Oracle WebLogic Server Installation Example

A Oracle WebLogic Server Installation Example

There are different ways of installing Oracle WebLogic Server. This topic contains an example to install Oracle WebLogic Server.

This topic contains the following sections that describe software requirements and WebLogic Server installation and configuration:

Installing WebLogic Server

The Advanced Management Console requires Java SE Development Kit 8 Downloads, update 65 or later, and WebLogic Server supported versions 12c R2. See Software Prerequisites and System Requirements for Advanced Management Console Components.

Note:

The version of WebLogic Server as mentioned in Installing the Oracle WebLogic Server in the Oracle Fusion Middleware Installing and Configuring Oracle WebLogic Server and Coherence guide may not be the default one. Ensure to download the correct version.

Setting Up the Environment for WebLogic Server

The Advanced Management Console server initialization web page is not protected and can be accessed by any user.

Note:

This section is based on using Oracle WebLogic Server version 12c R2. Other versions may need different configurations.

To set up the required environment variables for WebLogic Server version 12c R2:

Define the environment variable, JAVA_HOME, and set it to JDK 8.
For example, C:\Java\jdk1.8.0_131.
Run the command, java -jar extracted_jar_file from the Command Prompt (Admin).
For example,
```
java -jar fmw_12.2.1.3.0_wls_quick.jar
```

Creating a WebLogic Server Domain

To create a WebLogic Server domain:

Define JAVA_HOME. See Setting Up the Environment for WebLogic Server.
For a Windows operating system, run the config.cmd file from the WebLogic Server installed directory, %MW_HOME%\oracle_common\common\bin\config.cmd.

For a Linux operating system, run the config.sh file from the WebLogic Server installed directory, %MW_HOME%/oracle_common/common/bin/config.sh.
Ensure that Create a New Domain is selected, and then select the folder for the new domain. The default folder is %MW_HOME%\user_projects\domains\base_domain. The domain name is base_domain, which can be changed.
Click Next.
In the Templates step, select Create Domain Using Product Templates, and then select the Basic WebLogic Server Domain template. Click Next.
In the Administrator Account step, configure the administrative manager admin account. Click Next.
In the Domain Mode and JDK step, click the domain mode option as Production and specify the JDK if it is different from the bootstrap JDK. Click Next.
In the Advanced Configuration step, do not select any of the check boxes for Administration Server, Node Manager, and Managed Servers, Clusters, and Coherence. Click Next.
For all the Views in Deployment, Application, and Service screens, do not change the default folder options.
Click Create to create the domain.
When the Domain Created Successfully message is displayed, select Next.
In the Configuration Success step, click the check box for Start Admin Server to start the server. Click Finish.

In the Advanced Management Console documentation, the directory %MW_HOME%\user_projects\domains\domain1 represents DOMAIN_HOME.

Starting a WebLogic Server Administration Server

To log in to the WebLogic Server administration server:

For a Windows operating system, start the administration server with %DOMAIN_HOME%\startWebLogic.cmd.

For a Linux operating system, start the administration server with %DOMAIN_HOME%/startWebLogic.sh.
If the SSL port is configured for the WebLogic Sever Administration Server, then in the browser, go to the default URL https://localhost:7002/console. Otherwise, in the browser, go to the default URL http://localhost:7001/console.
Use your administrative credentials to log in to the server.

Creating and Configuring a WebLogic Server Managed Server

Domains include a special Oracle WebLogic Server instance called the Administration Server, which is the central point from which you configure and manage all resources in the domain. Typically, you configure a domain to include additional Oracle WebLogic Server instances called Managed Servers.

Follow this example method to create a Managed Server for the WebLogic Server:

Define the environment variable, JAVA_HOME. See Setting Up the Environment for WebLogic Server.
For a Windows operating system, run %DOMAIN_HOME%\bin\setDomainEnv.cmd, which is required to set the environment.

For a Linux operating system, run %DOMAIN_HOME%/bin/setDomainEnv.sh, which is required to set the environment.
For a Windows operating system, start the node manager with %DOMAIN_HOME%\bin\startNodeManager.cmd. If the node manager does not start, then edit %DOMAIN_HOME%\nodemanager\nodemanager.properties and set NativeVersionEnabled=false.

For a Linux operating system, start the node manager with %DOMAIN_HOME%/bin/startNodeManager.sh. If the node manager does not start, then edit %DOMAIN_HOME%/nodemanager/nodemanager.properties and set NativeVersionEnabled=false.
Start the administrative server and log in to the server as described in Starting a WebLogic Server Administration Server.
From the Domain Structure block in the left panel, go to Environment and select Machines. Create a new machine. Enter any unique name in the Name field and then enter the host name (for example, localhost) and server listen port that matches the node manager settings. Click Finish to create the machine.
From the Domain Structure block in the left panel, go to Environment and select Servers. Create a new server. Enter any unique name in the Name field and then enter the host name and server listen port. Ensure that the new server listen port must be unique from the existing Administration Server listen port. Click Finish to create the server.
From the Domain Structure block in the left panel, go to Environment and select Servers. Click the server you created in step 6. In the Configuration tab associate this server to the new machine you created in step 5.
Click the Control tab and then click the check box for the associated server and machine. Then click Start to start the server.
In the browser, go to https://hostname:port and verify that the server is running. The Advanced Management Console uses HTTPS only for communication between the Advanced Management Console server and clients. See Trusted HTTPS Certificate.

Configuring the Corporate LDAP Server

Groups in the corporate LDAP server are used to access AMC.

The following groups should be created in the corporate LDAP server:

cn=groups
- cn=AMCAdminGroup
- cn=AMCDRSGroup
- cn=AMCJICGroup
- cn=AMCReportsGroup

Any user who needs access to AMC (with LDAP integration) should be assigned to at least one or all of the roles listed above. After this is completed, you may have to follow the instructions provided in Configuring LDAP Security Server in WebLogic Server to complete the LDAP integration process. See Using a WebLogic Deployment Plan for Customizing LDAP Group Names if you need to customize the name of the user groups that AMC will access for LDAP authentication.

Using a WebLogic Deployment Plan for Customizing LDAP Group Names

You can create and use a WebLogic deployment plan if you intend to use descriptor values other than default settings during deployment. This enables you to customize the name of user groups that AMC has access to for LDAP.

To create and use a WebLogic deployment plan:

Set the required CLASSPATH by navigating to the wlserver/server/bin folder in your WebLogic installation and running the following script from the command line:

Note:

The CLASSPATH is required to run the PlanGenerator application.
```
setWLSEnv.cmd
```
Generate the deployment plan by navigating to the folder where your amc.ear application is located and running the following command:
```
java weblogic.PlanGenerator -all amc.ear
```
Note:

You might get some unresolved references. That is alright. Just check for these lines at the end
```
“Saving plan to folder\plan.xml.
```
```
Saved configuration for application, amc.ear”
```
This generates the deployment plan based on the amc.ear file.
Customize the required parameters in the plan.xml file.
1. Open the generated plan.xml file in a text editor.
2. In the <variable-definition> section, search for the following variable names and replace each of the corresponding <value xsi:nil="true"> </value> for the variable name with the respective values configured in LDAP server.
  Note:
  
  The XXXX suffix below is a timestamp and can vary.
  - ApplicationSecurityRoleAssignment_admin_PrincipalNames_XXXXX
  - ApplicationSecurityRoleAssignment_reports_PrincipalNames_XXXX
  - ApplicationSecurityRoleAssignment_drs_PrincipalNames_XXXX
  - ApplicationSecurityRoleAssignment_jic_PrincipalNames_XXXX
  For example, if your LDAP server group names are app_AMCAdminGroup, app_AMCDRSGroup, app_AMCJICGroup, app_AMCReportsGroup then after change they should look like this
```
<variable>
<name>ApplicationSecurityRoleAssignment_admin_PrincipalNames_XXXXX</name>
<value>app_AMCAdminGroup</value>
</variable>

<variable>
<name>ApplicationSecurityRoleAssignment_drs_PrincipalNames_XXXXX</name>
<value>app_AMCDRSGroup</value>
</variable>

<variable>
<name>ApplicationSecurityRoleAssignment_jic_PrincipalNames_XXXXX</name>
<value>app_AMCJICGroup</value>
</variable>

<variable>
<name>ApplicationSecurityRoleAssignment_reports_PrincipalNames_XXXXX</name>
<value>app_AMCReportsGroup</value>
</variable>
```
3. In the <module-override> section, search for the variable names listed in step b and add the line<operation>replace</operation>.
  For example, a section should look like this before adding the line:
```
<variable-assignment>
    <name>ApplicationSecurityRoleAssignment_admin_PrincipalNames_XXXXX</name>
    <xpath>/weblogic-application/security/security-role-assignment/[role-name="admin"]/principal-name</xpath>
</variable-assignment>
```
  After adding the line<operation>replace</operation> , the section would look like this:
```
<variable-assignment>
    <name>ApplicationSecurityRoleAssignment_admin_PrincipalNames_XXXXX</name>
    <xpath>/weblogic-application/security/security-role-assignment/[role-name="admin"]/principal-name</xpath>
    <operation>replace</operation>
</variable-assignment>
```
4. Repeat step c for the variable assignments in _drs, _jic, and _reports.
Deploy the customized plan.
1. Open the WebLogic administration console.
2. Under Domain Structure, click Deployments.
3. Select the checkbox for the "JavaAMC" application, and click the Update button.
4. Click the Change Path button associated with the Deployment plan path.
5. Select the radio button for the new plan.xml file, and click Next.
6. Select the radio button “Redeploy this application using the following deployment files” and then click Finish.
Verify that the success message is displayed at the top of console. The message should be similar to:
```
All changes have been activated. No restarts are necessary.
Message icon - Success Selected Deployments were updated.
```

You can read more about creating and applying the WebLogic Deployment Plan in the following links:

https://www.oracle.com/webfolder/technetwork/tutorials/obe/fmw/wls/12c/09-DeployPlan--4464/deployplan.htm

https://docs.oracle.com/cd/E24329_01/web.1211/e24443/

Configuring LDAP Security Server in WebLogic Server

You can configure your Oracle WebLogic server to connect to Lightweight Directory Access Protocol (LDAP) server, so that the Advanced Management Console can communicate with the WebLogic Server, without having to connect to the LDAP

This topic contains sample instructions to configure the LDAP security provider in the WebLogic server, so that the WebLogic server gets connected to the LDAP server. The type of LDAP being configured in this example is OpenLDAP. This means OpenLDAP (external provider) server runs on localhost or on a remote server. If a different type of LDAP server is used, then there are chances of these instructions varying.

To configure WebLogic server to connect to the LDAP server:

Add a new security provider in the WebLogic server:
1. Log in to WebLogic server admin console.
2. Click Domain, and select Security realms, and then myrealm.
3. Click Providers tab and then select New.
4. Enter a name for the new provider, for example, LDAP.
5. Set Provider Type to LDAPAuthenticator.
6. Click Save.
  A Provider is created.
Configure the provider:
1. Select the Provider that you just created.
2. Click Provider Specific tab.
3. Enter the following details in the following sections:
  Note that these are sample values only. You need to enter these values, based on the values configured on the LDAP server. Therefore, these values vary based on how the LDAP is set up.
- Connection section:
  - Host: localhost
  - Port: <portnumber>
  - Principal: cn=admin,dc=oracle,dc=com
  - Credential: welcome0
- Users section:
  - User Base DN: cn=users,ou=amc,dc=oracle,dc=com
    
    Note:
    This value is based on the configuration of the LDAP server. You can set other values for the User Base DN field based on the LDAP server configuration.
  - All Users Filter: (objectclass=person)
  - User Name Attribute: uid
  - User Object Class: person
- Groups section:
  - Group Base DB: cn=groups,ou=amc,dc=oracle,dc=com
    
    Note:
    This value is based on the configuration of the LDAP server. You can set other values for the User Base DN field based on the LDAP server configuration.
  - All Groups Filter: (objectclass=groupOfNames)
  - Group From Name Filter: (&(cn=%g)(objectclass=groupOfNames))
- Static Groups section:
  - Static Group Name Attribute: cn
  - Static Group Object Class: groupOfNames
  - Static member DN attribute: member
  - Static Group DNs from Member DN Filter: (&(member=%M)(objectclass=groupOfNames))
Click Save.
Restart the Admin server as well as all the managed servers.
Login to the Advanced Management Console UI, and click the User sub tab in the Configuration tab and ensure that the Enable Container based authentication checkbox is selected. By default, you aren't authenticated by the external LDAP server. If you want to enable the LDAP authenticatation, then you need to enable it by selecting the checkbox.