test

Sun Java System Reference Configuration Series: Portal Service on Application Server Cluster

Setting Up the Gateway Service on sra1

This task consists of the following procedures:

ProcedureTo Install SRA Gateway on sra1

This procedure assumes that you are installing Portal Server SRA Gateway on Solaris 10 8/07 OS or later version. Hence, no operating system patches need to be installed. The Java ES installer evaluates the state of the operating system and indicates if you need to install a patch. If you are using versions of the operating system older than Solaris 10 8/07 OS, it is better to install any required patches before you begin the actual SRA Gateway installation procedure.

This procedure runs the installer in Configure Later mode. After installation is complete, you manually configure a Gateway instance.

The following procedure runs the Java ES installer without saving a state file. You can choose to run the installer and capture your input in a state file (-saveState state-filename). You could then use the state file to re-create the installation if, for example, you needed to reinstall SRA Gateway.

  1. Download the Java ES software distribution to sra1.

    The procedure is documented in To Download the Software Distribution.

  2. Log in as root or become superuser.

    # su -

  3. Start the Java ES installer.

    # cd /portdist_71u2/Solaris_sparc

    # ./installer

    This procedure uses the GUI installer. The installer can also be run in text mode by using the - nodisplay option.

    The Welcome panel opens.

  4. In the Welcome panel, click Next.

    The Software License Agreement panel opens.

  5. In the Software License Agreement Panel, review the license terms and click Yes, Accept License.

    The Choose Software Components panel opens.

  6. In the Choose Software Components panel, select the following components:

    • Portal Server Secure Remote Access 7.1

      • Gateway

    • Access Manager 7.1

      • Access Manager SDK

  7. Click Next.

    The Dependency Warning panel opens.

  8. In the Dependency Warning panel, choose Use Directory Server Installed on a Remote Machine and click OK.

    The installer evaluates the Java SE Software Development Kit on the computer and determines if an upgrade is required. On a fresh copy of Solaris 10 8/07 OS, an upgrade is needed, and the Java SE Software Development Kit Upgrade Required panel opens.

  9. In the Java SE Software Development Kit Upgrade Required panel, select Automatic Upgrade to the Version Included with the Installer and click Next.

    The installer evaluates the Java ES shared components on the computer and determines if any upgrades are required. On a fresh copy of the Solaris 10 8/07 OS, shared component upgrades are needed, and the Shared Components Upgrades Required panel opens.

  10. In the Shared Components Upgrades Required panel, click Next.

    The installer upgrades the shared components. The Specify Installation Directories panel opens.

  11. In the Specify Installation Directories panel, type the following values and click Next.

    Input Field 

    Value 

    Portal Server Secure Remote Access 

    /opt

    Access Manager 

    /opt

    The System Check panel opens.

  12. In the System Check panel, evaluate the results of the system check.

    If the system check is favorable, click Next.

    The Choose a Configuration Type panel opens.

  13. In the Choose a Configuration Type panel, select Configure Later and click Next.

    The Ready to Install panel opens.

  14. In the Ready to Install panel, indicate whether you want to open the software registration window during installation.

    This panel enables you to register the components that you have selected for installation with Sun Connection. Sun Connection is a Sun-hosted service that helps you track, organize, and maintain Sun hardware and software. For example, Sun Connection can inform you of the latest available security fixes, recommended updates, and feature enhancements.

    If you choose to register, information about the installation is sent to the Sun Connection database. You can also register at a later date, after installation has been completed.

  15. Click Install.

    The installer copies files to the computer.

  16. When the installation is complete, review the installation in the Summary field.

  17. Click Exit to exit the installer.

  18. Check the installation log files for any installation errors.

    # cd /var/sadm/install/logs

    # egrep -i 'fail|error' Java*

  19. Apply the patch to Portal Server 7.1 Update 2.

    The following patch to Portal Server 7.1 Update 2 is needed for the Gateway service to interact with Portal Server through a firewall:

    • Solaris SPARC: 124301–10

    • Solaris x86: 124302–10

    • Linux: 124303–10

    The patch revision number (10) is the minimum required for this upgrade. If newer revisions become available, use the newer revisions instead of the preceding patch revisions.

    1. Access the SunSolveSM web site:

      http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access

    2. Search for the patch ID.

    3. Download the patch to /working-directory.

    4. Apply the patch.

      # patchadd /working-directory/patch-ID

      The patchadd command will instruct you to run psupdate -a, but you can safely skip this step.

    5. Confirm that the patch upgrade was successful.

      # showrev —p | grep patch-ID

      The output should return the version of the patch ID that was applied in Step 18d.

ProcedureTo Configure Access Manager SDK on sra1

Because Access Manager SDK was installed using the Configure Later option, you need to configure Access Manager SDK by modifying Access Manager configuration files. The standard approach for making these modifications is to run the amconfig command with an input file.

  1. Change to the directory that contains the amconfig input file template, amsamplesilent.

    # cd /opt/SUNWam/bin

  2. Copy the template to a new file.

    # cp amsamplesilent amconfigsra

  3. In a text editor, edit the amconfigsra file to set the Access Manager SDK configuration parameters.

    Locate the configuration parameters that are listed in the following table, and change their values to the values shown in the table.

    Parameter 

    Value 

    DEPLOY_LEVEL 

    3

    SERVER_HOST 

    am.pstest.com

    SERVER_PORT 

    80

    DS_HOST 

    ds.pstest.com

    DS_DIRMGRPASSWD 

    directory-manager-password

    ROOT_SUFFIX 

    "dc=pstest,dc=com"

    SM_CONFIG_BASEDN 

    $ROOT_SUFFIX

    ADMINPASSWD 

    access-manager-admin-password

    AMLDAPUSERPASSWD 

    access-manager-LDAP-password

    COOKIE_DOMAIN 

    pstest.com

    AM_ENC_PWD 

    password-enc-key

  4. Run the amconfig command with the input file you modified in Step 3.

    # /opt/SUNWam/bin/amconfig -s amconfigsra

  5. Verify that the Access Manager SDK is properly configured.

    # /opt/SUNWam/bin/amadmin —u amadmin —m http://am.pstest.com:80

    The output should show current session information.

ProcedureTo Create a Gateway Instance on sra1

This procedure uses the psconfig command and a configuration file to create a Gateway instance. You begin with the appropriate configuration file as a template and edit the file to specify parameter values that are needed for the reference configuration.

  1. Create a config-sra1 configuration file.

    Use the example10.xml file as a template.

    # cd /opt/SUNWportal/samples/psconfig

    # cp example10.xml config-sra1.xml

  2. Open the config-sra1.xml file in a text editor.

  3. Modify config-sra1.xml to use the values in the following table.

    Parameter 

    Value 

    ConfigurationHostName 

    sra1.pstest.com

    AdministratorUID 

    amadmin

    AdministratorUserPassword 

    access-manager-admin-password

    LDAPUserId 

    amldapuser

    LDAPUserIdPassword 

    access-manager-LDAP-password

    DirectoryManagerDn

    cn=Directory Manager

    directory-manager-password 

    directory-manager-password

    PortalAccessURL 

    http://ps.pstest.com:80/portal

    PrimaryPortalHost 

    ps1.pstest.com

    Protocol 

    https

    Host 

    sra1.pstest.com

    Port 

    443

    IPAddress 

    10.0.4.1

    LogUserPassword 

    log-user-password

    RestrictiveMode 

    true

    Organization 

    your-organization

    Division 

    your-division

    CityOrLocality 

    your-city

    StateProvince 

    your-state

    CountryCode 

    your-country

    CertificateDatabasePassword 

    cert-DB-password

    The modified config-sra1.xml file is reproduced in Example Configuration File: Gateway Instance on sra1.

  4. Run the psconfig command with the configuration file input.

    # cd /opt/SUNWportal/bin

    # ./psconfig --config /opt/SUNWportal/samples/psconfig/config-sra1.xml

    The output should resemble the following:

    Creating directory: /etc/opt/SUNWportal
Copying config templates from: /opt/SUNWportal/template/config
Successfully created PortalDomainConfig.properties file
Validating the Input Config XML File
Configuring Cacao Agent for Portal Software
Connecting to Cacao MBean Server

...
Closing MBean Server connection
Resetting log level
Configuration successful

ProcedureTo Start and Verify the Gateway Service on sra1

  1. Start the Gateway instance.

    # /opt/SUNWportal/bin/psadmin start-sra-instance -u amadmin -N default -t gateway --restrictive

    When prompted, type the access-manager-admin-password.

  2. Start a browser.

  3. Go to the following URL:

    https://sra1.pstest.com

    You are prompted to accept the Gateway's self-signed certificate.

  4. Accept the certificate.

    The Access Manager login page opens.

  5. Log in to the Portal desktop by typing the following values and clicking Login.

    Input Field 

    Value 

    User ID 

    developer

    Password 

    developer

    If you successfully login, the Gateway is operating correctly.