===============================================================================
Oracle WebLogic Server iPlanet Web Server proxy plug-in version 1.1
===============================================================================
The README contains basic instructions for quickly setting up the iPlanet
plug-in to proxy request to a backend WebLogic Server (WLS). For detailed
information on the plug-in please refer to the online documentation for
the plug-in.
Contents of the zip
===================
The plugin zip distribution contains the following files -
README.txt (this file)
bin/orapki (orapki tool for configuring Oracle wallets)
jlib/*.jar (orapki helper java libraries)
lib/mod_wl.so (weblogic proxy module)
lib/*.so (helper libraries)
Prerequisites
=============
1. JDK6 - JAVA_HOME
(required for orapki tool usage only)
2. Oracle iPlanet Web Server 7.0.9 or higher - IPLANET_HOME
(iPlanet server listening on iplanet-host:iplanet-port)
3. iPlanet instance location - IPLANET_INSTANCE_HOME
eg. ${IPLANET_HOME}/https-foo
4. plug-in zip extract location - PLUGIN_HOME
(eg. /home/myhome/weblogic-plugins-1.1/)
5. WLS installation, could be on a different machine - WL_HOME
(listening on wls-host:wls-port,wls-secure-port)
with some application deployed on WLS instance.
(eg. mywebapp with my.jsp)
Configuring the iPlanet plug-in (for demo purposes only)
=======================================================
1. Edit ${IPLANET_INSTANCE_HOME}/config/magnus.conf file and
add the following
3. Ensure that the ${PLUGIN_HOME}/lib is included in the LD_LIBRARY_PATH and
LD_LIBRARY_PATH_64
> export LD_LIBRARY_PATH=/home/myhome/weblogic-plugin-1.1/lib:$(LD_LIBRARY_PATH)
> export LD_LIBRARY_PATH_64=/home/myhome/weblogic-plugin-1.1/lib:$(LD_LIBRARY_PATH_64)
(other options include copying the 'lib' contents to IPLANET_HOME/lib or
editing the IPLANET_INSTANCE_HOME/bin/startserv to update the
LD_LIBRARY_PATH and LD_LIBRARY_PATH_64)
4. Start the iPlanet server
> ${IPLANET_INSTANCE_HOME}/bin/startserv
5. Send a request to http://iplanet-host:iplanet-port/mywebapp/my.jsp
from the browser. Validate the response.
Configuring SSL with WebLogic Server demo trust CA
===================================================
NOTE that this is for demo purposes only. When used in production ensure that
trusted CAs are properly configured on the plug-in as well as on WebLogic
Server side
1. Create an Oracle Wallet with orapki utility
(run this command on the system where the plug-in is being configured)
> ${PLUGIN_HOME}/bin/orapki wallet create -wallet my-wallet
-auto_login_only
2. If the user who runs the iPlanet plug-in is not the same user that created
the wallet (or has ROOT account access), wallet creator would need to grant
access to the wallet by running the command 'chmod' after creating the
wallet.
For example:
> chmod a+r <wallet_path>\cwallet.sso
3. Import the CA into the Oracle Wallet - locate the Demo CA in WLS
installation at ${WL_HOME}/sever/lib/CertGenCA.der
> ${PLUGIN_HOME}/bin/orapki wallet add -wallet my-wallet -trusted_cert
-cert CertGenCA.der -auto_login_only
4. Enable SSL on the plug-in. Adjust the plug-in configuration in
${IPLANET_INSTANCE_HOME}/config/<vs-obj.conf> as follows
5. Send a request to http://iplanet-host:iplanet-port/mywebapp/my.jsp from the
browser. Validate the response.
Two-way SSL
===========
There is no configuration on the plug-in to enable two-way SSL. The plug-in
will send a user certificate (if it exists in the wallet) when WLS asks for
a user certificate. Follow the following additional steps to setup two-way SSL
1. Create a CSR (Certificate Signing Request) with the wallet.
2. Use the CSR to obtain a user certificate (self-signed or real CA signed)
3. Import the user certificate into the wallet.
4. Ensure that the CA (used to sign the user certificate) exists in the
WLS trust store.
5. Enable WLS for two-way SSL.
Refer to online docs for help on these steps.
Support and Patching
====================
When you encounter issues with the plug-in, ensure that you report the version
of the plug-in you are using. You can find this information in the iPlanet log
or the plug-in debug log (if configured). The version information will appear
like this -
WebLogic Server Plugin version 1.1, <WLSPLUGINS_XXXX_XXXX_XXXXX.XXXX>
A patch for plug-in will typically contain one or more shared objects to be
replaced. Ensure you backup your original files as you replace them with the
ones in the patch. Validate that the patch has been correctly updated by
checking the version string in the logs.