Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Presented By: Author Surender Sara - Co-Author Vivek Pavle -

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Business Problem Single Physical OID meta repository instance and server Single Middle Tier instance and server Have multiple SITES under this setup Have separate DAS, OIDAMIN user, SSO user and group entries Separate applications for each site Shared Tables Easy of backup NO REPLICATION or DATA SYNC NO INVESTMENT IN HARDWARE COST

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Typical Architecture of 10gAS

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Typical Architecture of 10gAS We typically have one Infrastructure server with the following components HTTP_Server, OC4J_SECURITY, OID, Single Sign-On: orasso, Management We typically have one Application Server with the following components Discoverer, Forms, HTTP_Server, OC4J_BI_Forms, OC4J_Portal, Reports Server, Web Cache, Management

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Issues With This Deployment We have shared OID, SSO, DAS on the infrastructure tier, hence single password file management We have shared portal application users, groups, Single DN entity tree

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Business Problem Single Physical OID meta repository instance and server Single Middle Tier instance and server Have multiple SITES under this setup Have separate DAS, OIDAMIN user, SSO user and group entries Separate applications for each site Shared Tables Easy of backup NO REPLICATION or DATA SYNC NO INVESTMENT IN HARDWARE COST

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) OPTION 1- Multiple Hosts >>Multiple Sites

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) GOALS MET ? NO – Redundant hardware NO – Duplicated OID entries Lack of Single Super Administrator access which can manage all instances. Maintenance cost directly proportional to the scale of system Very high cost for scalability

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) What is Virtual Private portal (VPP)? Multiple Portal Sites Supported over one Application Server instance.

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) How VPP Works Oracle AS VPP is based on Virtual Private Database (VPD) technology. It involves adding a context column which distinguishes site/subscriber in the database tables and employing policy to restrict queries based on context of the logged in user. OID Administration of each site sub-tree can be delegated and the default subscriber admin can manage the whole tree.

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) VPP Benefits Demo Demo Secure setup Low cost setup Each site/customer completely isolated Highly Scalable Easy to Manage Virtually no cost to scale

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) VPP – The solution cd /d02/10g_PORTAL/portal/admin/plsql/wwhost./enblhstg.csh -pc rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -h rhas2.oracletop.com -p d "cn=orcladmin" -w pwd123 bin]$./opmnctl stopproc ias-component=OC4J opmnctl: stopping opmn managed processes... bin]$./opmnctl startproc ias-component=OC4J Step - I : Enable VPP on the host

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Modify Login.jsp ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/jsp <!-- UNCOMMENT TO ENABLE MULTIPLE REALM SUPPORT <font class="OraFieldText"><%=msgBundle.getString(ServerMsgID.COMPANY_ LBL)%> <INPUT TYPE="text" SIZE="30" MAXLENGTH="50" NAME="subscribername" value=""> -->

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) OID Tree Before running the script

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) OID Tree after enabling VPP

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) VPP – The solution cd /d02/10g_PORTAL/portal/admin/plsql/wwhost./addsub.csh -name SURENDER -id type all -pc rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -pw ZcMulMDW -sc rhas2.oracletop.com:1521:asdb - sp pwd123 -ss orasso -sw H1JZ4DFT -a portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p d "cn=orcladmin" -w pwd123 -rc "cn=OracleContext" -sd oracletop -tp /d02/10g_INFRA/ldap/schema/oid/ # Make sure to point ex to vi - else this will fail Step-II : Add Subscribers to VPP

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Subscriber entry in OID and Portal

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) VPP – The solution # Add following in httpd.conf under PORTAL Home port 7778 RewriteEngine on RewriteRule ^/$ /pls/portal/portal.home [PT,L,NS] Step-III : Apache Configuration

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) VPP – The solution cd /d02/10g_PORTAL/portal/admin/plsql/wwhost./addburl.csh -name SURENDEDR -pc rhas2.oracletop.com:1521:asdb -ps portal -pw ZcMulMDW - pu -sc rhas2.oracletop.com:1521:asdb -ss orasso -sw H1JZ4DFT -su Step-III : Setting up Branded URL

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) VPP – The solution cd /d02/10g_PORTAL/portal/admin/plsql/wwhost./rmsub.csh -name VIVEK -pc rhas2.oracletop.com:1521:asdb -pp pwd123 -ps portal -sc rhas2.oracletop.com:1521:asdb -sp pwd123 -ss orasso -a portal.asdb.rhas2.oracletop.com -h rhas2.oracletop.com -p d "cn=orcladmin" -w pwd123 -cs 1000

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) OID after implementing VPP

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Limitations / Restrictions Data Sharing not allowed for security purposes. ASP users and groups can not be more than two levels deep. Manage non-default subscribers' ASP users and groups only with hosting scripts. ASP group is only a placeholder for ASP users and groups. Privileges are not propagated to subscribers.

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Advanced Operations ASP users/groups management (sync) Removing subscribers WebDAV support Ultrasearch Support

Multiplexing OID, SSO, PORTAL Virtual Private Portals (VPP) Q & A