Configuring Secure Remote Access
This chapter contains the following:
To Configure Search Archive
If the search server name is different from the default name of the machine on which the search server resides, you must manually configure the Search the Search Archive and Instant Messaging functionality.
Manually edit the IMArchiveDisplay.jsp file located in par-src/default-portal/pbfiles/templateBaseDir/default/IMProviderfile to replace the existing rdmServer Attribute with the search server URL you are using.
The following section of the IMArchiveDisplay.jsp file shows the section that you edit. Replace the string between <%= and %> with the URL that you are using.
<search:setRDMServer rdmServer ='<%= request.getScheme() +
"://" + request.getServerName() + ":" +
request.getServerPort()+"/search1/search" %>'/>
To Configure Secure Remote Access
If you have installed Secure Remote Access, use the following procedure to enable the gateway.
-
Specify the complete protocol and fully qualified domain name for Non Authenticated URL list in PortalServer7–base/export/request/enableSRAForPortal.xml file. By default, PortalServer7–base is /opt/SUNWportal. Use the following amadmin command:
./amadmin --runasdn ADMIN_DN --password ampassword --verbose --continue --data file
-
Do the following if Gateway is configured:
cd /etc/opt/SUNWportal/default chmod -R 755 *
-
To enable access to the Portal Server via the Gateway, see 4 Enabling Access to the Portal Server Via the Gateway.
-
To enable Gateway to access the Portal Server administration console, modify enablePSConsoleForGW.xml file and use the following amadmin command to load the file.
AccessManager-base/bin/amadmin -u amadmin -w amadmin-pwd -t enablePSConsoleForGW.xml. By default, AccessManager-base is /opt/SUNWam
To Enable Access to the Portal Server Through the Gateway
-
Modify the following tokens in the PortalServer7-base/export/request/enableSRAForPortal.xml file to suit your deployment. By default, PortalServer7–base is /opt/SUNWportal.
- %INST_GWNAME%
-
Gateway Profile you are modifying
- %FULLY_QUALIFIED_PORTAL_SERVER_URI%
-
Fully qualified portal URL
- %PORTAL_SERVER_DOMAIN%
-
Domain in which the portal server resides
- %DEPLOY_URI%
-
Deploy URL for the portal web application
-
Save the file after making the changes.
-
Load the file into the directory server using the Sun Java System Access Manager's amadmin command as follows:
AccessManager-base/bin/amadmin -u amadmin -w amadmin-pwd -t enableSRAForPortal.xml
-
Log in to the Portal Server administration console and navigate to Secure Remote Access —> Profiles —> default —> Core —> Basic Options — Portal Servers and remove INST_PS_SERVER_LIST.
-
Add http://PS-HOST:PS-PORT and restart the Gateway.
To Configure Gateway Standalone Installation on a Separate
Host
-
In the installer Select Directory Server and Access Manager SDK and install the gateway with the “configure later” option.
The Directory Server is used to run cacao mbeans.
-
Manually copy the cacao “security” folder (/etc/opt/SUNWcacao/security) from the Portal Server machine.
The security folder needs to be copied to communicate with remote mbeans running inside portal machine.
-
Restart cacao of gateway machine.
-
Start the Directory Server.
-
If you are installing the gateway in the DMZ, open the following ports:
-
http port: port 80
-
jmx admin ports on the firewall: 10161, 10162 and 10163
-
Portal Server's port to the Directory server port: 389 (default)
-
-
Edit the example10.xml file under the PortalServer7-base/samples/psconfig directory. Go to the directory PortalServer7-base/bin and run
./psconfig --config example10.xml
By default, PortalServer7–base is /opt/SUNWportal.
-
Edit the AMConfig.properties to make the directory host point to the local Directory Server.
- © 2010, Oracle Corporation and/or its affiliates