Changing the IP Address

Backup and Recovery Tool
  1. Create backup folders: 
    md C:\bkp\mt
md C:\bkp\infra
  2. Go to AS Control for Middle-Tier
  3. Click Backup/Recovery
  4. Click Configure Backup/Recovery Settings
  5. Enter Log File Location (e.g. C:\ora\mt\backup_restore\logs)
  6. Enter Configuration Files Backup Location (e.g. C:\bkp\mt)
  7. Click OK

  8. Run the tool: 
    set ORACLE_HOME=C:\ora\mt
cd /d %ORACLE_HOME%\backup_restore
bkp_restore.bat -v -m backup_config

  9. Repeat for Infrastructure

Basic Authentication

 To protect certain URLs on your web server (e.g. /picdb_hires which would contain the hi-res versions of the pictures in your Picture Database), you can use Basic Authentication.
  1. Create a password file: 
    cd /d C:\ora\mt\Apache\Apache\bin
htpasswd -c passwords donald
    When asked to enter a password, type duck
  2. Place the passwords file in a local folder, e.g. C:\ora\mt\Apache
  3. Update the httpd.conf file on the Middle-Tier HTTP Server adding these lines to the bottom of the file: 
    <Location /picdb_hires>
	AuthType Basic
	AuthName "picdb"
	AuthUserFile "C:\ora\mt\Apache\passwords"
	Require valid-user
</Location>
  4. Click Apply
  5. When asked if you would like to restart the HTTP Server, click Yes
  6. When the HTTP Server has been restarted, click OK

Adding language elements in Portal 10.1.4

 Here are the steps needed to insert language elements into Oracle Portal and the Single Sign-On Server, assuming that:
  1. Set environment variable ORACLE_HOME to point to the Middle-Tier home: 
    set ORACLE_HOME=C:\ora\mt
  2. Use the Oracle Portal Configuration Assistant shipped with the Portal 10.1.4 Upgrade Assistant to insert the language elements:
    cd /d C:\stage\mrua_051020\assistants\opca
ptllang.bat -sp xyz123 -c server.company.com:1521:orcl.company.com -lang n
  3. A log file from the installation can be found in the Middle-Tier home, e.g. C:\ora\mt\portal_n.log
NOTE: If you have upgraded Portal to 10.1.4.1 or 10.1.4.2 and the ptllang command does not work, you may be encountering bug 5502911, which can be fixed using the updated opca.jar file from

Deleting language elements in Portal 10.1.4

 If you would like to remove a specific language from Portal, here's how: 
select
	id
,	substr(title || ' (' || databaseabbreviation || ')', 1, 30) lang
from
	wwnls_sys_language$
where
	available = 1
and	installed = 1
/

        ID LANG
---------- ------------------------------
         0 English (us)
        15 Norwegian (n)
        22 Swedish (s)
Example: To remove the Swedish language from your installation: 
update portal.wwnls_sys_language$ set installed = 0, available = 0 where id = 22;
update orasso.wwnls_sys_language$ set installed = 0, available = 0 where id = 22;

delete portal.wwnls_strings$ where language = 's';
delete orasso.wwnls_strings$ where language = 's';

commit;

Customizing the Single Sign-On and Sign-Off pages

 The samples in the work better in 10.1.2 than they did in 9.0.2, except that the Sign-On example forgets which language you had chosen prior to logging in. Below you will find sample Sign-On and Sign-Off pages. Copy the files to the subdirectory "j2ee/OC4J_SECURITY/applications/sso/web/jsp" under the Oracle home of your Infrastructure. To activate your customized Single Sign-On and Single Sign-Off pages, here is what you must do, assuming that:

Enable customized Sign-On page

  1. Back up the policy.properties file found in the sso/conf folder on your SSO server and then edit the file:
    Old: 
    loginPageUrl = /sso/jsp/login.jsp
    New: 
    loginPageUrl = /sso/jsp/MySignOn.jsp

  2. Restart the Single Sign-On server: 
    cd /d C:\ora\im\opmn\bin
opmnctl restartproc process-type=HTTP_Server
opmnctl restartproc process-type=OC4J_SECURITY

Disable customized Sign-On page

  1. To Switch back to default Sign-On page, reverse the modification in the policy.properties file and then restart the Single Sign-On server (see above).

Enable customized Sign-Off page

  1. Obtain the password for the ORASSO database schemas (see "Finding database passwords").
  2. Start SQL*Plus
  3. Connect to the Infrastructure database as ORASSO: 
    connect orasso/a9b8C7@orcl
  4. To see the current settings, issue the following command: 
    select login_url from wwsso_ls_configuration_info$;
  5. To activate your customized Sign-On and Sign-Off pages, issue the following commands: 
    update
	wwsso_ls_configuration_info$
set
	login_url =
		'UNUSED '
	||	'UNUSED '
	||	'http://server.company.com:7777/sso/jsp/MySignOff.jsp'
;
commit;

Disable customized Sign-Off page

  1. To Switch back to default Sign-Off page, issue the following commands: 
    update	wwsso_ls_configuration_info$
set	login_url = 'UNUSED UNUSED UNUSED'
;
commit;

Example Sign-On page (MySignOn.jsp)

<html>

<%@ page buffer="5" autoFlush="true" %>
<%@ page language="java" import="java.util.*, oracle.security.sso.server.mesg.*, oracle.security.sso.server.util.*, oracle.security.sso.util.*"%>
<jsp:useBean id="msgFactory" scope="application" class="oracle.security.sso.util.SSOResourceFactory" />
<%
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", "Thu, 29 Oct 1970 17:04:19 GMT");

String page_title = "My Customized Sign-On";
ResourceBundle msgBundle = null;

out.println (
	"<head><title>"
+	page_title
+	"</title></head><body bgcolor=\"#ffffff\">"
+	"<center><h2>"
+	page_title
+	"</h2>"
);

try {
	String str_token  = request.getParameterValues("site2pstoretoken")[0];
	String str_user   = request.getParameterValues("ssousername")[0];
	String str_err    = request.getParameterValues("p_error_code")[0];
	String str_cancel = request.getParameterValues("p_cancel_url")[0];
	String str_submit = request.getParameterValues("p_submit_url")[0];

	msgBundle = msgFactory.getResourceBundle(request, ServerMsgID.MESSAGE_BUNDLE_NAME);

	out.println (
		"<form name='LoginForm' AutoComplete='off' method='post' action='"
	+	str_submit
	+	"'>"
	+	"<input type='hidden' name='site2pstoretoken' value='" + str_token + "'>"
	+	"<input type='hidden' name='locale' value='no'>" // language hard-coded to Norwegian
	+	"<table border=0 cellspacing=0 cellpadding=5>"
	);

	if ((str_err != null) && (str_err.length() > 1)) {
		out.println (
			"<tr><td><font color='red'>"
		+	msgBundle.getString(ServerMsgID.ERROR)
		+	":</font></td>"
		+	"<td>" + msgBundle.getString(str_err) + "</td>"
		+	"</tr>"
		);
	}

	out.println (
		"<tr>"
	+	"<td align=right>"
	+	"<font face=\"Arial,Helvetica\" size=2><b>"
	+	msgBundle.getString(ServerMsgID.USERNAME_LBL)
	+	" :</b></font>"
	+	"</td><td><input type='text' name='ssousername'></td>"
	+	"</tr>"
	+	"<tr>"
	+	"<td align=right>"
	+	"<font face=\"Arial,Helvetica\" size=2><b>"
	+	msgBundle.getString(ServerMsgID.PASSWORD_LBL)
	+	" :</b></font>"
	+	"</td><td><input type='password' name='password'></td>"
	+	"</tr>"
	+	"<tr>"
	+	"<td></td><td>"
	+	"<input type='submit' value='"
	+	msgBundle.getString(ServerMsgID.LOGIN)
	+	"'> "
	+	"<input type='button' name='p_request' value='"
	+	msgBundle.getString(ServerMsgID.CANCEL)
	+	"' "
	+	"onClick=\"document.location.href = '" + str_cancel + "';\">"
	+	"</td>"
	+	"</tr>"
	+	"</table></form>"
	+	"\n<script language=\"JavaScript\">\n"
	+	"<!--\n"
	+	"	document.LoginForm.ssousername.focus();\n"
	+	"// -->\n"
	+	"</script>"
	);

} catch (Exception e) {

	out.println (
		"<h2><font color='red'>ERROR:</font>"
	+	"This page cannot be accessed directly!</h2>"
	);
}

out.println("</center></body>");

%>

</html>

Example Sign-Off page (MySignOff.jsp)

<html>

<%@ page buffer="5" autoFlush="true" %>
<%
response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", "Thu, 29 Oct 1970 17:04:19 GMT");

String page_title = "My Customized Sign-Off";
String done_url = null;
int i = 0;

out.println (
	"<head><title>"
+	page_title
+	"</title></head>"
);

try {
	done_url = request.getParameterValues("p_done_url")[0];

	out.println (
		"<body bgcolor=\"#ffffff\""
	+	" text=\"#999999\" link=\"#999999\" vlink=\"#999999\""
	+	" onLoad=\"location='"
	+	done_url
	+	"'\""
	+	"><h2>"
	+	page_title
	+	"</h2><font face=\"Arial,Helvetica\" size=2>"
	);

	for(;;) {

		i++;

		String l_app = request.getParameterValues("p_app_name" + i)[0];
		String l_url = request.getParameterValues("p_app_logout_url" + i)[0];

		out.println (
			"<img src='" + l_url + "'> "
		+	l_app
		+	"<br>"
		);

	}

} catch (Exception e) {

	if (i > 1) {
		out.println (
			"<p>When all systems have a check mark,<br>"
		+	"you have been successfully signed off.<br>"
		+	"Click <a href=\""
		+	done_url
		+	"\">here</a> to continue.</font>"
		);
	} else {
		out.println (
			"</font><h2><center><font color='red'>ERROR:</font>"
		+	"This page cannot be accessed directly!</center></h2>"
		);
	}
}

out.println("</body>");

%>

</html>

Bundled sample Sign-On and Sign-Off pages

To have a look at the sample SSO files bundled with the product, issue these commands: 
set ORACLE_HOME=C:\ora\im
cd /d %ORACLE_HOME%\sso
md mySSO
cd mySSO
%ORACLE_HOME%\jdk\bin\jar -xvf %ORACLE_HOME%\sso\lib\ipassample.jar

Adding Virtual Hosts

 In this example, you will add a Virtual Host (daisy.company.com) to your Portal installation on server server.company.com. The listening port for the Oracle HTTP Server is 7778, and the listening port for WebCache is 80.

Adding Virtual Hosts is a five-step process: Create network names, then Configure the HTTP Server, then WebCache, then Portal, and then Single Sign-On.

Create network names

The host names you plan to use must be known in the network, either through DNS or as entries in the hosts file on each client (e.g. c:\winnt\system32\drivers\etc\hosts). Here's an example, assuming that your server's IP address is 192.168.1.1: 
192.168.1.1  server.company.com  donald  myserver
192.168.1.1  daisy.company.com   daisy

Configure Oracle HTTP Server
  1. Update the httpd.conf file on the Middle-Tier HTTP Server adding these lines to the bottom of the file: 
    NameVirtualHost *:7778

<VirtualHost *:7778>
	ServerName server.company.com
	Port 80
	ServerAdmin you@your.address
	RewriteEngine On
	RewriteOptions inherit
</VirtualHost>

<VirtualHost *:7778>
	ServerName daisy.company.com
	Port 80
	ServerAdmin you@your.address
	RewriteEngine On
	RewriteOptions inherit
</VirtualHost>
  2. Click Apply and restart the HTTP Server when prompted

Configure Oracle WebCache
  1. Go to WebCache Admin
  2. In the "Origin Servers, Sites, and Load Balancing" section, select "Site Definitions"
  3. Select your host (e.g. server.company.com) and click the Add Alias button
  4. Add Alias for site:
  5. Click Submit

  6. Click the Apply Changes button at the top of the screen
  7. Click the Restart button to restart WebCache

Configure OracleAS Portal
  1. Set ORACLE_HOME: 
    set ORACLE_HOME=C:\ora\mt

  2. Re-register server.company.com and add a partner application entry for daisy.company.com (when prompted, enter the superuser password, e.g. welcome1): 
    cd /d %ORACLE_HOME%\portal\conf
ptlconfig -dad portal -sso -host server.company.com -port 80
ptlconfig -dad portal -sso -host daisy.company.com -port 80

  3. To verify that the ptlconfig script executed correctly, query the WWSEC_ENABLER_CONFIG_INFO$ table in the PORTAL schema (if you don't know the password for the PORTAL schema, see "Finding database passwords"): 
    %ORACLE_HOME%\bin\sqlplus portal@asdb
set heading off
select site_id, lsnr_token, ls_login_url from wwsec_enabler_config_info$;

BEF56989
server.company.com
http://server.company.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_login

7921F9B9
daisy.company.com
http://server.company.com:7777/pls/orasso/orasso.wwsso_app_admin.ls_login

  4. If the internal hostname of the Middle-Tier should be invisible from outside, then go to AS Control and select Portal:portal > Portal Web Cache Settings and edit the Published Host value from "server.company.com" to "daisy.company.com"

Configure OracleAS Single Sign-On
  1. Set ORACLE_HOME: 
    set ORACLE_HOME=C:\ora\mt

  2. Re-register server.company.com with OracleAS Single Sign-On: 
    cd /d %ORACLE_HOME%\sso\bin
ssoreg -site_name server.company.com -mod_osso_url http://server.company.com -config_mod_osso TRUE -oracle_home_path %ORACLE_HOME% -config_file %ORACLE_HOME%\Apache\Apache\conf\osso\osso.conf -admin_info cn=orcladmin
  3. Register daisy.company.com with OracleAS Single Sign-On: 
    cd /d %ORACLE_HOME%\sso\bin
ssoreg -site_name daisy.company.com -mod_osso_url http://daisy.company.com -config_mod_osso TRUE -oracle_home_path %ORACLE_HOME% -config_file %ORACLE_HOME%\Apache\Apache\conf\osso\osso_daisy.conf -admin_info cn=orcladmin -virtualhost
  4. Check C:\ora\mt\sso\log\ssoreg.log for the result of the registrations

  5. Update the httpd.conf file on the Middle-Tier HTTP Server 
    NameVirtualHost *:7778

<VirtualHost *:7778>
	ServerName server.company.com
	Port 80
	ServerAdmin you@your.address
	RewriteEngine On
	RewriteOptions inherit
	OssoConfigFile C:\ora\mt\Apache\Apache\conf\osso\osso.conf
	OssoIpCheck off
</VirtualHost>

<VirtualHost *:7778>
	ServerName daisy.company.com
	Port 80
	ServerAdmin you@your.address
	RewriteEngine On
	RewriteOptions inherit
	OssoConfigFile C:\ora\mt\Apache\Apache\conf\osso\osso_daisy.conf
	OssoIpCheck off
</VirtualHost>
  6. Click Apply and restart the HTTP Server when prompted (see "Configure HTTP Server" above)

  7. Finally, restart all Middle-Tier processes
More information on how to configure Virtual Hosts:

Enabling Single Sign-On through a proxy

 In this example, you will enable SSO using WebCache as a proxy. WebCache is running on port 80 on a server with internal hostname mt.mynet.com and an alias www.company.com. Infrastructure with SSO is running on port 7777 on a server with internal hostname infra.mynet.com.

Configure OracleAS Single Sign-On
  1. Go to the SSO admin page (e.g. http://infra.mynet.com:7777/pls/orasso) and log in as orcladmin
  2. Check that "Verify IP addresses for requests made to the SSO Server" is deselected

  3. Reconfigure SSO on infra.mynet.com: 
    export ORACLE_HOME=/opt/app/oracle/product/10.1.2/infra
cd $ORACLE_HOME/sso/bin
./ssocfg.sh http login.company.com 80
  4. Update targets.xml for target type oracle_sso_server (properties HTTPMachine and HTTPPort): 
    cd $ORACLE_HOME/sysman/emd
cp -p targets.xml targets.xml.yyyymmdd
vi targets.xml
    Before: 
    		<Property NAME="HTTPMachine" VALUE="infra.mynet.com"/>
		<Property NAME="HTTPPort" VALUE="7777"/>
    After: 
    		<Property NAME="HTTPMachine" VALUE="login.company.com"/>
		<Property NAME="HTTPPort" VALUE="80"/>
  5. Reload OracleAS console: 
    cd $ORACLE_HOME/bin
./emctl reload

  6. Update the httpd.conf file on the Infrastructure HTTP Server making the following two changes:
    1. Set KeepAlive to Off: 
      KeepAlive Off
    2. Add these lines to the bottom of the file: 
      NameVirtualHost *:7777

<VirtualHost *:7777>
	ServerName login.company.com
	Port 80
	ServerAdmin you@your.address
	RewriteEngine On
	RewriteOptions inherit
</VirtualHost>
  7. Click Apply and restart the HTTP Server when prompted

  8. Reregister mod_osso on the Single Sign-On Middle-Tier: 
    cd $ORACLE_HOME/sso/bin
./ssoreg.sh -oracle_home_path $ORACLE_HOME -site_name infra.infra.mynet.com -config_mod_osso TRUE -mod_osso_url http://login.company.com -update_mode MODIFY
  9. Check /opt/app/oracle/product/10.1.2/infra/sso/log/ssoreg.log for the result of the registration

  10. Update configuration and restart processes: 
    cd $ORACLE_HOME/dcm/bin
./dcmctl updateconfig

cd $ORACLE_HOME/opmn/bin
./opmnctl restartproc process-type=HTTP_Server
./opmnctl restartproc process-type=OC4J_SECURITY

Configure Oracle WebCache
  1. Go to WebCache Admin
  2. In the "Origin Servers, Sites, and Load Balancing" section, select "Origin Servers"

  3. Add Origin Server:

  4. Add Site Definition:

  5. Add Site-to-Server Mapping:

  6. Click the Apply Changes button at the top of the screen
  7. Click the Restart button to restart WebCache

Configure OracleAS Portal and SSO
  1. Reconfigure Portal on mt.mynet.com: 
    export ORACLE_HOME=/opt/app/oracle/product/10.1.2/mt
cd $ORACLE_HOME/portal/conf
./ptlconfig -dad portal -sso -host mt.mynet.com -port 80
./ptlconfig -dad portal -sso -host www.company.com -port 80
  2. Reconfigure SSO on mt.mynet.com: 
    cd $ORACLE_HOME/sso/bin

./ssoreg.sh -site_name mt.mynet.com -mod_osso_url http://mt.mynet.com -config_mod_osso TRUE -oracle_home_path $ORACLE_HOME -config_file $ORACLE_HOME/Apache/Apache/conf/osso/osso.conf -admin_info cn=orcladmin
./ssoreg.sh -site_name www.company.com -mod_osso_url http://www.company.com -config_mod_osso TRUE -oracle_home_path $ORACLE_HOME -config_file $ORACLE_HOME/Apache/Apache/conf/osso/osso_www_company_com.conf -admin_info cn=orcladmin -virtualhost
  3. Check $ORACLE_HOME/sso/log/ssoreg.log for the result of the registrations

  4. Check the WWSEC_ENABLER_CONFIG_INFO$ table in the PORTAL schema and update it if necessary (see "Configure OracleAS Portal" above)

  5. If the internal hostname of the Middle-Tier should be invisible from outside, then go to AS Control and select Portal:portal > Portal Web Cache Settings and edit the Published Host value from "mt.mynet.com" to "www.company.com"

  6. Update configuration and restart processes: 
    cd $ORACLE_HOME/dcm/bin
./dcmctl updateConfig

cd $ORACLE_HOME/opmn/bin
./opmnctl stopall
rm -r $ORACLE_HOME/Apache/modplsql/cache/plsql/*
rm -r $ORACLE_HOME/Apache/modplsql/cache/session/*
./opmnctl startall
More information on how to configure SSO:

Security

 If you need to change the superuser password(s) at a later stage, this is how to do it:
  1. Change the password for the ias_admin user in Application Server Control:

    1. Go to AS Control for your Middle-Tier
    2. Click on Preferences in the top right corner of the page
    3. Enter the current password, the new password, and the new password again
    4. Click OK
    5. If the new password was accepted, click OK again

    6. Repeat the above steps for your Infrastructure

  2. Change the password for the SYS and SYSTEM users in the Infrastructure database:

    1. Start SQL*Plus
    2. Connect to the database as SYSTEM
    3. Issue the following commands (assuming you want to set the password to roxe8bub): 
      alter user sys identified by roxe8bub;
alter user system identified by roxe8bub;

  3. Change the password for the orcladmin user in OID:

    1. Log in to OID as orcladmin
    2. Click on orcladmin@server.company.com:389
    3. Select the System Passwords tab in the right pane
    4. Enter the new Super User Password
    5. Click Apply

    6. Edit iasconfig.xml (e.g. C:\ora\mt\portal\conf\iasconfig.xml), replacing the encrypted value of the AdminPassword attribute of the OIDComponent tag with the new superuser password in clear text
    7. Encrypt the file: 
      set ORACLE_HOME=C:\ora\mt
cd /d %ORACLE_HOME%\portal\conf
ptlconfig -encrypt
    8. Update the portal schema with the new configuration settings: 
      ptlconfig -dad portal -site -oid

  4. Change the password for the orcladmin and portal users in Portal:

    1. Log in to Portal as portal
    2. Click Account Info in the top right corner of the page
    3. Click Change Password
    4. Enter the current password, the new password, and the new password again
    5. Click Submit
    6. Click Done

    7. Repeat the above steps for the orcladmin user

  5. Change the password for the administrator and invalidator users in Web Cache:

    1. Go to WebCache Admin
    2. In the "Properties" section, select "Security"
    3. Click Change Administration Password
    4. Enter the current password, the new password, and the new password again
    5. Click Submit
    6. Click Change Invalidation Password
    7. Enter the current password, the new password, and the new password again
    8. Click Submit
    9. Click the Apply Changes button at the top of the screen
    10. Click the Restart button to restart WebCache

    You must then update the password settings in Application Server Control:

    1. Go to AS Control for your Middle-Tier
    2. In the System Components section, click on Portal:portal
    3. Click Portal Web Cache Settings in the Administration secion
    4. Enter the new Invalidation User Password and confirm
    5. Click Apply
    6. Click OK

    If you happen to forget the current password(s) for the administrator and/or invalidator user(s) in WebCache, you can temporarily reset them to "administrator":

    1. Back up and edit C:\ora\mt\webcache\webcache.xml:
      Set the PASSWORDHASH attribute of the two USER elements within the SECURITY element to "B3ACA92C793EE0E9B1A9B0A5F5FC044E05140DF3"
    2. Save the file
    3. Restart WebCache

  6. Change the password for the oc4jadmin user in Application Server 10.1.3:

    1. Go to AS Control for your Middle-Tier
    2. For each OC4J Container that you created (e.g. IKB or iknowbase), change its oc4jadmin passord:
      1. Go to the Change Password page: Click Container Name > Administration > Security > Security Providers > Instance Level Security > Realms > Users (click on the number, e.g. 3) > oc4jadmin > Change Password
      2. Enter old and new passord
      3. Click Apply
    3. Click Setup from the top menu
    4. Enter old and new passord
    5. Click Apply
    6. Restart the server
More information on the subject of security and invalidation:

Finding database passwords

 Do not change the password for the PORTAL and ORASSO database users directly from SQL*Plus! If you do, you'll have to change them in the DADs and in OID as well. Instead, you can look up the passwords you need using one of the methods described below.

If you are using version 10.1.2.0.2 of Application Server, you can find the password for the PORTAL and ORASSO database users by following these steps:

  1. Start Oracle Directory Manager (found under Start > Programs > OracleAS 10g Infrastructure - im > Integrated Management Tools)
  2. If this is the first time you use Directory Manager, you need to add an entry for your server - the default port on Windows is now 389.
  3. Log in as orcladmin
  4. Navigate to the correct resources in the directory:
    1. Entry Management
    2. cn=OracleContext
    3. cn=Products
    4. cn=IAS
    5. cn=Infrastructure Databases
    6. orclReferenceName=orcl.company.com
    7. ResourceName=PORTAL/ORASSO
  5. Click the above entry and look for the "orclpasswordattribute" attribute value on the right panel. This value is the password for the PORTAL/ORASSO users.
From version 10.1.2.2, the above method is no longer available - the password is no longer shown in Directory Manager. An alternative is then to use a command line utility to request the passwords from OID:
  1. Download
  2. Edit the file to include your hostname and OID port
  3. Run the batch file from the command line, for example: 
    show_password welcome1 portal

More Information