Post on 03-Jan-2016
Multiplexing OID, SSO,
PORTAL Virtual Private Portals (VPP)
Presented By:
Author Surender Sara - surender.sara@orabyte.comCo-Author Vivek Pavle - vivek.pavle@orabyte.com
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Business Problem Single Physical OID meta repository instance and
server Single Middle Tier instance and server Have multiple SITES under this setup Have separate DAS, OIDAMIN user, SSO user and
group entries Separate applications for each site Shared Tables Easy of backup NO REPLICATION or DATA SYNC NO INVESTMENT IN HARDWARE COST
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Typical Architecture of 10gAS
We typically have one Infrastructure server with the following components
HTTP_Server, OC4J_SECURITY, OID, Single Sign-On: orasso, Management
We typically have one Application Server with the following components
Discoverer, Forms, HTTP_Server, OC4J_BI_Forms, OC4J_Portal, Reports Server, Web Cache, Management
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Issues With This Deployment
We have shared OID, SSO, DAS on the infrastructure tier, hence single password file management
We have shared portal application users, groups, Single DN entity tree
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Business Problem Single Physical OID meta repository instance and
server Single Middle Tier instance and server Have multiple SITES under this setup Have separate DAS, OIDAMIN user, SSO user and
group entries Separate applications for each site Shared Tables Easy of backup NO REPLICATION or DATA SYNC NO INVESTMENT IN HARDWARE COST
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)OPTION 1- Multiple Hosts >>Multiple Sites
Shared Cache
Network
SharedDisk
Database
Clustered DatabaseServer Nodes areconnected viaa high speed, lowlatency Interconnect
ApplicationServers
Middle Tier
Database Tier
Clients
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
GOALS MET ?
NO – Redundant hardware NO – Duplicated OID entries Lack of Single Super Administrator
access which can manage all instances. Maintenance cost directly proportional
to the scale of system Very high cost for scalability
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)What is Virtual Private portal (VPP)?
Multiple Portal Sites Supported over one Application Server instance.
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
How VPP Works Oracle AS VPP is based on Virtual Private
Database (VPD) technology. It involves adding a context column which
distinguishes site/subscriber in the database tables and employing policy to restrict queries based on context of the logged in user.
OID Administration of each site sub-tree can be delegated and the default subscriber admin can manage the whole tree.
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP Benefits Demo
Secure setup Low cost setup Each site/customer completely
isolated Highly Scalable Easy to Manage Virtually no cost to scale
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
./enblhstg.csh -pc rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123
[oracle@rhas2 bin]$ ./opmnctl stopproc ias-component=OC4J opmnctl: stopping opmn managed processes... [oracle@rhas2 bin]$ ./opmnctl startproc ias-
component=OC4J
Step - I : Enable VPP on the host
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Modify Login.jsp
ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/jsp
<!-- UNCOMMENT TO ENABLE MULTIPLE REALM SUPPORT<tr><label><th id="c6"><fontclass="OraFieldText"><%=msgBundle.getString(ServerMsgID.COMPANY_LBL)%></font></th><td headers="c6"> <INPUT TYPE="text" SIZE="30" MAXLENGTH="50"NAME="subscribername" value=""></td></label></tr>-->
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
./addsub.csh -name SURENDER -id 1003 -type all -pc rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb -sp pwd123 -ss orasso -sw H1JZ4DFT -a portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123 -rc "cn=OracleContext" -sd oracletop -tp /d02/10g_INFRA/ldap/schema/oid/
# Make sure to point ex to vi - else this will fail
Step-II : Add Subscribers to VPP
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
# Add following in httpd.conf under PORTAL Home
<VirtualHost 67.100.66.98:7779> port 7778 RewriteEngine on RewriteRule ^/$ /pls/portal/portal.home [PT,L,NS]
</VirtualHost>
Step-III : Apache Configuration
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
./addburl.csh -name SURENDEDR -pc rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW -pu http://surender.oracletop.com:7778/pls/portal -sc rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -su http://surender.oracletop.com:7777/pls/orasso
Step-III : Setting up Branded URL
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
VPP – The solution
cd /d02/10g_PORTAL/portal/admin/plsql/wwhost
./rmsub.csh -name VIVEK -pc rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -sc rhas2.oracletop.com:1521:asdb -sp pwd123 -ss orasso -a portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p 3060 -d "cn=orcladmin" -w pwd123 -cs 1000
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Limitations / Restrictions Data Sharing not allowed for security
purposes. ASP users and groups can not be more
than two levels deep. Manage non-default subscribers' ASP
users and groups only with hosting scripts.
ASP group is only a placeholder for ASP users and groups. Privileges are not propagated to subscribers.
Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP)
Advanced Operations
ASP users/groups management (sync)
Removing subscribers WebDAV support Ultrasearch Support