user-name --password administartor-user-password domainname
For example,
C:\Sun\ApplicationServer\bin\asadmin.bat start-domain --user admin --password
password domain1
Secure Remote Access
When using the Portal Server with the gateway, the gateway Certificate Authority (CA) certificate must be added to the Portal Server trusted CA list, regardless of whether the Portal Server is running in HTTP or HTTPs mode.
When a user session time out or user session logout action happens, the Sun Java System Identity Server sends a session notification to the gateway. Even when the Sun Java System Identity Server is running in HTTP mode, it will act as an SSL client using HttpsURLConnection to send the notification. Since it is connecting to an SSL server (the gateway), it should have the gateway CA certificate as part of the Trusted CA list or it should have an option to allow self signed certificate.
To create HttpsURLConnection, the Java Virtual Machine (JVM™) property -Djava.protocol.handler.pkgs needs to be set.
If Portal Server is running on the Sun Java System Web Server, Sun Java System Application Server, or BEA WebLogic Server, this property is correctly set to com.iplanet.services.com by default. The Sun Java System Identity Server package has the implementation of HttpsURLConnection and it provides an option to accept self-signed certificates from any SSL server by adding the flag com.iplanet.am.jssproxy.trustAllServerCerts=true in the AMConfig.properties file.
The -Djava.protocol.handler.pkgs is not set by default for the IBM WebSphere Application Server. The HttpsURLConnection implementation for supported application servers must use their own default handler (this could be JSSE or custom SSL implementation).
Configuring Multiple Gateways on Multiple Portals
When installing a second gateway on a second portal, you must manually update the Forward Cookie URLs value to point to the second Portal.
Starting and Stopping the Gateway
- Start the gateway using the following command:
Net Start SRA.Gateway.new-profile-name
default is the default name of the gateway profile that is created during installation. You can create your own profiles later, and restart the gateway with the new profile. See “Creating a Gateway Profile” in Chapter 2 of the Sun Java System Portal Server, Secure Remote Access 6 2005Q1 Administration Guide.
Netlet and Rewriter Proxy
Before starting the Netlet Proxy and the Rewriter Proxy, ensure that the gateway profile is updated with the Netlet Proxy and the Rewriter Proxy options.
The Sun Java System Portal Server software NetFile needs jCIFS libraries (bundled as SUNWjcifs) for Windows access. This needs to be installed in Portal Server node only.
Verifying the Portal Server Installation
Access the Portal Server Administration Console and Desktop
To Access the Sun Java System Identity Server Administration Console
- Open a browser.
- Type protocol://hostname.domain:port/amconsole
For example,
http://example.com:80/amconsole
- Enter the administrator’s name and password to view the administration console.
This is the name and password you specified at the time of installing the Sun Java System Identity Server software.
To Access the Portal Server Desktop
Verify the Portal Server installation by accessing the Desktop. Use the following URL to access the Desktop: protocol://fully-qualified-hostname:port/portal-URI
For example,
http://example.com:80/portal
When you access the Desktop, the Authless Desktop is displayed. This allows users accessing the Desktop URL to be authenticated automatically and granted access to the Desktop.
If the sample Portal Desktop displays without any exception, then your Portal Server installation is good.
Verifying the Gateway Installation
- Run the following command to check if the gateway is running on the specified port (the default port is 443):
net start
If the gateway is not running, start the gateway in the debug mode, and view messages that are printed on the console. Use the following command to start the gateway in debug mode:
net start debug
Also view the log files after setting the gateway.debug attribute in the platform.conf.profilename file to message. See the section Understanding the platform.conf File in Chapter 2, “Administering Gateway” in the Sun Java System Portal Server, Secure Remote Access 6 2005Q1 Administration Guide, for details.
- Run the Portal Server in secure mode by typing the gateway URL in your browser:
https://gateway-machine-name:portnumber
If you have chosen the default port (443) during installation, you need not specify the port number.
- Login to the Identity Server administration console as administrator using the user name amadmin, and using the password specified during installation.
You can now create new organizations, roles, and users and assign required services and attributes in the administration console.
Bugs Fixed in This ReleaseNone.
Important InformationThis section contains the latest information that is not contained in the core product documentation. This section covers the following topics:
Installation Notes
Portal Server
For Java Enterprise System 6 2005Q1, Portal Server can be installed and configured to run with either:
To Run the Liberty Samples
The liberty samples are designed for a Portal Server and Access Manager installation on same system.
To run the Liberty samples on a Portal Server/Access Manager separated install, do the following:
- Make sure the SP_HOST_DOMAIN value in configSP.sh points to the Access Manager full install host.
- In the administration console of Access Manager that is acting as Service Provider, set the Provider Home Page to URL=http://portal-server-host:port/portal/dt
To set this value:
- Change “Single Sign-On Failure Redirect URL” and set it to http://portal-server-host:port/portal/dt?libertySSOFailed=true
To set this value:
- Set the PreLogin URL to http://portal-server-host:identity-server-port/amserver/preLogin?metaAlias=is-host&goto=http://portal-server-host:portal-server-port/portal/dt
To set this value:
- Go to Identity Management, Select Users from the drop down Menu.
- Click on authlessanonymous user and then select Portal Desktop from the View drop down list in the Navigation Frame.
- Click on the Edit link.
- Click on Manage Channels and Containers.
- Click on Edit properties of the Login Channel
- Set the PreLogin URL to http://portal-server-host:identity-server-port/amserver/preLogin?metaAlias=is-host&goto=http://portal-server-host:portal-server-port/portal/dt.
- Set the following in the AMConfig.properties file on the Portal Server host:
Web Containers
For detailed instructions on installing the Sun Java Server component products, refer to the Sun Java Enterprise System Installation Guide at http://docs.sun.com/db/doc/817-5760
Deprecated Features
The NetMail application is being deprecated in this release of the Sun Java System Portal Server product.
Documentation Updates for Portal Server 6 2005Q1
Portal Server Administration Guide
The settings on the Instant Messaging Channel edit page have changed. The Desktop user now has to configure only two settings (if the administrator has not configured the channel for a single Instant Messaging Server).
The two Instant Messaging Server settings are now:
Secure Remote Access Administration Guide
The following items are not documented in the online help or Sun Java System Portal Server 6 2005Q1 Secure Remote Access Administration Guide, but are part of the Access Manager administration console.
- Gateway -> Core -> Gateway Minimum Authentication Level is not documented in the online help or the administration guide.
- The Proxylet rules (as shown on the Access Manager console) are not documented in the online help or the administration guide. For information on configuring Proxylet rules, see Proxylet Rules.
Proxylet Rules
A Proxylet rules field has been added to the Access Manager administration console.
The Proxylet rules specify the domain and proxy settings in the Proxy Auto Configuration (PAC) file.
To modify the Proxylet rules, do the following:
- Log in to the Access Manager administration console as administrator.
- Select the Identity Management tab.
- Select Organizations from the View drop-down list.
- Click the required organization name. The selected organization name is reflected as the location in the top left corner of the administration console.
- Select Services from the View drop-down list.
- Click the arrow next to Proxylet under SRA Configuration.
- Click Edit.
- Enter the proxy-host and proxy-port, using the following syntax:
[Protocol:]Domain1[,Domain2,...]:IP or Host:Port
where,
Protocol – can contain http/ftp/https. (This field is optional).
Domain – is any domain such as sun.com. Multiple domains are separated by a comma.
IP – is the IP address of the domain.
proxy-host – proxy server used for this domain(s)
proxy-port – proxy server port
The following special constructs allow dynamic insertions into the rule.
If a rule contains the string proxylet-host:proxylet-port as the proxy server, then the generated PAC file replaces the string with the host and port of Proxylet.
Online Help
The Search channel Help page states in the Advanced Search section:
The Is and Begins with operators are no longer used.
Known Issues and LimitationsThis section describes the known issues and limitations of Portal Server 6 2005Q1 for Windows. For a list of the known issues and limitations in the component, refer to the following Release Notes: http://docs.sun.com/app/docs/doc/817-7699.
This section consists the following:
Web Server
After installing Portal Server in quick config mode, restart the Web Server (6232651)
After installing Portal Server in quick configure mode, the user needs to restart the Web Server.
Workaround
None.
Language Selection Drop Down List
Unable to select any other language other than “English (United States)” (6294881)
When you login to Portal Server and edit the tab "User Information", the drop down list of languages has only English (United States) option.
Workaround
None.
Redistributable FilesSun Java System Portal Server 6 2005Q1 does not contain any files which you can redistribute.
How to Report Problems and Provide FeedbackIf you have problems with Sun Java System Portal Server, contact Sun customer support using one of the following mechanisms:
- Sun Software Support services online at
http://www.sun.com/service/sunone/softwareSo that we can best assist you in resolving problems, please have the following information available when you contact support:
- Description of the problem, including the situation where the problem occurs and its impact on your operation
- Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem
- Detailed steps on the methods you have used to reproduce the problem
- Any error logs or core dumps
If your problems seem to be associated with a client, please have the following information available:
- What client types are new
- What default client type settings have changed and how
- What errors or exceptions are reported in the /var/opt/SUNWam/debug/render.debug file or the /var/opt/SUNWam/debug/MAPFilterConfig file for Solaris platform. For HP-UX platform /var/opt/Sun/identity/debug/MAPFilterConfig. For Windows platform [INSTALLDIR]\AccessManager\debug.
- What exceptions are reported in the taglibs log file \var\opt\SUNWam\debug\mapJsp
Sun Welcomes Your Comments
Sun is interested in improving its documentation and welcomes your comments and suggestions. Use the web-based form to provide feedback to Sun:
Please provide the full document title and part number in the appropriate fields. The part number is a seven-digit or nine-digit number that can be found on the title page of the book or at the top of the document. For example, the part number of these Release Notes document is 819-1586-10.
Additional Sun ResourcesUseful Sun Java System information can be found at the following Internet locations:
- Sun Java System Documentation
http://docs.sun.com/app/docs/prod/entsys.05q1#hic- Sun Java System Professional Services
http://www.sun.com/service/sunps/sunone- Sun Java System Software Products and Service
http://www.sun.com/software- Sun Java System Software Support Services
http://www.sun.com/service/sunone/software- Sun Java System Support and Knowledge Base
http://www.sun.com/service/support/software- Sun Support and Training Services
http://training.sun.com- Sun Java System Consulting and Professional Services
http://www.sun.com/service/sunps/sunone- Sun Java System Developer Information
http://sunonedev.sun.com- Sun Developer Support Services
http://www.sun.com/developers/support- Sun Java System Software Training
http://www.sun.com/software/training- Sun Software Data Sheets
http://wwws.sun.com/software
Copyright � 2005 Sun Microsystems, Inc. All rights reserved.
Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
SUN PROPRIETARY/CONFIDENTIAL.
U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.
Use is subject to license terms.
This distribution may include materials developed by third parties.
Portions may be derived from Berkeley BSD systems, licensed from U. of CA.
Sun, Sun Microsystems, the Sun logo, Java and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries.
Copyright � 2005 Sun Microsystems, Inc. Tous droits r�serv�s.
Sun Microsystems, Inc. d�tient les droits de propri�t� intellectuels relatifs � la technologie incorpor�e dans le produit qui est d�crit dans ce document. En particulier, et ce sans limitation, ces droits de propri�t� intellectuelle peuvent inclure un ou plus des brevets am�ricains list�s � l'adresse http://www.sun.com/patents et un ou les brevets suppl�mentaires ou les applications de brevet en attente aux Etats - Unis et dans les autres pays.
Propri�t� de SUN/CONFIDENTIEL.
L'utilisation est soumise aux termes du contrat de licence.
Cette distribution peut comprendre des composants d�velopp�s par des tierces parties.
Des parties de ce produit pourront �tre d�riv�es des syst�mes Berkeley BSD licenci�s par l'Universit� de Californie.
Sun, Sun Microsystems, le logo Sun, Java et Solaris sont des marques de fabrique ou des marques d�pos�es de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays.
Toutes les marques SPARC sont utilis�es sous licence et sont des marques de fabrique ou des marques d�pos�es de SPARC International, Inc. aux Etats-Unis et dans d'autres pays.