See the following topics for additional Oracle WebCenter Content configuration steps.
Converting Vector Graphics and Spreadsheet Text in UNIX
Dynamic Converter requires access to a running X-Server in UNIX in order to convert vector graphics and to properly measure text that spans multiple columns in spreadsheets.
Access to a running X-server is required only if the OIT internal rendering engine is not used because of either of the following reasons:
The Use X-Windows for Rasterization option is checked on the Dynamic Converter configuration page.
The OIT internal rendering engine isn't supported on the platform being used.
The internal OIT rendering engine is supported in Linux, Solaris Sparc, AIX, and HP-UX RISC.
Setting up Fonts on a UNIX System
On a UNIX operating system, you need to make sure TrueType fonts are set up for Imaging, Inbound Refinery, and WebCenter Content Dynamic Converter. If you are using a language other than English, you also need to set up fonts for national language support.
Setting Up TrueType Fonts on a UNIX System
For Imaging and WebCenter Content Dynamic Converter to work best on a UNIX operating system, you can set up TrueType fonts on the machine where Imaging, Inbound Refinery, or the Dynamic Converter is running. If these fonts are not available on your system, you need to install them. Inbound Refinery and Content Server default to the TrueType fonts in the JRE, at JAVA_HOME/lib/fonts.
Some standard font locations on different UNIX platforms follow:
- Sign in to Inbound Refinery.
- Select Conversion Settings, then Third-Party Application Settings, and then General OutsideIn Filter Options.
- Click Options
- Enter the path to the TrueType fonts in the Path to fonts field. For example,
- Click Update.
Installing Fonts for National Language Support on a UNIX System
For languages other than English, the following installation steps need to be done on a UNIX operating system before you start a Managed Server:
/jre/lib/fontsdirectory in the Sun JDK installation directory for the Middleware home
/jre/lib/fontsdirectory in the Oracle JRockit JDK directory for the Middleware home.
Reassociating the Identity Store with an External LDAP Authentication Provider
In a production system, Oracle WebCenter Content applications need to use an external Lightweight Directory Application Protocol (LDAP) authentication provider rather than the Oracle WebLogic Server embedded LDAP server, which is part of the default configuration. You need to reassociate the identity store for your application with one of the following external LDAP authentication providers before you complete the configuration of a Managed Server, before you connect a Managed Server to a repository, and before the first user logs in to the application:
Oracle Internet Directory
Oracle Virtual Directory
Oracle Unified Directory
Third-party LDAP server
For an Imaging application, the user who logs in first to an Imaging Managed Server is provisioned with full security throughout the server. It is easier to reassociate the identity store for Imaging with an external LDAP authentication provider before the first user logs in, completes the configuration of the Imaging Managed Server, and connects it to the Oracle WebCenter Content repository.
For a production installation, Oracle Internet Directory (OID) or Oracle Database 11g is required for using Oracle WebCenter Enterprise Capture because Capture uses Oracle Platform Security Services (OPSS), which works only with Oracle Database for its schema.
For an AXF for BPM application, before you can access the AXF Solution Administration page, you need to set up an axfadmin group in the external LDAP authentication provider and assign the AXF users you want to the group.
For an Oracle IRM application , the Oracle IRM domain gets created the first time a user logs in to the Oracle IRM Management Console. An Oracle IRM domain is different from an Oracle WebLogic Server domain. The first user who logs in to the console is made the domain administrator for the Oracle IRM domain. Before you migrate user data for Oracle IRM, the users need to be in the target LDAP identity store. If you do not reassociate the identity store with an external LDAP authentication provider before the first user logs in to the Oracle IRM console, the general process for reassociating Oracle IRM users and migrating data follows:
Back up existing data with the
Reassociate the identity store with an external LDAP directory.
Verify that all users and groups exist in target LDAP identity store
Migrate data with the
Reassociating the Identity Store with Oracle Internet Directory
You can reassociate the identity store for an Oracle WebLogic Server domain with Oracle Internet Directory and migrate users from the embedded LDAP directory to Oracle Internet Directory. The following procedure describes how to reassociate the identity store with Oracle Internet Directory.
You can use a similar procedure to reassociate the identity store with other LDAP authentication providers. Each provider has a specific authenticator type, and only that type should be configured.
|LDAP Authentication Provider||Authentication Type|
Directory Server Enterprise Edition (DSEE)
Oracle Internet Directory
Oracle Virtual Directory
Oracle Unified Directory
- Ensure that there is no user in Oracle Internet Directory with the same name as the administrator of the Oracle WebLogic Server domain, which is weblogic by default.
- Set the embedded LDAP provider to SUFFICIENT.
- For Oracle IRM, sign in to the management console as a user from Oracle Internet Directory, to be the Oracle IRM domain administrator.Do not sign in to the management console with the user name of the Oracle WebLogic Server domain administrator. The Oracle recommendation is to not use the weblogic user account as the Oracle IRM administrator user account. If you use a different account for the Oracle IRM domain administrator, you can use the Oracle WebLogic Server domain administrator, weblogic by default, to start and stop Oracle WebLogic Server as well as to alter server settings. If you have a problem with Oracle Internet Directory, you will not need to fix it before you can do maintenance on Oracle WebLogic Server.
- For an Oracle IRM Managed Server, if a user has already signed in to the Oracle IRM Management Console, you need to run the WebLogic Scripting Tool (WLST) setIRMExportFolder command before identity store reassociation.Use this command to set an export folder for exporting the user and group details referenced by Oracle IRM, which uses the export folder path to decide where to write out the user and group details. The Oracle IRM Managed Server must have write access to the folder path. The export folder must exist before you run the setIRMExportFolder command.The following example sets /user/irm-data as the export folder:
cd WCC_ORACLE_HOME/common/bin ./wlst.sh > connect('weblogic', 'password', 't3://adminServerHost:adminServerPort') > setIRMExportFolder('/user/irm-data')
In the example, adminServerHost is the host name and adminServerPort is the port number for the Administration Server of the Oracle WebLogic Server domain.
Note:If SSL is enabled, before you use WLST to connect to the Administration Server, you must either append the following parameters to the JVM_ARGS section of the wlst.sh file or set them in the CONFIG_JVM_ARGS environment variable:
KeyStoreName is the name of the keystore in use (DemoTrust for the built-in demonstration certificate). The wlst.sh file is in the bin subdirectory of the common directory in the WebCenter Content Oracle home directory.
After the Oracle IRM Managed Server picks up this configuration change, normally right away, it will write out a series of XML documents in the export folder. This process is complete when a folder named accounts appears under the export folder. The accounts folder will contain one or more folders named batchXXX, with each batch folder containing a set of XML documents that include the user and group details. For example:
/user /irm-data /accounts /batch1 user1.xml user2.xml group1.xml
The batch folders are used to ensure that the operating system limit of the maximum number of files in a folder is not exceeded.
After this process is complete, reset the export folder:
This reset ensures that Oracle IRM does not perform any further data exporting when the Managed Server restarts.
- Configure the Oracle Internet Directory authentication provider:
- Start the Administration Server for your Oracle WebLogic Server domain.
- Sign in to the Oracle WebLogic Server Administration Console as the domain administrator user, at this URL:
- Under Domain Structure on the left, select Security Realms.
- In the Realms table on the Summary of Security Realms page, click myrealm in the Name column to open the Settings for myrealm page.
- Click the Providers tab, and then click New under the Authentication Providers table on the Authentication tab.
- In the Create a new Authentication Provider dialog box, enter a provider name in the Name field, change the type to OracleInternetDirectoryAuthenticator, and then click OK.
- In the Authentication Providers table, click Reorder, move the provider you just created to the top of the list, and then click OK
- Click DefaultAuthenticator, change the Control Flag value to OPTIONAL, and then click Save
- Click Providers in the breadcrumb trail along the top of the page to navigate back to the Providers tab.
- Click the name of the authentication provider you just created to navigate to the Configuration tab for the provider. On the Common tab, change the Control Flag value to SUFFICIENT, and then click Save. SUFFICIENT means that if a user can be authenticated against Oracle Internet Directory, no further authentication is processed.REQUIRED means that the authentication provider must succeed even if another provider already authenticated the user. If the embedded LDAP has been set to OPTIONAL and Oracle Internet Directory has been set to REQUIRED, the embedded LDAP user is no longer valid.
- Click the Provider Specific tab. Set Provider Specific values in the following fields, and leave default values in the other fields:- Host: The host name or IP address of the LDAP server.- Port: The Oracle Internet Directory Port, 389 by default.- Principal: The Distinguished Name (DN) of the LDAP user that Oracle WebLogic Server should use to connect to the LDAP server; for example
cn=orcladmin- Credential: The credential used to connect to the LDAP server (usually a password)- Confirm Credential: The same value as for the Credential field.- User Base DN: The base distinguished name (DN) of the tree in the LDAP directory that contains users; for example
cn=users,dc=example,dc=com. In Oracle Internet Directory, this is the value of the User Search Base attribute, which you can look up in the OIDDAS administration dialog.- Use Retrieved User Name as Principal: Specifies whether or not the user name retrieved from the LDAP server should be used as the Principal value. Select this attribute for Oracle IRM.— Group Base DN: The base distinguished name (DN) of the tree in the LDAP directory that contains groups; for example:
cn=groups,dc=example,dc=com. In Oracle Internet Directory, this is the value of the Group Search Base attribute, which you can look up in the OIDDAS administration dialog.Note: Use an exact DN rather than a top-level DN. Using a top-level DN would provide access to all the default users and groups under the DN, giving access to more users than required by the application.- Propagate Cause For Login Exception: Propagates exceptions thrown by Oracle Internet Directory, like password expired exceptions, to Oracle WebLogic Server so they show in the console and the logs. For Oracle IRM, select this attribute in the General area of the tab.
- Click Save.
- Restart the Administration Server.Note: Authentication providers in an Oracle WebLogic Server domain are chained. This means that user authentication needs to run successfully through all authentication providers. With the Control Flag value set to OPTIONAL for the default provider, it is allowed to fail without a server startup or user authentication failure.
- After the server is up again, sign in to the Administration Console again, and click Security Realms under Domain Structure.
- In the Realms table on the Summary of Security Realms page, click myrealm in the Name column to open the Settings for myrealm page.
- Click the Users and Groups tab to see a list of users contained in the configured authentication providers, on the Users subtab, and then click the Groups subtab to see a list of groups. You should see user names from the Oracle Internet Directory configuration, which implicitly verifies that the configuration is working
- Check that you have switched the security provider successfully, with either or both of these basic tests:
- For an Oracle IRM Managed Server, if a user has already signed in to the Oracle IRM Management Console, you need to run the setIRMImportFolder WLST command after identity store reassociation. Use this command to set the import folder to point to the export folder that was set before identity store reassociation.Note: take a backup of the export folder before performing the import process because the import process deletes the contents of the folder during successful processing of the user and group details.This operation should be performed with only one Managed Server running a deployed Oracle IRM application, to ensure that only one Managed Server performs the user and group processing. After the import process is complete, all Managed Servers running the Oracle IRM application can be started. The following example sets /user/irm-data as the import folder:
cd WCC_ORACLE_HOME/common/bin ./wlst.sh > connect('weblogic', 'password', 't3://adminServerHost:adminServerPort') > setIRMImportFolder('/user/irm-data')After the Oracle IRM Managed Server picks up this configuration change, it will read the contents of the folder and update the global user ID (GUID) values in the Oracle IRM system to reflect the values in the new identity store. When a user or group has been processed, the import process deletes the corresponding XML file. After the import process is complete, the import folder will be empty:
/user /irm-dataIf an error occurs during the processing of a user or group, the import process writes the error to a file that matches the user or group name. For example, if the user details in user1.xml cause an error during processing, the import process writes the error details to the file user1.xml.fail:
/user /irm-data /accounts /batch1 user1.xml user1.xml.failIf you can fix the error, then rerun the setIRMImportFolder WLST command to rerun the import process. For example, if user or group processing fails because the user or group does not exist in the new identity store, adding the user or group to Oracle Internet Directory will fix the error, and you can rerun the import process:
connect('weblogic', 'password', 'adminServerHost:adminServerPort') > setIRMImportFolder('/user/irm-data')After this process is complete, reset the import folder:
setIRMImportFolder('')This reset ensures that Oracle IRM does not perform any further data importing when the Managed Server restarts.After the reassociation of the identity store, users in Oracle Internet Directory have the same rights that their namesakes had in the Oracle WebLogic Server embedded LDAP server before the migration of user data. For example, if a user existed in the embedded LDAP server before the migration with the user name weblogic and an Oracle IRM role of Domain Administrator, then, after migration, the user in Oracle Internet Directory with the user name weblogic would have the Oracle IRM role of Domain Administrator.
Configuring OracleTextSearch for Content Server
If you have a license to use OracleTextSearch (with Oracle Database 11g), then you can configure it to use Oracle Text 11g as the primary full-text search engine for WebCenter Content. Oracle Text 11g offers state-of-the-art indexing capabilities and provides the underlying search capabilities for Oracle Secure Enterprise Search (Oracle SES). To search auxiliary metadata in Oracle WebCenter Content: Records with Oracle Text 11g, you must configure it to use OracleTextSearch as the search engine.
If you have a license to use Oracle SES, you can configure it for use with OracleTextSearch on WebCenter Content and configure Content Server to use Oracle SES as its back-end search engine.
OracleTextSearch enables administrators to specify certain metadata fields to be optimized for the search index as well as to customize additional fields. OracleTextSearch also enables a fast index rebuild and index optimization.
You can set OracleTextSearch on the WebCenter Content postinstallation configuration page.
- Select Internal or External in the FullText Search Option field.
- If you selected the External option, provide the name of the external data source in the External DataSource field.
Creating a Search Schema and Configuring an External Data Source
You might want to use an external data source so you can put the search engine on another system or in another database. Before you can use an external data source with OracleTextSearch, you need to create a search schema in a database other than the system database and configure the data source.
- Run RCU to create a search schema (prefix_OCSSEARCH in the database where you want the search engine,
- Create a JDBC data source that points to the search schema. You can use the Administration Console, WebLogic Scripting Tool Command, or Fusion Middleware Control to create a data source.
- Use the Administration Console to target the data source to the WebCenter Content Managed Server (UCM_server1 by default).
OracleTextSearchon the configuration page for Content Server or you want to change the configuration, you can configure this search option in the
DomainHome/ucm/cs/config/config.cfgconfiguration file for the Content Server instance. After changing the search option, you need to restart Content Server and rebuild the search index.
Note:If you plan to use the WebCenter Content user interface), you may want to optimize the
dOriginalNamefield for the search index. The WebCenter Content user interface leverages the file name as its primary identifier presented in the interface. You can sort presentations by file name, which is the value of the
dOriginalNamefield in Content Server.
By default, Content Server configures only the document title (
dDocTitle) as a field available for searching and sorting. The WebCenter Content user interface, by default, does not use document titles in its displays.
The process of enabling
dOriginalName as a new search or sort field requires a full rebuild of the fulltext index.
Configuring OracleTextSearch for Content Server in a Configuration File
If you did not configure OracleTextSearch on the configuration page for Content Server or you want to change the configuration, you can configure this search option in the DomainHome/ucm/cs/config/config.cfg configuration file for the Content Server instance.
- Open the DomainHome/ucm/cs/config/config.cfg file for the Content Server instance in a text editor.
- Set the following values:
You can specify a separate Oracle Database as the value of IndexerDatabaseProviderName, instead of SystemDatabase. The driver jar ojdbc6.jar is provided by Oracle in the MW_HOME/wlserver_10.3/server/lib directory. Before Oracle Text Search can function properly with the separate Oracle Database, however, you need to manually copy the ojdbc6.jar file from the MW_HOME/wlserver_10.3/server/lib directory to the DomainHome/lib directory.
OracleTextSearch requires a JDBC driver version of 10.2.0.4 or higher. The component will not work with older JDBC driver versions.
- Save the file.
- Restart Content Server.
- Rebuild the search index using the Indexer tab of the Repository Manager, located under Administration, in Admin Applets.
Extracting and Running the Installation File for Desktop Client Software
After Oracle WebCenter Content is installed, you can use the
desktop_content_setup.exe command with the
/export parameter to extract the Desktop installer files:
desktop_content_setup.exe /export [path]/existing_extraction_directory/
You can specify an existing directory to extract the files into. If you omit the directory from the command, it extracts the files into the current directory.
Note:If you have an earlier version of Desktop installed, uninstall it before you proceed with the installation.
The desktop_content_setup.exe command extracts three files:
To install Desktop on a client system, use only one of the MSI files in the Desktop installer command. The Desktop client software installers support a number of custom installation options that can help system administrators roll out the software:
Using Command-Line Parameters for Automation
You can use several command-line parameters to automate part of the installation process. If you need to pass any public property to MSI through desktop_content_setup.exe, you can do that with the following command:
desktop_content_setup.exe /msi ONE_PUBLIC_PROPERTY=public_property_value
The Desktop installer provides a number of command-line options to disable specific software integrations. If the installer detects that an integration can be applied to existing software on the computer (Microsoft Word, PowerPoint, Excel, and so on), it usually will automatically attempt to install an integration. To prevent an integration from being installed for a specific software product, you can disable that integration using one of these command-line switches:
Performing Silent Roll-Outs
The Desktop installer enables an administrator to roll out the Desktop client software to multiple client machines with the help of third-party tools such as SMS or netOctopus, which are capable of executing one executable on many machines. The installer for the Desktop client software supports a silent installation option that you can configure with SMS.
desktop_content_setup.exe /s UI=user_interface_level
In the command, user_interface_level can be 1, 2, 3, or 4:.
1: No user interface during install.
2: Displays only a progress bar during install.
3: Presents an install screen with different dialog boxes but doesn’t require user input to run.
4: Runs a fully interactive installer requiring user input.
For example, to silently and selectively disable installing Outlook, PowerPoint, and Lotus Notes, the command would be as follows:
desktop_content_setup.exe /s UI=1 /msi OUTLOOK=0 POWERPOINT=0 NOTES=0
You will also need to add the
MSIRESTARTMANAGERCONTROL=Disable properties to prevent reboots and to prevent any dialogs asking to shut down applications. For example:
desktop_content_setup.exe /s UI=2 /msi OUTLOOK=0 POWERPOINT=0 NOTES=0 REBOOT=ReallySuppress MSIRESTARTMANAGERCONTROL=Disable
with the MSI files. For example:
start /wait msiexec /i contentdesktop_x64.msi OUTLOOK=0 WORD=0 EXCEL=0 POWERPOINT=0 NOTES=0 REBOOT=ReallySuppress MSIRESTARTMANAGERCONTROL=Disable /l*v DISUpgrade_x64.log /qn
Configuring Content Server Connections Through the Registry on a Windows System
You can add Content Server connections by creating a registry file on a Windows system. The file is not included as part of the standard installation files; you must create it.
Adding servers in a registry file automates the setup process by saving your users from setting up connections on their computers. When you add a server connection in this manner, the user cannot delete the server connection from their desktop (Windows Explorer, the email client, or any desktop application).
Sample Registry File Entries
The following sample registry file entries are examples for Content Servers instances, WebDAV servers, and Content DB servers, with comments below the code lines. The sample file registry entries are under
HKEY_LOCAL_MACHINE. If you would like the user to run the installer, use
HKEY_CURRENT_USER instead of
HKEY_LOCAL_MACHINE means that users cannot change the ServerAuth or RememberMetaData values because they will not have permission to change
HKEY_LOCAL_MACHINE entries (unless a Windows policy is set to allow this, or the user is an administrator).
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\WebCenter Desktop\Content\WebDAV\Servers\Corporate] "ServerType"="ucm" "ServerURL"="http://corporate/cs/idcplg/webdav"
(In this registry entry, the server is a Content Server instance, the display name of the server is Corporate, and the server WebDAV URL is http://corporate/cs/idcplg/webdav.)
[HKEY_LOCAL_MACHINE\Software\ORACLE\WebCenter Desktop\Content\Shared\Config\Corporate] "HostCgiUrl"="http://corporate/cs/idcplg" "ServerAuth"=REG_DWORD:0x00000000 (0) "RememberMetaData"=REG_DWORD:0x00000000 (0)
In this registry entry, the server is a Content Server instance, the name of the server is Corporate, the CGI URL is http://corporate/cs/idcplg, and the user interface URL is http://corporate/wcc/faces. Content DB servers and WebDAV servers do not use these registry entries.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\WebCenter Desktop\Content\WebDAV\Servers\Department] "ServerType"="dav" "ServerURL"="http://corporate/content/app/explorerPage.jspx" "Single Sign-On Url"="http://section/content/app/explorerPage.jspx" "Use Single Sign-On"=REG_DWORD:0x00000001 (1)
(In this registry entry, the server is a WebDAV server, the display name of the server is Department, the server WebDAV URL is http://corporate/content/app/explorerPage.jspx, a single sign-on page has been identified, and single sign-on has been implemented.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\WebCenter Desktop\Content\WebDAV\Servers\Section] "ServerType"="cdb" "ServerURL"="http://section/content/dav" "Single Sign-On Url"="http://section/content/app/explorerPage.jspx" "Use Single Sign-On"=REG_DWORD:0x00000001 (1)
(In this registry entry, the server is a Content DB server, the display name of the server is Section, the server WebDAV URL is http://section/content/dav, a single sign-on page has been identified, and single sign-on has been implemented.)
Creating a Hash Partition to Improve Database Performance
Use a hash partition of the EBATCTITEMS table to minimize the database wait event enq: HW– contention, which prevents the database from scaling.
This event occurs when many threads are trying to update and add new BLOB items to ECBATCHTITEMS, as follows:
table - "UPDATE ECBATCHITEMS SET ECITEMDATA=:1 WHERE ECITEMID=:2"
- Get the definition of the table:
SELECT dbms_metadata.get_ddl('OBJECT TYPE','OBJECT NAME', OWNER') FROM DUAL;
- Append partitioning syntax to the table definition. The following table definition creates a hash partition for the ECBATCHITEMS table:
SQL> create table "CAPCLIENT_CAPTURE"."ECBATCHITEMS2" 2 ( "ECTENNANTID" VARCHAR2(36 CHAR), "ECITEMID" VARCHAR2(36) NOT NULL ENABLE, 3 4 "ECORIGINALITEMID" VARCHAR2(36), 5 "ECORIGINALITEMINDEX" NUMBER(10,0), 6 "ECBARCODES" BLOB, 7 "ECBARCODECOUNT" NUMBER(10,0), 8 "ECSTATUS" VARCHAR2(255), 9 "ECSOURCEFORMAT" VARCHAR2(255), "ECANNOTATION" VARCHAR2(255), 10 11 "ECFILELENGTH" NUMBER(19,0), 12 "ECDOCUMENTLINKCOUNT" NUMBER(10,0), 13 "ECPATCHCODE" NUMBER(10,0), 14 "ECENDORSEMENT" VARCHAR2(255), 15 "ECSOURCEFILENAME" VARCHAR2(255), 16 "ECBATCHID" NUMBER(19,0), 17 "ECLASTMODIFIED" NUMBER(19,0), 18 "ECITEMDATA" BLOB, PRIMARY KEY ("ECITEMID")) partition by hash(ECITEMID) partitions 8 ;