Configuring Gateway During Installation

This section contains the following procedures:

• Configuring a Portal Server and a Gateway on a Single Node

• Configuring Portal Server and Gateway on Separate Nodes

• Installing the Gateway with Portal Server in the SSL Mode

• Creating a Gateway Instance

Figure 6–1 Portal Server with Gateway

Configuring a Portal Server and a Gateway on a Single Node

This section describes how to configure a Portal Server and a Gateway on a single node in the Configure Now and Configure Later modes.

Using the Configure Now mode, you can configure a Gateway while installing Portal Server, where the Gateway is configured with other components. You can also configure the Gateway using the Configure Later mode, where you need to manually configure Gateway using the psconfig command after installing Portal Server.

To Configure Portal Server on a Single Node using the Configure Now Mode

1. Select the Gateway option displayed with Sun Java System Portal Server Secure Remote Access 7.1 when you install Sun Java System Portal Server 7.1.

2. Enter Directory Server, Access Manager, and web container information in the Java ES installer screens.

3. Start Directory Server and web container instance after a successful installation of Portal Server.

4. Start the gateway.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

To Configure Portal Server on a Single Node using the Configure Later Mode

1. Select Sun Java System Portal Server 7.1, Directory Server, and web container in the Java ES installer.

2. Select the Gateway option displayed with Sun Java System Portal Server Secure Remote Access 7.1.

3. Install the components using the Java ES installer in the Configure Later mode.

4. Ensure that Directory Server, web container instance, and web container administrator server are running.

5. Modify the example7.xml file.

   The example7.xml file is located in the PortalServer_base/SUNWportal/samples/psconfig directory.

6. Configure common agent container.

   PortalServer_base/SUNWportal/bin/psconfig --config example7.xml

7. Start the Gateway.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

Configuring Portal Server and Gateway on Separate Nodes

This section describes how to configure Portal Server and Gateway on separate nodes in the Configure Now and Configure Later modes.

Using the Configure Now mode, you can configure a Gateway while installing the Portal Server, where the Gateway is configured with other components. You can also configure the Gateway using the Configure Later mode, where you need to manually configure Gateway using the psconfig command after installing Portal Server.

Ensure that the following ports are opened whenever you configure a Gateway or perform any administrator console or command line operations that involve Gateway.

• 11162 : JMX Port (TCP)

• 11161 : SNMP Adapter Port (UDP)

• 11163 : Commandstream Adapter Port (TCP)

• 11164: RMI Connector Port (TCP)

To Configure Portal Server and Gateway on Separate Nodes in the Configure Now Mode

This procedure requires two nodes: Node 1 and Node 2.

1. Install Portal Server and Directory Server in the Configure Now mode on Node 1.

   ---

   Note –

   Select Enable SRA for Portal while installing the Portal Server.

   ---

2. (Optional) Set SRA status to Enabled on Node 1, if the Enable SRA for Portal is not selected while installing.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin_user -f password_file on

3. Start the Java ES installer and install Access Manager SDK and Gateway on Node 2 in the Configure Now mode.

   ---

   Note –

   Use the same password encryption key on both the nodes.

   ---

4. Enable Gateway profile on Node 1.

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin_user -f password_file --gateway-profile gateway_profile --enable

5. Start the SRA instance on Node 2.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

To Configure Portal Server and Gateway on Separate Nodes in the Configure Later Mode

1. Install Portal Server and Directory Server on Node 1 in the Configure Now mode.

2. Install AMSDK on Node 2 in the Configure Now mode using the Java ES installer.

   ---

   Note –

   Use the same password encryption key on both the nodes.

   ---

3. Install Gateway on Node 2 in the Configure Later mode using the Java ES installer.

4. Enable Gateway profile on Node 1.

   PortalServer_base/SUNWportal/bin provision-sra -u admin_user -f password_file --gateway-profile gateway_profile --enable

5. Modify the example10.xml file.

   The example10.xml file is located in the PortalServer_base/SUNWportal/samples/psconfig directory.

6. Configure common agent container.

   PortalServer_base/SUNWportal/bin/psconfig --config example10.xml

7. Start the Gateway.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

To Install Gateway on a Non-Default Instance of Application Server

1. Install Directory Server and Application Server.

2. Start Directory Server and Application Server.

3. Create a node agent.

   asadmin create-node-agent --user admin --password password --savemasterpassword=true node1

4. Start the node agent.

   ./asadmin start-node-agent --user admin --password password node1

5. Create non default server instance.

   ./asadmin create-instance --user admin --password password --nodeagent node1 server1

6. Start the instance.

   ./asadmin start-instance --user admin --password password server1

7. Install Access Manager in the Configure Later mode.

8. Edit the amsamplesilent file.

9. Restart Directory Server, Application Server, and Access Manager.

10. Check if Access manager is up and running.

11. Invoke installer and install Portal Server in the Configure Later mode.

12. Edit the example14.xml file and configure common agent container.

    ./psconfig --config example14.xml

Installing the Gateway with Portal Server in the SSL Mode

Installing the Gateway with Portal Server in SSL mode allows the user, in the same Intranet where Portal Server is installed, to access Portals through a secure protocol.

Figure 6–2 Portal Server in the SSL mode

To Install Gateway with Portal Server in SSL

1. Import the root Certificate Authority (CA) to the certificate database.

   cd /usr/jdk/entsys-j2se/jre/lib/security /usr/jdk/entsys-j2se/jre/bin/keytool -keystore cacerts -keyalg RSA -import -trustcacerts -alias alias-name -storepass store-password -file file-name-path

2. Start the Java ES installer and install the Gateway and Access Manager SDK.

3. Create a certificate signing request.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n default

   2. Select Option 2 in the command-line interface.

   3. Type the details and save the certificate request in a file.

4. Get this certificate signed by the Certificate Authority.

   The Certificate Authority will be the Portal Server Administrator.

5. Create a file on the Gateway node, and paste the certificate response.

6. Add the signed certificate to the certificate database of Gateway.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n default

   2. Select Option 4 in the command-line interface.

7. Add the Root Certificate Authority to the certificate database.

   1. Run the following command:

      PortalServer_base/SUNWportal/bin/certadmin -n default

   2. Select Option 3 in the command-line interface.

   3. Provide the path for the Root Certificate Authority.

      The following message is displayed, “Successfully added.”

8. Restart the Gateway.

   PortalServer_base/SUNWportal/bin/psadmin switch-sra-status -u admin-user-name -f password-file on

   PortalServer_base/SUNWportal/bin/psadmin provision-sra -u admin-user-name -f password-file --gateway-profile gateway_profile --enable

   PortalServer_base/SUNWportal/bin/psadmin start-sra-instance -u admin-user-name -f password-file -N default -t gateway

Creating a Gateway Instance

You can also create an instance of Gateway. This allows the user to contact any one of the Gateway instances and access Portals.

To Create a Gateway Instance

1. Log in to Portal Server administrator console.

2. Click the Secure Remote Access tab.

3. Click New Profile.

4. Type the new profile name and select the Copy Profile Data From option. Click OK.

   The following message is displayed: “New profile is successfully created. Please change the relevant ports in the new profile so that they do not clash with those in the existing profiles.”

5. Click OK.

   The Profile screen is displayed.

6. Click the new profile created and change the port of the instance so that it does not clash with any ports that are in use.

   You need to change both the http and https port numbers.

7. Click OK.