iPlanet Portal Server 3.0 Service Pack 1 Release Notes |
iPlanet Portal Server 3.0
Service Pack 1
Release Notes
These release notes provide important information about the iPlanetTM Portal Server 3.0 Service Pack 1.Please read these notes before installing and using iPlanet Portal Server 3.0 Service Pack 1.
Overview of Service Pack 1
Where to Go for More Information
Overview of Service Pack 1
Service Pack 1 for the iPlanet Portal Server 3.0 delivers a set of fixes which affect the Server components.
Service Pack 1 addresses Portal Server deployments in Open Portal mode (without a Gateway server) versus Secure Portal mode (with a Gateway server).
Service Pack 1 modifies the Portal server element to provide a key set of services when deployed in Open Portal mode. These include:
- The fundamental difference between these two modes is that Portal Server when deployed in Secure mode is built on two key software modules; the Portal server and the Gateway server, and the Open Portal mode utilizes a Portal server and no Gateway.
Security in membership provisioning, as members create username and password combinations
A fix for the Gateway server corrects problems in handling the re-writing of multiple URLs within the Java Script parameters in certain HTML pages.Ability to search external LDAP servers for membership information
Ability of the URL Scraper to handle relative links without the Gateway
A fix for the Gateway server logging corrects continual logging traffic between the Gateway and the Portal server even when disabled.
Where to Go for More Information
For document information about the iPlanet Portal Server 3.0, visit:
- http://docs.iplanet.com/docs/manuals/portal.html
Gateway Logging
When Gateway logging is enabled, logging traffic between the Gateway and the Portal server can impact Portal performance. In Service Pack 1, Gateway default logging is disabled. To enable Gateway logging do the following:
Logon as Super Administrator.
Select the Gateway Management link from the left frame.
Select the Manage Gateway Profile link in the right frame.
In the Component Profile: Gateway page, do the following:
Select the Continue button on the Profile Successfully Updated page.
Open Portal Mode
If the Portal does not contain sensitive information (deploying public information and allowing access to free applications), then by using the Open Portal mode (without a Gateway), the Portal server can respond faster to access requests by a large number of users than if a Gateway server (Secure Portal mode) is installed.The Gateway element, which provides encryption services and URL rewriting, is not required when the iPlanet Portal Server is operating in Open Portal mode.
Running iPlanet Portal Server without the gateway is referred to as Open Portal mode. The main difference between an open portal and a secure portal are the services presented by the open portal typically reside within the DMZ and not within the secured intranet.
Note Using the iPlanet Portal Server without the Gateway (Open Portal mode) may improve the individual response of the Portal for a large number of simultaneous users.
The Secure Portal
The iPlanet Portal Server 3.0 product was targeted towards customers deploying highly secure portals or remote access portals. These types of portals have a major emphasis on security and protection and privacy of intranet resources. The iPlanet Portal Server architecture is well suited to this type of portal. The URL Rewriting, URL Access Policy, and Netlet features of the Gateway, allow users to securely access intranet resources from the internet without exposing these resources to the public internet. The Gateway, residing in the DMZ, provides a single secure access point to all intranet URLs and applications. All other iPlanet Portal Server services such as Session, Authentication, Desktop, Channels, and Profile database reside behind the DMZ in the secured intranet. Communication from the client browser to the Gateway is encrypted using https. Communication from the Gateway to the server and intranet resources may be either http or https.
The Open Portal
The release of iPlanet Portal Server 3.0 Service Pack 1 enables the features necessary for iPlanet Portal Server to be deployed without the services of the Gateway.
Configuring the Portal to run SSL in Open Portal Mode
The typical public portal runs in the clear or using http. It may however be desirable to deploy a portal using http over SSL (https). The Portal server may be configured to run https services during installation or manually changed from http to https after installation.See the iPlanet Portal Server 3.0 Administration Guide for more information on using SSL.
Note This type of open portal does not require the services of the gateway.
Users access the server directly as if the server was configured for http, but use https://server.domain instead of http://server.domain.
The following features are not available when running without the Gateway or in Open Portal mode:
One iPlanet Portal Server installation may be configured to support both Open and Secure portal.
For example, a company may want to create a portal which resides within the intranet:
When users access the portal from the intranet, log in to the server directly using http
When accessing the portal from the internet use https through the Gateway residing in the DMZ
Install iPlanet Portal Server 3.0 software on the Portal server.
Apply iPlanet Portal Server 3.0 Service Pack 1 on the Portal server.
- When prompted for Gateway Name, use the name of the Portal server.
Note iPlanet Portal Server 3.0 Gateway software is not installed for Open Portal mode.
Stop and restart the Portal Server:
Updating an Existing Gateway/Server Installation to Open Portal Mode
Install iPS 3.0 Service Pack 1 on the Portal server, then do the following:
To completely remove the Gateway on a different machine from the Portal server, remove the SUNWwtgwd and SUNWwtsd packages.
To completely remove the Gateway, and the Gateway and Portal server are on the same machine, only remove the SUNWwtgwd package.
To shut down the gateway, only, run the ipsgateway stop script.
Logging Into the Open Portal
To log into the Open Portal use the following rules:
Note Users should always use the fully qualified name of the server.
If the server name is my.sun.com and the server is running http use the following URL:
or
- http://my.sun.com:port
- http://my.sun.com if port 80 is configured.
If the server name is my.sun.com and the server is running https use the following URL:
or
- https://my.sun.com:port
- https://my.sun.com if port 443 is used.
Multi-hosting in Open Portal Mode
Service Pack 1 adds functionality which allows the server to access multiple DNS and IP addresses from a single server installation.Access to the iPlanet Portal Server is through either:
http://server:port
To log in to a different domain on the Portal, use the following URL:https://server:port (if the server was configured to https)
- Where server is the Portal server name, and port is the Portal server port.
- http://server:port/login/domain_name
- Where domain_name is a Portal domain name.
URL to Domain Mapping
If the existing installation of portal server contains multi servers and multi domains, a URL to domain mapping allows the portal server to find the domain automatically without the need to provide the domain name in the URL. The following is an example on how to map a URL to a specific domain:If the iPlanet Portal Server installation has one server (server1), and two domains (domain1 and domain2), the following URL to domain mapping is needed:
To map a URL to a domain, do the following in the Administration console:
Logon as Super Administrator.
Repeat these steps for the second domain.Select the Manage Domains link from the left frame.
In the Portal Server Domains page, do the following:
Select one of the domains.
In the Domain, Role and Users page:
Domain URL Mapping List
The domain URL list for domain1 must contain the following URLs:
Add the following two lines to obj.conf (as shown in Code Example 1, in bold text).
The obj.conf is located at:/install_dir/netscape/server4/https-server1/config/obj.conf
- Where install_dir is the directory that the iPlanet Portal Server 3.0 software was installed, and https-server1 is the iPlanet Portal Server name.
Stop and restart the server.
The following is another example:
If there are three servers (server1, server2, and server3) and two domains (domain1 and domain2), the following are the URL to domain mappings:
To map a URL to a domain, do the following in the Administration console:
- http://server1:port ---> go to domain 1
- http://server2:port ---> go to domain 2
- http://server3:port ---> go to domain 2
Logon as Super Administrator.
Repeat these steps for the second domain.Select the Manage Domains link from the left frame.
In the Portal Server Domains page, do the following:
Select one of the domains.
In the Domain, Role and Users page:
Domain URL Mapping List
The domain URL list for domain1 must contain the following URLs:The domain URL list for domain2 must contain the following URLs:
URL Scraping with No Gateway Server Installed
In the Administration console, the Gateway Component Profile page is accessed from Gateway Management >> Manage Gateway Profile.
When the Open Portal mode is installed the selections on this page are not greyed out even though most selections are disabled because there is no Gateway running.Some rewriting facilities from the Gateway Component Profile are used when configuring parameters for URL scraping. These parameters include:
Rewrite HTML attributes
Rewrite HTML attributes containing JavaScript
Rewrite JavaScript function parameters
Rewrite JavaScript variables in URLs
Rewrite JavaScript variables functions
Rewrite JavaScript function parameters in HTML
Known Problems and Workarounds
Here are workarounds to known problems with the iPlanet Portal Server 3.0 software that have not been fixed in Service Pack 1:
- If the Portal server is down, the Gateway server will hang if rebooted.
- Prevention:
- Edit the script on the Gateway server, as shown in Code Example 2, to change the while loop to a loop that will not run infinitely.
- Workaround:
In a terminal window, become root.
Edit /etc/rc3.d/S90ipsgateway script:
Restart the Gateway.
- Add an entry (as shown in bold text) after line 110
# /etc/init.d/ipsgateway start
- UNIX authentication may fail after running for a couple days.
- Workaround:
In a terminal window on the Portal server, become root, and type the following command:
In a terminal window, become root, and type the following command:
- If doUnix does not return an output, restart the Portal server helpers.
# ps -efl | grep doUnix
8 S root 18128 15582 0 41 20 ? 117 ? 20:28:33 pts/4 0:00 grep doUnix
8 S root 25341 1 0 41 20 ? 196 ? May 23 ? 0:00 /opt/SUNWips/bin/doUnix -c 8946
4319604
- Detached providers are not being handled properly by operations in the Content link.
- Workaround:
- None
- Disabling the Netlet provider in the Administration console for a user causes error message: "Document contained no data".
- Workaround:
- Remove the provider from the channel list in the Administration console.
- External bookmark URLs are not redirected.
- Prevention:
- Remove open URL from the Gateway profile "rewrite JavaScript function parameters".
- Workaround:
- Create a second bookmark channel to handle external sites.
- The bookmark provider can not be used for URLs which reference Internet URLs that the Gateway cannot or should not fetch.
- The command ipsadmin does not check for the syntax of boolean flags.
- Workaround:
- When creating an XML file, if the attribute type is boolean, add a true or false statement, as shown in bold in the following example:
- The hour glass occasionally keeps running after attempting to add a share in Netfile Java.
- Workaround:
- Select some other part of NetFile to clear up the hour glass.
4307367
- A race condition occurs if when replying to a message, selecting send and then immediately deleting the message.
- Workaround:
- Wait for the reply flag to be set (slow down) or delete the message again.
Workaround:
- IMAP password is displayed in clear text in source of edit.
- None
Bugs Fixed in Service Pack 1
The following bugs have been fixed in iPlanet Portal Server 3.0 Service Pack 1:
Removing channel with thin-thick-thin layout caused null pointer
URL rewriting did not work for relative URLs in URL scraper.
The URL scraper failed when it tried to fetch a URL which resulted in a redirect.
Rewriter for applet tags could only rewrite limited number of URLs in a parameter.
Membership Module did allow a blank password to authenticate.
Rewriter didn't work if there was a URL with no leading http:// and a port number specified.
On Japanese localization, Netfile Java did not work on Solaris and Windows NT.
NetMail was unable to receive mail with attached text file sent from NetFile.
External LDAP attribute mappings did not work with binary type attributes.
Domain search did not search for users mapped from external LDAP.
Fix limitations: Search limit for external LDAP users is 400 users only.
New documentation: see Using the Netlet Proxy".
Documentation Updates and Corrections
Where to Go for More Information
For document information about the iPlanet Portal Server 3.0, visit:
- http://docs.iplanet.com/docs/manuals/portal.html
Setting Session Time-out to the Maximum Value
As Super Administrator, access Session Profile.
Make value of Inactivity to the maximum value of: 15372286720912930.
Make value of Maximum to the maximum value of: 15372286720912930.
Using the Netlet Proxy
The Netlet proxy is used for the following reasons:
To minimize the use of extra IP addresses and ports from the Gateway through an internal firewall in a significantly sized deployment environment.
To provide encryption for each transaction through the Netlet to the iPlanet Portal Server server. This application of the Netlet proxy offers improved security benefits through data encryption but may increase the use of system resources.
Figure 1 Netlet Proxy Implementation
Configuring the Netlet Proxy
In the iPlanet Portal Server Administration Console, do the following:
Logon as Super Administrator.
Select the Gateway Management link from the left frame.
Select the Manage Gateway Profile link in the right frame.
In the Component Profile: Gateway page, do the following:
Scroll to the end of the page and select the Show Advanced Options button.
Select the Continue button on the Profile Successfully Updated page.Scroll to near the bottom of the page to the Netlet Proxy Enabled check box, and select the box to enable the netlet proxy.
In the Netlet Proxy Port, type in the desired (unused) port number to be used (for example: 8048).
Tip From the command line, type: This will print out all ports currently assigned and in use.
Select the Submit button at the bottom of the page to commit these changes to the profile server.
Configuring Restart of the Netlet Proxy
To automatically configure a restart of the Netlet proxy whenever rebooting the system server, use the command line interface on the Gateway server to do the following:
Note If using more than one server, repeat these steps for each server's platform.conf file.
From a terminal window, use a text editor to edit the platform.conf file:
Add the following command (shown in bold text) to the ips.daemons line:
- /etc/opt/SUNWips/platform.conf
Note Configure the Netlet Proxy in the iPlanet Portal Server Administration Console before editing the platform.conf file. See Configuring the Netlet Proxy" for instructions.
Run the Netlet Proxy as follows:
# /$IPS_BASE/SUNWips/bin/ipsnetletd start
Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.
Last Updated August 31, 2000