Sun ONE logo      Previous      Contents      Index      Next     

Sun ONE Portal Server 6.2 Installation Guide

Chapter 2
Installing Sun ONE Portal Server

Installation Overview

The Sun™ ONE Portal Server and required underlying component products are installed using the Java™ Enterprise System installer program. Detailed information and instructions for using the Java Enterprise System installer can be found in the Java Enterprise System Installation Guide.

This chapter contains the following sections:

Pre-Installation Information

Before installing Sun ONE Portal Server software, remove all previous versions of the web container software and Sun™ ONE Identity Server software.

Web Containers

The Sun™ ONE Web Server and Sun™ ONE application Server web containers can be installed using the Java Enterprise System installer and can be installed along with the Directory Server, Identity Server, and Portal Server in a single install session. If you choose to install the Sun ONE Portal Server and required components in a single session, no pre-install steps are necessary.

However, if you choose to install the Sun ONE Portal Server later, into an existing installation of the Sun ONE Web Server or the Sun ONE Application Server, the web container instance must first be restarted.

If you choose to deploy the Sun ONE Portal Server on BEA WebLogic Server™ or IBM WebSphereŽ Application Server web containers, these products must first be installed and started according to their product documentation.

Installing Sun ONE Portal Server

The Sun ONE Portal Server is installed as a component product of the Java Enterprise System enterprise solution. The Java Enterprise System provides a common installer that is used to install the Sun ONE Portal Server and the required component products required to run Sun ONE Portal Server.

Based on the information gathered from the checklists in Chapter 1, if you have performed a minimal installation with the Java Enterprise System installer, use the configurator script to configure the Sun ONE Portal Server. The configurator script is located in portal-server-install-root/SUNWps/lib.

Sun ONE Portal Server components that can be installed are:

The Sun ONE Portal Server, Sun ONE Portal Server Secure Remote Access, the gateway, Netlet Proxy, and Rewriter Proxy, can be installed on a single machine (on the Sun ONE Portal Server web application node), or they can be installed on separate nodes. However, the gateway should be installed on a separate node.

In this release, the communication channels are now installed with the Sun ONE Portal Server software. The communication channels consist of mail, calendar, address book, and instant messaging channels.

To Install the Sun ONE Portal Server Software

To install the Sun ONE Portal Server software:

  1. Use the Java Enterprise System install wizard to select Sun ONE Portal Server.
  2. Select the Sun ONE Portal Server components you want to install.

    3. The Sun Java Enterprise System install wizard lets you select multiple Sun ONE Portal Server components to be installed on one machine. For example, you can choose to install the following components on a single machine:

    • Sun ONE Portal Server portal software
    • Sun ONE Portal Server, Secure Remote Access Support
    • Netlet Proxy
    • Rewriter Proxy

      • Note

      When installing the gateway, Netlet Proxy, or Rewriter Proxy, you must select secure remote access support to be installed on the Portal Server node.

  3. Use the Java Enterprise System install wizard to complete the configuration and to install the selected components.

To Install the Sun ONE Portal Server and the Gateway, the Netlet Proxy, or theRewriter Proxy on A Separate Node

To install Sun ONE Portal Server, with the gateway, the Netlet Proxy, or the Rewriter Proxy on a node other than the Sun ONE Portal Server node:

  1. Use the Java Enterprise System install wizard to select the following component install options.
    • Identity Server SDK Alone Install.
    • The gateway, or the Netlet Proxy, or the Rewriter Proxy.

      • The gateway, or the Netlet Proxy or the Rewriter Proxy, need to be installed on a machine with the Sun ONE Identity Server SDK.

  2. Use the Java Enterprise System install wizard to complete the configuration and to install the selected components.

    3. Note

    When installing the gateway, or the Netlet Proxy, or the Rewriter Proxy, you must select secure remote access support to be installed on the Portal Server node.

    Note

    When installing the Sun ONE Identity Server SDK, give the same encryption password key as the one that was given when the Sun ONE Identity Server was installed.

    Make sure to give the correct Sun ONE Identity Server details when installing the Sun ONE Identity Server SDK.

For more installation details and specific download instructions see the Java Enterprise System Installation Guide.

Sun ONE Portal Server Post-Installation Tasks

Post-installation tasks need to be performed for each of the following components:

Sun ONE Portal Server

To access the Portal Server or the Identity Server administration console the directory server and the web container must first be started.

Use the following command to start a local installation of the directory server:

/var/opt/mps/serverroot/slapd-hostname/start-slapd

Note

To provide UNIX login for your users, configure UNIX authentication in the Portal Server administration console, then stop and restart the amserver:

/etc/init.d/amserver stop

/etc/init.d/amserver start

The following post-installation tasks depend on the type of web container on which you deployed the Sun ONE Portal Server.

Sun ONE Web Server

To start the Sun ONE Web Server:

  1. Start the admin instance. In a terminal window type:

    2. cd web-server-install-root/https-admserv

    ./start

  2. Access the Sun ONE Web Server administration console.
  3. Click Apply Changes to restart the web container.

Sun ONE Application Server

Configuring the Application Server Instance
  1. Start the admin instance. In a terminal window, type:

    2. cd /var/opt/SUNWAppserver7/domains/domain1/admin

    ./start

  2. In a browser, go to the Sun ONE Application Server administration console. The default URL is

    3. http://hostname:4848

  3. In the left navigation frame, click on the key to left of App Server Instances.
  4. Select server1 or the name of the application server instance on which Sun ONE Identity Server was installed.
  5. Click Apply Changes.
Stopping and Starting the Sun ONE Application Server

Start the Sun ONE Application Server instance.

In a terminal window, change directories to the application server’s instances utilities directory and run the startserv script. The following example assumes that the default application server domain and instance have been used.

cd /var/opt/SUNWappserver7/domains/domain1/server1/bin

./startserv

To stop and start the Sun ONE Application Server using the asadmin utility or from the Sun ONE Application Server administration console, consult the Sun ONE Application Server documentation.

Changing the MIME Mapping for Secure Remote Access

If You have installed Secure Remote Access on the Sun ONE Portal Server node:

  1. Replace the following mime mapping entry in each gateway profile, from something similar to:

    2. JAVASCRIPT=application/x-javascript

    to:

    JAVASCRIPT=application/x-javascript:text/javascript

  2. Save the profile.
  3. Restart the gateway.
  4. Modify /var/opt/SUNWappserver7/domains/domain1/server1/config/
    server.policy     as follows:

    5. permission java.net.SocketPermission”*”,”connect,accept,listen,resolve”

    permission java.io.FilePermission”<<ALLFILES>>”,”read,write,execute,delete”

  5. Restart the application server.

BEA WebLogic Server

When deploying the Portal Server on BEA WebLogic Server, perform the following steps following the installation of the Sun ONE Portal Server software.

  1. Check the /var/sadm/install/logs/Java_Enterprise_System_install.B/MMddhhmm file for errors.

    2. MM = month

    dd = day

    hh = hour

    mm = minute

  2. Run the perftune script.
  3. Comment out the following line in the startWebLogic.sh script. An example location for this script is /opt/bea/wlserver6.1/config/mydomain/startWebLogic.sh

    4. #JAVA_OPTIONS="-hotspot $JAVA_OPTIONS"

    Using the -hotspot option causes the server to hang with out-of-memory errors.

  4. Stop all BEA WebLogic Server instances (the admin and managed servers).
  5. Start the BEA WebLogic admin server instance. If you have installed on a managed instance, start the managed instance too.)
  6. From the command line, execute the following:

    7. portal-server-install-root/SUNWps/bin/deploy

    Choose the default for the deploy URI and server instance name, and enter the BEA WebLogic Server admin password when prompted.

  7. Execute the following command:

    8. portal-server-install-root/SUNWps/lib/postinstall_PortletSamples

    Enter the BEA WebLogic Server admin password and the Identity Server admin password when prompted.

    This deploys the portletsamples.war file.

  8. Restart the BEA WebLogic Server instance into which Sun ONE Portal Server was deployed.See your web container documentation for instructions on starting the web container instance.

    9. Note

    In the case of a managed server installation, the .war files do not get deployed. The .war files should be deployed using the BEA WebLogic Server administration console.

If you will be supporting multiple authentication methods, for example, LDAP, UNIX, Anonymous, you must add each authentication type to the Core authentication service to create an authentication menu. See the Sun ONE Portal Server 6.2 Administrator’s Guide for further information.

IBM WebSphere Application Server

  1. Check the /var/sadm/install/logs/Java_Enterprise_System_install.B/MMddhhmm file for errors.
  2. Stop and restart the application server instance and the application server node. See your web container documentation for instructions on starting the web container instance.

When downloading the NetFile, NetMail and Netlet applet archives, the content-type is set to text/html in the response header. You need to explicitly associate the .jar and .cab extension to mime type application/octet-stream in the portal web application deployment descriptor file. By default, the deployment descriptor file is located at:

/opt/WebSphere/AppServer/installedApps/PortalURI.ear/portal.war/
WEB-INF/web.xml

  1. Add the following lines to the file after the line containing:

    		2.

    </session-config>:

    <mime-mapping>

    <extension>jar</extension>

    <mime-type>application/octet-stream</mime-type>

    </mime-mapping>

    <mime-mapping>

    <extension>cab</extension>

    <mime-type>application/octet-stream</mime-type>

    </mime-mapping>

    Note

    During migration the mime mappings configuration necessary for the Secure Remote Access product are removed. These mappings need to be added again after migration is done.

  2. Restart the application server.

Secure Remote Access

When using the Sun ONE Portal Server with the gateway, the gateway Certificate Authority (CA) certificate must be added to the Sun ONE Portal Server trusted CA list, regardless of whether the Sun ONE Portal Server is running in HTTP or HTTPs mode.

When a user session time out or user session logout action happens, the Sun ONE Identity Server sends a session notification to the gateway. Even when the Sun ONE Identity Server is running in HTTP mode, it will act as an SSL client using HttpsURLConnection to send the notification. Since it is connecting to an SSL server (the gateway), it should have the gateway CA certificate as part of the Trusted CA list or it should have an option to allow self signed certificate.

Note

The method for adding the CA to the trusted CA list depends on the protocol handler defined.

To create HttpsURLConnection, the Java Virtual Machine (JVM™) property -Djava.protocol.handler.pkgs needs to be set.

If Sun ONE Portal Server is running on the Sun ONE Web Server, this property is correctly set to -Djava.protocol.handler.pkgs by default. The Sun ONE Identity Server com.iplanet.services.comm package has the implementation of HttpsURLConnection and it provides an option to add the flag com.iplanet.am.jssproxy.trustAllServerCerts=true to accept self-signed certificates from any SSL server.

The -Djava.protocol.handler.pkgs is not set by default for the Sun ONE Application Server, BEA WebLogic Server and IBM WebSphere Application Server. The HttpsURLConnection implementation for supported application servers must use their own default handler (this could be JSSE or custom SSL implementation).

Gateway

  1. Start the gateway using the following command:

    2. gateway-install-root/SUNWps/bin/gateway -n new-profile-name start

    default is the default name of the gateway profile that is created during installation. You can create your own profiles later, and restart the gateway with the new profile. See Creating a Gateway Profile in Chapter 2 of the Sun ONE Portal Server, Secure Remote Access 6.2 Administrator’s Guide.

    If you have multiple gateway instances, use:

    gateway-install-root/SUNWps/bin/gateway start

    Note

    This step is not required if you chose y for the Start Gateway after installation option during the gateway installation.

    Caution

    Ensure that only the configuration files for the instances that you want to start are in the /etc/opt/SUNWps directory.

If you want to stop all the gateway instances that are running on that particular node, use the following command:

gateway-install-root/SUNWps/bin/gateway stop

The Netlet and the gateway need Rhino JavaScript™ parser (bundled as rhino/js.jar) for PAC file support. This must be installed in the Gateway and Portal Server node. To install, copy rhino/js.jar to ${JAVA_HOME}/jre/lib/ext directory.

Netlet and Rewriter Proxy

Before starting the Netlet Proxy and the Rewriter Proxy, ensure that the gateway profile is updated with the Netlet Proxy and the Rewriter Proxy options.

The Sun ONE Portal Server Gateway, Netlet Proxy, and Rewriter Proxy work only with the JSS 3.2, NSS 3.4.2, and NSPR 4.2. After installing Gateway, Netlet Proxy, and Rewriter Proxy:

  1. Download and copy the required JSS, NSS, or NSPR versions into the /usr/share/lib directory.
  2. Restart the Gateway, Netlet Proxy, and Rewriter Proxy.

    3. Note

    This should be done only for the stand alone installation of Gateway, Netlet Proxy, and Rewriter Proxy.

The Sun ONE Portal Server software NetFile needs jCIFS libraries (bundled as SUNWjcifs) for Windows access. This needs to be installed in Portal Server node only. To install, use the following steps.

  1. Add this package by running pkgadd -d . SUNWjcifs from the current (this) directory.
  2. Run portal-server-install-root/SUNWps/bin/postinstall_JCIFS
  3. Run portal-server-install-root/SUNWps/bin/undeploy followed by portal-server-install-root/SUNWps/bin/deploy command.
  4. Restart the server.

Configuring Sun ONE Portal Server After A Minimal Install

After performing a minimal configuration installation with the Java Enterprise System installer, use the Portal Server configurator script to configure the Sun ONE Portal Server component product. The checklists in Chapter 1 of this guide describe the parameters used to configure the Sun ONE Portal Server component product.

To run the configurator:

  1. As root in a terminal window, go to the directory that contains the configurator script:

    2. cd portal-server-install-root/lib

  2. Run the configurator script by typing:

    3. ./configurator

    Note

    To turn on debugging:

    configurator -DPS_CONFIG_DEBUG=y

    If you turn on debugging, passwords are displayed on the screen as well as the debugging information.

Verifying the Sun ONE Portal Server Installation

Accessing the Sun ONE Portal Server Administration Console and Desktop

To Access the Sun ONE Identity Server Administration Console

  1. Open a browser.
  2. Type protocol://hostname.domain:port/amconsole

    3. For example,

    http://example.com/amconsole

  3. Enter the administrator’s name and password to view the administration console.

    4. This is the name and password you specified at the time of installing the Sun ONE Identity Server software.

To Access the Sun ONE Portal Server Desktop

Verify the Sun ONE Portal Server installation by accessing the Desktop. Use the following URL to access the Desktop:

protocol://fully-qualified-hostname/portal-URI

For example,

http://example.com/portal

When you access the Desktop, the Authless Desktop is displayed. This allows users accessing the Desktop URL to be authenticated automatically and granted access to the Desktop.

If the sample Portal Desktop displays without any exception, then your Portal Server installation is good.

Verifying the Gateway Installation

  1. Run the following command to check if the gateway is running on the specified port:

    2. netstat -an | grep port-number

    where the default gateway port is 443.

    If the gateway is not running, start the gateway in the debug mode, and view messages that are printed on the console. Use the following command to start the gateway in debug mode:

    portal-server-install-root/SUNWps/bin/gateway -n profilename start debug

    Also view the log files after setting the gateway.debug attribute in the platform.conf.profilename file to message. See the section Understanding the platform.conf File in Chapter 2, “Administering Gateway” in the Sun ONE Portal Server, Secure Remote Access 6.2 Administrator’s Guide, for details.

  2. Run the Portal Server in secure mode by typing the gateway URL in your browser:

    3. https://gateway-machine-name:portnumber

    If you have chosen the default port (443) during installation, you need not specify the port number.

  3. Login to the directory server administration console as administrator using the user name amadmin, and using the password specified during installation.

You can now create new organizations, roles, and users and assign required services and attributes in the administration console.



Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.