Sun Java Enterprise System 2005Q4 Installation Reference

Portal Server Secure Remote Access Configuration Information

This section first describes installation of Secure Remote Access Core, and then describes installation of the Gateway, Netlet Proxy, and Rewriter Proxy subcomponents of Portal Server Secure Remote Access.

Secure Remote Access Core Configuration

This section lists the types of information that the installer needs when installing Portal Server Secure Remote Access Core. The information that you must supply differs according to which of the following scenarios applies:

Single-session installation. You are installing Portal Server and Portal Server Secure Remote Access together.
Multiple Session installation. You install Portal Server in one session, and then install Portal Server Secure Remote Access in a later session.

Table 1–37 Information Needed for Installation of Portal Server Secure Remote Access Core


Portal Server Situation	Requirements	Location of Information
Portal Server is being installed in this session.	Gateway information	Single-Session Installation
Portal Server Is already installed and using Web Server or IBM WebSphere Application Server.	Web Container Deployment information Gateway information Access Manager information	Multiple Session Installation with Sun Java System Web Server or IBM WebSphere Application Server
Portal Server Is already installed and using Application Server.	Web Container Deployment information Access Manager information Gateway information Sun Java System Application Server information	Multiple Session Installation with Sun Java System Application Server or BEA WebLogic
Portal Server Is already installed and using BEA WebLogic.	Web Container Deployment information Gateway information Access Manager information BEA WebLogic information	Multiple Session Installation with Sun Java System Application Server or BEA WebLogic

Single-Session Installation

When you install Portal Server Secure Remote Access Core and Portal Server in a single session, you provide information about Portal Server Secure Remote Access Gateway. The installer obtains other Portal Server Secure Remote Access configuration information from the Portal Server configuration.

This section describes the gateway information that the installer needs when you are installing Portal Server Secure Remote Access Core.

Table 1–38 Portal Server Secure Remote Access Gateway Information


Label and State File Parameter	Description
Gateway Protocol `SRA_GATEWAY_PROTOCOL`	Protocol that the gateway uses to communicate with Portal Server. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. In a state file, specify `https` for a secure port or `http` for a non-secure port. The default value is `https`.
Portal Server Domain `SRA_SERVER_DOMAIN`	Domain name of the Portal Server. For example, if the fully qualified domain name is `siroe.subdomain1.example.com` , enter `subdomain1.example.com`.
Gateway Domain `SRA_GATEWAY_DOMAIN`	Domain name for the gateway component. For example, if the fully qualified domain name of the Portal Server host is `siroe.subdomain1.example.com`, enter `subdomain1.example.com` .
Gateway Port `SRA_GATEWAY_PORT`	Port on which the gateway host listens. The default value is `443`.
Gateway Profile Name `SRA_GATEWAY_PROFILE`	Profile that contains gateway configuration information, such as listener port, SSL options, and proxy options. The default value is `default`.
Log User Password `SRA_LOG_USER_PASSWORD`	Password that allows administrators with non-root access to access gateway log files.

Multiple Session Installation with Sun Java System Web Server or IBM WebSphere Application Server

This section lists the information you must provide when you install Portal Server Secure Remote Access on a host where the following is true:

Portal Server is already installed
Portal Server is deployed into a Sun Java System Web Server or IBM WebSphere Application Server web container

In this scenario, you must provide the following types of information:

Web Container Deployment information
Gateway information
Access Manager information

The following table lists the information that you specify about the web container.

Table 1–39 Web Container Deployment Information for Portal Server Secure Remote Access Core


Label and State File Parameter	Description
Deployment URI `SRA_DEPLOY_URI`	Uniform Resource Identifier (URI) that you use to deploy Portal Server. The value for the deployment URI must have a leading slash and must contain only one slash. The default value is `/portal`.

The following table lists the information that you specify about Access Manager.

Table 1–40 Access Manager Information for Portal Server Secure Remote Access Core


Label and State File Parameter	Description
Directory Manager DN `USER_DIR_ADM_USER`	DN of the user who has unrestricted access to Directory Server. The default value is `cn=Directory Manager`. In a state file, this parameter has no default value, and needs a value only if `USE_EXISTING_USER_DIR` is set to `1`.
Directory Manager Password `USER_DIR_ADM_PASSWD`	Password for the directory manager. In a state file, this parameter has no default value, and needs a value only if `USE_EXISTING_USER_DIR` is set to `1`.

Multiple Session Installation with Sun Java System Application Server or BEA WebLogic

This section lists the information you must provide when you install Portal Server Secure Remote Access on a host where the following is true:

Portal Server is already installed
Portal Server is deployed into a Sun Java System Application Server web container or a BEA WebLogic web container

In this scenario, you must provide the following types of information:
Web Container Deployment information
Access Manager information
Sun Java System Application Server Information or BEA WebLogic Information

The following table lists the information that you specify about the web container.

Table 1–41 Web Container Deployment Information for Portal Server Secure Remote Access Core


Label and State File Parameter	Description
Deployment URI `SRA_DEPLOY_URI`	Uniform Resource Identifier (URI) that you use to deploy Portal Server. The value for the deployment URI must have a leading slash and must contain only one slash. The default value is `/portal`.

The following table lists the information that you specify about Access Manager.

Table 1–42 Access Manager Information for Portal Server Secure Remote Access Core


Label and State File Parameter	Description
Directory Manager DN `USER_DIR_ADM_USER`	DN of the user who has unrestricted access to Directory Server. The default value is `cn=Directory Manager`. In a state file, this parameter has no default value, and needs a value only if `USE_EXISTING_USER_DIR` is set to `1`.
Directory Manager Password `USER_DIR_ADM_PASSWD`	Password for the directory manager. In a state file, this parameter has no default value, and needs a value only if `USE_EXISTING_USER_DIR` is set to `1`.

The following table lists the information that you specify about Sun Java System Application Server or BEA WebLogic Server

Table 1–43 Sun Java System Application Server or BEA WebLogic Server Information for Portal Server Secure Remote Access Core


Label and State File Parameter	Description
Administrator User Password `PS_DEPLOY_ADMIN_PASSWORD`	Password that Portal Server uses to access Application Server or BEA WebLogic as administrator.

Gateway Configuration

This section lists the information you must provide when you install the Gateway subcomponent. In this scenario, you must provide the following types of information:

Web Container Deployment Information

The following table lists the information that you specify about the web container, for either Portal Server or the load balancer.

Table 1–44 Web Container Deployment Information for Portal Server Secure Remote Access Gateway


Label and State File Parameter	Description
Deployment URI `SRA_DEPLOY_URI`	Uniform Resource Identifier (URI) that you use to deploy Portal Server. The value for the deployment URI must have a leading slash and must contain only one slash. The default value is `/portal`.

Access Manager Information

The following table lists the information that you must specify about Access Manager.

Table 1–45 Access Manager Information for Portal Server Secure Remote Access Gateway


Label and State File Parameter	Description
Installation Directory `SRA_IS_INSTALLDIR`	Directory in which the Access Manager component is installed. The default value is `/opt`.

Gateway Information

This section describes the gateway information that the installer needs when you are installing the Gateway subcomponent.

Table 1–46 Gateway Information for Portal Server Secure Remote Access Gateway


Label and State File Parameter	Description
Protocol `SRA_GW_PROTOCOL`	Protocol (`HTTP` or `HTTPS`) the gateway uses to communicate. A secure port uses the HTTPS protocol. A non-secure port uses HTTP. In most cases the gateway should use HTTPS. In a state file, specify `https` for a secure port or `http` for a non-secure port. The default value is `https`.
Host Name `SRA_GW_HOSTNAME`	Name of the host on which the gateway component is installed. For example, if the fully qualified domain name is `siroe.subdomain1.example.com` , enter `siroe`. The default value is the name of the local host.
Subdomain `SRA_GW_SUBDOMAIN`	Subdomain name of the gateway host. There is no default value.
Domain `SRA_GW_DOMAIN`	Domain name of the gateway host. For example, if the fully qualified domain name is `siroe.example.com` , this value is `example.com`. The default value is the domain of the local host.
Host IP Address `SRA_GW_IPADDRESS`	IP address of the Access Manager host. Specify the IP address of the host on which Access Manager was installed for Portal Server. The default value is the IP address of the local host.
Access Port `SRA_GW_PORT`	Port on which the gateway host listens. The default value is `443`.
Gateway Profile Name `SRA_GW_PROFILE`	Gateway profile that contains the information related to gateway configuration, such the port on which gateway listens, SSL options, and proxy options. The default value is `default`.
Log User Password `SRA_LOG_USER_PASSWORD`	Password that allows administrators with non-root access to access gateway log files.
Start gateway after installation `SRA_GW_START`	Directs the installer to automatically start Gateway after installation. In a state file, the permitted values are `y` or `n`. The default value is `y`.

Certificate Information

When you are installing Gateway, Netlet Proxy, or Rewriter Proxy, you can provide information to create a self-signed certificate for use with Portal Server Secure Remote Access. The installer needs the following information to configure a certificate.

Note –

Do not use multibyte characters when providing certificate information.

Table 1–47 Certificate Information for Portal Server Secure Remote Access Gateway


Label and State File Parameter	Description
Organization `SRA_CERT_ORGANIZATION`	Name of your organization or company.
Division `SRA_CERT_DIVISION`	Name of your division.
City/Locality `SRA_CERT_CITY`	Name of your city or locality.
State/Province `SRA_CERT_STATE`	Name of your state or province.
Country Code `SRA_CERT_COUNTRY`	Two-letter country code.
Certificate Database Password `SRA_CERT_PASSWORD`	Password (and confirmation) that applies only to self-signed certificates.

Netlet Proxy Configuration

This section lists the information you must provide when you install the Netlet Proxy subcomponent. In this scenario, you must provide the following types of information:

Web Container Deployment Information

The following table lists the information that you specify about the web container. Information applies to either Portal Server or the load balancer

Table 1–48 Web Container Deployment Information for Portal Server Secure Remote Access Netlet Proxy


Label and State File Parameter	Description
Deployment URI `SRA_DEPLOY_URI`	Uniform Resource Identifier (URI) that you use to deploy Portal Server. The value for the deployment URI must have a leading slash and must contain only one slash. The default value is `/portal`.

Access Manager Information

The following table lists the information that you must specify about Access Manager.

Table 1–49 Access Manager Information for Portal Server Secure Remote Access Netlet Proxy


Label and State File Parameter	Description
Installation Directory `SRA_IS_INSTALLDIR`	Directory in which the Access Manager component is installed. The default value is `/opt`.

Netlet Proxy Information

This section describes the Netlet Proxy information that the installer needs when you are installing Netlet Proxy.

Table 1–50 Netlet Proxy Information for Portal Server Secure Remote Access Netlet Proxy


Label and State File Parameter	Description
Host Name `SRA_NLP_HOSTNAME`	Host name of the Netlet Proxy host. The default value is the host name of the local host.
Subdomain `SRA_NLP_SUBDOMAIN`	Subdomain name of the Netlet Proxy host. There is no default value.
Domain `SRA_NLP_DOMAIN`	Domain name of the Netlet Proxy host. The default value is the domain of the local host.
Host IP Address `SRA_NLP_IPADDRESS`	IP address of the Netlet Proxy host. The default value is the IP address of the local host.
Access Port `SRA_NLP_PORT`	Port on which the Netlet Proxy listens. The default value is `10555`.
Gateway Profile Name `SRA_NLP_GATEWAY_PROFILE`	Profile that contains gateway configuration information, such as listener port, SSL options, and proxy options. The default value is `default`.
Start Netlet Proxy after installation `SRA_NLP_START`	Directs the installer to automatically start Netlet Proxy after installation. In a state file, the value can be `y` or `n`. The default value is `y`.

Proxy Information

The following table describes information that you must enter if you are installing the proxy subcomponents on a host on which there is an existing installation of Portal Server Secure Remote Access.

Table 1–51 Proxy Information for Portal Server Secure Remote Access Netlet Proxy


Label and State File Parameter	Description
Work with Portal Server on another host? `SRA_IS_CREATE_INSTANCE`	Select this option (or answer `y` in CLI mode) only if you are installing the Netlet and Rewriter proxies on this host and these proxies are interacting with a remote instance of Portal Server SRA. Deselect this option (or answer n in CLI mode) if the Netlet and Rewriter proxies are interacting with a local instance of Portal Server SRA. In a state file, the permitted values are `y` or `n`. The meanings of these values in a state file is as follows: `y` specifies that the proxies work with a local instance of Portal Server SRA `n` specifies that the proxies work with a remote instance of Portal Server SRA The remaining fields in this table apply only if you select this option to indicate that these proxies will work with a remote instance of Portal Server SRA.
Portal Server Protocol `SRA_SERVER_PROTOCOL`	Protocol (HTTP or HTTPS) that the gateway will use to communicate with Portal Server. In a state file, specify `https` or `http`. The default value is `https`.
Portal Server Host `SRA_SERVER_HOST`	Host name of the host on which you are installing Portal Server.
Portal Server Port `SRA_SERVER_PORT`	Port used to access Portal Server. The default value is `8080`.
Portal Server Deployment URI `SRA_SERVER_DEPLOY_URI`	Uniform Resource Identifier (URI) that you use to deploy Portal Server. The value for the deployment URI must have a leading slash and must contain only one slash. The default value is `/portal`.
Organization DN `SRA_IS_ORG_DN`	The distinguished name (DN) of the root suffix for the domain in which Portal Server is being installed. The default value is `dc=com` . You must edit this default value.
Access Manager Service URI `SRA_IS_SERVICE_URI`	Uniform Resource Identifier used to invoke Access Manager services. The default value is `/amserver`.
Access Manager Password Encryption Key `SRA_IS_PASSWORD_KEY`	A string containing the encryption key generated during Access Manager installation. This string is used as the seed for password generation. Portal Server SRA must use the encryption key that Access Manager used at installation, so the installer automatically sets the default value to that key. In the interactive installer, do not edit the displayed default value. After installation of Access Manager, the encryption key is mapped to the Access Manager properties file, `AMConfig.properties`. Location is: Solaris OS: `/etc/opt/SUNWam/config` Linux: `/etc/opt/sun/identity/config` The property that contains this value is `am.encryption.pwd`.

Certificate Information

Note –

Do not use multibyte characters when providing certificate information.

Table 1–52 Certificate Information for Portal Server Secure Remote Access Netlet Proxy


Label and State File Parameter	Description
Organization `SRA_CERT_ORGANIZATION`	Name of your organization or company.
Division `SRA_CERT_DIVISION`	Name of your division.
City/Locality `SRA_CERT_CITY`	Name of your city or locality.
State/Province `SRA_CERT_STATE`	Name of your state or province.
Country Code `SRA_CERT_COUNTRY`	Two-letter country code.
Certificate Database Password `SRA_CERT_PASSWORD`	Password (and confirmation) that applies only to self-signed certificates.

Rewriter Proxy Configuration

This section lists the information you must provide when you install the Rewriter Proxy subcomponent. In this scenario, you must provide the following types of information:

Web Container Deployment information
Rewriter Proxy information
Proxy information
Certificate information

The following sections provide details on the information you must provide.

Web Container Deployment Information

The following table lists the information that you specify about the web container.

Table 1–53 Web Container Deployment Information for Portal Server Secure Remote Access Rewriter Proxy


Label and State File Parameter	Description
Deployment URI `SRA_DEPLOY_URI`	Uniform Resource Identifier (URI) that you use to deploy Portal Server. The value for the deployment URI must have a leading slash and must contain only one slash. The default value is `/portal`.

Rewriter Proxy Information

This section describes the Rewriter Proxy information that the installer needs when you are installing Rewriter Proxy.

Table 1–54 Rewriter Proxy Information for Portal Server Secure Remote Access Rewriter Proxy


Label and State File Parameter	Description
Host Name `SRA_RWP_HOSTNAME`	Host name of the host on which you are installing the Rewriter Proxy. The default value is the host name of the local host.
Subdomain `SRA_RWP_SUBDOMAIN`	Subdomain name of the host on which the Rewriter Proxy is being installed. There is no default value.
Domain `SRA_RWP_DOMAIN`	Domain name of the host on which the Rewriter Proxy is being installed. The default value is the domain name of the local host.
Host IP Address `SRA_RWP_IPADDRESS`	IP address of the host on which you are installing Rewriter Proxy. The default value is the IP address of the local host.
Access Port `SRA_RWP_PORT`	Port on which the Rewriter proxy listens. The default value is `10443`.
Gateway Profile Name `SRA_RWP_GATEWAY_PROFILE`	Profile that contains gateway configuration information, such as listener port, SSL options, and proxy options. The default value is `default`.
Log User Password `SRA_LOG_USER_PASSWORD`	Password that allows administrators with non-root access to access log files.
Start Rewriter Proxy after installation `SRA_RWP_START`	Directs the installer to automatically start Rewriter Proxy after installation. In a state file, the value can be `y` or `n`. The default value is `y`.

Proxy Information

The following table describes information that you must enter if you are installing the proxy subcomponents on a host on which there is an existing installation of Portal Server Secure Remote Access.

Table 1–55 Proxy Information for Portal Server Secure Remote Access Rewriter Proxy


Label and State File Parameter	Description
Work with Portal Server on another host? `SRA_IS_CREATE_INSTANCE`	Select this option (or answer `y` in CLI mode) only if you are installing the Netlet and Rewriter proxies on this host and these proxies are interacting with a remote instance of Portal Server SRA. Deselect this option (or answer n in CLI mode) if the Netlet and Rewriter proxies are interacting with a local instance of Portal Server SRA. In a state file, the permitted values are `y` or `n`. The meanings of these values in a state file is as follows: `y` specifies that the proxies work with a local instance of Portal Server SRA `n` specifies that the proxies work with a remote instance of Portal Server SRA The remaining fields in this table apply only if you select this option to indicate that these proxies will work with a remote instance of Portal Server SRA.
Protocol `SRA_SERVER_PROTOCOL`	Protocol (HTTP or HTTPS) that the gateway will use to communicate with Portal Server. In a state file, specify `https` or `http`. The default value is `https`.
Portal Host Name `SRA_SERVER_HOST`	Fully qualified domain name of the host on which you are installing Portal Server.
Portal Server Port `SRA_SERVER_PORT`	Port used to access Portal Server. The default value is `80`.
Portal Server Deployment URI `SRA_DEPLOY_URI`	Uniform Resource Identifier (URI) that you use to deploy Portal Server. The value for the deployment URI must have a leading slash and must contain only one slash. The default value is `/portal`.
Organization DN `SRA_IS_ORG_DN`	The distinguished name (DN) of the root suffix for the domain in which Portal Server is being installed. The default value is `.com`. You must edit this default value.
Service URI `SRA_IS_SERVICE_URI`	Uniform Resource Identifier used to invoke Access Manager services. The default value is `/amserver`.
Access Manager Password Encryption Key `SRA_IS_PASSWORD_KEY`	A string that Access Manager uses to encrypt user passwords. Portal Server SRA must use the encryption key that Access Manager used at installation, so the installer automatically sets the default value to that key. In the interactive installer, do not edit the displayed default value. You can find the Access Manager encryption key in the Access Manager properties file, `AMConfig.properties`. Location is: Solaris OS: `/etc/opt/SUNWam/config` Linux: `/etc/opt/sun/identity/config` The property that contains this value is `am.encryption.pwd`.

Certificate Information

When you are installing Gateway, Netlet Proxy, or Rewriter Proxy, you can provide information to create a self-signed certificate for use with Portal Server, Secure Remote Access. The installer needs the following information to configure a certificate.

Note –

Do not use multibyte characters when providing certificate information.

Table 1–56 Certificate Information for Portal Server Secure Remote Access Rewriter Proxy


Label and State File Parameter	Description
Organization `SRA_CERT_ORGANIZATION`	Name of your organization or company.
Division `SRA_CERT_DIVISION`	Name of your division.
City/Locality `SRA_CERT_CITY`	Name of your city or locality.
State/Province `SRA_CERT_STATE`	Name of your state or province.
Country Code `SRA_CERT_COUNTRY`	Two-letter country code.
Certificate Database Password `SRA_CERT_PASSWORD`	Password (and confirmation) that applies only to self-signed certificates.