1. Administering Oracle WebCenter Sites
  2. Managing Users and Security
  3. Integrating WebCenter Sites with Oracle Identity Cloud Service (IDCS)
  4. Modifying the WebCenter Sites Configuration

14.5 Modifying the WebCenter Sites Configuration

Web.xml

Modify the web.xml file to add the following XML node under the security-constraint node: 

<web-resource-collection>                                   
                    <web-resource-name>ProtectedPages</web-resource-name>                                   
                    <url-pattern>/wem/*</url-pattern>                       
          </web-resource-collection>               
         <auth-constraint>                       
        <role-name>allowedGroups</role-name>               
        </auth-constraint>
Then add:
<security-role>                       
                 <role-name>allowedGroups</role-name>               
    </security-role

Weblogic.xml

Add the following node in the weblogic.xml file. Make sure you create a group called SitesGroup in IDCS. 

<security-role-assignment>   
              <role-name>allowedGroups</role-name>   
              <principal-name>SitesGroup</principal-name>  
</security-role-assignment>

SSOConfig.xml and oamtken.xml

The following is a sample of the SSOConfig.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
  	
<!-- Single Sign On provider -->
  <bean id="ssoprovider" class="com.fatwire.wem.sso.idcs.IDCSProvider">
    <property name="config" ref="ssoconfig" />
  </bean>
  <!-- IDCS IdentityResolver bean -->
  <bean id="idcsIdentity" class="com.fatwire.auth.identity.LocalUsernameResolver" />

  <!-- Single Sign On filter -->
  <bean id="ssofilter" class="com.fatwire.wem.sso.idcs.filter.IDCSFilter">
    <property name="config" ref="ssoconfig" />
    <property name="provider" ref="ssoprovider" />
    <property name="identityResolver" ref="idcsIdentity" />
    <property name="trustConfigured" value="false" />
  </bean>

  <!-- Single Sign On listener -->
  <bean id="ssolistener" class="com.fatwire.wem.sso.idcs.listener.IDCSListener">
  </bean>
 
  <bean id="ssoconfig" class="com.fatwire.wem.sso.idcs.conf.IDCSConfig">
    <!-- URL prefix for REST service endpoint -->
    <property name="serviceUrl" value="http://meo00acs.us.oracle.com:7003/sites/REST" />
    <!-- URL prefix for Token Service servlet -->
    <property name="ticketUrl" value="http://meo00acs.us.oracle.com:7003/oamtoken" />
    <!-- URL to be called when WEM logout is required. -->
    <property name="signoutUrl" value="http://meo00acs.us.oracle.com:7003/sites/logout" />
    <!-- Do not proxy tickets, tt's the last server in the call chain -->
    <property name="proxyTickets" value="false" />
    <!-- Database Credentials needed by user lookup in IDCSFilter -->
    <property name="dbUsername" value="fwadmin " />
    <property name="dbPassword" value="1234Abcd!@#" />
    <!-- Your application protected resources (relative to applicationUrl) -->
    <property name="protectedMappingIncludes">
      <list>
                <value>wem/fatwire/**</value>
                <value>/faces/jspx/**</value>
<value>/ContentServer?[pagename=OpenMarket/Xcelerate/UIFramework/LoginPage|OpenMarket/Xcelerate/UIFramework/ShowMainFrames|fatwire/getAllUserGroups|fatwire/getAllSecurityConfigs|rest/asset,#]</value>

<value>Satellite?[pagename=fatwire/insitetemplating/request|OpenMarket/Xcelerate/ControlPanel/Request|OpenMarket/Xcelerate/ControlPanel/EditPanel|fatwire/wem/ui/Ping|fatwire/wem/sso/validateMultiticket|OpenMarket/Xcelerate/UIFramework/ShowPreviewFrames,#]</value>

<value>Xcelerate/LoginPage.html</value>
      </list>
    </property>
    <property name="protectedMappingStatelessIncludes">
      <list>
                <value>/REST/**</value>
      </list>
    </property>
    <!-- Your application protected resources excludes (relative to applicationUrl) -->
    <property name="protectedMappingExcludes">
      <list>
                <value>/wem/fatwire/wem/ui/SysLocStrSvc</value>
      </list>
    </property>
  </bean> 

	
</beans>
The following is a sample of the oamtken.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
 		
	<!-- Configuration for TokenAuthority -->
	<bean id="configuration" class="com.fatwire.wem.sso.oam.token.TokenConfig" >
		<property name="compatibilityMode" value="11G" />
		<property name="traceConsole" value="false" />
		<property name="loginValidator" value="true" />
		<property name="enableIdcs" value="true" />
		<property name="clientId" value="22b31a2273844a6c99afbb9048a8f48e" />
		<property name="clientSecret" value="d0c589b5-bed0-4d2a-a378-4b2a0b57f4f5" />
		<property name="idcsUrl" value="https://idcs-a4b1a5209dd44c44bfecaed81680761a.identity.c9dev1.oc9qadev.com" />
		<property name="tokenEndpoint" value="/oauth2/v1/token" />
		<!-- This property sets an alternate path to the access gate configuration file 
		<property name="oblixPath" value="" />
		-->
	</bean>
				
</beans>

Once you’ve completed the configuration, access the WebCenter Sites URL. This URL will use IDCS: