FAQ

Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal. The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service. There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:

1. At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
2. At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
   • login into the Muse Console for Applications Administration interface as the mcaa user.
   • go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
   • in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
   • re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.

To configure an application that uses username/password authentication method to use also IP authentication, one must do some configurations.

A) For Muse version 2500, the admin console can be used to add/edit the IP authentication of a Muse application:

– log into the MCAA console as a mcaa based user;

– select the desired Muse application, then click Login Modules;

– if the IP module is not enabled already, then click Add and then selectcom.edulib.ice.security.authentication.ICELoginModuleIP login module; click Add;

– click Edit to edit the ICELoginModuleIP module;

– click Edit User Access Rules and then Insert one by one the IP rules. They can consist in IP, IP classes or regular expressions that describe the needed range(s);

– click “Update”.

B) For Muse versions before 2500, the modifications to be done are:

– $MUSE_HOME/use/ice/jaas.config – locate application’s entry in this file. If not found, then you must add an entry for it. Supposing the application’s ID is appid, then the following entry must be added:

appid {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";
com.edulib.ice.security.authentication.ICELoginModuleIP required hosts="${ICE_HOME}/profiles/hosts.xml";
};

Note: if the above entry already exists for the appid application, then only the bold line must be added.

– $MUSE_HOME/use/ice/profiles/hosts – an entry like next must be added:

appid
IP or address template


Note: ‘IP or address template’ can be any of the following:
– a regular expression that will be matched against the IP address the connection is coming from. E.g. 217.156.14.* will match IP 217.156.14.2
– a regular expression that will be matched against the domain name of the IP address the connection is coming from. E.g. *.museglobal.ro.
– an address/mask notation that will be matched against the IP address the connection is coming from. The mask can be either a net-work mask or a plain number, specifying the number of 1’s at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0.
– E.g. 217.156.14.0/28 will match IP 217.156.14.2 and it is equivalent with 217.156.14.0/255.255.255.240
– E.g. 217.156.14.0/255.255.255.240 will match IP 217.156.14.2
As a consequence of IP authentication, one may want to facilitate IP access to the application without having the user to fill in every time the username/password fields. To do this, one can create a html page located in $MUSE_HOME/web/www/logon/appid/ directory. This page should contain a simple login form that submits itself on page load event. Eg:

The URL to access the autologon page is:

http://Muse_host:PORT/muse/logon/appid/autologon_page.html

where:

• Muse_host is the hostname of the Muse system;
• PORT is the port value on which Muse HTTP / Embedded Apache Tomcat server is configured to listen (default 8000);
• appid is the application ID;
• autologon_page.html is the page which contains the above HTML form.

The hosts.xml files are used to allow/deny access to different products from some IPs or classes of IPs. The client’s IP is tested against the rules in the hosts.xml file and the first one that matches is applied – all the following rules are ignored.

When getting the hostname related to a given IP the Java mechanism has a spoof protection that, sometimes, will not give optimal results.

The following situation will not give the expected results:
1. Java asks the DNS server for the hostname related to an IP address (reverse DNS)
2. When the DNS server replies with the hostname, Java asks the same DNS server for the IP address of that particular hostname
3. If the initial IP address and the one returned as the result of request #2 above do not match, then Java returns the initial IP address.

This process may interfere with the way we compare the client IP address against the ones stored in the hosts.xml file. Due to the above Java protection, some IP addresses will not match against a given domain even if their reverse DNS name belongs to that particular domain.

The ports that need to be locally accessible are:

1. 2100 – Muse Z39.50 Bridge

Configuration file: – ${MUSE_HOME}/z3950/MuseZBridge.xml

Note: This port works as a client for the Information Connection Engine (ICE) server, but it is also a server for all the Z39.50 clients connecting to it.

2. 2504 – Muse ICE Server

Configuration file: – ${ICE_HOME}/ICECore.xml

Files that contain references to this port:

${MUSE_HOME}/web/MusePeer.xml;

${MUSE_HOME}/use/tools/ICEClient.xml;

${MUSE_HOME}/z3950/MuseZBridge.properties

Note: This port is also configured in all Muse bridges used for the Muse ICE Server (in either one of the following two files) (${MUSE_HOME}//MuseBridge.xml and in ${MUSE_HOME}//MuseBridge.properties).
3. 2505 – 3000 – Muse ICE Server

Note: This is the control port for the Muse ICE Server. If it is not accessible, the next port is used, and so on. An error is retrieved if none of the ports up to 3000 can be opened.

4. 8001 –8004, 8006 – Custom XML Bridges

Configuration file: – ${MUSE_HOME}/http/conf/contexts.xml or ${MUSE_HOME}/tomcat/conf/server.xml; ${MUSE_HOME}//client/MuseClient.xml

5. 8005 – Muse Local Infobase Bridge

Configuration file: – ${MUSE_HOME}/http/conf/contexts.xml or ${MUSE_HOME}/tomcat/conf/server.xml

Files that contain references to this port: ${MUSE_HOME}/factory/SourceFactory.xml

Note: This port acts as a bridge, the communication protocol being XML.

6. 8007 – Muse Admin

Configuration file: ${MUSE_HOME}/http/conf/contexts.xml or ${MUSE_HOME}/tomcat/conf/server.xml

Note: This port handles XML connections.

7. 8010 – Muse HTTP Server

Configuration file: ${MUSE_HOME}/http/MuseHTTPServer.xml or ${MUSE_HOME}/tomcat/conf/server.xml

Note: This is the Muse HTTP Server or Tomcat control port.

Note: If you want to access some of the above Muse services from the Internet or from machines other than localhost, then the port(s) corresponding to the desired service must be open to the machine making the request.

Further information about this can be found in the "$MUSE_HOME/doc/Muse Advanced Configuration.pdf"document, “Server Type Ports Opened by Muse within Local LAN Scope” chapter.

The ports that need to be accessible from the Internet are:

1. 8000 – Apache Tomcat or Muse HTTP Server

Configuration file – ${MUSE_HOME}/tomcat/conf/server.xml or ${MUSE_HOME}/http/conf/contexts.xml

Files that contain references to this port:

• ${MUSE_HOME}/factory/MuseInfoBase.xml
• ${ICE_HOME}/ICECore.xml
• ${ICE_HOME}/jaas.config
• ${MUSE_HOME}/proxy/jaas.config
• ${MUSE_HOME}/web/MusePeer.xml

2. 8443 – Apache Tomcat or Muse HTTP Server

Configuration file – ${MUSE_HOME}/tomcat/conf/server.xml or ${MUSE_HOME}/http/conf/contexts.xml

Files that contain references to this port:

• ${MUSE_HOME}/web/MusePeer.xml
• ${MUSE_HOME}/enrich/MuseEnrichmentService.xml
• ${MUSE_HOME}/enrich/index/index.xml
• ${MUSE_HOME}/z3950/MuseZBridge.properties

3. 9797 – Muse Proxy

Configuration file – ${MUSE_HOME}/proxy/MuseProxy.xml

Files that contain references to this port:

• ${MUSE_HOME}/web/MusePeer.xml;
• ${MUSE_HOME}/enrich/MuseEnrichmentService.xml;
• ${MUSE_HOME}/enrich/index/index.xml;
• ${MUSE_HOME}/z3950/MuseZBridge.properties

Note: Also configured in all Muse bridges that use the MNM: (${MUSE_HOME}//MuseBridge.xml and in ${MUSE_HOME}//MuseBridge.properties).

Note: This is the secured mode of the Muse HTTP server (SSL connections).

Warning: One of the server type ports Muse opens for its components may be occupied by other server programs. One
such example is the Ajp12 connector from Tomcat. See “${MUSE_HOME}/doc/Muse External Servlets Engine (Tomcat).pdf" manual for further reference regarding the ports used by Tomcat.

Warning: If one of the Muse Servers fails to start the user is advised to check the log file for detailed information.
Finding the message below in the log file means that the port is already used by some other Application. When such a
situation occurs a reconfiguration is necessary to change the port used by the respective Muse server or by the already
existing service.
Cannot listen on port . Address already in use: JVM_Bind

Note: Not all ports are required by all Muse installations. They are required only if the corresponding components are installed. For example, port 9797 is only required if the Muse Proxy is installed.

Note: All server type ports can be remapped. The best way to accomplish this remapping is by using the Muse PostInstall Configuration package, which makes this process simple and ensures that the correct files are updated.

Further information about this can be found in the "$MUSE_HOME/doc/Muse Advanced Configuration.pdf"document, “Server Type Ports Opened by Muse within Internet Scope” chapter.