OBIEE Security/ports
Is there any secured port that can be used instead of 9704/ If so, how to make the changes from default port to someother http port? What type of authentication is enabled by default for users access over the internet?
Edited by: user4683504 on Jul 21, 2010 12:32 PM
Hi friend,
OBIEE can manage user access by Security Manager in Administration Tool. Security manager is used to setup users, groups, synchronize with LDAP server and to control information can be used by users/groups.
Port 9704 uses the authentication mechanism defined on Administration Tool, for example, using LDAP and Oracle database tables with information about users.
Regards.
Similar Messages
-
OBIEE Security 10g to 11g: Groups
I had a Security scenario that I wanted to throw out to the forum...
In 10g, we made use of the GROUP system variable to pull a users group membership from a database table. This was a Session Variable initialized upon each login.
Data-level and object-level security was different for each group.
In our environment users had the ability to switch groups, so they could be active in one of the groups and inactive in the others. We provided a form (WriteBack) that allowed them to set what group they wanted to be active for. They would then log out and log back in and have their new group assignments.
In the Session Variable this was done by pulling in only groups that were flagged as Active. This worked great as it was done at the Session level. So I could login once and see Dashboard A, swtich my role, then log back in and NOT see Dashboard A.
I know 11g still has the concept of WEBGROUPS, that would mimic the above, but my understanding is that Oracle is pushing the use of Application Roles.
My question is how would the above behavior be ported over to 11g using Application Roles? I didn't think the population of an Application Role was Session Based, my belief is that it is populated when the Admin Server/Managed Servers are bought up pulling from the applcable Security Provider.
Edited by: DustinC on Jan 19, 2012 1:29 PM
Edited by: DustinC on Jan 20, 2012 3:54 PM
Edited by: DustinC on Jan 22, 2012 12:45 PM
Edited by: DustinC on Jan 23, 2012 11:40 AMQ1. how deploy external database security(users, groups) to OBIEE 11g.
we used external database security in 10g. all the users and groups maintained in database and obiee rpd has security groups. repository has group information only so it is deployed groups information to obiee 11g by upgrade assistant but how can it deploy users in external database?
Solution:
http://www.varanasisaichand.com/2011/09/external-table-authenticationorder-of.html
http://www.rittmanmead.com/2012/03/obiee-11g-security-week-connecting-to-active-directory-and-obtaining-group-membership-from-database-tables/
http://obieeblog.wordpress.com/2009/06/18/obiee-security-enforcement-%E2%80%93-external-database-table-authorization/
Q2. all the users and roles in LDAP server. in this case how obiee 11g read users and group information?
Obiee11g is intergated with weblogic fusion middleware (Console,EM). in that console have feature to enable mulitiple LDAP authentication
while configuring AD via weblogic console we need to give the users and group info
Solution refer:
http://obieeelegant.blogspot.com/2012/01/obiee-11g-integration-with-ldap.html
http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/privileges.htm#BABCDCFE
Thanks
Deva -
We use Default Authenticator and implemented the security using Weblogic console. Now my client want to see a report on the OBIEE security implemented; he want to see all the groups, roles, users listed and also interested in seeing what users and roles assigned to various groups for the project.
Is it possible to read Weblogic security Metadata?
Appreciate your thoughts on this.
Thanks
BeesWas my answer correct? If so, please indicate so (top right of my last post). If not, then what was your answer?
-
Alternate method of implementing EBS-OBIEE security
We have tried implementing the EBS-OBIEE security as per Metalink Note ID 555254.1(without SSO). How ever, we realised that for cookie based integration to work, both EBS, OBIEE URL need to reside on the same domain. At client location, the applications are hosted in different domains.
Any tested/proven alternative method, where we can pass the EBS responsibilities (say Operating Unit) to OBIEE?
Regards
KSKHi all,
yes, the session variable ':USER' is not picking the user name, but when i hard code it to 'BI_ADMIN" this works fine.
i have tried the following formats in the place of ':USER':
VALUEOF(NQ_SESSION.USER)
VALUEOF(NQ_SESSION."USER")
VALUEOF("NQ_SESSION.USER")
UPPER(VALUEOF(NQ_SESSION.USER))- checking if any problem with case
None of them worked.!!
When I remove the whole " USR.USER_NAME=':USER'
the sql runs fine..please help -
proxy Please specify secure port
All,
I got following messages said:
Fri Dec 29 17:09:46 CST 2000:<I> <WebLogicServer> WebLogic Server started
Fri Dec 29 17:10:14 CST 2000:<E> <proxy> Please specify secure port in the properties. Using default ports 7001/7002 See release notes for more info
Fri Dec 29 17:10:14 CST 2000:<E> <proxy> Please specify secure port in the properties. Using default ports 7001/7002 See release notes for more info
We use WL as proxy server to host the web. There have another 2 clustering machines behide it running WL 5.1 w/SP6. weblogic.properties in proxy server configured as following:
# THE WEBLOGIC PROPERTIES FILE
weblogic.system.listenPort=80
weblogic.password.system=wwwadmin
weblogic.allow.execute.weblogic.servlet=everyone
weblogic.httpd.register.cluster=\
weblogic.servlet.internal.HttpClusterServlet
weblogic.httpd.initArgs.cluster=\
defaultServers=web1:80|web3:80
weblogic.httpd.defaultServlet=cluster
weblogic.security.ssl.enable=true
weblogic.system.SSLListenPort=7003
weblogic.httpd.register.authenticated=weblogic.t3.srvr.ClientAuthenticationServlet
weblogic.security.certificateCacheSize=3
weblogic.httpd.register.AdminCaptureRootCA=admin.AdminCaptureRootCA
weblogic.security.clientRootCA=SecureServerCA.pem
weblogic.security.certificate.server=democert.pem
weblogic.security.key.server=demokey.pem
weblogic.security.certificate.authority=ca.pem
weblogic.httpd.register.Certificate=utils.certificate
weblogic.allow.execute.weblogic.servlet.Certificate=system
weblogic.httpd.enable=true
weblogic.system.nativeIO.enable=true
weblogic.system.enableConsole=true
weblogic.system.executeThreadCount=50
weblogic.system.maxLogFileSize=1024
weblogic.httpd.enableLogFile=true
weblogic.httpd.logFileName=access.log
weblogic.httpd.enableEvents=false
weblogic.httpd.session.enable=true
weblogic.httpd.session.cookie.name=WebLogicSession
weblogic.allow.execute.weblogic.servlet.classes=everyone
weblogic.httpd.register.*.html=weblogic.servlet.FileServlet
weblogic.httpd.register.*.jpg=\
weblogic.servlet.FileServlet
weblogic.httpd.register.*.gif=\
weblogic.servlet.FileServlet
weblogic.httpd.initArgs.*.html=defaultFilename=index.html
weblogic.httpd.register.proxy=weblogic.t3.srvr.HttpProxyServlet
weblogic.httpd.initArgs.proxy=redirectURL=http://web1/
webLOGic.httpd.documentRoot=public_html/
Your input are very appreciated!
Brian
There won't have 2 lines proxy server message again. But now i got following message said:
<Proxy> IOException after server.proxy()....coneection refused
java.net.Connection: Connection refused
What's the minimum setting in weblogic.properties to setup a WL as a proxy server. WL will be 5.1 w/ SP6.
"Ronan Brady" <[email protected]> wrote:
>Your properties line
> weblogic.httpd.initArgs.cluster=defaultServers=web1:80|web3:80
>should read
> weblogic.httpd.initArgs.cluster=defaultServers=web1:80:7003|web3:80:7003
>
>See extract from release notes below:
>
>Additional details on ISSUES 31822:
>
>The following diagram illustrates the differences between setting
>secureProxy="ON" and secureProxy="OFF".
>This feature is set in the WebLogic properties file.
>
>secureProxy=ON
>
>BROWSER<------>HTTPS------>PROXY<------>HTTPS----->WEBLOGIC SERVER CLUSTER
>
>secureProxy=OFF
>
>BROWSER<------>HTTPS------>PROXY<------>HTTP----->WEBLOGIC SERVER CLUSTER
>By passing the secureProxy parameter as an initial argument (in WebLogic
>init.Args) in the cluster servlet and setting it to ON, SSL between the
>proxy and the clusters will be enabled. Below is a demonstration of how to
>turn on the secure proxy feature:
>
>weblogic.httpd.register.cluster=weblogic.servlet.internal.HttpClusterServlet
>weblogic.httpd.initArgs.cluster=\
>defaultServers=server1:7001:7002|server2:7001:7002,\
>secureProxy=ON
>
>
>"Brian Lin" <[email protected]> wrote in message
>news:[email protected]...
>>
>> There still has 2 lines message shown on proxy server:
>> <proxy> Please specify secure port in the properties. Using default ports
>7001/7002 See release notes fore more info.
>>
>> I can see static html on browser now, but servlet and ejb. Before added
>weblogic.security.SSLListenport on command line, the console will said
>undefined this property. But it seems to me not working anyway with message
>returned on proxy server.
>>
>>
>> "Tao Zhang" <[email protected]> wrote:
>> >It should be weblogic.security.SSLListenPort not
>> >weblogic.system.SSLListenPort.
>> >Brian Lin <[email protected]> wrote in message
>> >news:[email protected]...
>> >>
>> >> But proxy server doesn't work in progress (idle).
>> >>
>> >> "Tao Zhang" <[email protected]> wrote:
>> >> >It means that you have to put the listening port and ssl listen port
>in
>> >the
>> >> >2 clustering machines.
>> >> >If you don't use ssl, you can ignore this message.
>> >> >
>> >> >
>> >> >Brian Lin <[email protected]> wrote in message
>> >> >news:[email protected]...
>> >> >>
>> >> >> All,
>> >> >>
>> >> >> I got following messages said:
>> >> >> Fri Dec 29 17:09:46 CST 2000:<I> <WebLogicServer> WebLogic Server
>> >started
>> >> >> Fri Dec 29 17:10:14 CST 2000:<E> <proxy> Please specify secure port
>in
>> >the
>> >> >properties. Using default ports 7001/7002 See release notes for more
>info
>> >> >> Fri Dec 29 17:10:14 CST 2000:<E> <proxy> Please specify secure port
>in
>> >the
>> >> >properties. Using default ports 7001/7002 See release notes for more
>info
>> >> >>
>> >> >> We use WL as proxy server to host the web. There have another 2
>> >clustering
>> >> >machines behide it running WL 5.1 w/SP6. weblogic.properties in proxy
>> >server
>> >> >configured as following:
>> >> >> -------------------------------------
>> >> >> # THE WEBLOGIC PROPERTIES FILE
>> >> >>
>> >> >> weblogic.system.listenPort=80
>> >> >> weblogic.password.system=wwwadmin
>> >> >> weblogic.allow.execute.weblogic.servlet=everyone
>> >> >> weblogic.httpd.register.cluster=\
>> >> >> weblogic.servlet.internal.HttpClusterServlet
>> >> >> weblogic.httpd.initArgs.cluster=\
>> >> >> defaultServers=web1:80|web3:80
>> >> >> weblogic.httpd.defaultServlet=cluster
>> >> >> weblogic.security.ssl.enable=true
>> >> >> weblogic.system.SSLListenPort=7003
>> >> >>
>> >> >>
>> >>
>>
>>>weblogic.httpd.register.authenticated=weblogic.t3.srvr.ClientAuthenticatio
>n
>> >S
>> >> >ervlet
>> >> >> weblogic.security.certificateCacheSize=3
>> >> >> weblogic.httpd.register.AdminCaptureRootCA=admin.AdminCaptureRootCA
>> >> >> weblogic.security.clientRootCA=SecureServerCA.pem
>> >> >> weblogic.security.certificate.server=democert.pem
>> >> >> weblogic.security.key.server=demokey.pem
>> >> >> weblogic.security.certificate.authority=ca.pem
>> >> >> weblogic.httpd.register.Certificate=utils.certificate
>> >> >> weblogic.allow.execute.weblogic.servlet.Certificate=system
>> >> >>
>> >> >> weblogic.httpd.enable=true
>> >> >> weblogic.system.nativeIO.enable=true
>> >> >> weblogic.system.enableConsole=true
>> >> >> weblogic.system.executeThreadCount=50
>> >> >>
>> >> >> weblogic.system.maxLogFileSize=1024
>> >> >> weblogic.httpd.enableLogFile=true
>> >> >> weblogic.httpd.logFileName=access.log
>> >> >> weblogic.httpd.enableEvents=false
>> >> >> weblogic.httpd.session.enable=true
>> >> >> weblogic.httpd.session.cookie.name=WebLogicSession
>> >> >>
>> >> >> weblogic.allow.execute.weblogic.servlet.classes=everyone
>> >> >> weblogic.httpd.register.*.html=weblogic.servlet.FileServlet
>> >> >> weblogic.httpd.register.*.jpg=\
>> >> >> weblogic.servlet.FileServlet
>> >> >> weblogic.httpd.register.*.gif=\
>> >> >> weblogic.servlet.FileServlet
>> >> >> weblogic.httpd.initArgs.*.html=defaultFilename=index.html
>> >> >> weblogic.httpd.register.proxy=weblogic.t3.srvr.HttpProxyServlet
>> >> >> weblogic.httpd.initArgs.proxy=redirectURL=http://web1/
>> >> >> webLOGic.httpd.documentRoot=public_html/
>> >> >> -------------------------------------------------
>> >> >>
>> >> >> Your input are very appreciated!
>> >> >>
>> >> >> Brian
>> >> >
>> >> >
>> >>
>> >
>> >
>>
>
>
-
Disabling directory non-secure port
Hi all.
Is there in Sun Directory Server 5.1 any way to disable non-secure port in order to bind all the connections through the secure port?
Thanks in advance.
Jaime Ferragut
University of the Balearic IslandsYou could try setting the regular port number to "0". I don't think clients can connect on port 0. Be aware that this may disable your ability to manage the DS through the GUI console.
-
Error: Specify secure port in the property Using ports 7001/7002
Hi,
I have two node cluster using WL6.1, and Solaris.
Then, I also setup NSAPI plug in, and specify 2 nodes
in obj.conf file. But I tried to browse the URL.
I have "Secure port in property..." error message.
I check the SSL property in domain->servers->SERVERNAME
Enabled:checked
Listen Port: 9002
Server Key File Name: config/mydomain/demokey.pem
Server Certified File Name: config/mydomain/democert.pem
Server Certifiled Chan File Name: config/mydomain/ca.pem
Is the above correct setup?
What am I missing?
Thanks,
// hiromu
Ok.. That makes more sense.
So, before we fix the error message, I want to understand your architecture.
You have NES(Iplanet) proxying requests to 2 managed servers that are
clustered.
Your managed servers also have the HttpClusterServlet setup to proxy back to
those two instances? I think you may be a bit confused.
The HttpClusterServlet is usually installed on another instance of
WebLogic(managed server) if you are not using Iplanet, IIS, or Apache as a
frontend WebServer. When you use the HttpClusterServlet, that WebLogic
instance will act as a WebServer proxying requests to OTHER backend WebLogic
Servers.
In your case, you probably do not need to use the HttpClusterServlet as you
are using Iplanet to proxy the requests.
In any case, here is the fix to your problem:
Refer to:
http://e-docs.bea.com/wls/docs61///////adminguide/http_proxy_cluster.html
The documentation says the format of specifying the defaultServers is
host1:port:secport|host2:port:secport.
Therefore, you need to add the secure port even though you aren't using it.
Let's assume your secure port is 9002, then your entry should be:
<init-param>
<param-name>defaultServers</param-name>
<param-value>cyberia:9001:9002|sun-timmy:9001:9002</param-value>
</init-param>
Regards,
Eric
"hiromu kato" <[email protected]> wrote in message
news:[email protected]...
>
> Eric,
>
> The error message is from the managed server log as
>
> ####<Oct 2, 2001 9:26:02 PM PDT> <Notice> <WebLogicServer> <cyberia>
<cluster2>
> <ListenThread> <system> <> <000201> <ListenThread liste
> ning on port 9001, ip address 10.10.102.189>
> ####<Oct 2, 2001 9:26:04 PM PDT> <Notice> <Cluster> <cyberia> <cluster2>
<main>
> <system> <> <000102> <Listening for multicast messages
> (cluster bvcluster2) on port 9001 at address 237.0.0.1>
> ####<Oct 2, 2001 9:26:04 PM PDT> <Notice> <WebLogicServer> <cyberia>
<cluster2>
> <main> <system> <> <000330> <Started WebLogic Managed S
> erver "cluster2" for domain "mydomain" running in Production Mode>
> ####<Oct 2, 2001 9:26:16 PM PDT> <Info> <HTTP> <cyberia> <cluster2>
<ExecuteThread:
> '11' for queue: 'default'> <> <> <101047> <[WebAppS
> ervletContext(1524862,bv,/bv)] HttpClusterServlet: init>
> ####<Oct 2, 2001 9:26:16 PM PDT> <Error> <HTTP> <cyberia> <cluster2>
<ExecuteThread:
> '11' for queue: 'default'> <> <> <101048> <Please
> specify secure port in the properties. Using ports 7001/7002. See release
notes
> for more info>
> ####<Oct 2, 2001 9:26:16 PM PDT> <Error> <HTTP> <cyberia> <cluster2>
<ExecuteThread:
> '11' for queue: 'default'> <> <> <101048> <Please
> specify secure port in the properties. Using ports 7001/7002. See release
notes
> for more info>
> ****************
>
> I got the above error when I set web.xml
> <?xml version="1.0" ?>
>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
1.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
>
> <web-app>
>
> <servlet>
> <servlet-name>HttpClusterServlet</servlet-name>
>
<servlet-class>weblogic.servlet.internal.HttpClusterServlet</servlet-class>
> <init-param>
> <param-name>defaultServers</param-name>
> <param-value>cyberia:9001|sun-timmy:9001</param-value>
> </init-param>
> <init-param>
> <param-name>DebugConfigInfo</param-name>
> <param-value>ON</param-value>
> </init-param>
> </servlet>
> <servlet-mapping>
> <servlet-name>HttpClusterServlet</servlet-name>
> <url-pattern>/</url-pattern>
> </servlet-mapping>
> <servlet-mapping>
> <servlet-name>HttpClusterServlet</servlet-name>
> <url-pattern>*.jsp</url-pattern>
> </servlet-mapping>
> <servlet-mapping>
> <servlet-name>HttpClusterServlet</servlet-name>
> <url-pattern>*.htm</url-pattern>
> </servlet-mapping>
> <servlet-mapping>
> <servlet-name>HttpClusterServlet</servlet-name>
> <url-pattern>*.html</url-pattern>
> </servlet-mapping>
> </web-app>
>
> **********************
> My obj.conf of the NES is
>
> Init fn="load-modules" funcs="wl_proxy,wl_init"
shlib=/mebsuta/b/webserver/https-http-mebuta-hkato-50005/plugins/libproxy.so
> Init fn="wl_init"
>
> Init fn=load-types mime-types=mime.types
> Init fn="load-modules"
shlib="/mebsuta/b/webserver/bin/https/lib/libNSServletPlugin.so"
>
funcs="NSServletEarlyInit,NSServletLateInit,NSServletNameTrans,NSServletServ
ice"
> shlib_flags="(global|now)"
> Init fn="NSServletEarlyInit" EarlyInit=yes
> Init fn="NSServletLateInit" LateInit=yes
>
>
> <Object name="weblogic" ppath="*/weblogic/*">
> Service fn=wl_proxy WebLogicCluster="cyberia:9001,sun-timmy:9001"
PathTrim="/weblogic"
> </Object>
>
> <Object name="si" ppath=*/servletimages/*">
> Service fn=wl_proxy WebLogicCluster="cyberia:9001,sun-timmy:9001"
> </Object>
>
>
> <Object name=default>
> NameTrans fn="NSServletNameTrans" name="servlet"
> NameTrans fn="pfx2dir" from="/servlet"
dir="/mebsuta/a/hkato/docs_50005/servlet"
> name="ServletByExt"
> NameTrans fn=pfx2dir from=/ns-icons dir="/mebsuta/b/webserver/ns-icons"
name="es-internal"
> NameTrans fn=pfx2dir from=/mc-icons dir="/mebsuta/b/webserver/ns-icons"
name="es-internal"
> NameTrans fn="pfx2dir" from="/help"
dir="/mebsuta/b/webserver/manual/https/ug"
> name="es-internal"
> NameTrans fn="pfx2dir" from="/manual"
dir="/mebsuta/b/webserver/manual/https"
> name="es-internal"
> NameTrans fn=document-root root="/mebsuta/a/hkato/docs_50005"
> Service method="(GET|HEAD|POST|PUT)" type=text/jsp fn=wl_proxy
WebLogicCluster="cyberia:9001,sun-timmy:9001",
> PathPrepend=/jspfiles
> PathCheck fn=unix-uri-clean
> PathCheck fn="check-acl" acl="default"
> PathCheck fn=find-pathinfo
> PathCheck fn=find-index index-names="index.html,home.html"
> ObjectType fn=type-by-extension
> ObjectType fn=force-type type=text/plain
>
> Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
> Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
> Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
> #AddLog fn=flex-log name="access"
> </Object>
>
> <Object name=cgi>
> ObjectType fn=force-type type=magnus-internal/cgi
> Service fn=send-cgi
> </Object>
>
> <Object name="servlet">
> ObjectType fn=force-type type=text/html
> Service fn="NSServletService"
> </Object>
>
> <Object name="jsp092">
> ObjectType fn="type-by-extension"
> ObjectType fn="change-type" type="magnus-internal/jsp092"
if-type="magnus-internal/jsp"
> Service fn="NSServletService" type="magnus-internal/jsp092"
> </Object>
>
> <Object name="ServletByExt">
> ObjectType fn=force-type type=magnus-internal/servlet
> Service type="magnus-internal/servlet" fn="NSServletService"
> </Object>
>
> <Object name="es-internal">
> PathCheck fn="check-acl" acl="es-internal"
> </Object>
>
>
> Thank you for the help,
>
> // hiromu
>
-
OBIEE Security - How to setup SSO-integrated EBS users & mobile access?
I'm looking for the best approach to solution my company's OBIEE Security requirements, they are:
1) Create a standard authentication/security process at an enterprise level
2) Maintain EBS Roles to provide object-level and data-level security in OBIEE
3) EBS Users must go through the EBS portal to get to OBIEE (ie. single signon integration)
4) non-EBS users must go through the OBIEE portal
5) Both EBS and non-EBS users need ability to use the OBIEE iPad mobile application
So for the EBS users, I've implemented the SSO integration between OBIEE 11.1.1.5.0 and EBS R11 based on the Oracle white paper [ID 1343143.1]. I've also set up an Authorization session init block to read the user's EBS Roles and set up object/data level security.
For the non-EBS users, I've kept the default identity store (WLS-LDAP) and authentication provider.
My question is what's the best approach for providing mobile access to the EBS users? Obviously I can't pass an HTML cookie to the iPad for these guys. Assuming these EBS users are in an corporate-LDAP store, I was thinking to setup a dual authentication store that connects to both corporate-ldap(EBS) and the WLS-integrated LDAP(non-EBS).
Will this work? Does anyone have a better approach they'd like to share?Please post the details of the application release, database version and OS.
We have a customer, who has upgraded to EBS R12 recently. With EBS R12 there comes a responsibility that enables users to directly open embedded BI in EBS. When people do LDAP authentication to EBS, they can directly open the OBIEE inside the EBS. But, when the EBS is SSO (OAM+WNA) integrated, OBIEE SSO in EBS does not work. What is the error?
It could be related that OAM generated cookies are not recognized by embedded OBIEE.
Is there a way to do a setup with both OAM SSO enabled to EBS, and EBS-OBIEE SSO is enabled inside EBS ? I do not think there is a single document that covers all the above (I believe you are aware of the individual docs).
For urgent issue, please always log a SR.
Thanks,
Hussein -
E proxy Please specify secure port in the properties.
Hi,
I have a cluster of two weblogic servers as 192.168.80.144 and
192.168.80.147 both are in NT. I have installed weblogic in both m/c in
same folder. Do I need to put the same port number ( what port number
443 ? or anyone ? ) in [weblogic]/weblogic.properties and
[weblogic]/[mycluster]/weblogic.properties. I have tried putting 443 and
7001. Then what ip-address will be used to put the request ? I tried to
request on mycluster:443 and mycluster:7001 where mycluster is the name
of the cluster in both m/c and there is an entry in hosts file of NT for
192.168.80.144 and 192.168.80.147 as mycluster.
After starting the server it says
Tue May 22 10:00:54 CEST 2001:<I> <Cluster> Adding server
7537245419133606340S192.168.80.147:[443,443,7002,7002,443,-1]
to cluster view
Tue May 22 10:00:58 CEST 2001:<I> <NT Performance Pack> Allocating: '2'
NT reader threads
Tue May 22 10:01:05 CEST 2001:<I> <WebLogicServer> WebLogic Server
started
Tue May 22 10:01:57 CEST 2001:<I> <ServletContext-General> *.html: init
When I send the request thru browser it says following:
Tue May 22 10:01:57 CEST 2001:<E> <proxy> Please specify secure port in
the properties. Using default ports 7001/7002 Se
e release notes for more info
Tue May 22 10:01:57 CEST 2001:<E> <proxy> Please specify secure port in
the properties. Using default ports 7001/7002 Se
e release notes for more info
Please suggest me what to do for running the cluster properly.
Thanx in advance.
Vinay Kumar
Gauss Interprise AG Phone: +49-40-3250-1226
Weidestrasse 120 A Mobile: +49-177-7906818
D-22299 Hamburg mailto:[email protected]
Germany web: http://www.gauss-interprise.com
[att1.html]
Clustering is a big topic that cannot be explained in one post. That was why I suggested the link for a complete explanation. The link does provide tons of information you need to setup a cluster.
However, here are some pointers for your case as applicable to WebLogic 5.10 clustering (which is what you seem to be running).
(1) Weblogic properties have the following precedence (properties defined in the first item in the following list override the same properties defined in the second item in the list and so on): command line properties, per-server property file, cluster-wide property file and finally global property file.
If you installed Weblogic 5.10 under /weblogic and your cluster is called "mycluster" and your server is called "Server1" and you command line script is stored in a file called "startServer1.cmd" under /weblogic, then weblogic will read the properties in the following order (the latest read overrides the same properties from an earlier read):
(a) /weblogic/weblogic.properties <-- global property file
(b) /weblogic/mycluster/weblogic.properties <-- cluster-wide property file
(c) /weblogic/mycluster/Server1/weblogic.properties <-- per-server property file
(d) properties defined in startServer1.cmd <-- command line properties
In your case, a good place to place the port number is in the cluster-wide property file (since all servers in the cluster should use the same port). Do not specify any ports in the per-server property file or in the command line properties in this case as they will override the port specified earlier.
(2) In 5.10, you will typically have a bank of webservers (Apache, Netscape, IIS) in front of the cluster. Several configurations are possible. You can for instance have a hardware load-balancer in front of the webserver. You can then have the DNS serve up the external IP of the load-balancer. Alternatively, you can also do DNS round-robin among the webservers. Clients will then use the DNS name in the URL which will map to either the load-balancer or one of the webservers.
Check this link out for details on architecture:
http://www.weblogic.com/docs51/cluster/planning.html#1040272
Giri
"Vinay Kumar" <[email protected]> wrote in message news:[email protected]...
Hi Giri,
From this very link I got the idea to use weblogic cluster.
So this is not of much help.
Thanx.
Giri Alwar wrote:
Take a look at the following document: http://www.weblogic.com/docs51/cluster/index.html Giri
"Vinay Kumar" <[email protected]> wrote in message news:[email protected]... Hi,
I have a cluster of two weblogic servers as 192.168.80.144 and 192.168.80.147 both are in NT. I have installed weblogic in both m/c in same folder. Do I need to put the same port number ( what port number 443 ? or anyone ? ) in [weblogic]/weblogic.properties and [weblogic]/[mycluster]/weblogic.properties. I have tried putting 443 and 7001. Then what ip-address will be used to put the request ? I tried to request on mycluster:443 and mycluster:7001 where mycluster is the name of the cluster in both m/c and there is an entry in hosts file of NT for 192.168.80.144 and 192.168.80.147 as mycluster.
After starting the server it says
Tue May 22 10:00:54 CEST 2001:<I> <Cluster> Adding server 7537245419133606340S192.168.80.147:[443,443,7002,7002,443,-1]
to cluster view
Tue May 22 10:00:58 CEST 2001:<I> <NT Performance Pack> Allocating: '2' NT reader threads
Tue May 22 10:01:05 CEST 2001:<I> <WebLogicServer> WebLogic Server started
Tue May 22 10:01:57 CEST 2001:<I> <ServletContext-General> *.html: init
When I send the request thru browser it says following:
Tue May 22 10:01:57 CEST 2001:<E> <proxy> Please specify secure port in the properties. Using default ports 7001/7002 Se
e release notes for more info
Tue May 22 10:01:57 CEST 2001:<E> <proxy> Please specify secure port in the properties. Using default ports 7001/7002 Se
e release notes for more info
Please suggest me what to do for running the cluster properly.
Thanx in advance.
Vinay Kumar
Gauss Interprise AG Phone: +49-40-3250-1226
Weidestrasse 120 A Mobile: +49-177-7906818
D-22299 Hamburg mailto:[email protected]
Germany web: http://www.gauss-interprise.com
Vinay Kumar
Gauss Interprise AG Phone: +49-40-3250-1226
Weidestrasse 120 A Mobile: +49-177-7906818
D-22299 Hamburg mailto:[email protected]
Germany web: http://www.gauss-interprise.com
[att1.html]
-
Secure port error on Oracle DSEE 11gR1
Hi,
I just installed Oracle 11gR1, and trying to run dsconf command, it does not let me run with secure port ( 15389). For example i am trying to run the following command, but i get bind error :
/var/Sun/mps/dsee7/bin> dsconf analyze-index-filters -h "example.com" -p "15389" "dc=example,dc=com"
Unable to bind securely on "example.com:15389".
The "analyze-index-filters" operation failed on "example.com:15389".
Please help me.
Thanks, PamelaHi,
Could you try again with -P instead of -p ?
Regards,
-Sylvain -
Secure port error en HttpClusterServlet config
According to the release notes, it's now possible to set up SSL
communications between WLS (proxy) and WLS (app) instances using the
HttpClusterServlet. However, when I set the secureProxy to "ON", I
receive a message telling me that I need to define the secure port.
What is the syntax for defining the secure port? I assume that it is in
the "defaultServers" parameter of HttpClusterServlet, but haven't gotten
it to work yet.
Thanks
Monte
According to the release notes, it's now possible to set up SSL
communications between WLS (proxy) and WLS (app) instances using the
HttpClusterServlet. However, when I set the secureProxy to "ON", I
receive a message telling me that I need to define the secure port.
What is the syntax for defining the secure port? I assume that it is in
the "defaultServers" parameter of HttpClusterServlet, but haven't gotten
it to work yet.
Thanks
Monte
-
Hi All,
I want to secure port for my Sqldeveloper which is on my laptop with IP 100.2.10.200 to connect to a scecured PROD server SLES 11.
My laptop will the one only allowed to connect to the PROD using OEM and SqlDev . How do I configure it?
What port does Sqldev uses? is it the same listener port 1521? same like the OEM 1158?
Thanks....yxes2013 wrote:
I want to secure port for my Sqldeveloper which is on my laptop with IP 100.2.10.200 to connect to a scecured PROD server SLES 11.Nonsensical question. SQL-Developer does not listen on a network port. The port it uses will be a client port in the dynamic port range - created when SQL-Developer connects to the Listener port on the Oracle server.
Also, opened ports are by their very nature not secure. There is thus no such thing as an open and secure port. Open a port as a listening endpoint on a public NIC, and that port, with that service, is exposed to attack.
The only way to "secure" a port is to remove that from the public network interface all together and run it on localhost (making it a local port only, and inaccessible to everyone else). And this has very limited use. An external client can only use that port via a ssh local tunnel. Which in turns requires you to make port 22/tcp public. -
Dsee 6.3.1 - disable non-secure port
I disabled access to the non-secure port on my ldapserver as I only want clients to talk to my server using ssl (tls:simple)
root@ldapserver#/> dsconf set-server-prop ldap-port:disabled
After the compulsory restart, I was no longer able to bind a client (even if I tell it to connect on port 636) :
root@ldapclient #/> ldapclient init -v -a profileName=SB -a domainName=unix.mydomain.com -a proxyDN=cn=proxyagent,ou=profile,dc=unix,dc=mydomain
,dc=com ldapserver.mydomain.com:636
Parsing profileName=SB
Parsing proxyDN=cn=proxyagent,ou=profile,dc=unix,dc=mydomain,dc=com
Arguments parsed:
proxyDN: cn=proxyagent,ou=profile,dc=unix,dc=mydomain,dc=com
profileName: SB
defaultServerList: ldapserver.mydomain.com:636
Handling init option
About to configure machine by downloading a profile
findBaseDN: begins
findBaseDN: ldap not running
findBaseDN: calling __ns_ldap_default_config()
__ns_ldap_list return NULL resultp
findBaseDN: Err exit
LDAP ERROR (85): Error occurred during receiving results. Timed out.
Failed to find defaultSearchBase for domain unix.mydomain.com
I know my certs are good as ldapsearch returns data as I would expect...
root@ldapclient #/> ldapsearch -Z -p 636 -h ldapserver.mydomain.com -P /var/ldap -b dc=unix,dc=mydomain,dc=com uid=myuser
returns my userid.
There is an anonymous read only ACI in place:
root@ldapclient #/> ldapsearch -Z -p 636 -h ldapserver.mydomain.com -P /var/ldap -b dc=unix,dc=mydomain,dc=com -s base "(objectclass=*)" aci
aci: (target ="ldap:///dc=unix,dc=mydomain,dc=com")(targetattr!="userPassword")(
version 3.0;acl "Anonymous read-search access";allow (read, search, compare)
(userdn = "ldap:///anyone");)
As soon as I re-enable standard 389 access the client init works fine again....
Am I missing something here?
Does the `ldapclient init` command need to make a 389 connection first before it downloads the profile which tells it to use tls:simple and therefore port 636 from then onwards?quote:
SSL enables support for the Start TLS extended operation that provides security on a regular LDAP connection. Clients can bind to the non-SSL port and then use the Transport Layer Security protocol to initiate an SSL connection. The Start TLS operation allows more flexibility for clients, and can help simplify port allocation.
[http://docs.sun.com/app/docs/doc/820-2765/gdzdc?l=en&a=view] -
Weblogic 10.3.6 SNMP monitoring using secured port
We will like to monitor Weblogic using Nagios by deploying WLSAgent.
Currently, WLSAgent can only work through unsecured port. Out web-logic servers are currently configured to be accessible only through the secured port.
Has anyone been able to get WLSAgent to work with secured port?
Are there any known issues with using unsecured port?
Thanks.The time-out you are getting is that related to a transaction?
You can set the transaction time-out in the WebLogic console go to the JTA page for the domain, and change the value in the Timeout Seconds field.
When you are using EJBs, you can also set the time-out on a EJB basis, instead of configuring the time-out for the whole domain.
For example, in weblogic-ejb-jar.xml, you can configure the time-out by using:
<weblogic-ejb-jar ...>
<weblogic-enterprise-bean>
<ejb-name>YOUR_EJB_NAME</ejb-name>
<enable-call-by-reference>True</enable-call-by-reference>
<stateless-session-descriptor>
<pool>
<initial-beans-in-free-pool>25</initial-beans-in-free-pool>
<max-beans-in-free-pool>50</max-beans-in-free-pool>
</pool>
</stateless-session-descriptor>
<transaction-descriptor>
<trans-timeout-seconds>600</trans-timeout-seconds>
</transaction-descriptor>
</weblogic-enterprise-bean>
</weblogic-ejb-jar>The transactions this EJB spawns can last for 10 minutes. -
How to disable non secure port on Sun Java System Directory Server 5.2
Hi, can someone tell me how to disable the non secure port 389 on the SJS Directory Server 5.2? I only see two options for the directory server to listen on the non secure port or both secure and non secure ports. I see that someone mentioned to change the port the loopback ip address but the gui doesn't allow that.
Any help is appreciated.
Thanks,
MikeYep! You can add the loopback address to the listen host attr, directly to the dse.ldif (insntace stopped of course) or ldapmodify the config entry
Maybe you are looking for
-
Books not being transferred to Ereader :(
For about a year now I have successfully downloaded books from the library, loaded onto the Adobe Digital Software and then moved it to my Kobo. All of a sudden, it stopped working. When I transfer the book to the ereader (from adobe software) it s
-
Windows 'My Computer' does not recognize my iPhone?
When I connect my iPhone 3GS to me Dell Windows 7 laptop 'My Computer' does not recognise the phone at all whereas iTunes does. The system just opens an error window saying "Device Driver software was not successfully installed. Does anybody know a s
-
OS: win2000 professional JRE: Jdk-1.4.0._01 JMF: 2.1 Borwser: IE 5.0 I have completed installing the JMF, but no JMF Applet can be shown in IE, the messages always are "class Not Found, javax.media.ControllerListener" or "class Not Found, javax.media
-
9i install error "error writting to C:|windows\system32\mfcan32.dll"
I'm trying to install Oracle on a "brand new" computer running WIN 2003 XP Home, so I'll be ready for the fall semester. I was installing Oracle9i DS Release 2 (9.0.2.1) and at the "Install" screen this Oracle message. ERROR writting to C:|windows\sy
-
ALTERNATE COLOR SCHEME TRICK FOR MAC'S
Hey all. Just want to share a quick little trick I just found on my computer...Press Control, Option, Command (Apple button) and 8 on your keyboard. This will switch the color scheme on your monitor to negative color - all colors are now reversed - w