| Oracle® Fusion Middleware Installation Guide for Oracle Enterprise Content Management Suite 11g Release 1 (11.1.1) E14495-02 |
|
 Previous |
 Next |
| Oracle® Fusion Middleware Installation Guide for Oracle Enterprise Content Management Suite 11g Release 1 (11.1.1) E14495-02 |
|
Previous |
Next |
This chapter describes how to configure an Oracle Imaging and Process Management (Oracle I/PM) application in an Oracle WebLogic Server domain.
This chapter includes the following sections:
Section 5.1, "Completing the Oracle I/PM Configuration After First Login"
Section 5.2, "Downloading Visual C++ Libraries for the Oracle I/PM Viewer (Windows System)"
Section 5.3, "Configuring the Full-Text Features in the Oracle UCM Repository"
Section 5.6, "Installing and Configuring Oracle Application Extension Framework"
Section 5.8, "Installing and Configuring Oracle Document Capture"
The user who logs in first to an Oracle I/PM Managed Server is provisioned with full security throughout the server. When this user first logs in, Oracle I/PM provides a user interface to complete the configuration, including connecting to a repository or repositories and, optionally, to a Business Process Execution Language (BPEL) server.
|
Note: In a production system, Oracle Enterprise Content Management Suite applications need to use an external Lightweight Directory Application Protocol (LDAP) authentication provider rather than the Oracle WebLogic Server embedded LDAP server, which is part of the default configuration. If you want to reassociate the identity store for Oracle I/PM with an external LDAP authentication provider, it is easier to do this before you complete the configuration of the Oracle I/PM Managed Server and before you connect it to the Oracle Universal Content Management (Oracle UCM) repository. For more information, see Section 4.4, "Reassociating the Identity Store with an External LDAP Authentication Provider." |
To complete the Oracle I/PM configuration, you need to perform these tasks:
Configuring Oracle Content Server 10g to work with Oracle I/PM
Adding the Administrator User and Administrators Group to Oracle UCM
Starting the Oracle I/PM Managed Server and Accessing the Web Client
To log in to Oracle WebLogic Server, Oracle I/PM services use the agent user, which is agentadmin by default. If you are using the Oracle WebLogic Server embedded LDAP server, you need to add this agent user, or a unique user name for the agent user, so the services can log in.
If you are using an external LDAP authentication provider, follow the steps for your identity store. For more information about external LDAP authentication providers, seeSection 4.4, "Reassociating the Identity Store with an External LDAP Authentication Provider."
To add the agent user to Oracle WebLogic Server:
Start the Administration Server (see Section 7.1, "Starting the Administration Server").
Access the Oracle WebLogic Server Administration Console at
http://adminServerHost:adminServerPort/console
For adminServerHost, specify the name of the computer that hosts the Administration Server for your domain. For adminServerPort, specify the listen port number for the Administration Server. The default number is 7001. For example:
http://myHost:7001/console
To log in, supply the user name and password that were specified on the Configure Administrator User Name and Password screen in the configuration wizard.
Click Security Realms (on the left).
In the Realms table on the Summary of Security Realms page, click myrealm in the Name column to open the Settings for myrealm page.
Go to Users and Groups, click New, and add the agentadmin user (or a unique user name).
You need to configure Oracle Content Server before it can work with Oracle I/PM.
To configure Oracle Content Server 10g to work with Oracle I/PM:
Update the IP address filter:
On the system where Oracle UCM is installed, navigate to the installation directory.
Execute the SystemProperties application: ./bin/SystemProperties
Click the Server tab.
In the IP Address Filter field, add a vertical bar (|) followed by the IP address of the system where Oracle I/PM is installed.
The IP address is required for the Oracle I/PM system to have access to the Oracle UCM system without authentication.
Click OK.
This change will require a restart of Oracle Content Server, which you can do at the end of this procedure, after installing the Oracle UCM components.
Open the Oracle UCM Web client in a Web browser (http://hostname:port/location, such as http://myhost.mycompany.com:8000/idc), and log in.
Open the Administration tray.
Upgrade the default file store:
Under Administration, select Providers.
Select Info in the Action column of the DefaultFileStore row.
When asked if you want to upgrade the file store, click Upgrade, and then click Update in the Edit File Store Provider dialog box.
Oracle UCM does the upgrade automatically.
Oracle I/PM content is not accessible in a Web store. Oracle Content Server traditionally uses a weblayout directory on a file system to store content in a format for viewing in a Web browser, but this feature does not have much use in an Oracle I/PM solution and uses extra disk space. After the file store upgrade, you should disable the weblayout functionality in Oracle Content Server for any file store provider configured for use as an Oracle I/PM volume.
Configure system properties:
Confirm that the SearchIndexerEngineName variable matches the type of Oracle UCM system to use (DATABASE.METADATA, DATABASE.FULLTEXT, or OracleTextSearch).
Under Administration tray, select Admin Server.
Click idc.
Select General Configuration, on the left.
Select Automatically assign a content ID on check in.
Specify an Auto Number Prefix value, such as ucm1.
Set the EnableIdcProfileField variable to 1:
EnableIdcProfileField=1
Click Save.
Install Oracle UCM components:
Select Component Manager, on the left.
In the Install New Component section, click Browse, and select any components in the Update Bundle /component/CS10gR35UpdateBundle/extras directory.
Click Open.
Click Install.
Fill in any necessary details for each component you selected, and then click Continue.
Click here to return to the Component Manager.
In the Install New Component section, click Browse.
Browse to the ECM_ORACLE_HOME/ipm/lib directory, and select IpmRepository.zip.
Click Open.
Click Install.
Click Continue.
Click here to return to the Component Manager.
In the Install New Component section, click Browse.
On the Oracle Enterprise Content Management Suite media disk, select CS10gR35UpdateBundle.zip.
Click Open.
Click Install.
Click Continue.
Select any installed component in the Update Bundle /component/CS10gR35UpdateBundle/extras directory and IpmRepository.
Click Enable.
Fill in any necessary details for each component you selected, and then click Continue.
Click here to return to the Component Manager.
From the Options list on the left, select Start/Stop Content Server.
Select Restart.
Ensure that Oracle Content Server is running after you restart it.
You need to add the administrator user to Oracle UCM and assign it to the Administrators group before this user can perform administration tasks on Oracle UCM.
To add the administrator user and Administrators group to Oracle UCM
In the Oracle UCM Web client, select Admin Applets under Administration.
Click User Admin.
On the Security tab, select Permissions By Role.
Select Add New Role.
In the Role Name field, enter Administrators.
Click OK.
Click Close.
Click Add.
For Authorization Type: Local, click OK.
Create the administrator user, and enter the password.
Click the Roles tab.
Click Add Role.
Select Administrators, and then click OK.
Click OK.
Close the User Admin applet.
After you complete the preceding configuration tasks, you can start the Oracle I/PM Managed Server and access its Web client.
For transformations to work on some platforms, the following environment variables must be set before you start the Managed Server:
Environment variables for library paths
Solaris Sparc: LD_LIBRARY_PATH=/usr/local/packages/gcc-3.4.2/lib
|
Note: For document conversions on a Solaris SPARC platform, Oracle I/PM requires the GNU Compiler Collection (GCC) package 3.4.2 or later in the/usr/local/packages directory.
Install this package on the Solaris operating system that will run Oracle I/PM. You can download GCC from the Sunfreeware Web site at
You also need to set the LD_LIBRARY_PATH environment variable to |
AIX: LIBPATH=$DOMAIN_HOME/oracle/imaging/imaging-server
HPI: LD_PRELOAD=/usr/lib/hpux64/libpthread.so.1 and LD_LIBRARY_PATH=$DOMAIN_HOME/oracle/imaging/imaging-server
DISPLAY environment variable
On UNIX platforms running XWindows, when redirecting the display to a system with suitable graphic capabilities, set DISPLAY to a valid X Server.
To start the Oracle I/PM Managed Server and access the Web client:
Go to the bin directory under your domain home directory.
Start the Oracle I/PM Managed Server (see Section 7.2, "Starting Managed Servers").
Enter the administrator user name and password.
Wait until the Oracle I/PM Managed Server is running.
Access the Web client at this URL: http://hostname:16000/imaging
Log in with the administrator user name and password.
|
Note: This first user to connect to the Oracle I/PM system is registered as the Oracle I/PM administrator. |
Before Oracle I/PM can use the Oracle UCM repository, you need to configure a connection to Oracle Content Server. You can create a connection to it from Oracle I/PM.
Open a Web browser, and navigate to this Web site: http://hostname:16000/imaging
Log in with the administrator user name and password.
Navigate to the Manage Connections tray, and select Create Content Server Connection from the list.
Enter a name for the connection on the Basic Information page, and optionally a description, and then click Next.
Enter the following values on the Connection Settings page:
Repository Proxy: fmwadmin
Primary: localHost
Port: The IDC port of the Oracle UCM instance, 4444 by default
Click Next.
If you get the "Content Server does not have a defined document profile field" message, go to General Configuration, add the variable EnableIdcProfileField=1, and then restart Oracle Content Server.
Enter a Connection Security value for the connection.
Select which users and groups should have permission to access, modify, delete, or grant others access to this connection definition.
Click Next.
At the Summary screen, click Submit.
Three agents run outside of Oracle I/PM, so you need to log into the Oracle I/PM system using a standard user in the security store. Oracle I/PM assigns security to this user name, which you need to configure as the agent user, by setting the AgentUser MBean.
To set the font path on a UNIX operating system, you also need to configure the GDFontpath MBean.
You can configure these MBeans through the System MBean Browser in Fusion Middleware Control.
To configure the AgentUser and GDFontPath MBeans:
Access the Oracle I/PM domain in Oracle Enterprise Manager 11g Fusion Middleware Control at the following URL:
http://adminServerHost:adminServerPort/em
For adminServerHost, specify the name of the computer that hosts the Administration Server for your domain. For adminServerPort, specify the listen port number for the Administration Server. The default number is 7001. For example:
http://myHost:7001/em
To log in, supply the user name and password that were specified on the Configure Administrator User Name and Password screen in the configuration wizard.
In the navigation tree on the left, expand Application Deployments, and then click imaging (IPM_server1).
On the Application Deployment menu, select System MBean Browser.
In the navigation tree on the System MBean Browser page, under Configuration MBeans, close the com.bea folder.
Expand the oracle.imaging folder, under Application Defined MBeans.
Expand the Server: IPM_server1 and config folders.
Click config.
Set the value of the AgentUser attribute to agentadmin (or to a unique user name), click Apply, and then click Return.
On a UNIX operating system, set the value of the GDFontPath attribute to the location of your TTF files; for example:
/usr/share/X11/fonts/TTF
Some standard font locations on different UNIX platforms follow:
Solaris SPARC: /usr/openwin/lib/X11/fonts/TrueType
|
Note: For document conversions on a Solaris SPARC platform, Oracle I/PM requires the GNU Compiler Collection (GCC) package 3.4.2 or later in the/usr/local/packages directory.
Install this package on the Solaris operating system that will run Oracle I/PM. You can download GCC from the Sunfreeware Web site at
You also need to set the LD_LIBRARY_PATH environment variable to |
AIX: /usr/lpp/X11/lib/X11/fonts/TrueType
HPI: /usr/lib/X11/fonts/TrueType
For systems on which Oracle WebLogic Server includes a JDK, you can find some True Type Fonts (TTF) in the JDK/jre/lib/fonts directory.
Click Apply.
Restart the Oracle I/PM Managed Server.
The Oracle I/PM advanced viewer uses OutsideIn Technology, which requires the Visual C++ libraries included in the Visual C++ Redistributable Package for a Windows operating system. Three versions of this package (x86, x64, and IA64) are available from the Microsoft Download Center at
http://www.microsoft.com/downloads
Search for and download the version of the package that corresponds to the version of your Windows operating system:
vcredist_x86.exe
vcredist_x64.exe
vcredist_IA64.exe
The required version of each of these downloads is the [Microsoft Visual C++] 2005 SP1 Redistributable Package. The redistributable module that Outside In requires is msvcr80.dll.
Oracle I/PM supports two types of Full-Text under Oracle UCM: DATABASE.FULLTEXT and OracleTextSearch. Oracle I/PM can use the full-text features if you configure full-text searching in the Oracle UCM repository first. For DATABASE.FULLTEXT systems, after the indexes are rebuilt, nothing needs to be done on the Oracle I/PM side. OracleTextSearch, however, requires that the index be rebuilt every time a new application is built with the FullText option.
A connection to a BPEL server is used to connect to the server through the BPEL EJB API. The information will be used for communication though the T3 protocol (not through HTTP). Before Oracle I/PM can connect to a BPEL server, you need to configure a connection to it. From the Oracle Imaging and Process Management user interface, you can create a BPEL connection and configure SSL for the BPEL server.
Before you can connect to the BPEL server, you need to create a BPEL connection from the Oracle I/PM Managed Server.
To create a BPEL connection:
Open a browser, and navigate to the following Web site:
http://localHost:7201/imaging
Log in with the weblogic user name and password.
|
Note: This first user to connect to the Oracle I/PM system is registered as the administrator. |
On the Manage Connections tab, select Create BPEL Connection from the list.
Enter a value in the Name field, in the format BPEL machine name BPEL, and, optionally, in the Description field.
This parameter specifies the host name or names used for the connection. If the BPEL server is a single instance, it is the name or IP of the BPEL machine. If the BPEL server is operating within a cluster, this parameter value can be a comma-separated list of machine names or IP addresses of servers in the cluster, or it can be the name of the cluster.
If multiple machine names are provided in a comma-separated list, the machines must all use the same port (the value supplied by the port parameter). If the BPEL Managed Servers in the cluster need to be defined with different ports, then the cluster-name configuration must be used.
When a cluster name is used, the name must be defined in DNS to resolve to the multiple machines within the cluster. Neither Oracle I/PM nor BPEL defines this behavior. Rather, it is defined by the Oracle WebLogic Server support for JNDI in a cluster. For details on clustered JDNI support, see "Using WebLogic JNDI in a Clustered Environment" at the following Web site:
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/jndi/jndi.html
Click Next.
Enter the following value for BPEL Machine name: BPEL machine name.us.oracle.com
Enter the following value for BPEL Port: 8001
This parameter specifies the port number used in the connection. For Oracle WebLogic Server, this is the standard listening port for the server. If the SSL option is selected, then the port provided must be the SSL listening port for the server, and T3 communication will actually use T3S, the SSL version of T3.
Select the SSL option if the target BPEL system requires it.
This parameter indicates whether or not the port parameter is the SSL listening port of the BPEL server.
For Credential Alias, enter an alias previously created: basic.credential
This parameter provides the alias of a user name and password that are stored in the Credential Store (CSF). These credentials are required to make the remote JNDI connection. The parameter is not the actual user name or password, but rather an alias (or key) used to look up the user name and password in the CSF, which encrypted them to provide for proper security.
This credential must be created in the CSF before the BPEL connection configuration can be completed. A credential can be created in the CSF in one of two ways: through Fusion Middleware Control or through WebLogic Server Scripting Tool (WLST).
Click Test Connection to confirm the connection parameters to see what composites exist on that BPEL machine.
Click Next.
Optionally, alter security grants.
Click Submit.
For the Oracle I/PM SSL configuration to work with BPEL, the SSL listening port must be enabled on the BPEL server. This can be done at the time the BPEL server is first installed, through the configuration wizard, or after installation, through the Administration Console.
To configure SSL for the BPEL server:
Log in to the Administration Console for the BPEL Managed Server domain.
From Domain Structure, click Environment and then Servers.
Select the BPEL Managed Server instance.
Select SSL Listen Port Enabled.
Enter an available port number for SSL Listen Port.
Click SAVE.
SSL is enabled on the BPEL Managed Server.
In the Oracle I/PM connection, the SSL option can be selected, and the SSL listen port can be used for the port parameter. At this point, T3 communication with the server will work properly if both the BPEL Managed Server and the Oracle I/PM Managed Server are configured to use the default DemoTrust certificates. All Oracle WebLogic Server instances use the same DemoTrust self-signed certificates and, therefore, are configured to trust the others by default.
You can also configure SSL for the BPEL server in the Oracle I/PM user interface, using the Managed Connections section to create the BPEL connection.
On a new Oracle I/PM system, the first user to log in is automatically granted full permissions. Typically, this initial user associates other users or groups, after which his or her permissions are changed or revoked as needed.
If security provider changes are made after this initial user login to Oracle I/PM, follow the steps below to reset Oracle I/PM system security. For example, if you later change the security configuration to point to an Oracle Internet Directory provider or a Microsoft Active Directory provider, you must reset Oracle I/PM system security.
Manually create or migrate users and groups to the new external security provider, using utilities as needed.
For more information, see Section 4.4, "Reassociating the Identity Store with an External LDAP Authentication Provider."
Run the refreshIPMSecurity() WLST MBean command.
For more information, see Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
|
Note: During the refresh, users or groups for whom matching identifying information is not found are ignored. As security changes are made, invalid users or groups are removed from the Oracle I/PM database. |
Oracle Application Extension Framework (AXF) is automatically installed with Oracle I/PM. For information about configuring and using AXF and the AXF database tables, see Oracle Fusion Middleware E-Business Suite Adapter for Oracle Enterprise Content Management Administrator's Guide.
Two simple solutions called HelloWorld and HelloBpel are included with AXF to verify that the AXF infrastructure is properly installed. HelloWorld is a basic solution that returns a Hello string. The HelloBpel solution includes a BPEL process to verify the BPEL integration.
Follow these steps to enable the HelloWorld solution.
As the AXF database user, run the insertHelloCommand.sql script from the MW_HOME/drivers/HelloWorld/dbscripts directory.
Access the driver page of the AXF Web application using the following URL:
http://host:port/axf-web/faces/Driver.jspx
Enter the following values:
Solution Namespace: HelloWorld
Command Namespace: Hi
User Name: jcooper
|
Note: This user name is valid only if you are using the application server's built-injazn.xml security |
Click Execute Command.
An AXF response should display with a populated Conversation ID. If the response is returned, the AXF infrastructure is functioning correctly and commands can be added and executed.
The HelloBpel solution includes a BPEL Process and a SQL script to set up the HelloBpel SolutionNamespace for use by that process. The BPEL Process and database script can be found in the installation package under the MW_HOME/drivers/HelloBpel directory.
To enable the HelloBpel solution:
Edit and run the HelloBPEL SQL script (MW_HOMEOracle_ECM1/ipm/lib/imaging-axf-install-extras.zip/drivers/HelloBpel/dbscripts/insertHelloWorldBpelData.sql), replacing localhost with your Application Server host name and modifying all password entries as required for your environment.
With JDeveloper 11.1.1.0, open the HelloWorldBPELProcess.jpr BPEL project and deploy it to your BPEL server. Consult the JDeveloper documentation for assistance with this task.
Access the driver page of the AXF Web application using the following URL:
http://host:port/axf-web/faces/Driver.jspx
In the AXF Command Driver screen, enter the following values:
Solution Namespace: HelloBpel
Command Namespace: OPEN_TASKLIST
User Name: jcooper
|
Note: This user name is valid only if you are using the application server's built-injazn.xml security |
Click Execute Command.
A response should be displayed in the response screen.
Click Execute Response, and log in when prompted.
The AXF Task List screen should be displayed. If there are no tasks in the TaskList, open the BPEL Console and create a new instance of HelloWorldBPELProcess and refresh the Task List.
