Change Listening Port for Oracle SSO Server

Technically, this article could go either here or on onemoretech, but since I learned how to do this in my capacity as directory manager, I’ll share it here.

By default, Oracle Application Server Release 2 and Oracle Identity Management Release 3 (10.1.2.0.1 and 10.1.4.0.1, respectively), install SSO so that the Apache web server listens on port 7777. There are many reasons you might want to change this, for example to force your users to use SSL (port 443) or just to keep things simple for the users (port 80). In my case the issue was a broken secondary SSO server that sat behind a hardware load balancer programmed to do a round-robin switch between the sec and the prime. In order to work on the server I needed to bring it up on an alternate port so the load balancer wouldn’t send people to it.

Here’s the procedure:

  1. Make sure the Oracle SSO is down, including OC4j_SECURITY and HTTP_Server. Change to the SSO system user (in my case, orainfra) and make sure you’ve got it’s environment (mapping $ORACLE_HOME and $ORACLE_SID to the right places). If you need to shut it down, do it elegantly and in a targetted way. Don’t just do an opmnctl shutdown, instead stop only the components we need down using opmnctl stopproc ias-component=HTTP_Server and opmnctl stopproc ias-component=OC4J.
  2. Edit $ORACLE_HOME/Apache/Apache/conf/httpd.conf to change the Port and Listen lines so they both read some other port (say, 10101).
  3. Read in the change with:

    $ORACLE_HOME/dcm/bin/dcmctl updateConfig -ct ohs

  4. Reconfigure SSO by issuing the following commands:
    $ORACLE_HOME/sso/bin/ssocfg.sh http myssosrv.example.com 10101

    $ORACLE_HOME/sso/bin/ssoreg.sh -site_name infra2.example.com -mod_osso_url http://myssosrv.example.com:10101 -config_mod_osso TRUE -oracle_home_path $ORACLE_HOME -u oracle -admin_info cn=orcladmin

  5. Startup HTTP_Server and OC4J using opmnctl startproc.
  6. Test by trying to log into the DAS console by going to http://myssosrv.example.com:10101/oiddas

So there it is.