Creating a "Virtual Portal Server" Environment with a Single Installation

Scenario:

The Customer would like to create organizations in the portal server that correspond to different sites that are in different network domains. This is very similar to virtual web servers on the web server 6.1 product but instead it is “virtual portal servers.” An example of this would be creating two organizations in the portal server. One named org1 and the other named otherOrg. To access these organizations they want to have anonymous pages that are specific to each organization and they want to access org1 using the url: http://www.org1.com and otherOrg using the url: http://www.otherOrg.com

Assumptions:

  1. Both organizations are functioning properly and can be accessed and logged into using http://portalserver.domain.name:port/amserver/UI/Login?org=orgname

Solution:

Step 1:

Alias for the host names must be configure in the host table or in the DNS. Both www.org1.com and www.otherOrg.com must point to the ip address of the portal server.

Step 2:

Create the Organization (See “Creating an Organization”)

Step 3:

Create the authlessanonymous accounts for the organizations. (source of the following instructions can be found at http://docs.sun.com/source/817-5318/ch8.html)

To Enable Authentication-less (authlessanonymous) Log In
  1. Log in to the Identity Server software administration console as administrator.

  2. Create the authlessanonymous account with a password of authlessanonymous for the selected organization.

  3. Select the Service Configuration tab.

  4. Click on the Desktop node.

    The Desktop attributes page appears in the data pane.

  5. Add the following value to the Authorized Authentication-less user IDs attribute:

    uid=authlessanonymous,ou=People,dc=organization|authlessanonymous

    Substitute the appropriate organization name for organization.

  6. Set the Default Authentication-less user ID attribute to the following:

    uid=authlessanonymous,ou=People,dc=organization

    Substitute the appropriate organization name for organization.

  7. Log out from the Identity Server software administration console.

Step 4:

Make the following modifications in the Admin Console

  1. Loging to the Admin Console

  2. Select the “Service Configuration” tab

  3. Click on the arrow beside Platform

  4. Add the domain name to the Cookie Domains field. The format is to have two lines in the field. The first being .org1.com and the second being .otherOrg.com (Note: the . in front of the domain name) Make sure you save your changes

  5. Select the “Identity Management” tab

  6. Select the View Organization and select org1.

  7. This should bring up the organization org1 general information in the lower right hand frame. Add the external DNS name for the organization to the “DNS Alias Names” field. For org1 it would be www.org1.com. Save your changes.

  8. Select View Services in the left hand frame and click on the arrow beside of the core Authentication information.

  9. Make sure that the “Default Success Login URL” field contains %protocol://%host:%port/portal/dt or the hard coded value for the organization. i.e. http://www.org1.com/portal/dt Save your changes.

  10. Before leaving this screen make sure that LDAP is selected in the “Organization Authentication Modules” field.



Step 5:

Modify the AMConfig.properties file. This file is located at /etc/opt/SUNWam/config. Make a copy of the file and then edit the file and find the following line:

#com.sun.identity.server.fqdnMap[<invalid-name>]=<valid-name>

replace <invalid-name> with www.org1.com and replace <valid-name> with www.org1.com and remove the # and the begin of the line

for example the line would look like:

com.sun.identity.server.fqdnMap[www.org1.com]=www.org1.com

Step 6:

We must change the default Anonymous page that is displayed and also modify the template for the LoginProvider channel.

  1. Change to the /etc/opt/SUNWps/desktop/org1 directory

  2. Copy the LoginProvider channel from the default organization (if it does not already exists in the directory.) do this by typing cp -r ../default/LoginProvider .

  3. Replace the display.template file with this file: display.template (right mouse and do save as)

  4. Edit the display.template file and locate the line:

    <form action="http://<www.org1.com>:<port>/amserver/UI/Login?org=<org1>" target="_parent"

    and replace <www.org1.com> with the external host name being used for this organization and replace <port> with the correct port number. Make sure you do not leave the <> that are around the place holders.

  5. Change to the /etc/opt/SUNWps/desktop directory.

  6. Copy the anonymous folder to a new folder that will be used by our new authlessanonymous user. For example: cp -r anonymous anonymousOrg1

  7. Next we need to modify the display profile for the authlessanonymous portal to remove the edit buttons and other things that make no sense for an anonymous page. To do this change to directory /<installBase>/SUNWps/samples/desktop.

  8. do the following command:

    /sunONE/SUNWps/bin/dpadmin add -u "uid=amAdmin,ou=people,dc=sun,dc=com" -w <password> -d "uid=authlessanonymous,ou=People,o=<org1>,dc=sun,dc=com" dp-anon.xml

  9. Log in to the Admin Console

  10. Select the “Identity Management” tab. Then the Organization View and click on the new organization (org1).

  11. Select view Users and then click on the arrow beside of the authlessanonymous account that was create for this organization.

  12. In the lower right hand frame select view “Portal Desktop” then click edit

  13. Change the “Portal Desktop Type” field to the directory that was created in step 6 followed by the organization portal directory. So in our example it would be set to anonymousOrg1, org1 (Note: you must change the drop down box to customize or the changes will not be made) Make sure you save your changes.

  14. Create redirection files in the default webserver file (/<installBase>SUNWwbsvr/docs) that will cause the portal server to start the correct anonymous page. Click here for an example index.html file. or Right Click here and "save as" to download the file.

  15. Restart the web server. /<installBase>/SUNWwbsvr/https-<host-name>/stop and /opt/SUNWwbsvr/https-<host-name>/start

  16. To test with your browser go to http://www.org1.com/org1.html (or what ever you called the redirection file.)

Back to Menu