Set-up with different urls for login server and mid-tier

The desired external host names are the following:
Portal -> http://www.myportal.com
Login Server -> http://www.login.com
The real (internal) host names are the following:
midtier -> midtier.xyz.com
infrastructure-> infra.xyz.com
How should the Oracle HTTP Server, Login/SSO server, portal be configured with this type of set-up?
In particular, what should be in the httpd.conf, dads.conf, mod_osso.conf files and which values should be passed to the ssocfg and ptlasst scripts? Does the DAS url need to have the internal or external host name?

How should the scenario described above be integrated into the instructions below? $HOSTNAME may refer to the internal or external midtier or infrastructure machine name. Which should be used?
Assume HTTPS for the login server --> https://www.login.com.
<PRE>
Doc ID: Note:216126.1
Subject: How to configure SSL with Portal 9.0.2
Type: HOWTO
Status: PUBLISHED
Content Type: TEXT/PLAIN
Creation Date: 25-OCT-2002
Last Revision Date: 16-JAN-2003
PURPOSE ------- This note explains how to set up SSL with Portal. There are several ways to configure SSL with Portal. This note uses SSL only between the browser and WebCache. The communication between the Webcache/Apache or PPE/Webcache is done in HTTP. This installation is a lot less CPU extensive than a full SSL configuration. Please note the configuration outlined here is not currently certified for Portal 9.0.2; however, it is fully supported by Oracle Support and Development. This means that this configuration was not tested by the Portal QA Department within Oracle. The difference in the QA test was that all components of the configuration were in SSL mode. SCOPE & APPLICATION ------------------- This note is intended for Portal administrators. This note is based on Unix. The Windows NT configuration is very similar. HISTORY ------- Version 1.0: SSL with a Unix shell script Version 1.1: Comment about the Webcache HTTP port How to configure SSL with Portal 9.0.2 -------------------------------------- Step 1 - Prerequisite --------------------- A. Get a SSL certificate ------------------------ IAS v2 is given with dummy certificates. You can use them. If you wish to use real SSL certificates, follow a note to configure SSL with Webcache like : - Note 161863.1 - Configuring WebCache with SSL - NT/2000 - Note 165305.1 - Configuring WebCache with SSL - Unix B. Password of the database schemas of portal --------------------------------------------- You need to have the passwords of the following database users: Database user Your passwords ---------------------------------------------- portal orasso orasso_ps orasso_pa These passwords are normally randomized during the installation of IAS V2. To find them, please follow one of these notes: - Note 206514.1 : IAS 9.0.2 : How to get the portal passwords to run the PTLASST script (Windows) - Note 199633.1 : Script to determine orasso password in 9iAS 9.0.2 on Unix - Note 205984.1 : Script to determine orasso password in 9iAS 9.0.2 on Windows C. Ports -------- During this installation, you will need to know a lot of ports of IAS V2. Please collect this information, before to begin. You can see the port list by going to the homepage of the midtier and of the infrastructure web page and clicking on the tab Port. You can also read the file portlist.ini that resides in both ORACLE_HOME in the directory $ORACLE_HOME/install. Here is the list, you need: Name of the port My port numbers Your port numbers --------------------------------------------------------------------- Midtier Web Cache HTTP port 7783 Midtier Web Cache HTTPS port 4459 Midtier Web Cache Admin port 4000 Midtier Web Cache Invalidation port 4001 --------------------------------------------------------------------- Infrastructure Oracle HTTP Server port 7784 Infrastructure Oracle HTTPS Server port 4460 Infrastructure Internet Directory(non-SSL) 4039 --------------------------------------------------------------------- D. Backups ---------- You should take a backup of your IAS installation in case that you want to revert all the changes done here and/or if you make a mistake during the configuration. The only good way to do a backup of IAS 9.0.2 is to have a full backup of the both ORACLE_HOMES of the Infrastructure and of the MidTier. Step 2 - Configure Portal to run in SSL --------------------------------------- 1) Edit the Webcache configuration Go to the administration port > http://hostname:web_admin_port/ > Typically http://hostname:4000/ Login: administrator/administrator Go to General Configuration / Site to Server Mapping -> Change the rule WebCache SSL - HTTP SSL -> Below the title Select "Application Web Servers" -> Check the checkbox with HTTP -> Uncheck the one with HTTPS -> Submit On the top of Webcache admin screen, press on <Apply the changes> Then restart WebCache. 2) Edit the dads.conf (in $MIDTIER_ORACLE_HOME/Apache/modplql/conf) Add a new line in the DAD: <Location /pls/portal> PlsqlCGIEnvironmentList REQUEST_PROTOCOL=HTTPS,SERVER_PORT=4459 Where 4459 is the HTTPS port of the MIDTIER. 3) Modify the web.xml of the portal application ($MIDTIER_ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF) Add several parameters to the page servlet (PPE). [...] <servlet> <servlet-name>page</servlet-name> [...] <init-param> <param-name>useWebCache</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>useScheme</param-name> <param-value>http</param-value> </init-param> <init-param> <param-name>usePort</param-name> <param-value>7783</param-value> </init-param> </servlet> [...] Where 7783 is the HTTP port of Webcache. Step 3 - Run the PTLASST ------------------------ Because of bug 2659809, we will remove an entry in OID before to run the PTLASST script. This entry will be recreated by PTLASST. Because of bug 2654938, we will reconfigure Webcache after PTLASST. Run this script, and modify the environment variables with the values found above. This scripts does 3 things: 1) It configures SSO/DAS to run in the infrastructure HTTPS port 2) It configures Portal in HTTPS mode, and associates Portal with SSO in HTTPS. 3) Restart OC4J and HTTP processes of the MIDTIER and INFRASTRUCTURE - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - portal_ssl.sh - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - export INFRA_ORACLE_HOME=/u01/oracle/product/infra902 export MIDTIER_ORACLE_HOME=/u01/oracle/product/ias902 export INFRA_SID=iasdb export MIDTIER_SID=ias902 export PORTAL_SID=$INFRA_SID export PORTAL_TNS=iasdb export MIDTIER_HTTP_PORT=7783 export MIDTIER_HTTPS_PORT=4459 export WEBCACHE_INV_PORT=4001 export WEBCACHE_ADM_PORT=4000 export INFRA_HTTP_PORT=7784 export INFRA_HTTPS_PORT=4460 export OID_PORT=4039 export EM_PORT=1810 export PORTAL_PASSWORD=ABCDEFGH export ORASSO_PASSWORD=ABCDEFGH export ORASSO_PA_PASSWORD=ABCDEFGH export ORASSO_PS_PASSWORD=ABCDEFGH export HOSTNAME=machine.domain.com export IAS_PASSWORD=ABCDEFGH export ORAENV_ASK=NO export ORACLE_SID=$INFRA_SID . oraenv unset ORAENV_ASK echo '******** PART 1 - SSO IN SSL **********' export LD_LIBRARY_PATH=$INFRA_ORACLE_HOME/lib:$LD_LIBRARY_PATH export PATH=$INFRA_ORACLE_HOME/jdk/bin:$PATH export PATH=$ORACLE_HOME/bin:$PATH # This step will change the URL used to login by default for # all partner application cd $INFRA_ORACLE_HOME/sso/bin ./ssocfg.sh HTTPS $HOSTNAME $INFRA_HTTPS_PORT # This step add a new partner application to SSO. # It associates the new URL used by OIDDAS with SSO. cd $INFRA_ORACLE_HOME/sso/lib java -jar $ORACLE_HOME/sso/lib/ossoreg.jar -host $HOSTNAME -port 1521 -sid $INFRA_SID -site_name ssl_$HOSTNAME -success_url https://$HOSTNAME:$INFRA_HTTPS_PORT/osso_login_success -cancel_url https://$HOSTNAME:$INFRA_HTTPS_PORT/ -logout_url https://$HOSTNAME:$INFRA_HTTPS_PORT/osso_logout_success -home_url https://$HOSTNAME:$INFRA_HTTPS_PORT/ -start_date 08012002 -admin_id oracle -ip_check false -config_mod_osso true -oracle_home_path $INFRA_ORACLE_HOME -u root -sso_server_version v1.2 echo '---------------------' echo 'Change the URL of DAS' echo '---------------------' rm das.ldif echo 'dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext' > das.ldif echo 'changetype:modify' >> das.ldif echo 'replace:orcldasurlbase' >> das.ldif echo orcldasurlbase:https://$HOSTNAME:$INFRA_HTTPS_PORT/ >> das.ldif ldapmodify -h $HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w "$IAS_PASSWORD" -f das.ldif echo '******** PART 2 - PORTAL IN SSL **********' echo '-----------------------' echo 'Delete an entry in LDAP' echo '-----------------------' ldapdelete -h $HOSTNAME -p $OID_PORT -D "cn=orcladmin" -w "$IAS_PASSWORD" "orclApplicationCommonName=PORTAL,cn=Portal,cn=Products,cn=OracleContext"
echo '-------------' echo 'Configure SSL' echo '-------------' export ORACLE_HOME=$MIDTIER_ORACLE_HOME $MIDTIER_ORACLE_HOME/assistants/opca/ptlasst.csh -mode MIDTIER -i custom -s portal -sp $PORTAL_PASSWORD -c $HOSTNAME:1521:$PORTAL_SID -sdad portal -o orasso -op $ORASSO_PASSWORD -odad orasso -host $HOSTNAME -ssl -port $MIDTIER_HTTPS_PORT -ldap_h $HOSTNAME -ldap_p $OID_PORT -ldap_w $IAS_PASSWORD -pwd $IAS_PASSWORD -sso_c $HOSTNAME:1521:$PORTAL_SID -sso_h $HOSTNAME -sso_p $INFRA_HTTPS_PORT -ultrasearch -oh $MIDTIER_ORACLE_HOME -mc false -mi true -chost $HOSTNAME -cport_i $WEBCACHE_INV_PORT -cport_a $WEBCACHE_ADM_PORT -wc_i_pwd invalidator -emhost $HOSTNAME -emport $EM_PORT -pa orasso_pa -pap $ORASSO_PA_PASSWORD -ps orasso_ps -pp $ORASSO_PS_PASSWORD -pd portal_dblink -p_tns $PORTAL_TNS -s_tns $PORTAL_TNS -verbose -portal_only $MIDTIER_ORACLE_HOME/assistants/opca/ptlasst.csh -mode SSOPARTNERCONFIG -i custom -s portal -sp $PORTAL_PASSWORD -c $HOSTNAME:1521:$PORTAL_SID -sdad portal -o orasso -op $ORASSO_PASSWORD -odad orasso -host $HOSTNAME -ssl -port $MIDTIER_HTTPS_PORT -sso_c $HOSTNAME:1521:$PORTAL_SID -sso_h $HOSTNAME -sso_p $INFRA_HTTPS_PORT -pa orasso_pa -pap $ORASSO_PA_PASSWORD -ps orasso_ps -pp $ORASSO_PS_PASSWORD -p_tns $PORTAL_TNS -s_tns $PORTAL_TNS -verbose -silent echo '--------' echo 'WebCache' echo '--------' export ORACLE_HOME=$INFRA_ORACLE_HOME sqlplus portal/$PORTAL_PASSWORD@$PORTAL_TNS @$MIDTIER_ORACLE_HOME/portal/admin/plsql/wwc/cachseed.sql $HOSTNAME $WEBCACHE_INV_PORT $WEBCACHE_ADM_PORT invalidator on portal echo '********** Part 3 - restart the MIDTIER **************' export ORAENV_ASK=NO export ORACLE_SID=$MIDTIER_SID . oraenv unset ORAENV_ASK echo '--- MIDTIER: stop all the dcm processes' cd $ORACLE_HOME/dcm/bin dcmctl stop -v echo '--- MIDTIER: clear the PLSQL cache' rm -Rf $ORACLE_HOME/Apache/modplsql/cache/plsql echo '--- MIDTIER: start all the dcm processes' dcmctl start -v export ORAENV_ASK=NO export ORACLE_SID=$INFRA_SID . oraenv unset ORAENV_ASK echo '--- INFRA: stop all the dcm processes' cd $ORACLE_HOME/dcm/bin dcmctl stop -v echo '--- INFRA: start all the dcm processes' dcmctl start -v - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SECURITY COMMENTS ----------------- This configuration has HTTP port of Webcache reachable from outside. Webcache has no way to limit the use of a port to a specific machine or IP address. This is not a real issue because the goal of SSL is not to avoid that people access your server but that people intercept the data sent between the browser and the webserver. But in case that you/your customer is very sensible about security and want a webserver with SSL only (what is very rare), you may want to add a firewall in front of Webcache to block the HTTP port. RELATED DOCUMENTS ----------------- Note 161863.1 - Configuring WebCache with SSL - NT/2000 Note 165305.1 - Configuring WebCache with SSL - Unix
</PRE>

Similar Messages

  • How to set up different realms for each server ?

    I am using weblogic 6 sp1.I have a domain with several servers. i want to assoicate or use different custom security realm for each server.However -on weblogic console- there is no 'Target' tab in the Security node ,and no way to set up multiple Security nodes.How ca i do this (or can i)?

    Main reason why is this:
    Imagine situation I have 2 servers A and B both of them bellongs to domain SomeDomain.
    Server A is as WebServer and server B hosts all EJBs. And server A is outside
    firewall (does not have DB access). But i would like to use RDBMS realm so what
    to do in this situation. Place both servers in different domains and in server
    A install proxy realm for RDBS realm ?
    "Tom Moreau" <[email protected]> wrote:
    >
    You can't have a different realm for each
    server. There is only one realm for all
    servers - think of it as there is only
    one set of authentication & authorization
    information (that is users/groups/permissions)
    and it applies to all servers.
    Why do you want each server to have its
    own realm? If someone tries to log in,
    do you want WLS to automatically route
    them to a server who is capable of logging
    them in? I'm having trouble understanding
    why you want this feature.
    Thanks,
    -Tom Moreau
    Rachel <[email protected]> wrote:
    I am using weblogic 6 sp1.I have a domain with several servers. i want
    to assoicate or use different custom security realm for each server.However
    -on weblogic console- there is no 'Target' tab in the Security node
    ,and no way to set up multiple Security nodes.How ca i do this (or can
    i)?

  • Is it possible to share an aperture library with different users using osx server.

    is it possible to share an aperture library with different users using osx server.

    Not really.  You should not be sharing an Aperture library over a network.  It's not designed for that and you'll likely corrupt your library at some point.

  • Are iPads built with different configurations for different countries?

    Are iPads built with different configurations for different countries?

    deebeeque wrote:
    I live in the U.S. but am moving to Brazil. I would like to purchase an iPad here in the U.S. but want to have it set up for Brazil, ie: language, operation, WiFi. Can all of this be done by selecting the country specific configuration at the setup stage?
    You can certainly chose the language when you set it up. WiFi is an international standard, no difference between US and Brazil. You can further go into Settings - General - International and select language, as well as keyboards and region format.
    Also, Is it possible to order the iPad (to be shipped to me in the U.S.) with packaging material (ie: operation manual, etc.) in the Brazilian Portuguese language?
    There is no operation manual included - English, Portuguese, or any other language. You can find the one you need at http://support.apple.com/pt_BR/manuals/.
    Additionally, does Brazil have 4G?
    I'm not sure, but as of now the only countries where the iPad 4G will work are the US and Canada - other countries that have 4G use different frequencies.

  • More contracts (with different suppliers) for one item

    Dear MDM Experts,
    is it possible to make more contracts (with different suppliers) for one item?
    Thanks and regards,
    Ádá

    Hi,
    Thanks for your answer. If I set my shopping cart for a contract with a supplier A, and I select an item with a supplier B, then after pushing button Transport to SRM on the shopping cart webdynpro UI, I would get the an error message, and the item wouldn't come to the SRM.
    If the item doesn't have any supplier, and I make a contract with it, the supplier of the contract goes to the item, and after that I can't make a contract with an other supplier for this item, because of the uppers.
    The type of field Supplier in table Catalog Items is Lookup field, and it can't be modified.
    Could you please write to me which can I set our system to be able to make contracts with many suppliers?
    Thanks and regards,
    Ádám Horváth

  • I have two users with different music on each itunes and i can only use one library, how do i use both for one iTouch?

    i have two users with different music on each itunes and i can only use one library, how do i use both for one iTouch?

    Chris, I believe this link may have the information you're looking for. Welcome to discussions!
    http://docs.info.apple.com/article.html?artnum=300432

  • Perform Client import/export SCC8 with different release component between server

    Dear All
    Isn't possible to perform Client import/export SCC8 with different release component between server.?
    Currently the condition of between two system as follows
    Source Server     : SAP ECC6.0, Component SAP_APPL, release 602 level 16
    Target Server     : SAP ECC6.0, Component SAP_APPL, release 600 level 24.
    This problem happens due we was unable to downgrade the release and patch the latest support pack of SAP_APPL reelease 600.
    Thank You, your help is much appreciated.

    No..

  • Must I define abstract  interfaces with different names for BPM?

    Must I define abstract interfaces with different names for BPM?
    When interface appeared several times with different values and usage.
    Of course they are the same message type.

    Hi,
    Check this
    RFC Scenario using BPM --Starter Kit
    Regards
    Seshagiri

  • Invoice posting with different currency for the same PO

    Hi,
    Can we post the the Invoice with different currencies for the same PO.
    For example.
    PO has Qty 100 pcs.  amount 100 USD
    GR   Qty 100 pcs.
    Is it possible to post Invoice of 50 pc with 50 USD, and 50pcs with some other currency.
    Any sugggestions pls.
    Thanks,
    Satya

    Hello
    As per my knowledge, that is not possible.
    And in whjat scenario, we need to do that?
    In MIRO header itself we have the vendor currency, so it is not posbile to maintain different currency in different line items in MIRO.
    If you want, you can do MIRO in different currency that what is in PO.
    In the example given, you have o post 2 invoices, one for 50 qty in USD and the other 50 in different currency in other invoice transaction by giving the currency in basic data-invoice header and then only press ENTER after giving the PO number.
    Hope this helps
    Regards

  • HT4865 I need help findin my sons iPod n I set up with different iCloud account n never installed find my device n location map is off how do I locate device

    I need help findin my sons iPod n I set up with different iCloud account n never installed find my device n location map is off how do I locate device

    Jenniferp27.jp wrote:
    ...n never installed find my device n location map is off how do I locate device
    Then you cannot locate it electronically.
    What to do if your iOS device is lost or stolen
    http://support.apple.com/kb/HT5668

  • How use set up with office 2011 for mac as I did keep tried put download but it's always 'update' download. I want get start set up new office 2011 for mac? please help me

    how use set up with office 2011 for mac as I did keep tried put download but it's always 'update' download. I want get start set up new office 2011 for mac? please help me

    You must be using an update CD.  You need the software that has the full version first - install that, then you can use the update one if needed. I know, cuz I made the same mistake - lol

  • HT201436 I have an iPhone 4s and have set up with my provider for voicemail. however, when called my phone does not switch to voicemail. How do I set the phone to transfer to voicemail when not answered etc?

    I have an iPhone 4s and have set up with my provider for voicemail. however, when called my phone does not switch to voicemail. How do I set the phone to transfer to voicemail when not answered etc?

    Voicemail is a carrier feature, not a phone feature. This has to be fixed by your carrier, so contact them, as obviously, voicemail is not properly provisioned on your account.

  • Using different templates for the desktop and phone versions of the same blog

    I have a site which was created in Adobe Muse and is hosted on Business Catalyst.
    I have created both a desktop and a phone versions of the site.
    I  want to know how I can integrate the blogs that I  currently have on the desktop site with the phone version that I just did, using different templates for the desktop and phone versions of the same blog. This is in order to ensure that visitors to the blogs on the website are directed to the templates that render correctly for the devices they are using.
    My current approach has been to create both a desktop and phone versions of the blogs. The problem with this however, is that the dates are different and the comments are separated between the two blog versions!
    I  have also tried enabling mobile templates in BC, but still couldn't find a way to specify the mobile versions of the templates for the same blog?
    To recap my problem, I basically  need a solution where the same blog uses different templates for desktop and mobile (both templates use different navigation headings and menu styles)
    Thanks.

    There can be few reason for this, including page contents links or contents used in phone/tablet version.
    Please provide the site url , also try to publish the site as a trial site in Business Catalyst with all layouts which would help to isolate the issue.
    Thanks,
    Sanjit

  • Does LR handle a dual monitor setup with different aspect ratios (16:9 and 16:10)?

    Does LR 5 handle a dual monitor setup with different aspect ratios (16:9 and 16:10)?
    I'm planing to buy a 27" 16:9 monitor and use it as primary together with a 22" 16:10. Does any have any idea?
    Thanks

    Moreover, the two monitors can have completely different characteristics.  As always, you really need to calibrate/profile any monitor (with a hardware tool - Spyder, Colormunki etc).  That's no more important with two monitors, but you see for sure if you don't, as two dissimilar monitors will then probably look different. 

  • Release date set to 1/5/11 for all podcasts and iTunes U files

    I have an ongoing problem with iTunes on my MacBook Pro where the release date is set to 1/5/11 for all podcasts and iTunes U files. Although I can seemingly correctly sort by release date, the date is the same across all files. Can someone advise as to how I might go about correcting this such that the actual, proper, release date is shown? Thanks in advance for the help! - mvrb

    @King_Penguin thanks for your help
    See below some additional info:
    I have 3 Macs:
    1 X MBPr 2012 (OS X 10.9.1
    1 X MBPr 2012 (OS X 10.8.5)
    1 X iMac 2009 (OS X 10.8.5)
    1) All 3 Macs have access to same accounts and have same apps in iTunes.
    2) Problem is only found on both MBPr's 2012 with one NL and 1 US account. With one NL account (inactive) I have no issue on all three.
    FYI I have multiple iTunes accounts: 2 for the Netherlands and 1 for US. 
    I also tried this after deleting the only 2 apps I got from the US iTunes Store but that did not solve my issue.
    I think the matter is related to my iTunes account(s) and NOT to a computer (prefs file)

Maybe you are looking for

  • Acrobat 8.0 Merging pdfs to one pdf, first pdf of different size

    I have about 60 jpegs that I would like to convert to single pdf file. When I try to make one pdf from these files, a binder is made without any errors but when I open this binder, the first pdf is of original size and all rest are of 25% size of the

  • Need Help reg Video

    Hello, I have written an application to show video on J2ME devices. The application shows video properly. If the video is huge it takes time to download all video and then plays it. How can I stream part of video of a huge video and we show the downl

  • Images very low rez

    I did a small test slide show in iPhoto of images from Aperture and they look extremely low rez.in the preview. Then I exported to iDVD and they still look low rez. In Aperture there 16bit raw files. How can I be sure they will be of a higher quality

  • Page arrangement when exporting to PDF

    Whenever I layout pamphlets that will be printed on 8.5x11 paper, I set up 5.5x8.5 facing pages, and then do each page so that they go back and forth down the line until i get to the centerfold, where they then go back up the line back and forth fill

  • Recent Security Update Kills Two Finger Scroll

    I have been using the two finger scroll option on my Powerbook G4 for quite some time now. After the recent security update I was unable to use it any more. At first I thought it had just reset the settings but when I went to check the box again (und