Skip Headers

Oracle9iAS Portal Configuration Guide
Release 2 (9.0.2)

Part Number A90852-02
Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index

Go to previous page Go to next page

2
Post-installation Tasks

This chapter provides information about Oracle9iAS Portal after it is installed as part of the Oracle9i Application Server and the tasks that you can perform after installation is complete.

See also:

Oracle9i Application Server Administrator's Guide for information about installing Oracle9iAS Portal with Oracle9i Application Server.

Specific topics covered include:

2.1 Oracle9iAS Portal Default Schemas

If Oracle9iAS Portal is installed in the default mode, four Oracle9iAS Portal specific schemas are created. The default base schema name is portal. This name can be changed at installation time.

Table 2-1 Oracle9iAS Portal default schemas
Schema Description

portal

The product schema for Oracle9iAS Portal and contains the installed Oracle9iAS Portal database objects.

portal_public

The schema that the Oracle9iAS Portal users map to when executing procedures in the Oracle9iAS Portal product schema. The schema name is constructed from the base schema with "_public" appended to it.

portal_demo

The schema which is installed with the Oracle9iAS Portal demonstration code. The name of this schema is the base schema name with "_demo" appended to it.

portal_app

The applications schema for Oracle9iAS Portal, which contains the portal applications.

See also:

Oracle9iAS Single Sign-On Administrator's Guide for descriptions of the default Oracle9iAS Single Sign-On Server schemas.

2.2 Oracle9iAS Portal Default Accounts

With each Oracle9iAS Portal installation, a default set of login accounts is created. If the product is installed in a schema named portal, the following default accounts are created:

Table 2-2 Oracle9iAS Portal default accounts
Account Description

portal

This account is created for the Database Administrator (DBA) with the highest privileges in Oracle9iAS Portal.

orcladmin

Similar to portal, this account is granted the highest privileges in Oracle9iAS Portal.

portal_admin

This is the account created for the portal administrator. This account is similar to the DBA account, however, it does not have privileges that provide access to database administration features, such as creating and managing schemas and other database objects.

public

This account is created for public users for unauthenticated sessions. This is the account that all sessions are associated with prior to authentication.


Note:

For security reasons, change all the passwords for these accounts after initial login. By default, the password is set to the user name.


See also:

Oracle9iAS Portal Online Help topics under Managing users and groups.

2.3 Oracle9iAS Portal Default Groups

The following groups are created at installation time:

Table 2-3 Default Oracle9iAS Portal groups created
Group Description

DBA

This group has the maximum privilege levels in the system. All global privileges are granted to this group. When this group is installed, it has only one member, the user with the name of the product schema, for example, portal.

PORTAL_ADMINISTRATORS

This group has most of the global privileges, except for the database-related privileges: ANY_SCHEMA/MANAGE and ANY_SHARED_COMPONENT/MANAGE. This group is comprised of the admin user, portal_admin, and includes the dba group.

PORTAL_DEVELOPERS

This group has privileges to build and manage Oracle9iAS Portal components and applications.

PORTLET_PUBLISHERS

This group has the privilege of publishing portlets. Members of this group can create components in the system such as folders, charts, calendars, and so on. This group is initially composed of the portal_administrators group who can then decide which users or groups should be added to this group.

AUTHENTICATED_USERS

All users that log on to Oracle9iAS Portal are added to this group. This is a convenient mechanism to allow logged on users to perform privileged actions. Specified privileges are granted to this group and group membership cannot be changed.

RW_ADMINISTRATOR

This group can CREATE, UPDATE, and DELETE registered report definition files, servers, and printer objects.

RW_BASIC_USER

This group can only run a report if they have been given the privilege to run it.

RW_DEVELOPER

In addition to the privileges of the RW_POWER_USER and RW_BASIC_USER groups, this group can run commands which show the system environment. This group might be assigned to a developer who needs to perform testing and to retrieve detailed error messages.

RW_POWER_USER

In addition to the privileges of the RW_BASIC_USER group, this group can see more detailed error messages.

See also:

Oracle9iAS Portal Online Help topics under Managing users and groups.

2.4 Accessing Oracle9iAS Portal in Your Browser

After Oracle9iAS Portal is installed, access it by entering the following URL in your browser:

http://<hostname>:<portnumber>/pls/<dad>

The following table explains the components that make up the URL used to access Oracle9iAS Portal.

Table 2-4 URL to enter in browser to access Oracle9iAS Portal
Parameter Description

hostname

Defines the machine on which you installed Oracle9iAS Portal.

  • Enter both the hostname and the fully-qualified domain name. For example, enter host.domain.com.

  • This name must also match the ServerName parameter in the configuration file, httpd.conf, located in:

   ORACLE_HOME/Apache/Apache/conf

portnumber

Defines the port number you specified earlier to access Oracle9iAS Portal.

pls

Defines the virtual path and indicates that the request is for a PL/SQL procedure which alerts the Oracle HTTP Server to reroute the request to mod_plsql.

dad

Defines the Database Access Descriptor (DAD) you specified earlier for your Oracle9iAS Portal installation. The DAD contains information on how to connect to the database. By default the DAD is 'portal'

See also:

2.4.1 Simplifying the Full URL of an Oracle9iAS Portal Instance

You can simplify the full URL created by the Oracle9iAS Portal installation to a more memorable or meaningful URL using the Redirect directive. In this way, end users can access Oracle9iAS Portal by entering a simple URL.

By default, the URL for a new Oracle9iAS Portal installation requires you to enter:

http://hostname:portnumber/pls/dad

You can simplify this URL to:

http://hostname/redirectpath

  1. Open the Oracle HTTP Server configuration file, httpd.conf. This file is located in the following directory:

    ORACLE_HOME/Apache/Apache/conf/

  2. Enter the redirect path as follows:

    Redirect /DADnamepath http://hostname:portnumber/pls/dad
    
    

    For example:

    Redirect /portalhome http://mysite.oracle.com/pls/portal
    
    

    In this example, end users can enter the following:

    http://mysite.oracle.com/portalhome 
    
    

    to access the full URL which is as follows:

    http://mysite.oracle.com:80/pls/portal
    
    

This technique also works with any valid path that is appended to the URL. For example, if you want to display the Oracle9iAS Portal Online Help page group, enter:

http://mysite.us.oracle.com/portalhome/url/folder/ONLINE_HELP

See also:

Oracle9iAS Portal Online Help topic: What are direct access URLs.

2.5 Configuration Steps for Backward Compatibility

In order for Oracle9iAS Portal to be backward compatible with older portals, the following changes need to be made:

  1. Add a new DAD similar to what was added in Portal version 3.0.x.

  2. Set the DAD configuration parameter PlsqlCompatibilityMode to 1

  3. Add the following line to $IAS_HOME/Apache/Apache/conf/mod_oc4j.conf (add it next to the other OC4JMount directives):

    OC4JMount /servlet/*  
    
    
  4. Setup an application to load the portal.ear file

2.6 Configuring Self-registration

To enable users to create their own portal user accounts, you must configure the self-registration feature.

See also:

Oracle9iAS Portal Online Help topic Using Self Registration for information on how to set up Self Registration.

2.7 Configuring Directory Synchronization

In earlier versions of Oracle Portal, you could authenticate users against an external repository, With the installation of Oracle9iAS Portal in Oracle9i Application Server Oracle Internet Directory (OID) and the Directory Integration Platform (DIP) is used for all user authentication. OID itself can authenticate against an external repository if that is required.

See also:

For an overview of Oracle Internet Directory (OID), refer to the Oracle Internet Directory Administrator's Guide in the Oracle9i Application Server documentation library.

2.7.1 Setting up a Subscription Profile using oidprovtool

User and Group information is now stored in OID, while Oracle9iAS Portal objects and privilege information are still stored in Oracle9iAS Portal.

Oracle9iAS Portal needs to subscribe to OID, in order to be aware of any changes in OID data. There are two steps involved in setting up a subscription.

OID

On the OID side, a subscription profile needs to be created. A tool named oidprovtool is provided for this purpose. It will be located in:

ORACLE_HOME/bin

The general syntax for invoking this tool is:

oidprovtool param1=<param1_value> param2=<param2_value> param3=<param3_value>

See also:

For a complete example of running the oidprovtool and a list of all the Oracle9iAS Portal specific parameters, refer to Section B.3, "Using oidprovtool to Create a Subscription Profile".

Once the oidprovtool has been run, a subscription profile is created in OID.

Database

On the database where Oracle9iAS Portal is installed, log on to SQL*Plus with the appropriate user name and password and enter the following command to set up the OID Preferences in the Oracle9iAS Portal schema:

EXEC WWSEC_OID.SET_PREFERENCE_VALUE('DIP_INSTALLED', 'Y')

This updates the OID preferences and after this you can use the Oracle9iAS Portal User Interface in the Global Settings Tab under SSO/OID to update the following two settings:

If you need to customize beyond the above mentioned two settings, you can use oidprovtool. Refer to the Oracle Internet Directory Administrator's guide in the Oracle9i Application Server documentation library, for a complete list of all the possible options for oidprovtool.

2.8 SSL Configuration

The Secure Socket Layer (SSL) enables the securing of HTTP communication between a client and a server. This security is established using a combination of encryption with communication being established through the use of Certificates. Oracle9iAS Portal contains several different parts. Web Cache and the Parallel Page Engine, which act as both clients and servers, while the Oracle9i Application Server acts simply as a server. Each of these different parts must be configured for SSL usage.

Figure 2-1 Simple Oracle9iAS Portal SSL configuration diagram

Text description of portlssl.gif follows.

Text description of the illustration portlssl.gif

In Figure 2-1 each connection over the network is secured using SSL. There are three communication routes involved in any Oracle9iAS Portall page rendering. Note: For setting up the first two communication routes below, you will need to create an Oracle Wallet.

See also:

Oracle Wallet Manager appendix in the Oracle Internet Directory Administrator's Guide in the Oracle9i Application Server documentation library for more information on managing wallets and certificates.

Browser to Oracle9iAS Web Cache

This is the connection that is seen by the end user when requesting a page from Oracle9iAS Portal. This connection should be secured using an SSL certificate on the Oracle9iAS Web Cache listener.

See also:

Oracle9iAS Web Cache Administration and Deployment Guide in the Oracle9i Application Server documentation library for more information on Oracle9iAS Web Cache SSL configuration

Oracle9iAS Web Cache to Oracle9i Application Server Middle-Tier

Because a browser can be directed to skip past Oracle9iAS Web Cache server, if the proper port numbers are provided, it is important to configure the Oracle9i Application Server for SSL communication.

See also:

Oracle9iAS Web Cache Administration and Deployment Guide in the Oracle9i Application Server documentation library for more information on Server SSL Configuration

Parallel Page Engine (PPE) to Oracle9iAS Web Cache

This communication path is already secure based upon the securing of Oracle9iAS Web Cache in the first option above, however there are a couple of configuration items which must be changed for the PPE to recognize the use of SSL.

See also:

Section 2.8.1, "Securing Ports to Use Certificates and HTTPS"

2.8.1 Securing Ports to Use Certificates and HTTPS

With HTTPS, you use certificates for ports to increase security.


Note:

The Certificate Authority (CA) file is the base signature file for the certificate file you have purchased. This file validates the certificate you are using. It informs clients that they can trust the certificate they have received. You require a CA file for any type of certificate you use.


To set this up, edit the OC4J web.xml file. The web.xml file can be found in the following location:

ORACLE_HOME/j2ee/OC4J/applications/portal/portal/WEB_INF/web.xml

You must set up HTTPS such that it is used by all ports at all times. The Parallel Page Engine must be aware of which port(s) are operating under HTTPS.

To do this, add the following XML block to the web.xml file:

<init-param>
<param-name>httpsports</param-name>
<param-value>433:444</param-value>
</init-param>

Where the port numbers 433 and 444 are replaced by your HTTPS port configuration. Your server only needs to have one port, but two are shown in the above example to show the syntax used for multiple entries. Each port in this list operates using the HTTPS protocol, and must have a certificate created on the Oracle HTTP Server for that port.

See also:

2.9 Enabling Secure Socket Layer (SSL)

Oracle9iAS Portal and the Oracle9iAS Single Sign-On Server can be configured to run in HTTPS mode if your portal requires increased security. For optimal performance, you can also choose to have a mixed configuration where Oracle9iAS Portal is run in HTTP mode and the Oracle9iAS Single Sign-On Server is run in HTTPS mode.

Secure Socket Layer (SSL) is responsible for securing Web HTTP communication between a browser and a Web server in plain HTTP over SSL (named HTTPS). Enabling SSL to work with the Oracle HTTP Server is handled by the mod_ssl package which is provided with the Oracle HTTP Server. It uses the URL scheme HTTPS rather than HTTP and a different server port.


Note:

You must be the portal administrator to enable or disable Secure Socket Layer (SSL) in Oracle9iAS Portal and on the Oracle9iAS Single Sign-On Server.


See also:

Oracle9i Application Server Administrator's Guide for more information on enabling SSL on the server.

2.9.1 Setting Oracle9iAS Single Sign-On Server Query Path URL

Oracle9iAS Portal maintains the URL prefix of the Oracle9iAS Single Sign-On Server which accesses certain information through HTTP calls from the database, using the UTL_HTTP package. These calls must be done through HTTP rather than HTTPS.

Thus, if Oracle9iAS Portal and the Oracle9iAS Single Sign-On Server are configured to use HTTPS, access to an HTTP port on the Oracle9iAS Single Sign-On Server is still required to support these interfaces. The calls made across this interface are required for the following reasons:

To set this URL prefix, which is called the Oracle9iAS Single Sign-On Server Query Path URL, complete these steps:

  1. Log on to Oracle9iAS Portal as the portal administrator.

  2. Click the Administer tab.

  3. Click Global Settings in the Services Portlet.

  4. Scroll down to the section on Oracle9iAS Single Sign-On Server, and edit the Query Path URL. Set this field to an HTTP URL for the Oracle9iAS Single Sign-On Server.

2.9.2 Adding SSO Enabler Configuration Entries for HTTPS Mode

If you are using SSL, the default port is 443. With Oracle Portal versions prior to 3.0.8, you need to create two enabler configuration entries, and two corresponding partner configuration entries on the Oracle9iAS Single Sign-On Server. Specify the :443 port for one entry, and exclude it for the additional entry.

To add the additional entry, follow the basic procedure of adding the partner entry on the Oracle9iAS Single Sign-On Server Server using the Oracle9iAS Single Sign-On Server Server Administration user interface, and then add the configuration entry on the Oracle Portal side by running the Oracle9iAS Portal Configuration Assistant in the SSOPARTNERCONFIG mode.


Note:

This step is only required to support Netscape browsers. Microsoft Internet Explorer does not require this step.


2.9.3 Configuring HTTPS with Virtual Hosts

If you want to setup a virtual host, it can be done in one of two ways:

When the IP name is used, several aliases use the same IP address. In this case, Oracle HTTP Server (or any browser supporting virtual name addresses) looks at the Host field in the HTTP request and determines which of the virtual addresses should be emulated.

However, when SSL is used, the IP name is encrypted. This causes the problem, because the software does not know which decryption key to use since the keys differ by virtual name. If there were 1000 separate virtual addresses supported, then on average the software would try 500 different keys to determine which key to use to decode the message. This is not practical, at least for performance reasons.


Note:

  • It is more difficult to configure virtual hosts to use HTTPS since the SSL encryption prevents virtual hosts from being resolved in the way that it is done in non-SSL mode.

  • There are some workarounds from which to choose. One is to only use virtual names on the home page and other pages where you do not need protection.


2.9.3.1 SSL Protection Pages

2.10 Configuring Oracle9iAS Portal Security

See also:

2.11 Configuring the Oracle Reports Security Portlet

The Oracle Reports Security Portlet is installed as part of the Oracle9iAS Portal installation. Depending on the edition of the Oracle9i Application Server installed, the Reports Security Portlet may be hidden. To show the Reports Security Portlet:

  1. Log on to Oracle9iAS Portal as the portal administrator.

  2. Click the Administer tab.

  3. Click Edit.

  4. Find the Oracle Reports Security Portlet.

  5. Click on Actions.

  6. Select the Show action and click OK.

2.12 Configuring WebDAV support for Oracle9iAS Portal Access

WebDAV is a protocol extension to HTTP 1.1 that supports distributed authoring and versioning. With WebDAV, the Internet becomes a transparent read and write medium, where content can be checked out, edited, and checked in to a URL address. mod_dav is an implementation of the WebDAV specification. The standard mod_dav implementation supports read and write access to files.

The term OraDAV refers to the capabilities available through the mod_oradav module. mod_oradav is the Oracle module that is an extended implementation of mod_dav, and is integrated with the Oracle HTTP Server. mod_oradav can read and write to local files, but also to an Oracle database. The Oracle database must have an OraDAV driver installed. mod_oradav calls this driver to map WebDAV activity to database activity. mod_oradav enables WebDAV clients to connect to an Oracle database, read and write content, and query and lock documents in various schemas.

See also:

Oracle HTTP Server Administration Guide for information about Web DAV, oraDAV and how to set up mod_oradav.

Oracle9iAS Portal online help topic "Accessing Oracle9iAS Portal from WebDAV clients".

When Oracle9i Application Server is installed, all required OraDAV parameters are set with values that are designed to enable Oracle database content to be accessed through a web browser or WebDAV client. If necessary, you can later modify the values for required parameters and specify values for optional parameters, if the default values do not meet your needs.

The OraDAV parameters are stored in the oradav.conf file and start with DAV and DAVParam. These parameters are specified within a <Location> directive. The oradav.conf file is included in the httpd.conf file in an include statement.

After Oracle9iAS Portal has been installed as part of the Oracle9i Application Server installation, the oradav.conf file should be populated with a <Location> directive which points to the portal schema. In the following example, the location /dav_portal/portal will be OraDAV-enabled and will (once populated with the correct values) connect to the portal schema so that users can use WebDAV clients to access portal data.

Example 2-1 Configuration Parameters for Portal Access

<Location /dav_portal/portal>
   DAV Oracle
   DAVParam ORACONNECT dbhost:dbport:dbsid
   DAVParam ORAUSER portal_schema
   DAVParam ORAPASSWORD portal_schema_password
   DAVParam ORAPACKAGENAME portal_schema.wwdav_api_driver
</Location>

By default, the Oracle9iAS Portal DAV URL is:

http://hostname:port/dav_portal/dadname/

In the above example, the DAD name is portal (the default). The directive created for the Location is dav_portal/portal and the DAV URL will be:

http://dbhost:dbport/dav_portal/portal/


Note:

When you add a new DAD, using the Oracle9iAS Portal Configuration Assistant (OPCA), without specifying the username and password, or if you change the Portal database schema username or password, using SQL*Plus, you will need to update the httpd.conf and oradav.conf files manually.



Go to previous page Go to next page
Oracle
Copyright © 2002 Oracle Corporation.

All Rights Reserved.
Go To Documentation Library
Home
Go To Product List
Solution Area
Go To Table Of Contents
Contents
Go To Index
Index