Oracle WebCenter Sites can be integrated with Oracle Access Manager (OAM) instead of CAS to make use of its authentication and single sign-on services. If Community-Gadgets is also installed, it must be enabled to communicate with WebCenter Sites through its OAM, as described in this chapter.
This chapter contains the following sections:
Section 24.2, "Enabling Communication with the OAM-Integrated Management WebCenter Sites"
Section 24.3, "Enabling Communication with the OAM-Integrated Production WebCenter Sites"
Before configuring support for communications between Community-Gadgets and OAM-integrated WebCenter Sites, ensure the following:
WebCenter Sites management and production installations are fully functional. Also, WebCenter Sites is (or will be) successfully integrated with OAM.
The Community-Gadgets war
/ear
files have been generated, as described in the Oracle Fusion Middleware WebCenter Sites Installation Guide.
If the above conditions hold, complete the steps in this chapter as follows:
If the management WebCenter Sites is OAM-integrated, complete the steps in Section 24.2, "Enabling Communication with the OAM-Integrated Management WebCenter Sites." Follow up with Section 24.4, "Next Step."
If the production WebCenter Sites is OAM-integrated, complete the steps in Section 24.3, "Enabling Communication with the OAM-Integrated Production WebCenter Sites." Follow up with Section 24.4, "Next Step."
If the management and production WebCenter Sites systems are OAM-integrated, complete the steps in Section 24.2, "Enabling Communication with the OAM-Integrated Management WebCenter Sites" and
Section 24.3, "Enabling Communication with the OAM-Integrated Production WebCenter Sites." Follow up with Section 24.4, "Next Step."
If your management WebCenter Sites is integrated with OAM, complete the steps in this section. This section contains the following topics:
Section 24.2.2, "Configuring Community-Gadgets to Use the OAM-Integrated Management WebCenter Sites"
In this step, you will first add management Community-Gadgets resource definitions to the OAM configuration for the WebCenter Sites management application, and then register the WebLogic managed server (where management Community-Gadgets is deployed) with Oracle HTTP Server.
This section contains the following topics:
Add the management Community-Gadgets resource definitions listed in Table 24-1 to OAM for the WebCenter Sites application domain. For information about how to add resource definitions to OAM, see Section 23.3.2, "Integration Steps."
Note:
In the resource definitions (Table 24-1):Replace <sites-context>
with the context root of the WebCenter Sites web application running on the management system.
Replace <cg-context>
with the context root of the Community-Gadgets application running on the management system.
Replace <shindig-context>
with the context root of the Shindig application running on the management system.
Table 24-1 Management Community-Gadgets Resource Definitions
Resource Definition | Protection Level | Authentication | Authorization |
---|---|---|---|
|
Unprotected |
Public |
All Allowed |
|
Unprotected |
Public |
All Allowed |
|
Protected |
Browser |
All Allowed |
|
Protected |
Browser |
All Allowed |
|
Protected |
Browser |
All Allowed |
|
Protected |
Browser |
All Allowed |
|
Protected |
Browser |
All Allowed |
|
Protected |
Browser |
All Allowed |
|
Excluded |
||
|
Excluded |
||
|
Excluded |
||
|
Excluded |
||
|
Excluded |
||
|
Excluded |
||
|
Excluded |
||
|
Excluded |
||
|
Excluded |
||
|
Excluded |
||
|
Excluded |
Configure Identity Assertion as follows for the authorization policy that is used for the WebCenter Sites application domain:
If a trusted environment is not configured between Oracle WebLogic Server and Oracle HTP Server, select the Identity Assertion check box (shown in Figure 24-1).
Figure 24-1 Authorization Policy: Identity Assertion
If a trusted environment is configured between Oracle WebLogic Server and Oracle HTP Server, leave the Identity Assertion check box deselected.
For information about establishing trust between Oracle WebLogic Server and other entities, see the Oracle Fusion Middleware Application Security Guide.
This step enables Oracle HTTP Server to forward requests to the WebLogic Server managed server instance for the management Community-Gadgets web application.
To register the WebLogic managed server on which the management Community-Gadgets is deployed:
Using a text editor, update the mod_wl_ohs.conf
configuration file that was used during the OAM-WebCenter Sites integration, as follows:
Locate the mod_wl_ohs.conf
file for the Oracle HTTP Server instance, for example:
/u01/software/Apps/OraMiddleware/asinst_1/config/OHS/ohs1/mod_wl_ohs.conf
Add the following block of code to the mod_wl_ohs.conf
file:
<IfModule weblogic_module> <location /{management-community-gadgets-context-root}> SetHandler weblogic-handler WebLogicHost {hostname|IP of WebLogic server where management Community-Gadgets is deployed} WebLogicPort {port of WebLogic server where management Community-Gadgets is deployed} </location></IfModule> <IfModule weblogic_module> <location /{management-shindig-context-root}> SetHandler weblogic-handler WebLogicHost {hostname|IP of WebLogic server where management Shindig is deployed} WebLogicPort {port of WebLogic server where management Shindig is deployed} </location> </IfModule>
Save the file.
Restart Oracle HTTP Server.
To increase the maximum number of sessions:
Log in to the OAM console.
Under System Configuration, click Common Settings.
For the Maximum Number of Sessions per User parameter, click the Up arrow to increase the number to 100
(Figure 24-2).
Figure 24-2 Maximum Number of Sessions Per User
In this step, you will modify the Community-Gadgets configuration to use the management WebCenter Sites application that is integrated with OAM.
Note:
Steps in this section must be completed only on the management Community-Gadgets instance.This section contains the following topics:
Community-Gadgets comes with the following SSO files: wem_sso_config.xml
and oam_wem_sso_config_sample.xml
. By default, Community-Gadgets uses the wem_sso_config.xml
file to communicate with WebCenter Sites. Because the default file is set up to support communications with WebCenter Sites through CAS, you will use the oam_wem_sso_config_sample.xml
file to create the wem_sso_config.xml
file to support communications through the OAM that is integrated with WebCenter Sites. The files contain the following information:
The oam_wem_sso_config_sample.xml
file includes all the required configurations except those specific to environment credentials. Tokens are used in place of environment credentials.
The wem_sso_config.xml
file includes all the required WEM SSO and CAS configurations for Community-Gadgets.
To create and configure the wem_sso_config.xml
file:
Go to the <cg_install_dir>/deploy/management/management_node1
directory, or the directory that was created for your management Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.
Back up the wem_sso_config.xml
file by saving it as wem_sso_config.xml.bak
.
Rename the oam_wem_sso_config_sample.xml
file to wem_sso_config.xml
.
In the new wem_sso_config.xml
file, do the following:
Replace the tokens, which are listed in Table 24-2, with the actual values for OAM.
Table 24-2 Tokens to Be Replaced in wem_sso_config.xml
Token | Description | Example |
---|---|---|
|
Host of Oracle HTTP Server used for proxying requests to WebCenter Sites |
|
|
Port of Oracle HTTP Server used for proxying requests to WebCenter Sites |
|
|
Context root of the WebCenter Sites application |
|
|
Host of the WebLogic managed server on which the |
|
|
Port of the WebLogic managed server on which the |
|
|
Host of the WebLogic managed server on which the OAM application is deployed |
|
|
Port of the WebLogic managed server on which the OAM application is deployed |
|
|
User name with authority to read the WebCenter Sites |
|
|
Above user's password |
|
Note:
In Community-Gadgets, thewem_sso_config.xml
file is configured to work with OAM-integrated WebCenter Sites. This file is similar (however, not the fully identical) to the SSOConfig.xml
file in WebCenter Sites. Generally, the values of the dbUsername
and dbPassword
properties (presented in wem_sso_config.xml
file as {username}
and {password}
tokens) should be identical in wem_sso_config.xml
and SSOConfig.xml
.If you are configuring a trusted environment between Oracle WebLogic Server and Oracle HTP Server, turn off the check for OAM_ASSERTION
to improve performance.
To turn off the check for OAM_ASSERTION
, locate the ssofilter
bean and set the value of the trustConfigured
property to true
.
Save the file.
Completing this section is required only when WebCenter Sites is integrated with OAM after Community-Gadgets is installed. Property files are located in the <cg_install_dir>/deploy/management/management_node1
directory or in the directory that was created for your management Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.
Update the setup_cs.properties
file by updating the value of the widgets.cs.management.attrs.urls
parameters to use {ohs_host)
and {ohs_port}
.
For example:
widgets.cs.management.attrs.urls=http://{ohs_host}:{ohs_port}
Update the setup_cos.properties
file as follows:
Update the widgets.cos.management.attrs.url
parameter to use {ohs_host}
and {ohs_port}
For example:
widgets.cos.management.attrs.url=http://{ohs_host}:{ohs_port}
Update the widgets.gadgets.opensocial.management.attrs.url
parameter to use {ohs_host}
and {ohs_port}
.
For example:
widgets.gadgets.opensocial.management.attrs.url=http://{ohs_host}:{ohs_port}
If your production WebCenter Sites is integrated with OAM, complete the steps in this section. This section contains the following topics:
This section contains the following topics:
Add production Community-Gadgets resource definitions listed in Table 24-3 to OAM for the production WebCenter Sites application domain. For information about how to add resource definitions to OAM, see Section 23.3.2, "Integration Steps."
Note:
In the resource definitions (Table 24-3):Replace <sites-context>
with the context root of the WebCenter Sites web application running on the production system.
Replace <cg-context>
with the context root of the Community-Gadgets application running on the production system.
Configure Identity Assertion as follows for the authorization policy that is used for the WebCenter Sites application domain:
If a trusted environment is not configured between Oracle WebLogic Server and Oracle HTP Server, select the Identity Assertion check box (shown in Figure 24-3).
Figure 24-3 Authorization Policy: Identity Assertion
If a trusted environment is configured between Oracle WebLogic Server and Oracle HTP Server, leave the Identity Assertion check box deselected.
For information about establishing trust between Oracle WebLogic Server and other entities, see the Oracle Fusion Middleware Application Security Guide.
This step enables Oracle HTTP Server to forward requests to the WebLogic Server managed server instance for the production Community-Gadgets web application.
To register the WebLogic managed server on which production Community-Gadgets is deployed
Using a text editor, update the mod_wl_ohs.conf
configuration file that was used during the OAM-WebCenter Sites content management application integration as follows:
Locate the mod_wl_ohs.conf file for the Oracle HTTP Server instance, for example:
/u01/software/Apps/OraMiddleware/asinst_1/config/OHS/ohs1/mod_wl_ohs.conf
Add the following block of code to the mod_wl_ohs.conf
file:
<IfModule weblogic_module> <location /{production-community-gadgets-context-root}> SetHandler weblogic-handler WebLogicHost {hostname|IP of WebLogic server where production Community-Gadgets is deployed} WebLogicPort {port of WebLogic server where production Community-Gadgets is deployed} </location> </IfModule>
Save the file.
Restart Oracle HTTP Server.
This section describes how to modify the Community-Gadgets configuration to use the production WebCenter Sites application which is integrated with OAM.
Note:
Steps in this section must be completed only on the production Community-Gadgets instance if there is no additional note.This section includes the following topics:
Community-Gadgets comes packaged with the wem_sso_config.xml
and oam_wem_sso_config_sample.xml
files. By default, Community-Gadgets uses the wem_sso_config.xml
file to communicate with WebCenter Sites. The default file is configured to support communications with WebCenter Sites through CAS. To support communications through OAM integrated with WebCenter Sites, you will create the wem_sso_config.xml
file from the oam_wem_sso_config_sample.xml
file. The files contain the following information:
The oam_wem_sso_config_sample.xml
file includes all the required configurations except those specific to environment credentials. Tokens are used in place of environment credentials.
The wem_sso_config.xml
file includes all the required WEM SSO and CAS configurations for Community-Gadgets.
To create and configure the wem_sso_config.xml
file:
Go to the <cg_install_dir>/deploy/production/production_node1
directory, or the directory that was created for your production Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.
Back up the wem_sso_config.xml
file by saving it as wem_sso_config.xml.bak
.
Rename the oam_wem_sso_config_sample.xml
file to wem_sso_config.xml
.
In the new wem_sso_config.xml
file, do the following:
Replace the tokens, which are listed in Table 24-4, with actual values for OAM.
Table 24-4 Tokens to Be Replaced in wem_sso_config.xml
Token | Description | Example |
---|---|---|
|
Host of Oracle HTTP Server used for proxying requests to WebCenter Sites |
|
|
Port of Oracle HTTP Server used for proxying requests to WebCenter Sites |
|
|
Context root of the WebCenter Sites application |
|
|
Host of the WebLogic managed server on which the oamtoken application is deployed |
|
|
Port of the WebLogic managed server on which the oamtoken application is deployed |
|
|
Host of the WebLogic managed server on which the OAM application is deployed |
|
|
Port of the WebLogic managed server on which the OAM application is deployed |
|
|
User name with rights to read the WebCenter Sites SystemUser table |
|
|
Password for the user name |
|
Note:
In Community-Gadgets, thewem_sso_config.xml
file is configured to work with OAM-integrated WebCenter Sites. This file is similar (however, not the fully identical) to the SSOConfig.xml
file in WebCenter Sites. Generally, the values of the dbUsername
and dbPassword
properties (presented in wem_sso_config.xml
file as {username}
and {password}
tokens) should be identical in wem_sso_config.xml
and SSOConfig.xml
.If you are configuring a trusted environment between Oracle WebLogic Server and Oracle HTP Server, turn off the check for OAM_ASSERTION
to improve performance. To turn off the check for OAM_ASSERTION
, locate the ssofilter
bean and set the value of the trustConfigured
property to true
.
Save the file.
Perform the procedure described in this section only when WebCenter Sites is integrated with OAM after Community-Gadgets is installed. Property files are located in the <cg_install_dir>/deploy/production/production_node1
directory, or in the directory that was created for your production Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.
In the setup_cs.properties
file, update the value of the widgets.cs.production.attrs.urls
parameters to use {ohs_host}
and {ohs_port}
.
For example:
widgets.cs.production.attrs.urls=http://{ohs_host}:{ohs_port}
Note:
Additionally, repeat step 1 for thesetup_cs.properties
file located in the <cg_install_dir>/deploy/management/management_node1
directory or in the directory which was created for your management Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.In the setup_cos.properties
file, update the value of the widgets.cos.production.attrs.url
parameter to use {ohs_host}
and {ohs_port}
.
For example:
widgets.cos.production.attrs.url=http://{ohs_host}:{ohs_port}
Verify the configurations you have created in this chapter by logging in to the management WebCenter Sites and ensuring that the Community and Gadgets interfaces can be displayed. For instructions, see the Oracle Fusion Middleware WebCenter Sites Installation Guide.