Oracle® Application Server Release Notes 10g (10.1.4.0.1) for Microsoft Windows (64-Bit) on Intel Itanium Part Number B32107-06 |
|
|
View PDF |
This chapter describes management and security issues associated with Oracle Application Server. It includes the following topics:
This section describes general management issues with installation of Oracle Application Server. If includes the following topic:
Section 3.1.3, "Oracle Enterprise Manager Grid Control Does not Display all Integration Profiles"
Section 3.1.4, "Additional Information for Changing Hostname for Identity Management Installations"
After you enable SSL for Oracle Identity Management, you must modify the targets.xml
configuration file to be sure that Application Server Control can connect to the required OracleAS Single Sign-On and Oracle Delegated Administration Services URLs:
Locate and open the targets.xml
file with a text editor.
The file is located in the destination Oracle home:
DESTINATION_ORACLE_HOME\sysman\emd\
In the targets.xml
file, locate the Oracle Delegated Administration Services element:
<Target TYPE="oracle_das_server" ... > .... </Target>
Within the oracle_das_server
element, update the properties shown in Table 3-1 with the recommended values shown for each property.
Table 3-1 OracleAS Single Sign-On and Oracle Delegated Administration Services Properties to Modify in the targets.xml Configuration File
Property | Description and Required Value |
---|---|
HTTPProtocol |
The protocol used by the Oracle HTTP Server. The value can be either HTTP or HTTPS (for secure SSL connections). |
MonitorPort |
The physical port used to monitor the Oracle Delegated Administration Services on the host. This is often the default Oracle HTTP Server port. |
DasPort |
The physical port used to monitor Oracle Delegated Administration Services on the host. This is often the default Oracle HTTP Server port. |
DasURL |
The complete Oracle Delegated Administration Services URL, including the protocol, physical host name, and port. Do not use the load balancer virtual host and port. |
DasMonitorURL |
The complete URL used by Application Server Control to monitor the Oracle Delegated Administration Services, including the protocol, physical host name, and port. Do not use the load balancer virtual host and port. |
Locate the OracleAS Single Sign-On element within the targets.xml
file:
<Target TYPE="oracle_sso_server" ... > .... </Target>
Edit the values for the HTTPPort
and HTTPProtocol
properties within the oracle_sso_server
element.
Be sure to enter the port and protocol for the physical OracleAS Single Sign-On host; do not use the port and protocol used to connect to the load balancer.
Save your changes and close the targets.xml
file.
You can change the IP address of a host that contains a OracleAS Metadata Repository, whether it is one created by an installation of OracleAS Infrastructure or by running Oracle Application Server Repository Creation Assistant. The chapter, "Changing Network Configurations" in the Oracle Application Server Administrator's Guide describes how to change the IP address.
If the tnsnames.ora file contains the IP address, you must take the following steps to change the IP address of a OracleAS Metadata Repository created by the Repository Creation Assistant:
Stop all processes in the middle tier and Infrastructure.
Set the ORACLE_HOME
environment variable.
On the Metadata Repository host, if the entry in the $ORACLE_HOME
/network/admin/tnsnames.ora
file contains the IP address for the OracleAS Metadata Repository, change the IP address.
Start the Oracle Internet Directory server instance, for example:
$ORACLE_HOME/bin/oidmon start $ORACLE_HOME/bin/oidctl connect=connect_string server=oidldapd\ instance=server_instance_number\ configset=configset_number] [host=virtual/host_name] \ start
On the middle tier host, if the entry in the $ORACLE_HOME
/network/admin/tnsnames.ora
file contains the IP address for the Metadata Repository, change the IP address in the file.
Start the middle tier.
If you install the following:
Install a 10.1.4.0.1 OracleAS Infrastructure with Identity Management
Install Oracle Identity Management Agent Plug-in on the same host
In Oracle Enterprise Manager Grid Control, navigate to Targets > Identity Management > DIP
In the Integration Profiles table, only one profile is displayed and it shows a status of "disabled".
To workaround this issue:
Using the Directory Integration Assistant (dipassistant
), enable any profile.
Refresh the Oracle Directory Integration Platform (DIP) page in Oracle Enterprise Manager 10g Grid Control.
All fourteen Integration Profiles will be displayed.
The Oracle Application Server Administrator's Guide describes how to change the hostname of machine containing an Identity Management installation. However, the procedure may fail if SSL is enabled (in this case, the non-ssl port is not available). Therefore, if SSL is enabled, you must take the following steps before you change the hostname of the machine:
Check the values of the OIDport and SSLOnly parameters in the following file:
(UNIX) Oracle_Home/config/ias.properties (Windows) Oracle_Home\config\ias.properties
If SSLOnly is set to true and OIDport has an empty value, proceed with Steps 2 through 5.
Verify that the non-SSL port for Oracle Internet Directory is enabled and up. If it is not, enable the non-SSL port for Oracle Internet Directory. Using Oracle Directory Manager, take the following steps:
In the navigator pane, expand Oracle Internet Directory Servers, then the directory server instance, then Server Management.
Expand either Directory Server or Replication Server, as appropriate. The numbered configuration sets are listed beneath your selection.
Select the configuration set that you want to change.
On the General tab, enter a port number for Non-SSL port, if there is not a port number listed.
On the SSL Settings tab page, change the SSL enabled field to Both SSL and Non-SSL.
Click Apply.
Restart the server instance.
In the Oracle homes for the other Identity Management components, run the Change Identity Management Services wizard and associate the other Identity Management components to Oracle Internet Directory using the non-ssl port:
Using the Application Server Control Console, navigate to the Application Server Home page for instance and click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
On the Change Identity Management page, specify the Host name and, for Port, the non-SSL port number.
Follow the steps in the wizard for supplying the login information.
Verify that the ias.properties file contains the following:
OIDport=<non-empty_value> SSLonly=false
Proceed with the rest of the procedure as documented in the Oracle Application Server Administrator's Guide. After you complete the procedure, you can reenable SSL using the Application Server Control Console's Identity Management Services wizard.
This section describes documentation errata in management documentation. It includes the following topic:
Application Server Control Consoleincludes references to Oracle Application Server Web Cache and Oracle Application Server Portal. In fact, these two components are not distributed as part of the Oracle Identity Management product.
These references in the Application Server Control Console online help can be ignored.