14.5 Modifying the WebCenter Sites Configuration
Web.xml
Modify the web.xml
file to add the following XML node
under the security-constraint node:
<web-resource-collection>
<web-resource-name>ProtectedPages</web-resource-name>
<url-pattern>/wem/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>allowedGroups</role-name>
</auth-constraint>
Then
add:
<security-role>
<role-name>allowedGroups</role-name>
</security-role
Weblogic.xml
Add the following node in the weblogic.xml
file. Make sure you
create a group called SitesGroup in IDCS.
<security-role-assignment>
<role-name>allowedGroups</role-name>
<principal-name>SitesGroup</principal-name>
</security-role-assignment>
SSOConfig.xml and oamtken.xml
The following is a sample of the
SSOConfig.xml
file:<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- Single Sign On provider -->
<bean id="ssoprovider" class="com.fatwire.wem.sso.idcs.IDCSProvider">
<property name="config" ref="ssoconfig" />
</bean>
<!-- IDCS IdentityResolver bean -->
<bean id="idcsIdentity" class="com.fatwire.auth.identity.LocalUsernameResolver" />
<!-- Single Sign On filter -->
<bean id="ssofilter" class="com.fatwire.wem.sso.idcs.filter.IDCSFilter">
<property name="config" ref="ssoconfig" />
<property name="provider" ref="ssoprovider" />
<property name="identityResolver" ref="idcsIdentity" />
<property name="trustConfigured" value="false" />
</bean>
<!-- Single Sign On listener -->
<bean id="ssolistener" class="com.fatwire.wem.sso.idcs.listener.IDCSListener">
</bean>
<bean id="ssoconfig" class="com.fatwire.wem.sso.idcs.conf.IDCSConfig">
<!-- URL prefix for REST service endpoint -->
<property name="serviceUrl" value="http://meo00acs.us.oracle.com:7003/sites/REST" />
<!-- URL prefix for Token Service servlet -->
<property name="ticketUrl" value="http://meo00acs.us.oracle.com:7003/oamtoken" />
<!-- URL to be called when WEM logout is required. -->
<property name="signoutUrl" value="http://meo00acs.us.oracle.com:7003/sites/logout" />
<!-- Do not proxy tickets, tt's the last server in the call chain -->
<property name="proxyTickets" value="false" />
<!-- Database Credentials needed by user lookup in IDCSFilter -->
<property name="dbUsername" value="fwadmin " />
<property name="dbPassword" value="1234Abcd!@#" />
<!-- Your application protected resources (relative to applicationUrl) -->
<property name="protectedMappingIncludes">
<list>
<value>wem/fatwire/**</value>
<value>/faces/jspx/**</value>
<value>/ContentServer?[pagename=OpenMarket/Xcelerate/UIFramework/LoginPage|OpenMarket/Xcelerate/UIFramework/ShowMainFrames|fatwire/getAllUserGroups|fatwire/getAllSecurityConfigs|rest/asset,#]</value>
<value>Satellite?[pagename=fatwire/insitetemplating/request|OpenMarket/Xcelerate/ControlPanel/Request|OpenMarket/Xcelerate/ControlPanel/EditPanel|fatwire/wem/ui/Ping|fatwire/wem/sso/validateMultiticket|OpenMarket/Xcelerate/UIFramework/ShowPreviewFrames,#]</value>
<value>Xcelerate/LoginPage.html</value>
</list>
</property>
<property name="protectedMappingStatelessIncludes">
<list>
<value>/REST/**</value>
</list>
</property>
<!-- Your application protected resources excludes (relative to applicationUrl) -->
<property name="protectedMappingExcludes">
<list>
<value>/wem/fatwire/wem/ui/SysLocStrSvc</value>
</list>
</property>
</bean>
</beans>
The following is a sample of the
oamtken.xml
file:<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- Configuration for TokenAuthority -->
<bean id="configuration" class="com.fatwire.wem.sso.oam.token.TokenConfig" >
<property name="compatibilityMode" value="11G" />
<property name="traceConsole" value="false" />
<property name="loginValidator" value="true" />
<property name="enableIdcs" value="true" />
<property name="clientId" value="22b31a2273844a6c99afbb9048a8f48e" />
<property name="clientSecret" value="d0c589b5-bed0-4d2a-a378-4b2a0b57f4f5" />
<property name="idcsUrl" value="https://idcs-a4b1a5209dd44c44bfecaed81680761a.identity.c9dev1.oc9qadev.com" />
<property name="tokenEndpoint" value="/oauth2/v1/token" />
<!-- This property sets an alternate path to the access gate configuration file
<property name="oblixPath" value="" />
-->
</bean>
</beans>
Once you’ve completed the configuration, access the WebCenter Sites URL. This URL will use IDCS: