Installing and Configuring Enterprise Content

Management for Oracle WebCenter Portal: Spaces

Oracles Enterprise Content Management Suite (ECM) provides essential services in any WebCenter
instance. However installing and especially configuring ECM is not well integrated into the WebCenter
installation process. Seamless cooperation between Content Server and WebCenter applications,
including Spaces, requires several manual configuration and testing steps.
The aim of this tutorial is to give you a detailed description of the steps required to install and
configure ECM in a distributed WebCenter environment for development purposes. The tutorial does
not cover the installation of the Oracle WebCenter domain; it is well described in the documentation.
During the tutorial you will not install the complete ECM suite, only the components Content Server
and Inbound Refinery typically used in WebCenter applications.
In the tutorial you will perform the installation on a Linux operating system. Installing ECM on other
software architectures is similar, but it is beyond the scope of this tutorial to discuss the differences.
Prerequisites
All the software components you will need to meet the prerequisites for this tutorial, as well as the
components that will be used, can be downloaded from Oracle Technology Network (OTN).
Go to the WebCenter download page on OTN:
http://www.oracle.com/technetwork/middleware/webcenter/portal/downloads/index.html
During this tutorial you will install components from the latest available WebCenter release,
WebCenter 11.1.1.5.0, also referred to as Patchset 4 (PS4). Installing the earlier PS3 release is very
similar to the steps outlined in the tutorial.
To start the tutorial, you need a WebCenter 11.1.1.5.0 instance without Content Server installed on
your machine. This tutorial assumes that the following:
You have installed an Oracle Database R11 Release 2 (11.2.0.1) instance that is used by
WebCenter and will be used by Content Server.
You have executed the Resource Creation Utility 11.1.1.5.0 (RCU) and created the schemas
required for the WebCenter and Content Server in the database.

-1-

In order to install WebCenter, you had to select several schemas:

Metadata Services (WC_MDS)

WebCenter Spaces (WC_WEBCENTER)

Portlet Producers (WC_PORTLET)

Activity Graph and Analytics (WC_ACTIVITIES)

Discussions (WC_DISCUSSIONS)
In addition to these schemas, for the features of the Content Server configured in this tutorial,
you need to create the Oracle Content Server 11g - Complete (WC_OCS) schema. You could
have created this schema in advance, while installing WebCenter, or you can rerun RCU any
time to add the schema to the database.
In the tutorial we assume that all the schema names have the WC prefix. If during setup you used
a different name or prefix, please replace WC_OCS with your schemas name in the following
steps.
You have already installed WebCenter 11g PS4 (11.1.1.5.0). For details about WebCenter
installation refer to Oracle Fusion Middleware Installation Guide for Oracle WebCenter
11g Release 1 (11.1.1.5.0), available at
http://download.oracle.com/docs/cd/E21764_01/install.1111/e12001/toc.htm
You have already installed Oracle HTTP Server from Oracle Fusion Middleware Web Tier
Utilities 11g Release 1(11.1.1.5.0). You will use it as a front-end for both WebCenter and ECM.
For details about Oracle HTTP Server installation, refer to Oracle Fusion Middleware
Installation Guide for Oracle Web Tier11g Release 1 (11.1.1), available at
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14260/toc.htm.
-2-

Note: While it is not explained in the documentation, you first must install the Middle Tier
11.1.1.2.0 version, and then patch it according to Patchset 12395115, available at
https://updates.oracle.com/download/12395115.html.
In addition to these components already installed on your system, you have to download the following
installation kits. You will find them by expanding the Prerequisites & Recommended Install Process
node on the WebCenter download page.

-3-

Download the installation kits for WebLogic Server 11g R1 (10.3.5), called
wls1035_oepe111172_linux32.bin.
-4-

Downloaded and uncompress both parts of the installation kit for Universal Content
Management 10g R1 (11.1.1.5.0), called
ofm_ecm_generic_11.1.1.5.0_disk1_1of2.zip and
ofm_ecm_generic_11.1.1.5.0_disk1_2of2.zip.

Overview
This tutorial will guide you through the process to create a distributed installation of WebCenter and
Content Server components for development purposes only.

Architecture for Development Purposes vs. Enterprise Deployment

A development environment is used internally, that is, in house, by a few developers only.
Since we dont expect many concurrent requests which would create heavy load on the system,
the system requires a relatively low set of resources. It is typical to use one or two host
machines with 4-8 GByte of memory.
The system does not need to be scalable and failure-resilient, or highly available. We will not
use duplicate resources and clustering.
Since it is used only internally and the system is not supposed to contain live, sensitive data, we
will not strengthen its security. We will not set up firewalls or configure encrypted
communication between the components, etc.
We can use some software components which are only recommended for development
purposes. That saves us from installing large, enterprise-grade software components, for
example, for user repositories, or single sign-on.
A typical enterprise-wide WebCenter architecture, as recommended by Oracle, is documented in
Oracle Fusion Middleware Enterprise Deployment Guide for Oracle WebCenter11g Release 1
(11.1.1), available at http://download.oracle.com/docs/cd/E21764_01/core.1111/e12037/toc.htm.
Contrary to the above outlined characteristics, a WebCenter installation for the enterprise:
involves several machines to provide adequate resources.
uses redundant hardware resources, load balancing, and clustering to provide a scalable and
highly available system.
contains several firewalls and relies on encrypted communication (HTTPS), where necessary.
uses enterprise-strength additional components, like Oracle Internet Directory (OID) for
security repositories and Oracle Access Manager (OAM) for single sign-on.
In this tutorial we will describe the installation of a simple development environment, but with a twist
not typically explained in detail in the documentation: We will create a distributed architecture, where
the Content Server components are located on a second machine. Please note that this architecture does
not provide clustering, i.e., all of the components are running only on one node, but the combined
resources of the two hosts guarantee a better performance.
Although we use only two machines and relocate the Content Server components only, a similar
technique can be used to further distribute the software components to multiple machines.

Initial Software Configuration

First lets analyze the details of the initial software setup, which is the prerequisite for the tutorial.
Below is a diagram depicting the initial software architecture, illustrating the ports and protocols being
used and the most important components.
-5-

The first step of creating this configuration was the installation of an Oracle R11 Release 2 Database,
which provides schemas for all the other components. In our setup it is located on the same machine,
host1, where the WebCenter is installed, but it can reside on a different host without any problem. The
database is accessed on the default TNS Listener port, 1521, and uses SQL*Net protocol which is
illustrated with orange lines.
Next came a WebLogic server domain: webcenter, which was extended with the Oracle WebCenter
components. The domain contains an AdminServer and four managed servers, WC_Spaces,
WC_Portlet, WC_Collaboration, and WC_Utilities. Each of these servers has an HTTP port. The
diagram illustrates that AdminServer uses port 7001, while WC_Spaces uses port 8888. HTTP
communication is illustrated with blue lines.
The domain currently contains only one machine: WC_Host. AdminServer and all the managed servers
are assigned to this host.
AdminServer has an Embedded LDAP server that will be used for the user repository.
Finally, you had to install an Oracle HTTP Server (OHS). As you will see later, it is used as a reverse
proxy in front of the WebLogic servers. At this stage you dont have to have it configured. Later we
will provide instructions on how to configure the reverse proxy. Note that although in our architecture
the HTTP server is installed on host1 machine, it can run on any other machine as long as the HTTP
protocol from the OHS can reach the WebLogic servers.
The following table summarizes the most important directories in the initial WebCenter installation.
We will refer to these locations later in the tutorial. Please replace the path with the actual path you
used in your installation.
Name
Path
MW_HOME
/apps/WC
Middleware
Home
WC_HOME
/apps/WC/Oracle_WC1
WebCenter
Home
-6-

WebCenter
Domain
Java Homes

WC_DOMAIN

/apps/WC/user_projects/domains/webcenter

JAVA_HOME

OHS Home

OHS_HOME

/apps/WC/jdk160_24
/apps/WC/jrockit_160_24_D1.1.2-4
/apps/WC/Oracle_WT1

Install ECM
The first step of the tutorial will be to install ECM components. After installing the software to ECM
Home, you will extend the existing WebCenter domain by adding two new managed servers,
UCM_server1 and IBR_server1, and a new machine, ECM_Host. You will assign the newly created
managed servers to this machine.
Lastly, you will physically copy the domain from host1 to host2 and start the new components there.
Note that the new managed servers will also listen to HTTP protocol, by default on ports 16200 and
16250. UCM_server1 also requires a database schema that was created earlier with RCU. In our simple
architecture, this schema is located in the same database where the other WebCenter-related schemas
are located, but for performance reasons, you may use a dedicated database for the Content Server.

Of course, if you have a powerful enough machine for development, you might decide to install all of
the managed servers on this machine. You can still follow this tutorial, but you have to skip the steps
where:
you will create a new machine definition (ECM_Host) and assign the two managed servers to
this machine.
you will physically copy the domain from host1 to host2.

Configure Content Server Components

When the two new managed servers are running, you will manually configure them, enabling features
that are required by typical WebCenter applications, including WebCenter Spaces. On the architecture
diagram you can see some important changes, but most of the settings are not illustrated here.
-7-

Both UCM_server1 and IBR_server1 will use special sockets for internal communication, by default on
ports 4444 and 5555. IBR_server1 runs the Inbound Refinery which can convert various file formats to
PDF. You will configure Content Server, UCM_server1, to automatically send documents of various
types, like Microsoft Word and Microsoft PowerPoint, for conversion to the Inbound Refinery.
Finally, you will define how WebCenter Spaces connects to the Content Server, using the socket
protocol.

Configure Reverse HTTP Proxy

When you have multiple HTTP servers cooperating in a Web site, it is customary to provide a single
port through which all the features can be accessed. This can be achieved by a reverse HTTP proxy,
which receives requests on its port, for example 7777, and directs the requests to the appropriate
components and ports, based on the URL of the request.
In this step, you will configure Oracle HTTP Server to proxy requests to the various WebLogic servers
in the WebCenter domain.
During the tutorial you will see, that this HTP proxying is not only convenient, but also essential for a
Content Server feature: live preview of Microsoft documents.

-8-

Configure Single Sign-on

As you will see later, previewing Microsoft documents is implemented with <iframes> on a
WebCenter page. That means that the same browser page will fetch content from the WC_Spaces and
UCM_server1 servers. For access control it is essential that the user be authenticated in both servers.
To avoid double authentication, you will configure a single sign-on system based on Security Assertion
Markup Language (SAML) that comes out-of-the-box with WebLogic AdminServer. Both servers will
use SAML services to authenticate users or accept a user if the other server already authenticated it.

This is the complete architecture diagram after you complete the tutorial.
-9-

Install ECM Home

Installing ECM will copy ECMs files to a dedicated ECM Home directory, which is located under the
middleware home directory.
These steps are described in detail in Chapter 3 Installing Oracle Enterprise Content Management
Suite of Oracle Fusion Middleware Installation Guide for Oracle Enterprise Content Management
Suite 11g Release 1 (11.1.1), available at
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14495/install.htm
1. Unzip the two ZIP archives. The result is two directories called Disk1 and Disk2. In a graphical
terminal window go to the Disk1 directory and execute the following installer script and define the
location of one of the available JVM root directory in the command. At this stage it is not important
which JVM is being used.
./runInstaller jreLoc <JAVA_HOME>

- 10 -

2. First you will see the ECM Suite installers Welcome screen. Click Next.

- 11 -

3. At the next step you could search for support updates. You will skip this step in the tutorial since
you are using the latest installer. Click Next.

4. Next the installer checks to ensure that your system meets the prerequisites for ECM installation.
If any of these steps fails, you will get a detailed problem report in the message pane at the bottom
right corner of the window. Fix all problems before restarting the installer.
When all the tests succeed, click Next.

- 12 -

5. In the next step you will specify the location of ECM home where the installer should copy the
required files.
First, from the drop-down list, select the middleware home directory where WebCenter is already
installed.
Next you can specify the root directory for the ECM files under the selected middleware home
directory. You can specify your own directory name; here we accept the default name that is
Oracle_ECM1. Click Next.

- 13 -

6. Before the installation starts, the summary screen lists the important parameters for the installation,
such as the root directories, required disk space, and components to be installed. Click Install.

- 14 -

7. During the installation, the Installation Progress window lists the steps the installer makes and
shows the progress bar. When the installation completes, click Next.

- 15 -

8. The last screen of the installer summarizes the installation. Click Finish to terminate the installer.

- 16 -

For the rest of the tutorial we will refer to the ECM home directory as
<ECM_HOME>=<MW_HOME>/Oracle_ECM1

Configure ECM
Once the ECM Home has been installed, you can extend the WebLogic Server domain to include ECM
components.
These steps are described in detail in Chapter 4 Configuring Oracle Enterprise Content Management
Suite of Oracle Fusion Middleware Installation Guide for Oracle Enterprise Content Management
Suite 11g Release 1 (11.1.1), available at
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14495/config.htm
9. In a graphical terminal window, go to the directory <ECM_HOME>/common/bin and execute the
config.sh script:
cd <ECM_HOME>/common/bin
./config.sh

Note: Make sure that you execute the script from the above directory since there are several other
config.sh scripts available under <MW_HOME>, <WC_HOME>, and <ECM_HOME> directories.

- 17 -

10. Choose Extend an existing WebLogic domain, then click Next.

Select the WebCenter domain directory, <WC_DOMAIN>.

- 18 -

11. Now specify the components that will be created in the new domain. As we mentioned earlier, in
this practice we will install only two components of ECM that are essential to WebCerter: Content
Server and Inbound Refinery. Check the following products:
Oracle Universal Content Management Inbound Refinery
Oracle Universal Content Management Content Server
Note: In PS3 you also had to select Oracle Site Studio and Oracle Site Studio RIDC components,
but in PS4 they are automatically installed.

- 19 -

12. In the next step you have to provide access details to the database schema where the Content Server
will store the content and metadata. This is the schema (WC_OCS) that was created as a prerequisite
for this practice, using RCU. Note that for the products selected in the previous step, only a single
database schema is required.
If you created the schema in the recommended Oracle Database 11g Release 2, then accept the
default vendor and driver. Here are the values we provided during the practice. You might have to
change these values according to your deployment architecture and previous selections. See the
notes for each value.
Attribute
Example Value
Note
WC_OCS
Schema Owner
Use the schema name that was
created with RCU, typically
prefix_OCS

Schema Password
DBMS/Service

welcome1
orcl.us.oracle.com

Use the schemas password

Use the database instances service
name and not SID. This is typically
sid.<machine domain name>

Host Name

<database_host>

Port

1521

Use the fully qualified host name

where the database runs. In our
architecture it is host1.
TNS Listener port -typically 1521
- 20 -

RAC schema

unchecked

We are not using RAC

13. In the next step the installer will test the database schema parameters by trying to access the
schema. At this point your database instance must be running.
Click Next when the test is successful or return to the previous screen and change the JDBC
connections attributes.

- 21 -

14. On the next screen you can select which optional configurations you perform on the WebLogic
Server domain. Here you will add a new machine to the domain and allocate the newly created
managed servers to this new machine.
Check the Managed Servers, Clusters and Machines option; the installer will enable you to
set/change these values. Click Next.

- 22 -

15. On the next screen you can configure the managed servers to be created. Note that the domain
already has four managed servers; now you will add two new managed servers. Here you can
change each servers name, listen address, and listen port. For enhanced security, you can also
enable SSL access to the server and define the SSL port.
In this tutorial, we suggest that you accept the default names and port numbers and do not use SSL
access. You have to change the listen address from localhost to the host name of host2
machine where the ECM components will run.
The two managed servers will have the following parameters:
Name
Listen Address
Listen Port
UCM_server1
16200
<host2>
IBR_server1
16250
<host2>

- 23 -

16. In the next step you could create a WebLogic Server cluster, but in this tutorial you will not use
clustering. Simply click Next.

- 24 -

17. In this step you will add a new machine to the WebLogic domain. Notice that you already have a
machine defined, the one where the WebCenter components, including AdminServer, were
installed and run.
Click the Add icon on the Unix Machine tab. Change the name of the machine to ECM_Host, for
example, and change the Node manager listen address to the actual hosts name, host2. Click
Next.

18. Assign the new managed servers to the newly created machine by shuffling UCM_server1 and
IBR_server1 servers from Server pane on the left to Machine pane on the right, under the new
machine, ECM_Host. Click Next.

- 25 -

19. You have finished setting the configuration options; the next screen will summarize the domains
parameters. Click Extend to start creating extending the domain.

- 26 -

20. The installer will display the installation steps and show a progression bar. After the successful
installation, it shows the root folder for the extended domain and the access port of the
administration server.

Copy the Domain to the New Machine

You have successfully configured a distributed WebLogic domain with two machine definitions and
some of the servers assigned to the second machine. However all this configuration was done on the
first machine, where the AdminServer is running. Now you have to copy the domain, i.e., all the
configuration information in the domain, to the second machine.
WebLogic server provides two scripts, pack.sh and unpack.sh that can be used to pack all the
domains information and unpack it on another machine, as long as the other machine has WebLogic
Server and all the necessary extensions installed.

Install WebLogic Server, WebCenter- and ECM Homes

Log in to host2 machine and install the necessary software. It is nothing new; you have done these
installations when you installed WebCenter prior to this tutorial and when you installed ECM Home at
the beginning of this tutorial.
Here is a brief reminder of the steps:

You have to execute WebLogic Servers installer: wls1035_oepe111172_linux32.bin.

During the installation you will create a new middleware home; use the same path on the
second machine as you used on the first one: <MW_HOME>.
- 27 -

You have to download WebCenter installer:

ofm_wc_generic_11.1.1.5.0_disk1_1of1.zip. Unzip it and execute the
runInstaller script from the Disk1 directory. During installation use the same path for
WebCenter Home as you used on the first machine, i.e., <WC_HOME>. You dont have to

configure WebCenter.
Install ECM home. The steps are described at the beginning of this tutorial. Use the same path,
i.e., <ECM_HOME>. Do not configure the domain.

Copy the domain to the new machine

21. On host1 machine, execute the following commands, replacing <MW_HOME> and <WC_DOMAIN>
with the actual paths.
cd <MW_HOME>/oracle_common/common/bin
./pack.sh -managed=true -domain=<WC_DOMAIN> \
-template=WC_template.jar -template_name=WC_Template

You might use different names for the template file and template name.
22. Copy the WC_template.jar file to host2, place it in the same directory where it resides in host1,
i.e., <MW_HOME>/oracle_common/common/bin.
Use Unix commands of your choice to copy the file. You can use ftp or scp (secure copy), like
the following example:
scp WC_template.jar \
<oracle_user>@<host2>:<MW_HOME>/oracle_common/common/bin

23. Log in to host2 and execute the following commands:

cd <MW_HOME>/oracle_common/common/bin
./unpack.sh -domain=<WC_DOMAIN> -template=WC_template.jar

Start the Necessary Servers

Next you have to start at least AdminServer in host1 and the two newly created managed servers,
UCM_server1 and IBR_server1 on host2. You might also start the other managed servers on host1, but
they are not necessary for the following configuration steps.
The server startup scripts are located at <WC_DOMAIN>/bin directory.
24. Start the administration server on host1.
Since, as a prerequisite, you have already installed WebCenter in host1, it is likely that you have
some scripts to start the administrator- and managed servers. Use those scripts. If not, here are some
hints:
a. Set up boot.properties file for the AdminServer, if you have not done so before.
Go to the <WC_DOMAIN>/servers/AdminServer directory and if you do not have a
subdirectory called security, create one. In this subdirectory create an unencrypted text file
boot.properties, which contain the administrator users name and password. For example:
cd <WC_DOMAIN>/servers/AdminServer
mkdir security
cd security
vi boot.properties

... insert into the file ...

username=weblogic
password=welcome1

- 28 -

... save the changes and close the file ...

b. In a terminal window start AdminServer with the following commands:
cd <WC_DOMAIN>/bin
./startWebLogic.sh

c. Wait until you see the message <Server started in RUNNING mode>

Note: When the server starts, it will automatically encrypt the credentials in the
boot.properties file.
25. Set up boot.properties file for both of the newly created servers.
Log in to host2, using graphical interface. In a terminal window, create the boot.properties file
similar to step 24/a. For example:
cd <WC_DOMAIN>/servers
mkdir -p UCM_server1/security
mkdir -p IBR_server1/security
cd UCM_server1/security/
vi boot.properties

... insert into the file ...

username=weblogic
password=welcome1

... save the changes and close the file ...

cp boot.properties ../../IBR_server1/security/

26. Start the Content Server.

The server startup scripts are located at <WC_DOMAIN>/bin directory.
In this terminal window, start the server with the following commands:
- 29 -

cd <WC_DOMAIN>/bin
./startManagedWebLogic.sh UCM_server1 t3://<host1>:7001

This will start the managed server that runs the Content Server. Note that starting the managed
server requires access to the administrator server. The scripts second parameter defines the access
to the AdminServer using an internal protocol: t3.
Wait until the server is fully started, which is indicated by the same message as above.
The full syntax of the script is
./startManagedWebLogic.sh <SERVER_NAME> <ADMIN_URL>

27. Start the Inbound Refinery server.

In a new console window on host2, start Inbound Refinery with the following commands:
cd <WC_DOMAIN>/bin
./startManagedWebLogic.sh IBR_server1 t3://<host1>:7001

Wait until the server is fully started.

Configure Inbound Refinery

Now that the servers are running, you will do the initial configuration of both managed servers. As a
convenience, most of the configuration settings are accessible with a Web browser.
The order in which you configure the two managed servers is not really important, though it is slightly
easier to start with the Inbound Refinery.
28. Access the Inbound Refinery server.
Use a Web browser and access the server using the following URL:
http://<host2>:16250/ibr

You will be prompted to log in using the administrator users name and password.

29. You will see the initial configuration screen. This screen is displayed only the first time, you access
the servers Web interface.
On this screen all of the required parameters are set by default. Change them only if you really need
to. However, pay attention to the following two parameters:
- 30 -

Server Socket Port = 5555

This is the port number where the Inbound Refinery will be accessed by other applications. In
our architecture it will be accessed by the Content Server. The default value is set to 5555. You
do not have to change it unless that port is already used in your system.
Incoming Socket Connection Security Filter = 127.0.0.1|0:0:0:0:0:0:0:1
This parameter defines the IP addresses of the hosts from where Inbound Refinery will accept
connections on the server socket port. The default value defines the loopback address in IPv4
and IPv6 format.
You have to allow access at least from the Content Server, so change the loopback address. In
this practice we changed it to
*.*.*.* | 0:0:0:0:0:0:0:1

which enables access from any machine, but in a production system change this to:
<host real IP address> | 0:0:0:0:0:0:0:1

There are 3 folders where the server keeps its data and temporary files. By default they are placed
under <WC_DOMAIN>, but you might want to relocate them to some other folder, <ECM_FILES>.
<ECM_FILES>/ucm/ibr/
Inbound Refinery Instance Folder
<ECM_FILES>/ucm/ibr/vault/
Native File Repository Location
<ECM_FILES>/ucm/ibr/weblayout/
Weblayout Folder
Finally, make a note of the Server Instance Name value, for example,
dadvmc0302usoraclecom16250. This will be needed when configuring the Content Server.

If you forgot to set these parameters on the initial configuration page or need to change them later,
you can edit the file <WC_DOMAIN>/ucm/ibr/config/config.cfg, for example:
SocketHostAddressSecurityFilter=*.*.*.*|0:0:0:0:0:0:0:1
IntradocServerPort=5555

30. Click Submit. The post-installation confirmation page displays.

- 31 -

31. Restart the server.

Select the console window where you started the Inbound Refinery managed server and enter
CTRL/C. The server will be forced to shut down.

32. Start the server by reissuing the same command as in step 27. Using your browser, access the
servers home page at http://<host2>:16250/ibr. Notice that the initial configuration screen
is not displayed again. Click Login and log in to the server as the administrator.

33. This is the administrator home page. Notice the red alert message advising you that you have to
configure the location of the font directory that will be used to convert documents to PDF format.
Next you will configure the font directory.

- 32 -

34. Expand the Conversion Settings node and click the Third-Party Application Settings link. Click
the Options button in the General OutsideIn Filter Options section.

35. You will see a popup window, provided your browser does not block popups. Here you can set the
General OutsideIn Options. Set the path to the directory where your system stores the True Type
fonts - *.ttf files. Different Linux installations might keep them at different locations. On the
system used for recording the practice, the path is /usr/share/X11/fonts/TTF. Another
typical location could be /usr/X11R6/lib/X11/fonts/TTF.
Click Update to set the font path and closes the popup.

- 33 -

36. Next you enable the PDFExportConverter component that is used to convert the native document
formats to PDF without using third party tools.
When you refresh the actual browser page, notice that the alert message about the font path setting
disappeared. Expand the Administration node and click Admin Server.

- 34 -

37. A new browser window will open with the Inbound Refinery Server Manager page. Click
Component Manager in the left column, and then check the PDFExportConverter option.
Finally, click Update.

38. After enabling this component, you have to restart the Inbound Refinery server. Restart the server
as you did in steps 31 and 32. After logging in to the servers Web interface, expand Conversion
Settings and click Primary Web-Viewable Rendition. Check Convert to PDF using PDF
Export option, and then click Update. This configures Inbound Refinery to use PDF Export to
convert any incoming files.

39. Check that thumbnail image creation is enabled.

Expand the Additional Renditions node and make sure that the Create Thumbnail Images using
Outside In option is checked. If not, check it and click Update.
- 35 -

40. You have finished configuring the Inbound Refinery. Log out from your browser, but keep the
server running.

Configure Content Server

The way you configure the Content Server is similar to how you configured the Inbound Refinery
server.
41. Access the Content Server.
Use a Web browser and access the server using the following URL:
http://<host2>:16200/cs

You will be prompted to log in using the administrator users name and password.

42. The initial server configuration page is displayed. Most of the required parameters are already set,
but you have to set or change some of the default values. Pay attention to the following parameters:
Server Socket Port
This is the port number where the Content Server will be accessed by other applications, for
example, in our architecture, by Oracle WebCenter Spaces or custom WebCenter Portal
applications. Set this parameter to the typical value of 4444. Choose another port if this port is
already used in your system.
Incoming Socket Connection Security Filter = 127.0.0.1|0:0:0:0:0:0:0:1
- 36 -

This parameter defines the IP addresses of the hosts from where Content Server will accept
connections on the server socket port. The default value defines the loopback address in IPv4
and IPv6 format.
You have to allow access from WebCenter Spaces and optionally from other hosts where
WebCenter Portal applications run. In this practice we changed it to
*.*.*.* | 0:0:0:0:0:0:0:1

which enables access from any machine. In a production system change this to:
<Spaces host real IP address> | 0:0:0:0:0:0:0:1

Full Text Search Option

This parameter defines how Content Server searches inside the files managed by the server.
Choose Internal option from the drop-down list. This will use the underlying Oracle databases
Oracle Text to provide full text search.
There are 3 folders where the server keeps its data and temporary files. By default, they are placed
under <WC_DOMAIN>, but you might want to relocate them to some other folder, for example
<ECM_FILES>/ucm/cs/
Content Server Instance Folder
<ECM_FILES>/ucm/cs/vault/
Native File Repository Location
<ECM_FILES>/ucm/cs/weblayout/
Weblayout Folder

If you forgot to set these parameters on the initial configuration page or need to change them later,
you can edit the file <WC_DOMAIN>/ucm/cs/config/config.cfg, for example:
- 37 -

SocketHostAddressSecurityFilter=*.*.*.*|0:0:0:0:0:0:0:1
IntradocServerPort=4444
SearchIndexerEngineName=OracleTextSearch

43. After setting these parameters, click Submit. You will get the post-installation confirmation page.

44. Restart Content Server.

Select the command window where you have started Content Server and enter CTRL/C. Start the
server by reissuing the same command as in step 26. Using your browser, access the servers home
page at http://<host2>:16200/cs. Notice that the initial configuration screen is not displayed
again. Click Login and log in to the server as the administrator.

45. This is the administrators home page. Expand the Administration node and click Admin Server.

- 38 -

46. This will open the Content Server Administration page in a new browser window. Click
Component Manager if another page is currently selected.

47. Enable the following components by selecting the check box in front of each:
a. DynamicConverter
b. DBSearchContainsOpSupport
c. SiteStudio
d. SiteStudioExternalApplications
e. DesktopIntegrationSuite
- 39 -

f. DesktopTag
g. FolderStructureArchive
h. Folders_g
i. InboundRefinerySupport, which is checked by default
Make sure that the WebCenterConfigure component is not checked.
Once you have checked all these components, click the Update button at the bottom of the page.
You will get a popup confirmation window. Click OK to enable the selected components.

48. You have to enable one more component: RoleEntityACL.

First click the Advanced Component Manager link at the top of the page.

Select the RoleEntityACL component from the list of the currently disabled components and click
Enable.

- 40 -

49. At this stage you have to restart Content Server. Log out from the browser; restart the server as you
did in step 44, and log in to the server as the administrator. Notice the alert message to rebuild the
index collection.
Expand the Administration node and click Admin Applets. Click Repository Manager.

50. Select the Indexer tab of the Repository Manager applet. Click Start in the Collection Rebuild
Cycle section.

- 41 -

51. In the popup window, do not check the Use fast rebuild option. Click OK. Wait until the index is
rebuilt. This is indicated by Finished state and Idle status.

52. Expand the Site Studio Administration node and click Set Default Project Information link.
You do not have to change any of the parameters, but until an update is performed, the
configuration metadata is not set. Click Update.

- 42 -

53. Similarly, update the default values for the Default Web Asset Document Information. Open this
page and click Update.

- 43 -

54. Click the Zone Fields Configuration under the Administration node. From the Text Fields pane
on the right, select Exclude From Lists and Web Sites, and move them to the Zone Text Fields
pane on the left. Click Update.

- 44 -

55. Access the Admin Server and open the Component Manager like you did in step 46. Check the
WebCenterConfigure option and click Update.

- 45 -

56. Set Up Content Server to use dynamic converter.

The Dynamic Converter is used to create HTML renditions of content on the fly. You need to
specify which MIME-types are configured to use the Dynamic Converter.
Click Configuration Settings under the Dynamic Converter Admin node. In the Conversion
Format drop-down list, select every file format you want to have converted, for example, Microsoft
Word Document, Microsoft Excel Spreadsheet, Microsoft PowerPoint Presentation, etc. When
you select a document format, the corresponding MIME-type, such as application/msword,
application/vnd.ms-exec, application/vnd.ms-powerpoint etc., will be added to the
input field to the left of the drop-down list.
When you selected all the required formats, click the Update button at the bottom of the page.

- 46 -

Set Up Content Server to use Inbound Refinery

Inbound Refinery is an add-on module to Content Server that manages all file conversions at the input
side of Content Server. Files are converted when they are checked in to the Content Server. Depending
the configuration, Inbound Refinery will convert different native file formats to Web-viewable format
typically PDF - and create thumbnail images of documents.
In the followings steps, you will configure the Content Server to send native format documents the
Inbound Refinery.
57. Click Providers under the Administration node. In the Create New Provider section, click the
Add link for the outgoing provider type.

- 47 -

58. On the next screen you will provide the parameters for the outgoing provider. Set the following
parameters and keep the default value for the other parameters.
Parameter
Value
Note
Provider Name
<IBR instance name>
Use the instance name noted
when you configured the IBR
Server. (Step 29.)
Provider Description
any descriptive text
for example IBR Provider
Server Host Name
<host name>
Host name of the server where
you installed IBR
Server Port
<IBR port>
Server Socket Port of the IBR
Server, typically 5555
Instance Name
<IBR instance name>
Use the same instance name as for
the provider name
Relative Web Root
<IBR server Web root> Typically /ibr/
Handles Inbound
checked
Refinery Conversion
Jobs
- 48 -

Once youve set the parameter values, click Add.

59. Restart the Content Server as explained in step 44. Using your browser, log in to the Content Server
as the administrator. Open the Providers page and ensure that newly created providers status is
good.

- 49 -

60. As indicated by the alert message, you have to rebuild the search index. Use the Repository
Manager applet, as explained in steps 49 - 50.
61. Define which native file formats will be converted by the Inbound Refinery.
Remember that you configured the Inbound Refinery to use the PDF Export component for file
conversions. PDF Export can convert up to 35 file types to PDF. Here you can select which file
formats will be converted. Inbound Refinery can also create thumbnail images.
Content Server will send all files of the selected types to the Inbound Refinery for conversion when
the files are checked-in.
Click File Formats Wizard under the Refinery Administration node. File types are identified by
the files extension. Select all the document types you wish to have converted and all the image
types you need to have a thumbnail created. You can use the checkbox in the first row to select all
extensions. Finally click Update.
For example in our settings we checked the following documents types: doc, dot, docx, dotx,
ppt, pptx, rtf, xls, xlsx, and image types: bmp, gif, jpeg, jpg, png, tiff, tif.

- 50 -

Configure WebCenter Spaces to connect to Content Server

WebCenter Spaces uses Content Server to store documents related to spaces and personal spaces. In
WebCenter Spaces there is Content Repository connection information which describes how
WebCenter Spaces can access the Content Server. In the next step, you will configure this connection.
If you assigned ECM to the same machine where WebCenter Spaces is installed, you probably do not
have to execute these steps; creating the connection is automatic. After performing the previously
described configuration steps, all you need to do is to start the WebCenter Spaces managed server.
When the server starts, it detects that there is a fully configured Content Server in the same domain,
same machine. The auto-configuration feature introduced in PS3 will create the required Content
Server connection and also configure the Content Server to cooperate with the WebCenter Spaces
instance.

- 51 -

When you install ECM in a different machine, like in this tutorial, or in a different WebLogic domain,
you have to create the connection manually.
62. Make sure that at least AdminServer and WC_Spaces are running on host1, and UCM_server1 is
running on host2.
Access the Enterprise Manager running in AdminServer. The URL is typically:
http://<host1>:7001/em

Log in as the administrator user.

63. This is the Enterprise Manager home page. If you dont see the leftmost column, use the slider
handle to unhide it.
Note: In the screen shot, you can see that not the entire WebCenter instance is running.

- 52 -

64. In the left column, expand the nodes Farm_webcenter > WebCenter > WebCenter Spaces and
click the webcenter(11.1.1.4.0) link. This will open the WebCenter Space summary page.

- 53 -

65. From the WebCenter drop-down menu, select Settings > Service Configurations.

- 54 -

66. The WebCenter Service Configuration page summarizes all the services available in the WebCenter
Spaces application. Select Content Repository and note that currently there is no Content
Repository connection defined in WebCenter Spaces.
Should you find one connection, it means that the auto-configuration script created it when
WC_Spaces started. If this is the case, check the details of the connection and see if they are the
same as described below.
Click Add.

67. Create a new Content Repository connection with the following parameters. Leave the default
values for the other parameters not listed here.
Parameter
Value
Note
Connection Name
<connection name>
Use any descriptive name. Here
we used UCM
Repository Type
Oracle Content Server
Active Connection
checked
Content Administrator sysadmin
This is a built-in administrator
user
Root Folder
<root folder>
An arbitrary name, starting with
/. This will be the root folder for
all contents that are stored in
any of the group spaces. Here
we used /AcmeSpaces
Application Name
<application name>
An arbitrary descriptive name
for the WebCenter Spaces
application. This name will be
used as the security group name
for all the group space data. The
name will also be used as a
prefix for various security roles.
Here we used
AcmeWebCenterSpaces

RIDC Socket Type

Server Host

Socket
<host2>

The machine, where Content

- 55 -

Server Port

<Server socket port>

Authentication Method Identity Propagation

Web Server Content
<UCM Web root>
Root

Administrator User
Name

Server is running.
The port you configured for the
Content Server, typically 4444.
The context root part of the
URL that is used to access the
Content Server Web interface.
Typically /cs

sysadmin

68. Click Test. If the connection parameters are correct and the Content Server is accessible, you will
get the following popup message.

Click OK in the popup, and then OK on the connection page to create the new connection.

- 56 -

69. At this point you have to restart the WC_Spaces managed server in the WebCenter instance.
When WebCenter Spaces restarts, the auto-configure scripts will connect the Content Server and
check if the root folder and the required security settings already exist, as defined by the root folder
and application name parameters of the Content Repository connection. If both exist, WebCenter
Spaces assumes that the content server is properly configured. If none of them exists, the autoconfigure script will create all the necessary artifacts in the Content Server. If only the folder or the
security group exists, an error is reported in the log file and Content Server will not be accessible
from WebCenter Spaces. Consequently, if you want to change the details in the content repository
connection, make sure to change both the root folder and the application name.
70. After WebCenter Spaces is started, you can test the Content Server. For example, log in to Spaces,
create a new space, select the Documents page of the space, and upload documents.
Detailed instructions to test whether WebCenter Spaces and Content Server work together correctly
is beyond the scope of this document. However we suggest a few quick tests to see if the autoconfiguration wizard created the necessary settings in the Content Server.
Access the Content Server Web interface, typically at
http://<host2>:16200/cs

and log in as administrator user, weblogic/welcome1. If you were already logged in to Content
Server, log out and log in again.
Expand the Browse Content node. Note that there are two new folders created. In our example,
these are:
AcmeSpaces

This is the root folder for all of the space-related content. The name is the same that you
specified with the Content Server connection. Later, as each new space is created, each space
will have its own subfolder here.
PersonalSpaces

This is the root folder for all documents stored in users home spaces. Each user will have a
subfolder corresponding to the username.

- 57 -

71. Expand the Administration node and click Admin Applets. Start the User Admin applet. Select
Permissions By Group from the Security menu.

- 58 -

72. You can see that two new security groups have been created. In our example, these are
AcmeWebCenterSpaces and PersonalSpaces.

73. Similarly, you can see that two new security roles have been created: AcmeWebCenterSpacesUser
and PersonalSpacesRole. Note, that these role names will be changed in the following WebCenter
releases.

Configure Item-level Security

WebCenter Spaces can enforce security settings of individual documents stored in the content server.
Next you will configure this item-level security.
- 59 -

74. Log in to the Content Server Web interface at http://<host2>:16200/cs as the administrator
user. Open the Content Admin Server page by expanding the Administration node and clicking the
Admin Server link.

75. On the Content Admin Server page click the General Configuration link. Add the following lines
to the Additional Configuration Variables text field:
UseEntitySecurity=1
SpecialAuthGroups=PersonalSpaces,AcmeWebCenterSpaces

Here you specify the new security groups that were created in the previous step by the autoconfiguration wizard. Replace your group names if necessary.
Note: You must not have space character before or after the comma, separating the authentication
group names.

- 60 -

76. Click Save. You will see the servers home page. Restart the Content Server as instructed.

77. After restarting, you will also have to rebuild the index collection as you did in step 49.

Document Preview in WebCenter Spaces

As you learned during the installation, Inbound Refinery is used to convert documents Web-viewables
and thumbnails when the content item is checked in. For example, in the Refinery Administration you
configured Content Server to pass any Microsoft PowerPoint document to the Inbound Refinery, which
will convert it to PDF format that is easily rendered by a Web browser. In the Dynamic Converter
Administration you you specified the MIME-types which were permitted to use the Dynamic
Conversion to create HTML renditions on the fly.
- 61 -

Some of the task flows in an Oracle WebCenter Spaces application, such as Document Explorer,
leverage leverage the Inbound Refinery and Dynamic Converter features to provide a preview of the
native documents.
In the next slide you see that we have uploaded a Microsoft PowerPoint document, a file called
ECMInstall.ppt, to weblogic users personal space. The system-generated Documents page
contains the Document Explorer task flow. On the slide you see the task flow displaying document
folder with the PowerPoint document.

When you click the file name, the task flow should display the PowerPoint file in preview mode. On
the bottom of the preview you can scroll the slides and select the one to display.

An important technical detail is that the task flow contains an HTML <iframe> tag outlined with the
red box. This <iframe> points to the Content Servers Web interface and issues a request to fetch the
document that was converted by Inbound Refinery to PDF. For example, the relative URL in this
<iframe> looks like
/cs/idcplg?IdcService=GET_DYNAMIC_CONVERSION&dID=205&conversionTemplate=
SLIDE-PREVIEW

- 62 -

So it is your browser that will fetch the converted document directly from Content Server, not
WebCenter Spaces.
In order to make this feature work, you need to further configure your installation. There are two major
steps to do:
Since the page comes from the WebCenter Spaces server, when the browser tries to access the
above relative URL, it will prefix it with the WebCenter Spaces servers host name and port
number http://<host1>:8888. But the content server runs on a different host and listens
on a different port, so the correct link should be http://<host2>:16200/cs/idcplg....

To solve this problem, you will configure a HTTP reverse proxy, through which your browser
can access both WebCenter Spaces and Content Server, using the same host and port, for
example <ohs_host>:<ohs_port>.
For security reasons Content Server requires authentication before rendering the preview. Your
browser is already authenticated you to WebCenter Spaces, but Content Server still might not
know your identity.
To solve this problem, you will configure a single sign-on system, that will enable you to log in
to one of the servers and the other server or servers will accept your identity.

Configure Oracle HTTP Server as a Reverse Proxy

Lets start with configuring Oracle HTTP Server as a reverse proxy for all of our servers.
In the prerequisites, we assumed that you have already installed the latest version of Oracle HTTP
Server. If you did a default installation, Oracle HTTP Server installs in a middleware home, typically in
WebCenters home. In the following steps, we will refer to the Oracle HTTP Server instances home as
<OHS_INSTANCE_HOME>, typically:
<OHS_INSTANCE_HOME>=<MW_HOME>/Oracle_WT1/instances/instance1

78. Edit the configuration file <OHS_INSTANCE_HOME>/config/OHS/ohs1/mod_wl_ohs.conf.

This file describes forwarding options, depending on the prefix in the incoming URL. The format
of each forwarding rule is
<Location /prefix>
SetHandler weblogic-handler
WebLogicHost <server_host>
WebLogicPort <server_port>
</Location>

This means that any request where the URL starts with /prefix will be forwarded to
<server_host>:<server_port>.
Add the following lines to the configuration file. Remember that <host1> is the machine where
AdminServer and four other managed servers, including WC_Spaces are running, while <host2>
is the machine where Content Server and Inbound Refinery are running. Port numbers reflect the
default installation.
# AdminServer
<Location /console>
SetHandler weblogic-handler
WebLogicHost <host1>
WebLogicPort 7001
</Location>

- 63 -

<Location /em>
SetHandler weblogic-handler
WebLogicHost <host1>
WebLogicPort 7001
</Location>
# WebCenter
<Location /webcenter>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8888
</Location>
<Location /webcenterhelp>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8888
</Location>
<Location /rss>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8888
</Location>
<Location /rest>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8888
</Location>
# Discussion server
<Location /owc_discussions>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8890
</Location>
# Portlet producers
<Location /portalTools>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8889
</Location>
<Location /wsrp-tools>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8889
</Location>
# Activity Graph
<Location /activitygraph-engines>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8891
</Location>
# Personalization
<Location /wcps>
SetHandler weblogic-handler
WeblogicHost <host1>
WeblogicPort 8891

- 64 -

</Location>
<Location /ibr>
SetHandler weblogic-handler
WeblogicHost <host2>
WeblogicPort 16250
</Location>
<Location /cs>
SetHandler weblogic-handler
WeblogicHost <host2>
WeblogicPort 16200
</Location>
# Enables Oracle Content Server authentication
<Location /adfAuthentication>
SetHandler weblogic-handler
WeblogicHost < host2>
WeblogicPort 16200
</Location>
# SAML SSO
<Location /samlacs/acs>
SetHandler weblogic-handler
WebLogicHost <host2>
WebLogicPort 16200
</Location>

79. Save the edited file and restart Oracle HTTP Server.
The ways to start/stop oracle HTTP server is beyond the scope of this document, but here is a
typical command you can execute, provided OHS is already running:
cd <OHS_INSTANCE_HOME>/bin
./opmnctl restartproc process-type=OHS

80. Test the proxy by accessing WebCenter Spaces and Content Server.
Using your browser, try to access some of the URLs below, for example WebLogic Console,
Enterprise Manager, WebCenter Spaces, and Content Server and Inbound Refinery home pages
through OHS. In the following URLs, replace <ohs_home> and <ohs_port> with the actual
machine name and the port number where OHS listens. In our architecture outlined in the diagrams
it would be host1:7777.
http://<ohs_host>:<ohs_port>/console
http://<ohs_host>:<ohs_port>/em
http://<ohs_host>:<ohs_port>/webcenter
http://<ohs_host>:<ohs_port>/cs
http://<ohs_host>:<ohs_port>/ibr

You should see the home pages and be able to log in to each of these servers.

Configure SSO
After configuring the Oracle HTTP Server as a proxy, if you tested the previous example, that is,
previewing a PowerPoint document, you would see the following page:

- 65 -

Instead of the document preview, you will likely see the Content Server login page. Although you are
already authenticated to WebCenter Spaces as weblogic, Content Server does not know about this
authentication and displays the login page instead of the converted document.
When you log in to Content Server as weblogic, the login page will be replaced by the PowerPoint
preview.
Oracle Access Manager (OAM) is the recommended Single Sign-on (SSO) solution for Oracle Fusion
Middleware enterprise-class installations. The details of configuring Content Server to use OAM are
described in Chapter 5.2.3 Configuring Oracle UCM for Single Sign-On Oracle Fusion Middleware
System Administrator's Guide for Oracle Content Server11g Release 1 (11.1.1), available at:
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e10792/c03_security.htm#CDDDAFIB
In this practice you will configure Single Sign-on solution that uses the Oracle WebLogic Server
SAML Credential Mapping Provider. This is recommended only for development or for small, standalone systems. The detailed steps for the SAML-based Single Sign-on configuration is documented in
Chapter 30.4 Configuring SAML-based Single Sign-on of the same manual, available at
http://download.oracle.com/docs/cd/E21764_01/webcenter.1111/e12405/wcadm_security_sso.htm#BG
BFFFBB.
In the following steps you will have to replace <MW_HOME>, <JAVA_HOME>, <WC_HOME>,
<WC_DOMAIN> with the actual paths in your installation.
81. Configure and export the certificate.
Both WebCenter and ECM domains should use the same keystore to share security certificates.
You could create a new keystore, but here you are going to use a predefined keystore:
DemoIdentity, located at <MW_HOME>/wlserver_10.3/server/lib/DemoIdentity.jks.
This keystore was created during the installation.
First export the existing certificate with the following commands.
cd <MW_HOME>/wlserver_10.3/server/lib
<JAVA_HOME>/bin/keytool -export \

- 66 -

-keypass DemoIdentityPassPhrase \
-keystore DemoIdentity.jks \
-storepass DemoIdentityKeyStorePassPhrase \
-alias demoidentity -file demoidentity.der

Note: When you issue the above command as it is, please remember that the backslash character is
the line continuation flag in Unix systems, and that must be the very last character on the line.
Alternatively, enter the whole command in a single line.
82. Encrypt the keystore pass phrase. You will need the encrypted string later.
As you can see in the above keytool command, DemoIdentityKeyStorePassPhrase is the
pass phrase used when the keystore was created.
Invoke WLST. WebLogic Scripting Tool (WLST) is a command-line scripting environment that
you can use to create, manage, and monitor WebLogic Server domains.
cd <WC_HOME>/common/bin
./wlst.sh

Execute the following commands in WLST.

print encrypt(obj='DemoIdentityPassPhrase',
domainDir='<WC_DOMAIN>')

It is essential that you use the correct path for the domain folder. The encrypt function will not
complain when you use a different path, but the encrypted password will not work at later stages.
Write down the result of the print statement; this is the encrypted password for the keystore file.
The encrypted password is similar to this example:
{AES}GQTYNYUsXkuG5pF0oDhqIwSk00/AoiwHjchg1xC/IfSCFv6N4HsEC+o+Vo2hVpbs

83. Generate the configuration and key files containing the connection information for the various
domains.
Execute the following commands with WLST which is already running.
Note: In the following commands, you might need to change weblogic and welcome1 to the
actual administrator users name and password, or change port 7001 if the AdminServer runs on a
different port.
connect('weblogic', 'welcome1', 't3://<host1>:7001')
storeUserConfig('spacesconfig.secure', 'spaceskey.secure')

You will get a warning, reply y at the prompt:

Creating the key file can reduce the security of your system if it is
not kept in a secured location after it is created.
Do you want to create the key file? y or n y

Execute the following command and reply y to the warning:

storeUserConfig('ucmconfig.secure', 'ucmkey.secure')

Execute
exit()

to exit WLST.
Note: In this exercise, you will configure WebCenter Spaces and Content Server in the Single Signon domain. If you want to include other components, like Discussion Server, SOA, etc, you have to
execute other storUserConfig commands, for example:
storeUserConfig('collabconfig.secure', 'collabkey.secure')

- 67 -

storeUserConfig('utilitiesconfig.secure',
'utilitieskey.secure')
storeUserConfig('soaconfig.secure', 'soakey.secure')

84. Edit the main configuration file: wcsamlsso.properties.

The following configuration scripts will use parameters in this property file. The file is located at
the same directory, <WC_HOME>/common/bin, where you just executed the previous commands.
The file has several sections; each section configures a component for SSO. We show you only the
parameters for WebCenter Spaces and Content Server, but if you want to extend SSO for other
services, you have to edit the other sections.
Bold letters indicate where you have to edit the file. In addition to this, you might have to change
the serverName parameter (WC_Spaces, UCM_server1), if you have not accepted the default
managed server names during installation.
Edit the WebCenter Spaces section
[spaces_config]
configFile = spacesconfig.secure
keyFile = spaceskey.secure
adminURL = <host1>:<admin_port>
usesSSL = false
url = http://<ohs_host>:<ohs_port>/webcenter
serverName = WC_Spaces
certAlias = demoidentity
certPassword = <encypted_password>
certPath = <MW_HOME>/wlserver_10.3/server/lib/demoidentity.der

Edit the Content Server sections (ucm_config, cs)

[ucm_config]
configFile = ucmconfig.secure
keyFile = ucmkey.secure
adminURL = <host1>:<admin_port>
usesSSL = false
serverName = UCM_server1
certAlias = demoidentity
certPath = <MW_HOME>/wlserver_10.3/server/lib/demoidentity.der
[cs_config]
url = http://<ohs_host>:<ohs_port>

85. Execute the configuration scripts.

There is a set of WLST scripts that will do the configuration based on the above property file.
a. First configure WebCenter Spaces:
./wlst.sh
execfile('<WC_HOME>/webcenter/scripts/samlsso/configureSpaces.py')

After successful execution of the script, WLST will terminate.

b. You have to restart AdminServer and all of the managed servers in the domain, running on
either host1 or host2 machines.
c. Configure Content Server
./wlst.sh
execfile('<WC_HOME>/webcenter/scripts/samlsso/configureUCM.py')

- 68 -

d. You have to restart again AdminServer and all of the managed servers in the domain, running
on either host1 or host2 machines.
e. Configure Content Server Web Access
./wlst.sh
execfile('<WC_HOME>/webcenter/scripts/samlsso/configureCS.py')

f. After this configuration, no restart is necessary.

If you configure other services for Single Sign-on, you have to execute other scripts, for example:
configureCollab.py, configureUtilities.py, etc.
Note: If you receive errors during any of the scripts, it is very likely, that either the encrypted
keystore password, or some parameter in the wcsamlsso.properties file is wrong. You need to
clean the SAML objects created by the scripts before you can execute the configuration scripts
again.
Connect to the AdminServer using your browser at
http:<ohs_host>:<ohs_port>:7001/console

then select Security Realms > myrealm > Providers page. Here you will find an Authentication
Provider: wcsamlia

and a Credential Mapping Provider: wcsamlcm.

- 69 -

Delete both of these providers, and restart the servers, before trying the configuration again.
86. On both hosts and domains, restart the affected servers, i.e., AdminServer and WC_Spaces on host1
and AdminServer and UCM_server1 on host2.

Change the maximum size for uploaded documents

When you will upload documents to the Content Server in the WebCenter Spaces application, for
example using the Document Explorer task flow, you will quickly notice that contrary to the
documentation, by default you cannot upload documents larger than 2 MBytes.
In the following screen shots you will see a failed attempt to upload a file of approximately 3 MBytes,
although the popup notes clearly indicate the limit as 2 GBytes.

- 70 -

IN the next steps you are going to increase the maximum size of the uploaded documents to an
arbitrary value; if you prefer, to 2 GBytes, as claimed by the popup notes.
87. Export WebCenter Spaces metadata in XML format.
Metadata controlling WebCenter Spaces operations is stored in the Metadata Store (MDS) which is
a component in the WebCenter instance. MDS is using a database schema; in our installation it is
WC_MDS. In order to change the metadata, first you need to export it to a text file.
Execute the following commands. You will use WLST from the <WC_HOME>/common/bin
directory.
cd <WC_HOME>/common/bin
./wlst.sh
connect('weblogic', 'welcome1', 't3://<host1>:7001')
exportMetadata(application='webcenter',
server='WC_Spaces',
toLocation='/tmp',
docs='/oracle/webcenter/webcenterapp/metadata/webcenter-config.xml')
exit()

Note: As earlier, in the following commands, you might need to change weblogic and welcome1
to the actual administrator users name and password, or change port 7001 if the AdminServer runs
on a different port. Instead of /tmp you might also use a different temporary directory for the
exported file.
88. Edit the metadata file, change the <webcenter:uploadedFileMaxDiskSpace> value. You can
use any text editor, like vi.
vi /tmp/oracle/webcenter/webcenterapp/metadata/webcenter-config.xml
...
<webcenter:uploadedFileMaxDiskSpace>2147483648</webcenter:uploadedFileMa
xDiskSpace>
...

You will find that the original value in this tag is only 2097152 Bytes. Change it to the desired
number, the example shows 2147483648 which is 2 GBytes.
89. Using WLST, import the modified metadata.
./wlst.sh
connect('weblogic', 'welcome1', 't3://<host1>:7001')
importMetadata(application='webcenter',
server='WC_Spaces',
fromLocation='/tmp',

- 71 -

docs='/oracle/webcenter/webcenterapp/metadata/webcenter-config.xml')
exit()

90. You need to restart WC_Spaces managed server for the changes to take effect.
You have completed the tutorial and you should have a WebCenter Spaces installation that is
configured to work with the Content Server.

- 72 -