Catch me at UKOUG 2007 November 19, 2007
Posted by Manpreet Johal in General.add a comment
This year I got an opportunity to speak at UKOUG 2007 at one of my favorite technology i.e. AS Guard. Following are the session details:
Date: 05-Dec-2007
Time: 11:35 AM
Location: UKOUG 2007 at ICC Birmingham.
Topic: Design Disaster Recovery Site with OracleAS Guard 10g
Presentation Abstract:
OracleAS Guard 10g is a tool to design an effective disaster recovery site for OracleAS 10g applications.
This presentation will discuss general deployment topologies for OracleAS Guard and walk-through the setup process of Disaster Recovery Site using OracleAS Guard. Simplified failover, switchover and fallback scenarios using OracleAS Guard will be explained.
The presentation will also focus on the High Availability functionality that OracleAS 10g offers to DBAs and OracleAS Administrators and how this meets the business requirements.
Extending Oracle Identity Management to OS Users at Linux November 4, 2007
Posted by Manpreet Johal in Identity Management.add a comment
Oracle has added another component to Identity Management umbrella i.e. Oracle Authentication Services for Linux
Oracle has released preview of Oracle Authentication Services for Linux, which enables immediate cross-platform storage, management, and authentication of users using open standards, simplified deployment. This component is part of Oracle Identity Management platform, comprising underlying auditing and security features.
It consists of following major components:
- Pluggable Authentication Module (PAM): This is a standard OS module available on most Linux and Unix-based systems that support external authentication. It make use of pre-configured settings that can be customized, to avoid errors during installation.
- Oracle Internet Directory (OID): LDAP v3 directory server that leverages the security, scalability, and reliability of Oracle Database 10g to store users, groups, roles, and entitlements.
- Automation: Tool that configure both PAM and OID components, provide simplified use migration, and ensure strong default security between network endpoints.
Connectivity is performed between Linux systems and Oracle Internet Directory using secure SSL sessions. In addition to basic authentication, the integration ensures that existing user management tools and password change functionality work against the centralized directory service while at the same time centralizing password policy management and auditing of account changes.
Moreover, preview release if free, and can be downloaded at OTN.
Preview download contains:
- Oracle Internet Directory 10.1.4.2 RPM packaged for Linux. requires prior download of Oracle Database 10g Express Edition for Linux.
- Automation scripts for client side PAM configuration.
In order to migrate existing users and groups defined at OS level, you need to extract existing information into LDIF (LDAP Data Interchange Format) files using various free/open source scripts and tools available for that purpose e.g. passwd, shadow, and group information can be migrated using tools available at http://www.padl.com/OSS/MigrationTools.html
As part of Preview 2, Oracle Authentication Services for Linux also supports Active Directory via integration with Oracle Internet Directory component. By configuring External Authentication Plug-in, which is shipped with OID; Linux users can be authenticated against Active Directory.
More Information: http://www.oracle.com/technology/products/oid/oracleauthenticationservices.html
Oracle WebCenter Briefing July 12, 2007
Posted by Manpreet Johal in General.1 comment so far
I recently attended Oracle WebCenter 10g R3 Briefing conducted by Oracle. Putting a glimpse of that session:
Oracle WebCenter (a new member in Oracle Fusion Middleware family) is added as an extension to Oracle JDeveloper. It consists of following components:
Oracle WebCenter Framework – A Oracle ADF based user interface technology that can be used to embed AJAX-based components, portlets, content.
Oracle WebCenter Studio and Oracle WebCenter Composer – Tools that can be used to build and deploy user interface and business flows.
Oracle WebCenter Anywhere – Developing and deploying interfaces for multiple devices e.g. mobule devices and desktop applications like MS Office.
Oracle WebCenter Services – Allow to use Oracle Secure Enterprise Search, Oracle Content Database, and Oracle Records Database, and Web 2.0 capabilities.
Oracle WebCenter Spaces – Meant for group collaboration and communications.
Oracle WebCenter is considered as a common framework for Fusion Applications. Although it makes use of ADF (Oracle’s Application Development Framework), but is based on standards e.g. SOA, Web 2.0, JSR 168, WSRP 1.0 and 2.0. Using JSF Portlet Bridge developers can publish any Java Server Faces application as a portlet.
Oracle WebCenter has a capability for Content Integration using content components (based on JSR 227 Data Controls) to directly access content from a given repository and display in personalized manner using JSF View Components.
Oracle WebCenter Communication Services offers Threaded Discussions, Presence Server and Instant Messaging (Oracle Communicator).
Links: Oracle WebCenter Overview
Oracle Application Server Middle-Tier – Part I June 12, 2007
Posted by Manpreet Johal in Oracle Application Server.1 comment so far
All the way from WebDB to currently OracleAS 10g has matured enough and accomodated many components into its family. As I discussed in my earlier posts about OracleAS Overview and OracleAS Infrastructure, in this post I will be covering OracleAS Middle-Tier.
OracleAS Middle-Tier is a part of OracleAS 10g which serve as a application server, business-logic store, content caching server, web services directory, wireless access point for business applications, business process monitoring and business intelligence reporting tool.
It is having following components:
OracleAS Wireless: It serves as a wireless application store. We can deploy wireless-enabled J2EE applications which can be accessed from mobile devices.
OracleAS Portal: We can deploy web applications built using PL/SQL and J2EE. It provides integrated development environment known as Portal Builder.
Using Portal Builder, developers/end users can integrate the content from multiple sources e.g web feeds, web services, flat files, database tables and publish as portlets on a single page/multiple pages. Pages built in Portal can be configured to access via Mobile Devices as well.
OracleAS Portal stores its configuration and applications information in database store known as Portal Repository. Portal Repository by default is created in OracleAS Metadata Repository database, but can be stored in a separate database.
Oracle Components for J2EE (OC4J): Heart of OracleAS 10g. This component is providing a mechanism to deploy J2EE compliant applications at OracleAS 10g or you can say this framework is making OracleAS 10g J2EE compliant. Developers can deploy WAR, EAR files built using JDeveloper, Eclipse or any other J2EE compliant IDE.
OracleAS WebCache: It caches the static and dynamic content being served by OracleAS. It stores the cached content in memory and filesystem. Whenever end user accesses the OracleAS URLs, request goes to Web Cache. If Web Cache founds the content matching to user request in its cache, it will process the request and return the response to user browser. This concept is know as Cache Hit. If Web Cache didn’t find the content requested by user’s request in its cache, it will redirect the request to other OracleAS components, depending on type of request. This concept is known as Cache Miss.
Long Break…. …. May 31, 2007
Posted by Manpreet Johal in General.add a comment
Well, it was a long break, being off from my blog for a long time.
Now we will share the same rhythm of Oracle Technologies that I promised to share in my first post on this blog.
As promised in my earlier post, to conclude the OracleAS architecture, next post will be covering OracleAS Middle-Tier services.
Configuring Reverse Proxy in front of OracleAS 10g SSO January 17, 2007
Posted by Manpreet Johal in Identity Management, Oracle Application Server.add a comment
OracleAS 10g Middle-Tier talks to OracleAS 10g Single Sign-On (Component of OracleAS Infrastructure), which provides a mechanism to authenticate OracleAS application users against LDAP directory store i.e. Oracle Internet Directory.
OracleAS Infrastructue consists of Oracle HTTP Server, which acts as a web listener for Single Sign-On and Delegated Administraion Services. Whenever end-users accesses the SSO protected URL (OracleAS Middle-Tier applications e.g. Portal, Wireless), request got redirected to OracleAS SSO, serving the auth page via Oracle HTTP Server. Thus, end user will get SSO Login page containing URL of Oracle HTTP Server running at OracleAS Infrastructure Services.
Sometimes business needs to hide the OracleAS Infrastructure web URL and Port for security purposes. At that time, reverse proxy came into picture. End users as well as OracleAS Middle-Tier applications will talk to Reverse Proxy URL and Port for requests, which in turn will fetch the content from OracleAS Infrastructure and service the request.
It provides enhanced security model i.e. end user and applications will be aware of Reverse Proxy URL and Port only, not the original OracleAS Infrastructure services URL.
So, let us configure a reverse proxy in front of OracleAS Infrastructure. I have used Oracle HTTP Server Standalone 10.1.2 [Based on Apache 2.0] (OracleAS 10g 10.1.2.0.2 Media – Companion CD) as a reverse proxy. Assume that my OracleAS 10g 10.1.2.0.2 Portal and Wireless installation is functional with Infrastructure on two separate nodes:
URL: http://infra.mycompany.com:7777/
OS User: oracle
Node: infra
OracleAS Middle-Tier Services Node:
URL: http://portal.mycompany.com:7777/
OS User: oracle
Node: portal
Oracle HTTP Server (Reverse Proxy) Node:
URL: http://proxy.mycompany.com:7779/
OS User: oracle
Node: proxy
Install Oracle HTTP Server Standalone 10.1.2 at nodename proxy. During installation, chose Web Services 10.1.2.0.0 as a Product and Oracle HTTP Server (based on Apache 2.0) as an Installation Type. After installation, OHS Standalone is functional at URL: http://proxy.mycompany.com:7777
1. Navigate to OHS Standalone Home/ohs/conf directory. Edit httpd.conf to add following directives in respective sections.LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.soProxyRequests Off
Order deny, allow
Allow from all
ProxyPass / http://infra.mycompany.com:7777/
ProxyPassReverse / http://infra.mycompany.com:7777/
2. Restart OHS
At this stage Oracle HTTP Server Standalone will be functional.
Now let us made changes at OracleAS Infrastructure tier
1. Navigate to $ORACLE_HOME/Apache/Apache/conf directory.
2. Edit httpd.conf to modify following directives with corresponding values:
KeepAlive off
ServerName proxy.mycompany.com
Port 7777
3. Add VirtualHost directive at end of httpd.conf file:
RewriteEngine On
RewriteOptions inherit
4. Save the httpd.conf, and update DCM Repository:
$ dcmctl updateconfig –ct ohs –v –d
5. Modify SSO Server Home URL to reverse proxy hostname and port:
$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 7777
6. Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port:
$ORACLE_HOME/sso/bin/ssoreg.sh
-oracle_home_path $ORACLE_HOME
-site_name inf1012.infra.mycompany.com
-config_mod_osso TRUE
-mod_osso_url http://proxy.mycompany.com:7777
7. Login to OID using OIDADMIN, and change orcldasurlbase attribute (Location: Entry Management->cn=OracleContext->cn=Products->cn=DAS->cn=OperationURLs) to reflect reverse proxy hostname and port i.e. http://proxy.mycompany.com:7777
8. Update DCM Repository:
$ dcmctl updateconfig –ct ohs –v –d
9. Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier:
$ opmnctl restartproc process-type=HTTP_Server
$ opmnctl restartproc process-type=OC4J_Security
10. Verify by accessing the DAS and SSO Home using Reverse Proxy Hostname and Port:
SSO Home URL: http://proxy.mycompany.com:7777/pls/orasso
DAS URL: http://proxy.mycompany.com:7777/oiddas
11. Validate that login and logout URLs contains reverse proxy hostname and port only.
Now, let us re-configure OracleAS Middle-Tier to work with Reverse Proxy.
1. Re-register mod_osso at middle-tier:
$MID_ORACLE_HOME/sso/bin/ssoreg.sh
-site_name mid1012.portal.mycompany.com
-mod_osso_url http://portal.mycompany.com:7777
-config_mod_osso TRUE
-oracle_home_path $ORACLE_HOME
-admin_info cn=orcladmin
2. Re-register Portal with SSO Server:
$ ptlconfig -dad portal -pw -sso -host portal.mycompany.com -port 7777You need to retrieve Portal Schema password to execute the above command.
3. Clear Portal Cache
a. Stop all the middle-tier processes
b. Delete the content of following directories at Middle-Tier Home:
$ORACLE_HOME/Apache/modplsql/cache/plsql
$ORACLE_HOME/Apache/modplsql/cache/session
c. Start the middle-tier processes
d. Login to Portal as admin user, and navigate to Administration tab.
e. Click Global Settings link, and click on Cache tab.
f. Scroll down and select the checkbox Clear the entire Web Cache.
g. Click Apply, and then OK.
4. Update Cache for OID Parameters in Portal
a. Login to Portal as admin user, and navigate to Administration tab.
b. Click Global Settings link, and click on SSO/OID tab.
c. Scroll down, and select check box Refresh Cache for OID Parameters.
d. Click Apply.
e. Verify that DAS Host Name parameter in Cache for OID Parameters section is showing reverse proxy hostname and port.
5. Validate the Portal Logout link. It should contain reverse proxy hostname and port.
So, this completes our setup of Reverse Proxy in front of OracleAS Infrastructure Services.
Put Infrastructure In Place December 15, 2006
Posted by Manpreet Johal in Identity Management, Oracle Application Server.1 comment so far
OracleAS Infrastructure Services, logical component of Oracle Application Server 10g, provides security services for OracleAS Middle-Tier applications as well as external applications integrated with OracleAS Infrastructure services. OracleAS Infrastructure has evolved to a state where it can be deployed along with other Identity Management products like Microsoft AD and SunONE Directory Server.
It can be broken down into two sub-components:- Oracle Identity management: Group of applications providing authentication, authorization, policy definition, policy enforcement, entity lifecycle management for integrated applications e.g. OracleAS Portal, Oracle Database, E-Business Suite, Oracle Collaboration Suite, and third party applications.
Brief description of Identity Management Components:
o Oracle HTTP Server: It provides web-interface for Infrastructure Services e.g. Delegated Administration Service and Single Sign-On. OHS is based on Apache 1.3.31. This is not a standard Apache available at http://www.apache.org/. It does contains Oracle’s extensions to standard Apache.
o Oracle Internet Directory: At core of Oracle IDM Infrastructure, an LDAPv3 Directory Service, providing LDAP interface for storage and retrieval of applications configuration data. It stores information about Users, Groups, Network Configurations, Databases, OracleAS Products, and Access Control Lists etc. It stores that complete information in Oracle Database known as OracleAS Metadata Repository. In other words, Oracle Internet Directory is an application running on Oracle Database.
o Oracle Delegated Administration Service: This is a web-based Self Service Console to define users, groups, realms, and configuration entries for custom object classes. In other words, this is a web interface for Users Management of Users data stored in Oracle Internet Directory.
o Directory Integration: A very useful component of IDM stack. Using this you can integrate your Oracle Internet Directory with 3rd Party Directory Services like Microsoft AD, SunONE Directory etc. You can push data from OID to other directories as well as pull data from them.
o Oracle Directory Integration Provisioning Service: Alongwith its counterpart Directory Integration, DIP Service extends the integration capabilities. DIP will help you to achieve integration of Oracle E-Business Suite with Oracle Internet Directory for synchronization of Users data.
o OracleAS Single Sign-On: A gateway to OracleAS Identity Management for web-applications. It protects the web resources of Oracle Application Server like Portal, Delegated Administration Service (Partner Applications) and third-party applications like Yahoo Mail (External Applications)
o Oracle Certificate Authority: A component to generate X.509V3 certificates for OracleAS.
Oracle Metadata Repository: It contains OracleAS configuration data stored in Oracle Database 10g. Alongwith configuration data, OracleAS components Schemas also reside in Metadata Repository. But these can be installed in another database as well, provided that has been prepared for, by Metadata Repository Creation Asisstant. By default, Portal schemas are installed in Metadata Repository.
During installation of OracleAS Infrastucture, Metadata Repository will be installed in Oracle Database 10g. OracleAS component uses this database. In order to store data for custom applications, you must use a separate database known as Customer Database. It helps in more granular control on both these databases.
OracleAS Infrastructure services can be deployed independent of OracleAS Middle-tier i.e. no need to deploy complete Oracle Application Server. To leverage the centralized storage of application Users and Groups, Oracle Internet Directory can be deployed. Alongwith Single Sign-On can be used protect web resources using same centralized Users and Groups information.
In past, Oracle has done couple of acquisitions that has really extended the Identity Management offering and solutions provided by Oracle.
My focus is to first explain the base Oracle Application Server product, followed by advanced topics, integration, and extensions.
Coming Up Next:
OracleAS Middle-Tier Services
Oracle Application Server Overview November 28, 2006
Posted by Manpreet Johal in Oracle Application Server.4 comments
Oracle Application Server 10g is a member of the Oracle Fusion Middleware family of products
Oracle Application Server 10g offers a comprehensive solution for developing, integrating, and deploying your enterprise’s applications, portals, and Web services. Based on a powerful and scalable J2EE server, Oracle Application Server 10g provides complete business integration and business intelligence suites, and best-of-breed portal software.
Figure: OracleAS Solutions Ecosystem
Oracle Application Server 10g consists of three logical-tiers i.e. Client-tier, OracleAS Business Applications or Middle-Tier, and OracleAS Infrastructure Tier. OracleAS tiers can be deployed on single host as well as tier components split onto various hosts for load balancing and scalability.
Figure: OracleAS Base Architecture
Oracle Identity Management software manages user authentication, authorization,and identity information. Functionally, its main components are:
■ OracleAS Single Sign-On
■ Oracle Delegated Administration Services
■ Oracle Internet Directory
■ Oracle Directory Integration and Provisioning
Architecturally, Oracle Identity Management can be broken down into a Web server tier of Oracle HTTP Server, an OracleAS Single Sign-On/Oracle Delegated Administration Services middle-tier composed of an Oracle Application Server Containers for J2EE (OC4J) instance for these security applications, and an Oracle Internet Directory/Oracle Directory Integration and Provisioning tier at the back end. The OracleAS Metadata Repository is an Oracle database that manages configuration, management, and product metadata for components throughout the OracleAS Infrastructure and OracleAS middle-tier.
The middle tier hosts most of Oracle Application Server business applications, such as:
■ Oracle Application Server Portal
■ Oracle Application Server Wireless
■ Oracle Application Server Integration
These applications rely on Oracle Identity Management and OracleAS Metadata Repository for security and metadata support. The middle tier also includes a Web caching sub-tier (Oracle Application Server Web Cache), a Web server sub-tier (Oracle HTTP Server), and OC4J instance(s). Behind the middle tier, the OracleAS Metadata Repository serves as the data tier.In actual deployments, other databases may also exist in the data tier (for example, a customer database for OC4J applications deployed on the middle tier).
First Post… November 28, 2006
Posted by Manpreet Johal in General.1 comment so far
Well, this is my first post to my first blog ever.
This is an attempt to put some technical insight into latest happenings in IT world related to Oracle technologies especially Oracle Application Server and Oracle E-Business Suite.
