Changing the IP Address
Backup and Recovery Tool
- Create backup folders:
md C:\bkp\mt
md C:\bkp\infra
- Go to AS Control for Middle-Tier
- Click Backup/Recovery
- Click Configure Backup/Recovery Settings
- Enter Log File Location (e.g. C:\ora\mt\backup_restore\logs)
- Enter Configuration Files Backup Location (e.g. C:\bkp\mt)
- Click OK
- Run the tool:
set ORACLE_HOME=C:\ora\mt
cd /d %ORACLE_HOME%\backup_restore
bkp_restore.bat -v -m backup_config
- Repeat for Infrastructure
Basic Authentication
To protect certain URLs on your web server
(e.g. /picdb_hires which would contain the hi-res versions of the pictures in your
Picture Database), you can use
Basic Authentication.
- Create a password file:
cd /d C:\ora\mt\Apache\Apache\bin
htpasswd -c passwords donald
When asked to enter a password, type duck
- Place the passwords file in a local folder, e.g. C:\ora\mt\Apache
- Update the httpd.conf file on the Middle-Tier HTTP Server
adding these lines to the bottom of the file:
<Location /picdb_hires>
AuthType Basic
AuthName "picdb"
AuthUserFile "C:\ora\mt\Apache\passwords"
Require valid-user
</Location>
- Click Apply
- When asked if you would like to restart the HTTP Server, click Yes
- When the HTTP Server has been restarted, click OK
Adding language elements in Portal 10.1.4
Here are the steps needed to insert language elements into Oracle Portal and
the Single Sign-On Server, assuming that:
- the path to your Middle-Tier instance is C:\ora\mt
- the password of your PORTAL schema is xyz123
(see "Finding database passwords")
- the name of your Infrastructure server is server.company.com
- the port number of your repository database listener is 1521
- the service name of your repository database is orcl.company.com
- your preferred language is Norwegian
- Set environment variable ORACLE_HOME to point to the Middle-Tier home:
set ORACLE_HOME=C:\ora\mt
- Use the Oracle Portal Configuration Assistant shipped with the Portal 10.1.4 Upgrade Assistant
to insert the language elements:
cd /d C:\stage\mrua_051020\assistants\opca
ptllang.bat -sp xyz123 -c server.company.com:1521:orcl.company.com -lang n
- A log file from the installation can be found in the Middle-Tier home, e.g. C:\ora\mt\portal_n.log
NOTE: If you have upgraded Portal to 10.1.4.1 or 10.1.4.2 and the ptllang command does not work,
you may be encountering bug 5502911, which can be fixed using the updated opca.jar file from
Deleting language elements in Portal 10.1.4
If you would like to remove a specific language from Portal, here's how:
select
id
, substr(title || ' (' || databaseabbreviation || ')', 1, 30) lang
from
wwnls_sys_language$
where
available = 1
and installed = 1
/
ID LANG
---------- ------------------------------
0 English (us)
15 Norwegian (n)
22 Swedish (s)
Example: To remove the Swedish language from your installation:
update portal.wwnls_sys_language$ set installed = 0, available = 0 where id = 22;
update orasso.wwnls_sys_language$ set installed = 0, available = 0 where id = 22;
delete portal.wwnls_strings$ where language = 's';
delete orasso.wwnls_strings$ where language = 's';
commit;
Customizing the Single Sign-On and Sign-Off pages
The samples in the
work better in 10.1.2 than they did in 9.0.2, except that the Sign-On example
forgets which language you had chosen prior to logging in.
Below you will find sample Sign-On and Sign-Off pages. Copy the
files to the subdirectory "j2ee/OC4J_SECURITY/applications/sso/web/jsp"
under the Oracle home of your Infrastructure.
To activate your customized Single Sign-On and Single Sign-Off pages,
here is what you must do, assuming that:
- the password for database schema ORASSO is a9b8C7
- the name of the SSO server is server.company.com
- the port of the SSO server is 7777
- the database SID is orcl
- your preferred language is Norwegian
Enable customized Sign-On page
- Back up the policy.properties file found in the sso/conf folder on your SSO server
and then edit the file:
Old:
loginPageUrl = /sso/jsp/login.jsp
New:
loginPageUrl = /sso/jsp/MySignOn.jsp
- Restart the Single Sign-On server:
cd /d C:\ora\im\opmn\bin
opmnctl restartproc process-type=HTTP_Server
opmnctl restartproc process-type=OC4J_SECURITY
Disable customized Sign-On page
- To Switch back to default Sign-On page, reverse the modification in the policy.properties file
and then restart the Single Sign-On server (see above).
Enable customized Sign-Off page
- Obtain the password for the ORASSO database schemas
(see "Finding database passwords").
- Start SQL*Plus
- Connect to the Infrastructure database as ORASSO:
connect orasso/a9b8C7@orcl
- To see the current settings, issue the following command:
select login_url from wwsso_ls_configuration_info$;
- To activate your customized Sign-On and Sign-Off pages, issue the following commands:
update
wwsso_ls_configuration_info$
set
login_url =
'UNUSED '
|| 'UNUSED '
|| 'http://server.company.com:7777/sso/jsp/MySignOff.jsp'
;
commit;
Disable customized Sign-Off page
- To Switch back to default Sign-Off page, issue the following commands:
update wwsso_ls_configuration_info$
set login_url = 'UNUSED UNUSED UNUSED'
;
commit;
Example Sign-On page (MySignOn.jsp)
<html>
<%@ page buffer="5" autoFlush="true" %>
<%@ page language="java" import="java.util.*, oracle.security.sso.server.mesg.*, oracle.security.sso.server.util.*, oracle.security.sso.util.*"%>
<jsp:useBean id="msgFactory" scope="application" class="oracle.security.sso.util.SSOResourceFactory" />
<%
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", "Thu, 29 Oct 1970 17:04:19 GMT");
String page_title = "My Customized Sign-On";
ResourceBundle msgBundle = null;
out.println (
"<head><title>"
+ page_title
+ "</title></head><body bgcolor=\"#ffffff\">"
+ "<center><h2>"
+ page_title
+ "</h2>"
);
try {
String str_token = request.getParameterValues("site2pstoretoken")[0];
String str_user = request.getParameterValues("ssousername")[0];
String str_err = request.getParameterValues("p_error_code")[0];
String str_cancel = request.getParameterValues("p_cancel_url")[0];
String str_submit = request.getParameterValues("p_submit_url")[0];
msgBundle = msgFactory.getResourceBundle(request, ServerMsgID.MESSAGE_BUNDLE_NAME);
out.println (
"<form name='LoginForm' AutoComplete='off' method='post' action='"
+ str_submit
+ "'>"
+ "<input type='hidden' name='site2pstoretoken' value='" + str_token + "'>"
+ "<input type='hidden' name='locale' value='no'>" // language hard-coded to Norwegian
+ "<table border=0 cellspacing=0 cellpadding=5>"
);
if ((str_err != null) && (str_err.length() > 1)) {
out.println (
"<tr><td><font color='red'>"
+ msgBundle.getString(ServerMsgID.ERROR)
+ ":</font></td>"
+ "<td>" + msgBundle.getString(str_err) + "</td>"
+ "</tr>"
);
}
out.println (
"<tr>"
+ "<td align=right>"
+ "<font face=\"Arial,Helvetica\" size=2><b>"
+ msgBundle.getString(ServerMsgID.USERNAME_LBL)
+ " :</b></font>"
+ "</td><td><input type='text' name='ssousername'></td>"
+ "</tr>"
+ "<tr>"
+ "<td align=right>"
+ "<font face=\"Arial,Helvetica\" size=2><b>"
+ msgBundle.getString(ServerMsgID.PASSWORD_LBL)
+ " :</b></font>"
+ "</td><td><input type='password' name='password'></td>"
+ "</tr>"
+ "<tr>"
+ "<td></td><td>"
+ "<input type='submit' value='"
+ msgBundle.getString(ServerMsgID.LOGIN)
+ "'> "
+ "<input type='button' name='p_request' value='"
+ msgBundle.getString(ServerMsgID.CANCEL)
+ "' "
+ "onClick=\"document.location.href = '" + str_cancel + "';\">"
+ "</td>"
+ "</tr>"
+ "</table></form>"
+ "\n<script language=\"JavaScript\">\n"
+ "<!--\n"
+ " document.LoginForm.ssousername.focus();\n"
+ "// -->\n"
+ "</script>"
);
} catch (Exception e) {
out.println (
"<h2><font color='red'>ERROR:</font>"
+ "This page cannot be accessed directly!</h2>"
);
}
out.println("</center></body>");
%>
</html>
Example Sign-Off page (MySignOff.jsp)
<html>
<%@ page buffer="5" autoFlush="true" %>
<%
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", "Thu, 29 Oct 1970 17:04:19 GMT");
String page_title = "My Customized Sign-Off";
String done_url = null;
int i = 0;
out.println (
"<head><title>"
+ page_title
+ "</title></head>"
);
try {
done_url = request.getParameterValues("p_done_url")[0];
out.println (
"<body bgcolor=\"#ffffff\""
+ " text=\"#999999\" link=\"#999999\" vlink=\"#999999\""
+ " onLoad=\"location='"
+ done_url
+ "'\""
+ "><h2>"
+ page_title
+ "</h2><font face=\"Arial,Helvetica\" size=2>"
);
for(;;) {
i++;
String l_app = request.getParameterValues("p_app_name" + i)[0];
String l_url = request.getParameterValues("p_app_logout_url" + i)[0];
out.println (
"<img src='" + l_url + "'> "
+ l_app
+ "<br>"
);
}
} catch (Exception e) {
if (i > 1) {
out.println (
"<p>When all systems have a check mark,<br>"
+ "you have been successfully signed off.<br>"
+ "Click <a href=\""
+ done_url
+ "\">here</a> to continue.</font>"
);
} else {
out.println (
"</font><h2><center><font color='red'>ERROR:</font>"
+ "This page cannot be accessed directly!</center></h2>"
);
}
}
out.println("</body>");
%>
</html>
Bundled sample Sign-On and Sign-Off pages
To have a look at the sample SSO files bundled with the product, issue these commands:
set ORACLE_HOME=C:\ora\im
cd /d %ORACLE_HOME%\sso
md mySSO
cd mySSO
%ORACLE_HOME%\jdk\bin\jar -xvf %ORACLE_HOME%\sso\lib\ipassample.jar
Adding Virtual Hosts
In this example, you will add a Virtual Host (daisy.company.com) to your Portal installation on server
server.company.com. The listening port for the Oracle HTTP Server is 7778, and the listening
port for WebCache is 80.
Adding Virtual Hosts is a five-step process:
Create network names, then
Configure the HTTP Server, then
WebCache, then
Portal, and then
Single Sign-On.
Create network names
The host names you plan to use must be known in the network,
either through DNS or as entries in the hosts file on each client
(e.g. c:\winnt\system32\drivers\etc\hosts). Here's an example,
assuming that your server's IP address is 192.168.1.1:
192.168.1.1 server.company.com donald myserver
192.168.1.1 daisy.company.com daisy
Configure Oracle HTTP Server
- Update the httpd.conf file on the Middle-Tier HTTP Server
adding these lines to the bottom of the file:
NameVirtualHost *:7778
<VirtualHost *:7778>
ServerName server.company.com
Port 80
ServerAdmin you@your.address
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
<VirtualHost *:7778>
ServerName daisy.company.com
Port 80
ServerAdmin you@your.address
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
- Click Apply and restart the HTTP Server when prompted
Configure Oracle WebCache
- Go to WebCache Admin
- In the "Origin Servers, Sites, and Load Balancing" section, select "Site Definitions"
- Select your host (e.g. server.company.com) and click the Add Alias button
- Add Alias for site:
- as Host Name, enter daisy.company.com
- as Port Number, enter 80
- Click Submit
- Click the Apply Changes button at the top of the screen
- Click the Restart button to restart WebCache
Configure OracleAS Portal
- Set ORACLE_HOME:
set ORACLE_HOME=C:\ora\mt
- Re-register server.company.com and add a partner application entry for daisy.company.com
(when prompted, enter the superuser password, e.g. welcome1):
cd /d %ORACLE_HOME%\portal\conf
ptlconfig -dad portal -sso -host server.company.com -port 80
ptlconfig -dad portal -sso -host daisy.company.com -port 80
- To verify that the ptlconfig script executed correctly, query the
WWSEC_ENABLER_CONFIG_INFO$ table in the PORTAL schema
(if you don't know the password for the PORTAL schema,
see "Finding database passwords"):
%ORACLE_HOME%\bin\sqlplus portal@asdb
set heading off
select site_id, lsnr_token, ls_login_url from wwsec_enabler_config_info$;
BEF56989
server.company.com
http://server.company.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
7921F9B9
daisy.company.com
http://server.company.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_login
- If the internal hostname of the Middle-Tier should be invisible from outside, then go to AS Control
and select Portal:portal > Portal Web Cache Settings and edit the Published Host value from "server.company.com" to "daisy.company.com"
Configure OracleAS Single Sign-On
- Set ORACLE_HOME:
set ORACLE_HOME=C:\ora\mt
- Re-register server.company.com with OracleAS Single Sign-On:
cd /d %ORACLE_HOME%\sso\bin
ssoreg -site_name server.company.com -mod_osso_url http://server.company.com -config_mod_osso TRUE -oracle_home_path %ORACLE_HOME% -config_file %ORACLE_HOME%\Apache\Apache\conf\osso\osso.conf -admin_info cn=orcladmin
- Register daisy.company.com with OracleAS Single Sign-On:
cd /d %ORACLE_HOME%\sso\bin
ssoreg -site_name daisy.company.com -mod_osso_url http://daisy.company.com -config_mod_osso TRUE -oracle_home_path %ORACLE_HOME% -config_file %ORACLE_HOME%\Apache\Apache\conf\osso\osso_daisy.conf -admin_info cn=orcladmin -virtualhost
- Check C:\ora\mt\sso\log\ssoreg.log for the result of the registrations
- Update the httpd.conf file on the Middle-Tier HTTP Server
NameVirtualHost *:7778
<VirtualHost *:7778>
ServerName server.company.com
Port 80
ServerAdmin you@your.address
RewriteEngine On
RewriteOptions inherit
OssoConfigFile C:\ora\mt\Apache\Apache\conf\osso\osso.conf
OssoIpCheck off
</VirtualHost>
<VirtualHost *:7778>
ServerName daisy.company.com
Port 80
ServerAdmin you@your.address
RewriteEngine On
RewriteOptions inherit
OssoConfigFile C:\ora\mt\Apache\Apache\conf\osso\osso_daisy.conf
OssoIpCheck off
</VirtualHost>
- Click Apply and restart the HTTP Server when prompted
(see "Configure HTTP Server" above)
- Finally, restart all Middle-Tier processes
More information on how to configure Virtual Hosts:
Enabling Single Sign-On through a proxy
In this example, you will enable SSO using WebCache as a proxy.
WebCache is running on port 80 on a server with internal hostname mt.mynet.com and an alias www.company.com.
Infrastructure with SSO is running on port 7777 on a server with internal hostname infra.mynet.com.
Configure OracleAS Single Sign-On
- Go to the SSO admin page (e.g. http://infra.mynet.com:7777/pls/orasso)
and log in as orcladmin
- Check that "Verify IP addresses for requests made to the SSO Server" is deselected
- Reconfigure SSO on infra.mynet.com:
export ORACLE_HOME=/opt/app/oracle/product/10.1.2/infra
cd $ORACLE_HOME/sso/bin
./ssocfg.sh http login.company.com 80
- Update targets.xml for target type oracle_sso_server (properties HTTPMachine and HTTPPort):
cd $ORACLE_HOME/sysman/emd
cp -p targets.xml targets.xml.yyyymmdd
vi targets.xml
Before:
<Property NAME="HTTPMachine" VALUE="infra.mynet.com"/>
<Property NAME="HTTPPort" VALUE="7777"/>
After:
<Property NAME="HTTPMachine" VALUE="login.company.com"/>
<Property NAME="HTTPPort" VALUE="80"/>
- Reload OracleAS console:
cd $ORACLE_HOME/bin
./emctl reload
- Update the httpd.conf file on the Infrastructure HTTP Server
making the following two changes:
- Set KeepAlive to Off:
KeepAlive Off
- Add these lines to the bottom of the file:
NameVirtualHost *:7777
<VirtualHost *:7777>
ServerName login.company.com
Port 80
ServerAdmin you@your.address
RewriteEngine On
RewriteOptions inherit
</VirtualHost>
- Click Apply and restart the HTTP Server when prompted
- Reregister mod_osso on the Single Sign-On Middle-Tier:
cd $ORACLE_HOME/sso/bin
./ssoreg.sh -oracle_home_path $ORACLE_HOME -site_name infra.infra.mynet.com -config_mod_osso TRUE -mod_osso_url http://login.company.com -update_mode MODIFY
- Check /opt/app/oracle/product/10.1.2/infra/sso/log/ssoreg.log for the result of the registration
- Update configuration and restart processes:
cd $ORACLE_HOME/dcm/bin
./dcmctl updateconfig
cd $ORACLE_HOME/opmn/bin
./opmnctl restartproc process-type=HTTP_Server
./opmnctl restartproc process-type=OC4J_SECURITY
Configure Oracle WebCache
- Go to WebCache Admin
- In the "Origin Servers, Sites, and Load Balancing" section, select "Origin Servers"
- Add Origin Server:
- as Host Name, enter infra.mynet.com
- as Port Number, enter 7777
- as Routing, select ENABLE
- as Capacity, enter 100
- as Failover Threshold, enter 5
- as Ping URL, enter /
- as Ping Interval (seconds), enter 10
- as Protocol, select HTTP
- Click Submit
- Add Site Definition:
- as Host Name, enter login.company.com
- as Port Number, enter 80
- Click Submit
- Add Site-to-Server Mapping:
- Select the * 7777 entry
- Click the Insert Above button
- In Select from Site Definitions dropdown, select login.company.com:80
- Under Select Application Web Servers, check infra.mynet.com:7777
- Click Submit
- Click the Apply Changes button at the top of the screen
- Click the Restart button to restart WebCache
Configure OracleAS Portal and SSO
- Reconfigure Portal on mt.mynet.com:
export ORACLE_HOME=/opt/app/oracle/product/10.1.2/mt
cd $ORACLE_HOME/portal/conf
./ptlconfig -dad portal -sso -host mt.mynet.com -port 80
./ptlconfig -dad portal -sso -host www.company.com -port 80
- Reconfigure SSO on mt.mynet.com:
cd $ORACLE_HOME/sso/bin
./ssoreg.sh -site_name mt.mynet.com -mod_osso_url http://mt.mynet.com -config_mod_osso TRUE -oracle_home_path $ORACLE_HOME -config_file $ORACLE_HOME/Apache/Apache/conf/osso/osso.conf -admin_info cn=orcladmin
./ssoreg.sh -site_name www.company.com -mod_osso_url http://www.company.com -config_mod_osso TRUE -oracle_home_path $ORACLE_HOME -config_file $ORACLE_HOME/Apache/Apache/conf/osso/osso_www_company_com.conf -admin_info cn=orcladmin -virtualhost
- Check $ORACLE_HOME/sso/log/ssoreg.log for the result of the registrations
- Check the WWSEC_ENABLER_CONFIG_INFO$ table in the PORTAL schema and update it if necessary (see
"Configure OracleAS Portal" above)
- If the internal hostname of the Middle-Tier should be invisible from outside, then go to AS Control
and select Portal:portal > Portal Web Cache Settings and edit the Published Host value from "mt.mynet.com" to "www.company.com"
- Update configuration and restart processes:
cd $ORACLE_HOME/dcm/bin
./dcmctl updateConfig
cd $ORACLE_HOME/opmn/bin
./opmnctl stopall
rm -r $ORACLE_HOME/Apache/modplsql/cache/plsql/*
rm -r $ORACLE_HOME/Apache/modplsql/cache/session/*
./opmnctl startall
More information on how to configure SSO:
Security
If you need to change the superuser password(s) at a later stage, this
is how to do it:
- Change the password for the ias_admin user in Application Server Control:
- Go to AS Control for your Middle-Tier
- Click on Preferences in the top right corner of the page
- Enter the current password, the new password, and the new password again
- Click OK
- If the new password was accepted, click OK again
- Repeat the above steps for your Infrastructure
- Change the password for the SYS and SYSTEM users in the Infrastructure database:
- Start SQL*Plus
- Connect to the database as SYSTEM
- Issue the following commands (assuming you want to set the password to roxe8bub):
alter user sys identified by roxe8bub;
alter user system identified by roxe8bub;
- Change the password for the orcladmin user in OID:
- Log in to OID
as orcladmin
- Click on orcladmin@server.company.com:389
- Select the System Passwords tab in the right pane
- Enter the new Super User Password
- Click Apply
- Edit iasconfig.xml (e.g. C:\ora\mt\portal\conf\iasconfig.xml),
replacing the encrypted value of the AdminPassword attribute of the OIDComponent
tag with the new superuser password in clear text
- Encrypt the file:
set ORACLE_HOME=C:\ora\mt
cd /d %ORACLE_HOME%\portal\conf
ptlconfig -encrypt
- Update the portal schema with the new configuration settings:
ptlconfig -dad portal -site -oid
- Change the password for the orcladmin and portal users in Portal:
- Log in to Portal
as portal
- Click Account Info in the top right corner of the page
- Click Change Password
- Enter the current password, the new password, and the new password again
- Click Submit
- Click Done
- Repeat the above steps for the orcladmin user
- Change the password for the administrator and invalidator users in Web Cache:
- Go to WebCache Admin
- In the "Properties" section, select "Security"
- Click Change Administration Password
- Enter the current password, the new password, and the new password again
- Click Submit
- Click Change Invalidation Password
- Enter the current password, the new password, and the new password again
- Click Submit
- Click the Apply Changes button at the top of the screen
- Click the Restart button to restart WebCache
You must then update the password settings in Application Server Control:
- Go to AS Control for your Middle-Tier
- In the System Components section, click on Portal:portal
- Click Portal Web Cache Settings in the Administration secion
- Enter the new Invalidation User Password and confirm
- Click Apply
- Click OK
If you happen to forget the current password(s) for the administrator and/or invalidator user(s) in WebCache, you can temporarily reset them to "administrator":
- Back up and edit C:\ora\mt\webcache\webcache.xml:
Set the PASSWORDHASH attribute of the two USER elements within the SECURITY element to "B3ACA92C793EE0E9B1A9B0A5F5FC044E05140DF3"
- Save the file
- Restart WebCache
- Change the password for the oc4jadmin user in Application Server 10.1.3:
- Go to AS Control for your Middle-Tier
- For each OC4J Container that you created (e.g. IKB or iknowbase), change its oc4jadmin passord:
- Go to the Change Password page: Click
Container Name
> Administration
> Security
> Security Providers
> Instance Level Security
> Realms
> Users (click on the number, e.g. 3)
> oc4jadmin
> Change Password
- Enter old and new passord
- Click Apply
- Click Setup from the top menu
- Enter old and new passord
- Click Apply
- Restart the server
More information on the subject of security and invalidation:
Finding database passwords
Do not change the password for the PORTAL and ORASSO database users
directly from SQL*Plus! If you do, you'll have to change them in the
DADs and in OID as well. Instead, you can look up the passwords you
need using one of the methods described below.
If you are using version 10.1.2.0.2 of Application Server, you can find the password for the PORTAL and ORASSO
database users by following these steps:
- Start Oracle Directory Manager (found under
Start
> Programs
> OracleAS 10g Infrastructure - im
> Integrated Management Tools)
- If this is the first time you use Directory Manager, you need to add an entry for your server -
the default port on Windows is now 389.
- Log in as orcladmin
- Navigate to the correct resources in the directory:
- Entry Management
- cn=OracleContext
- cn=Products
- cn=IAS
- cn=Infrastructure Databases
- orclReferenceName=orcl.company.com
- ResourceName=PORTAL/ORASSO
- Click the above entry and look for the "orclpasswordattribute"
attribute value on the right panel. This value is the password for
the PORTAL/ORASSO users.
From version 10.1.2.2, the above method is no longer available - the password is no longer shown in
Directory Manager. An alternative is then to use a command line utility to request the passwords
from OID:
- Download
- Edit the file to include your hostname and OID port
- Run the batch file from the command line, for example:
show_password welcome1 portal
More Information