24 Enabling Community-Gadgets to Communicate with OAM-Integrated WebCenter Sites

Oracle WebCenter Sites can be integrated with Oracle Access Manager (OAM) instead of CAS to make use of its authentication and single sign-on services. If Community-Gadgets is also installed, it must be enabled to communicate with WebCenter Sites through its OAM, as described in this chapter.

This chapter contains the following sections:

24.1 Before You Start

Before configuring support for communications between Community-Gadgets and OAM-integrated WebCenter Sites, ensure the following:

If the above conditions hold, complete the steps in this chapter as follows:

24.2 Enabling Communication with the OAM-Integrated Management WebCenter Sites

If your management WebCenter Sites is integrated with OAM, complete the steps in this section. This section contains the following topics:

24.2.1 Updating the Management OAM-WebCenter Sites Configuration to Support Community-Gadgets

In this step, you will first add management Community-Gadgets resource definitions to the OAM configuration for the WebCenter Sites management application, and then register the WebLogic managed server (where management Community-Gadgets is deployed) with Oracle HTTP Server.

This section contains the following topics:

24.2.1.1 Adding the Management Community-Gadgets Resource Definitions to the OAM-WebCenter Sites Configuration

Add the management Community-Gadgets resource definitions listed in Table 24-1 to OAM for the WebCenter Sites application domain. For information about how to add resource definitions to OAM, see Section 23.3.2, "Integration Steps."

Note:

In the resource definitions (Table 24-1):

  • Replace <sites-context> with the context root of the WebCenter Sites web application running on the management system.

  • Replace <cg-context> with the context root of the Community-Gadgets application running on the management system.

  • Replace <shindig-context> with the context root of the Shindig application running on the management system.

Table 24-1 Management Community-Gadgets Resource Definitions

Resource Definition Protection Level Authentication Authorization

/<sites-context>/custom/customCsResolver.jsp

Unprotected

Public

All Allowed

/<cg-context>/rest/sites/.../*

Unprotected

Public

All Allowed

/<cg-context>/rest/.../*

Protected

Browser

All Allowed

/<cg-context>/sso/.../*

Protected

Browser

All Allowed

/<cg-context>/wsdk/.../*

Protected

Browser

All Allowed

/<cg-context>/cachetool/.../*

Protected

Browser

All Allowed

/<cg-context>/admin/registered/.../*

Protected

Browser

All Allowed

/<cg-context>/admin-gadgets/.../*

Protected

Browser

All Allowed

/<cg-context>/wsdk/widget/.../*

Excluded

    

/<cg-context>/wsdk/skin/.../*

Excluded

    

/<cg-context>/incache/.../*

Excluded

    

/<cg-context>/rest/cache/.../*

Excluded

    

/<cg-context>/styles/.../*

Excluded

    

/<cg-context>/images/.../*

Excluded

    

/<cg-context>/wemresources/.../*

Excluded

    

/<cg-context>/admin-gadgets/images/.../*

Excluded

    

/<cg-context>/admin-gadgets/js/.../*

Excluded

    

/<cg-context>/admin-gadgets/styles/.../*

Excluded

    

/<shindig-context>/.../*

Excluded

    

24.2.1.2 Enabling Identity Assertion for the Authorization Policy

Configure Identity Assertion as follows for the authorization policy that is used for the WebCenter Sites application domain:

  • If a trusted environment is not configured between Oracle WebLogic Server and Oracle HTP Server, select the Identity Assertion check box (shown in Figure 24-1).

    Figure 24-1 Authorization Policy: Identity Assertion

    Description of Figure 24-1 follows
    Description of ''Figure 24-1 Authorization Policy: Identity Assertion''

  • If a trusted environment is configured between Oracle WebLogic Server and Oracle HTP Server, leave the Identity Assertion check box deselected.

For information about establishing trust between Oracle WebLogic Server and other entities, see the Oracle Fusion Middleware Application Security Guide.

24.2.1.3 Registering the WebLogic Managed Server for the Management Community-Gadgets with Oracle HTTP Server

This step enables Oracle HTTP Server to forward requests to the WebLogic Server managed server instance for the management Community-Gadgets web application.

To register the WebLogic managed server on which the management Community-Gadgets is deployed:

  1. Using a text editor, update the mod_wl_ohs.conf configuration file that was used during the OAM-WebCenter Sites integration, as follows:

    1. Locate the mod_wl_ohs.conf file for the Oracle HTTP Server instance, for example:

      /u01/software/Apps/OraMiddleware/asinst_1/config/OHS/ohs1/mod_wl_ohs.conf

    2. Add the following block of code to the mod_wl_ohs.conf file:

      <IfModule weblogic_module>
   <location /{management-community-gadgets-context-root}>
          SetHandler weblogic-handler
          WebLogicHost {hostname|IP of WebLogic server where management Community-Gadgets is deployed}
          WebLogicPort {port of WebLogic server where management Community-Gadgets is deployed}
</location></IfModule>

<IfModule weblogic_module>
    <location /{management-shindig-context-root}>
        SetHandler weblogic-handler
        WebLogicHost {hostname|IP of WebLogic server where management Shindig is deployed}
        WebLogicPort {port of WebLogic server where management Shindig is deployed}
    </location>
</IfModule>

    3. Save the file.

  2. Restart Oracle HTTP Server.

24.2.1.4 Increasing Maximum Number of Sessions

To increase the maximum number of sessions:

  1. Log in to the OAM console.

  2. Under System Configuration, click Common Settings.

  3. For the Maximum Number of Sessions per User parameter, click the Up arrow to increase the number to 100 (Figure 24-2).

    Figure 24-2 Maximum Number of Sessions Per User

    Description of Figure 24-2 follows
    Description of ''Figure 24-2 Maximum Number of Sessions Per User''

24.2.2 Configuring Community-Gadgets to Use the OAM-Integrated Management WebCenter Sites

In this step, you will modify the Community-Gadgets configuration to use the management WebCenter Sites application that is integrated with OAM.

Note:

Steps in this section must be completed only on the management Community-Gadgets instance.

This section contains the following topics:

24.2.2.1 Configuring wem_sso_config.xml

Community-Gadgets comes with the following SSO files: wem_sso_config.xml and oam_wem_sso_config_sample.xml. By default, Community-Gadgets uses the wem_sso_config.xml file to communicate with WebCenter Sites. Because the default file is set up to support communications with WebCenter Sites through CAS, you will use the oam_wem_sso_config_sample.xml file to create the wem_sso_config.xml file to support communications through the OAM that is integrated with WebCenter Sites. The files contain the following information:

  • The oam_wem_sso_config_sample.xml file includes all the required configurations except those specific to environment credentials. Tokens are used in place of environment credentials.

  • The wem_sso_config.xml file includes all the required WEM SSO and CAS configurations for Community-Gadgets.

To create and configure the wem_sso_config.xml file:

  1. Go to the <cg_install_dir>/deploy/management/management_node1 directory, or the directory that was created for your management Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.

  2. Back up the wem_sso_config.xml file by saving it as wem_sso_config.xml.bak.

  3. Rename the oam_wem_sso_config_sample.xml file to wem_sso_config.xml.

  4. In the new wem_sso_config.xml file, do the following:

    1. Replace the tokens, which are listed in Table 24-2, with the actual values for OAM.

      Table 24-2 Tokens to Be Replaced in wem_sso_config.xml

      Token Description Example

      {ohs_host}

      Host of Oracle HTTP Server used for proxying requests to WebCenter Sites

      ohs.example.com

      {ohs_port}

      Port of Oracle HTTP Server used for proxying requests to WebCenter Sites

      7777

      {sites_context_root}

      Context root of the WebCenter Sites application

      servlet

      {wl_oamtoken_host}

      Host of the WebLogic managed server on which the oamtoken application is deployed

      oamtoken.example.com

      {wl_oamtoken_port}

      Port of the WebLogic managed server on which the oamtoken application is deployed

      8003

      {wl_oamserver_host}

      Host of the WebLogic managed server on which the OAM application is deployed

      oam.example.com

      {wl_oamserver_port}

      Port of the WebLogic managed server on which the OAM application is deployed

      14100

      {username}

      User name with authority to read the WebCenter Sites SystemUser table

      fwadmin

      {password}

      Above user's password

      xceladmin

      Note:

      In Community-Gadgets, the wem_sso_config.xml file is configured to work with OAM-integrated WebCenter Sites. This file is similar (however, not the fully identical) to the SSOConfig.xml file in WebCenter Sites. Generally, the values of the dbUsername and dbPassword properties (presented in wem_sso_config.xml file as {username} and {password} tokens) should be identical in wem_sso_config.xml and SSOConfig.xml.

    2. If you are configuring a trusted environment between Oracle WebLogic Server and Oracle HTP Server, turn off the check for OAM_ASSERTION to improve performance.

      To turn off the check for OAM_ASSERTION, locate the ssofilter bean and set the value of the trustConfigured property to true.

    3. Save the file.

24.2.2.2 Adding the Oracle HTTP Server Address to Property Files

Completing this section is required only when WebCenter Sites is integrated with OAM after Community-Gadgets is installed. Property files are located in the <cg_install_dir>/deploy/management/management_node1 directory or in the directory that was created for your management Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.

  1. Update the setup_cs.properties file by updating the value of the widgets.cs.management.attrs.urls parameters to use {ohs_host) and {ohs_port}.

    For example:

    widgets.cs.management.attrs.urls=http://{ohs_host}:{ohs_port}

  2. Update the setup_cos.properties file as follows:

    • Update the widgets.cos.management.attrs.url parameter to use {ohs_host} and {ohs_port}

      For example:

      widgets.cos.management.attrs.url=http://{ohs_host}:{ohs_port}

    • Update the widgets.gadgets.opensocial.management.attrs.url parameter to use {ohs_host} and {ohs_port}.

      For example:

      widgets.gadgets.opensocial.management.attrs.url=http://{ohs_host}:{ohs_port}

24.3 Enabling Communication with the OAM-Integrated Production WebCenter Sites

If your production WebCenter Sites is integrated with OAM, complete the steps in this section. This section contains the following topics:

24.3.1 Updating the Production OAM-WebCenter Sites Configuration to Support Community-Gadgets

This section contains the following topics:

24.3.1.1 Adding Production Community-Gadgets Resource Definitions to the OAM-WebCenter Sites Configuration

Add production Community-Gadgets resource definitions listed in Table 24-3 to OAM for the production WebCenter Sites application domain. For information about how to add resource definitions to OAM, see Section 23.3.2, "Integration Steps."

Note:

In the resource definitions (Table 24-3):

  • Replace <sites-context> with the context root of the WebCenter Sites web application running on the production system.

  • Replace <cg-context> with the context root of the Community-Gadgets application running on the production system.

Table 24-3 Production Community-Gadgets Resource Definitions

Resource Definition Protection Level Authentication Authorization

/<sites-context>/custom/customCsResolver.jsp

Unprotected

Public

All Allowed

/<cg-context>/cachetool/.../*

Protected

Browser

All Allowed

24.3.1.2 Enabling Identity Assertion for the Authorization Policy

Configure Identity Assertion as follows for the authorization policy that is used for the WebCenter Sites application domain:

  • If a trusted environment is not configured between Oracle WebLogic Server and Oracle HTP Server, select the Identity Assertion check box (shown in Figure 24-3).

    Figure 24-3 Authorization Policy: Identity Assertion

    Description of Figure 24-3 follows
    Description of ''Figure 24-3 Authorization Policy: Identity Assertion''

  • If a trusted environment is configured between Oracle WebLogic Server and Oracle HTP Server, leave the Identity Assertion check box deselected.

For information about establishing trust between Oracle WebLogic Server and other entities, see the Oracle Fusion Middleware Application Security Guide.

24.3.1.3 Registering the WebLogic Managed Server for the Production Community-Gadgets Application with Oracle HTTP Server

This step enables Oracle HTTP Server to forward requests to the WebLogic Server managed server instance for the production Community-Gadgets web application.

To register the WebLogic managed server on which production Community-Gadgets is deployed

  1. Using a text editor, update the mod_wl_ohs.conf configuration file that was used during the OAM-WebCenter Sites content management application integration as follows:

    1. Locate the mod_wl_ohs.conf file for the Oracle HTTP Server instance, for example:

      /u01/software/Apps/OraMiddleware/asinst_1/config/OHS/ohs1/mod_wl_ohs.conf

    2. Add the following block of code to the mod_wl_ohs.conf file:

      <IfModule weblogic_module>
   <location /{production-community-gadgets-context-root}>
          SetHandler weblogic-handler
          WebLogicHost {hostname|IP of WebLogic server where production Community-Gadgets is deployed}
          WebLogicPort {port of WebLogic server where production Community-Gadgets is deployed}
    </location>
</IfModule>

    3. Save the file.

  2. Restart Oracle HTTP Server.

24.3.2 Configuring Community-Gadgets to Use OAM-Integrated Production WebCenter Sites

This section describes how to modify the Community-Gadgets configuration to use the production WebCenter Sites application which is integrated with OAM.

Note:

Steps in this section must be completed only on the production Community-Gadgets instance if there is no additional note.

This section includes the following topics:

24.3.2.1 Configuring wem_sso_config.xml

Community-Gadgets comes packaged with the wem_sso_config.xml and oam_wem_sso_config_sample.xml files. By default, Community-Gadgets uses the wem_sso_config.xml file to communicate with WebCenter Sites. The default file is configured to support communications with WebCenter Sites through CAS. To support communications through OAM integrated with WebCenter Sites, you will create the wem_sso_config.xml file from the oam_wem_sso_config_sample.xml file. The files contain the following information:

  • The oam_wem_sso_config_sample.xml file includes all the required configurations except those specific to environment credentials. Tokens are used in place of environment credentials.

  • The wem_sso_config.xml file includes all the required WEM SSO and CAS configurations for Community-Gadgets.

To create and configure the wem_sso_config.xml file:

  1. Go to the <cg_install_dir>/deploy/production/production_node1 directory, or the directory that was created for your production Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.

  2. Back up the wem_sso_config.xml file by saving it as wem_sso_config.xml.bak.

  3. Rename the oam_wem_sso_config_sample.xml file to wem_sso_config.xml.

  4. In the new wem_sso_config.xml file, do the following:

    1. Replace the tokens, which are listed in Table 24-4, with actual values for OAM.

      Table 24-4 Tokens to Be Replaced in wem_sso_config.xml

      Token Description Example

      {ohs_host}

      Host of Oracle HTTP Server used for proxying requests to WebCenter Sites

      ohs.example.com

      {ohs_port}

      Port of Oracle HTTP Server used for proxying requests to WebCenter Sites

      9999

      {sites_context_root}

      Context root of the WebCenter Sites application

      servlet

      {wl_oamtoken_host}

      Host of the WebLogic managed server on which the oamtoken application is deployed

      oamtoken.example.com

      {wl_oamtoken_port}

      Port of the WebLogic managed server on which the oamtoken application is deployed

      8005

      {wl_oamserver_host}

      Host of the WebLogic managed server on which the OAM application is deployed

      oam.example.com

      {wl_oamserver_port}

      Port of the WebLogic managed server on which the OAM application is deployed

      14100

      {username}

      User name with rights to read the WebCenter Sites SystemUser table

      fwadmin

      {password}

      Password for the user name

      FW_pAssworD

      Note:

      In Community-Gadgets, the wem_sso_config.xml file is configured to work with OAM-integrated WebCenter Sites. This file is similar (however, not the fully identical) to the SSOConfig.xml file in WebCenter Sites. Generally, the values of the dbUsername and dbPassword properties (presented in wem_sso_config.xml file as {username} and {password} tokens) should be identical in wem_sso_config.xml and SSOConfig.xml.

    2. If you are configuring a trusted environment between Oracle WebLogic Server and Oracle HTP Server, turn off the check for OAM_ASSERTION to improve performance. To turn off the check for OAM_ASSERTION, locate the ssofilter bean and set the value of the trustConfigured property to true.

    3. Save the file.

24.3.2.2 Adding the Oracle HTTP Server Address to Property Files

Perform the procedure described in this section only when WebCenter Sites is integrated with OAM after Community-Gadgets is installed. Property files are located in the <cg_install_dir>/deploy/production/production_node1 directory, or in the directory that was created for your production Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.

  1. In the setup_cs.properties file, update the value of the widgets.cs.production.attrs.urls parameters to use {ohs_host} and {ohs_port}.

    For example:

    widgets.cs.production.attrs.urls=http://{ohs_host}:{ohs_port}

    Note:

    Additionally, repeat step 1 for the setup_cs.properties file located in the <cg_install_dir>/deploy/management/management_node1 directory or in the directory which was created for your management Community-Gadgets during its installation. For information, see the section "Copying Installer-Generated Configuration Files" of the Oracle Fusion Middleware WebCenter Sites Installation Guide.

  2. In the setup_cos.properties file, update the value of the widgets.cos.production.attrs.url parameter to use {ohs_host} and {ohs_port}.

    For example:

    widgets.cos.production.attrs.url=http://{ohs_host}:{ohs_port}

24.4 Next Step

Verify the configurations you have created in this chapter by logging in to the management WebCenter Sites and ensuring that the Community and Gadgets interfaces can be displayed. For instructions, see the Oracle Fusion Middleware WebCenter Sites Installation Guide.