Sun ONE Portal Server 6.2 Installation Guide |
Chapter 2
Installing Sun ONE Portal Server
Installation OverviewThe Sun ONE Portal Server and required underlying component products are installed using the Java Enterprise System installer program. Detailed information and instructions for using the Java Enterprise System installer can be found in the Java Enterprise System Installation Guide.
This chapter contains the following sections:
- Installing Sun ONE Portal Server (general installation instructions)
Pre-Installation InformationBefore installing Sun ONE Portal Server software, remove all previous versions of the web container software and Sun ONE Identity Server software.
Web Containers
The Sun ONE Web Server and Sun ONE application Server web containers can be installed using the Java Enterprise System installer and can be installed along with the Directory Server, Identity Server, and Portal Server in a single install session. If you choose to install the Sun ONE Portal Server and required components in a single session, no pre-install steps are necessary.
However, if you choose to install the Sun ONE Portal Server later, into an existing installation of the Sun ONE Web Server or the Sun ONE Application Server, the web container instance must first be restarted.
If you choose to deploy the Sun ONE Portal Server on BEA WebLogic Server or IBM WebSphereŽ Application Server web containers, these products must first be installed and started according to their product documentation.
Installing Sun ONE Portal ServerThe Sun ONE Portal Server is installed as a component product of the Java Enterprise System enterprise solution. The Java Enterprise System provides a common installer that is used to install the Sun ONE Portal Server and the required component products required to run Sun ONE Portal Server.
Based on the information gathered from the checklists in Chapter 1, if you have performed a minimal installation with the Java Enterprise System installer, use the configurator script to configure the Sun ONE Portal Server. The configurator script is located in portal-server-install-root/SUNWps/lib.
Sun ONE Portal Server components that can be installed are:
The Sun ONE Portal Server, Sun ONE Portal Server Secure Remote Access, the gateway, Netlet Proxy, and Rewriter Proxy, can be installed on a single machine (on the Sun ONE Portal Server web application node), or they can be installed on separate nodes. However, the gateway should be installed on a separate node.
In this release, the communication channels are now installed with the Sun ONE Portal Server software. The communication channels consist of mail, calendar, address book, and instant messaging channels.
To Install the Sun ONE Portal Server Software
To install the Sun ONE Portal Server software:
- Use the Java Enterprise System install wizard to select Sun ONE Portal Server.
- Select the Sun ONE Portal Server components you want to install.
The Sun Java Enterprise System install wizard lets you select multiple Sun ONE Portal Server components to be installed on one machine. For example, you can choose to install the following components on a single machine:
- Use the Java Enterprise System install wizard to complete the configuration and to install the selected components.
To Install the Sun ONE Portal Server and the Gateway, the Netlet Proxy, or theRewriter Proxy on A Separate Node
To install Sun ONE Portal Server, with the gateway, the Netlet Proxy, or the Rewriter Proxy on a node other than the Sun ONE Portal Server node:
- Use the Java Enterprise System install wizard to select the following component install options.
- Use the Java Enterprise System install wizard to complete the configuration and to install the selected components.
Note
When installing the gateway, or the Netlet Proxy, or the Rewriter Proxy, you must select secure remote access support to be installed on the Portal Server node.
For more installation details and specific download instructions see the Java Enterprise System Installation Guide.
Sun ONE Portal Server Post-Installation TasksPost-installation tasks need to be performed for each of the following components:
Sun ONE Portal Server
To access the Portal Server or the Identity Server administration console the directory server and the web container must first be started.
Use the following command to start a local installation of the directory server:
/var/opt/mps/serverroot/slapd-hostname/start-slapd
The following post-installation tasks depend on the type of web container on which you deployed the Sun ONE Portal Server.
Sun ONE Web Server
To start the Sun ONE Web Server:
Sun ONE Application Server
Configuring the Application Server Instance
- Start the admin instance. In a terminal window, type:
cd /var/opt/SUNWAppserver7/domains/domain1/admin
./start
- In a browser, go to the Sun ONE Application Server administration console. The default URL is
http://hostname:4848
- In the left navigation frame, click on the key to left of App Server Instances.
- Select server1 or the name of the application server instance on which Sun ONE Identity Server was installed.
- Click Apply Changes.
Stopping and Starting the Sun ONE Application Server
Start the Sun ONE Application Server instance.
In a terminal window, change directories to the application server’s instances utilities directory and run the startserv script. The following example assumes that the default application server domain and instance have been used.
cd /var/opt/SUNWappserver7/domains/domain1/server1/bin
./startserv
To stop and start the Sun ONE Application Server using the asadmin utility or from the Sun ONE Application Server administration console, consult the Sun ONE Application Server documentation.
Changing the MIME Mapping for Secure Remote Access
If You have installed Secure Remote Access on the Sun ONE Portal Server node:
- Replace the following mime mapping entry in each gateway profile, from something similar to:
JAVASCRIPT=application/x-javascript
to:
JAVASCRIPT=application/x-javascript:text/javascript
- Save the profile.
- Restart the gateway.
- Modify /var/opt/SUNWappserver7/domains/domain1/server1/config/
server.policy as follows:permission java.net.SocketPermission”*”,”connect,accept,listen,resolve”
permission java.io.FilePermission”<<ALLFILES>>”,”read,write,execute,delete”
- Restart the application server.
BEA WebLogic Server
When deploying the Portal Server on BEA WebLogic Server, perform the following steps following the installation of the Sun ONE Portal Server software.
- Check the /var/sadm/install/logs/Java_Enterprise_System_install.B/MMddhhmm file for errors.
MM = month
dd = day
hh = hour
mm = minute
- Run the perftune script.
- Comment out the following line in the startWebLogic.sh script. An example location for this script is /opt/bea/wlserver6.1/config/mydomain/startWebLogic.sh
#JAVA_OPTIONS="-hotspot $JAVA_OPTIONS"
Using the -hotspot option causes the server to hang with out-of-memory errors.
- Stop all BEA WebLogic Server instances (the admin and managed servers).
- Start the BEA WebLogic admin server instance. If you have installed on a managed instance, start the managed instance too.)
- From the command line, execute the following:
portal-server-install-root/SUNWps/bin/deploy
Choose the default for the deploy URI and server instance name, and enter the BEA WebLogic Server admin password when prompted.
- Execute the following command:
portal-server-install-root/SUNWps/lib/postinstall_PortletSamples
Enter the BEA WebLogic Server admin password and the Identity Server admin password when prompted.
This deploys the portletsamples.war file.
- Restart the BEA WebLogic Server instance into which Sun ONE Portal Server was deployed.See your web container documentation for instructions on starting the web container instance.
If you will be supporting multiple authentication methods, for example, LDAP, UNIX, Anonymous, you must add each authentication type to the Core authentication service to create an authentication menu. See the Sun ONE Portal Server 6.2 Administrator’s Guide for further information.
IBM WebSphere Application Server
When downloading the NetFile, NetMail and Netlet applet archives, the content-type is set to text/html in the response header. You need to explicitly associate the .jar and .cab extension to mime type application/octet-stream in the portal web application deployment descriptor file. By default, the deployment descriptor file is located at:
/opt/WebSphere/AppServer/installedApps/PortalURI.ear/portal.war/
WEB-INF/web.xml
- Add the following lines to the file after the line containing:
Note
During migration the mime mappings configuration necessary for the Secure Remote Access product are removed. These mappings need to be added again after migration is done.
- Restart the application server.
Secure Remote Access
When using the Sun ONE Portal Server with the gateway, the gateway Certificate Authority (CA) certificate must be added to the Sun ONE Portal Server trusted CA list, regardless of whether the Sun ONE Portal Server is running in HTTP or HTTPs mode.
When a user session time out or user session logout action happens, the Sun ONE Identity Server sends a session notification to the gateway. Even when the Sun ONE Identity Server is running in HTTP mode, it will act as an SSL client using HttpsURLConnection to send the notification. Since it is connecting to an SSL server (the gateway), it should have the gateway CA certificate as part of the Trusted CA list or it should have an option to allow self signed certificate.
To create HttpsURLConnection, the Java Virtual Machine (JVM) property -Djava.protocol.handler.pkgs needs to be set.
If Sun ONE Portal Server is running on the Sun ONE Web Server, this property is correctly set to -Djava.protocol.handler.pkgs by default. The Sun ONE Identity Server com.iplanet.services.comm package has the implementation of HttpsURLConnection and it provides an option to add the flag com.iplanet.am.jssproxy.trustAllServerCerts=true to accept self-signed certificates from any SSL server.
The -Djava.protocol.handler.pkgs is not set by default for the Sun ONE Application Server, BEA WebLogic Server and IBM WebSphere Application Server. The HttpsURLConnection implementation for supported application servers must use their own default handler (this could be JSSE or custom SSL implementation).
Gateway
- Start the gateway using the following command:
gateway-install-root/SUNWps/bin/gateway -n new-profile-name start
default is the default name of the gateway profile that is created during installation. You can create your own profiles later, and restart the gateway with the new profile. See Creating a Gateway Profile in Chapter 2 of the Sun ONE Portal Server, Secure Remote Access 6.2 Administrator’s Guide.
If you have multiple gateway instances, use:
gateway-install-root/SUNWps/bin/gateway start
Note
This step is not required if you chose y for the Start Gateway after installation option during the gateway installation.
If you want to stop all the gateway instances that are running on that particular node, use the following command:
gateway-install-root/SUNWps/bin/gateway stop
The Netlet and the gateway need Rhino JavaScript parser (bundled as rhino/js.jar) for PAC file support. This must be installed in the Gateway and Portal Server node. To install, copy rhino/js.jar to ${JAVA_HOME}/jre/lib/ext directory.
Netlet and Rewriter Proxy
Before starting the Netlet Proxy and the Rewriter Proxy, ensure that the gateway profile is updated with the Netlet Proxy and the Rewriter Proxy options.
The Sun ONE Portal Server Gateway, Netlet Proxy, and Rewriter Proxy work only with the JSS 3.2, NSS 3.4.2, and NSPR 4.2. After installing Gateway, Netlet Proxy, and Rewriter Proxy:
The Sun ONE Portal Server software NetFile needs jCIFS libraries (bundled as SUNWjcifs) for Windows access. This needs to be installed in Portal Server node only. To install, use the following steps.
Configuring Sun ONE Portal Server After A Minimal Install
After performing a minimal configuration installation with the Java Enterprise System installer, use the Portal Server configurator script to configure the Sun ONE Portal Server component product. The checklists in Chapter 1 of this guide describe the parameters used to configure the Sun ONE Portal Server component product.
To run the configurator:
Verifying the Sun ONE Portal Server InstallationAccessing the Sun ONE Portal Server Administration Console and Desktop
To Access the Sun ONE Identity Server Administration Console
To Access the Sun ONE Portal Server Desktop
Verify the Sun ONE Portal Server installation by accessing the Desktop. Use the following URL to access the Desktop:
protocol://fully-qualified-hostname/portal-URI
For example,
http://example.com/portal
When you access the Desktop, the Authless Desktop is displayed. This allows users accessing the Desktop URL to be authenticated automatically and granted access to the Desktop.
If the sample Portal Desktop displays without any exception, then your Portal Server installation is good.
Verifying the Gateway Installation
- Run the following command to check if the gateway is running on the specified port:
netstat -an | grep port-number
where the default gateway port is 443.
If the gateway is not running, start the gateway in the debug mode, and view messages that are printed on the console. Use the following command to start the gateway in debug mode:
portal-server-install-root/SUNWps/bin/gateway -n profilename start debug
Also view the log files after setting the gateway.debug attribute in the platform.conf.profilename file to message. See the section Understanding the platform.conf File in Chapter 2, “Administering Gateway” in the Sun ONE Portal Server, Secure Remote Access 6.2 Administrator’s Guide, for details.
- Run the Portal Server in secure mode by typing the gateway URL in your browser:
https://gateway-machine-name:portnumber
If you have chosen the default port (443) during installation, you need not specify the port number.
- Login to the directory server administration console as administrator using the user name amadmin, and using the password specified during installation.
You can now create new organizations, roles, and users and assign required services and attributes in the administration console.