|
How can troubleshoot my Oracle9iAS
setup?
The following is a diagnosing Single Sign-On, OHS, Web cache and OiD dependency issues with Oracle9iAS Portal 9.0.X
Due
to the interdependency of Oracle9iAS Portal with the Oracle9iAS Single Sign-On Server, the Oracle
HTTP Server, the Oracle9iAS Web Cache and the Oracle Internet Directory (OiD) in Oracle9i
Application Server Release 2 (9.0.2), is difficult to identify sometimes where a problem lies.
In
this document we will find some quick tests that you can perform to
check the proper functionality of these products since wrong configuration or malfunctioning might
affect Oracle9iAS Portal functionality.
Troubleshooting
Oracle Portal 9.0.X
===================================
Portal
issues related with other Oracle Products like Oracle HTTP Server (OHS), Oracle9iAS Web Cache,
Oracle9iAS Single Sign-On Server or Oracle Internet Directory (OiD) are most likely to happen for
the following component’s instance:
From the Infrastructure instance:
- Oracle9iAS HTTP Server.
- Oracle9iAS Single Sign-On Server.
- Oracle Internet Directory (OiD).
From the Portal Mid-Tier instance:
- Oracle9iAS HTTP Server.
- Oracle9iAS Web Cache.
Checking
dependent products are up and running:
----------------------------------------------
1.
Checking the Oracle HTTP Server is Up.
- Go to the ORACLE_HOME/Apache/Apache/conf directory for the instance you need to check
(Portal Mid-Tier or Infrastructure instance).
- Search for the Listen Port entry at the end of the httpd.conf file
(there might be two Listen entries, look for the last one).
The default port is: Listen 7777
If the Mid-Tier is installed in the same machine of the Infrastructure then the default ports
are:
Infrastructure: Listen 7777
Mid-Tier: Listen 7779
- In the same httpd.conf file search for the ServerName entry at the end of the file.
- Enter the following URL to verify if the OHS is up and running:
http://<servername>:<Listen-port>/
where:
<servername> - Is the machine where the HTTP Server is located
(ServerName entry in httpd.conf file).
<Listen-port> - Is the Listen port number of the Oracle HTTP Server
(Listen
entry in the httpd.conf file).
If you cannot access this page verify that the Oracle HTTP Server is Up and running. You can
do this with Oracle Enterprise manager or with the following command:
$ dcmctl getstate -v
Output from this command should look like this:
Component Type
Up Status In
Sync Status
================================================================
1 HTTP Server
ohs Up True
2.
Checking the Oracle Web Cache is Up.
- Go to the ORACLE_HOME/Apache/Apache/conf directory for the Portal Mid-Tier instance.
- Search for the Port entry at the end of the httpd.conf file.
Default port is: Port 7778
- In the same httpd.conf file search for the ServerName entry at the end of the file.
- Go to the ORACLE_HOME/webcache directory for the Portal Mid-Tier instance.
- Search for the ADMINISTRATION string in the webcache.xml file.
The line should look like this:
<LISTEN IPADDR="ANY" PORT="4000" PRTYPE="ADMINISTRATION"/>
This line will show you the administration port for webcache.
Default port is: 4000
If the Mid-Tier is installed in the same machine of the Infrastructure then the default ports
is: 4003
- Test the following URLs to verify if the Oracle Web Cache is up and running:
http://<servername>:<webcache-Port>/
--> This URL should take you to the OHS Home Page.
http://<servername>:<webcache-Admin-Port>/
--> This URL should take you to the Webcache Admin Page.
You should be able to Login to the "Web Cache Manager" as:
userid: administrator (default password is administrator).
where:
<servername> - Is the machine where the HTTP Server is located
(ServerName entry in httpd.conf file for the Portal Mid-Tier instance).
<webcache-Port> - Is the port number of the Oracle HTTP Server
(Port entry in httpd.conf file for the Portal
Mid-Tier instance).
<webcache-Admin-Port> - Is the Administration Port number for webcache (Port entry for
"ADMINISTRATION" in webcache.xml file for the Portal in Mid-Tier instance).
If you cannot access any of these pages or you cannot login as administrator user to the
"Web Cache Manager" then verify that the Oracle Web cache for the Portal Mid-Tier instance
is Up and running. You can verify this with Oracle Enterprise Manager or with the following command:
$ webcachectl status
Output from this command should look like this:
Web Cache admin server is running as process XXXX.
...
Web Cache cache server is running as process YYYY.
3.
Checking the Oracle9iAS Single Sign-On Server is Up.
- Go to the ORACLE_HOME where the Single Sign-On Server is installed
(By default SSO is installed in the Infrastructure instance).
- Search for the Listen Port entry at the end of the file httpd.conf file under $ORACLE_HOME/Apache/Apache/conf
directory. Default port is: Port 7777
- In the same httpd.conf file search for the ServerName entry at the end of the file.
- Search for the Login Server instance DAD in the dads.conf file under $ORACLE_HOME/Apache/modplsql/conf
directory. Take note of the DAD name under the "Location" tag.
Default is: <Location /pls/orasso>
- Enter the following URL to verify if the Single Sign-On Server is up and running:
http://<servername>:<Listen-Port>/pls/<Single_Sign-On_DAD>
--> This URL should take you to the Single Sign-On Administration Page.
You should be able to Login to this page as:
userid: orcladmin (default password is the same as ias_admin user). where:
<servername> - Is the machine where the Single Sign-On Server is installed (ServerName
entry in httpd.conf file).
<Listen-port> - Is the Listen port number of the Oracle HTTP Server where the Single
Sign-On Server is installed (Listen entry in the httpd.conf file).
<Single_Sign-On_DAD> - Is the database access descriptor for the Single Sign-On schema.
Default is: orasso
If you cannot access this page and the OHS for the infrastructure instance is Up then you
need to verify the DAD information in the dads.conf file. Put
special attention to the following information:
i) Database Username.
ii) Database Password (this might be encrypted).
iii) Database Connect String.
An easy way to verify the DAD status is using Oracle Enterprise Manager. You can also update
DAD information using Oracle Enterprise manager. Is important that you be able to get to this page
and login as orcladmin user before attempting to login to Portal.
4.
Checking Oracle Internet Directory (OiD) is Up.
- Go to the ORACLE_HOME where the Oracle Internet Directory is installed (By default OID is
installed in the Infrastructure instance).
- Execute the following command to verify oid processes are Up and running: $ORACLE_HOME/ldap/bin/ldapcheck
You should see something like this:
Checking Oracle Internet Directory Processes ...
Process oidmon is Alive as PID XXXX
Process oidldapd is Alive as PID YYYY
Process oidldapd is Alive as PID ZZZZ
Not Running ---- Process oidrepld <- This
process should be running only if OID Replication was setup.
5.
Checking Oracle Internet Directory (OiD) Delegated Administration
Service (oiddas) is Up.
- Go to the ORACLE_HOME where the Oracle Internet Directory is installed (By default OID is
installed in the Infrastructure instance).
- Search for the Listen Port entry at the end of the file httpd.conf file under $ORACLE_HOME/Apache/Apache/conf
directory. Default port is: Port 7777
- In the same httpd.conf file search for the ServerName entry at the end of the file.
- Enter the following URL to verify if the Oracle Internet Directory
Delegated Administration Service (oiddas) is up and running:
http://<servername>:<Listen-Port>/oiddas
where: <servername> - Is the machine where the Oracle Internet Directory (OID)is
installed (ServerName entry in httpd.conf file).
<Listen-port> - Is the Listen port number of the Oracle HTTP Server where OID is
installed (Listen entry in the httpd.conf file).
If you cannot access this page and the OHS is up then you need to be sure that the OID is Up
(See step 4 from this note).
*************
If
you have any issues with the previous tests or starting services for the Oracle HTTP Server, the
Oracle9iAS Web Cache, the Oracle9iAS Single-Sign-On Server or the Oracle Internet Directory (OiD)
then you need to search for specific information on the errors you have under that specific product
since this issues are not Portal specific. There are some good notes that you can use to verify the
correct setup of this products. See the "Related Documents" section at the end of this
document.
*************
Next
check is portal specific.
6.
Checking the OJ4J_Portal instance is Up.
- Go to the ORACLE_HOME for your Portal Mid-Tier instance.
- Execute the following command to verify if the Oc4J_Portal process exists and is running:
$ dcmctl getstate -v
Output from this command should look like this:
Component Type
Up Status In
Sync Status
================================================================
4 OC4J_Portal
oc4j Up
True
If you don't see the OC4J_Portal entry then your portal installation might be wrong.
If the entry for OC4J_Portal exists and status is Down then you need to start the process.
You can do this with Oracle Enterprise Manager or with the following command:
$ dcmctl start -cl
Additional
checks for Oracle9iAS Portal with Oracle9iAS Single Sign-On Server:
----------------------------------------------------------
Starting
with Oracle9i Application Server Release 2, Oracle9iAS Single Sign-On is considered a product
independent from Oracle9iAS Portal, and as such, you should verify the functionality of this product
in order for Oracle9iAS Portal to authenticate users.
Oracle9iAS
Portal is a partner application to the Oracle9iAS Single Sign-On Server. When Oracle9iAS Portal is
installed it is associated with the Oracle 9iAS Single Sign-On Server for authentication services.
Users
first gain access to the Single Sign-On server by entering the URL of Oracle9iAS Portal:
http://<servername>:<port>/pls/<portal_DAD>
where:
<servername> - Is the machine where the Portal Mid-Tier is located
(ServerName entry in httpd.conf file for the Portal
Mid-Tier instance).
<Port> - Is the port number of the Oracle HTTP Server for the Portal Mid-Tier instance
(Port entry in httpd.conf file). Default is 7778.
<portal_DAD> - Is the database access descriptor for the portal schema. (You should
have an entry for this DAD in the dads.conf file for the Portal Mid-Tier instance). The default DAD
is portal.
Entering
this URL invokes the Single Sign-On login screen. Once they have entered the correct user name and
password, users can gain access to other partner applications and to external applications without
having to provide credentials again.
If
you get access to the Portal Home Page but you cannot login, then you need to verify that the
Oracle9iAS Single Sign-On Server is working properly (See step 3 from this note).
Next
you will find some checks that you might perform to verify Oracle9iAS Single Sign-On functionality:
a)
Navigate to the administrative home page for Single Sign-On by typing the following URL:
http://<servername>:<Listen-port>/pls/<Single_Sign-On_DAD>
where:
<servername> - Is the machine where the Single Sign-On server is located. By default
SSO is installed in the Infrastructure.
(ServerName entry in httpd.conf file).
<Listen-port> - Is the Listen port number of the Oracle HTTP Server where the Single
Sign-On Server is installed (Listen entry in the httpd.conf file - Infrastructure by default).
Default port is 7777.
<Single_Sign-On_DAD> - Is the database access descriptor for the Single Sign-On schema
(You should have an entry for this DAD in the dads.conf file where the Single Sign-On Server is
installed - Infrastructure by default). The default DAD is orasso.
You should be able to get to this page if the Oracle9iAS Single Sign-On Server is up and
running.
If you cannot access this page then you need to correct these issue before attempting to
connect to Oracle Portal.
b)
If you get access to the administrative home page for Single Sign-On try connecting as orcladmin
user. Default password is the same as ias_admin user.
If you cannot login then you need to correct these issue before attempting to connect to
Oracle Portal.
c)
If you get access to the administrative home page for Single Sign-On and you were able to connect as
orcladmin user then try to connect as portal user. Default password is the same as ias_admin user.
If you can login as portal user from this page but you cannot login from Oracle Portal Home
Page then you need to verify the existence of an Oracle9iAS Portal Partner application in the
Oracle9iAS Single Sign-On Server and that the information for the partner application is correct.
If you cannot login as portal user from this page then you need to perform additional checks
with Oracle Internet Directory (OiD). See later on this document for more information.
Additional
checks for Oracle Internet Directory (OiD):
------------------------------------------------------
In
Oracle9iAS, Release 2, Single Sign-On authentication is directory based, this means that user names
and passwords are managed in Oracle Internet Directory.
So
if you have any issues login from the administrative home page for Single Sign-On next check will be
to test if the user exists in OiD.
To
verify this you can perform the following tests:
a)
Verify if the portal user and password are recognized in OiD.
- Go to the ORACLE_HOME where the Oracle Internet Directory is installed (By default OID is
installed in the Infrastructure instance).
- Search for the PORT_NUMBER entry in the das.properties file
under $ORACLE_HOME/ldap/das directory. Default port is: Port 4032
- Execute the following command to verify if the portal user exists in OiD and the password
is correct:
ldapbind -p <oid_port> -D cn=<portal_user>,cn=users,dc=us,dc=oracle,dc=com
-w <portal_user_password>
The output from this command should look like this:
--> bind successful
If the userid does not exist in OiD or the password is incorrect you will get the following
error:
--> ldap_bind: Invalid Credentials
where:
<oid_port> - Is the OID Port.
Default port is: 4032
<portal_user> - Is the portal user you want to verify.
Default
portal user is: portal
<portal_user_password> - Is the password for the portal user.
Default password for the portal user is the same password of ias_admin user.
If you get the "bind successful" message this means that the portal user exist in
OiD and that the password for that user is correct.
In this case if you cannot login from the administrative home page for Single Sign-On then
you need to search for specific errors with Oracle9iAS Single-Sign-On Server since this is not an
OiD or Portal specific issue.
If you get the "ldap_bind: Invalid Credentials" continue with the next check.
b)
Verify if the portal user exist in OiD.
You will need to do this check if you get the "Invalid Credentials" message in
previous step.
To verify if the portal user exists in OiD do the following:
- Go to the ORACLE_HOME where the Oracle Internet Directory is installed (By default OID is
installed in the Infrastructure instance).
- Execute the following command:
$ORACLE_HOME/bin/oidadmin
- Connect as orcladmin user.
Default password is same as ias_admin user.
- Navigate to the following entry:
+ Oracle Internet Directory Servers
+ cn=orcladmin@<oid_hostname>:<oid_port>
+ Entry Management
+ dc=com
... drill down until you see the following ...
+cn=Users
-->
You should see an entry for the portal user here.
If you don't see an entry for the portal user then Oracle9iAS Portal installation might be
wrong.
If you see an entry for the portal user then user password might be wrong. If that is the
case you can reset the portal password here.
Checking
the Oracle9iAS Portal Partner application in the Oracle9iAS Single Sign-On Server:
---------------------------------------------------------------
To
verify if the Oracle9iAS Portal is a partner application is correct do the following:
-
Navigate to the administrative home page for Single Sign-On by typing
the following URL:
http://<servername>:<Listen-port>/pls/<Single_Sign-On_DAD>
-
Login as orcladmin user.
-
Click on SSO Server Administration.
-
Click on Administer Partner Applications.
-
Look for an entry "Oracle Portal (portal)"
The schema might be different depending on your portal schema name.
-
Click on Edit.
-
Verify that the information there is correct.
Some fields to look at are:
Home URL: http://<servername>:<port>/pls/<portal-DAD>/portal.home
Success URL: http://<servername>:<port>/pls/<portal-DAD>/portal.wwsec_app_priv.process_signon
Logout URL: http://<servername>:<port>/pls/<portal-DAD>/portal.wwsec_app_priv.logout
where:
<servername> - Is the machine where the Portal Mid-Tier is located
(ServerName entry in httpd.conf file for the Portal
Mid-Tier instance).
<Port> - Is the port number of the Oracle HTTP Server for the Portal Mid-Tier instance
(Port entry in httpd.conf file). Default is 7778.
If using Web Cache with Portal see the following document:
--> Oracle9iAS Single Sign-On Release Notes
Release 2 (9.0.2)
Look at the following section:
--> Bug: Enabling Oracle9iAS Web Cache
<portal_DAD> - Is the database access descriptor for the portal schema. (You should
have an entry for this DAD in the dads.conf file for the Portal Mid-Tier instance). The default DAD
is portal.
If
the information for the partner application is incorrect then Oracle9iAS Portal installation might
be wrong.
If
you make a manual install you should verify that the wiring of Portal with the OiD and Login Server
was correct. This means verify that you provide the correct information.
Good Luck!
|