Sun logo      Previous      Contents      Index      Next     

Sun ONE Portal Server 6.2 Administrator's Guide

Chapter 13
Managing the Sun ONE Portal Server System

This chapter describes the various administrative tasks associated with maintaining the Sun™ ONE Portal Server system.

This chapter contains these sections:

Configuring Secure Sockets Layer (SSL)

You can configure Secure Sockets Layer (SSL) with Sun ONE Portal Server and associated components in the following ways:

To Configure SSL with Sun ONE Portal Server

Use this procedure if you answered y when asked “Do you want to run SSL on hostname?” during the Sun ONE Portal Server installation. See the Sun ONE Portal Server 6.1 Installation Guide for more information.

  1. Create a trust database for the web server on which you installed Sun ONE Portal Server.

    2. See Chapter 5, “Creating a Trust Database” in the Sun ONE Web Server 6.0, Enterprise Edition Administrator’s Guide at the following URL for more information:

    http://docs.sun.com/source/816-5682-10/index.htm

  2. Request a certificate for the web server on which you installed Sun ONE Portal Server software and install the certificate on the web server instance.

    3. See Chapter 5, “Requesting and Installing a VeriSign Certificate” or “Requesting and Installing Other Server Certificates” in the Sun ONE Web Server 6.0, Enterprise Edition Administrator’s Guide for more information.

  3. Turn on encryption for the Sun ONE Portal Server web server instance.

    4. In the web server administration console, select the Preferences tab, select Add Listen Socket, then select Edit Listen Socket and turn on security.

    See Chapter 5, “Turning Security On,” in the Sun ONE Web Server 6.0, Enterprise Edition Administrator’s Guide for more information,

  4. Click Apply and Apply Changes in the web server administration console.
  5. Restart Sun ONE Portal Server.

    6. /etc/init.d/amserver start

  6. The system prompts you for the password to get to the certificate database.

    7. This step occurs each time you restart the web server (executing /etc/init.d/amserver start).

    Note

    To avoid having to type the passphrase on each reboot, create a file named .wtpass that contains the web server passphrase and place it in the DSAME-BASEDIR/SUNWam/config directory. If you reboot the system with a secure web server without having this file, you must type in the passphrase at the system console.

  7. Verify that you can now log on to the Sun ONE Portal Server portal using SSL:
    • To log on to the Sun ONE Identity Server administration console, type:
      https://server:port/amconsole
    • To log on as a user to the Desktop, type:
      https://server:port/deploy_uri

      for example,
      https://sesta:80/portal/dt

To Modify an Existing Sun ONE Portal Server Installation to Use SSL

Use this procedure if you answered n when asked “Do you want to run SSL on hostname?” during the Sun ONE Portal Server installation. See the Sun ONE Portal Server 6.1 Installation Guide for more information.

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.
  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. In the server list, change http to https.
  5. Click Save to save your changes.
  6. Install the certificate on the web server.

    7. See Step 1 through Step 4 in "To Configure SSL with Sun ONE Portal Server" for details.

  7. Copy the server.xml and magnus.conf files from /BaseDir/SUNWam/servers/https-hostname-domain/conf_bk directory to the /BaseDir/SUNWam/servers/https-hostname-domain/config directory. BaseDir is the Sun ONE Identity Server base directory.
  8. Add the following line to the /BaseDir/SUNWam/lib/AMConfig.properties file if the root CA is not installed for your certificate.

    9. com.sun.am.jssproxy.trustAllServerCerts=true

    This option tells JSS to trust the certificate.

  9. In the /BaseDir/SUNWam/lib/AMConfig.properties file, change http to https for the following:

    10. com.sun.am.server.protocol

    com.sun.am.naming.url

    com.sun.am.notification.url

    com.sun.am.session.server.protocol

    com.sun.services.cdsso.CDCURL

    com.sun.services.cdc.authLoginUrl

  10. Restart Sun ONE Portal Server.
    1. To restart a single Sun ONE Portal Server instance, type:

      2. /etc/init.d/amserver start

    2. To restart multiple Sun ONE Portal Server instances, type:

      3. /etc/init.d/amserver startall

  11. The system prompts you for the password to get to the certificate database.

See Chapter 11, “Managing SSL” in the Sun ONE Directory Server 5.1 Administrator’s Guide for more information.

To Configure a Sun ONE Portal Server Instance to Use SSL

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.
  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. In the server list, change http to https.
  5. Click Save to save your changes.
  6. Install the certificate on the web server.

    7. See Step 1 through Step 4 in "To Configure SSL with Sun ONE Portal Server" for details.

  7. If this server is part of a multi-instance installation, copy the server.xml and magnus.conf files from /BaseDir/SUNWam/servers/https-instance_nickname/conf_bk directory to the /BaseDir/SUNWam/servers/https-instance_nickname/config directory.
  8. Add the following line to the /BaseDir/SUNWam/lib/AMConfig-instance_nickname.properties file if the root CA is not installed for your certificate.

    9. com.sun.am.jssproxy.trustAllServerCerts=true

    This option tells JSS to trust the certificate.

  9. In the /BaseDir/SUNWam/lib/AMConfig-instance_nickname.properties file, change http to https for the following:

    10. com.sun.am.server.protocol

    com.sun.am.naming.url

    com.sun.am.notification.url

    com.sun.am.session.server.protocol

    com.sun.services.cdsso.CDCURL

    com.sun.services.cdc.authLoginUrl

  10. Restart Sun ONE Portal Server.
    1. To restart a single Sun ONE Portal Server instance, type:

      2. /etc/init.d/amserver start

    2. To restart multiple Sun ONE Portal Server instances, type:

      3. /etc/init.d/amserver startall

  11. The system prompts you for the password to get to the certificate database.

See Chapter 11, “Managing SSL” in the Sun ONE Directory Server 5.1 Administrator’s Guide for more information.

Backing Up and Restoring Sun ONE Portal Server Configuration

The Sun ONE Portal Server user and service configuration is stored on the directory server in an LDAP Directory Information Tree (DIT). This allows you to back up and restore configuration information via a Lightweight Directory Interchange Format (LDIF) file.

To Back Up a Sun ONE Portal Server Configuration

To back up Sun ONE Portal Server configuration information use the db2ldif command. This command is available in the slapd-hostname directory within the base directory of the directory server. For example, if the directory server was installed to the default install directory (/usr/ldap) on the server sesta, the base directory would be /usr/ldap/slapd-sesta.

  1. Change directories to the directory server base directory containing the db2ldif command.

    2. cd DS_BASEDIR/slapd-HOSTNAME

  2. Save the configuration to an LDIF file using the db2ldif command with the -s option specifying the top level of the DIT for Sun ONE Portal Server. For example, to save a configuration in which the top level of the DIT is isp, type the following:

    3. ./db2ldif -s "o=isp"

    The data are saved to an LDIF file. The command saves the file to a the current directory. The following format is used to name the file:

    YYYY_MM_DD_HHMMSS.ldif

    After the file is saved, the following example output displays:

    [16/May/2002:14:11:25 -0700] - Backend Instance: userRoot

    ldiffile: /usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif

    [16/May/2002:14:11:28 -0700] - export userRoot: Processed 178 entries (100%).

To Restore a Sun ONE Portal Server Configuration

You can restore the Sun ONE Portal Server configuration information you have backed up via the db2ldif command using the ldif2db command. This command is available in the slapd-hostname directory within the base directory of the directory server. For example, if the directory server was installed to the default install directory (/usr/ldap) on the server sesta, the base directory would be /usr/ldap/slapd-sesta.

  1. Change directories to the directory server base directory containing the ldif2db command by entering:

    2. cd DS_BASEDIR/slapd-HOSTNAME

  2. Stop the directory server by entering:

    3. ./stop-slapd

  3. Restore the configuration from the LDIF file to the directory server using the ldif2db command with the -s option specifying the top level of the DIT for Sun ONE Portal Server and the -i option specifying the file name. For example, to restore the LDIF file saved in the previous procedure to the top level of the DIT of isp, type the following:

    4. ./ldif2db -s "o=isp" -i /usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif

    After the configuration is restored, the following example output displays:

    importing data ...

    [16/May/2002:16:37:02 -0700] - Backend Instance: userRoot

    [16/May/2002:16:37:03 -0700] - import userRoot: Index buffering enabled with bucket size 13

    [16/May/2002:16:37:03 -0700] - import userRoot: Beginning import job...

    [16/May/2002:16:37:03 -0700] - import userRoot: Processing file "/usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif"

    [16/May/2002:16:37:04 -0700] - import userRoot: Finished scanning file "/usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif" (178 entries)

    [16/May/2002:16:37:05 -0700] - import userRoot: Workers finished; cleaning up...

    [16/May/2002:16:37:08 -0700] - import userRoot: Workers cleaned up.

    [16/May/2002:16:37:08 -0700] - import userRoot: Cleaning up producer thread...

    [16/May/2002:16:37:08 -0700] - import userRoot: Indexing complete. Post-processing...

    [16/May/2002:16:37:08 -0700] - import userRoot: Flushing caches...

    [16/May/2002:16:37:08 -0700] - import userRoot: Closing files...

    [16/May/2002:16:37:09 -0700] - import userRoot: Import complete. Processed 178 entries in 6 seconds. (29.67 entries/sec)

  4. Restart the directory server by entering:

    5. ./start-slapd

Changing Sun ONE Portal Server Network Settings

To physically move a server running Sun ONE Portal Server software from one network to another, you need only change the fully qualified domain name mapping the IP address in the /etc/hosts file. There are no other hardcoded addresses that need to be changed.

Managing a Multiple UI Node Installation

When you install Sun ONE Portal Server software onto multiple UI nodes, you need to make a configuration change to the Platform attributes in the Sun ONE Identity Server administration console. You edit the Server List attribute to include the URLs for each UI node.

The Sun ONE Identity Server naming service reads the Server List attribute at initialization time. This list contains the Sun ONE Identity Server session servers in a single Sun ONE Identity Server configuration. For example, if two Sun ONE Identity Server servers are installed and should work as one, they must both be included in this list. If the host specified in a request for a service URL is not in this list, the naming service will reject the request. The first value in the list specifies the host name and port of the server specified during installation. Additional servers can be added using the format protocol://server:port.

To Add Additional Portal Servers to the Server List

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. Edit the Server List attribute.

    5. For each server functioning as a UI node, type the server URL, for example, http://host1.sesta.com:80 and then click the Add button. The URL then appears in the Server List.

  5. Click Save.
  6. Restart Sun ONE Portal Server.

    7. /etc/init.d/amserver start

Configuring a Sun ONE Portal Server Instance to Use an HTTP Proxy

If the Sun ONE Portal Server software is installed on a host that cannot directly access certain portions of the Internet or your intranet, you might want to configure the instance to use an HTTP proxy

  1. Change directories to the directory server base directory containing the configuration for the instance by entering:

    2. cd /BaseDir/SUNWam/servers/https-hostname-domain/config

  2. Edit the jvm12.conf within this directory and add the following lines:

    3. http.proxyHost=proxy_host
    http.proxyPort=proxy_port

    where proxy_host is the fully-qualified domain name of the proxy host and proxy_port is the port on which the proxy is run.

    Note

    If the jvm12.conf file has a proxy set up (using the http.proxyHost= and http.proxyPort= options) you may want to add the http.nonProxyHosts=proxy_host option. It is possible that the portal server may not be accessible through the proxy server, unless the portal server is added to the proxy server access list.

Managing Sun ONE Portal Server Logs

You can configure Sun ONE Portal Server logging to log information to a flat file or to a database. When logging to a database, the JDBC protocol is used.

To Configure Logging to a File

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to Logging.

    4. The Logging attributes appear in the data pane.

  4. Select File as the Logging Type attribute.
  5. Specify the directory path for the log files in the Log Location attribute.
  6. Specify the maximum file size in bytes for the log file in the Max Log Size attribute.
  7. Specify the number of backup logs in the Number of History Files attribute.
  8. Click Save.

To Configure Logging to a Database

  1. Log in to the Sun ONE Identity Server admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to the Logging service in the navigation pane.

    4. The Logging attributes appear in the data pane.

  4. Select JDBC as the Logging Type attribute.
  5. Specify a user name and password with which to connect to the database in the Database User Name and Database User Password attributes.
  6. Specify the driver to use for logging in the Database Driver Name attribute.
  7. Click Save.

Debugging Sun ONE Portal Server

This section describes how to set the debug level to help you troubleshoot various Sun ONE Portal Server components.

To Set the Debug Level for Sun ONE Identity Server

The debug level allows you to define the types of messages sent to the debug log. The following levels are supported:

By default, debug messages are sent to log files in the /var/opt/SUNWam/debug directory.

To set the debug level:

  1. Define the debug level in the following line of the /etc/opt/SUNWps/desktopconfig.properties file:

    2. debugLevel=value

  2. Restart Sun ONE Portal Server:

    3. /etc/init.d/amserver start

  3. Examine the various log files under /var/opt/SUNWam/debug as well as the Sun ONE Web Server log file.



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.