| Oracle® Application Server Administrator's Guide 10g (10.1.4.0.1) Part Number B28185-01 |
|
|
View PDF |
| Oracle® Application Server Administrator's Guide 10g (10.1.4.0.1) Part Number B28185-01 |
|
|
View PDF |
This chapter describes how to view and change Oracle Application Server port numbers. It contains the following topics:
Many Oracle Application Server components and services use ports. As an administrator, it is important to know the port numbers used by these services, and to ensure that the same port number is not used by two services on your host.
Most port numbers are assigned during installation. Every component and service has an allotted port range, which is the set of port numbers Oracle Application Server attempts to use when assigning a port. Oracle Application Server starts with the lowest number in the range and performs the following checks:
Is the port used by another Oracle Application Server installation on the host?
The installation may be up or down at the time; Oracle Application Server can still detect if the port is used.
Is the port used by a process that is currently running?
This could be any process on the host, even a non-Oracle Application Server process.
If the answer to any of the preceding questions is yes, Oracle Application Server moves to the next highest port in the allotted port range and continues checking until it finds a free port.
You can override this behavior for some ports, and specify a port number assignment during installation. To do this, you edit a template file called staticports.ini, and launch Oracle Universal Installer with special options.
|
See Also:
|
You can view port numbers on the Application Server Control Console Ports page. Click the Ports tab on the Application Server Home page. The Ports page displays the current port numbers and is updated any time you change a port number. For selected components, it also provides links to pages that allow you to change port numbers.
|
Note: Immediately after installation, you can view port number assignments in:(UNIX) ORACLE_HOME/install/portlist.ini (Windows) ORACLE_HOME\install\portlist.ini If you change a port number, it is not updated in this file, so you can only rely on this file immediately after installation. In addition, this file is not valid after you upgrade Oracle Application Server. Use Application Server Control Console to view the port numbers. |
This section provides instructions for changing port numbers in Oracle Application Server instances. The instructions explain how to change the port number, and update any other components that might be affected.
|
Note: You can change a port number to any number you want, as long as it is an unused port. You do not have to use a port in the allotted port range for the component. |
This section contains the following topics:
Changing the HTTP Server Port on an Identity Management Installation
Changing the HTTP Server Port on an Oracle Identity Federation Installation
After you have installed Oracle Application Server, you can change the following Oracle Enterprise Manager 10g ports associated with your Oracle Application Server instance:
The Oracle Management Agent port, which is used for communications with the Management Agent
The Application Server Control Console port, which is used in the Application Server Control Console URL. For example, on UNIX:
http://appserver1.acme.com:1156
The Oracle Containers for J2EE (OC4J) Remote Method Invocation (RMI) port, which is used by the Application Server Control OC4J instance
To view the current port values for these components, as well as the valid port number range for each component, navigate to the Ports page from the Application Server Home page for the instance.
You cannot modify the Enterprise Manager port numbers from the Ports page. Instead, use the following procedure to change the Application Server Control ports:
Change directory to the bin directory in the Oracle Application Server Oracle home.
Stop the Application Server Control Console.
On UNIX systems, enter the following command:
ORACLE_HOME/bin/emctl stop iasconsole
On Windows systems, use the Services control panel to stop the Application Server Control service.
Use the following command to change one of the Enterprise Manager port values:
(UNIX) ORACLE_HOME/bin/emctl config {agent port | iasconsole {port | rmiport}} port_number (Windows) ORACLE_HOME\bin\emctl config {agent port | iasconsole {port | rmiport}} port_number
For example, to change the port used by the Application Server Control Console on UNIX:
ORACLE_HOME/bin/emctl config iasconsole port 1812
Start Application Server Control.
On UNIX systems, enter the following command:
ORACLE_HOME/bin/emctl start iasconsole
On Windows systems, use the Services control panel to start the Application Server Control service.
Table 4-1 describes the configuration changes that are automatically performed when you use the emctl config command to change an Application Server Control port number.
Table 4-1 Changing Application Server Control Ports Using the emctl Command
| Port | Command Line | Actions Performed |
|---|---|---|
|
Application Server Control port |
emctl config iasconsole port port_number
|
Changes the port value assigned to the StandaloneConsoleURL property in following configuration file: (UNIX) ORACLE_HOME/sysman/emd/targets.xml (Windows) ORACLE_HOME\sysman\emd\targets.xml Changes the port value assigned to the (UNIX) ORACLE_HOME/sysman/j2ee/config/emd-web-site.xml (Windows)ORACLE_HOME\sysman\j2ee\config\emd-web-site.xml |
|
Oracle Management Agent port |
emctl config agent port port_number
|
Changes the value assigned to the EMD_URL property in the following configuration file: (UNIX) ORACLE_HOME/sysman/config/emd.properties (Windows) ORACLE_HOME\sysman\config\emd.properties |
|
OC4J Remote Method Invocation (RMI) port |
emctl config iasconsole rmiport port_number
|
Changes the port values in the following configuration files: (UNIX) ORACLE_HOME/sysman/j2ee/config/rmi.xml (Windows) ORACLE_HOME\sysman\j2ee\config\rmi.xml (UNIX) ORACLE_HOME/bin/emctl.pl (Windows) ORACLE_HOME\bin\emctl.pl |
This section describes how to change the following OC4J port numbers:
AJP
JMS
RMI
IIOP
IIOPS1 (Server only)
IIOPS2 (Server and client)
By default, Oracle Application Server does not use a single port number for each type of OC4J port. Instead, it uses a port range for each type of OC4J port and that range is the same for all OC4J instances on the host. During runtime, each OC4J instance on the host is assigned a single free port from the range. For example, if the default AJP range for every OC4J instance on a host is 12501-12600, then each OC4J instance is assigned a single free port from that range for its AJP port.
When changing an OC4J port number, you typically specify a new port range. The range may be a simple port range (12501-12600), a comma separated list of ports (12501, 12504, 12507), or a combination of both (12501-12580, 12583, 12590-12600). By default, the ranges contain 100 ports. If you specify a range that is too narrow, you may encounter problems when starting OC4J instances. The AJP and RMI port ranges are required; the others are optional.
|
Note: Note that because the IIOP, IIOPS1, and IIOPS2 ports are not configured by default, they may not be listed in the Ports page of Application Server Control Console or in opmn.xml. To configure them, you must manually add them to the opmn.xml file.See the J2EE Interoperability chapter of the Oracle Containers for J2EE Services Guide for more information. |
You can change OC4J port ranges using the Application Server Control Console or manual steps:
Using the Application Server Control Console:
Navigate to the Application Server instance Home page.
Click Ports.
On the Ports page, locate the OC4J Instance and OC4J port range you want to change. Click the icon in the Configure column.
On the Server Properties page, enter the new port range in the appropriate field. Click Apply.
On the Confirmation page, click Yes, you want to restart now.
Using manual steps:
Open the opmn.xml file:
(UNIX) ORACLE_HOME/opmn/conf/opmn.xml (Windows) ORACLE_HOME\opmn\conf\opmn.xml
Locate the element for the OC4J instance that contains the port range you want to change. For example, to change a port range for the home instance, locate this element:
<process-type id="home" ...>
Within the OC4J instance element, there is a port element for each type of port. For example:
<port id="ajp" range="12501-12600"/> <port id="rmi" range="12401-12500"/> <port id="jms" range="12601-12700"/> <port id="iiop" range="13301-13400"/> <port id="iiops1" range="13401-13500"/> <port id="iiops2" range="13501-13600"/>
Modify the range parameter for the port you want to change, and then save the file.
Reload OPMN:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl reload (Windows) ORACLE_HOME\opmn\bin\opmnctl reload
Start the OC4J instance that contains the port number you changed:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl startproc process-type=OC4J_instance (Windows) ORACLE_HOME\opmn\bin\opmnctl startproc process-type=OC4J_instance
For example, if you changed a port number in the home instance on UNIX:
ORACLE_HOME/opmn/bin/opmnctl startproc process-type=home
Run the following command:
(UNIX) ORACLE_HOME/dcm/bin/dcmctl updateConfig (Windows) ORACLE_HOME\dcm\bin\dcmctl updateConfig
This section describes how to change the Oracle HTTP Server HTTP or HTTPS listen port on an Identity Management installation. When you change this port number, you also effectively change the OracleAS Single Sign-On port number. This means you must update any middle-tier instances that use the OracleAS Single Sign-On port.
The following tasks describe how to update the Oracle HTTP Server port number on Identity Management, including updating other components in the Infrastructure and updating the middle-tier instances that use the port:
Task 3: Modify the Oracle HTTP Server Listen and Port Directives
Task 4: Enable Oracle HTTP Server to Run as Root for Ports Less Than 1024 (UNIX Only)
Task 13: Update the Middle-Tier Instances to Use the New Port Number
Task 1: Prepare the Middle-Tier Instances
Perform this task only if the Identity Management installation is being used by middle-tier instances. On each middle-tier instance that uses Identity Management, stop the middle-tier instance as follows:
On the Application Server Home page of the Application Server Control Console, click Stop All.
Leave the Application Server Control Console running.
It is important that you leave the Application Server Control Console running in each of the middle-tier instances while you perform this procedure.
Task 2: Prepare the Infrastructure Instances
Prepare the Infrastructure by taking the following steps:
Make sure that Identity Management and its associated OracleAS Metadata Repository are started on the Infrastructure whose port number you are changing.
If any middle-tier instances use different Metadata Repositories for their product metadata and DCM repositories, make sure those are started. In short, make sure all Metadata Repositories in your environment are started.
Task 3: Modify the Oracle HTTP Server Listen and Port Directives
If you are changing the HTTP port, change both the Listen and Port directives to the new port number in the Oracle HTTP Server httpd.conf file. You can perform this task using the Application Server Control Console or manual steps.
Using the Application Server Control Console:
Navigate to the Application Server Home page and click Ports.
On the Ports page, locate the Oracle HTTP Server listen port and click the icon in the Configure column.
On the Server Properties page:
Enter the new port number in the Default Port field. This is for the Port directive.
Enter the new port number in the Listening Port column. This is for the Listen directive. There may be more than one listening port listed. The only way to tell which is the non-SSL listen port is to choose the one with the old non-SSL listen port value.
At the bottom of the page, click Apply.
On the Confirmation page, click No, you would not like to restart now.
Using manual steps:
Open the httpd.conf file:
(UNIX) ORACLE_HOME/Apache/Apache/conf/httpd.conf (Windows) ORACLE_HOME\Apache\Apache\conf\httpd.conf
Update the non-SSL Listen and Port directives with the new port number, and then save the file.
The value for Listen and Port must be the same port number. For example, to change the listener port to 7779:
Listen 7779 Port 7779
There may be multiple Listen and Port directives in this file. Modify the Listen and Port directives that are not enclosed in an SSL virtual host container. The easiest way to locate the proper Listen and Port directives is to search the file for the old port number.
(UNIX) ORACLE_HOME/dcm/bin/dcmctl updateConfig -ct ohs (Windows) ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct ohs
If you are changing the HTTPS port, change both the SSL Listen and Port directives to the new port number in the Oracle HTTP Server ssl.conf file. You must do this using the following manual steps:
Edit the ssl.conf file, located at:
(UNIX) ORACLE_HOME/Apache/Apache/conf/ssl.conf (Windows) ORACLE_HOME\Apache\Apache\conf\ssl.conf
Update the SSL Listen and SSL Port directives with the new port number, and then save the file.
The value for Listen and Port must be the same port number. For example, to change the listener port to 4445:
Listen 4445 Port 4445
Save and close the file.
Run the following command:
(UNIX) ORACLE_HOME/dcm/bin/dcmctl updateConfig -ct ohs (Windows) ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct ohs
Task 4: Enable Oracle HTTP Server to Run as Root for Ports Less Than 1024 (UNIX Only)
Perform this task if you are changing the port to a value less than 1024 on UNIX.
By default, Oracle HTTP Server runs as a non-root user (the user that installed Oracle Application Server). On UNIX systems, if you change the Oracle Application Server non-SSL listen port number to a value less than 1024, you must enable Oracle HTTP Server to run as root, as follows:
Log in as root.
Run the following commands in the Infrastructure Oracle home:
cd ORACLE_HOME/Apache/Apache/bin
chown root .apachectl
chmod 6750 .apachectl
Task 5: Update the Application Server Control Console
Update the Application Server Control Console with the new port number:
(UNIX) ORACLE_HOME/sysman/emd/targets.xml (Windows) ORACLE_HOME\sysman\emd\targets.xml
Update each occurrence of the old Oracle HTTP Server listen port number with the new port number, and then save the file.
Depending on your configuration, this file may not contain any occurrences of the Oracle HTTP Server listen port, or it may contain many occurrences. The listen port may occur as a parameter on its own, or it may be part of a URL. The easiest way to edit this file is to search for all occurrences of the old Oracle HTTP Server listen port number, and replace them with the new port number.
Reload the Application Server Control Console:
(UNIX) ORACLE_HOME/bin/emctl reload (Windows) ORACLE_HOME\bin\emctl reload
Task 6: Update OracleAS Single Sign-On
Perform this task if OracleAS Single Sign-On is configured to use the Oracle HTTP Server Listen port in the installation where you are changing the port.
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
Run one or both of the following commands in the OracleAS Single Sign-On Oracle home:
To change the non-SSL port:
(UNIX) ORACLE_HOME/sso/bin/ssocfg.sh http hostname new_non_ssl_port_number (Windows) ORACLE_HOME\sso\bin\ssocfg.bat http hostname new_non_ssl_port_number
To change the SSL port:
(UNIX) ORACLE_HOME/sso/bin/ssocfg.sh https hostname new_ssl_port_number (Windows) ORACLE_HOME\sso\bin\ssocfg.bat https hostname new_ssl_port_number
In the examples:
hostname is the host on which OracleAS Single Sign-On is running.
new_non_ssl_port_number is the new non-SSL Oracle HTTP Server listen port number.
new_ssl_port_number is the new SSL Oracle HTTP Server listen port number.
Re-register mod_osso as follows:
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
On Windows systems, set the PATH, for example:
PATH=%PATH%;%ORACLE_HOME%\bin;%ORACLE_HOME%\lib
If you are changing the Oracle HTTP Server non-SSL listen port, take the following steps:
Re-register mod_osso to take care of the default partner applications by executing the following command in the Identity Management Oracle home:
On UNIX:
ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path identity_management_oracle_home -site_name identity_management_hostname:new_port_number -config_mod_osso TRUE -mod_osso_url mod_osso_url
On Windows:
ORACLE_HOME\sso\bin\ssoreg.bat -oracle_home_path middle_tier_oracle_home -site_name identity_management_hostname:new_port_number -config_mod_osso TRUE -mod_osso_url mod_osso_url
For example, to change the Oracle HTTP Server listen port to 7779 on host myhost on UNIX:
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /disk1/oracleas -site_name myhost:7779 -config_mod_osso TRUE -mod_osso_url http://myhost.mydomain:7779
If you are changing the Oracle HTTP Server SSL listen port, perform the following steps.
Re-register mod_osso with the new port number by executing the following command in the middle-tier Oracle home:
On UNIX:
ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path identity_management_oracle_home -site_name identity_management_hostname:new_port_number -config_mod_osso TRUE -mod_osso_url mod_osso_url -config_file path/osso-https.conf
On Windows:
ORACLE_HOME\sso\bin\ssoreg.bat -oracle_home_path identity_management_oracle_home -site_name identity_management_hostname:new_port_number -config_mod_osso TRUE -mod_osso_url mod_osso_url -config_file path\osso-https.conf
For example, to change the Oracle HTTP Server SSL listen port to 7778 on myhost on UNIX:
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /disk1/oracleas -site_name myhost:4445 -config_mod_osso TRUE -mod_osso_url http://myhost.mydomain:7778 -config_file $ORACLE_HOME/Apache/Apache/conf/osso/osso-https.conf
|
See Also: Oracle Application Server Single Sign-On Administrator's Guide for more information on registeringmod_osso |
Edit the mod_osso.conf file, which is located at:
(UNIX) ORACLE_HOME/Apache/Apache/conf/mod_osso.conf (Windows) ORACLE_HOME\Apache\Apache\conf\mod_osso.conf
In the mod_osso.conf file, comment the following directive, if you have not previously done so:
On UNIX:
LoadModule osso_module libexec/mod_osso.so
On Windows:
LoadModule osso_module modules\ApacheModuleOsso.dll
In the httpd.conf file, which is found in the same (conf) directory, add the directive that you just commented in the preceding step (if you have not previously done so). In a default setup, place the directive right after:
LoadModule wchandshake_module libexec/mod_wchandshake.so
Restart the Oracle HTTP Server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=HTTP_Server
If you have configured or modified any additional partner applications, you must also re-register those.
|
See Also: Oracle Application Server Single Sign-On Administrator's Guide for more information on registeringmod_osso |
Task 8: Update the OSSO URLs for Oracle Identity Federation
If Oracle Identity Federation is registered with OracleAS Single Sign-On and OracleAS Single Sign-On is configured to use the Oracle HTTP Server Listen port in the installation where you are changing the port, update the OSSO URLs. In the Oracle Identity Federation Administration console:
Select IdM Data Stores, then User Data Store.
Select OracleAS Single Sign-On.
Update the OSSO Login URL and the OSSO Logout URL with the new port number.
Click Save.
Restart Oracle Identity Federation server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_FED (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=OC4J_FED
Task 9: Update Oracle Delegated Administration Services
If you have Oracle Delegated Administration Services configured, and Oracle Delegated Administration Services uses the new port number, follow these steps to update the Oracle Delegated Administration Services URL entry in Oracle Internet Directory.
You can find out what port Oracle Delegated Administration Services uses with the following command:
ldapsearch -h oid_host -p oid_port -D "cn=orcladmin" -w "password" -b "cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext" -s base "objectclass=*" orcldasurlbase
To update Oracle Delegated Administration Services:
Create a file named mod.ldif with the following contents (you can create the file in any directory):
dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext changetype:modify replace:orcldasurlbase orcldasurlbase:http://hostname:new_http_port_number/
Note the slash at the end of the orcldasurlbase URL.
Run the following command:
ldapmodify -D cn=orcladmin -w password -p oid_port -f mod.ldif
Task 10: Update OracleAS Certificate Authority
If you are using OracleAS Certificate Authority:
Re-register OracleAS Certificate Authority with the OracleAS Single Sign-On server by executing the following command in the OracleAS Certificate Authority Oracle home:
(UNIX) ORACLE_HOME/oca/bin/ocactl changesecurity -server_auth_port portnum (Windows) ORACLE_HOME\oca\bin\ocactl changesecurity -server_auth_port portnum
In the example, portnum is the OracleAS Certificate Authority Server Authentication Virtual Host (SSL) port; the default is 6600.
If OracleAS Certificate Authority is located in a different Oracle home than the OracleAS Single Sign-On server, restart Oracle HTTP Server and the oca instance in the OracleAS Certificate Authority Oracle home:
On UNIX:
ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=HTTP_Server ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=oca ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=HTTP_Server ORACLE_HOME/opmn/bin/opmnctl startproc process-type=oca
On Windows:
ORACLE_HOME\opmn\bin\opmnctl stopproc ias-component=HTTP_Server ORACLE_HOME\opmn\bin\opmnctl stopproc process-type=oca ORACLE_HOME\opmn\bin\opmnctl startproc ias-component=HTTP_Server ORACLE_HOME\opmn\bin\opmnctl startproc process-type=oca
Task 11: Restart the Identity Management Instance
Restart the Identity Management instance:
On UNIX:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
On Windows:
ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
Task 12: Restart OracleAS Certificate Authority
If OracleAS Certificate Authority is configured in this instance, restart it:
(UNIX) ORACLE_HOME/oca/bin/ocactl start (Windows) ORACLE_HOME\oca\bin\ocactl start
Task 13: Update the Middle-Tier Instances to Use the New Port Number
Now that you have changed the Oracle HTTP Server port on the Identity Management installation, you must update all middle-tier instances to use the new port number.
Update each middle-tier instance using the Change Identity Management wizard in the Application Server Control Console. Note that the wizard does not prompt you for the new port number; it retrieves the port number internally.
On each middle-tier instance that uses Identity Management:
Using the Application Server Control Console, navigate to the Application Server Home page for the middle-tier instance.
Click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
Follow the steps in the wizard.
When the wizard is finished, navigate to the Application Server Home page and start the middle-tier instance by clicking Start All.
Refresh the Oracle Internet Directory cache in your applications:
Log in to Portal.
Click the Administrator tab.
Click the global settings link.
Select the SSO/OID tab.
Check the refresh Oracle Internet Directory cache settings and click Apply.
This section describes how to change the Oracle HTTP Server HTTP or HTTPS listen port on an Oracle Identity Federation installation. To change the port number, perform the following tasks:
Task 2, "Change the Server Configuration for Oracle Identity Federation"
Task 4, "Change the Assertion Profiles and Domain Information for SAML.1x or WS-Federation"
Task 5, "Update the Configuration Information for the SAML 1.x or WS-Federation Peer Providers"
Task 8, "Update the Oracle Identity Federation Monitoring Console"
|
See Also: Oracle Identity Federation Administrator's Guide for more information about Oracle Identity Federation |
Task 1 Change the HTTP Server Port
Change the HTTP Server port, as described in the following tasks in Section 4.3.3:
Task 3: Modify the Oracle HTTP Server Listen and Port Directives
Task 4: Enable Oracle HTTP Server to Run as Root for Ports Less Than 1024 (UNIX Only)
Restart the Oracle HTTP Server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=HTTP_Server
Task 2 Change the Server Configuration for Oracle Identity Federation
Change the server configuration for Oracle Identity Federation:
From a browser, log into the Oracle Identity Federation Administration console, using the following URL:
http://oif_host:port/fedadmin
In the URL, oif_host is the host on which Oracle Identity Federation is installed and port is the port number of the Oracle HTTP Server.
The username is oif_admin; the password is the password that you specified at installation.
Select Server Configuration, then General, then Server Properties.
In the Server Port and SOAP Port fields, change the port number to the new number for Oracle HTTP Server.
Click Save.
Restart the Oracle Identity Federation server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_FED (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=OC4J_FED
Task 3 Distribute the Updated Metadata to Peer Providers
Save the updated metadata and distribute it to the peer providers (Identity Providers and Service Providers) in your Circle of Trust:
From a browser, navigate to the Oracle Identity Federation metadata file:
If Oracle Identity Federation is used as an Identity Provider, use the following URL:
http://oif_host:port/fed/idp/metadata_file
If Oracle Identity Federation is used as a Service Provider, use the following URL:
http://oif_host:port/fed/sp/metadata_file
In the URLs, oif_host is the host on which Oracle Identity Federation is installed; port is the listen port number of the Oracle HTTP Server; metadata_file is the metadata file used for the protocol you are using. For example, the metadata file for the protocol SAML 2.0 is metadatav20.
From the browser, save the page.
If the peer provider is part of an Oracle Identity Federation installation that you do not administer, or if the peer provider is a software component other than Oracle Identity Federation, send the updated metadata document, in a secure manner, to the administrator for the peer provider.
If you administer a peer provider that is part of an Oracle Identity Federation administration, you must load the new metadata file into the peer provider, as described in Steps 4 and 5.
If you changed the Oracle HTTP Server listen port for the Oracle Identity Federation instance that is configured as a Service Provider, and you must load the new metadata file for the Service Provider into the Identity Provider configuration in the Circle of Trust.
In the Oracle Identity Federation Administration console for the Identity Provider:
Select Server Configuration, then Circle of Trust.
In the Service Provider table, select the Service Provider that has had its port number changed and click Update.
The Edit Trusted Provider page is displayed.
For Description, enter a description of the file.
For Metadata Location, click Browse to locate the metadata file you downloaded for the Service Provider.
Click Load New.
Click Apply.
Click Refresh Server.
If you changed the Oracle HTTP Server listen port for the Oracle Identity Federation instance that is configured as an Identity Provider, you must load the new metadata file for the Identity Provider into the Service Provider configuration in the Circle of Trust.
In the Oracle Identity Federation Administration console for the Service Provider:
Select Server Configuration, then Circle of Trust.
In the Identity Provider table, select the Identity Provider that has had its port number changed and click Update.
The Edit Trusted Provider page is displayed.
For Description, enter a description of the file.
For Metadata Location, click Browse to locate the metadata file you downloaded for the Identity Provider.
Click Load New.
Click Apply.
Click Refresh Server.
Task 4 Change the Assertion Profiles and Domain Information for SAML.1x or WS-Federation
Change the assertion profiles and domain information for SAML.1x or WS-Federation. In the Oracle Identity Federation Administration console:
Change the assertion profiles for SAML.1x or WS-Federation:
Select SAML.1x-WS-Fed, then select Assertion Profiles.
Click the link in the Name field.
In the Issuer field, change the port number to the new port.
Click Submit.
Change the domain information for SAML.1x or WS-Federation:
Select SAML.1x-WS-Fed, then select Domains.
Click MyDomain.
In the Modify MyDomain page, change the port number in all the fields that contain it.
Click Submit.
Task 5 Update the Configuration Information for the SAML 1.x or WS-Federation Peer Providers
Update the configuration information for the SAML.1x or WS-Federation peer providers.
To do this, communicate the change to the partner enterprises that use SAML 1.x or WS-Federation to federate your enterprise. The partner administrator must make the configuration changes using the appropriate administration interface. If the partner is using Oracle Identity Federation, the partner uses the Oracle Identity Federation Administration console to change the port numbers in the URLs, and if necessary, the Issuer and WS-Federation Realm URIs. The steps are similar to those described in Task 4.
Task 6 Update Oracle Access Manager Host IDs
If your environment uses the Oracle Access Manager User Data Store and Oracle Access Manager is configured to use Host IDs, update the Host IDs:
In a browser, log into the Oracle Access Manager Console, using the following URL:
http://hostname:port/access/oblix
In the URL, hostname is the name of the computer on which the Policy Manager is installed and port is the HTTP port for the Policy Manager.
Enter your user name and password, then click Login.
Click Access System Console.
Select Access System Configuration.
In the left panel, click Host Identifiers.
If the page reports the following, you do not need to make any modifications; skip to Task 7:
No host identifier entries found in the Directory Server.
If you do not see this message, go to Step 6.
If Fed HostID is listed, take the following steps. (Note that, for convenience and consistency, the identifier is always "Fed HostID," even in languages other than English.)
Click Fed HostID, then click Modify.
Change the port number to the new port number in the hostname variation.
Click Save.
If Fed HostID is not listed, take the following steps:
Click Add.
For Name, enter Fed HostID.
Enter the hostname variation:
hostname:port
In the example, hostname is the Oracle Identity Federation server hostname and port is the new port number for Oracle HTTP Server.
Click Save.
Task 7 Update OracleAS Single Sign-On
If Oracle Identity Federation is registered with OracleAS Single Sign-On, take the following steps on the OracleAS Single Sign-On instance:
Update the port number in the SASSOAuthnUrl and SASSOLogoutUrl properties in the following file:
(UNIX) ORACLE_HOME/sso/conf/policy.properties (Windows) ORACLE_HOME\sso\conf\policy.properties
Restart the OC4J_Security OC4J instance:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl startproc process-type=OC4J_Security (Windows) ORACLE_HOME\opmn\bin\opmnctl startproc process-type=OC4J_Security
Task 8 Update the Oracle Identity Federation Monitoring Console
Update the Oracle Identity Federation monitoring console:
From a browser, log into the Oracle Identity Federation monitoring console, using the following URL:
http://oif_host:port/fedmon
In the URL, oif_host is the host on which Oracle Identity Federation is installed and port is the port number of the Oracle HTTP Server.
The username is oif_mon; the password is the password that you specified at installation.
Select Configuration, then Monitored Installations.
For Federation Server URL, update the port number.
Click Update.
Task 9 Restart the Oracle Identity Federation Server
Restart the Oracle Identity Federation server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_FED (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=OC4J_FED
To change the Oracle HTTP Server Diagnostics port number:
(UNIX) ORACLE_HOME/Apache/Apache/conf/dms.conf (Windows) ORACLE_HOME\Apache\Apache\conf\dms.conf
Change the old port number to the new port number everywhere it appears in the file, and then save the file. This update includes the Listen, OpmnHostPort, Redirect, and VirtualHost directives.
Restart Oracle HTTP Server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=HTTP_Server
To change the DCM Discovery port number:
(UNIX) ORACLE_HOME/dcm/config/dcmCache.xml (Windows) ORACLE_HOME\dcm\config\dcmCache.xml
Under the <communication> element, update the discovery-port parameter in the <coordinator> element with the new port number, and then save the file.
For example:
<coordinator discovery-port="7110" original="true" />
In every instance in the farm, stop the Application Server Control Console and stop the DCM daemon:
On UNIX:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=dcm-daemon
On Windows:
ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopproc ias-component=dcm-daemon
It is important that you make sure all Application Server Control Console instances and DCM daemons in the farm are stopped before you proceed to the next step.
In every instance in the farm, start the DCM daemon and the Application Server Control Console:
On UNIX:
ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=dcm-daemon ORACLE_HOME/bin/emctl start iasconsole
On Windows:
ORACLE_HOME\opmn\bin\opmnctl startproc ias-component=dcm-daemon ORACLE_HOME\bin\emctl start iasconsole
Java Object Cache must be configured before you change the port number.
|
See Also: Oracle Containers for J2EE Services Guide for information about configuring Java Object Cache |
To change the Java Object Cache port number:
(UNIX) ORACLE_HOME/javacache/admin/javacache.xml (Windows) ORACLE_HOME\javacache\admin\javacache.xml
Under the <communication> element, update the discovery-port parameter in the <coordinator> element with the new port number, and then save the file.
For example:
<coordinator discovery-port="7010" />
Restart all OC4J instances which contain J2EE applications that use JavaCache:
(UNIX) ORACLE_HOME/dcm/bin/dcmctl restart -co OC4J_INSTANCE (Windows) ORACLE_HOME\dcm\bin\dcmctl restart -co OC4J_INSTANCE
To change the Log Loader port:
Stop the Log Loader:
Using the Application Server Control Console, navigate to the Home page for the instance whose Log Loader port you want to change.
Click Logs in the upper-right corner.
On the View Logs page, click Search Log Repository.
On the View Logs page, click Log Loader.
On the Log Loader page, click Stop.
Change the Log Loader port number:
On the Log Loader page, in the Administration section, click Log Loader Properties.
On the Log Loader Properties page, enter the new port number in the Log Loader Port field.
Click Apply.
Start the Log Loader:
At the top of the Log Loader Properties page, click Log Loader to get back to the Log Loader page.
On the Log Loader page, click Start.
This section describes how to change any of the following port numbers:
ONS Local port
ONS Request port
ONS Remote port
To change these ports:
Stop the Application Server Control Console, OPMN and all OPMN-managed processes:
On UNIX:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall
On Windows:
ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopall
(UNIX) ORACLE_HOME/opmn/conf/opmn.xml (Windows) ORACLE_HOME\opmn\conf\opmn.xml
Under the <notification-server> element, modify the local, remote, or request parameter, as desired, in the <port> element, and then save the file.
For example:
<port local="6101" remote="6201" request="6004"/>
Start OPMN:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl start (Windows) ORACLE_HOME\opmn\bin\opmnctl start
Reload OPMN:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl reload (Windows) ORACLE_HOME\opmn\bin\opmnctl reload
If this is an Infrastructure with Oracle Internet Directory, start Oracle Internet Directory:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=OID (Windows) ORACLE_HOME\opmn\bin\opmnctl startproc ias-component=OID
Start the rest of the processes:
On UNIX:
ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
On Windows:
ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
Update DCM:
(UNIX) ORACLE_HOME/dcm/bin/dcmctl updateConfig -ct opmn (Windows) ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct opmn
To change the Port Tunneling port number:
Open the opmn.xml file:
(UNIX) ORACLE_HOME/opmn/conf/opmn.xml (Windows) ORACLE_HOME\opmn\conf\opmn.xml
Under the <ias-component id="IASPT"> element, update the range parameter in the <port> element with the new range. For example:
<port id="ajp" range="7501-7503"/>
Note that the port number range specified in opmn.xml overrides any port number specified in iaspt.conf. So you only need to update the port number in opmn.xml.
Reload OPMN, then stop and restart all OPMN processes and the Application Server Control Console:
On UNIX:
ORACLE_HOME/opmn/bin/opmnctl reload ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
On Windows:
ORACLE_HOME\opmn\bin\opmnctl reload ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
This section contains the following topics:
For information about changing other ports in the Identity Management installation, see the previous sections.
First, determine if it is necessary to change the OracleAS Metadata Repository listener port number. If you are concerned about the fact that you have another database on your host using the same port, it is possible that the OracleAS Metadata Repository and the other database can use the same port.
The following are guidelines for port usage by multiple databases on the same host:
Multiple Oracle9i and Oracle Database 10g databases can share the same Oracle Net listener port. If you install a OracleAS Metadata Repository on a host that contains Oracle9i and Oracle Database 10g databases, they can all use port 1521. There is no need to change the OracleAS Metadata Repository port number.
If the other databases on your system are Oracle8i databases running the Net8 listener, then the OracleAS Metadata Repository must use a different port. They cannot share the same port.
|
Note: If you want to run two listeners that use the same key value on one host, refer to Section 4.3.11.1.1, "Changing the KEY Value for an IPC Listener" |
If you determine that you want to change the OracleAS Metadata Repository listener port, follow the steps in this section. An OracleAS Metadata Repository may be used in several different ways. Use the following table to determine the steps that are required for changing your type of OracleAS Metadata Repository:
Task 1: Stop Middle-Tier Instances
Stop all middle-tier instances that use the Metadata Repository by executing the following command in each middle-tier Oracle home:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl stopall (Windows) ORACLE_HOME\opmn\bin\opmnctl stopall
Task 2: Change the OracleAS Metadata Repository Oracle Net Listener Port
On the OracleAS Metadata Repository host:
Make sure that the ORACLE_HOME and ORACLE_SID environment variables are set.
If OPMN is running, stop it:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl stopall (Windows) ORACLE_HOME\opmn\bin\opmnctl stopall
Stop the OracleAS Metadata Repository listener:
lsnrctl stop
Edit the listener.ora file, which is located at:
(UNIX) ORACLE_HOME/network/admin/listener.ora (Windows) ORACLE_HOME\network\admin\listener.ora
Under the LISTENER entry, update the value for PORT. Save the file.
Edit the tnsnames.ora file. The default location is:
(UNIX) ORACLE_HOME/network/admin/tnsnames.ora (Windows) ORACLE_HOME\network\admin\tnsnames.ora
Make the following changes to the file:
Update the PORT value in each entry that applies to OracleAS Metadata Repository.
Add an entry like the following:
newnetport =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = tcp) (HOST = hostname) (PORT = port)))
In the example, hostname is the fully-qualified hostname and port is the new port number.
Start the OracleAS Metadata Repository listener:
lsnrctl start
Using SQL*Plus, log in to the OracleAS Metadata Repository as the SYSTEM user with SYSDBA privileges and run the following command:
SQL> ALTER SYSTEM SET local_listener='newnetport' scope=spfile;
Using SQL*Plus, restart OracleAS Metadata Repository:
SQL> SHUTDOWN SQL> STARTUP
Start Oracle Internet Directory:
On UNIX:
ORACLE_HOME/opmn/bin/opmnctl start ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=OID
On Windows:
ORACLE_HOME\opmn\bin/opmnctl start ORACLE_HOME\opmn\bin\opmnctl startproc ias-component=OID
Task 3: Update Oracle Internet Directory
On the Identity Management host, update Oracle Internet Directory with the new Oracle Net listener port number:
Start Oracle Directory Manager:
On UNIX, use the following command:
ORACLE_HOME/bin/oidadmin
On Windows, navigate to Oracle Directory Manager (Start, Programs, Oracle Application Server Infrastructure - Oracle_Home, Integrated Management Tools, Oracle Directory Manager)
Log in to Oracle Directory Manager.
In the System Objects frame:
Expand Entry Management.
Expand cn=Oracle Context.
Select the DBName for the OracleAS Metadata Repository. For example, if the DBName is the default, orcl, select cn=ORCL.
On the Properties tab, update the PORT parameter in the orclnetdescstring field with the new port number.
Click Apply.
In the System Objects frame:
Under cn=Oracle Context, select the DBName for the OracleAS Metadata Repository. For example, if the DBName is the default, orcl, select cn=ORCL.
Expand cn=DESCRIPTION_0.
Select cn=ADDRESS_0.
On the Properties tab, update the PORT parameter in the orclnetaddressstring field with the new port number.
Click Apply.
Start OPMN in the Oracle Internet Directory Oracle home:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl startall (Windows) ORACLE_HOME\opmn\bin\opmnctl startall
Task 4: Update OracleAS Single Sign-On
From the OracleAS Single Sign-On Oracle home:
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
Update OracleAS Single Sign-On with the new repository port number by executing the following command:
On UNIX:
$ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoca.jar reassoc -repos $ORACLE_HOME
On Windows:
%ORACLE_HOME%\jdk\bin\java -jar %ORACLE_HOME%\sso\lib\ossoca.jar reassoc -repos %ORACLE_HOME%
Restart OC4J:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc ias-component=OC4J (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc ias-component=OC4J
Task 5: Update OracleAS Certificate Authority
If OracleAS Certificate Authority is configured in the Identity Management installation:
(UNIX) ORACLE_HOME/oca/bin/ocactl updateconnection (Windows) ORACLE_HOME\oca\bin\ocactl updateconnection
Restart OracleAS Certificate Authority:
(UNIX) ORACLE_HOME/oca/bin/ocactl stop (UNIX) ORACLE_HOME/oca/bin/ocactl start (Windows) ORACLE_HOME\oca\bin\ocactl stop (Windows) ORACLE_HOME\oca\bin\ocactl start
If you are not sure if OracleAS Certificate Authority is configured, examine the Application Server Control Home page to see if it is listed in the Components section.
Task 6: Update the Application Server Control Console
Update the Application Server Control Console with the new port number:
In the Identity Management Oracle home, edit the following file:
(UNIX) ORACLE_HOME/sysman/emd/targets.xml (Windows) ORACLE_HOME\sysman\emd\targets.xml
Update the old OracleAS Metadata Repository port number with the new port number:
Locate the oracle_ldap target and update the PORT parameter in the ConnectDescriptor value with the new port number. The easiest way to find this is to search the file for the old port number.
Save the file.
Reload the Application Server Control Console:
(UNIX) ORACLE_HOME/bin/emctl reload (Windows) ORACLE_HOME\bin\emctl reload
Task 7: Update Middle-Tier Instances
In each middle-tier Oracle home that uses OracleAS Metadata Repository:
Update the following file with the new Oracle Net listener port number:
(UNIX) ORACLE_HOME/network/admin/tnsnames.ora (Windows) ORACLE_HOME\network\admin\tnsnames.ora
(UNIX) ORACLE_HOME/Apache/modplsql/conf/dads.conf (Windows) ORACLE_HOME\Apache\modplsql\conf\dads.conf
Locate the line that begins with PlsqlDatabaseConnectString.
If the line ends with ServiceNameFormat or SIDFormat, update the line with the new OracleAS Metadata Repository port number, save the file, and restart Oracle HTTP Server.
If the line ends with NetServiceNameFormat, you do not need to do anything.
Start the middle-tier instance:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl startall (Windows) ORACLE_HOME\opmn\bin\opmnctl startall
Task 8: Update J2EE and Web Cache Instances
If the Metadata Repository is not registered with Oracle Internet Directory and is used to store information about an OracleAS Database-Based Farm, you must update each J2EE and Web Cache instance that uses the Metadata Repository, as follows:
Using the Application Server Control Console, navigate to the Home page for the J2EE and Web Cache instance.
Click the Infrastructure link.
On the Infrastructure page, in the OracleAS Farm Repository Management section, click Change.
Select Existing Database.
Follow the steps in the wizard for supplying the new Metadata Repository port number.
When the wizard is finished, navigate to the instance Home page and start your instance by clicking Start All.
It is not possible to run two listeners at the same time that are configured to use the same KEY value in their IPC protocol address. By default, the OracleAS Metadata Repository listener has its IPC KEY value set to EXTPROC. Hence, if your computer has another IPC listener that uses the EXTPROC key, you should configure the OracleAS Metadata Repository listener to use some other key value such as EXTPROC1.
To change the KEY value of an IPC listener:
Stop the listener (make sure your ORACLE_HOME environment variable is set first):
lsnrctl stop
Edit the listener.ora and tnsnames.ora files. In each file, find the following line:
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
Change it to the following:
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
Restart the listener:
lsnrctl start
This section describes how to change the Oracle Internet Directory SSL or non-SSL port on an Identity Management installation. When you change this port number, you must update any middle-tier instances that use the Identity Management installation.
The following tasks describe how to update the Oracle Internet Directory port number on Identity Management, including updating other components in the Infrastructure and updating the middle-tier instances that use the port:
Task 1: Prepare the Middle-Tier Instances
Perform this task only if the Identity Management installation is being used by middle-tier instances. On each middle-tier instance that uses Identity Management, stop the middle-tier instance as follows:
On the Application Server Home page of the Application Server Control Console, click Stop All.
Leave the Application Server Control Console running.
It is important that you leave the Application Server Control Console running in each of the middle-tier instances while you perform this procedure.
Task 2: Prepare the Infrastructure Instances
Prepare the Infrastructure instances by taking these steps:
Make sure that Identity Management and its associated OracleAS Metadata Repository are started on the Infrastructure whose port number you are changing.
If any middle-tier instances use a different OracleAS Metadata Repository for their product metadata and DCM repositories, make sure those repositories are started. In short, make sure all Metadata Repositories in your environment are started.
Task 3: Change the Oracle Internet Directory Port
Change the Oracle Internet Directory port by taking these steps:
On the Oracle Internet Directory host:
Create a file named mod.ldif with the following contents. You can create the file in any directory.
For non-SSL port:
dn:cn=configset0, cn=osdldapd, cn=subconfigsubentry
changetype:modify
replace:orclnonsslport
orclnonsslport:new_nonssl_port_number
For SSL port:
dn:cn=configset0, cn=osdldapd, cn=subconfigsubentry
changetype:modify
replace:orclsslport
orclsslport:new_ssl_port_number
Run the following command:
For non-SSL port:
ldapmodify -D cn=orcladmin -w password -p oid_port -f mod.ldif
For SSL port:
ldapmodify -D cn=orcladmin -w password -p oid_port -U SSLAuth -f mod.ldif
Note that oid_port is the old Oracle Internet Directory non-SSL port number. If you are changing the SSL port, provide the additional -U argument to specify the SSL authentication mode. Use one of the following values for SSLAuth: 1 for no authentication required; 2 for one-way authentication required; 3 for two-way authentication required.
On the Oracle Internet Directory host, stop the entire instance that contains Oracle Internet Directory, as well as the Application Server Control Console:
On UNIX:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall
On Windows:
ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopall
Perform this step in the Oracle Internet Directory Oracle home. If you have OracleAS Metadata Repository installed in other Oracle homes that are registered with this Oracle Internet Directory, perform this step in each of those Oracle homes as well.
Open the ldap.ora file:
(UNIX) ORACLE_HOME/ldap/admin/ldap.ora (Windows) ORACLE_HOME\ldap\admin\ldap.ora
Modify the following line, specifying the new port number. Then, save the file.
DIRECTORY_SERVERS=(myhost.myco.com:non_ssl_port:ssl_port)
(UNIX) ORACLE_HOME/config/ias.properties (Windows) ORACLE_HOME\config\ias.properties
Change the value of OIDport (for an non-SSL port change) or OIDsslport (for an SSL port change) to the new port number, and then save the file.
On the Oracle Internet Directory host, start the instance that contains Oracle Internet Directory, and start the Application Server Control Console:
On UNIX:
ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
On Windows:
ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
Perform this step in the OracleAS Single Sign-On Oracle home:
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
Run the following command in the OracleAS Single Sign-On Oracle home:
$ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/sso/lib/ossoca.jar reassoc -repos $ORACLE_HOME
Task 4: Reconfigure OracleAS Certificate Authority
Perform this task if you are using OracleAS Certificate Authority:
If OracleAS Certificate Authority is running in a different Oracle home, do the following steps in the OracleAS Certificate Authority Oracle home:
Update OracleAS Certificate Authority with the new Oracle Internet Directory port number by executing the following command in the OracleAS Certificate Authority Oracle home:
(UNIX) ORACLE_HOME/oca/bin/ocactl changesecurity -server_auth_port portnum (Windows) ORACLE_HOME\oca\bin\ocactl changesecurity -server_auth_port portnum
In the example, portnum is the OracleAS Certificate Authority Server Authentication Virtual Host (SSL) port; the default is 6600.
|
See Also: Oracle Application Server Certificate Authority Administrator's Guide for more information |
Task 5: Restart the Identity Management Instance
Restart the Identity Management instance:
On UNIX:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
On Windows:
ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
Task 6: Update the Middle-Tier Instances to Use the New Port Number
On each middle-tier instance that uses the Identity Management installation, run the Change Identity Management Services wizard and start the instance:
Using the Application Server Control Console, navigate to the Application Server Home page for the middle-tier instance.
Click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
Follow the steps in the wizard for supplying the new Oracle Internet Directory port number.
When the wizard is finished, navigate to the Application Server Home page and start the middle-tier instance by clicking Start All.
This section describes how to change the following port numbers:
OracleAS Certificate Authority Server Authentication Virtual Host (SSL)
OracleAS Certificate Authority Mutual Authentication Virtual Host (SSL)
To change either of these port numbers:
Open the ocm_apache.conf file in the Oracle home of the Infrastructure that contains OracleAS Certificate Authority:
(UNIX) ORACLE_HOME/Apache/Apache/conf/ocm_apache.conf (Windows) ORACLE_HOME\Apache\Apache\conf\ocm_apache.conf
Modify the Server or Mutual port, or both, and then save the file.
Note that each port number is listed in the file in two places:
As a Listen directive
As a default virtual host
The easiest way to find these is to search for the old port number.
Run the following command:
(UNIX) ORACLE_HOME/dcm/bin/dcmctl updateConfig -ct ohs (Windows) ORACLE_HOME\dcm\bin\dcmctl updateConfig -ct ohs
Run the following command (make sure your ORACLE_HOME environment variable is set first):
sqlplus oca/oca_admin_password @$ORACLE_HOME/oca/sql/ocaportchg
Enter the Server Authentication Only port when prompted. If you do not want to change this port number, enter the old port number.
Enter the Mutual Authentication port when prompted. If you do not want to change this port number, enter the old port number.
Re-register OracleAS Certificate Authority with the OracleAS Single Sign-On server by executing the following command in the OracleAS Certificate Authority Oracle home:
(UNIX) ORACLE_HOME/oca/bin/ocactl changesecurity -server_auth_port portnum (Windows) ORACLE_HOME\oca\bin\ocactl changesecurity -server_auth_port portnum
In the example, portnum is the OracleAS Certificate Authority Server Authentication Virtual Host (SSL) port; the default is 6600.
Restart Oracle HTTP Server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc type=ohs
(Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc type=ohs
Restart the OracleAS Certificate Authority OC4J instance:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc type=oc4j instancename=oca
(Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc type=oc4j instancename=oca
Start Oracle Application Server Certificate Authority:
(UNIX) ORACLE_HOME/oca/bin/ocactl start (Windows) ORACLE_HOME\oca\bin\ocactl start
