Chapter 2
Post Installation Configuration
Minimal Installation Configuration
After performing a minimal configuration installation with the Sun Java Enterprise System installer, use the Portal Server configurator to configure the Portal Server component product. The following checklists in this section describe the parameters used to configure the Portal Server component product.
To run the configurator:
- As root in a terminal window, go to the directory that contains the configurator:
cd portal-server-install-root/SUNWps/lib
- Run the configurator script by typing:
./configurator
|
Note
|
To turn on debugging:
configurator -DPS_CONFIG_DEBUG=y
If you turn on debugging, passwords are displayed on the screen as well as the debugging information.
|
|
- Follow the instructions on the configuration screens.
If you have performed a minimal installation, you will need to use the Sun Java System Portal Server configurator to configure your Portal Server installation. The following checklists describe the values that you will need for a post-minimal install configuration. Depending on the type of installation you perform, the values that you use might vary.
Portal Server And Secure Remote Access
Table 2-1 is a three column table that lists all the values that you might need for a post-minimal install configuration. Depending on the type of installation you perform, the values that you use might vary.
Table 2-1 is an example checklist that assumes a Sun Java System Application Server deployment. If you are deploying on Sun Java System Web Server, BEA WebLogic, or IBM WebSphere Application Server, see the section, Web Container Checklists, for those web container values.
Table 2-1 Portal Server Installation Checklist
Parameter
|
Default Value
|
Description
|
Installation Directory
|
Directory to install Sun Java System configurator components
|
/opt
|
This is the base directory in which the Portal Server software is installed.
|
Deployment Information
|
Deployment Type
|
Sun Java System Web Server
|
The Portal Server can be deployed on the Sun Java System Web Server, Sun Java System Application Server, BEA WebLogic Server, or IBM WebSphere Application Server.
|
Deployment URI
|
/portal
|
The URI is the space on the web server or application server that the Portal Server uses.
The value for the deployment URI must have a leading slash and must contain only one slash. However, the deployment URI cannot be a “/” by itself.
|
Load balancer controlling Portal Server Instances
|
Unselected
|
Check this box if you will be using a load balancer with your Portal Server.
|
Load Balancer URL
|
http://fully_qualified_domain:port/portal
|
|
Web Container Information (Sun Java System Application Server)
|
Installed Directory
|
/opt/SUNWappserver7
|
Directory in which the Sun Java System Application Server is installed.
|
Domain
|
/var/opt/SUNWappserver7/ domains/domain1
|
The Sun Java System Application Server domain contains a set of instances. The domain specified will contain the instance used by the Portal Server. This domain must already be configured.
|
Instance
|
server1
|
The name of the Sun Java System Application Server instance to which the Portal Server will be deployed. This instance must already be configured.
The instance name should not contain spaces.
|
Instance Port
|
80
|
The port on which the Sun Java System Application Server instance will run.
|
Document Root Directory
|
/var/opt/ SUNWappserver7/ domains/domain1/ server1/docroot
|
The directory where static pages are kept.
|
Administrator
|
admin
|
The administrator user ID.
|
Administration Port
|
4848
|
The port number of the administration server.
|
Administration Password
|
|
The administration server password.
|
Identity Server Information
|
Installed Base Directory
|
/opt
|
This is the base directory in which the Sun Java System Identity Server software is installed.
|
Internal LDAP Authentication User Password
|
|
The Internal LDAP Authentication User Password chosen during the Sun Java System Identity Server installation.
|
Administrator (amadmin) Password
|
|
The top level administrator (amadmin) password chosen during the Sun Java System Identity Server software installation.
|
Directory Manager DN
|
cn=Directory Manager
|
The LDAP directory manager distinguished name (DN).
|
Directory Manager Password
|
|
The directory manager password chosen during the installation of the Sun Java System Directory Server.
|
Secure Remote Access Information (for configuring Secure Remote Access Support)
|
Gateway Protocol
|
https
|
The Protocol used by the gateway. The gateway will communicate using Secure Sockets Layer (SSL).
|
Portal Server Domain
|
portal-server-domain-name
|
The domain name for the machine on which the Portal Server is installed.
|
Gateway Domain
|
gateway-domain-name
|
The domain name of the gateway machine.
|
Gateway Port
|
443
|
The port on which the gateway listens.
|
Gateway Profile Name
|
default
|
A gateway profile contains all the information related to gateway configuration, such as the port on which gateway listens, SSL options, and proxy options.
You can create multiple profiles in the gateway administration console and associate different instances of gateway with different profiles.
See “Creating a Gateway Profile” in the Sun Java System Portal Server, Secure Remote Access 6 2004Q2 Administrator’s Guide.
|
Gateway Loggging User Password
|
|
This allows administrators with non-root access to look at gateway log files.
|
Confirm Password
|
|
Retype to verify password.
|
Gateway
Table 2-2 Gateway Installation Checklist
Parameter
|
Default Value
|
Description
|
Protocol
|
https
|
The protocol used by the gateway. The gateway will usually communicate using Secure Sockets Layer (SSL).
|
Host Name
|
host
|
The host name of the machine on which the gateway is installed.
|
Subdomain
|
gateway-subdomain-name
|
The subdomain name of the gateway machine.
|
Domain
|
gateway-domain-name
|
The domain name of the gateway machine.
|
IP Address
|
host-ip-address
|
The IP Address should be that of the machine where Gateway is installed and not that of the Sun Java System Identity Server.
|
Access Port
|
443
|
The port on which the gateway machine listens.
|
Gateway Profile Name
|
default
|
Specify the same profile name specified when you installed Portal Server or Secure Remote Access support.
See “Creating a Gateway Profile” in the Sun java System Portal Server, Secure Remote Access 6 2004Q2 Administrator’s Guide for more information
|
Gateway Logging User Password
|
|
This allows administrators with non-root access to look at gateway log files.
|
Start the gateway after installation
|
Selected
|
The gateway can be started automatically (if this option is checked) or it can be started later.
To start the gateway manually use the following command located in portal-server-install-root/SUNWps/bin:
./gateway -n gateway-profile-name start
|
Certificate Information
|
Organization
|
MyOrganization
|
The name of your organization.
|
Division
|
MyDivision
|
The name of your division.
|
City or Locality
|
MyCity
|
The name of your city or locality
|
State or Province
|
MyState
|
The name of your state
|
Two-Letter Country Code
|
us
|
The two letter country code for your country.
|
Certificate Database Password
|
|
This can be any password you choose.
|
Retype Password
|
|
Retype the password to verify.
|
Netlet Proxy
Table 2-3 Netlet Proxy Installation Checklist
Parameter
|
Default Value
|
Description
|
Host Name
|
hostname
|
The host name of the machine on which Netlet Proxy is installed.
|
Subdomain
|
localhost-subdomain-name
|
The sub-domain name of the machine on which the Netlet Proxy is installed.
|
Domain
|
localhost- domain-name
|
The domain name of the machine on which the Netlet Proxy is installed.
|
IP Address
|
host-ip-address
|
The IP address should be that of the machine where Netlet Proxy is installed and not that of Sun Java System Identity Server.
|
Access Port
|
10555
|
The port on which the Netlet Proxy listens.
|
Gateway Profile Name
|
default
|
Specify the same profile name specified when you installed Portal Server or Secure Remote Access support.
See “Creating a Gateway Profile” in the Sun java System Portal Server, Secure Remote Access 6 2004Q2 Administrator’s Guide for more information.
|
Gateway Logging User Password
|
|
This allows administrators with non-root access to look at gateway log files.
|
Start Netlet Proxy after installation
|
Selected
|
The Netlet Proxy can be started automatically (if this option is checked) or it can be started later. To start the Netlet Proxy manually use the following command located in netlet-proxy-install-root/SUNWps/bin
./netletd -n default start
|
Certificate Information
|
Organization
|
MyOrganization
|
The name of your organization.
|
Division
|
MyDivision
|
The name of your division.
|
City or Locality
|
MyCity
|
The name of your city or locality.
|
State or Province
|
MyState
|
The name of your state or province.
|
Two-letter Country Code
|
us
|
The two-letter country code for your country.
|
Certificate Database Password
|
|
This can be any password you choose.
|
Retype Password
|
|
Retype the password to verify.
|
Rewriter Proxy
Table 2-4 Rewriter Proxy Installation Checklist
Parameter
|
Default Value
|
Description
|
Host Name
|
hostname
|
The host name of the machine on which the Rewriter Proxy is installed.
|
Subdomain
|
localhost-subdomain-name
|
The sub-domain name of the machine on which the Rewriter Proxy is installed.
|
Domain
|
localhost- domain-name
|
The domain name of the machine on which the Rewriter Proxy is installed.
|
IP Address
|
host-ip-address
|
The IP address should be that of the machine on which Rewriter Proxy is installed and not that of Sun Java System Identity Server.
|
Access Port
|
10443
|
The port on which the Rewriter Proxy listens.
|
Gateway Profile Name
|
default
|
Specify the same profile name specified when you installed Portal Server or Secure Remote Access support.
See “Creating a Gateway Profile” in the Sun java System Portal Server, Secure Remote Access 6 2004Q2 Administrator’s Guide for more information.
|
Gateway Logging User Password
|
|
This allows administrators with non-root access to look at gateway log files.
|
Start the Rewriter Proxy after installation
|
Selected
|
The Rewriter Proxy can be started automatically (if this option is checked) or it can be started manually later.
To start the Rewriter Proxy manually use the following command located in rewriter-proxy--install-root/SUNWps/bin
./rwproxyd -n default start
|
Certificate Information
|
Organization
|
MyOrganization
|
The name of your organization.
|
Division
|
MyDivision
|
The name of your division.
|
City or Locality
|
MyCity
|
The name of your city or locality.
|
State or Province
|
MyState
|
The name of your state or province.
|
Two-letter Country Code
|
us
|
The two-letter country code for your country.
|
Certificate Database Password
|
|
This can be any password you choose.
|
Confirm Password
|
|
Retype the password to verify.
|
Table 2-5 Netlet and Rewriter Proxy Information
Parameter
|
Default Value
|
Description
|
Work With Portal Server on this Node
|
Selected
|
Uncheck this box if Portal server and Sun Java System Secure Remote Access componets are being Installed on seperate machines.
Check this box if portal server and other Sun Java System Secure Remote Access components are installed in the same machine.
When this box is checked, the following fields are enabled.
|
Portal Server Protocol
|
http
|
Protocol that Portal Server uses to communicate.
|
Portal Server Host
|
fully-qualified-host-name
|
Fully qualified host name of Portal Server.
|
Portal Server Port
|
80
|
|
Portal Server Deployment URI
|
/portal
|
|
Organization DN
|
|
|
Identity Server Service URI
|
/amserver
|
|
Identity Server password encryption key
|
|
The value of the encryption key. The encryption key is located in:
/etc/opt/SUNWam/config AMConfig.properties as the parameter am.encryption.pwd.
|
Web Container Checklists
The Portal Server installation has dependencies on some web container parameters. The following checklists describe the parameters that will be needed during the Portal Server installation process. See the checklist that pertains to the web container on which you are deploying the Portal Server product.
For more information about using the supported application servers with the Portal Server, see the appendix in this guide that pertains to your application server deployment.
Sun Java System Web Server Checklist
Table 2-6 Sun Java System Web Server Values Used During Portal Server Installation
Parameter
|
Default Value
|
Description
|
Installed Directory
|
/opt/SUNWwbsvr
|
The base directory in which the Sun Java System Web Server is installed.
|
Instance
|
host
|
The web server instance you want the Portal Server to use.
The instance name should not contain spaces.
|
Instance Port
|
80
|
The port for accessing Portal Server.
|
Secure web container instance port
|
Unchecked
|
Check this box if SSL will be running on the instance port.
|
Document Root Directory
|
/opt/SUNWwbsvr/docs
|
The directory where static pages are kept.
|
Sun Java System Application Server Checklist
Table 2-7 Sun Java System Application Server Values Used During Portal Server Installation
Parameter
|
Default Value
|
Description
|
Installed Directory
|
/opt/SUNWappserver7
|
Directory in which the Sun Java System Application Server is installed.
|
Domain
|
/var/opt/SUNWappserver7/ domains/domain1
|
The Sun Java System Application Server domain contains a set of instances. The domain specified will contain the instance used by the Portal Server. This domain must already be configured.
|
Instance
|
server1
|
The name of the Sun Java System Application Server instance to which the Portal Server will be deployed. This instance must already be configured.
The instance name should not contain spaces.
|
Instance Port
|
80
|
The port used to access Portal Server
|
Secure web container instance port
|
Unchecked
|
Check this box if SSL will be running on the instance port.
|
Document Root Directory
|
/var/opt/SUNWappserver7/ domains/domain1/server1/ docroot
|
The directory where static pages are kept.
|
Administrator
|
admin
|
The administrator user ID.
|
Administration Port
|
4848
|
The port number of the administration server.
|
Administration Password
|
|
The administration server password.
|
BEA WebLogic Server Checklist
Table 2-8 BEA WebLogic Server Values Used During Portal Server Installation
Parameter
|
Default Value
|
Description
|
BEA Home Directory
|
/user/local/bea
|
The directory in which BEA is installed.
|
Product Installation Directory
|
/usr/local/bea/weblogic81
|
The directory in which the BEA WebLogic Server software is installed.
|
User Project’s Directory
|
user_projects
|
Use the value you entered during BEA WebLogic installation.
|
Domain
|
mydomain
|
The BEA WebLogic Server domain contains a set of instances. The domain specified will contain the instance used by the Portal Server. This domain must already be configured.
|
Instance
|
myserver
|
The name of the BEA WebLogic Server instance to which the Portal Server will be deployed. This instance must already be configured.
The name must not contain a space.
If you are installing Portal Server on an administration server instance this will be the name of the administration server instance. Otherwise it will be the name of the managed server instance.
|
Instance Port
|
7001
|
The port for accessing Portal Server
|
Secure instance port
|
Unselected
|
Check this box if SSL will be running on the instance port.
|
Document Root Directory
|
/usr/local/bea/user_projects/domains/mydomain/applications
|
The document root value of DefaultWebApp needs to be deployed to the BEA WebLogic Server instance you are running the Portal Server software on. DefaultWebApp is the default web application, from which is served static content in a BEA WebLogic Server. By default it is only deployed to the domain (mydomain) and the server instance defined or created during the BEA WebLogic Server install. This means that if you create your own BEA WebLogic Server or domain, you need to deploy the DefaultWebApp to it, either by copying the directory to the new server’s deployment directory, or by using the BEA WebLogic Server administration console. See the BEA WebLogic Server documentation for more detail on how to configure a default web application.
|
Administrator
|
system
|
The administrator’s user ID.
|
Administration Protocol
|
http
|
Protocol on which the administration server of BEA WebLogic Server runs on.
|
Administration Port
|
7001
|
Port on which the administration server of BEA WebLogic Server is running. If the Portal Server is installed on the BEA WebLogic Server administration server itself, the port on which Portal Server runs and the administration port of BEA WebLogic Server will be the same.
|
Administration Password
|
|
The system password.
|
IBM WebSphere Application Server Checklist
Table 2-9 IBM WebSphere Application Server Values Used During Portal Server Installation
Parameter
|
Default Value
|
Description
|
Installed Directory
|
/opt/WebSphere/Express51/AppServer
|
The directory in which the IBM WebSphere Application Server software is installed.
|
Virtual Host
|
default_host
|
Use the value you entered during IBM WebSphere installation.
|
Node
|
machine-name
|
|
Instance
|
server1
|
The name of the instance to which the Portal Server will be deployed. This instance must already be configured.
Portal Server cannot be installed into an application server instance or domain whose name contains a dash or a space, for example, Default-Server or Default Server.
|
Document Root Directory
|
/opt/IBMHTTPD/htdocs/ en_US
|
The directory where static pages are kept. This directory is created during the Sun Java System Identity Server installation.
|
Portal Server Post-Installation Tasks
Post-installation tasks need to be performed for each of the following components:
Portal Server
To access the Portal Server or the Identity Server administration console the directory server and the web container must first be started.
Use the following command to start a local installation of the directory server:
/var/opt/mps/serverroot/slapd-hostname/start-slapd
The following post-installation tasks depend on the type of web container on which you deployed the Portal Server.
Sun Java System Web Server
To start the Sun Java System Web Server:
- Start the admin instance. In a terminal window type:
cd web-server-install-root/SUNWwbsrv
./start
- Access the Sun Java System Web Server administration console.
- Click Apply Changes to restart the web container.
Sun Java System Application Server
Configuring the Application Server Instance
- Start the admin instance. In a terminal window, type:
cd /var/opt/SUNWAppserver7/domains/domain1/admin-server/bin
./start
- In a browser, go to the Sun Java System Application Server administration console. The default URL is
http://hostname:4848
- In the left navigation frame, click on the key to left of App Server Instances.
- Select server1 or the name of the application server instance on which Sun Java System Identity Server was installed.
- Click Apply Changes.
Stopping and Starting the Sun Java System Application Server
Start the Sun Java System Application Server instance.
In a terminal window, change directories to the application server’s instances utilities directory and run the startserv script. The following example assumes that the default application server domain and instance have been used.
cd /var/opt/SUNWappserver7/domains/domain1/server1/bin
./startserv
To stop and start the Sun Java System Application Server using the asadmin utility or from the Sun Java System Application Server administration console, consult the Sun Java System Application Server documentation.
BEA WebLogic Server
When deploying the Portal Server on BEA WebLogic Server, perform the following steps following the installation of the Portal Server software.
- Check the /var/sadm/install/logs/Java_Enterprise_System_install.B/MMddhhmm file for errors.
MM = month
dd = day
hh = hour
mm = minute
- Stop all BEA WebLogic Server instances (the admin and managed servers).
- Start the BEA WebLogic admin server instance. If you have installed on a managed instance, start the managed instance too.)
- From the command line, execute the following:
portal-server-install-root/SUNWps/bin/deploy
Choose the default for the deploy URI and server instance name, and enter the BEA WebLogic Server admin password when prompted.
- Execute the following commands:
- setenv DEPLOY_ADMIN_PASSWORD BEA-WebLogic-admin-password
- setenv IDSAME_ADMIN_PASSWORD Identity-Server-admin-password
- portal-server-install-root/SUNWps/lib/postinstall_PortletSamples
Enter the BEA WebLogic Server admin password and the Identity Server admin password when prompted.
This deploys the portletsamples.war file.
- Restart the BEA WebLogic Server instance into which Portal Server was deployed.See your web container documentation for instructions on starting the web container instance.
|
Note
|
In the case of a managed server installation, the .war files do not get deployed. The .war files should be deployed using the BEA WebLogic Server administration console.
|
|
If you will be supporting multiple authentication methods, for example, LDAP, UNIX, Anonymous, you must add each authentication type to the Core authentication service to create an authentication menu. See the Sun Java System Portal Server 6 2004Q2 Administrator’s Guide for further information.
IBM WebSphere Application Server
- Check the /var/sadm/install/logs/Java_Enterprise_System_install.B/MMddhhmm file for errors.
- Stop and restart the application server instance and the application server node. See your web container documentation for instructions on starting the web container instance.
Secure Remote Access
When using the Portal Server with the gateway, the gateway Certificate Authority (CA) certificate must be added to the Portal Server trusted CA list, regardless of whether the Portal Server is running in HTTP or HTTPs mode.
When a user session time out or user session logout action happens, the Sun Java System Identity Server sends a session notification to the gateway. Even when the Sun Java System Identity Server is running in HTTP mode, it will act as an SSL client using HttpsURLConnection to send the notification. Since it is connecting to an SSL server (the gateway), it should have the gateway CA certificate as part of the Trusted CA list or it should have an option to allow self signed certificate.
|
Note
|
The method for adding the CA to the trusted CA list depends on the protocol handler defined.
|
|
To create HttpsURLConnection, the Java Virtual Machine (JVM) property -Djava.protocol.handler.pkgs needs to be set.
If Portal Server is running on the Sun Java System Web Server, Sun Java System Application Server, or BEA WebLogic Server, this property is correctly set to com.iplanet.services.comm by default. The Sun Java System Identity Server package has the implementation of HttpsURLConnection and it provides an option to accept self-signed certificates from any SSL server by adding the flag com.iplanet.am.jssproxy.trustAllServerCerts=true in the AMConfig.properties file.
The -Djava.protocol.handler.pkgs is not set by default for the IBM WebSphere Application Server. The HttpsURLConnection implementation for supported application servers must use their own default handler (this could be JSSE or custom SSL implementation).
Gateway
- Start the gateway using the following command:
gateway-install-root/SUNWps/bin/gateway -n new-profile-name start
default is the default name of the gateway profile that is created during installation. You can create your own profiles later, and restart the gateway with the new profile. See Creating a Gateway Profile in Chapter 2 of the Sun Java System Portal Server, Secure Remote Access 6 2004Q2 Administrator’s Guide.
If you have multiple gateway instances, use:
gateway-install-root/SUNWps/bin/gateway start
|
Note
|
This step is not required if you chose y for the Start Gateway after installation option during the gateway installation.
|
|
|
Caution
|
Ensure that only the configuration files for the instances that you want to start are in the /etc/opt/SUNWps directory.
|
|
If you want to stop all the gateway instances that are running on that particular node, use the following command:
gateway-install-root/SUNWps/bin/gateway stop
The Netlet and the gateway need Rhino JavaScript parser (bundled as SUNWrhino) for PAC file support. This must be installed in the Gateway and Portal Server node. To install, use the following steps:
- Add this package by running pkgadd -d . SUNWrhino from the current directory.
- Copy package-base-dir/js.jar to ${JAVA_HOME}/jre/lib/ext directory.
Netlet and Rewriter Proxy
Before starting the Netlet Proxy and the Rewriter Proxy, ensure that the gateway profile is updated with the Netlet Proxy and the Rewriter Proxy options.
- If you did not choose the option to start the Netlet Proxy during installation, you can start the Netlet Proxy manually. In the directory, portal-proxy-install-root/SUNWps/bin, type:
- If you did not choose the option to start the Rewriter Proxy manually during installation, you can start it manually. In the directory portal-proxy-install-root/SUNWps/bin, type:
The Sun Java System Portal Server software NetFile needs jCIFS libraries (bundled as SUNWjcifs) for Windows access. This needs to be installed in Portal Server node only. To install, use the following steps.
- Add this package by running pkgadd -d . SUNWjcifs from the current (this) directory.
- Run portal-server-install-root/SUNWps/lib/postinstall_JCIFS
- Run portal-server-install-root/SUNWps/bin/undeploy
- Run portal-server-install-root/SUNWps/bin/deploy command.
- Restart the server.
Verifying the Portal Server Installation
Accessing the Portal Server Administration Console and Desktop
To Access the Sun Java System Identity Server Administration Console
- Open a browser.
- Type protocol://hostname.domain:port/amconsole
For example,
http://example.com:80/amconsole
- Enter the administrator’s name and password to view the administration console.
This is the name and password you specified at the time of installing the Sun Java System Identity Server software.
To Access the Portal Server Desktop
Verify the Portal Server installation by accessing the Desktop. Use the following URL to access the Desktop:
protocol://fully-qualified-hostname:port/portal-URI
For example,
http://example.com:80/portal
When you access the Desktop, the Authless Desktop is displayed. This allows users accessing the Desktop URL to be authenticated automatically and granted access to the Desktop.
If the sample Portal Desktop displays without any exception, then your Portal Server installation is good.
Verifying the Gateway Installation
- Run the following command to check if the gateway is running on the specified port:
netstat -an | grep port-number
where the default gateway port is 443.
If the gateway is not running, start the gateway in the debug mode, and view messages that are printed on the console. Use the following command to start the gateway in debug mode:
portal-server-install-root/SUNWps/bin/gateway -n profilename start debug
Also view the log files after setting the gateway.debug attribute in the platform.conf.profilename file to message. See the section Understanding the platform.conf File in Chapter 2, “Administering Gateway” in the Sun Java System Portal Server, Secure Remote Access 6 2004Q2 Administrator’s Guide, for details.
- Run the Portal Server in secure mode by typing the gateway URL in your browser:
https://gateway-machine-name:portnumber
If you have chosen the default port (443) during installation, you need not specify the port number.
- Login to the Identity Server administration console as administrator using the user name amadmin, and using the password specified during installation.
You can now create new organizations, roles, and users and assign required services and attributes in the administration console.