3 Oracle WebCenter Spaces

This chapter contains these topics:

• Section 3.1, "Understanding WebCenter Server"

• Section 3.2, "Installing Oracle WebCenter Spaces"

• Section 3.3, "Configuring the WebLogic Domain for Oracle Access Manager"

• Section 3.4, "Installing Oracle WebGate"

• Section 3.5, "Configuring Oracle HTTP Server for WebCenter Spaces"

• Section 3.6, "Registering the WebGate Agent for WebCenter Spaces"

3.1 Understanding WebCenter Server

The WebCenter server ensures the SSO credentials are valid without the user logging in again.

Prerequisites

• Install WebCenter Database Schemas (See Appendix A)

• Install WebLogic Server (See Appendix B)

Important: The WebCenter database schemas must be created, and the WebLogic Server must be installed before you install Oracle WebCenter Spaces.

3.2 Installing Oracle WebCenter Spaces

You install Oracle WebCenter Spaces 11.1.1.5.0.

When you install the WebCenter components on your machine, be sure to enter the correct data (machine name, ports, and so on) for your configuration. When you download the software from Oracle Technology Network (OTN) note the directories to which you downloaded the software and replace the directory location specified in this chapter with your directory locations. Be sure to install the executable files for your platform.

Use these steps to install Oracle WebCenter spaces 11.1.1.5.0.

1. Download and unzip the WebCenter installation file:

   ofm_wc_generic_11.1.1.5.0_disk1_1of1.zip

2. Execute the install process from Disk1 folder:

   • On Windows: setup.exe with Run as administrator option

   • On UNIX: ./runInstaller as a non-root user

3. Review the Welcome page information, and then click Next.

4. Select your Software Updates option.

5. The installer performs prerequisite checks.

6. Enter a Middleware Home and a WebCenter Home Directory.

   
   Description of the illustration image062.gif
   
   

7. Select the application server.

   Note:

   EnterpriseOne supports only a WebLogic Server as the application server.
   
   Description of the illustration image063.gif
   
   

8. Click Next.

9. Review the Install Summary.

   
   Description of the illustration image064.jpg
   
   

10. Click Install to start the install process.

    
    Description of the illustration image065.gif
    
    

11. Click Next to continue.

    
    Description of the illustration image066.gif
    
    

12. Click Finish when the install process is completed.

13. Run config.cmd (.sh) from <MW_Home>\Oracle_WC1\common\bin folder to create the WebCenter domain.

14. Select Create a new WebLogic domain option.

15. Select the products to be part of this domain. You can add more products later.

    
    Description of the illustration image067.gif
    
    

16. Click Next.

17. Enter the domain name.

    
    Description of the illustration image068.gif
    
    

18. Enter the domain Administrator user and password.

19. Select Production Mode.

20. Verify the available JDK.

    
    Description of the illustration image069.gif
    
    

21. Enter the JDBC Component Schema database connection.

    
    Description of the illustration image070.gif
    
    

22. Test JDBC Schema connection.

    
    Description of the illustration image071.gif
    
    

23. Select the Administration Server and Managed Server, Cluster and Machine.

24. See Appendix B to complete the domain creation.

3.2.1 Post Installation Configuration

1. Start the WebCenter Admin Server (startWebLogic.cmd (.sh)) from <MW_Home>\user_projects\domains\<webcenter_domain>\bin folder.

2. Start WebLogic NodeManager (startNodeManager.cmd/sh) from <MW_home>\wlserver_10.3\server\bin.

3. The startNodeManager process creates a nodemanager.properties file in <MW_home>\wlserver_10.3\common\nodemanager folder.

4. Once the file is created, run setNMProps.cmd/.sh from <MW_home>oracle_common\common\bin folder.

   Note:

   Another option is that you can edit the nodemanager.properties by opening the file with an editor and change StartScriptEnabled to true.

   Important:

   WebCenter Spaces will not start correctly if this value is not set.

5. After the value is changed, you must stop and restart NodeManager.

6. Start the domain Admin Server and WC_Spaces.

   
   Description of the illustration image072.gif
   
   

7. After the Admin Server is started, you can access the domain console, Enterprise Manager, and WebCenter Spaces.

   • http://server:7001/console (Enterprise Manager)
     

   • http://server:7001/em (Domain Console)
     

     
     Description of the illustration image073.gif
     
     

     http://server:8888/webcenter
     

     
     Description of the illustration image074.gif
     
     

8. Click About WebCenter Spaces on the bottom right to verify the version level.

   
   Description of the illustration image075.gif
   
   

3.3 Configuring the WebLogic Domain for Oracle Access Manager

Configuring the WebLogic Domain for OAM consists of these tasks:

• Configuring the Oracle Internet Directory Authenticator

• Configuring the OAM Identity Asserter

3.3.1 Configuring the Oracle Internet Directory Authenticator

Assuming Oracle Internet Directory is backing the Oracle Access Manager (OAM) identity store, an Oracle Internet Directory authenticator (OracleInternetDirectoryAuthenticator) should be configured for the LDAP server that is used as the identity store of OAM, and the provider should be set to SUFFICIENT.

Use these steps to configure the Oracle Internet Directory Authenticator.

1. Log in to the WebCenter WebLogic Server Administration Console.

2. From the Domain Structure pane, click Security Realms

   
   Description of the illustration image076.gif
   
   

3. Select the realm entry for which to configure the OID authenticator.

4. Select the Providers tab.

5. Click New to create a provider.

   
   Description of the illustration image077.gif
   
   

6. Enter a name for the new provider (for example, OID Authenticator), select OracleInternetDirectoryAuthenticator as the type, and then click OK.

7. On the Providers tab, click the newly added provider. The common setting pane appears.

   
   Description of the illustration image078.gif
   
   

8. Set the control flag to SUFFICIENT and click Save.

9. Open the Provider Specific tab.

   
   Description of the illustration image079.gif
   
   

10. Complete the fields as shown in the table below. Leave the rest of the fields set to their default values.

    Field	Value	Comment
    Host:	The host ID for the LDAP server
    Port:	The LDAP server port number
    Principal:	The LDAP administrator principal
    Credential:	<password>	The administrator principal password
    Confirm Credential:	<password>
    User Base DN:	User Search Base - this value should be the same as for the OAM Access Manager setup.
    All User Filter:	(&(uid=*)(objectclass=person))
    User Name Attribute	uid
    Group Base DN:	Group search base - same as user base DN
    Use Retrieved User Name as Principal	Checked	User login IDs are usually case insensitive. This flag is required so that the subject established contains the user name as stored in the OID.

    
    

11. Click Save.

3.3.2 Configuring the OAM Identity Asserter

In a WebLogic Server domain where JRF is installed, the JRF template is present as part of the domain in an Oracle Fusion Middleware product. In this case, the OAM Identity Asserter and OAM Authentication Provider are automatically available for configuration. If JRF is not installed in your WebLogic domain, you must add the OAMAuthnProvider.jar to a specific location in your domain.

Configuring the OAM Identity Asserter consists of these tasks:

• Adding the OAM Identity Asserter

• Configuring the Default Authenticator and Provider Order

• Adding an OAM Single sign-On Provider

Prerequisites

Confirm the required JAR and WAR files as follows:

• Confirm the location of required JAR files in the following Fusion Middleware path:

<MW_Home>/oracle_common/modules/oracle.oamprovider_11.1.1/oamAuthnProvider.jar

• Locate the console-extension WAR file in the following path:

<MW_Home>/oracle_common/modules/oracle.oamprovider_11.1.1/oamauthenticationprovider.war

• Copy the WAR file to the following path in the WebLogic Server home:

<MW_Home>/wlserver_10.3/server/lib/console-ext/autodeploy/oamauthenticationprovider.war

3.3.2.1 Adding the OAM Identity Asserter

An OAM identity asserter must be configured with the provider control flag set to required.

Use these steps to add the OAM Identity Asserter.

1. Log in to the WebCenter WebLogic Server Administration Console.

2. From the Domain Structure pane, click Security Realms.

3. Click the realm entry for which to configure the OAM identity asserter.

4. From the Providers tab, click New.

   
   Description of the illustration image080.gif
   
   

5. Enter a name for the new provider (for example, OAM ID Asserter), select OAMIdentityAsserter as its type and click OK.

6. On the Providers tab, click the newly added provider.

   
   Description of the illustration image081.gif
   
   

7. Set the control flag to REQUIRED and check that OAM_REMOTE_USER and ObSSOCookie are set for Active Types.

8. Click Save to save your settings.

3.3.2.2 Configuring the Default Authenticator and Provider Order

After configuring the OAM identity asserter, ensure that the default authenticator's control flag is set to SUFFICIENT and reorder the providers.

Use these steps to configure the default authenticator and provider order.

1. Navigate to the Provider Settings pane.

2. Open the Default Authenticator and set the control flag to SUFFICIENT.

3. Do the same for any providers other than the two you just created.

4. On the Setting Pane, reset the provider order to:

• OAMIdentityAsserter(REQUIRED)

• OracleInternetDirectoryAuthenticator (SUFFICIENT)

• DefaultAuthenticator (SUFFICIENT)

• DefaultIdentityAsserter

  
  Description of the illustration image082.gif
  
  

Note:

On Windows platform, if your WebLogic user is not part of the OID Administrators group, you will not be able to restart the WebLogic Admin Server.

You can use these steps to add an Administrators group and add your user in it.

1. Connect to Oracle Directory Manager

2. Create a new Group, Administrators. You can use the Create Like option.

3. Add your admin user to this group

   
   Description of the illustration image083.gif
   
   

   Now, you should able to start the WebLogic Admin Server.

3.3.2.3 Adding an OAM Single Sign-On Provider

After checking that the default authenticator's control flag is set correctly and that the order of the providers is correct, add an OAM SSO provider and restart all servers.

1. Connect to the WebLogic domain using WLST and run the following command:

   Start WLST.cmd or WLST.sh from <MW_Home>oracle_common\common\bin folder

   Connect ('admin-user','admin-password','t3://localhost:7001')

   addOAMSSOProvider (loginuri="/${app.context}/adfAuthentication",logouturi="/oamsso/logout.html")

2. Exit the tool.

3. Restart all servers.

3.4 Installing Oracle WebGate

Next, you install Oracle WebGate 11.1.1.5.

Oracle HTTP Server WebGate is a web server plug-in that is shipped out-of-the-box with Oracle Access Manager. The Oracle HTTP Server WebGate intercepts HTTP requests from users for web resources and forwards them to the Access Server for authentication and authorization. Oracle HTTP Server WebGate installation packages are found on media and virtual media that is separate from the core components.

Prerequisites

Install Oracle HTTP Server (See Appendix C)

• If you are installing Oracle HTTP Server 11g WebGate for Oracle Access Manager on a Linux or Solaris operating system, you must download and install third-party GCC libraries on your machine.

  You can download the appropriate GCC library from the following third-party website:

  http://gcc.gnu.org/

  Operating System	Architecture	GCC Libraries	Required Library Version
  Linux 64-bit	x64	libgcc_s.so.1 libstdc++.so.6	3.4.6
  Solaris 64-bit	SPARC	libgcc_s.so.1 libstdc++.so.5	3.3.2

  
  

• If you are using Windows 2008 64-bit operating systems, you must install Microsoft Visual C++ 2005 libraries on the machine hosting the Oracle HTTP Server 11g WebGate.

  The libraries are included in the Microsoft Visual C++ 2005 SP1 Redistributable Package (x64), which can be downloaded from the following website:

  http://www.microsoft.com/DownLoads/details.aspx?familyid=EB4EBE2D-33C0-4A47-9DD4-B9A6D7BD44DA&displaylang=en

Use these steps to install Oracle HTTP 11g WebGate.

1. Download and unzip ofm_oam_webgates_generic_11.1.1.5.0_disk1_1of1.zip.

2. Launch the installer:

   • On Windows: setup.exe with Run as administratoroption.

   • On UNIX: ./RunInstaller as a non-root user.

3. Specify JRE/JDK location.

   
   Description of the illustration image084.gif
   
   

4. Click Next on the Welcome page.

   Oracle HTTP WebGate supports Oracle HTTP version 11.1.1.2 or 11.1.1.3. EnterpriseOne configuration supports version 11.1.1.5. See Appendix A to upgrade to Version 11.1.1.5.

5. The installer performs prerequisite checks.

   
   Description of the illustration image085.gif
   
   

   This image shows the prerequisite checks on Linux operating system:

   
   Description of the illustration image086.gif
   
   

6. Specify the Middleware Home and WebGate Home Directory.

   
   Description of the illustration image087.gif
   
   

7. Review the installation Summary.

   
   Description of the illustration image088.gif
   
   

8. Click Install.

   
   Description of the illustration image089.gif
   
   

9. Click Next when the installation is completed.

   
   Description of the illustration image090.gif
   
   

10. Click Finish when the installation is completed.

3.4.1 Post-Installation Steps

You must complete the following steps after installing Oracle HTTP Server 11g WebGate for Oracle Access Manager:

1. Move to the following directory under your Oracle Home for WebGate:

   • On UNIX operating systems:

     <webgate_home>/webgate/ohs/tools/deployWebGate

   • On Windows operating systems:

     <webgate_home>\webgate\ohs\tools\deployWebGate

2. On the command line, run the following command to copy the required bits of agent from the Webgate_Home directory to the WebGate instance location:

   • On UNIX operating systems:

     ./deployWebgateInstance.sh -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home>

     
     Description of the illustration image091.gif
     
     

   • On Windows operating systems:

     deploy WebgateInstance.bat -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home>

     
     Description of the illustration image092.gif
     
     

     Where <Webgate_Oracle_Home> is the directory where you have installed Oracle HTTP Server WebGate and created as the Oracle Home for WebGate.

     For example: <MW_Home>/Oracle_OAMWebGate1

     The <Webgate_Instance_Directory> is the location of WebGate Instance Home, which is same as the Instance Home of Oracle HTTP Server.

     For example: <MW_Home>/Oracle_WT1/instances/instance1/config/OHS/ohs1

3. Run the following command to ensure that the LD_LIBRARY_PATH variable contains <Oracle_Home_for_Oracle_HTTP_Server>/lib:

   • On UNIX operating systems:

     Export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<Oracle_Home_for_Oracle_HTTP_Server>/lib

   • On Windows operating systems:

     Set the <Webgate_Installation_Directory>\webgate\ohs\lib location in the PATH environment variable.

4. From your present working directory, move up one directory level:

   • On UNIX operating systems:

     <webgate_home>/webgate/ohs/tools/setup/InstallTools

   • On Windows operating systems:

     <webgate_home>\webgate\ohs/tools\editHttpConf

5. On the command line, run the following command to copy the apache_webgate.template from the Webgate_Home directory to the Webgate Instance location (renamed to webgate.conf) and update the httpd.conf file to add one line to include the name of webgate.conf:

   • On UNIX operating systems:

     ./EditHttpConf -w <Webgate_Instance_Directory> [-oh <Webgate_Oracle_Home>] [-o <output_file>]

     
     Description of the illustration image093.gif
     
     

   • On Windows operating systems:

     EditHttpConf.exe -w <Webgate_Instance_Directory> [-oh <Webgate_Oracle_Home>] [-o <output_file>]

     
     Description of the illustration image094.gif
     
     

     Note:

     The [-oh <Webgate_Oracle_Home>] and [-o <output_file>] parameters are optional.

6. Verify the updated httpd.conf.

   • The following line is added to the bottom of the file:

     
     Description of the illustration image095.gif
     
     

   Note:

   Do not restart the Oracle HTTP server until the WebGate agent is registered for WebCenter Spaces; errors will continue to display in the command line if the Oracle HTTP server processes are restarted.

3.5 Configuring Oracle HTTP Server for WebCenter Spaces

After you install and configure Oracle HTTP Server and Oracle HTTP WebGate, you configure the Oracle HTTP server for WebCenter Spaces.

Use the following example to configure mod_wl_ohs.conf. Verify that WebLogic port numbers match your configuration.

Description of the illustration image096.gif

After you edit mod_wl_ohs.conf, restart the HTTP server.

Now you can access WebCenter using the HTTP port; for example,

http://denptw21.mlab.jdedwards.com:7777/webcenter

If you added (optional) the domain console and enterprise manager connections, then the HTTP URL will be:

http://denptw21.mlab.jdedwards.com:7777/console

http://denptw21.mlab.jdedwards.com:7777/em

3.6 Registering the WebGate Agent for WebCenter Spaces

You must register the WebGate Agent for WebCenter Spaces.

Prerequisites:

• Install and configure Oracle HTTP Server and WebGate.

• Install and configure OID and OAM Server.

• Install and configure Oracle WebCenter Spaces.

3.6.1 Registering the WebGate Agent

Use these steps to register the WebGate Agent.

1. Open an internet browser and connect to Oracle Access Manager.

2. Open the OAM console.

   http://oamserver:oamport/oamconsole
   

3. Enter the Admin user and Password.

4. Select New OAM 11g Webgate option.

   
   Description of the illustration image097.gif
   
   

5. Enter a WebGate agent name and select the Open security option.

6. Enter your WebCenter URL in Base URL.

   
   Description of the illustration image098.gif
   
   

7. Click Apply to create the agent. Authorization and authentication policies will be created.

   
   Description of the illustration image099.gif
   
   

8. A Host Identifier and an Application Domain is generated as well.

   
   Description of the illustration image100.gif
   
   
   Description of the illustration image101.gif
   
   

9. Create the Resource URL from the Resources option

10. Click the Create button

    
    Description of the illustration image102.gif
    
    

11. Enter the following information:

    • Type = HTTP

    • Host Identifier = Select your Host Identifier

    • Resource URL = /webcenter

    • Protection Level = Protected

    • Authentication Policy = Protected Resource Policy

    • Authorization Policy = Protected Resource Policy

    
    Description of the illustration image103.gif
    
    

12. Repeat the above step and add the resource URL = /console and /em (if you plan to use SSO on the Admin Console and Enterprise Manager.)

13. Double-click the Protected Resource Policy.

    You should see the newly added resources listed.

    
    Description of the illustration image104.gif
    
    

14. Review all registered agents.

15. Select the System Configuration tab.

16. Open the Access Manager Settings section and open the SSO Agents option.

17. Double-click OAM Agents, and then click the Search button.

    The system displays a list of registered agents.

    
    Description of the illustration image105.gif
    
    

18. The agent registration creates a cwallet.sso and ObAccessClient.xml file.

19. Copy these two files to the WebCenter server:

    <MW_HOME>/user_projects/domain/OAMDomain/output/<Agent_name> location

    <MW_Home>Oracle_WT1/instances/instance1/config/OHS/ohs1/webgate/config directory

    A system property tells WebCenter that the application is configured in SSO mode and some special handling is required.

20. To set this property, edit the setDomainEnv.sh (.cmd) script located in your <domain>/bin directory, and add an entry similar to the following at the end of the file:

    EXTRA_JAVA_PROPERTIES="-Doracle.webcenter.spaces.osso=true ${EXTRA_JAVA_PROPERTIES}"

    export EXTRA_JAVA_PROPERTIES

21. After changing the property, restart all the WebCenter Services: Admin Server, WC_Spaces server.

22. Stop and restart the Oracle HTTP server process using OPMN:

    • On Windows, open the Windows Services and stop and restart the Oracle HTTAP server process.

    • On Unix/Linux, go to <MW_Home>/<oid_instance_name>/bin and enter these commands:

      ./opmnctl stopall

      ./opmnctl startall

23. Test your SSO with the WebCenter URL:

    http://denptw21.mlab.jdedwards.com:7777/webcenter
    

    The SSO process switches to the Oracle Access Manager and display the SSO page.

    
    Description of the illustration image106.gif
    
    

24. Log in with your WebCenter user name and password.