Portal server in HTTPS with SRA in a separate node
I have s SRA server on one node and a portal server in another node.
On the portal server node a rewriter proxy and a netlet proxy are also
installed.
I have activated the portal server to use HTTPS, I can access directly to it
by using https://myhost.domain.com/portal/dt, but I cannot start the
rewriter proxy nor the SRA itself. I activated the logs for the rewriter and
I have the following error :
<b>
1/17/06 12:40:20 PM CET: Thread[main,5,main]
ERROR: LoginException while creating Application session
com.sun.identity.authentication.spi.AuthLoginException(1):null
com.sun.identity.common.L10NMessageImpl(2):Failed to create new Authentication Context: Naming Servi
ce is not available.
com.sun.identity.common.L10NMessageImpl: Failed to create new Authentication Context: Naming Service
is not available.
at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java: 1256)
...
</b>
Does anyone know how to configure and to make it work for SRA and
Rewriter-Proxy when the portal server itself is in HTTPS ?
Any help would be appreciated.
Thank you.
[1230 byte] By [
jct266] at [2007-11-25 21:34:01]
# 2
Yes.
The problem is that the documentation is not very clear on the parameters I have to set, so
I tried several combination, but none of them work, the RW-Proxy does not want to start
and as a side effect the SRA server cannot start if the RW-Proxy is not active.
So the question is :
- is there a complete list of all files and parameters to change to activate SSL on the
portal, when SRA is in a separate node and RW-Proxy is used ?
Thank You.
# 4
The installation was made without HTTPS on the portal.
Due to a security evolution required by the customer, I have to set
also the portal on HTTPS. They use an internal FireWall that requires
HTTPS for the portal as well, since some of the data sent between the
SRA and the portal are confidential.
(It's in a bank, you know, and as far as security is concerned, they
have strong requiring !)
# 5
In fact, after some research and some tests, I was able to make it work.
I just want to let you know how.
First you have to set SSL on the WebServer (see in the WebServer doc).
Then you have to configure the 'AMConfig.properties' file for the portal server
and to change the following parameters :
com.iplanet.am.server.protocol=https
com.iplanet.am.server.port=443
com.iplanet.am.naming.url=https://myhost.dom.com:443/amserver/namingservice
com.iplanet.am.notification.url=https://myhost.dom.com:443/amserver/namingservi ce
com.iplanet.am.jssproxy.trustAllServerCerts=true
You have to do the same thing for the 'AMconfig-gwprofile.properties' and 'platform.conf.gwprofile' files for the Rewriter-Proxy (where gwprofile is the name
of your Gateway profile).
Then thru the console you have to set : Service Configuration > Platform > Server list
to https://myhost.dom.com:443|01
Then you restart the servers : Web Server, Rewriter-Proxy, Netlet-Proxy and it works.
The only thing that remains is to configure the SRA server:
Change the platform.conf.gwprofile and AMConfig-gwprofile.properties on the SRA machine, replace http by https and 80 by 443 for the portal server, restart the SRA
and : It works fine !
