2 WebLogic Servers

2.1.1.1 Change server template

To change the server template associated with a server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select General Settings.

5. Click Change and select the server template from the Server Templates dropdown menu.

6. Click Yes.

2.1.1.2 Specify a startup mode

The startup mode specifies the state in which a server instance should be started. The default is to start in the RUNNING state.

To specify the startup mode for a specific server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select General Settings.

5. On the General page, expand Advanced at the bottom of the page to display the advanced configuration options.

6. In the Startup Mode field, select:

   • Running: In the RUNNING state, a server offers its services to clients and can operate as a full member of a cluster.

   • Administration: In the ADMIN state, the server is up and running, but available only for administration operations, allowing you to perform server and application-level administration tasks without risk to running applications.

   • Standby: In the STANDBY mode, the server listens for administrative requests only on the domain-wide administration port and only accepts life cycle commands that transition the server instance to either the RUNNING or SHUTDOWN state. Other administration requests are not accepted. If you specify STANDBY, you must also enable the domain-wide administration port.

   For more information, see Configuration Options.

7. Click Save.

2.1.1.3 Configure listen addresses

To configure the listen address of a specific server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select General Settings.

5. On the General Settings page, enter a value in Listen Address.

   For more information, see Configuration Options.

6. Click Save.

2.1.1.4 Configure listen ports

To configure the listen ports of a specific server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select General Settings.

5. If you want to disable the non-SSL listen port so that the server listens only on the SSL listen port, deselect Listen Port Enabled. If you want to disable the SSL listen port so that the server listens only on the non-SSL listen port, deselect SSL Listen Port Enabled.

   Note:

   You cannot disable both the non-SSL listen port and the SSL listen port. At least one port must be active.

6. If you are using the non-SSL listen port and you want to modify the default port number, change the value in Listen Port.

7. If you want to modify the default SSL listen port number, change the value in SSL Listen Port.

   For more information, see Configuration Options.

8. Click Save.

2.1.1.5 Change server compiler options

To change the standard Java compiler values for a specific server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select General Settings.

5. On the General Settings page, update the Java Compiler field with the full path of the compiler to use for all applications hosted on this server that need to compile Java code.

6. Expand Advanced to display advanced configuration options.

7. Update the following compile options as necessary:

   • Prepend to classpath: Options to prepend to the Java compiler classpath when compiling Java code.

   • Append to classpath: Options to append to the Java compiler classpath when compiling Java code.

   • Extra RMI Compiler Options: Options passed to the RMIC compiler during server-side generation.

   • Extra EJB Compiler Options: Options passed to the EJB compiler during server-side generation.

   For more information about these fields, see Configuration Options.

8. Click Save.

2.1.8.1 Configure SAML 1.1 source services

Before you begin

You must first configure a SAML Credential Mapper V2 security provider in the server's security realm.

You can configure a WebLogic Server instance to function as a SAML source site. A SAML source site is a site that provides an Intersite Transfer Service (ITS). A source site generates assertions that are conveyed to a destination site using one of the single sign-on profiles.

To configure a server as a SAML source site:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Federation Services.

5. Select the SAML 1.1 Source Site page.

6. Select the Source Site Enabled attribute to cause this server to act as a source for SAML assertions.

7. From the SAML 1.1 Source Site page, you can also define other desired configuration settings for this server instance, such as:

   • Source Site URL

   • Signing Key Alias

   • Intersite Transfer URIs

   • ITS Requires SSL

   • Assertion Retrieval URIs

   • ARS Requires SSL

   • ARS Requires Two-Way SSL Authentication

   • Assertion Store Class Name

   • Assertion Store Properties

   For more information about these fields, see Configuration Options.

8. Click Save.

2.1.8.2 Configure SAML 1.1 destination services

Before you begin

You must first configure a SAML Identity Asserter V2 security provider in the server's security realm.

You can configure a WebLogic Server instance to function as a SAML destination site. A destination site can receive SAML assertions and use them to authenticate local subjects.

To configure a server as a SAML destination site:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Federation Services.

5. Select the SAML 1.1 Destination Site page.

6. Select the Destination Site Enabled attribute to enable the Assertion Consumer Service.

7. From the SAML 1.1 Destination Site page, you can also define other desired configuration settings for this server instance, such as:

   • Assertion Consumer URIs

   • ACS Requires SSL

   • SSL Client Identity Alias

   • POST Recipient Check Enabled

   • POST One-Use Check Enabled

   • Used Assertion Cache Class Name

   • Used Assertion Cache Properties

   For more information about these fields, see Configuration Options.

8. Click Save.

2.1.8.3 Configure SAML 2.0 general services

You can configure general SAML 2.0 services for a server. If you are configuring SAML 2.0 Web single sign-on services with your federated partners, the site information you configure is published in a metadata file that you send to your federated partners.

To configure the general SAML 2.0 properties of this server:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Federation Services.

5. Select the SAML 2.0 General page.

6. Select the Replicated Cache Enabled attribute to use the persistent cache for storing SAML 2.0 artifacts.

   This option is required if you are configuring SAML 2.0 services in two or more WebLogic Server instances in your domain. For example, if you are configuring SAML 2.0 services in a cluster, you must enable this option in each Managed Server instance individually.

   Note:

   If you are configuring SAML 2.0 services in two or more WebLogic Server instances in your domain, you must configure the RDBMS security store. The embedded LDAP server is not supported in these configurations.

7. In the Site Info section, enter the following information about your SAML 2.0 site:

   • Contact person details

   • Your organization's name and URL

   • The Published Site URL, which is the top-level URL for your site's SAML 2.0 service endpoints. This URL must be appended with the string /saml2, which will be automatically combined with constant suffixes to create full endpoint URLs.

8. In the Bindings section, enter the common binding information to be used by this SAML 2.0 server instance.

   If you do not specify a Transport Layer Security key alias and passphrase, the server's configured SSL private key alias and passphrase from the server's SSL configuration is used for the TLS alias by default.

9. If the Artifact binding is enabled for any SAML 2.0 security provider hosted on this server instance, define the Artifact Resolution Service settings in the Artifact Resolution Service section.

10. In the Single Sign-on section, enter the keystore alias and passphrase for the key to be used for signing documents sent to federated partners.

    If you do not specify a single sign-on signing key alias and passphrase, the server's configured SSL private key alias and passphrase from the server's SSL configuration is used by default.

    For more information, see Configuration Options.

11. Click Save.

After you finish

After you have configured this server's general SAML 2.0 services, select the SAML 2.0 Identity Provider page or the SAML 2.0 Service Provider page to configure this server as an Identity Provider or Service Provider, respectively.

For more information, see Configure SAML 2.0 Identity Provider services and Configure SAML 2.0 Service Provider services.

2.1.8.4 Configure SAML 2.0 Identity Provider services

You can configure a server instance in the role of SAML 2.0 Identity Provider. A SAML 2.0 Identity Provider creates, maintains, and manages identity information for principals, and provides principal authentication to other Service Provider partners within a federation by generating SAML 2.0 assertions for those partners.

To configure a server as a SAML 2.0 Identity Provider:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Federation Services.

5. Select the SAML 2.0 Identity Provider page.

6. Select the Enabled attribute to activate this server's SAML 2.0 services in the role of Identity Provider.

7. Select Only Accept Signed Authentication Requests if you want to ensure that any incoming authentication requests must be signed.

8. If you are using a custom login Web application to which unauthenticated requests are directed:

   • Select Login Customized.

   • Enter the URL of the custom login Web application.

   • Enter the login return query parameter

     The query parameter is a unique string that the SAML 2.0 services uses to hold the login return URL for the local single sign-on service servlet. (Note that, as an alternative, the login return URL can also be specified in the login Web application.)

9. Set the SAML bindings for which this server instance is enabled, and select the preferred binding type.

   For more information, see Configuration Options.

10. Click Save.

After you finish

Coordinate with your federated partners to ensure that the SAML bindings you have enabled for this SAML authority, as well as your requirements for signed documents, are compatible with your partners.

2.1.8.5 Configure SAML 2.0 Service Provider services

You can configure a WebLogic Server instances as a SAML 2.0 Service Provider. A Service Provider is a SAML authority that can receive SAML assertions and extract identity information from those assertions. The identity information can then be mapped to local Subjects, and optionally groups as well, that can be authenticated.

To configure a server as a SAML 2.0 Service Provider:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Federation Services.

5. Select the SAML 2.0 Service Provider page.

6. Select the Enabled attribute to activate SAML 2.0 services in this server instance in the role of Identity Provider.

7. Set the configuration options for the local SAML 2.0 Service Provider services as appropriate. Note the following:

   • Choose options for Always Sign Authentication Requests and Only Accept Signed Assertions as desired and in a manner that is coordinated with your federated partners so that authentication requests and assertions are accepted.

   • Communicate the SAML bindings settings for this server instance with your federated partners to ensure compatibility.

   For more information, see Configuration Options.

8. Click Save.

After you finish

Coordinate with your federated partners to ensure that the SAML bindings you have enabled for this SAML authority, as well as your requirements for signed documents, are compatible with your partners.

2.1.11.1 Enable native IO

To enable native IO for a specific server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Tuning.

5. On the Tuning page, if the Enable Native IO check box is not selected, select the check box.

   For more information, see Configuration Options.

6. Click Save.

2.1.11.2 Enable NIOSocketMuxer

To enable non-blocking IO for a specific server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Tuning.

5. Expand Advanced to access advanced tuning parameters.

6. Enter weblogic.socket.NIOSocketMuxer in the Muxer Class field.

   For more information, see Configuration Options.

7. Click Save.

2.1.11.3 Tune connection backlog buffering

You can tune the number of connection requests that a WebLogic Server instance will accept before refusing additional requests.

To tune connection backlog buffering for a specific server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Tuning.

5. Modify the Accept Backlog value as necessary to tune the number of TCP connections the server instance can buffer in the wait queue.

   • If many connections are dropped or refused at the client, and no other error messages are on the server, the Accept Backlog value might be set too low.

   • If you receive "connection refused" messages when you try to access WebLogic Server, raise the Accept Backlog value from the default by 25 percent. Continue increasing the value by 25 percent until the messages cease to appear.

   For more information about these fields, see Configuration Options.

6. Click Save.

2.1.11.4 Tune stuck thread detection behavior

WebLogic Server diagnoses a thread as stuck if it is continually working (not idle) for a set period of time. You can tune a server's thread detection behavior by changing the length of time before a thread is diagnosed as stuck, and by changing the frequency with which the server checks for stuck threads.

To configure stuck thread detection behavior for a specific server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Tuning.

5. From the Tuning page, update the following options as necessary:

   • Stuck Thread Max Time: Amount of time, in seconds, that a thread must be continually working before a server instance diagnoses a thread as being stuck.

   • Stuck Thread Timer Interval: Amount of time, in seconds, after which a server instance periodically scans threads to see if they have been continually working for the configured Stuck Thread Max Time.

   For more information about these fields, see Configuration Options.

6. Click Save.

2.1.11.5 Replicate domain configuration files for Managed Server independence

The server instance for which you configure Managed Server Independence (MSI) replication does not need to be running.

To configure a Managed Server to replicate a domain's configuration files:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Tuning.

5. On the Tuning page, click Advanced at the bottom of the page to display advanced configuration settings.

6. Ensure that the Managed Server Independence Enabled check box is selected.

   For more information, see Configuration Options.

7. Click Save.

After you finish

If the Managed Server is running, restart it.

2.1.16.1 Configure message buffering for Web services

To configure message buffering for Web services:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Web Services.

5. Select the Buffering page.

6. From the Buffering page, you can define the message buffering configuration properties for this server instance, such as:

   • Retry Count

   • Retry Delay

   • Request Queue Enabled

   • Request Queue Connection Factory JNDI Name

   • Request Queue Transaction Enabled

   • Response Queue Enabled

   • Response Queue Connection Factory JNDI Name

   • Response Queue Transaction Enabled

   For more information about these fields, see Configuration Options.

7. Click Save.

2.1.16.2 Configure Web service reliable messaging

Web service reliable messaging is a framework that enables an application running on one application server to reliably invoke a Web service running on another application server, assuming that both servers implement the WS-Reliable Messaging specification. Reliable is defined as the ability to guarantee message delivery between the two Web services. Use this page to customize reliable messaging configuration on the Web service endpoint.

To configure reliable messaging for Web services:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Web Services.

5. Select the Reliable Message page.

6. From the Reliable Messaging page, you can define the reliable messaging configuration properties for this server instance, such as:

   • Base Retransmission Interval

   • Enable Retransmission Exponential Backoff

   • Non-buffered Source

   • Non-buffered Destination

   • Acknowledgement Interval

   • Inactivity Timeout

   • Sequence Expiration

   For more information about these fields, see Configuration Options.

7. Click Save.

2.1.16.3 View logical stores

A logical store is a named unit of storage that provides the business configuration requirements and connects the Web service to the physical store and buffering queue.

To view the logical stores configured for this server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Web Services.

5. Select the Logical Stores page.

6. From the Logical Stores page, you can view configuration information for each logical store configured for this server instance, such as:

   • Name

   • Persistence Strategy

   • Request Buffering Queue JNDI Name

   • Response Buffering Queue JNDI Name

   • Default

   For more information about these fields, see Configuration Options.

2.1.18.1 Configure server protocol general settings

To configure general protocol settings for a server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Protocols.

5. Select the General Settings page.

6. From the General Settings page, you can define connections settings for various communication protocols that this server instance uses, such as:

   • Complete Message Timeout

   • Idle Connection Timeout

   • Enable Tunneling

   • Tunneling Client Ping

   • Tunneling Client Timeout

   • Maximum Message Size

   For more information about these fields, see Configuration Options.

7. Click Save.

2.1.18.2 Configure server HTTP settings

To configure HTTP protocol settings for a server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Protocols.

5. Select the HTTP page.

6. From the HTTP page, you can define the HTTP settings for this server instance, such as:

   • Default WebApp Context Root

   • Post Timeout

   • Max Post Size

   • Enable Keepalives

   • Duration

   • HTTPS Duration

   • Frontend Host

   • Frontend HTTP Port

   • Frontend HTTPS Port

   • WAP Enabled

   • Remote Address Override

   • Send Server Header

   • Accept Context Path in Get Real Path

   • HTTP Max Message Size

   • Enable Tunneling

   • Tunneling Client Ping

   • Tunneling Client Timeout

   For more information about these fields, see Configuration Options.

7. Click Save.

2.1.18.3 Configure server jCOM settings

To configure Java to COM (jCOM) protocol settings for a server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Protocols.

5. Select the jCOM page.

6. From the jCOM page, you can define jCOM protocol settings for this server instance, such as:

   • Enable COM

   • NT Authentication Host

   • Enable Native Mode

   • Verbose Logging Enabled

   • Enable Memory Logging

   • Prefetch Enumeration

   • Apartment Threaded

   For more information about these fields, see Configuration Options.

7. Click Save.

2.1.18.4 Configure server IIOP settings

To configure Internet Inter-ORB Protocol (IIOP) settings for a server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Protocols.

5. Select the IIOP page.

6. From the IIOP page, you can enable IIOP for this server instance.

   For more information about these fields, see Configuration Options.

   Optionally, expand Advanced to define advanced configuration settings for this server instance.

7. Click Save.

2.1.18.5 Monitor server network channel settings

To monitor network channel protocol settings for a server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Protocols.

5. Select the Channels page.

6. The Channels table displays information about each network channel that has been configured for this server instance, such as:

   • Name

   • Protocol

   • Enabled

   • Listen Address

   • Listen Port

   • Public Address

   • Public Port

   For more information about these fields, see Configuration Options.

7. Click Save.

2.1.18.6 Configure server network channel settings

To configure network channel protocol settings for a server instance:

1. From the Welcome Page, select Targets, then select Middleware.

2. In the Targets table, select your WebLogic domain. If prompted, enter your user credentials to log in to the WebLogic domain.

3. From the Target Navigation pane, select the server instance you want to configure.

4. From the WebLogic Server dropdown menu, select Administration, then select Protocols.

5. Select the Channels page.

6. In the Channels table, select the name of the channel you want to configure.

7. Select Configuration.

8. From the General page, you can define general configuration settings for the network channel, such as:

   • Name

   • Protocol

   • Listen Port

   • Listen Address

   • External Listen Address

   • External Listen Port

   • Enabled

   For more information about these fields, see Configuration Options.

   Optionally, expand Advanced to define advanced configuration settings for this network channel.

9. Click Save.

10. From the Security page, you can define security configuration options for the network channel, such as:

    • Two Way SSL Enabled

    • Client Certificate Enforced

    For more information about these fields, see Configuration Options.

    Optionally, expand Advanced to define advanced configuration settings for this network channel.

11. Click Save.