Oracle9i Application Server Release Notes Release 2 (9.0.3) for Solaris Operating System (SPARC) Part Number B10015-01 |
|
This chapter discusses issues associated with Oracle HTTP Server. It covers the following topics:
This section covers the following general issues and their workarounds for Oracle HTTP Server:
You may not be able to access mod_osso
protected pages from Netscape 4.7. If you want to access mod_osso
protected pages from Netscape 4.7, then the partner application corresponding to mod_osso
should be modified from the Oracle9iAS Single Sign-On server configuration console to point to Oracle9iAS Web Cache port number, which is usually 7777. For details on how to use the Oracle9iAS Single Sign-On console, see Oracle9iAS Single Sign-On Administrator's Guide.
This section covers the following configuration issues and their workarounds for Oracle HTTP Server:
When using OPMN/Oracle HTTP Server infrastructure, you must specify at least one non_ssl
port. For a purely secure Web Site, it only accepts SSL connection. You must provide an extra non_ssl
port in httpd.conf
. You can do so by adding the following lines to maintain a secure Web Site:
Listen port <VirtualHost _default_:port
> SSLEngine Off <Location /> Order deny,allow Deny from all Allow fromlocalhost
Allow from <ip1 of a localhost
> Allow from <ip2 of a localhost
> Allow from <ip3 of a localhost
> </Location> </VirtualHost>
Therefore, security is maintained by restricting the non-ssl port to only accept traffic from the local host.
When attempting to access a protected resource, you are redirected to the Oracle9iAS Single Sign-On Server. However, you may receive 503 errors initially. To avoid errors, disable the KeepAlive
directive when you are using a server load balancer.
After installation, if you wish to configure Virtual Hosts in the httpd.conf
file, or by using the advanced section of the EMD console, or by using a text editor on the httpd.conf
file, use the following guidelines:
VirtualHosts
are provided after the Port
, Listen,
and ServerName
directives. A simple example of a correctly set Virtual Host section might be as follows:
# # these are set at the end of the httpd.conf file after the IAS installation occurs # Port 7778 ServerName someServer.mycompany.com Listen 7779 # # these lines were added manually to create a virtualHost # NameVirtualHost 1.2.3.4 <VirtualHost 1.2.3.4> DocumentRoot /u01/app/oracle/product/iAS9020_portal/Vhost1.htdocs ServerName Vhost1.mycompany.com </VirtualHost>
dcmctl
utility to update your changes.
ORACLE_HOME/dcm/bin/dcmctl updateConfig
This is automatically done for you if you edit the file through the EMD console.
While using the following Oc4jMount
syntax in mod_oc4j.conf
file:
Oc4jMount /path/* instance://[hostname:]ias_instance:oc4j_instance
This section covers the following administration issues and their workarounds for Oracle HTTP Server:
If an infrastructure Oracle9iAS Single Sign-On Server install and a middle tier install are on the same machine (in different Oracle Homes), Microsoft Internet Explorer reports an incorrect host header after a redirect. This incorrect host headed causes mod_osso
to generate an error message when trying to access a protected resource after the user has been redirected from the Oracle9iAS Single Sign-On Server back to the original server. If you click Reload in Internet Explorer, the session continues successfully. This issue will not occur if any of the following conditions are true:
When you install an infrastructure instance of Oracle9iAS and a middle tier on a same machine, Microsoft Internet Explorer might report various errors where an incorrect host header is sometimes passed after redirection. Specifically, if you have already logged on via the Single Sign-On Server to the middle tier instance and then click a link redirecting you to the infrastructure instance, you will receive an OSSO
error page. Pressing the Back button allows you to continue to the page you originally wished to reach.
In Oracle9iAS Release 2 (9.0.3), when you add an ssl-enabled virtual host to Oracle HTTP Server, you must stop and then start Oracle HTTP Server for this virtual host to function. Simply restarting Oracle HTTP Server will not enable the virtual host and may cause Oracle HTTP Server to crash, depending on your configuration. Virtual hosts that specify a wallet file but no wallet password will cause Oracle HTTP Server to crash on restart.
This section covers the following known documentation issues for Oracle HTTP Server:
Step 6 in the "Configuring the IIS Listener for Single Sign-On" section of the "Using Oracle9iAS Proxy Plug-in" appendix of the Oracle HTTP Server Administration Guide, incorrectly states the following:
Restart IIS (stop and then start the IIS Server), ensuring that the oproxy
filter is marked with a green up-pointing arrow.
It should read:
Restart IIS (stop and then start the IIS Server), ensuring that the osso
filter is marked with a green up-pointing arrow.
In the "Using Single Sign-On with the Plug-in" section of appendix A of the Oracle HTTP Server Administration Guide, the "OSSO Configuration File Examples" incorrectly presents the syntax for the LoginServerFile
directive with double quotes around the value.
The correct syntax is:
LoginServerFile = /path/config/sso_conf
|
![]() Copyright © 2002 Oracle Corporation. All Rights Reserved. |
|