| Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 6 (11.1.6) Part Number E21032-18 |
|
|
PDF · Mobi · ePub |
| Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 6 (11.1.6) Part Number E21032-18 |
|
|
PDF · Mobi · ePub |
This chapter describes how to configure the Oracle Web Tier for an Oracle Identity Management enterprise deployment.
This chapter includes the following topics:
This chapter describes how to associate the Oracle Web Tier with the WebLogic Server domain. Once the Web Tier is associated with the WebLogic Server, you can monitor it using the Oracle Fusion Middleware Console.
You then configure the load balancer to route all HTTP requests to WEBHOST1 and WEBHOST2.
The last section describes how to define the Oracle HTTP Server directives to route requests to the load balancer virtual hosts you defined in Chapter 3, "Preparing the Network for an Enterprise Deployment."
This section contains the following topics:
Before configuring the Oracle Web Tier software, you must install it on WEBHOST1 and WEBHOST2, as described in Section 6.2, "Installing Oracle HTTP Server." Run the Configuration Wizard to define the instance home, the instance name, and the Oracle HTTP Server component name.
Ensure that port 7777 (OHS_PORT) is not in use. Because Oracle HTTP Server is installed by default on port 7777, you must ensure that port 7777 is not used by any other service on the nodes. To check if this port is in use, run the following command before installing Oracle HTTP Server. You must free the port if it is in use.
netstat -an | grep 7777
Create a file containing the ports used by Oracle HTTP Server. On Disk1 of the installation media, locate the file stage/Response/staticports.ini. Copy it to a file called ohs_ports.ini. Delete all entries in ohs_ports.ini except for OHS PORT and OPMN Local Port. Change the values of those ports to 7777 and 6700, respectively.
Note:
If the port names in the file are slightly different from OHS PORT and OPMN Local Port, use the names in the file.
The steps for configuring the Oracle Web Tier are the same for WEBHOST1 and WEBHOST2.
Perform these steps to configure the Oracle Web Tier:
Change the directory to the location of the Oracle Fusion Middleware Configuration Wizard:
cd WEB_ORACLE_HOME/bin
Start the Configuration Wizard:
./config.sh
Enter the following information into the configuration wizard:
On the Welcome screen, click Next.
On the Configure Component screen, select: Oracle HTTP Server.
Ensure that Associate Selected Components with WebLogic Domain is selected.
Ensure Oracle Web Cache is NOT selected.
Click Next.
On the Specify WebLogic Domain Screen, enter
Domain Host Name: ADMINVHN.mycompany.com
Domain Port No: 7001, where 7001 is WLS_ADMIN_PORT in Section A.3.
User Name: Weblogic Administrator User (For example: weblogic)
Password: Password for the Weblogic Administrator User account
Click Next.
On the Specify Component Details screen, specify the following values:
Enter the following values for WEBHOSTn, where n is 1 or 2:
Instance Home Location: WEB_ORACLE_INSTANCE (/u02/local/oracle/config/instances/ohsn, for example, /u02/local/oracle/config/instances/ohs1)
Instance Name: webn
OHS Component Name: webn
Click Next.
On the Configure Ports screen, you use the ohs_ports.ini file you created in Section 8.2.1, "Prerequisites for Configuring the Web Tier" to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify ohs_ports.ini.
Click Save, then click Next.
On the Specify Security Updates screen, specify these values:
Email Address: The email address for your My Oracle Support account.
Oracle Support Password: The password for your My Oracle Support account.
Select: I wish to receive security updates via My Oracle Support.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct. If they are not, click Back to modify selections on previous screens.
Click Configure.
On the Configuration screen, the wizard launches multiple configuration assistants. This process can be lengthy. When it completes, click Next.
On the Installation Complete screen, click Finish to confirm your choice to exit.
Once the installation is completed check that the it is possible to access the Oracle HTTP Server through the following URLs.
http://WEBHOST1.mycompany.com:7777/
http://WEBHOST2.mycompany.com:7777/
https://SSO.mycompany.com/
http://IDMINTERNAL.mycompany.com
This section contains the following topics:
Section 8.3.1, "Configuring Oracle HTTP Server to Run as Software Owner"
Section 8.3.2, "Update Oracle HTTP Server Runtime Parameters"
Section 8.3.3, "Create Virtual Hosts to Support Identity Management"
By default, the Oracle HTTP server runs as the user nobody. In the Identity Management installation, the Oracle HTTP server should run as the Software owner and group.
To cause it to run as the appropriate user and group, edit the file httpd.conf, which is located in WEB_ORACLE_INSTANCE/config/OHS/component_name.
Find the section in httpd.conf where User is defined.
Change this section to read:
User User_who_installed_the_software Group Group_under_which_the_HTTP_server_runs
Group is typically the default user group, for example: oinstall.
For example:
<IfModule !mpm_winnt_module> # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # User oracle Group oinstall </IfModule>
By default, the Oracle HTTP Server contains parameter values that are suitable for most applications. These values, however, must be adjusted in IDM Deployments.
Proceed as follows:
Edit the file httpd.conf, which is located in:
WEB_ORACLE_INSTANCE/config/OHS/component_name
Find the entry that looks like this:
<IfModule mpm_worker_module>
Update the values in this section as follows:
<IfModule mpm_worker_module>
ServerLimit 20
StartServers 2
MaxClients 1000
MinSpareThreads 200
MaxSpareThreads 800
ThreadsPerChild 50
MaxRequestsPerChild 10000
AcceptMutex fcntl
LockFile "${WEB_ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/http_lock"
</IfModule>
Save the file.
In order for Oracle HTTP server to service Oracle Identity Management, you must create a number of files to add support for virtual hosts. Each of the files in the following sections creates a virtual host definition and declares a number of URLs which can be accessed from within it. By enclosing the location directives inside the virtual host these locations will only be available when invoked using the virtual host name. For example, you will be able to access the WebLogic console by using the URL http://ADMIN.mycompany.com/console but not by using the URL: https://SSO.mycompany.com/console
The following sections show sample configuration files for a complete Identity Management deployment. If you are only doing a partial deployment only include those entries applicable to components you are deploying. If you extend your domain at a later date with extra components then you must update the files below with the entries required to support the components you are using.
Before creating virtual host directives, you must enable the Oracle HTTP Server to listen for virtual hosts on the default OHS listen port.
To do this, on each web host, edit the file httpd.conf, which is located in the directory: WEB_ORACLE_INSTANCE/config/OHS/component_name
Locate the line that looks like this:
#NameVirtualHost *:80
Add the following entry to the file, using 7777 or whatever your OHS_PORT value is, and save the file.
NameVirtualHost *:7777
Create the following files on each web host in the directory: WEB_ORACLE_INSTANCE/config/OHS/component_name/moduleconf.
Notes:
Values such as ADMIN.mycompany:80 and you@youraddress that are noted in this document serve as examples only. Enter values based on the actual environment.
If you are not using a virtual host for your Administration Server host (single instance), replace ADMINVHN.mycompany.com with IDMHOST1.mycompany.com.
Create a file called admin_vh.conf. This will contain a list of locations which are supported by clients accessing the domain using ADMIN.mycompany.com.
<VirtualHost *:7777>
ServerName ADMIN.mycompany.com:80
RewriteEngine On
RewriteOptions inherit
RewriteRule ^/em/targetauth/emaslogout.jsp "/oamsso/logout.html?end_url=/em" [R]
RewriteRule ^/console/jsp/common/logout.jsp "/oamsso/logout.html?end_url=/console" [R]
ServerAdmin you@your.address
###################################
## General Domain Configuration
###################################
# Admin Server and EM
<Location /console>
SetHandler weblogic-handler
WebLogicHost ADMINVHN.mycompany.com
WeblogicPort 7001
</Location>
<Location /consolehelp>
SetHandler weblogic-handler
WebLogicHost ADMINVHN.mycompany.com
WeblogicPort 7001
</Location>
<Location /em>
SetHandler weblogic-handler
WebLogicHost ADMINVHN.mycompany.com
WeblogicPort 7001
</Location>
# ODSM
<Location /odsm>
SetHandler weblogic-handler
WebLogicCluster IDMHOST1.mycompany.com:7006,IDMHOST2.mycompany.com:7006
</Location>
##############################################
## Entries Required by Oracle Access Manager
##############################################
# OAM console
<Location /oamconsole>
SetHandler weblogic-handler
WebLogicHost ADMINVHN
WebLogicPort 7001
</Location>
</VirtualHost>
Create a file called sso_vh.conf. This will contain a list of locations which are supported by clients accessing the domain using SSO.mycompany.com. These are the main entry points for external users.
<VirtualHost *:7777>
ServerName https://SSO.mycompany.com:443
RewriteEngine On
RewriteOptions inherit
UseCanonicalName On
ServerAdmin you@your.address
##############################################
## Entries Required by Oracle Access Manager
##############################################
# OAM
<Location /oam>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicCluster IDMHOST1.mycompany.com:14100,IDMHOST2.mycompany.com:14100
</Location>
##############################################
## Entries Required by Fusion Applications
##############################################
# FAAuthScheme
<Location /fusion_apps>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicCluster IDMHOST1.mycompany.com:14100,IDMHOST2.mycompany.com:14100
</Location>
################################################
## Entries Required by Oracle Identity Manager
################################################
# oim admin console(idmshell based)
<Location /admin>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# oim self and advanced admin webapp consoles(canonic webapp)
<Location /oim>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# role-sod profile
<Location /role-sod>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
<Location /HTTPClnt>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
##################################################
## Entries Required by Oracle Identity Federation
##################################################
#OIF
<Location /fed>
SetHandler weblogic-handler
WLProxySSL ON
WLProxySSLPassThrough ON
WebLogicCluster IDMHOST1.mycompany.com:7499,IDMHOST2.mycompany.com:7499
</Location>
</VirtualHost>
Create a file called idminternal_vh.conf. This will contain a list of locations which are supported by clients accessing the domain using IDMINTERNAL.mycompany.com. These entries are used by internal callbacks.
<VirtualHost *:7777>
ServerName http://IDMINTERNAL.mycompany.com:80
RewriteEngine On
RewriteOptions inherit
UseCanonicalName On
ServerAdmin you@your.address
################################################
## Entries Required by Oracle Identity Manager
################################################
# oim admin console(idmshell based)
<Location /admin>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# oim self and advanced admin webapp consoles(canonic webapp)
<Location /oim>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# xlWebApp - Legacy 9.x webapp (struts based)
<Location /xlWebApp>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# Nexaweb WebApp - used for workflow designer and DM
<Location /Nexaweb>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# used for FA Callback service.
<Location /callbackResponseService>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# spml xsd profile
<Location /spml-xsd>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# role-sod profile
<Location /role-sod>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
<Location /HTTPClnt>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# SOA Infrastructure
<Location /soa-infra>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster SOAHOST1VHN:8001,SOAHOST2VHN:8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# UMS Email Support
<Location /ucs>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster SOAHOST1VHN:8001,SOAHOST2VHN:8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# SOA Callback webservice for SOD - Provide the SOA Managed Server Ports
<Location /sodcheck>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster SOAHOST1VHN:8001,SOAHOST2VHN:8001
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
# Callback webservice for SOA. SOA calls this when a request is approved/rejected
# Provide the SOA Managed Server Port
<Location /workflowservice>
SetHandler weblogic-handler
WLCookieName oimjsessionid
WebLogicCluster OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000
WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/OHS/oim_component.log"
</Location>
</VirtualHost>
Restart the Oracle HTTP Server, as described in Section 21.1, "Starting and Stopping Oracle Identity Management Components."
After the installation is completed, check that you can access the Oracle HTTP Server home page using the following URLs:
http://WEBHOST1.mycompany.com:7777/
http://WEBHOST2.mycompany.com:7777/
http://ADMIN.mycompany.com/
https://SSO.mycompany.com/
Back up the Web Tier, as described in Section 21.6.3, "Performing Backups During Installation and Configuration."
|
 Copyright © 2004, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|