Topics:

What is New in Oracle WebCenter Portal on Marketplace

Learn about the new and changed features in Oracle WebCenter Portal on Marketplace.

24.9.1 — September 2024

Feature Description
Exadata Database Service on Dedicated Infrastructure is now supported When configuring the stack, you can now choose an existing Exadata Database Service on Dedicated Infrastructure as the database. For more information, see Provision WebCenter Portal Stack.
OCI vault is now mandated When configuring the stack, you now have to choose existing OCI vaults for storing/fetching OCI KMS secrets. For more information, see Provision WebCenter Portal Stack.
Database Schema Prefix is now mandated When configuring the stack, you now have to specify database schema prefix. For more information, see Provision WebCenter Portal Stack.
Quick Start option A new option called Quick Start is available to quickly provision a WebCenter Portal environment using default values. See Provision WebCenter Portal Stack and Quick Start for WebCenter for more information.
Scale out and scale in WebCenter nodes For WebCenter Portal on Marketplace, you can add or remove nodes from the stack using scripts. See Scale Out and Scale In WebCenter Nodes.

24.8.1 — August 2024

Feature Description
New option to enable authentication using IDCS You can now enable authentication using IDCS as the security provider when configuring the stack. There is a new field to specify the IDCS user name. See Provision WebCenter Portal Stack.
Support to configure OCI Search Service with OpenSearch Support to configure OCI Search Service with OpenSearch v2.x is now available in Oracle WebCenter Portal on marketplace. See Configure OCI Search Service with OpenSearch in Oracle WebCenter Portal.
Patching-related updates The steps to apply a patch have changes. See Apply Patch.
Set Up DNS and SSL Certificate You can set up DNS and SSL Certificate for WebCenter Portal. See Set Up DNS and SSL Certificate for WebCenter.

24.7.1 — July 2024

Feature Description
Integration with OCI Monitoring and Console Dashboard You can integrate Oracle WebCenter on Marketplace with OCI Monitoring and OCI Console Dashboard. See Integrate WebCenter with OCI Monitoring and Console Dashboard.
Patch Tool Oracle WebCenter on Marketplace in OCI provides a patching utility tool to download and apply patches for WebCenter instances. See About the Patch Tool.
Backup and Restore scripts for WebCenter Oracle WebCenter on Marketplace in OCI provides scripts to perform backup and restore operations for WebCenter instances. See Backup and Restore scripts for WebCenter.
New options in Stack Configuration When configuring the stack, you now have options such as OCI Policies, Enable Private Service, Enable Key Management with OCI Vault, and option to specify custom database schema prefix. For more information, see Provision WebCenter Portal Stack.
Options to use existing subnet when provisioning stack You have options to use an existing subnet when provisioning the stack. See Provision WebCenter Portal Stack.
Configuring the vault is now optional You can now specify the secret phrase directly instead of referring from vault.
Updates related to integration with OCI Logging See the latest version of the documentation: Integrating WebCenter Logs with OCI Logging.
Option to use existing file system when provisioning stack You can optionally now use an existing file system when provisioning the stack. See Provision WebCenter Portal Stack.

24.6.1 — June 2024

Feature Description
Object Storage for documents is optional You can choose to store documents in the file system or in Object Storage. See Provision WebCenter Portal Stack.
PDB name You can now specify the PDB name when configuring the database. See Provision WebCenter Portal Stack.
Database Strategy You can now specify the Database Strategy (type of database) such as Database System or Autonomous Transaction Processing Database when configuring the database. See Provision WebCenter Portal Stack.
Integration with OCI Logging You can integrate WebCenter Logs with OCI Logging. See Integrating WebCenter Logs with OCI Logging.

24.5.1 — May 2024

Feature Description
Object Storage for documents Object Storage (a storage provider component) is now available to store documents. See Provision WebCenter Portal Stack.
Configure SAML2 IDCS Single Sign-On in WebCenter Portal You can configure SAML2 IDCS Single Sign-On in WebCenter Portal on marketplace. See Configure SAML2 IDCS Single Sign-On in WebCenter Portal.

Get Started with Oracle WebCenter Portal on Marketplace

Here’s information about Oracle WebCenter Portal on Marketplace that will help you get started:

About Oracle WebCenter Portal on Marketplace

Oracle WebCenter Portal on Marketplace is provided as a VM-based solution on Oracle Cloud Infrastructure.

Oracle WebCenter Portal on Marketplace is available in two types of Marketplace offerings: Paid and BYOL. See About the License for Oracle WebCenter Portal on Marketplace.

Oracle WebCenter Portal on Marketplace helps customers to provision/set up the environment in few clicks and enables to deliver Portal solutions on cloud.

About the License for Oracle WebCenter Portal on Marketplace

Oracle WebCenter Portal on Marketplace is based on Oracle WebCenter Portal 12c (12.2.1.4). Oracle WebCenter Portal on Marketplace is available in two types of Marketplace offerings:

About Roles and User Accounts

Oracle WebCenter Portal on Marketplace uses roles to control access to tasks and resources. A role assigned to a user gives certain privileges to the user.

Access to Oracle WebCenter Portal on Marketplace is based on the roles and users set up for the Oracle Cloud Infrastructure console. You need OCI Administrator role to provision WebCenter Portal.

For information about how to add user accounts in Oracle Cloud, see:

Create and View Oracle WebCenter Portal on Marketplace Instances

The information in this chapter will help you create and view Oracle WebCenter Portal on Marketplace instances.

Before You Begin

Before you begin, you would need to complete the following tasks and prerequisites.

Sign in to Oracle Cloud Infrastructure Console

Complete the following steps to sign in to the Oracle Cloud Infrastructure console.

  1. Go to http://cloud.oracle.com.

  2. Enter your cloud account name and click Next.

  3. Sign in to the Oracle Cloud Infrastructure console:

    • If your cloud account uses identity domains, sign in to the Oracle Cloud Infrastructure console as a user configured in Oracle Cloud Infrastructure Identity and Access Management (IAM).

      Select the domain you normally use to log in to the OCI console.

    • If your cloud account does not use identity domains, sign in to the Oracle Cloud Infrastructure console as a user federated through Oracle Identity Cloud Service.

      Under Single Sign-On (SSO) options, note the identity provider selected in the Identity Provider field and click Continue.

  4. Enter the user name and password provided in the welcome email, and click Sign In. The Oracle Cloud Infrastructure console is shown.

Prerequisites

You'll need to complete the following prerequisites before provisioning the WebCenter Portal stack.

After completing the above prerequisites, you can proceed to provision the WebCenter Portal stack.

Note: WebCenter Content is installed when you provision the WebCenter Portal stack.

System Requirements

You require access to the following services to use Oracle WebCenter Portal on OCI.

Make sure you have the following minimum limits for the services in your Oracle Cloud Infrastructure tenancy, and if necessary, request for an increase of a service limit.

Service Minimum Limit
Identity and Access Management (IAM) Policy 1
Compute Shape VM.Standard.E4.Flex or VM.Standard.E5.Flex 4
Virtual Cloud Network 1
Block Storage 1 TB
Block Volume 50 GB
Vault & Key 1
Secrets 5
Load Balancer Flexible Load Balancer

In Oracle Cloud Infrastructure Vault (formerly known as Key Management), a standard vault is hosted on a hardware security module (HSM) partition with multiple tenants, and it uses a more cost-efficient, key-based metric for billing purposes. A virtual private vault provides greater isolation and performance by allocating a dedicated partition on HSM. Each type of vault has a separate service limit in your Oracle Cloud Infrastructure tenancy. The limit for secrets spans all the vaults.

See Service Limits in the Oracle Cloud Infrastructure documentation.

Generate SSH key pair

See Generate an SSH Key Pair for WebCenter for generating an SSH key pair.

This SSH key pair will be used for connecting to Bastion and Compute instances after stack execution.

Note: This will be used to create DB and WebCenter Portal nodes.

Create a Compartment

If your tenancy does not already include a compartment for your Oracle WebCenter Portal on Marketplace instances, you can create a new one.

Note: To create a compartment, your administrator must first add the following policy for your group: allow group groupName to manage compartments in tenancy

To create a compartment in Oracle Cloud Infrastructure:

  1. Sign in to the Oracle Cloud Infrastructure Console.

  2. Open the navigation menu and click Identity & Security. Under Identity, click Compartments. A list of the existing compartments in your tenancy is displayed.

  3. Click Create Compartment.

  4. Enter the following:

    • Name: Specify a name. For example, wcp-compartment. Restrictions for compartment names are: Maximum 100 characters, including letters, numbers, periods, hyphens, and underscores. The name must be unique across all the compartments in your tenancy.

    • Description: A friendly description.

    • Parent Compartment: Select the parent compartment where you want the new compartment to be created. When the parent compartment is not selected, the new compartment is created under the root compartment.

  5. Click Create Compartment.

  6. Once the compartment is created, if you are not an administrator, ask your administrator to complete the following steps to grant you the permissions needed to perform the required tasks in the compartment:

    Note: You can use any name (wcp-admins, wcp-compartment, and wcp-policy are examples).

    1. Create an IAM group with the user that will do the Marketplace install.

      1. Navigate to Identity & Security, and then Domains.

      2. If not already selected, select the compartment where you’ll install the Marketplace product.

      3. Click the domain where you’ll create the group.

      4. Click Groups.

      5. On the Create group page, provide the following information:

        • Name: wcp-admins
        • Description: Webcenter Portal Administrators
        • Users: Add the user that will do the Marketplace installation.

      6. Click Create.

    2. Create a policy with the permissions to perform the required tasks in the compartment.

      1. Navigate to Identity & Security, and then Policies.

      2. Click Create Policy and provide a name (for example, wcp-policy).

      3. Create a policy with the following statements.

      • allow group wcp-admins to manage instance-family in compartment wcp-compartment

      • allow group wcp-admins to manage virtual-network-family in compartment wcp-compartment

      • allow group wcp-admins to manage volume-family in compartment wcp-compartment

      • allow group wcp-admins to manage load-balancers in compartment wcp-compartment

      • allow group wcp-admins to manage orm-family in compartment wcp-compartment

      where wcp-admins is the group name and wcp-compartment is the compartment name.

Create a Master Key

You'll need to create a master key for the vault.

  1. Sign in to the Oracle Cloud Infrastructure Console.

  2. Open the navigation menu and click Identity & Security and then Vault.

  3. Change the necessary compartment.

  4. Click the already created vault name.

  5. On the left side, click Master Encryption keys and then click Create Key.

  6. Complete the following:

    • Create In Compartment : Name of the selected compartment

    • Protection Mode: Software

    • Name: Specify a name.

    • For remaining fields, retain the default values.

  7. Click Create Key.

Wait for the status to show green.

Create Database

You can follow the below steps to create a new Oracle Database instance (or you can use an existing database too).

Note: Currently, Autonomous Database Serverless - Transaction Processing, Autonomous Database on Dedicated Exadata Infrastructure, Exadata Database Service on Dedicated Infrastructure, and Base Database are supported. For any additional questions, contact the Oracle Support team.

Complete the following to create a new DB service instance:

Create VCN

  1. Log in to OCI Console, navigate to Networking, then to Virtual Cloud Networks.

  2. Click Create VCN via Wizard.

  3. Click Start VCN Wizard.

  4. VCN name: Provide a name.

  5. Compartment: Specify the compartment in which the VCN needs to be created.

  6. VCN IPv4 CIDR block: Specify IPv4 CIDR block (for example, 10.0.0.0/16).

  7. Select the Use DNS hostnames in this VCN check box.

  8. In the Configure public subnet and Configure private subnet sections, specify the correct CIDR blocks and click Next.

  9. Make sure to create the necessary gateways such as Internet gateway, NAT gateway, and Service gateway.

  10. Click Create. The VCN is created.

Create a New Database

Follow the below OCI documentation links for creating OCI Database resources based on the preferred service.

Create IDCS Application

An IDCS confidential application is needed to configure the IDCS security provider in Weblogic domain during provisioning. Follow the below instructions based on whether OCI Tenancy IAM is with Identity Domains or not.

Create an Object Storage Bucket in OCI

Note: The step to create an object storage bucket in OCI is optional. It is only required if you want to enable Object Storage as the default storage for storing documents. If you want to use File System for storing documents, then you don’t need to perform this step.

  1. Sign in to the Oracle Cloud Infrastructure Console.

  2. Click the navigation menu in the upper left corner of the page and click Storage.

  3. Click Buckets.

  4. Confirm that you're in the correct compartment and the correct region.

  5. Click Create Bucket on the "Buckets in <compartment name> Compartment" page.

  6. Provide a value for Bucket Name.

  7. Leave the Default Storage Tier set to Standard.

  8. Leave the Encryption set to Encrypt using Oracle managed keys.

  9. Click Create.

See Object Storage Buckets for more information.

Create a New User API Key

  1. Sign in to the Oracle Cloud Infrastructure Console.

  2. Click on your avatar in the upper-right corner of the page.

  3. Click My profile.

  4. In the Resources menu on the left side of the page, click API Keys.

  5. Click Add API Key.

  6. Download the private key by clicking Download private key. The private key will be added to the vault's secret later.

  7. Click Add.

  8. Click Copy to copy the content of the configuration file which has user OCID and fingerprint as this will be required later. Close the dialog.

Create Vault Secrets

  1. Log in to the OCI console and search for Vault, and then create a vault app.

    1. Click Create Vault.

    2. Select the compartment you created earlier

    3. Provide a name and click Create Vault.

  2. Click the vault app you created earlier. Create a master encryption key by specifying the compartment, protection mode, name, algorithm, length, and so on in the Create Key section.

  3. Click Secrets on the left side and start adding secrets by specifying the compartment, name, key, secret type template, secret contents, and so on in the Create Secret section.

Secret Name Secret Description Comment
wcp-admin-password Secret for WebCenter Portal Admin Password The Secret Contents field should be populated with the Weblogic password value. The password needs to meet the following password policy: The password must be at least 8 alphanumeric characters with at least one number or a special character.
db-system-sys-password Secret for DB System SYS Password SYS user password of DB created in the Create a New Database section should be used in the Secret Contents field.
Required only if chosen database service is Base Database.
db-system-ssh-private-key Secret for DB System SSH private key The Secret Contents field should be populated with the private key value that was used to create DB in the Create a New Database section.
Required only if chosen database service is Base Database.
exadata-db-sys-password Secret for Exadata Database SYS Password SYS user password of Exadata database created in the Create a New Database section should be used in the Secret Contents field.
Required only if chosen database service is Exadata Database Service on Dedicated Infrastructure.
exadata-db-ssh-private-key Secret for Exadata Database SSH private key The Secret Contents field should be populated with the private key value that was used to create DB in the Create a New Database section.
Required only if chosen database service is Exadata Database Service on Dedicated Infrastructure.
atp-db-password Secret for Autonomous Database Admin Password Admin user password of Autonomous database created in the Create a New Database section should be used in the Secret Contents field.
Required only if chosen database service is Autonomous Database Serverless or Autonomous Database on Dedicated Exadata Infrastructure.
idcs-client-secret Secret for IDCS Client secret The Secret Contents field should be populated with the Client Secret value that was noted when the IDCS Confidential App was created in the IDCS section.
wcp-schema-password Secret for WebCenter Portal schema password. The password needs to meet the following password policy:
•The password must start with a letter.
•The password must contain at least two digits.
•The password must contain at least two uppercase letters.
•The password must contain at least two lowercase letters.
•The password must contain at least two special characters from the set [$#_].
•The password must be at least 15 characters long.
Example: OCI#db#456789123
oci-user-private-key Secret for user API private key The Secret Contents field should be populated with the private key value downloaded earlier in the Create a New User API Key section.

Provision WebCenter Portal Stack

You can provision Oracle WebCenter Portal on a Marketplace instance in a selected compartment in Oracle Cloud Infrastructure.

Note
In the Stack Configuration section, you can select the Quick Start check box to quickly provision a WebCenter environment using default values. See Quick Start for WebCenter for more information.

To provision Oracle WebCenter Portal on a Marketplace instance:

  1. Navigate to the WebCenter Portal listing on Marketplace by direct URL or by browsing in Oracle Cloud Infrastructure.

    Using direct URL:

    1. In your browser, enter https://cloudmarketplace.oracle.com/marketplace/en_US/homePage.jspx?tag=WebCenter+Portal.

      The Marketplace listings for WebCenter Portal are displayed.

    2. Click the title of the listing you want to use. The landing page of that listing is displayed.

    3. Click Get App.

    4. Select your Oracle Cloud Infrastructure region and click Sign In.

    5. Sign in to the Oracle Cloud Infrastructure Console.

    By browsing:

    1. Sign in to the Oracle Cloud Infrastructure Console.

    2. Open the navigation menu and click Marketplace. Under Marketplace, click All Applications.

    3. In the Marketplace search field, enter WebCenter Portal. The Marketplace listings for WebCenter Portal are displayed.

    4. Click the title of the listing you want to use and review the information on the Overview page.

  2. Accept the terms and restrictions, and then click Launch Stack. The Create Stack wizard is displayed.

  3. Provide information about the stack for the instance.

    1. Stack information:

      • Enter name and description.

      • Create in Compartment: Select the compartment.

      • Terraform version: Specify the Terraform version and click Next.

    2. Configure variables:

      Stack Configuration

      • Resource Name Prefix: Enter a prefix (for example, WCP). The name of all compute and network resources will begin with this prefix. It must begin with a letter and it can contain only letters or numbers.

      • SSH Public key: Provide the SSH public key (created in Generate SSH key pair).

      • Quick Start: Select this check box to quickly provision a WebCenter Portal environment using default values. See Quick Start for WebCenter for more information.

      • OCI Policies: Select this check box if you need the stack to create policies to provision WebCenter Portal resources, configure Database Network, and read Vault Secrets. Deselecting this option is for Advanced users only. See Configure Dynamic Groups and Policies for Non-Admin Delegated Users for more information.

      • Enable Authentication Using Identity Cloud Service: Select this check box if you need to use Identity Cloud Service (IDCS) as the security provider in WebCenter Content. If not selected, the local Weblogic identity store will be used.

      • Enable Private Service: Select this check box if you need to provision service in private subnet for Fast Connect usage.

      Secrets Key Management

      • OCI Vault compartment: Select the compartment for OCI vault.

      • Use pre-created OCI Vault Secrets: Select this check box if you need to use pre-created KMS Secrets. If not selected, a new KMS secret and KMS encryption key will be created in the given OCI vault. If selected, you need to pre-create vault secrets as mentioned in Create Vault Secrets.

      • OCI Vault to store secrets: Select the OCI vault to store new KMS secret. This option is visible when the Use pre-created OCI Vault Secrets check box is not selected.

      • OCI Vault to fetch secrets: Select the OCI vault to fetch pre-created KMS secrets. This option is visible when the Use pre-created OCI Vault Secrets check box is selected.

      Virtual Cloud Network

      If you're using an existing VCN, complete the following:

      If you need to use a new VCN, then select the Create the Virtual Cloud Network check box and complete the following:

      • Network Compartment: Select the compartment you created earlier.

      • Virtual Cloud Network Name: Specify a name for the new VCN to be created for this service.

      • Virtual Cloud Network CIDR: Specify a CIDR to assign to the new VCN.

      Content Storage

      • Content Storage Strategy: Select a content storage strategy from the drop-down list. The available options are Database, File System, and Object Storage.

        If you selected Object Storage as the content storage strategy, complete the following:

        • Object Storage Compartment: Select the compartment where the bucket was created.

        • Bucket Name: Specify the bucket name which you created earlier.

        • User OCID: This will be pre-populated with the current user's OCID. If you are using a different user for creating the API key, specify the user OCID of that user.

        • Public Key Fingerprint: Specify the fingerprint from the configuration file (that you copied when you created the user API key as part of the prerequisites).

        • OCI User Private Key: Upload the user API private key. This is applicable only if the Use pre-created OCI Vault Secrets check box is not selected.

        • Secret for OCI User Private Key: Select the secret for the user API private key. This is applicable only if the Use pre-created OCI Vault Secrets check box is selected.

      Database

      • Database Strategy: Select the type of database to use for provisioning. The supported databases are: Database System, Autonomous Transaction Processing Database, and Exadata Database.

        If you selected Autonomous Transaction Processing Database as the Database Strategy, then complete the following that are displayed:

        • Select the value for Autonomous Database compartment.

        • Select the value for Autonomous Database.

        • Autonomous Database Admin Password Secret Compartment: Choose the compartment that holds the secret for the Autonomous Database Admin Password.

        • Secret for Autonomous Database Admin Password: Select the secret for Autonomous Database Admin Password.

        If you selected Database System as the Database Strategy, then complete the following that are displayed:

        • Select the value for DB System compartment.

        • Select the value for DB System Instance Name.

        • PDB name: Provide the PDB name of the DB system.

        • DB System PDB User: Leave the value 'sys' as is. Do not change this user name.

        • If you have not selected Use pre-created OCI Vault Secrets, then complete the following that are displayed.

          • DB System Password: Provide the value of DB System password.

          • DB System SSH Private key: Upload the DB System SSH Private key which is created without passphrase.

        • If you selected Use pre-created OCI Vault Secrets, then complete the following that are displayed.

          • Secret for DB System Password: Select the secret for DB system password. When defining the secret key, you must have specified a user-friendly name for each secret. Use the same name here so that it is easy.

          • Secret for DB System SSH Private key: Select the secret for DB System SSH private key.

        If you selected Exadata Database as the Database Strategy, then complete the following that are displayed:

        • Select the value for Exadata Database compartment.

        • Exadata DB Home OCID: Provide the OCID of Exadata DB Home.

        • Select the value for Exadata Database.

        • Exadata Database PDB name: Provide the PDB name of the Exadata database.

        • Exadata Database PDB User: Leave the value 'sys' as is. Do not change this user name.

        • If you have not selected Use pre-created OCI Vault Secrets, then complete the following that are displayed.

          • Exadata Database Password: Provide the value of the PDB user password for the Exadata database.

          • Exadata Database SSH Private key: Upload the Exadata database SSH Private key created without passphrase.

        • If you selected Use pre-created OCI Vault Secrets, then complete the following that are displayed.

          • Exadata Database Password Secret Compartment: Choose the compartment that holds the secret for the Exadata database password.

          • Secret for Exadata Database Password: Select the secret for Exadata database password. When defining the secret key, you must have specified a user-friendly name for each secret. Use the same name here so that it is easy.

          • Exadata Database SSH Private key Secret Compartment: Choose the compartment that holds the secret for the Exadata Database SSH private key.

          • Secret for Exadata Database SSH Private key: Select the secret for Exadata Database SSH private key.

      • Database Schema Strategy: Select the database schema strategy to use for provisioning. The supported schema strategies are: Create New Database Schemas and Use existing Database Schemas. The option Create New Database Schemas will create new database schemas with the given schema prefix. The option Use existing Database Schemas will try to find and use existing database schemas with the given schema prefix and provisioning will fail if database schemas matching the given schema prefix don’t pre-exist.

      • Database Schema Prefix for WebCenter Content: Provide a value for database schema prefix. It should not be longer than 12 characters and should start with a letter followed by uppercase alphabets and numeric characters.

      • Database Schema Prefix for WebCenter Portal: Provide a value for database schema prefix. It should not be longer than 12 characters and should start with a letter followed by uppercase alphabets and numeric characters.

    3. Bastion Instance:

      If you're using an existing VCN, complete the following:

      • Existing Subnet for Bastion Host: Select an existing public subnet to use for a Bastion compute instance.

      • Bastion Host Shape: Select the appropriate Bastion host shape (keep the default value).

    4. WebCenter Portal Compute Instance:

      • Compute Shape: Select the appropriate compute shape.

      • OCPU count: Select the OCPU count. The default value is 2.

      If you're using an existing VCN, complete the following:

      • Existing Subnet for WebCenter Portal Compute Instances: Select an existing subnet to use for WebCenter Portal compute instances.

      • Node Count: Specify the node count. The default value is 2.

    5. WebCenter Content Compute Instance:

      • Compute Shape: Select the appropriate compute shape.

      • OCPU count: Select the OCPU count. The default value is 2.

      • Node Count: Specify the node count. The default value is 2.

    6. File System:

      • Use Existing File System: Select this check box to use an existing File System and Mount Target.

        If selected, you will need to select the compartment and availability domain of the existing File System and provide the File System OCID. The Mount Target must have security rules configured to allow traffic to the chosen VCN CIDR. See Configuring VCN Security Rules for File Storage.

      • File System Compartment: Choose the compartment where the WebCenter Content stack will be created.

      • File System Availability Domain: Select the Availability Domain.

      • Existing Subnet for Mount Target: Select an existing subnet to use for mount target.

    7. Load Balancer:

      If you're using an existing VCN, complete the following:

      • Existing Subnet for Load Balancer: Select an existing subnet to use for the load balancer.

      • Provide the value for Minimum Bandwidth for Flexible Load Balancer.

      • Provide the value for Maximum Bandwidth for Flexible Load Balancer.

    8. Identity Cloud Service Integration:

      • Identity Domain URL: Provide the value for IDCS domain URL.

      • Identity Domain Username: Provide the value for IDCS username who will be configured as the product administrator.

      • Identity Client ID: Provide the value for IDCS Client ID.

      • Identity Client Secret Compartment: Choose the compartment that holds the secret for the IDCS client secret.

      • Secret for the Identity Client Secret: Select the secret for the IDCS client secret.

    9. WebCenter Portal WebLogic Domain Configuration:

      • WebCenter Portal Admin User Name: Leave the value 'weblogic' as is.

      If you have not selected Use pre-created OCI Vault Secrets, then complete the following that are displayed.

      • WebCenter Portal Admin Password: Provide the value for WebCenter Portal Admin password.

      • WebCenter Portal Schema Password: Provide the value for WebCenter Portal Schema password.

      If you have selected Use pre-created OCI Vault Secrets, then complete the following that are displayed.

      • WebCenter Portal Admin Secret Compartment: Choose the compartment that holds the secret for the WebCenter Portal Server administrator password.

      • Secret for WebCenter Portal Admin Password: Select the secret for WebCenter Portal administrator password.

      • WebCenter Portal Schema Password Secret Compartment: Choose the compartment that holds the secret for the WebCenter Portal schema password.

      • Secret for the WebCenter Portal Schema Password: Select the secret for the WebCenter Portal schema password.

Click Next. Review all the configuration variables and then select the Run apply check box under Run apply on the created stack section. Click Create.

If everything goes as expected, then navigate to the WebCenter Portal stack and click the Application Information tab. You'll see all the provisioned end points for the services under sections WebCenter Content Endpoints and WebCenter Portal Endpoints:

To navigate to the WebCenter Portal stack:

If something goes wrong or if for any reason you want to do a clean-up of all the resources that were provisioned as part of the WebCenter Portal deployment, use Destroy Job to do the clean-up.

Additional Steps for Stack Provisioned with a Self-Signed Certificate

If you provisioned the WebCenter Portal stack with a self-signed certificate, then you might encounter issues when trying to upload documents from WebCenter Portal. The upload button might be in a frozen state and will not work, hence the pop-up screen will not be shown. To resolve this issue, complete the following steps.

  1. In the browser, open Developer Tools using Ctrl + Shift + I (Windows) or Option ++ I (Mac) and click the Network tab to see the web traffic.

    Note: For Safari browser, navigate to Settings, Advanced tab, and then to Show features for web developers (Enable) and then press Option ++ C to open Developer Tools and then switch to the Network tab.

  2. Refresh the browser tab in which WebCenter Portal was accessed. Navigate to Home Portal and click the Documents page.

  3. Press Ctrl + Shift + R (Windows) or+Shift + R (Mac) to do a hard refresh. In the web traffic, look for a URL that is similar to

    https://<WebCenter Content host>:16200/cs/idcplg?IdcService=GET_COAO_JS

    For Safari browser, Option ++ R can be used to do a hard refresh.

  4. Copy the URL for GET_COAO_JS IdcService and open it in a new browser tab. Accept the certificate risk to get the response.

  5. Refresh the browser tab in which WebCenter Portal was accessed. Navigate to Home Portal, click the Documents page and click the Upload button to see a pop-up screen for Document Upload in the browser.

    Note: The above steps need to be completed by all users (for each new browser one time) if users need to resolve the specified issue and upload files using WebCenter Portal Documents Upload UI.

    Note: The specified issue with the upload button is not encountered when a CA signed certificate is used.

Troubleshoot

This chapter describes common problems that you might encounter and also provides information that can be helpful with the troubleshooting process.

Issue: Provisioning failed

Description

If you encountered a failure when trying to provision WebCenter Portal, do the following to see the logs which might help in troubleshooting:

  1. Log in to bastion host.

  2. From bastion host perform ssh to wls-1 VM. For example: ssh -I <private key> opc@<IP Address of wls-1 VM>

  3. sudo su – oracle

  4. cd /u01/data/domains/logs

  5. vi provisioning.log

Issue: Documents tool is currently unavailable

Description

If you encounter a failure when trying to use the Documents tool in WebCenter Portal and see a message stating Documents tool is currently unavailable as there is no default content repository connection, then do the following to see the configuration which might help in troubleshooting:

  1. Log in to bastion host.

  2. From the bastion host, perform ssh to wcp-wls-1 VM. For example: ssh -I <private key> opc@<IP Address of wls-1 VM of WebCenter Portal>

  3. sudo su – oracle

  4. Run the wlst.sh script and connect to the Admin server using the command below (after updating the command)

    $ORACLE_HOME/oracle_common/common/bin/wlst.sh
connect('weblogic server user name', '<weblogic server password>', 't3://<VM's private IP>:7001')

  5. Once connected, run the below commands to verify the content server connection information.

    listContentServerConnections(appName='webcenter', verbose=true, server='WC_Portal_server1')
listContentServerProperties(appName='webcenter', server='WC_Portal_server1')

  6. After running the above commands, if you see a text in the output stating Please check whether the content server properties have been set or not. Invalid RIDC connection. Drop and recreate the content server connection wccConnection, then, run the below command in the same WLST session.

    setContentServerProperties(appName='webcenter', portalServerIdentifier='/webcenterPortal1', securityGroup='webcenterPortal1', adminUserName='sysadmin', server='WC_Portal_server1')

  7. Restart all the WebCenter Portal managed servers in a sequential manner using the Oracle WebLogic Server administration console.

Issue: Document upload from WebCenter Portal or WCC UI is not working

Description

If you encountered a failure when trying to upload a document from WebCenter Portal or using WebCenter Content UI, do the following to see the configuration (which might help in troubleshooting):

  1. Log in to WebCenter Content as an administrator.

  2. Navigate to Administration and then to Configuration for wcc****.

  3. Check if Search Engine, Index Engine Name, and Active Index show as:

    Search Engine: ORACLETEXTSEARCH

    Index Engine Name: ORACLETEXTSEARCH

    Active Index: ots1

  4. If Search Engine, Index Engine Name, and Active Index do not show the values specified above, see Provision WebCenter Portal Stack section to configure the full-text search engine.

  5. Navigate to Administration and then to Admin Actions.

  6. Check the state and status for Automatic Update Cycle and Collection Rebuild Cycle. If it does not show the state as Idle and status as Finished, then:

    • Click cancel and wait for sometime.
    • Then, click start and wait till you see Progress Message: Finished indexing.

If you have further issues, raise a support ticket in My Oracle Support and attach logs. You can collect logs using the package logs tool described in Package Logs for Troubleshooting.

Appendix

Configure Elastic Search in Oracle WebCenter Portal

Learn how you can configure Elastic Search to index and search objects in the Marketplace WebCenter Portal instance.

Create a crawl user

  1. Log in to the Oracle WebLogic Server administration console.

  2. Click Security Realm in the Domain Structure pane.

  3. On the Summary of Security Realms page, select the name of the realm (for example, myrealm). Click myrealm.

  4. Click Users and Groups and then the User tab.

  5. Click the New button and add a user by providing a name (for example, wccrawladmin) and a password. Note down the name and password for future use.

Install Elasticsearch and Plug-ins

Elasticsearch can be installed as either a single server set-up or a cluster set-up (with a minimum of three servers).

To install a single server set-up, complete the following steps:

  1. Log in to the WebCenter Portal machine as an Oracle user and run the following commands:

    sudo su - oracle

export JAVA_HOME=/u01/jdk/

export PATH=$JAVA_HOME/bin:$PATH

export ORACLE_HOME=/u01/app/oracle/middleware

unset -f $(env | grep -oP "^BASH_FUNC_\K([^%]*)")

  2. Download the Elasticsearch binary file.

    cd $ORACLE_HOME/wcportal/es/
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.17-linux-x86_64.tar.gz

  3. Edit installES.properties and update the following properties:

    ORACLE_HOME=/u01/app/oracle/middleware
ADMIN_SERVER_HOST_NAME=<VM's private IP address>
ADMIN_SERVER_PORT=7001
WLS_ADMIN_USER=<user name for Weblogic server administration console>
SEARCH_APP_USER=<user name you noted down before in previous steps>
WCP_FMW_CONFIG_LOCATION=/u01/data/domains/wcp_domain/config/fmwconfig
ELASTIC_SEARCH_INSTALLER_LOCATION=elasticsearch-7.17.17-linux-x86_64.tar.gz
ELASTIC_SEARCH_VERSION=7.17.17

  4. Install the elastic search server using the following command:

    $ORACLE_HOME/oracle_common/common/bin/wlst.sh
$ORACLE_HOME/wcportal/es/installES.py
$ORACLE_HOME/wcportal/es/installES.properties <weblogic server password> <search app password you noted down before> <es certificate password you noted down before>

Configure WebCenter Portal for Elasticsearch

To configure WebCenter Portal for search, you need to configure the connection between WebCenter Portal and Elasticsearch, and you need to configure the WebCenter Content crawl user and WebCenter Content administrator in Elasticsearch.

  1. Navigate to your Oracle home directory and invoke the WLST script.

  2. Connect to the Oracle WebCenter Portal domain (WC_Portal) server.

  3. At the WLST command prompt, run the createCred WLST command to configure the WebCenter Content crawl user in Elasticsearch.

    $ORACLE_HOME/oracle_common/common/bin/wlst.sh
connect('weblogic server user name', '<weblogic server password>', 't3://<VM's private IP>:7001')
createCred(map="oracle.es.security", key="content.crawl.credentials", user='<wcc-crawl-user>', password='<wcc-crawl-password>', desc="UCM Crawl User")

    where,

    • wcc-crawl-user is the WebCenter Content crawl user. See Creating a Crawl User in WebCenter Content.

    • wcc-crawl-password is the password of the WebCenter Content crawl user.

    • desc is the description of the WebCenter Content crawl user.

  4. At the WLST command prompt, run the createCred WLST command to configure the WebCenter Content administrator in Elasticsearch.

    createCred(map="oracle.es.security", key="content.admin.credentials", user='<wcc-admin-user>', password='<wcc-admin-password>', desc="WebCenter Content administrator")

  5. At the WLST command prompt, run the createCred WLST command to configure the WebCenter Content crawl user in Elasticsearch.

    $ORACLE_HOME/oracle_common/common/bin/wlst.sh
connect('weblogic server user name', '<weblogic server password>', 't3://<VM's private IP>:7001')
createCred(map="oracle.es.security", key="content.crawl.credentials", user='<wcc-crawl-user>', password='<wcc-crawl-password>', desc="UCM Crawl User")

    where,

    • wcc-admin-user is the WebCenter Content Administrator.

    • wcc-admin-password is the password of the WebCenter Content Administrator.

    • desc is the description of the WebCenter Content Administrator.

  6. Restart the elastic search server using the following commands:

    /u01/app/oracle/esHome/stopElasticsearch.sh
/u01/app/oracle/esHome/startElasticsearch.sh

  7. Navigate to your Oracle home directory and invoke the WLST script to run the following command for creating a search connection.

    $ORACLE_HOME/oracle_common/common/bin/wlst.sh
connect('weblogic server user', '<weblogic server password>', 't3://<VM's private IP>:7001')
createSearchConnection(appName='webcenter',name='webcenter-es', url='http://<wcp-es-machine-ip>:9200', indexAliasName='webcenter_portal', appUser='<search app user you noted down before>, appPassword='<password of search app user you noted down before>', server='WC_Portal_server1')

    where wcp-es-machine-ip is the IP address of the host where elastic search server is installed.

  8. Restart all the Webcenter Portal managed servers.

Create a Portal Crawl Source

To create a crawl source to crawl objects such as lists, page metadata, page content (contents of HTML, text, and styled text components), portals, and profiles:

  1. On the Settings page in WebCenter Portal, click Tools and Services or enter the following URL in your browser to navigate directly to the Tools and Services pages: http://host:port/webcenter/portal/admin/settings/tools

  2. Click the icon for Search to open the Search Settings page.

  3. On the Scheduler tab, select the Portal crawl source and click Edit.

  4. On the Edit Portal Crawl Source page, modify the following source parameters as needed:

    • Maximum number of connection attempts: Maximum number of connection attempts to access the configuration URL. Choose a number from 2 to 10.

    • Configuration URL: URL of the RSS crawl servlet. For example: http://<WebCenter Portal host>:<port>/rsscrawl or http://<WebCenter Portal-VM-IP>:<port>/rsscrawl.

    Note: In case of HTTPS-based URL for WebCenter Portal, it should be a valid domain host with updated DNS entry and CA-signed certificate.

  5. Enter the credentials for the WebCenter Portal crawl administrator.

  6. Click Test to test the connection.

  7. Click Save and Close to save the changes.

Configure OCI Search Service with OpenSearch in Oracle WebCenter Portal

Learn how you can configure OCI Search Service with OpenSearch to index and search objects in the Marketplace WebCenter Portal instance.

Prerequisites

Ensure the following requirements:

  1. Get the OCI tenancy details.

  2. Create the required service policies in the OCI Console, tailoring them to your needs. For example, provide the compartment OCID.

    Note: For new stack creation, the following working policies will be added automatically if the OCI Policies check box is selected.

    The working policies are:

    Allow service opensearch to manage vcns in compartment id <stack-compartment-ocid>
Allow service opensearch to manage vnics in compartment id <stack-compartment-ocid>
Allow service opensearch to use subnets in compartment id <stack-compartment-ocid>
Allow service opensearch to use network-security-groups in compartment id <stack-compartment-ocid>

Create Open Search Cluster

  1. Open the OCI Console navigation menu. Click Databases, OpenSearch, and then click Clusters. Then, choose the stack compartment where you want to create the cluster and click Create cluster.
  2. Provide <stack-name>-cluster as the name.
  3. On the Configure security page, enter a user name (for example, wccrawladmin) and password for example, (Dummypass1#123). Note down the name and password for future use. Click Next.
  4. Choose the cluster sizing, and then click Next.
  5. In the Configure Networking wizard, select the stack VCN you created and then select the Private WebCenter Portal subnet.
  6. Click Next. After the cluster creation, in the Cluster details page, note the API endpoints and the IP addresses which you can alternatively use.

Note: If WebCenter Portal deployment is configured with IDCS SAML SSO, then same search cluster user (for example, wccrawladmin) needs to be created in the IDCS domain used for the stack. For more information about how you can create an IDCS user, see Create IDCS Users.

Update VCN Security Lists

  1. Open the OCI Console navigation menu. Click Networking and then Virtual Cloud Networks.
  2. Change the compartment as your stack compartment and click on your stack-related VCN.
  3. Click on the subnet for the WebCenter compute node typically named as <stack-name>-wcp-subnet.
  4. On the left pane, click Security Lists and add the below rule to the security list for this subnet.
    • Stateless: Leave this deselected.
    • Source Type: CIDR
    • Source CIDR: <stack-vcn-cidr>
    • IP Protocol : TCP
    • Source Port Range: Leave this empty which indicates All
    • Destination Port Range: 9200
    • Description: Ingress rule for open search port

To configure WebCenter Portal for search, complete the following steps:

  1. Log in to bastion host.

  2. From bastion host, perform ssh to WebCenter Content wls-1 VM.

    For example: ssh -I <private key> opc@<IP Address of wcc-wls-1 VM>

  3. sudo su – oracle

  4. Navigate to lcm scripts directory

    cd /u01/scripts/lcm/sh

  5. Run the below command.

    sh configure_open_search_wcc.sh -s <ses-crawler-user> -x <sescrawler-password>

    The following example shows how to run the script.

    sh configure_open_search_wcc.sh -s sescrawler -x welcome1

  6. Log in to bastion host.

  7. From bastion host, perform ssh to WebCenter Portal wls-1 VM.

    For example: ssh -I <private key> opc@<IP Address of wcp-wls-1 VM>

  8. sudo su – oracle

  9. Navigate to lcm scripts directory.

    cd /u01/scripts/lcm/sh

  10. Run the below command.

    Note: ses crawler user and password value should be same as the values used in step 5.

    sh configure_open_search_wcp.sh -u <open-search-cluster-username> -p <open-search-cluster-user-password> -o <open-search-api-endpoint> -s <ses-crawler-user> -x <sescrawler-password>

    The following example shows how to run the script.

    sh configure_open_search_wcp.sh -u wccrawladmin -p Dummypass#123 -o https://amaaaaaadyqfhrqamqmjwmyixdirchld2luer7vtp6xiqg6gzse6w2vn5g5a.opensearch.ca-toronto-1.oci.oraclecloud.com:9200 -s sescrawler -x welcome1

  11. For other optional advanced configurations, see this documentation.

Configure SAML2 IDCS Single Sign-On in WebCenter Portal

Learn to configure SAML2 IDCS Single Sign-On in WebCenter Portal.

Prerequisites

Complete the following before running the configuration script.

Create a WebCenter Portal Stack

A WebCenter Portal stack should have been created from OCI Marketplace on which SAML2 IDCS SSO configuration needs to be configured.

Create an OAuth Client for IDCS

Follow the below instructions based on whether OCI Tenancy IAM is with Identity Domains or not.

Configuration in Stack

A configuration helper script will be available in every stack VM. It can be executed from Admin compute VM or VM-1 (*-wls-1) for WebCenter Portal and WebCenter Content domains.

The script expects the following inputs.

Argument Description
idcs_tenant

IDCS tenant name

For example, if IDCS URL is idcs-abcde.identity.example.com, then IDCS tenant name would be idcs-abcde.
idcs_domain

IDCS domain

For example, if IDCS URL is idcs-abcde.identity.example.com, then IDCS domain would be identity.example.com.
idcs_client Client ID of the OAuth client created in prerequisites
idcs_client_secret Client secret of the OAuth client created in prerequisites
service_host

Service host with DNS record mapped to load balancer IP

For example, wcpstack1.xyz.com, wccstack1.xyz.com.

If service host is not available, a load-balancer IP can be provided here for testing.
idcs_user_name IDCS user who is configured as WebCenter product administrator user
For WebCenter Portal Domain

Complete the following steps to execute the script:

Run the configure sso script for WebCenter Portal domain from VM having a name like <*>-wcp-wls-1 with service host value for WebCenter Portal load balancer DNS host or IP.

ssh -o ProxyCommand="ssh -W %h:%p -i <key> opc@<bastion-ip>" -i <key> opc@<wcp-vm-1-ip>
 
sudo su - oracle
cd /u01/scripts/sh
 
nohup sh configure_sso.sh --idcs_tenant <idcs-tenant> --idcs_domain identity.oraclecloud.com --idcs_client <idcs_client> --idcs_client_secret <idcs_client> --idcs_username <idcs_username> --service_host <wcp_service_host> &

The script execution progress can be monitored from /u01/data/domains/logs/provisioning.log. Once the execution completes without any error, the configuration is completed in the stack environment.

Note: If the configuration was done with load-balancer IP, then the above script needs to be executed again with the service host once the DNS mapping to WebCenter Portal load-balancer IP is created.

For WebCenter Content Domain

Run the configure sso script for WebCenter Content domain from VM having a name like <*>-wcc-wls-1 with service host value for WebCenter Content load balancer DNS host or IP.

ssh -o ProxyCommand="ssh -W %h:%p -i <key> opc@<bastion-ip>" -i <key> opc@<wcc-vm-1-ip>
 
sudo su - oracle
cd /u01/scripts/sh
 
nohup sh configure_sso.sh --idcs_tenant <idcs-tenant> --idcs_domain identity.oraclecloud.com --idcs_client <idcs_client> --idcs_client_secret <idcs_client> --idcs_username <idcs_username> --service_host <wcc_service_host> &

The script execution progress can be monitored from /u01/data/domains/logs/provisioning.log. Once the execution completes without any error, the configuration is completed in the stack environment.

Note: If the configuration was done with load-balancer IP, then the above script needs to be executed again with the service host once the DNS mapping to WebCenter Content load-balancer IP is created.

Configuration in your IDCS Tenant

Once the SAML configuration is completed on WebCenter Portal, SAML applications will be created under Integrated Applications in the IDCS domain. The WebCenter Portal/WebCenter Content role mapping groups (as described in the tables below) are also created.

WebCenter Portal Group Description
WebcenterGroup The admin role is assigned to the system administrator. By default, this role has Admin permission to all security groups and all accounts, and has rights to all the administration tools.
WebCenter Content Groups Description
admin The admin role is assigned to the system administrator. By default, this role has Admin permission to all security groups and all accounts, and has rights to all the administration tools.
contributor The contributor role has Read and Write permissions to the Public security group, which enables users to search for, view, check in, and check out content.
guest The guest role has Read permission to the Public security group, which enables users to search for and view content.
sysmanager The sysmanager role has privileges to access the Admin Server links from the Administration menu in the user interface.

The Admin user is granted membership to the WebcenterGroup/admin group and can be used to access the service.

The SAML applications will be prefixed with the stack service name. Examples: wcp12_wcp_saml, wcp12_wcc_saml.

Add Users to Groups

To add a new user other than the administrator, you would need to add the user to the IDCS WebCenter Portal/WebCenter Content groups based on the permissions required for their usage.

Verification

After the configuration of SAML, verify the WebCenter Portal application URLs and validate that the IDCS SSO log-in is working.

Portal Server: https://<WebCenter Portal service_host|lb_ip>:8888/webcenter/portal

Content Server: https://<WebCenter Content service_host|lb_ip>:16200/cs

Web UI: https://<WebCenter Content service_host|lb_ip>:16225/wcp

Capture: https://<WebCenter Content service_host|lb_ip>:16400/dc-console

Imaging: https://<WebCenter Content service_host|lb_ip>:16000/imaging