Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
-1-
Note: While it is not explained in the documentation, you first must install the Middle Tier
11.1.1.2.0 version, and then patch it according to Patchset 12395115, available at
https://updates.oracle.com/download/12395115.html.
In addition to these components already installed on your system, you have to download the following
installation kits. You will find them by expanding the Prerequisites & Recommended Install Process
node on the WebCenter download page.
-3-
Download the installation kits for WebLogic Server 11g R1 (10.3.5), called
wls1035_oepe111172_linux32.bin.
-4-
Downloaded and uncompress both parts of the installation kit for Universal Content
Management 10g R1 (11.1.1.5.0), called
ofm_ecm_generic_11.1.1.5.0_disk1_1of2.zip and
ofm_ecm_generic_11.1.1.5.0_disk1_2of2.zip.
Overview
This tutorial will guide you through the process to create a distributed installation of WebCenter and
Content Server components for development purposes only.
The first step of creating this configuration was the installation of an Oracle R11 Release 2 Database,
which provides schemas for all the other components. In our setup it is located on the same machine,
host1, where the WebCenter is installed, but it can reside on a different host without any problem. The
database is accessed on the default TNS Listener port, 1521, and uses SQL*Net protocol which is
illustrated with orange lines.
Next came a WebLogic server domain: webcenter, which was extended with the Oracle WebCenter
components. The domain contains an AdminServer and four managed servers, WC_Spaces,
WC_Portlet, WC_Collaboration, and WC_Utilities. Each of these servers has an HTTP port. The
diagram illustrates that AdminServer uses port 7001, while WC_Spaces uses port 8888. HTTP
communication is illustrated with blue lines.
The domain currently contains only one machine: WC_Host. AdminServer and all the managed servers
are assigned to this host.
AdminServer has an Embedded LDAP server that will be used for the user repository.
Finally, you had to install an Oracle HTTP Server (OHS). As you will see later, it is used as a reverse
proxy in front of the WebLogic servers. At this stage you dont have to have it configured. Later we
will provide instructions on how to configure the reverse proxy. Note that although in our architecture
the HTTP server is installed on host1 machine, it can run on any other machine as long as the HTTP
protocol from the OHS can reach the WebLogic servers.
The following table summarizes the most important directories in the initial WebCenter installation.
We will refer to these locations later in the tutorial. Please replace the path with the actual path you
used in your installation.
Name
Path
MW_HOME
/apps/WC
Middleware
Home
WC_HOME
/apps/WC/Oracle_WC1
WebCenter
Home
-6-
WebCenter
Domain
Java Homes
WC_DOMAIN
/apps/WC/user_projects/domains/webcenter
JAVA_HOME
OHS Home
OHS_HOME
/apps/WC/jdk160_24
/apps/WC/jrockit_160_24_D1.1.2-4
/apps/WC/Oracle_WT1
Install ECM
The first step of the tutorial will be to install ECM components. After installing the software to ECM
Home, you will extend the existing WebCenter domain by adding two new managed servers,
UCM_server1 and IBR_server1, and a new machine, ECM_Host. You will assign the newly created
managed servers to this machine.
Lastly, you will physically copy the domain from host1 to host2 and start the new components there.
Note that the new managed servers will also listen to HTTP protocol, by default on ports 16200 and
16250. UCM_server1 also requires a database schema that was created earlier with RCU. In our simple
architecture, this schema is located in the same database where the other WebCenter-related schemas
are located, but for performance reasons, you may use a dedicated database for the Content Server.
Of course, if you have a powerful enough machine for development, you might decide to install all of
the managed servers on this machine. You can still follow this tutorial, but you have to skip the steps
where:
you will create a new machine definition (ECM_Host) and assign the two managed servers to
this machine.
you will physically copy the domain from host1 to host2.
Both UCM_server1 and IBR_server1 will use special sockets for internal communication, by default on
ports 4444 and 5555. IBR_server1 runs the Inbound Refinery which can convert various file formats to
PDF. You will configure Content Server, UCM_server1, to automatically send documents of various
types, like Microsoft Word and Microsoft PowerPoint, for conversion to the Inbound Refinery.
Finally, you will define how WebCenter Spaces connects to the Content Server, using the socket
protocol.
-8-
This is the complete architecture diagram after you complete the tutorial.
-9-
- 10 -
2. First you will see the ECM Suite installers Welcome screen. Click Next.
- 11 -
3. At the next step you could search for support updates. You will skip this step in the tutorial since
you are using the latest installer. Click Next.
4. Next the installer checks to ensure that your system meets the prerequisites for ECM installation.
If any of these steps fails, you will get a detailed problem report in the message pane at the bottom
right corner of the window. Fix all problems before restarting the installer.
When all the tests succeed, click Next.
- 12 -
5. In the next step you will specify the location of ECM home where the installer should copy the
required files.
First, from the drop-down list, select the middleware home directory where WebCenter is already
installed.
Next you can specify the root directory for the ECM files under the selected middleware home
directory. You can specify your own directory name; here we accept the default name that is
Oracle_ECM1. Click Next.
- 13 -
6. Before the installation starts, the summary screen lists the important parameters for the installation,
such as the root directories, required disk space, and components to be installed. Click Install.
- 14 -
7. During the installation, the Installation Progress window lists the steps the installer makes and
shows the progress bar. When the installation completes, click Next.
- 15 -
8. The last screen of the installer summarizes the installation. Click Finish to terminate the installer.
- 16 -
For the rest of the tutorial we will refer to the ECM home directory as
<ECM_HOME>=<MW_HOME>/Oracle_ECM1
Configure ECM
Once the ECM Home has been installed, you can extend the WebLogic Server domain to include ECM
components.
These steps are described in detail in Chapter 4 Configuring Oracle Enterprise Content Management
Suite of Oracle Fusion Middleware Installation Guide for Oracle Enterprise Content Management
Suite 11g Release 1 (11.1.1), available at
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14495/config.htm
9. In a graphical terminal window, go to the directory <ECM_HOME>/common/bin and execute the
config.sh script:
cd <ECM_HOME>/common/bin
./config.sh
Note: Make sure that you execute the script from the above directory since there are several other
config.sh scripts available under <MW_HOME>, <WC_HOME>, and <ECM_HOME> directories.
- 17 -
11. Now specify the components that will be created in the new domain. As we mentioned earlier, in
this practice we will install only two components of ECM that are essential to WebCerter: Content
Server and Inbound Refinery. Check the following products:
Oracle Universal Content Management Inbound Refinery
Oracle Universal Content Management Content Server
Note: In PS3 you also had to select Oracle Site Studio and Oracle Site Studio RIDC components,
but in PS4 they are automatically installed.
- 19 -
12. In the next step you have to provide access details to the database schema where the Content Server
will store the content and metadata. This is the schema (WC_OCS) that was created as a prerequisite
for this practice, using RCU. Note that for the products selected in the previous step, only a single
database schema is required.
If you created the schema in the recommended Oracle Database 11g Release 2, then accept the
default vendor and driver. Here are the values we provided during the practice. You might have to
change these values according to your deployment architecture and previous selections. See the
notes for each value.
Attribute
Example Value
Note
WC_OCS
Schema Owner
Use the schema name that was
created with RCU, typically
prefix_OCS
Schema Password
DBMS/Service
welcome1
orcl.us.oracle.com
Host Name
<database_host>
Port
1521
RAC schema
unchecked
13. In the next step the installer will test the database schema parameters by trying to access the
schema. At this point your database instance must be running.
Click Next when the test is successful or return to the previous screen and change the JDBC
connections attributes.
- 21 -
14. On the next screen you can select which optional configurations you perform on the WebLogic
Server domain. Here you will add a new machine to the domain and allocate the newly created
managed servers to this new machine.
Check the Managed Servers, Clusters and Machines option; the installer will enable you to
set/change these values. Click Next.
- 22 -
15. On the next screen you can configure the managed servers to be created. Note that the domain
already has four managed servers; now you will add two new managed servers. Here you can
change each servers name, listen address, and listen port. For enhanced security, you can also
enable SSL access to the server and define the SSL port.
In this tutorial, we suggest that you accept the default names and port numbers and do not use SSL
access. You have to change the listen address from localhost to the host name of host2
machine where the ECM components will run.
The two managed servers will have the following parameters:
Name
Listen Address
Listen Port
UCM_server1
16200
<host2>
IBR_server1
16250
<host2>
- 23 -
16. In the next step you could create a WebLogic Server cluster, but in this tutorial you will not use
clustering. Simply click Next.
- 24 -
17. In this step you will add a new machine to the WebLogic domain. Notice that you already have a
machine defined, the one where the WebCenter components, including AdminServer, were
installed and run.
Click the Add icon on the Unix Machine tab. Change the name of the machine to ECM_Host, for
example, and change the Node manager listen address to the actual hosts name, host2. Click
Next.
18. Assign the new managed servers to the newly created machine by shuffling UCM_server1 and
IBR_server1 servers from Server pane on the left to Machine pane on the right, under the new
machine, ECM_Host. Click Next.
- 25 -
19. You have finished setting the configuration options; the next screen will summarize the domains
parameters. Click Extend to start creating extending the domain.
- 26 -
20. The installer will display the installation steps and show a progression bar. After the successful
installation, it shows the root folder for the extended domain and the access port of the
administration server.
configure WebCenter.
Install ECM home. The steps are described at the beginning of this tutorial. Use the same path,
i.e., <ECM_HOME>. Do not configure the domain.
You might use different names for the template file and template name.
22. Copy the WC_template.jar file to host2, place it in the same directory where it resides in host1,
i.e., <MW_HOME>/oracle_common/common/bin.
Use Unix commands of your choice to copy the file. You can use ftp or scp (secure copy), like
the following example:
scp WC_template.jar \
<oracle_user>@<host2>:<MW_HOME>/oracle_common/common/bin
- 28 -
c. Wait until you see the message <Server started in RUNNING mode>
Note: When the server starts, it will automatically encrypt the credentials in the
boot.properties file.
25. Set up boot.properties file for both of the newly created servers.
Log in to host2, using graphical interface. In a terminal window, create the boot.properties file
similar to step 24/a. For example:
cd <WC_DOMAIN>/servers
mkdir -p UCM_server1/security
mkdir -p IBR_server1/security
cd UCM_server1/security/
vi boot.properties
cd <WC_DOMAIN>/bin
./startManagedWebLogic.sh UCM_server1 t3://<host1>:7001
This will start the managed server that runs the Content Server. Note that starting the managed
server requires access to the administrator server. The scripts second parameter defines the access
to the AdminServer using an internal protocol: t3.
Wait until the server is fully started, which is indicated by the same message as above.
The full syntax of the script is
./startManagedWebLogic.sh <SERVER_NAME> <ADMIN_URL>
You will be prompted to log in using the administrator users name and password.
29. You will see the initial configuration screen. This screen is displayed only the first time, you access
the servers Web interface.
On this screen all of the required parameters are set by default. Change them only if you really need
to. However, pay attention to the following two parameters:
- 30 -
which enables access from any machine, but in a production system change this to:
<host real IP address> | 0:0:0:0:0:0:0:1
There are 3 folders where the server keeps its data and temporary files. By default they are placed
under <WC_DOMAIN>, but you might want to relocate them to some other folder, <ECM_FILES>.
<ECM_FILES>/ucm/ibr/
Inbound Refinery Instance Folder
<ECM_FILES>/ucm/ibr/vault/
Native File Repository Location
<ECM_FILES>/ucm/ibr/weblayout/
Weblayout Folder
Finally, make a note of the Server Instance Name value, for example,
dadvmc0302usoraclecom16250. This will be needed when configuring the Content Server.
If you forgot to set these parameters on the initial configuration page or need to change them later,
you can edit the file <WC_DOMAIN>/ucm/ibr/config/config.cfg, for example:
SocketHostAddressSecurityFilter=*.*.*.*|0:0:0:0:0:0:0:1
IntradocServerPort=5555
32. Start the server by reissuing the same command as in step 27. Using your browser, access the
servers home page at http://<host2>:16250/ibr. Notice that the initial configuration screen
is not displayed again. Click Login and log in to the server as the administrator.
33. This is the administrator home page. Notice the red alert message advising you that you have to
configure the location of the font directory that will be used to convert documents to PDF format.
Next you will configure the font directory.
- 32 -
34. Expand the Conversion Settings node and click the Third-Party Application Settings link. Click
the Options button in the General OutsideIn Filter Options section.
35. You will see a popup window, provided your browser does not block popups. Here you can set the
General OutsideIn Options. Set the path to the directory where your system stores the True Type
fonts - *.ttf files. Different Linux installations might keep them at different locations. On the
system used for recording the practice, the path is /usr/share/X11/fonts/TTF. Another
typical location could be /usr/X11R6/lib/X11/fonts/TTF.
Click Update to set the font path and closes the popup.
- 33 -
36. Next you enable the PDFExportConverter component that is used to convert the native document
formats to PDF without using third party tools.
When you refresh the actual browser page, notice that the alert message about the font path setting
disappeared. Expand the Administration node and click Admin Server.
- 34 -
37. A new browser window will open with the Inbound Refinery Server Manager page. Click
Component Manager in the left column, and then check the PDFExportConverter option.
Finally, click Update.
38. After enabling this component, you have to restart the Inbound Refinery server. Restart the server
as you did in steps 31 and 32. After logging in to the servers Web interface, expand Conversion
Settings and click Primary Web-Viewable Rendition. Check Convert to PDF using PDF
Export option, and then click Update. This configures Inbound Refinery to use PDF Export to
convert any incoming files.
40. You have finished configuring the Inbound Refinery. Log out from your browser, but keep the
server running.
You will be prompted to log in using the administrator users name and password.
42. The initial server configuration page is displayed. Most of the required parameters are already set,
but you have to set or change some of the default values. Pay attention to the following parameters:
Server Socket Port
This is the port number where the Content Server will be accessed by other applications, for
example, in our architecture, by Oracle WebCenter Spaces or custom WebCenter Portal
applications. Set this parameter to the typical value of 4444. Choose another port if this port is
already used in your system.
Incoming Socket Connection Security Filter = 127.0.0.1|0:0:0:0:0:0:0:1
- 36 -
This parameter defines the IP addresses of the hosts from where Content Server will accept
connections on the server socket port. The default value defines the loopback address in IPv4
and IPv6 format.
You have to allow access from WebCenter Spaces and optionally from other hosts where
WebCenter Portal applications run. In this practice we changed it to
*.*.*.* | 0:0:0:0:0:0:0:1
which enables access from any machine. In a production system change this to:
<Spaces host real IP address> | 0:0:0:0:0:0:0:1
If you forgot to set these parameters on the initial configuration page or need to change them later,
you can edit the file <WC_DOMAIN>/ucm/cs/config/config.cfg, for example:
- 37 -
SocketHostAddressSecurityFilter=*.*.*.*|0:0:0:0:0:0:0:1
IntradocServerPort=4444
SearchIndexerEngineName=OracleTextSearch
43. After setting these parameters, click Submit. You will get the post-installation confirmation page.
45. This is the administrators home page. Expand the Administration node and click Admin Server.
- 38 -
46. This will open the Content Server Administration page in a new browser window. Click
Component Manager if another page is currently selected.
47. Enable the following components by selecting the check box in front of each:
a. DynamicConverter
b. DBSearchContainsOpSupport
c. SiteStudio
d. SiteStudioExternalApplications
e. DesktopIntegrationSuite
- 39 -
f. DesktopTag
g. FolderStructureArchive
h. Folders_g
i. InboundRefinerySupport, which is checked by default
Make sure that the WebCenterConfigure component is not checked.
Once you have checked all these components, click the Update button at the bottom of the page.
You will get a popup confirmation window. Click OK to enable the selected components.
Select the RoleEntityACL component from the list of the currently disabled components and click
Enable.
- 40 -
49. At this stage you have to restart Content Server. Log out from the browser; restart the server as you
did in step 44, and log in to the server as the administrator. Notice the alert message to rebuild the
index collection.
Expand the Administration node and click Admin Applets. Click Repository Manager.
50. Select the Indexer tab of the Repository Manager applet. Click Start in the Collection Rebuild
Cycle section.
- 41 -
51. In the popup window, do not check the Use fast rebuild option. Click OK. Wait until the index is
rebuilt. This is indicated by Finished state and Idle status.
52. Expand the Site Studio Administration node and click Set Default Project Information link.
You do not have to change any of the parameters, but until an update is performed, the
configuration metadata is not set. Click Update.
- 42 -
53. Similarly, update the default values for the Default Web Asset Document Information. Open this
page and click Update.
- 43 -
54. Click the Zone Fields Configuration under the Administration node. From the Text Fields pane
on the right, select Exclude From Lists and Web Sites, and move them to the Zone Text Fields
pane on the left. Click Update.
- 44 -
55. Access the Admin Server and open the Component Manager like you did in step 46. Check the
WebCenterConfigure option and click Update.
- 45 -
- 46 -
- 47 -
58. On the next screen you will provide the parameters for the outgoing provider. Set the following
parameters and keep the default value for the other parameters.
Parameter
Value
Note
Provider Name
<IBR instance name>
Use the instance name noted
when you configured the IBR
Server. (Step 29.)
Provider Description
any descriptive text
for example IBR Provider
Server Host Name
<host name>
Host name of the server where
you installed IBR
Server Port
<IBR port>
Server Socket Port of the IBR
Server, typically 5555
Instance Name
<IBR instance name>
Use the same instance name as for
the provider name
Relative Web Root
<IBR server Web root> Typically /ibr/
Handles Inbound
checked
Refinery Conversion
Jobs
- 48 -
59. Restart the Content Server as explained in step 44. Using your browser, log in to the Content Server
as the administrator. Open the Providers page and ensure that newly created providers status is
good.
- 49 -
60. As indicated by the alert message, you have to rebuild the search index. Use the Repository
Manager applet, as explained in steps 49 - 50.
61. Define which native file formats will be converted by the Inbound Refinery.
Remember that you configured the Inbound Refinery to use the PDF Export component for file
conversions. PDF Export can convert up to 35 file types to PDF. Here you can select which file
formats will be converted. Inbound Refinery can also create thumbnail images.
Content Server will send all files of the selected types to the Inbound Refinery for conversion when
the files are checked-in.
Click File Formats Wizard under the Refinery Administration node. File types are identified by
the files extension. Select all the document types you wish to have converted and all the image
types you need to have a thumbnail created. You can use the checkbox in the first row to select all
extensions. Finally click Update.
For example in our settings we checked the following documents types: doc, dot, docx, dotx,
ppt, pptx, rtf, xls, xlsx, and image types: bmp, gif, jpeg, jpg, png, tiff, tif.
- 50 -
- 51 -
When you install ECM in a different machine, like in this tutorial, or in a different WebLogic domain,
you have to create the connection manually.
62. Make sure that at least AdminServer and WC_Spaces are running on host1, and UCM_server1 is
running on host2.
Access the Enterprise Manager running in AdminServer. The URL is typically:
http://<host1>:7001/em
63. This is the Enterprise Manager home page. If you dont see the leftmost column, use the slider
handle to unhide it.
Note: In the screen shot, you can see that not the entire WebCenter instance is running.
- 52 -
64. In the left column, expand the nodes Farm_webcenter > WebCenter > WebCenter Spaces and
click the webcenter(11.1.1.4.0) link. This will open the WebCenter Space summary page.
- 53 -
65. From the WebCenter drop-down menu, select Settings > Service Configurations.
- 54 -
66. The WebCenter Service Configuration page summarizes all the services available in the WebCenter
Spaces application. Select Content Repository and note that currently there is no Content
Repository connection defined in WebCenter Spaces.
Should you find one connection, it means that the auto-configuration script created it when
WC_Spaces started. If this is the case, check the details of the connection and see if they are the
same as described below.
Click Add.
67. Create a new Content Repository connection with the following parameters. Leave the default
values for the other parameters not listed here.
Parameter
Value
Note
Connection Name
<connection name>
Use any descriptive name. Here
we used UCM
Repository Type
Oracle Content Server
Active Connection
checked
Content Administrator sysadmin
This is a built-in administrator
user
Root Folder
<root folder>
An arbitrary name, starting with
/. This will be the root folder for
all contents that are stored in
any of the group spaces. Here
we used /AcmeSpaces
Application Name
<application name>
An arbitrary descriptive name
for the WebCenter Spaces
application. This name will be
used as the security group name
for all the group space data. The
name will also be used as a
prefix for various security roles.
Here we used
AcmeWebCenterSpaces
Socket
<host2>
Server Port
Administrator User
Name
Server is running.
The port you configured for the
Content Server, typically 4444.
The context root part of the
URL that is used to access the
Content Server Web interface.
Typically /cs
sysadmin
68. Click Test. If the connection parameters are correct and the Content Server is accessible, you will
get the following popup message.
Click OK in the popup, and then OK on the connection page to create the new connection.
- 56 -
69. At this point you have to restart the WC_Spaces managed server in the WebCenter instance.
When WebCenter Spaces restarts, the auto-configure scripts will connect the Content Server and
check if the root folder and the required security settings already exist, as defined by the root folder
and application name parameters of the Content Repository connection. If both exist, WebCenter
Spaces assumes that the content server is properly configured. If none of them exists, the autoconfigure script will create all the necessary artifacts in the Content Server. If only the folder or the
security group exists, an error is reported in the log file and Content Server will not be accessible
from WebCenter Spaces. Consequently, if you want to change the details in the content repository
connection, make sure to change both the root folder and the application name.
70. After WebCenter Spaces is started, you can test the Content Server. For example, log in to Spaces,
create a new space, select the Documents page of the space, and upload documents.
Detailed instructions to test whether WebCenter Spaces and Content Server work together correctly
is beyond the scope of this document. However we suggest a few quick tests to see if the autoconfiguration wizard created the necessary settings in the Content Server.
Access the Content Server Web interface, typically at
http://<host2>:16200/cs
and log in as administrator user, weblogic/welcome1. If you were already logged in to Content
Server, log out and log in again.
Expand the Browse Content node. Note that there are two new folders created. In our example,
these are:
AcmeSpaces
This is the root folder for all of the space-related content. The name is the same that you
specified with the Content Server connection. Later, as each new space is created, each space
will have its own subfolder here.
PersonalSpaces
This is the root folder for all documents stored in users home spaces. Each user will have a
subfolder corresponding to the username.
- 57 -
71. Expand the Administration node and click Admin Applets. Start the User Admin applet. Select
Permissions By Group from the Security menu.
- 58 -
72. You can see that two new security groups have been created. In our example, these are
AcmeWebCenterSpaces and PersonalSpaces.
73. Similarly, you can see that two new security roles have been created: AcmeWebCenterSpacesUser
and PersonalSpacesRole. Note, that these role names will be changed in the following WebCenter
releases.
74. Log in to the Content Server Web interface at http://<host2>:16200/cs as the administrator
user. Open the Content Admin Server page by expanding the Administration node and clicking the
Admin Server link.
75. On the Content Admin Server page click the General Configuration link. Add the following lines
to the Additional Configuration Variables text field:
UseEntitySecurity=1
SpecialAuthGroups=PersonalSpaces,AcmeWebCenterSpaces
Here you specify the new security groups that were created in the previous step by the autoconfiguration wizard. Replace your group names if necessary.
Note: You must not have space character before or after the comma, separating the authentication
group names.
- 60 -
76. Click Save. You will see the servers home page. Restart the Content Server as instructed.
77. After restarting, you will also have to rebuild the index collection as you did in step 49.
Some of the task flows in an Oracle WebCenter Spaces application, such as Document Explorer,
leverage leverage the Inbound Refinery and Dynamic Converter features to provide a preview of the
native documents.
In the next slide you see that we have uploaded a Microsoft PowerPoint document, a file called
ECMInstall.ppt, to weblogic users personal space. The system-generated Documents page
contains the Document Explorer task flow. On the slide you see the task flow displaying document
folder with the PowerPoint document.
When you click the file name, the task flow should display the PowerPoint file in preview mode. On
the bottom of the preview you can scroll the slides and select the one to display.
An important technical detail is that the task flow contains an HTML <iframe> tag outlined with the
red box. This <iframe> points to the Content Servers Web interface and issues a request to fetch the
document that was converted by Inbound Refinery to PDF. For example, the relative URL in this
<iframe> looks like
/cs/idcplg?IdcService=GET_DYNAMIC_CONVERSION&dID=205&conversionTemplate=
SLIDE-PREVIEW
- 62 -
So it is your browser that will fetch the converted document directly from Content Server, not
WebCenter Spaces.
In order to make this feature work, you need to further configure your installation. There are two major
steps to do:
Since the page comes from the WebCenter Spaces server, when the browser tries to access the
above relative URL, it will prefix it with the WebCenter Spaces servers host name and port
number http://<host1>:8888. But the content server runs on a different host and listens
on a different port, so the correct link should be http://<host2>:16200/cs/idcplg....
To solve this problem, you will configure a HTTP reverse proxy, through which your browser
can access both WebCenter Spaces and Content Server, using the same host and port, for
example <ohs_host>:<ohs_port>.
For security reasons Content Server requires authentication before rendering the preview. Your
browser is already authenticated you to WebCenter Spaces, but Content Server still might not
know your identity.
To solve this problem, you will configure a single sign-on system, that will enable you to log in
to one of the servers and the other server or servers will accept your identity.
This means that any request where the URL starts with /prefix will be forwarded to
<server_host>:<server_port>.
Add the following lines to the configuration file. Remember that <host1> is the machine where
AdminServer and four other managed servers, including WC_Spaces are running, while <host2>
is the machine where Content Server and Inbound Refinery are running. Port numbers reflect the
default installation.
# AdminServer
<Location /console>
SetHandler weblogic-handler
WebLogicHost <host1>
WebLogicPort 7001
</Location>
- 63 -
<Location /em>
SetHandler weblogic-handler
WebLogicHost <host1>
WebLogicPort 7001
</Location>
# WebCenter
<Location /webcenter>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8888
</Location>
<Location /webcenterhelp>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8888
</Location>
<Location /rss>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8888
</Location>
<Location /rest>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8888
</Location>
# Discussion server
<Location /owc_discussions>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8890
</Location>
# Portlet producers
<Location /portalTools>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8889
</Location>
<Location /wsrp-tools>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8889
</Location>
# Activity Graph
<Location /activitygraph-engines>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8891
</Location>
# Personalization
<Location /wcps>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8891
- 64 -
</Location>
<Location /ibr>
SetHandler weblogic-handler
WeblogicHost <host2>
WeblogicPort 16250
</Location>
<Location /cs>
SetHandler weblogic-handler
WeblogicHost <host2>
WeblogicPort 16200
</Location>
# Enables Oracle Content Server authentication
<Location /adfAuthentication>
SetHandler weblogic-handler
WeblogicHost < host2>
WeblogicPort 16200
</Location>
# SAML SSO
<Location /samlacs/acs>
SetHandler weblogic-handler
WebLogicHost <host2>
WebLogicPort 16200
</Location>
79. Save the edited file and restart Oracle HTTP Server.
The ways to start/stop oracle HTTP server is beyond the scope of this document, but here is a
typical command you can execute, provided OHS is already running:
cd <OHS_INSTANCE_HOME>/bin
./opmnctl restartproc process-type=OHS
80. Test the proxy by accessing WebCenter Spaces and Content Server.
Using your browser, try to access some of the URLs below, for example WebLogic Console,
Enterprise Manager, WebCenter Spaces, and Content Server and Inbound Refinery home pages
through OHS. In the following URLs, replace <ohs_home> and <ohs_port> with the actual
machine name and the port number where OHS listens. In our architecture outlined in the diagrams
it would be host1:7777.
http://<ohs_host>:<ohs_port>/console
http://<ohs_host>:<ohs_port>/em
http://<ohs_host>:<ohs_port>/webcenter
http://<ohs_host>:<ohs_port>/cs
http://<ohs_host>:<ohs_port>/ibr
You should see the home pages and be able to log in to each of these servers.
Configure SSO
After configuring the Oracle HTTP Server as a proxy, if you tested the previous example, that is,
previewing a PowerPoint document, you would see the following page:
- 65 -
Instead of the document preview, you will likely see the Content Server login page. Although you are
already authenticated to WebCenter Spaces as weblogic, Content Server does not know about this
authentication and displays the login page instead of the converted document.
When you log in to Content Server as weblogic, the login page will be replaced by the PowerPoint
preview.
Oracle Access Manager (OAM) is the recommended Single Sign-on (SSO) solution for Oracle Fusion
Middleware enterprise-class installations. The details of configuring Content Server to use OAM are
described in Chapter 5.2.3 Configuring Oracle UCM for Single Sign-On Oracle Fusion Middleware
System Administrator's Guide for Oracle Content Server11g Release 1 (11.1.1), available at:
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e10792/c03_security.htm#CDDDAFIB
In this practice you will configure Single Sign-on solution that uses the Oracle WebLogic Server
SAML Credential Mapping Provider. This is recommended only for development or for small, standalone systems. The detailed steps for the SAML-based Single Sign-on configuration is documented in
Chapter 30.4 Configuring SAML-based Single Sign-on of the same manual, available at
http://download.oracle.com/docs/cd/E21764_01/webcenter.1111/e12405/wcadm_security_sso.htm#BG
BFFFBB.
In the following steps you will have to replace <MW_HOME>, <JAVA_HOME>, <WC_HOME>,
<WC_DOMAIN> with the actual paths in your installation.
81. Configure and export the certificate.
Both WebCenter and ECM domains should use the same keystore to share security certificates.
You could create a new keystore, but here you are going to use a predefined keystore:
DemoIdentity, located at <MW_HOME>/wlserver_10.3/server/lib/DemoIdentity.jks.
This keystore was created during the installation.
First export the existing certificate with the following commands.
cd <MW_HOME>/wlserver_10.3/server/lib
<JAVA_HOME>/bin/keytool -export \
- 66 -
-keypass DemoIdentityPassPhrase \
-keystore DemoIdentity.jks \
-storepass DemoIdentityKeyStorePassPhrase \
-alias demoidentity -file demoidentity.der
Note: When you issue the above command as it is, please remember that the backslash character is
the line continuation flag in Unix systems, and that must be the very last character on the line.
Alternatively, enter the whole command in a single line.
82. Encrypt the keystore pass phrase. You will need the encrypted string later.
As you can see in the above keytool command, DemoIdentityKeyStorePassPhrase is the
pass phrase used when the keystore was created.
Invoke WLST. WebLogic Scripting Tool (WLST) is a command-line scripting environment that
you can use to create, manage, and monitor WebLogic Server domains.
cd <WC_HOME>/common/bin
./wlst.sh
It is essential that you use the correct path for the domain folder. The encrypt function will not
complain when you use a different path, but the encrypted password will not work at later stages.
Write down the result of the print statement; this is the encrypted password for the keystore file.
The encrypted password is similar to this example:
{AES}GQTYNYUsXkuG5pF0oDhqIwSk00/AoiwHjchg1xC/IfSCFv6N4HsEC+o+Vo2hVpbs
83. Generate the configuration and key files containing the connection information for the various
domains.
Execute the following commands with WLST which is already running.
Note: In the following commands, you might need to change weblogic and welcome1 to the
actual administrator users name and password, or change port 7001 if the AdminServer runs on a
different port.
connect('weblogic', 'welcome1', 't3://<host1>:7001')
storeUserConfig('spacesconfig.secure', 'spaceskey.secure')
Execute
exit()
to exit WLST.
Note: In this exercise, you will configure WebCenter Spaces and Content Server in the Single Signon domain. If you want to include other components, like Discussion Server, SOA, etc, you have to
execute other storUserConfig commands, for example:
storeUserConfig('collabconfig.secure', 'collabkey.secure')
- 67 -
storeUserConfig('utilitiesconfig.secure',
'utilitieskey.secure')
storeUserConfig('soaconfig.secure', 'soakey.secure')
- 68 -
d. You have to restart again AdminServer and all of the managed servers in the domain, running
on either host1 or host2 machines.
e. Configure Content Server Web Access
./wlst.sh
execfile('<WC_HOME>/webcenter/scripts/samlsso/configureCS.py')
then select Security Realms > myrealm > Providers page. Here you will find an Authentication
Provider: wcsamlia
- 69 -
Delete both of these providers, and restart the servers, before trying the configuration again.
86. On both hosts and domains, restart the affected servers, i.e., AdminServer and WC_Spaces on host1
and AdminServer and UCM_server1 on host2.
- 70 -
IN the next steps you are going to increase the maximum size of the uploaded documents to an
arbitrary value; if you prefer, to 2 GBytes, as claimed by the popup notes.
87. Export WebCenter Spaces metadata in XML format.
Metadata controlling WebCenter Spaces operations is stored in the Metadata Store (MDS) which is
a component in the WebCenter instance. MDS is using a database schema; in our installation it is
WC_MDS. In order to change the metadata, first you need to export it to a text file.
Execute the following commands. You will use WLST from the <WC_HOME>/common/bin
directory.
cd <WC_HOME>/common/bin
./wlst.sh
connect('weblogic', 'welcome1', 't3://<host1>:7001')
exportMetadata(application='webcenter',
server='WC_Spaces',
toLocation='/tmp',
docs='/oracle/webcenter/webcenterapp/metadata/webcenter-config.xml')
exit()
Note: As earlier, in the following commands, you might need to change weblogic and welcome1
to the actual administrator users name and password, or change port 7001 if the AdminServer runs
on a different port. Instead of /tmp you might also use a different temporary directory for the
exported file.
88. Edit the metadata file, change the <webcenter:uploadedFileMaxDiskSpace> value. You can
use any text editor, like vi.
vi /tmp/oracle/webcenter/webcenterapp/metadata/webcenter-config.xml
...
<webcenter:uploadedFileMaxDiskSpace>2147483648</webcenter:uploadedFileMa
xDiskSpace>
...
You will find that the original value in this tag is only 2097152 Bytes. Change it to the desired
number, the example shows 2147483648 which is 2 GBytes.
89. Using WLST, import the modified metadata.
./wlst.sh
connect('weblogic', 'welcome1', 't3://<host1>:7001')
importMetadata(application='webcenter',
server='WC_Spaces',
fromLocation='/tmp',
- 71 -
docs='/oracle/webcenter/webcenterapp/metadata/webcenter-config.xml')
exit()
90. You need to restart WC_Spaces managed server for the changes to take effect.
You have completed the tutorial and you should have a WebCenter Spaces installation that is
configured to work with the Content Server.
- 72 -