Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Portal Server 6 2005Q1 Administration Guide 

Chapter 18
Managing the Portal Server System

This chapter describes the various administrative tasks associated with maintaining the Sun Java™ System Portal Server system.

This chapter contains these sections:

Configuring Secure Sockets Layer (SSL)

You can configure Secure Sockets Layer (SSL) with Portal Server and associated components in the following ways:

To Configure SSL with Portal Server

Use this procedure if you chose to run SSL on your machine during the Portal Server installation.

  1. Create a trust database for the web server on which you installed Portal Server.

    2. See Chapter 5, “Creating a Trust Database” in the Sun Java System Web Server 6 2004Q2, Enterprise Edition Administration Guide at the following URL for more information:

    http://docs.sun.com/source/816-5682-10/index.htm

  2. Request a certificate for the web server on which you installed Portal Server software and install the certificate on the web server instance.

    3. See Chapter 5, “Requesting and Installing a VeriSign Certificate” or “Requesting and Installing Other Server Certificates” in the Sun Java System Web Server 6 2004Q2, Enterprise Edition Administration Guide for more information.

  3. Turn on encryption for the Portal Server web server instance.

    4. In the web server administration console, select the Preferences tab, select Add Listen Socket, then select Edit Listen Socket and turn on security.

    See Chapter 5, “Turning Security On,” in the Sun Java System Web Server 6 2004Q2, Enterprise Edition Administration Guide for more information,

  4. Click Apply and Apply Changes in the web server administration console.
  5. Restart the web container.

    6. See your web container documentation for instructions on starting the web container.

  6. The system prompts you for the password to get to the certificate database.

    7. Note

    To avoid having to type the passphrase on each reboot, create a file named .wtpass that contains the web server passphrase and place it in the AccessManager-base/SUNWam/config directory. If you reboot the system with a secure web server without having this file, you must type in the passphrase at the system console.

  7. Verify that you can now log on to the Portal Server portal using SSL:
    • To log on to the Sun Java System Access Manager administration console, type:
      https://server:port/amconsole
    • To log on as a user to the Desktop, type:
      https://server:port/deploy_uri

      for example,
      https://sesta:80/portal/dt

To Modify an Existing Portal Server Installation to Use SSL

Use this procedure if you answered n when asked “Do you want to run SSL on hostname?” during the Portal Server installation. See the Sun Java System Portal Server 6 2004Q2 Installation Guide for more information.

  1. Log in to the Sun Java System Access Manager admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.
  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. In the server list, change http to https.
  5. Click Save to save your changes.
  6. Install the certificate on the web server.

    7. See Step 1 through Step 4 in To Configure SSL with Portal Server for details.

  7. Copy the server.xml and magnus.conf files from /AccessManager-base/SUNWam/servers/https-hostname-domain/conf_bk directory to the /AccessManager-base/SUNWam/servers/https-hostname-domain/config directory.
  8. Add the following line to the /AccessManager-base/SUNWam/lib/AMConfig.properties file if the root CA is not installed for your certificate.

    9. com.sun.am.jssproxy.trustAllServerCerts=true

    This option tells JSS to trust the certificate.

  9. In the /AccessManager-base/SUNWam/lib/AMConfig.properties file, change http to https for the following:

    10. com.sun.am.server.protocol

    com.sun.am.naming.url

    com.sun.am.notification.url

    com.sun.am.session.server.protocol

    com.sun.services.cdsso.CDCURL

    com.sun.services.cdc.authLoginUrl

  10. Restart the web container.
  11. The system prompts you for the password to get to the certificate database.

See Chapter 11, “Managing SSL” in the Sun Java System Directory Server Administration Guide for more information.

To Configure a Portal Server Instance to Use SSL

  1. Log in to the Sun Java System Access Manager admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.
  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. In the server list, change http to https.
  5. Click Save to save your changes.
  6. Install the certificate on the web server.

    7. See Step 1 through Step 4 in To Configure SSL with Portal Server for details.

  7. If this server is part of a multi-instance installation, copy the server.xml and magnus.conf files from /AccessManager-base/SUNWam/servers/https-instance_nickname/conf_bk directory to the /AccessManager-base/SUNWam/servers/https-instance_nickname/config directory.
  8. Add the following line to the /AccessManager-base/SUNWam/lib/AMConfig-instance_nickname.properties file if the root CA is not installed for your certificate.

    9. com.sun.am.jssproxy.trustAllServerCerts=true

    This option tells JSS to trust the certificate.

  9. In the /AccessManager-base/SUNWam/lib/AMConfig-instance_nickname.properties file, change http to https for the following:

    10. com.sun.am.server.protocol

    com.sun.am.naming.url

    com.sun.am.notification.url

    com.sun.am.session.server.protocol

    com.sun.services.cdsso.CDCURL

    com.sun.services.cdc.authLoginUrl

  10. Restart the web container.
  11. The system prompts you for the password to get to the certificate database.

See Chapter 11, “Managing SSL” in the Sun Java System Directory Server Administration Guide for more information.

Backing Up and Restoring Portal Server Configuration

The Portal Server user and service configuration is stored on the directory server in an LDAP Directory Information Tree (DIT). This allows you to back up and restore configuration information via a Lightweight Directory Interchange Format (LDIF) file.

To Back Up a Portal Server Configuration

To back up Portal Server configuration information use the db2ldif command. This command is available in the slapd-hostname directory within the base directory of the directory server. For example, if the directory server was installed to the default install directory (/usr/ldap) on the server sesta, the base directory would be /usr/ldap/slapd-sesta.

  1. Change directories to the directory server base directory containing the db2ldif command.

    2. cd DirectoryServer-base/slapd-HOSTNAME

  2. Save the configuration to an LDIF file using the db2ldif command with the -s option specifying the top level of the DIT for Portal Server. For example, to save a configuration in which the top level of the DIT is isp, type the following:

    3. ./db2ldif -s "o=isp"

    The data are saved to an LDIF file. The command saves the file to a the current directory. The following format is used to name the file:

    YYYY_MM_DD_HHMMSS.ldif

    After the file is saved, the following example output displays:

    [16/May/2002:14:11:25 -0700] - Backend Instance: userRoot

    ldiffile: /usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif

    [16/May/2002:14:11:28 -0700] - export userRoot: Processed 178 entries (100%).

To Restore a Portal Server Configuration

You can restore the Portal Server configuration information you have backed up via the db2ldif command using the ldif2db command. This command is available in the slapd-hostname directory within the base directory of the directory server. For example, if the directory server was installed to the default install directory (/usr/ldap) on the server sesta, the base directory would be /usr/ldap/slapd-sesta.

  1. Change directories to the Directory Server base directory containing the ldif2db command by entering:

    2. cd DirectoryServer-base/slapd-HOSTNAME

  2. Stop the directory server by entering:

    3. ./stop-slapd

  3. Restore the configuration from the LDIF file to the directory server using the ldif2db command with the -s option specifying the top level of the DIT for Portal Server and the -i option specifying the file name. For example, to restore the LDIF file saved in the previous procedure to the top level of the DIT of isp, type the following:

    4. ./ldif2db -s "o=isp" -i /usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif

    After the configuration is restored, the following example output displays:

    importing data ...

    [16/May/2002:16:37:02 -0700] - Backend Instance: userRoot

    [16/May/2002:16:37:03 -0700] - import userRoot: Index buffering enabled with bucket size 13

    [16/May/2002:16:37:03 -0700] - import userRoot: Beginning import job...

    [16/May/2002:16:37:03 -0700] - import userRoot: Processing file "/usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif"

    [16/May/2002:16:37:04 -0700] - import userRoot: Finished scanning file "/usr/ldap/slapd-sesta/ldif/2002_05_16_141122.ldif" (178 entries)

    [16/May/2002:16:37:05 -0700] - import userRoot: Workers finished; cleaning up...

    [16/May/2002:16:37:08 -0700] - import userRoot: Workers cleaned up.

    [16/May/2002:16:37:08 -0700] - import userRoot: Cleaning up producer thread...

    [16/May/2002:16:37:08 -0700] - import userRoot: Indexing complete. Post-processing...

    [16/May/2002:16:37:08 -0700] - import userRoot: Flushing caches...

    [16/May/2002:16:37:08 -0700] - import userRoot: Closing files...

    [16/May/2002:16:37:09 -0700] - import userRoot: Import complete. Processed 178 entries in 6 seconds. (29.67 entries/sec)

  4. Restart the directory server by entering:

    5. ./start-slapd

Changing Portal Server Network Settings

To physically move a server running Portal Server software from one network to another, you need only change the fully qualified domain name mapping the IP address in the /etc/hosts file. There are no other hardcoded addresses that need to be changed.

Managing a Multiple UI Node Installation

When you install Portal Server software onto multiple UI nodes, you need to make a configuration change to the Platform attributes in the Sun Java System Access Manager administration console. You edit the Server List attribute to include the URLs for each UI node.

The Sun Java System Access Manager naming service reads the Server List attribute at initialization time. This list contains the Sun Java System Access Manager session servers in a single Sun Java System Access Manager configuration. For example, if two Sun Java System Access Manager servers are installed and should work as one, they must both be included in this list. If the host specified in a request for a service URL is not in this list, the naming service will reject the request. The first value in the list specifies the host name and port of the server specified during installation. Additional servers can be added using the format protocol://server:port.

To Add Additional Portal Servers to the Server List

  1. Log in to the Sun Java System Access Manager admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to Platform.

    4. The Platform attributes appear in the data pane.

  4. Edit the Server List attribute.

    5. For each server functioning as a UI node, type the server URL, for example, http://host1.sesta.com:80 and then click the Add button. The URL then appears in the Server List.

  5. Click Save.
  6. Restart the web container.

Configuring a Portal Server Instance to Use an HTTP Proxy

If the Portal Server software is installed on a host that cannot directly access certain portions of the Internet or your intranet, you might want to configure the instance to use an HTTP proxy.

The Portal Server is configured to use an HTTP proxy by setting the http.proxyHost and http.proxyPort Java Virtual Machine (JVM) system properties in the web container that is running the Portal Server web application. The method for setting JVM system properties varies on different web containers. The procedure described in this section is specifically for configuring the Sun Java System Web Server instance to use an HTTP proxy.

  1. Change directories to the Web Server base directory containing the configuration for the instance by entering:

    2. cd /WebServer-base/SUNWam/servers/https-hostname-domain/config

  2. Edit the server.xml file within this directory and add the following lines:

    3. <JVMOPTIONS>-Dhttp.proxyHost=proxy_host</JVMOPTIONS>

    <JVMOPTIONS-Dhttp.proxyPort=proxy_port</JVMOPTIONS>

    where proxy_host is the fully-qualified domain name of the proxy host and proxy_port is the port on which the proxy is run.

    Note

    If the server.xml file has a proxy set up (using the http.proxyHost= and http.proxyPort= options) you may want to add the http.nonProxyHosts=proxy_host option. It is possible that the portal server may not be accessible through the proxy server, unless the portal server is added to the proxy server access list.

Managing Portal Server Logs

You can configure Portal Server logging to log information to a flat file or to a database. When logging to a database, the JDBC protocol is used.

To Configure Logging to a File

  1. Log in to the Sun Java System Access Manager admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to Logging.

    4. The Logging attributes appear in the data pane.

  4. Select File as the Logging Type attribute.
  5. Specify the directory path for the log files in the Log Location attribute.
  6. Specify the maximum file size in bytes for the log file in the Max Log Size attribute.
  7. Specify the number of backup logs in the Number of History Files attribute.
  8. Click Save.

To Configure Logging to a Database

  1. Log in to the Sun Java System Access Manager admin console as administrator.

    2. By default, Identity Management is selected in the location pane and All created organizations are displayed in the navigation pane.

  2. Choose Service Configuration in the location pane.

    3. The global services appear in the navigation pane.

  3. Click the properties arrow next to the Logging service in the navigation pane.

    4. The Logging attributes appear in the data pane.

  4. Select DB as the Logging Type attribute.
  5. Specify a user name and password with which to connect to the database in the Database User Name and Database User Password attributes.
  6. Specify the driver to use for logging in the Database Driver Name attribute.
  7. Click Save.

Debugging Portal Server

This section describes how to set the debug level to help you troubleshoot various Portal Server components.

To Set the Debug Level for Sun Java System Access Manager

The debug level allows you to define the types of messages sent to the debug log. The following levels are supported:

By default, debug messages are sent to log files in the /var/opt/SUNWam/debug directory.

To set the debug level:

  1. Define the debug level in the following line of the /etc/opt/SUNWps/desktopconfig.properties file:

    2. debugLevel=value

  2. Restart the web container.
  3. Examine the various log files under /var/opt/SUNWam/debug as well as the Sun Java System Web Server log file.



Previous      Contents      Index      Next     

Copyright 2005 Sun Microsystems, Inc. All rights reserved.