IBM BS029ML - WebSphere Portal Server Скачать руководство пользователя страница 123 | Manualshive

Страница: 123 / 242

background image

Chapter 4. WebSphere Portal security

109

When the traces are enabled statically, the trace specification should be shown at the top of
the log:

[8/2/07 11:51:32:609 EDT] 0000000a ManagerAdmin I TRAS0017I: The startup trace
state is
*=info:com.ibm.ws.wmm.*=all:com.ibm.websphere.wmm.*=all:WSMM=all:com.ibm.ws.securi
ty.*=all:com.ibm.wps.engine.commands.*=all:com.ibm.wps.puma.*=all:com.ibm.wps.serv
ices.puma.*=all:com.ibm.wps.services.authentication.*=all:com.ibm.wps.sso.*=all.

When the traces are enabled dynamically, there should be a line like the following:

[8/21/07 9:39:14:656 EDT] 00000046 ManagerAdmin I TRAS0018I: The trace state
has changed. The new trace state is
*=info:com.ibm.ws.wmm.*=all:com.ibm.websphere.wmm.*=all:WSMM=all:com.ibm.wps.ac.*=
all.

4.3.3 Tools for troubleshooting security problems

WebSphere Portal is a complex product set. To administer a site based on Portal, we assume
administrators are equipped with basic LDAP knowledge:

򐂰

Understanding the basic LDAP directory structure.

򐂰

Being able to use LDAP tools, such as ldapsearch or LDAP browser, to verify user and
groups, and to generate the output of a subtree, a user, or a group in LDAP Data
Interchange Format (LDIF).

򐂰

Understanding the meaning and implication of the common LDAP server return codes, or
at least being able to search them on the internet, such as:

– 4 - Sizelimit exceeded

– 10 - Referral

– 6 - No such attribute

– 32 - No such object

– 49 - Invalid credentials

– 50 - Insufficient access rights

– 53 - Unwilling to perform.

XMLaccess is a configuration and deployment tool provided only in WebSphere Portal. Under
certain circumstances, we recommend a full export using XMLaccess, especially for Portal
Access Control (PAC) related issues.

To debug single sign-on or session related problems, we frequently refer to the HTTP header
and cookie information. LiveHttpHeaders is a Firefox extension. It shows detailed data of what
comes into the browser and what goes out. The data captured by the tool would give us a lot
of debugging information about clients, cookies, protocols, URLs, and so on.

Tip:

The traces enabled statically can also be disabled at runtime using the admin console

or the Enable Tracing portlet.

«
...
121
122
123
124
125
...
»

Содержание BS029ML - WebSphere Portal Server

Страница 1: ...Guide Philip Monson Fang Feng Jerry Dancy Shadi Albouyeh Chakravarthy Kunapareddy Stephanie Martin James Roca John Chambers Key recommendations for optimal configuration and use Problem avoidance dete...

Страница 2: ......

Страница 3: ...International Technical Support Organization IBM WebSphere Portal V6 Self Help Guide January 2008 REDP 4339 00...

Страница 4: ...nt Users Restricted Rights Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp First Edition January 2008 This edition applies to IBM WebSphere Portal Version 6 Note Be...

Страница 5: ...characterization at the specification level 20 2 3 Operational architectures 21 2 3 1 Adopting a tiered architecture 21 2 3 2 Addressing scaleability and high availability 21 2 4 Portal deployment co...

Страница 6: ...security 74 3 3 3 What is about to happen 77 3 3 4 Is it working 79 3 4 Problem determination 80 3 4 1 Installation problem determination 80 3 4 2 Database transfer problem determination 81 3 4 3 LDAP...

Страница 7: ...component 160 5 3 2 JVM problems 160 5 3 3 Some common problems and workarounds 163 5 4 Portal administration tools 164 5 5 Runtime monitoring 168 5 5 1 What to monitor 168 5 5 2 Useful resources 168...

Страница 8: ...ctices 210 Fix strategy 211 Overview of the maintenance strategy 213 Our approach to maintenance 214 Overview of the fix strategy 215 Our approach to fixes 215 Some additional best practices 218 Migra...

Страница 9: ...ditions of the publication IBM may make improvements and or changes in the product s and or the program s described in this publication at any time without notice Any references in this information to...

Страница 10: ...oft Siebel and TopLink are registered trademarks of Oracle Corporation and or its affiliates Enterprise JavaBeans EJB Java JavaBeans JavaScript JDBC JMX JNI JSP JVM J2EE Solaris Sun and all Java based...

Страница 11: ...ise include Portal security system administration WebSphere Member Manager and XMLaccess He has been working with IBM for 11 years He holds a Doctor of Philosophy in Computer Science from Texas A M Un...

Страница 12: ...loped the Portal Perform guide for the IBM EMEA geography He is also credited with developing the Portal Build Validate method which when adopted minimizes implementation failure Most recently James t...

Страница 13: ...com redbooks residencies html Comments welcome Your comments are important to us We want our papers to be as helpful as possible Send us your comments about this paper or other IBM Redbooks publicatio...

Страница 14: ...xii IBM WebSphere Portal V6 Self Help Guide...

Страница 15: ...served 1 Chapter 1 Introduction This chapter provides you with an overview of this Redpaper highlights some of the new features in IBM WebSphere Portal Version 6 and provides a general description of...

Страница 16: ...nt When Why should I convert my portal server s from Cloudscape to an external database What can I do to optimize the runtime in my portal environment How do I convert my portal server s from a test L...

Страница 17: ...plications content business processes and people for a unified user experience WebSphere Portal improves overall productivity and customer satisfaction WebSphere Portal provides for improved operation...

Страница 18: ...ansactions faster Application templating and easier portlet development accelerates application deployment and customization through the innovative use of services oriented architecture SOA Inline con...

Страница 19: ...try or multiple user registries reducing the need for investing and implementing a directory consolidation solution Data Domains Portal now allows the separation of portal data into multiple domains D...

Страница 20: ...ation of WebSphere Portal Server using the flexible deployment options for the most common topologies WebSphere Portal Server provides a number of mechanisms to help keep your assets protected In Chap...

Страница 21: ...e included fixes to preventively fixes issues and when to switch to later releases to introduce additional features Performing regular backups is the surest way to protect your systems and critical da...

Страница 22: ...8 IBM WebSphere Portal V6 Self Help Guide...

Страница 23: ...h intimate knowledge of the challenges and pitfalls that go hand in hand with managing many large scale WebSphere Portal deployments this chapter sets out to provide the reader with an informed approa...

Страница 24: ...ble methodology Indeed the IBM Global Services Method GS Method or GSM has been the basis for many successful WebSphere Portal Server deployments However the merits and application of such methodologi...

Страница 25: ...rly challenging when an organization s core business is other than software development Indeed most organizations can no longer afford the time or the cost of development to write new applications eac...

Страница 26: ...anner An adapter is specific to a particular Enterprise Information System EIS and generally requires client code to be written to parse the proprietary format of the data provided by the EIS However...

Страница 27: ...xt Diagram as shown in Figure 2 1 Figure 2 1 System Context Diagram Figure 2 1 illustrates the various system components and most significant roles of the system Besides that it helps to identify in h...

Страница 28: ...rformance in all phases of a project life cycle to be successful For those customers finding themselves in the unfortunate situation of having selected and purchased bare metal systems without having...

Страница 29: ...ccess the solution at any given point in time Internally WebSphere Portal Server maintains a database entry for all registered users after their initial login No constraint other than the size of the...

Страница 30: ...val Rate It is important to recognize that it may be necessary to plan for such situations when many users simultaneously access the Portal solution at the same time This generally breaks any rule of...

Страница 31: ...Internet Explorer or Mozilla Firefox This component communicates with the solution through the HTTP HTTPS protocol receives responses in HTML format and renders them for the user The Internet Browser...

Страница 32: ...n environment that allows them to create edit and publish Web content Because knowledge owners have less dependence on technical resources they can publish content in a more timely and efficient way b...

Страница 33: ...business transactional interaction The data stored is relevant to the specific business interaction for example bank balance insurance information current purchase by the user and so on Portlet appli...

Страница 34: ...NFR capacity Hardware Example pSeries Operating System Example AIX 5L V5 3 0 0 0 3 Non Functional Requirements Availability Example Minimum of two physical nodes one in each data center configured as...

Страница 35: ...cial in terms of overall enterprise security and performance optimization As such it is strongly suggested that a n tier approach is adopted as the topology of choice for all high volume WebSphere Por...

Страница 36: ...Sphere Portal Server V6 0 x architecture of choice However maintaining continuous operation during periods of scheduled or unscheduled maintenance requires careful consideration As this implementation...

Страница 37: ...nd jcr are deployed alongside the release database domain Note that the JCR Repository exists in a different database The environment also hosts a LDAP directory server not shown which is highly avail...

Страница 38: ...h each Portal cluster supporting a different line of business The dual cluster with two lines of production architecture Deploying either a single clustered instance or a multiple clustered instance w...

Страница 39: ...3 Dual cluster architecture illustrating two lines of production Key features of this architecture are Two independent HTTP Server clusters HTTP Cluster A and HTTP Cluster B consisting of at least tw...

Страница 40: ...Sphere Portal Server V6 0 x this requirement is now a possibility Such a requirement however raises the question about how best to design an operational architecture that caters for such a global depl...

Страница 41: ...rchitecture The latest WebSphere Portal Server V6 0 1 deployment option includes support for WebSphere Extended Deployment V6 0 2 or WebSphere XD for short Such an architecture makes it possible to dy...

Страница 42: ...disaster recovery However unlike the approach detailed in 2 4 3 The dual cluster with two lines of production architecture on page 29 such a deployment does not normally see both sets of production s...

Страница 43: ...uster with two lines of production architecture The deployment of a dual clustered WebSphere Portal Server V6 0 x architecture with Two Lines of Production brings about distinct advantages when mainte...

Страница 44: ...does not yield an exact replica In certain situations this may be sufficient for a number of customers The recommended approach therefore for creating an exact replica of one environment to another in...

Страница 45: ...er of reasons To fully utilize the processing power of modern SMP servers Local redundancy Horizontal clustering By contrast horizontal clustering should be considered for the following reasons To ach...

Страница 46: ...e expensive both in terms of CPU and memory and thus usually only configured to handle a maximum of 10 20 connections simultaneously Each queue has the potential to become saturated There also exists...

Страница 47: ...between platforms may result in inappropriate comparisons If comparisons are made pay special attention to clock speed number of CPUs used and hardware manufacturer benchmarking data Take into accoun...

Страница 48: ...M heap Unlike previous versions of WebSphere Portal Server prior to V6 0 x which ran WCM as an integrated sub component there is no longer the need to create a separate WCM JCR database repository for...

Страница 49: ...Sphere Portal Server with a large JVM heap and a high Web Container thread pool In keeping with the IBM Proven Performance Tuning Methodology the recommendation is to reduce the JVM heap and the Web C...

Страница 50: ...e user s HttpSession As such it is possible to enable HttpSession failover support to facilitate maintaining a user s session when requests are failed over to a subsequent cluster member However argua...

Страница 51: ...wever the LTPA token is in itself subject to expiry even if a user s browser session is maintained The LTPA token effectively starts to time out immediately upon creation WebSphere Portal Server also...

Страница 52: ...dependence for Web based application security Provide the ability to control access to Web applications and content which may be hosted through multiple Web servers at the URL level Provide the abilit...

Страница 53: ...roxy server That is when a user logs into a WebSphere Portal Server solution protected by TAM it is actually the Tivoli WebSEAL server that performs the authentication task As such the key points for...

Страница 54: ...only one supported by the TAI Also note that the user password is not passed in the HTTP Header for security reasons After the TAI processing is successful WebSphere Application Server creates a user...

Страница 55: ...r V6 0 both the Policy Server and WebSEAL components with WebSphere Portal Server V6 0 1 WebSphere Portal Server login with Tivoli WebSEAL Most WebSphere Portal Server deployments include a number of...

Страница 56: ...ecognize that such a configuration does not extend to gracefully quiescing user requests from one or more back end systems when those systems need to be taken down for scheduled maintenance This is in...

Страница 57: ...otentially this could be revised to just dc acme dc com or even dc acme dc co dc uk It is anticipated that a number of organizational units OU would be needed at the topmost level to provide a degree...

Страница 58: ...ject class and could add other attributes such as Account Number Insurance Number and Employment Band This prevents potential conflicts when a new version of the directory is installed and the default...

Страница 59: ...minated master peer during normal operation However should the load balancer detect a failure of the master peer the load balancer will re route all requests to the alternate master peer During write...

Страница 60: ...instance but with the firewall idle timeout System Administrators should ensure that the tcp_keepidle system setting on each of the servers is smaller than the firewall idle timeout Failing this when...

Страница 61: ...Any user customization made against one cluster member regardless of the Line of Production or cluster by a user is now available to the same user as and when that user accesses any of the other clust...

Страница 62: ...entiating between distinct databases would allow any DBA to specifically tune and size that database accordingly A DB2 instance is a logical database server environment DB2 databases are created withi...

Страница 63: ...site http www ibm com servers eserver pseries library hacmp_docs html HADR DB2 High Availability Disaster Recovery HADR provides a new alternative for delivering a high availability solution by replic...

Страница 64: ...network is very important In this configuration a dedicated Gigabit Ethernet segment is used in conjunction with Network Interface Backup NIB for redundancy Note that an outage at the Log transfer ne...

Страница 65: ...mplementation We strongly recommend that a WebSphere Portal Server based implemention is treated as a complex infrastructure project from the outset For anything other than an out of the box implement...

Страница 66: ...ongoing concern All too often performance is disregarded until the performance tuning phase of a project resulting in a critical situation Consider performance testing those back end systems prior to...

Страница 67: ...e ensuring a smooth deployment is a key factor in satisfying any stakeholder A deployment and cutover plan as such should minimize the impact of the cutover with the stakeholder s staff existing produ...

Страница 68: ...54 IBM WebSphere Portal V6 Self Help Guide...

Страница 69: ...3 WebSphere Portal installation This chapter contains information that will guide you through the installation of your WebSphere Portal Server This chapter includes the following topics Installation D...

Страница 70: ...requirements to determine whether the software runs native or connected to the WebSphere Portal Supported hardware and software WebSphere Portal V6 0 software requirements http publib boulder ibm com...

Страница 71: ...wp f conf_gui html Console Interface http publib boulder ibm com infocenter wpdoc v6r0 topic com ibm wp ent doc wp f conf_console html Response File http publib boulder ibm com infocenter wpdoc v6r0 t...

Страница 72: ...247387 html Custom A more custom type of installation is to install a new version of WebSphere Portal Server on an existing instance of WebSphere Application Server Once you launch the install program...

Страница 73: ...07 5 32 48 PM MultiPlatform install com ibm wps install DetectWpsAction msg2 No WAS with WPS detected After the system completes validation the installer proceeds with the WebSphere Application Server...

Страница 74: ...bat action empty portal DPortalAdminPwd PASSWORD_REMOVED DWasPassword PASSWORD_REMOVED DLTPAPassword PASSWORD_REMOVED DskipWTP true Jul 31 2007 3 39 45 PM MultiPlatform install com ibm wps install Ex...

Страница 75: ...of the possible applications to stop are ServletInvoker war pickerPortlet war JspServer war mylist war QuickLinks war newsgroup war docviewer war FileServer war reminder war worldclock war Attention...

Страница 76: ...ing the files necessary to install WebSphere Portal and its supporting software are the electronic Service Delivery eSD sites These sites include Passport Advantage and Partner World which are linked...

Страница 77: ...http publib boulder ibm com infocenter wpdoc v6r0 topic com ibm wp ent doc wpf i nst_source html 3 1 4 Is it working In order to ensure a successful installation of WebSphere Portal we recommend that...

Страница 78: ...WebSphere Portal ConfigTrace log Most commonly the installation failures result from the configuration tasks that are executed during installation The wp_root log ConfigTrace log contains the generate...

Страница 79: ...wp600_244 2006 07 18 17 02 which follows with the confirmtaion that WebSphere Portal has been initialized 7 30 07 18 09 33 578 EDT 00000016 ServletWrappe A SRVE0242I wps wps portal Initialization suc...

Страница 80: ...Resource 2 value Resource x value Resource1 value Resource 2 value Resource x value Resource1 Referential Integrity Referential Integrity DB Schema Resource 2 Resource x Resource 1 abc Resource 2 Res...

Страница 81: ...nsfer of your database s from Cloudscape to an external database you should execute the following steps 1 If you have not done so already the first thing you should do before attempting to transfer yo...

Страница 82: ...h the values required in order to perform the database transfer as both methods will pull the information from these files Do not provide values for other parameters in the properties files other than...

Страница 83: ...tune your database management system 2 Assign an ID or privilege that will be used by WebSphere Portal Server s for system to system communications from the portal to the database 3 Create the WebSphe...

Страница 84: ...wmm Dwmm DbPassword password WPSconfig sh validate database driver Windows WPSconfig bat validate database connection wps Drelease DbPassword password Dcustomization DbPassword password Dcommunity Db...

Страница 85: ...his step If the problem you are facing is not related to incorrect values and you wish to troubleshoot the exceptions then refer to 3 4 Problem determination on page 80 for additional guidance 3 2 4 I...

Страница 86: ...targets For a discussion on external authentication solutions such as Tivoli Access Manager or Computer Associates eTrust Siteminder as well as other topics surround LDAP planning refer to 2 6 7 LDAP...

Страница 87: ...here Application Server console or failover will not occur successfully should the primary server suffer an outage LDAP Schema Design While it is possible to set up WebSphere Portal Server with only o...

Страница 88: ...to add additional attributes that do not correspond to a typical LDAP database The LookAside option is available when configuring LDAP security with realms or without Enabling LookAside can be done b...

Страница 89: ...the membership information used later to enable LDAP security 4 Connectivity check PING From the server in which you will enable security perform a ping test to verify the connection to your LDAP host...

Страница 90: ...information 10 Disable Security Run the disable security task using the command line or the wizard After the disable security task completes you should receive a BUILD SUCCESSFUL message indicating th...

Страница 91: ...LDAP or a Member Manager database already exists in the operational environment is configuration of security with a custom user registry At this point you should be ready to configure security having...

Страница 92: ...unning the task through the command line as shown in Example 3 7 Example 3 7 Specifying the password as a parameter WPSconfig sh bat task_name Dpassword_property_key password_value Once you have locat...

Страница 93: ...of the following two tasks for UNIX Windows Realm Support WPSconfig sh bat enable security wmmur ldap i5 OS WPSconfig sh profileName profile_root DPortalAdminPwd password DLTPAPassword password DLDAP...

Страница 94: ...successfully click the different links in the portal to make sure that no errors are received both in the browser and in the SystermErr log and SystemOut log files If you configured your LDAP registr...

Страница 95: ...al Server for remote connection to your databases your client should match the same levels as your database server If your server and clients are not at the required levels refer to 3 1 1 How do I pre...

Страница 96: ...ue is not isolated to the LDAP servers Not applying the required fixes Fix Packs for your portal environment can also cause errors during the enablement of security process and can affect the overall...

Страница 97: ...ix entry Confirm the privileges of your LDAPBind user if anonymous access is not allowed Failure to disable security before enabling security Before you can run the enable security task you must disab...

Страница 98: ...84 IBM WebSphere Portal V6 Self Help Guide...

Страница 99: ...fferent level of complexities To accommodate such a wide range of security requirements WebSphere Portal has provided a rich set of configuration options that integrate with different security infrast...

Страница 100: ...in a WebSphere Application Server It can leverage the underlying application server s powerful security infrastructure In addition WebSphere Portal security extended the security configuration provide...

Страница 101: ...act upon and manage profiles such as create read update remove and search members in the profile repository These services also support managing groups including assigning members to and unassigning...

Страница 102: ...N is unique and may be changed and reused After a member is deleted from Member Manager a new member can be created and reuse the memberDN of the deleted member An example of a memberDN of a Person Ja...

Страница 103: ...the Local Operating System user registry Lightweight Directory Access Protocol LDAP user registry and custom user registry CUR In some corporations the existing directory servers such as LDAP servers...

Страница 104: ...tion avoid the requirement of repeating authentication of the users This is where SSO comes into play The goal of single sign on is to provide a secure method of authenticating a user one time within...

Страница 105: ...al security or a combination of a form based login plus the client certificate to achieve a higher level of security In this section we describe the basic login flow in details and then give a short d...

Страница 106: ...that the Portal subject is not shared with applications besides WebSphere Portal The Portal subject is also passed on to the optional Portal JAAS login Depending on the configuration WebSphere Portal...

Страница 107: ...mmarized in Table 4 2 Table 4 2 PAC artifacts Other applications through SSO The LTPA in the client request triggers WebSphere Application Server to create the security context with the user credentia...

Страница 108: ...e decision module is triggered when a resource is accessed by a user Most of the permission configurations should be assigned to groups which is more efficient than assigning them to individual users...

Страница 109: ...configuration parameters are presented in CacheManagerService properties in portal_root shared app wp services properties jar These settings can be customized through WP CacheManagerService in the Web...

Страница 110: ...s put the network at risk by installing unauthorized software opening virus infected e mail attachments succumbing to social network attacks and so on When designing your Web sites based on WebSphere...

Страница 111: ...rs should seriously consider reconfiguring security with a commercially available LDAP server If the system will be put into production and performance is a major concern we do not recommend the datab...

Страница 112: ...nistrator user for WebSphere Application Server sometimes called Server ID You use this ID to start and stop the server and to log on to the administrative console for any administration configuration...

Страница 113: ...ould be updated in the Administrative Console Before the password is changed in LDAP you must have the Application Server running and already logged in to the Administrative Console After the password...

Страница 114: ...for at http www 306 ibm com software genservers portal support 4 2 5 Integration with Tivoli Access Manager TAM The most common configuration of the integration is for the portal to take advantage of...

Страница 115: ...he entries you entered into wpconfig properties are correct The configuration tasks in WebSphere Portal take the values of the parameters in the file to assemble and issue PDadmin commands based on th...

Страница 116: ...he tasks If there are special customizations required on the junctions created from the TAM side or special requirements on the TAI from the WebSphere side for example TAI manual steps are required If...

Страница 117: ...and the file system You should try to make these backups approximately at the same time if possible See Appendix B Maintenance Fix strategy backup strategy and migration strategy on page 207 for detai...

Страница 118: ...information as possible What is the problem How can you describe the problem Are there any error messages Is a screen capture available When did it happen Under what conditions was the problem observ...

Страница 119: ...are able to navigate to the administration portlets and conduct administration operations such as create pages search and add users and groups install portlets create virtual portals and so on The por...

Страница 120: ...strings are required we would suggest an analysis of the Java stacktrace following the error message s in the log The stacktrace should show certain calling code patterns that should give clues to wha...

Страница 121: ...e additional strings shown in Table 4 5 Table 4 5 Trace strings for security problems Problem Trace strings Portal application server startup com ibm ws security all without realm wmmbase com ibm ws s...

Страница 122: ...tal Analysis Enable Tracing as shown in Figure 4 6 Figure 4 6 Enable Tracing portlet The static approach requires a system restart which is not always desirable The dynamic option is preferred under s...

Страница 123: ...cture Being able to use LDAP tools such as ldapsearch or LDAP browser to verify user and groups and to generate the output of a subtree a user or a group in LDAP Data Interchange Format LDIF Understan...

Страница 124: ...profiles wp_profile UNIX Linux opt IBM WebSphere AppServer profiles wp_profile security xml This is the configuration file for the WebSphere Application Server global security Whenever a security prob...

Страница 125: ...of WMMUR Notice that the file locations in a cluster are different They must point to those under wsas_profile_root config wmm The trustAssociation stanza defines all the definitions of all the Trust...

Страница 126: ...erRegistry section This tells us that the administrator might have configured the LDAP without realm support before and the LDAP related configuration remains in the file This may not be necessarily b...

Страница 127: ...8492250 alias Portal_LTPA loginModules xmi id JAASLoginModule_1174328492594 moduleClassName com ibm ws security common auth module proxy WSLoginModuleProxy authenticationStrategy REQUIRED options xmi...

Страница 128: ...ccessing the datasources defined in JDBC providers at runtime admin authz xml This file is in the same directory as security xml It contains the users and groups for the administrative console adminis...

Страница 129: ...n a full manual synchronization from the Dmgr to push the changes to all nodes 5 Restart the cluster to make the change effective wmm xml This is the most important file for WMM configuration Any typo...

Страница 130: ...epositoryForGroups LDAP1 adminId uid bindid ou people ou dept o acme com adminPassword afacWLqg1trlbNupQsppiw ldapHost corpldap acme com ldapPort 389 ldapType 0 sslEnabled false sslTrustStore C WebSph...

Страница 131: ...his attribute defaults to the Relative Distinguished Name RDN in most cases but it is not necessary When WMMUR is configured this should be the same as the customer property wmmUserSecurityNameAttr re...

Страница 132: ...figuration tasks enable security wmmur ldap enable security wmmur db or enable security wmmur custom It must be set up manually by the Portal administrator after the security is configured An example...

Страница 133: ...trongly recommend encrypting the password using the WMM utility called wmm_encrypt bat sh An alternative to this approach of manually modifying the file wmmWASAdmin xml using an editor is using the ut...

Страница 134: ...og should look like the following 4 30 07 16 15 54 429 PDT 0000000a ApplicationMg A WSVR0200I Starting application wmmApp 4 30 07 16 15 55 728 PDT 0000000a EJBContainerI I WSVR0207I Preparing to start...

Страница 135: ...result in the failure of the portal servlet Usually failure of one or more individual portlet applications would not affect the entire portal server but some may affect the usage of the server such a...

Страница 136: ...In most cases the failure is due to the failed authentication of the WebSphere Application Server administration user Using LDAP tools like an LDAP browser or ldapsearch try to verify that the LDAP bi...

Страница 137: ...intermittent compare the success and failure cases such as the clients used access URLs time of the day and so on If there are recent configuration changes on the portal server the LDAP server the da...

Страница 138: ...al system we also suggest the traces to be enabled on other components such as LDAP HTTP server and External Security Manager ESM such as Tivoli Access Manager TAM In some extreme cases IP trace may b...

Страница 139: ...entifier ou people ou dept o acme com ou people ou dept o acme com sn sn Admin cn cn wpsadmin ibm primaryEmail ibm primaryEmail wpsadmin acme com uid uid wpsadmin givenName givenName wps preferredLang...

Страница 140: ...n in Example 4 16 Example 4 16 WMM returns the group to which the user belongs 8 3 07 11 27 54 750 EDT 00000040 WMM Trace Log com ibm ws wmm MemberRepositoryManager API MemberSet getGroupsForMember Me...

Страница 141: ...mupService from the WebSphere Application Server Administrative console and add a custom property with enabled as the name and true as the value You may also want to check the sizes of the Access Cont...

Страница 142: ...mm datatype MemberIdentifier com ibm websphere wmm da tatype StringSet 1 securityName WMMRealm testuser1 accessID user WMMRealm uid testuser1 ou people ou dept o acme com is not granted any of the req...

Страница 143: ...and manipulates the membership structure without directly accessing the back end user registry After the security is enabled and users are able to log in they often see problems of locating users or g...

Страница 144: ...user used in WMM configuration and password is the password for the bind user If you are able to search for users or groups by attributes but there is a problem of finding their membership informatio...

Страница 145: ...amic group support An example is groupOfURLs memberURL Another common cause of the search problem is SizeLimitExceededException In wmm xml a default maxSearchResults is defined to be 200 You can manua...

Страница 146: ...imilar to those in Example 4 20 Example 4 20 TAI is loaded successfully 8 17 07 16 44 35 608 EDT 2934440 TrustAssociat A SECJ0121I Trust Association Init class com ibm ws security web WebSealTrustAsso...

Страница 147: ...ministrative console select Security Global security JAAS Configuration Application Logins Portal_Login JAAS Login Modules com tivoli mts PDLoginModule Custom properties and add debug as the name and...

Страница 148: ...teps carefully When configuring SSL make sure you are very clear that in the handshake about which party is the client and which is the server A network diagram should be drawn to show the components...

Страница 149: ...set the JSSE trace add a custom property with the name javax net debug and value true in the WebSphere Application Server admin console for the JVM running Before verifying portal server applications...

Страница 150: ...136 IBM WebSphere Portal V6 Self Help Guide...

Страница 151: ...runtime and services In this chapter we discuss the WebSphere Portal Server V6 0 x runtime architecture and the important components that are involved We will also discuss optimizing the environment...

Страница 152: ...and portlets a user has access to and for assembling the appropriate page based on the request made The aggregator has several plug in points or filters with which customers may inject custom processi...

Страница 153: ...contains the majority of the JSPs responsible for providing the overall Portal look and feel WebSphere Member Manager WebSphere Member Manager WMM is the component of WebSphere Portal Server that man...

Страница 154: ...een want to read or want to share Users can create and edit documents without having to be logged in to WebSphere Portal Users can then upload the documents to Document Manager which allows other auth...

Страница 155: ...onfigured while installing WebSphere Portal Server Normally there should not be a need to modify any of the configuration parameters in the DataStore service One important property of the DataStore se...

Страница 156: ...To better balance processing power Document Conversion Services can be delegated to a remote server In this case the service is accessed simply with HTTP rather than SOAP or EJB Since WebSphere Portal...

Страница 157: ...hen only based on a thorough Java garbage collection GC analysis Remember If you use a big heap then garbage collection will be less frequent but much slower as there is more memory to search through...

Страница 158: ...tructure Java and Process Management Process Definition Java Virtual Machine The default and recommended values are shown in Table 5 2 Table 5 2 Additional IBM JVM settings The Xnoclassgc setting prev...

Страница 159: ...Just In Time JIT Compiled code Java Native Interface JNI code Native Thread Stacks Inflators Deflators GZipOutputStreams Class Loaded data IBM JVM CPU utilization If a system is observed to consume a...

Страница 160: ...equately sized to hold all class loaded data This includes classes loaded at Portal Server runtime startup and dynamically compiled JSPs If the Permanent generation becomes full a Full GC will result...

Страница 161: ...urated There also exists the possibility that if one of the back end queues saturates that it will have a knock on effect impacting the other queues in front For example it is not unusual that if a da...

Страница 162: ...nt after startup An examination of a Java thread dump will fail to show a thread count matching the minimum thread setting immediately after initialization To view or modify the Web container settings...

Страница 163: ...he default and recommended values Table 5 7 Web container custom property settings The ConnectionIOTimeOut setting can be used to override the maximum time in seconds that a Web container waits when t...

Страница 164: ...waiting for new connections the timeout is currently measured only on the request waiting at the head of the queue so if the queue is 10 deep the 10th request will wait for 10 timeout periods before...

Страница 165: ...token to honor subsequent requests that would otherwise require reauthentication However the LTPA token is in itself subject to expiry even if a user s browser session is maintained Effectively the LT...

Страница 166: ...value Table 5 10 Advanced LDAP settings 5 2 8 WebSphere session management tuning User interactions with WebSphere Portal Server are maintained through the use of a HttpSession This provides a way to...

Страница 167: ...constructing a Java object for the resulting entity after performing the necessary interaction with the underlying data store However Portal and Portlets do not interface with WMM directly Instead req...

Страница 168: ...ctory for example this is the memberOf attribute WMM can be configured to use this attribute when asked by WebSphere Portal Server for the groups for which a user is a member rather than doing an iter...

Страница 169: ...tal Configuration Services section of the WebSphere Portal Server Version 6 0 Information Center at http publib boulder ibm com infocenter wpdoc v6r0 topic com ibm wp ent doc wps s rvcfgref html LDAP...

Страница 170: ...e misses are observed for a concerned entry when viewed with Performance Viewer However one important parameter found under the Cache Manager Service property settings is the cacheglobal size directiv...

Страница 171: ...ct in enabling this functionality as the state must be persisted to the Portal database In most cases disabling this feature is acceptable as Portal navigation is more than intuitive for a user The Co...

Страница 172: ...ched response is considered stale in a user s browser Under certain circumstances it may prove necessary to create a session associated with the Portal anonymous front page This is achieved by setting...

Страница 173: ...Service Table 5 22 PUMA Service You should ensure that both the user minimum attributes and group minimum attributes settings contain the attributes deemed necessary for your requirements If Portal or...

Страница 174: ...ese components in place it is very important to narrow down exactly the failing component in case there is a problem 5 3 2 JVM problems Understanding JVM is very important because the IBM WebSphere pl...

Страница 175: ...being executed Use the verbose gc option to look at the state of the Java heap JVM signals in UNIX AIX and Solaris like other UNIX based operating systems make use of signals Signals are of course a m...

Страница 176: ...am where two threads DeadLockThread 0 and DeadLockThread 1 were unsuccessfully attempting to synchronize on two java lang Integers You can see in Example 5 3 on page 166 that DeadLockThread 1 has lock...

Страница 177: ...on about using tools to analyze hangs and crashes 5 3 3 Some common problems and workarounds There is ample information in the above mentioned IBM Redbooks publication and the InfoCenter about the pro...

Страница 178: ...ation portlets Portal administrative users can use the administration portlets to perform administrative tasks and actions on portal resources depending on the access rights that the administrative us...

Страница 179: ...ment backup refer to Appendix B Maintenance Fix strategy backup strategy and migration strategy on page 207 Overview of the portal configuration Cloning of a portal Copying parts of a configuration su...

Страница 180: ...ationException LDAP error code 49 Invalid Credentials This message can be misleading Solution The LDAP error message Invalid Credentials means that the user name or password are wrong It can also mean...

Страница 181: ...al Server V6 InfoCenter for more information about ReleaseBuilder at http publib boulder ibm com infocenter wpdoc v6r0 index jsp topic com ibm wp en t doc wpf dep_rbabout html Portal Scripting Interfa...

Страница 182: ...ortal and also some IBM tools such as IBM Tivoli Composite Application Management ITCAM and PV Performance Viewer 5 5 1 What to monitor It is very important to first understand what exactly needs to b...

Страница 183: ...reased self sufficiency Any improvement in self sufficiency will greatly increase the chances of reaching your companies project deadlines on a more consistent basis Here we outline the best practices...

Страница 184: ...nt when a problem occurs and research is required The tool is especially helpful when a problem requires interaction with the WebSphere Portal Server Level 2 Support team and a PMR and log collection...

Страница 185: ...r IBM and attach the collector file at the same time It is simple to do and yet extremely helpful for expediting a solution from IBM So whether you need to find information about a software fix collec...

Страница 186: ...ture in place on the machine itself ISA runs as a Web application on a small application server At startup the default behavior for the application server is to dynamically pick an open port The port...

Страница 187: ...at http www ibm com developerworks websphere techjournal 0706_supauth 0706_supau th html The ISA training from the IBM Education Assistant found at http publib boulder ibm com infocenter ieduasst v1r...

Страница 188: ...r feature to access the available plug ins For WebSphere Portal Server V6 0 we recommend that the following plug ins be installed WebSphere Portal V5 1 WebSphere Portal V6 0 WebSphere Application Serv...

Страница 189: ...ote customer self help 175 Next scroll down and choose the plug ins listed in Figure A 2 on page 174 and click the Install button to install the WebSphere Application Server and WebSphere Portal Serve...

Страница 190: ...The next best practice step is to get into the habit of opening ISA each morning you begin work Get in the habit of using ISA as your interface access into the world of WebSphere Portal Server suppor...

Страница 191: ...to understand any known pitfalls that may cause problems so you can avoid them if possible So in this example we will use the Search feature to search for the string database transfer oracle by enteri...

Страница 192: ...you have determined what you believe to be the most relevant and significant error stack from the logs The error stack you are focused on is shown here Caused by java sql SQLException Database wp601 n...

Страница 193: ...orks IBM Newsgroups and Forums Google Product Information Centers Since the error is occurring on WebSphere Portal Server V6 0 x we have limited the IBM Software Support Documents search to only WebSp...

Страница 194: ...search options click Search and wait for ISA to populate the results in the left hand pane as shown in Figure A 7 Figure A 7 Initial search results As you can see in Figure A 7 the search returns item...

Страница 195: ...der IBM Software Support Documents Let us check that result first since it is searching TechNotes So we click the result under IBM Software Support Documents and it shows the search results in the rig...

Страница 196: ...powerful collaboration mechanism By accessing the forum you now have access to the knowledge and experience of the collective WebSphere Portal Server user community Once in the WebSphere Portal Server...

Страница 197: ...that IBM Level 2 support uses to troubleshoot problems To gain access to the available tools you must first install the individual tool plug ins by using the Updater feature Once in the Updater featur...

Страница 198: ...mportant functions Proactively collects logs using the embedded Automated Problem Determination AutoPD log collection mechanism Opens new PMRs through the embedded Electronic Service Request ESR mecha...

Страница 199: ...he WebSphere Portal Server environment You attempt to use self help techniques and tools to resolve or rediscover the problem and determine a solution If self help techniques fail to resolve the probl...

Страница 200: ...attach the previous log collection to the PMR By doing this task the logs will be made available to the support team at the time the PMR is opened Attention Following this approach to attach the logs...

Страница 201: ...next step is to open a PMR with WebSphere Portal Server support To engage WebSphere Portal Server support use the Service feature within ISA to first collect the logs Since the ISA install is remote t...

Страница 202: ...ection type Once the log collection is complete move the zip file from the remote WebSphere Portal Server machine locally to the ISA machine Note Review the list of collection scripts and choose the o...

Страница 203: ...erested readers Administrators and users of IBM WebSphere Portal are encouraged to visit and monitor the product support page for not only the portal product itself but for all the supporting software...

Страница 204: ...ght column usually containing general IBM support information Across the top is the familiar breadcrumb trail that is useful in navigating through the layers of IBM Web pages as shown in Figure A 14 F...

Страница 205: ...k presents a list of all available downloads with the most recent added content at the top Visitors seeking more in depth information will find the links in the Learn section particularly useful These...

Страница 206: ...are using custom themes and skins throughout After assigning a new theme to the portal s Administration pages the administrator has been unable to assign access to a portlet when using the Manage Por...

Страница 207: ...try into the search box The results page looks like Figure A 18 Figure A 18 Results of the search One of the results number 6 at the time of this writing is shown in Figure A 19 Figure A 19 The answer...

Страница 208: ...ribing the components shown in number 3 s list above refer to the TechNote Explanation of Functional Areas and Components of IBM WebSphere Portal and WebSphere Portal Express version 6 0 http www ibm...

Страница 209: ...docview wss rs 688 uid swg21236371 as shown in Figure A 22 Figure A 22 MustGather Read first page This page is currently available for Versions 6 0 5 1 and 5 0 Future releases will be added as they be...

Страница 210: ...rtlets to use in your environment Some are free some are limited use and others are available for charge only Product support life cycle This page lists the various releases of the WebSphere Portal fa...

Страница 211: ...the Information Centers and abstracts for white papers and highlighted TechNotes It is often more useful to remember where you have seen some information for future reference rather than the complete...

Страница 212: ...phere Portal Server RSS feed is a great way to receive the most current news and technical updates about WebSphere Portal Server How do RSS feeds help The best way to state the value of RSS feeds is t...

Страница 213: ...s one place that leads you to the most accessed supported pages regardless of what IBM products you are using It allows you to quickly search your choice of content residing on several of IBM s server...

Страница 214: ...Support button allows quick access to general IBM support tools including IBM ID registration This tool is needed to access many IBM Web sites Electronic Service Request ESR This tool is used to manag...

Страница 215: ...tton WebSphere button The WebSphere button allows quick access to product specific support tools including Quick access to product specific software and support pages Quick access to newsgroups and fo...

Страница 216: ...fectively to meet your business requirements Modules consist of the following types of content Presentations many with audio Provide an overview of a product or technology or a more in depth look at a...

Страница 217: ...e following link http www 306 ibm com software info education assistant From this page you can link to content by brand See Figure A 28 Figure A 28 IBM Education Assistant main page Best practices Whe...

Страница 218: ...s a new tool that brings together all three of these support elements information tools and processes to help you solve problems in an easier and more consistent manner IGAA takes you step by step thr...

Страница 219: ...At each point along the path additional information is only a click away if you need specific details about any step in the problem determination workflow While the primary goal of IGAA is to guide yo...

Страница 220: ...t Practices can be found in this particularly useful document The Support Authority Introducing the IBM Guided Activity Assistant This document can be found at http www ibm com developerworks webspher...

Страница 221: ...rights reserved 207 Appendix B Maintenance Fix strategy backup strategy and migration strategy This appendix discusses best practice approaches and procedures used during the maintenance phase of a W...

Страница 222: ...nd node agents are stopped The remaining clustered nodes continue to operate and maintain 24x7 operations After the backups are complete on the first group of Portal nodes those nodes are brought back...

Страница 223: ...wo sections of five nodes each 4 Stop the individual Portal application servers on nodes 1 through 5 using the Deployment Manager Administrative Console 5 Stop the node agents for nodes 1 through 5 us...

Страница 224: ...Manager server from the command line Once again these steps are not meant to provide a detailed step by step procedure but rather an approach to implementing a backup and recovery procedure for WebSp...

Страница 225: ...nes an APAR as A formal report to IBM development of a problem caused by a suspected defect in a current unaltered release of an IBM program An APAR may also be used by development to document new fun...

Страница 226: ...ave a Refresh Pack available as well for existing customers to install into their existing environment Fix Pack This is the standard delivery for updates it has been fully regression tested by IBM pri...

Страница 227: ...the current list of recommendations for WebSphere Portal in the TechNote Recommended fixes and updates for WebSphere Portal 7007603 Customers are recommended to use this as a foundation for understand...

Страница 228: ...ng proven in their own QA systems When a new Fix Pack or other higher level MDV is available it is installed on a QA environment to begin thorough testing within the local environment to ensure no pro...

Страница 229: ...formation Center regarding the installation of fixes in a clustered environment as covered in the topic Installing interim fixes on a cluster node which can be found at http publib boulder ibm com inf...

Страница 230: ...the Web Page or Web Clipping portlet can be found by searching on the portlet s name on the catalog s main page as shown in Figure B 1 Figure B 1 Search box on the catalog The search results should i...

Страница 231: ...ot cover WebSphere Portal deployed on OS 390 It does however apply to the portal installed on the supported distributions of Linux on System z SUSE and Red Hat because the operating system is so simil...

Страница 232: ...oulder ibm com infocenter wpdoc v6r0 index jsp topic com ibm wp en t doc wpf portalupdateinstaller html Keep backup copies of the fixes you have installed also off of the server to which they have bee...

Страница 233: ...mote Log Collector utility http www 306 ibm com software support isa to capture the diagnostic data and log files necessary to find the root cause of the problem Appendix A Using IBM tools to find sol...

Страница 234: ...ortal Server artifacts that will be filtered out from the source server are the old WebSphere Portal Server administration portlets The last part of the core migration is importing the edited XML file...

Страница 235: ...lp identify the problem The following log files are used during the migration to track the progress of the migration task and will display errors that occur wp_root log MigrationMessages log wp_root l...

Страница 236: ...very common point of failure that can have several causes In this task the WebSphere Portal Server exports the groups from the V5 1 system to create an XML file that will then be used to import the g...

Страница 237: ...ime if your theme will require changes It is best to hold onto the file changes and add them after the migration finishes Custom portlets As with themes and skins most WebSphere Portal Server V5 1 por...

Страница 238: ...o contact WebSphere Portal Server Level 2 support Before doing this task it will speed the PMR resolution if you collect the WebSphere Portal Server V6 migration mustgather document before opening a P...

Страница 239: ...Migrating from V5 1 REDP 4227 WebSphere Portal V5 0 Production Deployment and Operations Guide SG24 6391 WebSphere Portal Version 6 Enterprise Scale Deployment Best Practices SG24 7387 WebSphere V3 5...

Страница 240: ...226 IBM WebSphere Portal V6 Self Help Guide...

Страница 241: ......

Страница 242: ...avoidance determination and resolution Best practices for security and maintenance This IBM Redpaper focuses on considerations for the optimal configuration and use of IBM WebSphere Portal Server We p...

Отзывы:

Нет отзывов

Похожие инструкции для BS029ML - WebSphere Portal Server

Бренд: EAW Страницы: 36

Work.Group/Windows 3

Бренд: Amanda Страницы: 106

COLDFUSION 5 - INSTALING AND CONFIGURING...

Бренд: MACROMEDIA Страницы: 160

Бренд: Omron Страницы: 4

CoPilot CoPilot Live Smartphone

Бренд: ALK Страницы: 42

DVD MOVIEFACTORY 3

Бренд: Ulead Страницы: 78

Бренд: EverFocus Страницы: 44

Бренд: TechSmith Страницы: 108

Бренд: FieldServer Страницы: 8

Бренд: LaCie Страницы: 6

FLEX BUILDER-USING FLEX BUILDER

Бренд: MACROMEDIA Страницы: 158

Бренд: Nintendo Страницы: 34

Multimaximizer L3-LL

Бренд: Waves Страницы: 26

SCAN TO PC DESKTOP 10

Бренд: Xerox Страницы: 4

Бренд: Oki Страницы: 2

Бренд: Datamax Страницы: 226

Retro Machines MK2

Бренд: Native Instruments Страницы: 19

Бренд: Canon Страницы: 131

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды