Tuesday, 20 December 2011

How to increase heap size in Weblogic

What is JAVA heap size ? 


Java heap is the heap size allocated to JVM applications which takes care of the new objects   
being created. If the objects being created exceed the heap size, it will throw an error saying memoryOutof Bound Java's default heap size limit is 128MB. 
If you need more than this, you should use the -Xms and -Xmx command line arguments when launching your program: 
java -Xms -Xmx
We can also give like in this format also.format is : -mx256m..Sometimes it will show error if you are using
java -Xms -Xmx format..In that case use -mx256m this.value can be changed..



In this post, I will show you how to increase the Heap size in Weblogic.

There are two ways to increase the heap size in weblogic.

If you are using the nodemanager then 

Login to the weblogic Administration console, then click on 

Servers --- ServerName --- General --- Remote Start Options and look for the Java Arguments 

Here you can add -512Xmx -512Xms to the java arguments. 
If you want to increase the heap size then alter these values from 512 to 1024 depending on your requirements.

If you do not have a nodemanager configured then follow the below mention steps.

Login the operating system , Under $domain_home/bin directory look for setDomainEnv.sh and add the following -512Xmx -512Xms to the java options.

There  are 2 different type of servers in Weblogic Server

1. Admin Server
2. Managed Server


Increasing JVM Size of Admin Server

JVM size of Admin server can be increased by changing Xmx and Xms  values in setDomainEnv.sh which is located in $MW_HOME/user_projects/domains/<Domain>/bin

There are two blocks for XMX and XMS in setDomainEnv.sh. Depending up on type of JVM make changes in second block. Below I changed the value of XMX and XMS of 64 Bit SUN Java to 2048 and 1024.

XMS_SUN_64BIT=”256?
export XMS_SUN_64BIT
XMS_SUN_32BIT=”256?
export XMS_SUN_32BIT
XMX_SUN_64BIT=”512?
export XMX_SUN_64BIT
XMX_SUN_32BIT=”512?
export XMX_SUN_32BIT

XMS_JROCKIT_64BIT=”256?
export XMS_JROCKIT_64BIT
XMS_JROCKIT_32BIT=”256?
export XMS_JROCKIT_32BIT
XMX_JROCKIT_64BIT=”512?
export XMX_JROCKIT_64BIT
XMX_JROCKIT_32BIT=”512?
export XMX_JROCKIT_32BIT

XMS_SUN_64BIT=”1024?
export XMS_SUN_64BIT
XMS_SUN_32BIT=”512?
export XMS_SUN_32BIT
XMX_SUN_64BIT=”2048?
export XMX_SUN_64BIT
XMX_SUN_32BIT=”1024?
export XMX_SUN_32BIT

XMS_JROCKIT_64BIT=”512?
export XMS_JROCKIT_64BIT
XMS_JROCKIT_32BIT=”512?
export XMS_JROCKIT_32BIT
XMX_JROCKIT_64BIT=”1024?
export XMX_JROCKIT_64BIT
XMX_JROCKIT_32BIT=”1024?
export XMX_JROCKIT_32BIT

Increasing JVM Size of Managed Server
JVM size of Managed Server  can  be increased from Weblogic console. This can be achieved  by adding 

Xmx and Xms values   start tab in Managed server shown as below

Servers 
Server-Name
Server Start
check the Arguments
























These changes will require a restart of the server.

If you have any query regarding this post, feel free to ask.



Sunday, 11 December 2011

Configure the Single Sign on in Weblogic



Single sign-on (SSO) is a property of  access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. 
Single sign-off is the reverse property whereby a single action of signing out terminates access to multiple software systems.
As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.

This post will show how you enable oracle single sign on
Prerequisites :
  • You have installed Oracle HTTP server 2.0 & Oracle Weblogic server 10.3 with application deployed.
You can download Oracle HTTP server 2.0 from Oracle 10g R3 Companion Disc



  • Single Sign on Server & OID 10.1.2


Download and Configure MOD_Weblogic
    • Download MOD_Weblogic from the below mention link using valid oracle account.


    • extract the corresponding platform mod_wl_20_so. Copy it to
$ORACLE_HOME/ohs/modules

    • Edit $ORACLE_HOME/ohs/conf/httpd.conf and add the following line under the last loadModule directive: LoadModule weblogic_module modules/mod_wl_20.so
    • At the end of $ORACLE_HOME/ohs/conf/httpd.conf file add the following directives        <ifModule mod_weblogic.c>
Weblogichost <Server_Name> e.g (localhost.oracle.com)

Weblogic Port 7001 (default)
this should match with HTTP server port where Weblogic server is running

<Location/sample>

SetHandler weblogic-handler

</Location>
    • Stop and start the HTTP_Server to pick up the changes
Configure MOD_OSSO

    • Manually register the application url with SSO
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path
$ORACLE_HOME -site_name localhost.oracle.com -config_mod_osso
TRUE -mod_osso_url http://localhost.oracle.com:7010 -verdose TRUE (Plase the conf file in the target Apache/conf/osso/

    • Add the below line in $ORACLE_HOME/ohs/conf/httpd.conf
LoadModule osso_module modules/mod_osso.so (Should be on TOP in DSO section).

    • Edit $ORACLE_HOME/ohs/conf/mod_osso.conf and lines to look like
<IfModule mod_osso.c>
OssoldleTimeout off
OssolpCheck off


#OssoRedirectByForm off
#OssoSecureCookies on
#OssoProtectedOnly on
#OssoSendCacheHeaders on
#OssoHttpFrontend on
#UseWebCachelp on

OssoConfigFile /oracle/ohs/conf/osso/osso.conf


<Location /ssotest>


Require valid-user
AuthType Basic
</Location>
<Location /private>


AuthType Basic
Require valid-user
</Location>
</IfModule>
<Location /sample>


Require valid-user
AuthType Basic
</Location>

    • Stop and start the Weblogic HTTP_Server to pick up the changes.

Configure OSSO Identity Asserter.


Login Weblogic Server Control Console as weblogic user

    • Add the following Providers to weblogic Domain for OSSO

OSSO Identity Asserter, DefaultAuthenticator & OID Autherticator
Adding OSSO Identity Asserter



      • Click Security Realms, Default Realm Name, Providers
      • Select New under the Authentication Provider table.
      • Enter a name for the new provider,select its type, and then click OK. e.g:
Name:OSSO Identity Asserter
Type: OSSOIdentityAsserter
OK


















In settings for OSSO Identity Assserter

      • Click Default Authentication Provider.
      • Set the control flag to OPTIONAL, and Save
      • Adding OIDAuthenticator.
Click New, and enter a name and type:
Name: OID Authenticator















      • Click the provider Specific tab & specify the following settings User Name Attribute: orcladmin (e.g)

Host : The Oracle Internet Directory hostname
Group Base DN: cn=Group,dc=cse,dc=oracel,dc=com
User Base DN: cn=users,dc=cse,dc=oracle,dc=com
Port: Oracle Internet Directory port


      • Reorder Provider After Stop & Restart Weblogic Server
Establishing Trust between Oracle Weblogic Server and other entities



  • Enter the syntax for the connection filter rules & Restart the weblogic server.
    • Configuring the application for the OSSO identity asserter
      • Locate the web.xml file the application EAR file.
      • Locate the auth-method for hte appropriate realm and enter CLIENT-CERT. e.g
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>myRealm</realm-name>
</login-config>
  • Save the file. redeploy & restart the application.
After this you can enjoy the SSO implementation using Weblogic.










Tuesday, 6 December 2011

How to recover the Weblogic Administration password

Follow the below mention steps to change the weblogic administration password.



For Weblogic server, during domain creation screen you create a user weblogic (this could be any name used during domain creation screen) and set password (user and password is stored in weblogic’s embedded LDAP server in hashed format which makes it impossible to decrypt) . This user (weblogic) is then used to login to Weblogic Console and acts as superuser for Weblogic Server including Fusion Middleware (FMW) applications like WebCenter, UCM, OBIEE, ODI …etc

What we do if you forgot password for this user after installation ? This post covers steps to create another user in Weblogic domain which will act as super user or create another user with same name (weblogic) with password of your choice.

 Note: This process will remove all users created in weblogic’s embedded LDAP server and there will only be one user (which will act as superuser) after doing below steps.

Steps to create another superuser in weblogic (when password of existing user is lost)

1. Shutdown WebLogic Server (If Running) - Optional Step

2. Login to WebLogic Server and set environment variable

cd $DOMAIN_HOME/bin   (where DOMAIN_HOME is directory in which your domain exists, default value is $MW_HOME/user_projects/domain/base_domain)
./setDomainEnv.sh

3. Create a initialization file using command

java weblogic.security.utils.AdminAccount <weblogic_username> <weblogic_user_password> .  
(Note the DOT at end of this command)

For Example
java weblogic.security.utils.AdminAccount weblogic welcome1 . 
(Note the DOT at end of this command)

This will create file  DefaultAuthenticatorInit.ldift in directory from which you executed this command .

4. Move file DefaultAuthenticatormyrealmInit.ldift  from $DOMAIN_HOME/security/ and replace it by  DefaultAuthenticatorInit.ldift generated in step 3

5. Move data directory under $DOMAIN_HOME/servers/<serverName>/datato another directory like data.bak (data directory contains files related to embedded LDAP and role mapping file). Replace <serverName> with Weblogic Server like AdminServer and managed server. Repeat this step for all managed servers which are part of this domain.
This step will remove all existing users/groups from Weblogic’s embedded LDAP server (recreate these users/groups in step 8)

6.Recreate boot.properites (if any) under$DOMAIN_HOME/servers/<serverName>/security with username and password created in step 3 above like
USERNAME=weblogic
PASSWORD=welcome1

7.Start (or restart) Admin Server and test if you can login to weblogic console using new username and password. 

8. Recreate any users/groups(which were part of default authenticator prior to new super user creation) or import existing users (from weblogic’s servers embedded LDAP server backup)