12 Installing and Configuring the WebCenter Content User Interface

This chapter describes how to install and configure an Oracle WebCenter Content Managed Server with the WebCenter Content user interface. This interface, for Oracle WebCenter Content Server, is based on the Oracle Application Development Framework (Oracle ADF).

This chapter includes the following sections:

Section 12.1, "About Installing and Configuring the WebCenter Content User Interface"
Section 12.2, "Installing and Configuring Oracle WebCenter Content 11g (11.1.1.9)"
Section 12.3, "Installing an 11.1.1.6.0 Middleware Home with Oracle ADF 11.1.2.4"
Section 12.4, "Installing the WebCenter Content User Interface Application"
Section 12.5, "Deploying the WebCenter Content User Interface Application to a New Domain"
Section 12.6, "Configuring the Administrator User"
Section 12.7, "Accessing the WebCenter Content User Interface"
Section 12.8, "Associating the WebCenter Content User Interface with Content Server"
Section 12.9, "Completing the Workflow Configuration"

12.1 About Installing and Configuring the WebCenter Content User Interface

You can configure Content Server with the WebCenter Content user interface in addition to the native 11g user interface, which Content Server uses by default. The WebCenter Content user interface resides in a separate domain from Content Server and runs on a different port, 16225 by default.

This separate domain requires its own Middleware home, which can reside on the same machine as the Middleware home for Content Server or on a separate machine. You could choose to have multiple instances of the WebCenter Content user interface server interact with Oracle WebCenter Content Server (previously known as Oracle UCM Content Server).

This chapter uses the following terminology:

The first Middleware home contains Oracle WebCenter Content and is referred to as the Oracle WebCenter Content Middleware home (WCC_MW_HOME in directory paths).
The first domain contains WebCenter Content and is referred to as the Oracle WebCenter Content domain (WCC_DOMAIN in directory paths). This domain is associated with the Oracle WebCenter Content Middleware home.
The second Middleware home contains the WebCenter Content user interface and is referred to as the WebCenter Content user interface Middleware home (WCCUI_MW_HOME in directory paths).
The second domain contains the WebCenter Content user interface and is referred to as the WebCenter Content user interface domain (WCCUI_domain in directory paths). This domain is associated with the WebCenter Content user interface Middleware home.

The WebCenter Content user interface domain requires its own Middleware home because changes are made to the Oracle ADF stack that are specifically required for the WebCenter Content user interface.

The two Middleware homes and domains can reside on the same host or on different hosts. The only additional requirement to run both domains on the same host is to use a different Administration Server port for each domain. To distinguish between the two Administration Server ports, this chapter refers to them as the WebCenter Content Administration Server port (WCC_ADMINSERVER_PORT) and the WebCenter Content user interface Administration Server port (WCCUI_ADMINSERVER_PORT).

To install the WebCenter Content user interface and configure it for Content Server, you need to perform these tasks:

Installing and Configuring Oracle WebCenter Content 11g (11.1.1.9)
Installing an 11.1.1.6.0 Middleware Home with Oracle ADF 11.1.2.4
Installing the WebCenter Content User Interface Application
Deploying the WebCenter Content User Interface Application to a New Domain
Configuring the Administrator User
Accessing the WebCenter Content User Interface

12.2 Installing and Configuring Oracle WebCenter Content 11g (11.1.1.9)

Before you can install and configure the WebCenter Content User Interface, you need to install and configure Oracle WebCenter Content 11gR1 (11.1.1.9), as these chapters describe:

You can install a new Oracle WebCenter Content 11gR1 (11.1.1.9.0) application or use an existing Oracle WebCenter Content 11gR1 (11.1.1.9.0) installation that is configured as this section describes.

All of the operations in this section pertain to the Oracle WebCenter Content Middleware home and, therefore, the Oracle WebCenter Content domain. The following steps summarize the installation and configuration procedures for Oracle WebCenter Content in the first of two Middleware homes:

For the first domain (in the Oracle WebCenter Content Middleware home), follow the instructions in Chapter 2, "Installing Oracle WebCenter Content," to install these products:
- Oracle Database 11g Release 2
- Repository Creation Utility (RCU)
- Oracle WebLogic Server in a Middleware home
- Oracle WebCenter Content 11g (11.1.1.9)
Using RCU, create the Oracle WebCenter Content Server - Complete schema and the Metadata Services (MDS) schema, as described in Section 2.2, "Creating Oracle WebCenter Content Schemas with the Repository Creation Utility."
Create a WebLogic Server domain that includes a WebCenter Content Managed Server (using the Oracle Universal Content Management - Content Server template) and, optionally, an Oracle WebCenter Content: Inbound Refinery Managed Server (using the Oracle Universal Content Management - Inbound Refinery template), as described in Section 3.2, "Creating an Oracle WebLogic Server Domain."
Configure Content Server, as the following sections describe:
1. Section 12.2.1, "Enabling WebCenter Content User Interface Components"
  
  This configuration is required for using the WebCenter Content user interface.
2. Section 12.2.2, "Setting up the Remote Intradoc Client (RIDC)"
  
  This configuration is required for using the WebCenter Content user interface.
3. Section 12.2.3, "Setting Additional Content Server Parameters"
  
  This configuration is optional, to set up additional configuration variables and the search engine for Content Server.
4. Section 12.2.4, "Enabling Full-Text Searching"
  
  This configuration is optional, to set up Oracle Text Search.
5. Section 12.2.5, "Generating Thumbnails and Web-Viewable Renditions"
  
  This configuration is optional, to enhance the WebCenter Content user interface experience.
6. Section 12.2.6, "Configuring Digital Asset Management in Content Server"
  
  This configuration is optional, to set up document conversions through Digital Asset Management (DAM) and Inbound Refinery.
7. Section 12.2.7, "Configuring Extended Features in Content Server"
  
  This configuration is optional, to set up standard Content Server features.

12.2.1 Enabling WebCenter Content User Interface Components

Before you can use the WebCenter Content user interface, you must enable these Content Server components: AutoSuggestConfig, DynamicConverter, and FrameworkFolders. You can enable them through the Content Server Component Manager interface, as follows:

Log in to Content Server as a WebCenter Content administrator.
From the Administration tray or menu, choose Admin Server, then Component Manager.
On the Component Manager page, select all three components under WebCenter Content UI Components:
- AutoSuggestConfig
- DynamicConverter
- FrameworkFolders
Click Update, and then click OK to confirm enabling the component.
Restart Content Server, as described in Section 10.3, "Restarting a Managed Server."

12.2.2 Setting up the Remote Intradoc Client (RIDC)

The WebCenter Content user interface uses the IDC socket protocol to communicate with Content Server. To enable this communication, you must set the IntradocServerPort and SocketHostAddressSecurityFilter values in the WCC_domain/ucm/cs/config/config.cfg configuration file for Content Server, in the Oracle WebCenter Content domain.

The following syntax shows how to set these values:

IntradocServerPort=port_number
SocketHostAddressSecurityFilter=IP addresses of permitted UI hosts separated by a bar symbol (|)
 
For example:
IntradocServerPort=4444
SocketHostAddressSecurityFilter=123.456.789.0
 
If you want to open this up to all hosts in the network, use this setting:
SocketHostAddressSecurityFilter=*.*.*.*

For more information about the config.cfg file, see "The config Directory" in Oracle Fusion Middleware Developing with Oracle WebCenter Content.

12.2.3 Setting Additional Content Server Parameters

For the WebCenter Content user interface, you can also set Content Server parameters for folders and searching.

To set additional Content Server parameters:

From the Content Server Administration menu or tray, choose Admin Server and then General Configuration.
Select the Enable Accounts checkbox.
In the Additional Configuration Variables area, add the following parameters, if not set already, to go in the config.cfg file:
- FoldersIndexParentFolderValues=true
  
  This parameter enables you to search for content within folders, including subfolders.
- FldEnforceFolderFileNameUniqueness=true
  
  This parameter prevents folders from having a child folder with the same name as a child document.
- FldEnforceCaseInsensitiveNameUniqueness=true
  
  This parameter makes name-uniqueness checks for folder and file names case-insensitive. It also makes path resolution case-insensitive.
- SearchIndexerEngineName=OracleTextSearch or SearchIndexerEngineName=DATABASE.METADATA
  
  This parameter enables OracleTextSearch full-text searching or database metadata searching, instead of the default database full-text searching.
Restart the WebCenter Content Managed Server, as described in Section 10.3, "Restarting a Managed Server."

12.2.4 Enabling Full-Text Searching

For full-text searching, you need to rebuild the Content Server index using OracleTextSearch (SearchIndexerEngineName=ORACLETEXTSEARCH parameter).

To enable full-text searching in the WebCenter Content user interface:

Access Content Server with the native user interface:
```
http://WCCHOST1:16200/cs
```
From the Administration menu or tray, choose Admin Applets and then Repository Manager.
Click the Indexer tab.
Under Collection Rebuild Cycle, click the Start button.
Deselect Use Fast Rebuild.
Click the OK button.

12.2.5 Generating Thumbnails and Web-Viewable Renditions

If you want to obtain thumbnail images and web-viewable renditions of files from the WebCenter Content user interface, you can configure Inbound Refinery to provide them. You can set up an Inbound Refinery provider for thumbnails and file conversions, such as PDF Export, through the native 11g user interface.

To configure thumbnails in Content Server:

Access Content Server with the native user interface:
```
http://WCCHOST1:16200/cs
```
From the Administration menu or tray, choose Configure Thumbnail Options.
Select Enable this server to create the thumbnail images box.
Click the Update button.

For more information about generating thumbnails and web-viewable renditions, see "Configuring Inbound Refinery" in Oracle Fusion Middleware Managing Oracle WebCenter Content.

12.2.6 Configuring Digital Asset Management in Content Server

Digital Asset Management (DAM) is available through the WebCenter Content user interface. To enable the DAM user interface in Content Server, you need to enable the DigitalAssetManager, DAMConverterSupport, ContentBasket, and ZipRenditionManagement components and set up document conversion for DAM documents in Inbound Refinery.

To configure DAM in Content Server:

Log in to Content Server (http://WCCHOST1:16200/cs) as a WebCenter Content administrator.
Enable these components, or verify that they are enabled:
- DigitalAssetManager
- DAMConverterSupport
- ContentBasket
- ZipRenditionManagement (enabled by default)
Restart Content Server, as described in Section 10.3, "Restarting a Managed Server."
Log in to the Inbound Refinery Managed Server (http://WCCHOST1:16250/ibr) by default, as an administrator, and enable the DAMConverter component for DAM.
Restart the Inbound Refinery Managed Server, as described in Section 10.3, "Restarting a Managed Server."
Log in to Content Server again as an administrator to choose file formats for conversion:
1. From the Administration menu or tray, choose Admin Applets and then Configuration Manager.
2. From the Options menu, choose File Formats.
3. For image asset formats that you want to convert to digital assets (such as image/gif and image/png, change the conversion to Digital Media Graphics.

For more information about configuring DAM in Content Server and the Inbound Refinery Managed Server, see "Configuring Digital Asset Manager" in Managing Oracle WebCenter Content.

12.2.7 Configuring Extended Features in Content Server

Some Content Server features are supported but not necessarily required by the WebCenter Content user interface. For example, Access Control Lists (ACLs) and Accounts are not configured out of the box. If these features are enabled on Content Server, however, the WebCenter Content user interface provides access to the additional functionality.

For information about enabling ACLs in Content Server, see "Managing Access Control List Security" in Oracle Fusion Middleware Administering Oracle WebCenter Content.

For information about enabling Accounts in Content Server, see "Managing Accounts" in Oracle Fusion Middleware Administering Oracle WebCenter Content.

You can set up one of the three indexing configurations for Content Server: Oracle Text Search, Database metadata, or Database full text. For more information about how to do this, see "Configuring the Search Index" in Oracle Fusion Middleware Administering Oracle WebCenter Content.

These standard Content Server settings are not specific to the WebCenter Content user interface. For information about other extended features in Content Server, see Oracle Fusion Middleware Administering Oracle WebCenter Content.

12.3 Installing an 11.1.1.6.0 Middleware Home with Oracle ADF 11.1.2.4

Install Oracle Application Development Framework (Oracle ADF) 11gR1 (11.1.2.4) in an 11gR1 (11.1.1.6.0) Middleware home with Oracle WebLogic Server. This will include installing Oracle WebLogic Server 11gR1 (10.3.6 only) to create the Middleware home followed by installing Oracle ADF and then two Oracle ADF OPatch files.

Note to Windows Users:

Oracle ADF 11gR1 (11.1.2.4) in an 11gR1 (11.1.1.6.0) Middleware home does not support Windows Server 2012 or Windows Server 2012 R2.

If your site is going to use Oracle WebCenter Content: Desktop with the WebCenter Content user interface, you also need to install a patch to support compatibility mode in Desktop 11.1.1.9.

Note:

You need to follow these steps exactly to enable the WebCenter Content user interface for Content Server 11.1.1.9. Even if you have Oracle Application Development Framework 11gR1 (11.1.2.4) available, you cannot use it for the WebCenter Content user interface 11.1.1.6.0 domain. Instead, you need to install Oracle ADF 11.1.1.6.0 and then upgrade it with patches to Oracle ADF 11.1.2.4.0, as the following instructions describe.

All the operations in this section pertain to the WebCenter Content user interface Middleware home and, therefore, to the WebCenter Content user interface domain. In the following commands, WCCUI_MW_HOME refers to the WebCenter Content user interface Middleware home, which includes the Oracle ADF installation.

For the WebCenter Content user interface domain, perform these steps:

Install Oracle WebLogic Server 11gR1 (10.3.6) to c a Middleware home. This will be the WebCenter Content user interface Middleware home (WCCUI_MW_HOME).
Install Oracle Application Development Framework 11gR1 (11.1.1.6.0) in WCCUI_MW_HOME:
1. Obtain the Oracle Application Development Framework 11gR1 (11.1.1.6.0) media, as described in Section 1.2.2, "Software Downloads for Oracle WebCenter Content Installation and Configuration."
2. Unzip the ZIP file containing Oracle ADF to a temporary location, media_loc.
3. Run the installer, using the following command:
  - UNIX command:
```
media_loc/Disk1/runInstaller -jreLoc JAVA_HOME
```
  - Windows command:
```
media_loc\Disk1\setup.exe -jreLoc JAVA_HOME
```
Obtain the Oracle Application Development Framework 11gR1 (11.1.2.4.0) OPatch 16546129 (16546129_11.1.1.6.0_Generic.zip) from My Oracle Support (formerly OracleMetaLink) at https://support.oracle.com.

Unzip the patch ZIP file into a temporary folder, temp_location, and run the following command:

UNIX command:

WCCUI_MW_HOME/oracle_common/OPatch/opatch apply -jre JAVA_HOME/jre -oh WCCUI_MW_HOME/oracle_common/ temp_location/16546129

Windows command:

WCCUI_MW_HOME\oracle_common\OPatch\opatch apply -jre JAVA_HOME\jre -oh WCCUI_MW_HOME\oracle_common\ temp_location\16546129

In the command, JAVA_HOME is the location of the JDK.

Obtain the Oracle Application Development Framework 11gR1 (11.1.2.4.0) OPatch 16546157 (p16546157_11.1.1.6.0_generic.zip) from https://support.oracle.com.

Unzip the patch ZIP file into a temporary folder, temp_location, and run the following command:

UNIX command:

WCCUI_MW_HOME/oracle_common/OPatch/opatch apply -jre JAVA_HOME/jre -oh WCCUI_MW_HOME/oracle_common/ temp_location/16546157

Windows command:

WCCUI_MW_HOME\oracle_common\OPatch\opatch apply -jre JAVA_HOME\jre -oh WCCUI_MW_HOME\oracle_common\ temp_location\16546157

(Optional) For MDS customizing of the WebCenter Content user interface, obtain patch number 16020846, version 11.1.2.4.0 (p16020846_111240_Generic.zip), from https://support.oracle.com.

(Optional) Unzip the patch ZIP file into a temporary folder, temp_location, and run the following command:

UNIX command:

WCCUI_MW_HOME/oracle_common/OPatch/opatch apply -jre JAVA_HOME/jre -oh WCCUI_MW_HOME/oracle_common/ temp_location/16825232

Windows command:

WCCUI_MW_HOME\oracle_common\OPatch\opatch apply -jre JAVA_HOME\jre -oh WCCUI_MW_HOME\oracle_common\ temp_location\16825232

(Optional) For Internet Explorer 11 renditions, obtain patch number 19469801, version 11.1.2.4.0 (p19469801_111240_Generic.zip), from https://support.oracle.com.

(Optional) Unzip the patch ZIP file into a temporary folder, temp_location, and run the following command:

UNIX command:

WCCUI_MW_HOME/oracle_common/OPatch/opatch apply -jre JAVA_HOME/jre -oh WCCUI_MW_HOME/oracle_common/ temp_location/19469801

Windows command:

WCCUI_MW_HOME\oracle_common\OPatch\opatch apply -jre JAVA_HOME\jre -oh WCCUI_MW_HOME\oracle_common\ temp_location\19469801

(Optional) For Oracle ADF Help, obtain patch number 18102108, version 11.1.2.4.0 (p18102108_111240_Generic.zip), from https://support.oracle.com.

(Optional) Unzip the patch ZIP file into a temporary folder, temp_location, and run the following command:

UNIX command:

WCCUI_MW_HOME/oracle_common/OPatch/opatch apply -jre JAVA_HOME/jre -oh WCCUI_MW_HOME/oracle_common/ temp_location/18102108

Windows command:

WCCUI_MW_HOME\oracle_common\OPatch\opatch apply -jre JAVA_HOME\jre -oh WCCUI_MW_HOME\oracle_common\ temp_location\18102108

12.4 Installing the WebCenter Content User Interface Application

The WebCenter Content user interface artifacts are in a ZIP file called WccADFUI.zip, which you can obtain from the WebCenter Content Oracle home in the Oracle WebCenter Content (first) Middleware home. The file location is WCC_ORACLE_HOME/ucm/Distribution/WccADFUI/WccADFUI.zip.

This ZIP file includes these WebCenter Content user interface artifacts:

The application EAR file, WccAdf.ear
The domain extension configuration template
Custom Oracle Weblogic Scripting Tool (WLST) commands for managing the connections to Oracle WebCenter Content Server
Support scripts for deployment and management of the application

To install the WebCenter Content user interface application:

Create the directory WCCUI_MW_HOME/oracle_common/webcenter/wccadf, in the WebCenter Content user interface (second) Middleware home.
Copy the WCC_ORACLE_HOME/ucm/Distribution/WccADFUI/WccADFUI.zip file to the WCCUI_MW_HOME/oracle_common/webcenter/wccadf directory.
Expand the ZIP file in the WCCUI_MW_HOME/oracle_common/webcenter/wccadf directory.

12.5 Deploying the WebCenter Content User Interface Application to a New Domain

You need to deploy the WebCenter Content user interface application to a new WebLogic Server domain before you can use the application with the Content Server application in the Oracle WebCenter Content domain. After configuration of both domains is complete, you can use either the WebCenter Content user interface or the native 11g user interface with Content Server.

All of the operations in this section pertain to the WebCenter Content user interface Middleware home and, therefore, to the WebCenter Content user interface domain.

To deploy the WebCenter Content user interface application:

Run WLST from the WebCenter Content user interface Middleware home:

UNIX command:

WCCUI_MW_HOME/oracle_common/common/bin/wlst.sh

Windows command:

WCCUI_MW_HOME\oracle_common\common\bin\wlst.cmd

Run the following commands in offline mode:
```
wls:/offline> archive = getMDSArchiveConfig('WCCADF_EAR_LOCATION')

wls:/offline> archive.setAppMetadataRepository(repository='mds-mds_repo_name', partition='partition_name', type='DB', jndi='jdbc/mds/mds_repo_name')

wls:/offline> archive.save()
```
In the getMDSArchiveConfig command, WCCADF_EAR_LOCATION is the directory where the WccADFUI.zip file was expanded, WCCUI_MW_HOME/oracle_common/webcenter/wccadf.

In the archive.setAppMetadataRepository command, mds_repo_name is the name of the repository, and partition_name is a name for the partition to be created.

For example:

archive =
getMDSArchiveConfig("/user/ADFMW/oracle_common/webcenter/wccadf/WccAdf.ear")
archive.setAppMetadataRepository(repository='mds-WCCUIMDSREPO', partition='MDS_PARTITION', type='DB', jndi='jdbc/mds/WCCUIMDSREPO')
archive.save()

In the WebCenter Content user interface Middleware home, place the WebCenter Content user interface domain template, oracle.ucm.cs_adf_template_11.1.1.jar, in the following directory:
```
WCCUI_MW_HOME/oracle_common/common/templates/applications/
```
Run the configuration wizard in this Middleware home:
```
WCCUI_MW_HOME/oracle_common/common/bin/config.cmd
```
Create a new Weblogic Server domain, WCCUI_DOMAIN, using the following template:

Oracle WebCenter Content - Web UI - 11.1.1.0

Dependent components (JRF and EM) will be automatically enabled. This will create a new domain and a Managed Server for the WebCenter Content user interface application. You will not need any data sources to be set up for this application.

Upgrade the Oracle ADF shared libraries in the WebCenter Content user interface domain to Sherman Update 2:

Run WLST from WCCUI_MW_HOME/oracle_common/common/bin/wlst.sh.

Run the following command in offline mode:

wls:/offline> upgradeADF('DOMAIN_HOME');

For example:

wls:/offline> upgradeADF('/user/ADFMW/Middleware/user_projects/domains/WCCUI_domain')
Target Library "jsf#2.0@1.0.0.0_2-0-2" to JRF "AdminServer"
Target Library "jsf#2.0@1.0.0.0_2-0-2" to JRF "WCCADF_server1"

Register the target Managed Server with the MDS repository, and create the metadata partition:
1. Start the Oracle WebLogic Server Administration Server in the WebCenter Content user interface domain, which is in the WebCenter Content user interface Middleware home (WCCUI_MW_HOME), as described in Section 10.1, "Starting the Administration Server."
  
  If you have installed both domains on the same host, the port for the Administration Server in the WebCenter Content user interface domain will not be the default Administration Server port.
2. Run WLST from WCCUI_MW_HOME/oracle_common/common/bin/wlst.sh, and connect to the WebLogic Server instance in interactive mode:
```
wls:/offline> connect()
Please enter your username : weblogic
Please enter your password :

Please enter your server URL: [t3://localhost:7001] :t3://host:port of admin server where the WebCenter Content user interface Managed Server is running
```
3. Run the following commands:
```
wls:/mydomain/serverConfig> registerMetadataDBRepository('mds_repo_name', 'Oracle', 'db_host_name', 'db_port_number', 'db_name', 'mds_schema_username', 'mds_schema_password', 'target_server')

wls:/mydomain/serverConfig> createMetadataPartition(repository='mds-mds_repo_name', partition='partition_name')
```
  The target server in the preceding command is the WebCenter Content user interface Managed Server.
  
  For example:
```
registerMetadataDBRepository('WCCUIMDSREPO', 'Oracle','my_db_server', '1521', 'my_db', 'WCCUI_MDS', 'password', 'WCCADF_server1')
createMetadataPartition(repository='mds-WCCUIMDSREPO', partition='MDS_PARTITION')
```
  If you are upgrading an Oracle WebCenter Content 11.1.1.9.0 installation that was previously configured to work with the WebCenter Content user interface, the mds_repo_name and partition_name values should be the same as the mds_repo_name and partition_name values created during the installation of Oracle WebCenter Content 11.1.1.9.0. You can obtain these values from the Fusion Middleware Control URL of the 11.1.1.9.0 installation.
Restart the Administration Server in the WebCenter Content user interface domain, by stopping and then starting it, as described in Part , "Restarting a Managed Server."

If you have installed both domains on the same host, the port for the Administration Server in the WebCenter Content user interface domain will not be the default Administration Server port.
Start the WCCADF_server1 Managed Server in the WebCenter Content user interface domain.
Associate the WebCenter Content user interface with Content Server through the connection architecture:
1. Set the variable WL_HOME to the location of the WebLogic Server instance. For example:
```
WL_HOME=WCCUI_MW_HOME/wlserver_10.3
```
2. Go to WCCUI_MW_HOME/oracle_common/webcenter/wccadf/ConnArchWlstResources/common/bin.
3. Run the custom WLST command manageconnwlst.sh, which is present in this directory:
```
./manageconnwlst.sh

wls:/offline> connect()
 
Please enter your username :weblogic
 
Please enter your password :
 
Please enter your server URL [t3://localhost:7001] :t3://host:port of WebCenter Content user interface Managed Server
```
4. Update the RIDC connection to the WebCenter Content user interface Managed Server:
```
wls:/mydomain/serverConfig>updateRIDCConnection('ADF_UI_APP_NAME','WccAdfDefaultConnection',connUrl='idc://contentserver_host:intradoc_port',credUsername='ucm_admin_user') 
```
  In the command, ADF_UI_APP_NAME is the Oracle WebCenter Content - Web UI application.
  
  For example:
```
connect('weblogic','password','t3://myuihost.example.com:16225')
updateRIDCConnection('Oracle WebCenter Content - Web UI', 'WccAdfDefaultConnection',connUrl='idc://mycshost.example.com:4444', credUsername='weblogic')
```
  At this point the WebCenter Content user interface application instance has been set up and associated with the WebCenter Content Managed Server that was installed on the first machine.
  
  Note:
  This is an IDC-based mechanism for connecting to Content Server. If you want to try a different connection mechanism, see Section 12.8, "Associating the WebCenter Content User Interface with Content Server."
Restart the Content Server Managed Server, as described in Section 10.3, "Restarting a Managed Server."
Restart the WebCenter Content user interface Managed Server.

12.6 Configuring the Administrator User

Content Server and the WebCenter Content user interface will need to access the same user directory. Standard LDAP offerings such as Oracle Internet Directory and Active Directory can be shared across domains. You can choose to configure a single sign-on solution using Oracle Access Manager or Oracle Single Sign-On, using the standard guidelines for such integration.

For more information about LDAP options, see Section 3.9, "Reassociating the Identity Store with an External LDAP Authentication Provider."

Out of the box, the WebCenter Content user interface requires one WebCenter Content administrator user to function:

The administrator user was specified in the credUsername parameter of the updateRIDCConnection() WLST command that was used to connect to the WebCenter Content user interface Managed Server, in Section 12.5, "Deploying the WebCenter Content User Interface Application to a New Domain," Step 9d.
You will need a user with the chosen name in the LDAP store or stores. Without this administrator user, the WebCenter Content user interface deployment will not work.
The user must have Administrators rights for the WebCenter Content Managed Server.

12.7 Accessing the WebCenter Content User Interface

You can access the WebCenter Content user interface through the following URL:

http://wccui-host:wccui-port/wcc

The WebCenter Content user interface application runs on port 16225 by default.

12.8 Associating the WebCenter Content User Interface with Content Server

You can configure a JAX-WS, IDCS, IDC, HTTP, or HTTPS connection between the WebCenter Content user interface Managed Server and Content Server, to associate the WebCenter Content user interface with Content Server. The following topics describe how to configure these connections:

Configuring a JAX-WS Connection from the WebCenter Content User Interface Server to Content Server
Configuring a Secured Connection from the WebCenter Content User Interface Server to Content Server
Configuring an IDCS Connection from the WebCenter Content User Interface Server to Content Server
Configuring an IDC Connection from the WebCenter Content User Interface Server to Content Server
Configuring an HTTP Connection from the WebCenter Content User Interface Server to Content Server
Configuring an HTTPS Connection to Content Server Without a Certificate
Setting Connection Attributes Through Fusion Middleware Control

12.8.1 Configuring a JAX-WS Connection from the WebCenter Content User Interface Server to Content Server

To configure a JAX-WS connection to Content Server:

Ensure that Metadata Services (MDS) schemas have been created in Oracle Database 11g Release 2 by the Repository Creation Utility (RCU).

Create one MDS schema for the Oracle WebCenter Content domain and one MDS schema for the WebCenter Content user interface domain. For information about creating schemas, see Section 2.2, "Creating Oracle WebCenter Content Schemas with the Repository Creation Utility."
Apply the WSM Policy Manager Template to both the Oracle WebCenter Content domain and the WebCenter Content user interface domain, if the domain does not already have this template. The template is in this file:
```
MW_HOME/oracle_common/common/templates/applications/oracle.wsmpm_template_11.1.1.jar
```
If the file is not in the MW_HOME/oracle_common/common/templates/applications directory, you can extend the domain with the template.

To extend a domain with the WSM Policy Manager Template:
1. If a Managed Server in the domain that you are planning to extend is running, stop it through the Administration Console.
2. Launch an Oracle WebLogic Scripting Tool (WLST) shell in offline mode.
3. Run the following commands in sequence:
```
wls:/offline> readDomain(r'${DOMAIN_HOME}')

addTemplate(r'${MW_HOME}/oracle_common/common/templates/applications /oracle.wsmpm_template_11.1.1.jar')

updateDomain()

closeDomain()

exit()
```
The addTemplate.cmd command creates a dummy schema.
Restart the Administration Servers in both domains.
For each domain, update the mds-owsm JDBC connection pool to point to the MDS schema for the domain. The targets should be the Administration Server and all Oracle ADF servers. The update can be done from Services > Data sources > mds-owsm in the Administration Console.

After updating a domain, restart the corresponding Administration Server. Confirm that Monitoring > Testing > Check data source is giving zero errors. A success message is expected, like "Test of mds-owsm on server AdminServer was successful."

Note:
Use separate schemas for ADF UI connection architecture and ADF UI OWSM.

Confirm that the wsm-pm application is shown as Active on the Deployments page of the Administration Console for each domain.
Restart the Managed Servers in both domains.
Create a policy set for the WebCenter Content user interface domain:
1. In Oracle Enterprise Manager 11g Fusion Middleware Control, expand WebLogic Domain in the navigation tree on the left, and then click the name of the domain.
2. From the WebLogic Domain drop-down menu at the top of the domain page, choose Web Services, then Policy Sets.
3. From the Type of Resources menu under Policy Set Summary, choose Web Service Client, enter a name for the policy set in the Name field, and click Create.
4. Make sure the policy set is enabled.
5. Under the scope, enable the policy set, enter the name of the domain in the Domain Name field, and then attach a policy, such as oracle/wss10_saml_token_client_policy.
Create a policy set for the Oracle WebCenter Content domain:
1. In Fusion Middleware Control, expand WebLogic Domain in the navigation tree on the left, and then click the name of the domain.
2. From the WebLogic Domain drop-down menu at the top of the domain page, choose Web Services, then Policy Sets.
3. From the Type of Resources menu under Policy Set Summary, choose Web Service Endpoint, enter a name for the policy set in the Name field, and click Create.
4. Make sure the policy set is enabled.
5. Under the scope, enter the name of the domain in the Domain Name field, and then attach a policy, such as oracle/wss_saml_or_username_token_service_policy.
To expedite applying the policy changes, restart the servers.

Confirm that the WebCenter Content web service has the GPA policy applied by inspecting the WSDL, at the following URL:

http://WCC_HOST:WCC_PORT/idcnativews/IdcWebLoginPort?WSDL

For example:

http://slc05amp.example.com:16200/idcnativews/IdcWebLoginPort?WSDL

In the WSDL, check for this code:

wsp:PolicyReference xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
URI="#wss_saml_or_username_token_service_policy" wsdl:required="false"/>

To do an identity switch over the top of a standard SAML identity propagation policy, you need to be able to override subject precedence from its default value of true, to be false instead.

This instructs the server not to automatically send the connected subject, but rather allow it to explicitly set the identity that should be sent across.

The connection architecture has a Boolean property that you can set to activate an RIDC filter that results in requestContext.put(ClientConstants.WSM_SUBJECT_PRECEDENCE, "false") being set.

Note:
If a Credential map exists, ensure that the password property (oracle.wcc.ridc.credential.password) is cleared from the Credential map before executing the following command. To check this property in Fusion Middleware Control, go to the WebCenter Content user interface page, and from the WebLogic Server drop-down menu, choose Security, then Credentials, then WccAdf.oracle.wcc.adf, and then anonymous#WccAdfDefaultConnection. To clear the property, click Edit, remove oracle.wcc.ridc.credential.password, and save the change.

To activate the RIDC filter, run the following command:
```
updateRIDCConnection('Oracle WebCenter Content - Web UI', 
'WccAdfDefaultConnection', 
connUrl="http://slc05elc.example.com:16200/idcnativews", 
jaxwsRegisteridentityswitchfilter="true",credImpersonationAllowed='false')
```
Run the following Connection Architecture command:
```
displayRIDCConnection('Oracle WebCenter Content - Web UI', 'WccAdfDefaultConnection')
```
Now the Connection Architecture attributes should look as follows:
```
PropConnectionUrl = http://WCCUI_HOST:16200/idcnativews
PropConnectionSocketTimeout = null
PropConnectionPoolMethod = null
PropConnectionPoolSize = null
PropConnectionWaitTime = null
PropCredentialUsername = weblogic
PropCredentialAppIdKey = null
PropCredentialImpersonationAllowed = null
PropProtocolJaxWSStack = null
PropProtocolJaxWSPolicy = null
PropProtocolJaxWSJpsConfigFile = null
PropProtocolJaxWSSkipStackOptimize = null
PropProtocolJaxWSServerInsName = null
PropProtocolJaxWSRegisterIdentitySwitchFilter = true
PropProtocolHttpLibrary = null
PropProtocolIdcsAlgorithm = null
PropProtocolIdcsKeystoreFile = null
PropProtocolIdcsKeystoreAlias = null
PropProtocolIdcsTrustManagerFile = null
```
Note:
Make sure PropCredentialImpersonationAllowed is set to null or false, not to true.

For an application to switch identity, grant it a special policy-code grant in the system-jazn-data.xml file, under WCCUI_MW_HOME/user_projects/domains/WCCUI_domain/config/fmwconfig. Change the name, as in the following code:

<grant>
   <grantee>
     <codesource>
       <url>file:${common.components.home}/modules/oracle.wsm.agent.
       common_11.1.1/wsm-agent-core.jar</url>
     </codesource>
   </grantee>
   <permissions>
     <permission>
       <class>oracle.wsm.security.WSIdentityPermission</class>
       <name>resource=Oracle WebCenter Content - Web UI</name>
       <actions>assert</actions>
     </permission>
   </permissions>
</grant>

Restart the WebCenter Content user interface Managed Server.

12.8.2 Configuring a Secured Connection from the WebCenter Content User Interface Server to Content Server

An SSL Incoming Provider is leveraged and instantiated to create an SSL server socket to which Intradoc clients can connect, and whereby traffic is encrypted.

The provider can be configured with or without requiring client authentication (the WebCenter Content user interface Managed Server is a client of Content Server).

When client authentication is not required, the JAVA RIDC client making the connection to the SSL server socket (Intradoc secure-socket port) does not need to present a valid certificate. This mode is not very different from a normal, non-SSL Intradoc connection. The main difference, however, is that traffic is encrypted and cannot be viewed by packet capture, and so on, in the clear.

Client authentication means that the client must supply a valid SSL certificate signed by an authority that is in the server's trust store. In this context, client authentication is not tied to any particular end user, but rather to the Java client program.

When the Require Client Authentication option is selected for the provider, and a secure Intradoc connection is made by the Java RIDC client to Content Server, a client that does not present a valid certificate will receive an exception, such as this one:

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
oracle.stellent.ridc.protocol.ProtocolException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at oracle.stellent.ridc.protocol.intradoc.HdaProtocol.readResponse(HdaProtocol.java:257)
at oracle.stellent.ridc.IdcClient.sendRequest(IdcClient.java:184)
at Ping.ping(Ping.java:42)
at Ping.main(Ping.java:20)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1720)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:954)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:753)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
at java.io.BufferedInputStream.read(BufferedInputStream.java:237)
at oracle.stellent.ridc.common.util.StreamUtil.readRawLine(StreamUtil.java:227)
at oracle.stellent.ridc.common.util.StreamUtil.readLine(StreamUtil.java:254)
at oracle.stellent.ridc.protocol.intradoc.HdaProtocol.readHeaders(HdaProtocol.java:459)
at oracle.stellent.ridc.protocol.intradoc.HdaProtocol.readResponse(HdaProtocol.java:215)

If your client (the WebCenter Content user interface Managed Server) receives such an exception, first make sure that the WCC_domain/ucm/cs/config/config.cfg file has SocketHostAddressSecurityFilter correctly set. The SocketHostAddressSecurityFilter value includes the IP address of the client machine; for example:

#hostname -i :- 10.229.187.227

SocketHostAddressSecurityFilter=10.229.187.227|127.0.0.1|0:0:0:0:0:0:0:1

Failure to set SocketHostAddressSecurityFilter correctly will result in an exception such as StatusMessage: Unable to establish connection to the server. Permission denied. Address '10.187.109.243' is not an allowable remote socket address.

Setting IntradocServerPort=XXXX is not required. Setting this property allows for non- SSL/nonencrypted Intradoc connections to this particular port from machines in the preceding trusted IP address list.

Caution:

If you want only SSL Intradoc connections with client-certificate authentication, but you inadvertently set IntradocServerPort, the client could go through this back door (assuming its IP address is in the trusted list).

12.8.3 Configuring an IDCS Connection from the WebCenter Content User Interface Server to Content Server

You can configure an IDC secured (IDCS) connection with or without Require Client Authentication. The WebCenter Content user interface Managed Server is a client of Content Server.

To configure an IDC secured connection with Require Client Authentication:

In the Oracle WebCenter Content domain, make the following changes, in a bash environment:
1. Enter the following command to set the domain environment:
```
source WCCUI_DOMAIN_HOME/bin/setDomainEnv.sh
```
2. Create a directory named sslkeepaliveincomingprovider:
```
mkdir -p $WCC_DOMAIN_HOME/ucm/cs/data/providers/sslkeepaliveincomingprovider

cd $WCC_DOMAIN_HOME/ucm/cs/data/providers/sslkeepaliveincomingprovider
```
  You can use a different name, as long as the directory name matches the provider name specified in Step 2d.
3. Use the CertGen utility to create a server key-certificate pair signed by the demo CA cert CertGenCA, as follows:
```
java utils.CertGen -certfile ServerPublicCert -keyfile ServerPrivKey -keyfilepass password -cn "`hostname -f`"
```
4. Create a server keystore with the server key-certificate pair.
```
java utils.ImportPrivateKey -keystore keystore.jks -storepass password -certfile ServerPublicCert.der -keyfile ServerPrivKey.der -keyfilepass password -alias serverkey -keypass password
```
5. Add the root CA to the server keystore, using the keytool utility:
```
keytool -importcert -file $WL_HOME/server/lib/CertGenCA.der -keystore keystore.jks -storepass password -noprompt
```
  The alias is not provided in the preceding command because it will be imported under the alias name mykey.
6. Add the root CA to the trust keystore:
```
keytool -importcert -file $WL_HOME/server/lib/CertGenCA.der -keystore truststore.jks -storepass welcome1 -noprompt
```
  The alias is not provided in the preceding command because it will be imported under the alias name mykey.
In Oracle WebCenter Content Server, add a provider:
1. Log in to the WebLogic Content user interface for Content Server, using the administrator user name and password.
2. From the Administration tray or menu, choose Providers.
3. On the Providers page, in Provider Type column of the Create a New Provider table, click sslincoming and then Add in the Action column of the same row.
4. On the Add Incoming Provider page, enter or keep the following field values:
  - Provider Name: sslkeepaliveincomingprovider (or the name of the directory created in Step 1b.)
  - Provider Description: For testing RIDC over SSL
  - Provider Class: idc.provider.ssl.SSLSocketIncomingProvider
  - Connection Class: idc.provider.KeepaliveSocketIncomingConnection
  - Server Thread Class: idc.server.KeepaliveIdcServerThread
  - Server Port: 9995
  - Require Client Authentication: Select.
  - Keystore File Path: Select Use Default (This value specifies $WCC_DOMAIN_HOME/ucm/cs/data/providers/sslkeepaliveincomingprovider/keystore.jks)
  - Keystore Password: password
  - Alias: serverkey
  - Alias Password: password
  - Truststore File Path: Select Use Default
    (This value specifies $WCC_DOMAIN_HOME/ucm/cs/data/providers /sslkeepaliveincomingprovider/truststore.jks)
  - Truststore Password: password
5. Click the Add button at the bottom of the page.
6. Restart the WebCenter Content Managed Server.

Verify the WCC_DOMAIN_HOME/ucm/cs/data/providers/sslkeepaliveincomingprovider/provider.hda file that gets generated. It should contain the following text:

Example 12-1 Contents of the provider.hda File

- note passwords in clear!!
cat provider.hda
<?hda version="11gR1-11.1.1.7.0-idcprod1-120807T112220" jcharset="UTF8" encoding="utf-8"?>
@Properties LocalData
=I
ncomingThread=idc.server.KeepaliveIdcServerThread
IntradocServerHostName=
KeystoreAlias=serverkey
KeystoreAliasPassword=password
KeystoreFile=/u01/app/oracle/product/Middleware/user_projects/domains/base_dom
ain/ucm/cs/data/providers/sslkeepaliveincomingprovider/keystore.jks
KeystorePassword=password
NeedClientAuth=
PasswordScope=sslkeepaliveincomingprovider
ProviderClass=idc.provider.ssl.SSLSocketIncomingProvider
ProviderConfig=
ProviderConnection=idc.provider.KeepaliveSocketIncomingConnection
ProviderType=sslincoming
ServerPort=9995
TruststoreFile=/u01/app/oracle/product/Middleware/user_projects/domains/base_do
main/ucm/cs/data/providers/sslkeepaliveincomingprovider/truststore.jks
TruststorePassword=password
UseDefaultKeystoreFile=1
UseDefaultTruststoreFile=1
WantClientAuth=
blDateFormat=M/d{/yy}{ h:mm[:ss]{ a}}!mAM,PM!tPST8PDT
@end

From the WebCenter Content user interface Managed Server machine, make the following changes (if you are requiring client authentication).
1. Enter the following command to set the domain environment:
```
source WCCUI_DOMAIN_HOME/bin/setDomainEnv.sh
```
2. Go to the user home directory:
```
cd /home/user
```
3. Use the CertGen utility to create a client key-certificate pair signed by the demo CA cert CertGenCA, as follows:
```
java utils.CertGen -certfile ClientPublicCert -keyfile ClientPrivKey -keyfilepass password [-cn "`hostname -f`"]
```
  Note:
  The optional -cn argument determines the common name to which the certificate is issued. If this argument is skipped, the certificate is issued to the host name of the machine from which the certificate is generated.
4. Create a client keystore for the WebCenter Content user interface Managed Server, with the client key-certificate pair:
```
java utils.ImportPrivateKey -keystore keystore.jks -storepass password 
-certfile ClientPublicCert.der -keyfile ClientPrivKey.der -keyfilepass password -alias clientkey -keypass password
```
5. Add the root CA to the client keystore, using the keytool utility:
```
keytool -importcert -file WCCUI_WL_HOME/server/lib/CertGenCA.der -keystore keystore.jks -storepass password -noprompt
```
Connect to the WebCenter Content user interface Managed Server.

Run the following updateRIDCConnection() command, on one line:

updateRIDCConnection('Oracle WebCenter Content – WebUI',
'WccAdfDefaultConnection',connUrl='idcs://adc2120610.example.com:9995',
credUsername='weblogic',idcsKeystoreFile='/home/user/keystore.jks',
idcsKeystorePassword='password',idcsKeystoreAlias='clientkey',idcsKeystoreAliasPassword='password')

After the preceding command is run, the cwallet.sso file is updated under /users/username/AppData/Roaming/JDeveloper/system11.1.2.2.39.61.83.1/DefaultDomain/config/fmwconfig. The cwallet.sso file contains the password, as follows (decrypted content):

### Map: WccAdf.oracle.wcc.adf
1. + Key: anonymous#WccAdfDefaultConnection
class = oracle.security.jps.internal.credstore.GenericCredentialImpl
desc = null
type = java.util.Hashtable
cred = (oracle.wcc.ridc.protocol.idcs.keystore.alias.password, password)
cred = (oracle.wcc.ridc.protocol.idcs.keystore.password, password)
expires = null

Restart the WebCenter Content user interface Managed Server.

To configure an IDC secured connection without Require Client Authentication (only Content Server changes required):

Make the preceding changes to Content Server.
Connect to the WebCenter Content user interface Managed Server.

Run the following updateRIDCConnection() command, on one line:

updateRIDCConnection('Oracle WebCenter Content – Web UI',
'WccAdfDefaultConnection',connUrl='idcs://adc2120610.example.com:9995',
credUsername='weblogic')

Ensure all other parameters are unset by running the displayRIDCConnection('Oracle WebCenter Content – Web UI','WccAdfDefaultConnection') cmd.
Restart the WebCenter Content user interface Managed Server.
If you encounter the following error message, you need to import a certificate from the Content domain into the Oracle WebCenter Content user interface domain:
```
Caused By: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
```
This error means the certificate present in the WebLogic Server trusted store for the WebCenter Content Managed Server does not match or contain the <cacerts> entry present in WebLogic Server trusted store for Content Server). To import this certificate and add it to the trusted keystore in the WebCenter Content user interface domain:
1. Export the Content Server certificate as root.cer:
```
keytool -export -file root.cer –keystore keystore_path
```
  In the preceding command, keystore_path is the keystore that was configured on the sslaliveincominprovider page in Content Server. For example:
```
/user/11.1.1.9.0/mw9977/user_projects/domains/wccucm_domain/ucm/cs/data/providers/sslkeepaliveincomingprovider/keystore.jks
```
2. Enter the corresponding keystore password: password
3. Import root.cer into the client:
```
Keytool –import –keystore <cacerts> -file root.cer
```
  In the preceding command, <cacerts> is the Java Standard Trust Keystore that was specified for the WebCenter Content user interface Managed Server in the Administration Console. For example:
```
keytool -import -keystore jdk_location/jre/lib/security/cacerts -file root.cer
```
4. If you are prompted for a password after running the preceding keytool command, you can enter the common password for a keystore.
5. Restart the Web Center Content user interface Managed Server.

12.8.4 Configuring an IDC Connection from the WebCenter Content User Interface Server to Content Server

For an IDC connection to Content Server, the WebCenter Content user interface application is authenticated based on an IP address. Therefore, you need to make sure the WCC_DOMAIN_HOME/ucm/cs/config/config.cfg file has SocketHostAddressSecurityFilter set correctly.

SocketHostAddressSecurityFilter includes the IP address of the client machine (the WebCenter Content user interface machine); for example:

#hostname -
i :- 10.229.187.227
SocketHostAddressSecurityFilter=10.229.187.227|127.0.0.1|0:0:0:0:0:0:0:1

To configure an IDC connection to Content Server:

Connect to the WebCenter Content user interface.

Run the following updateRIDCConnection() command, on one line:

updateRIDCConnection('Oracle WebCenter Content – Web UI',
'WccAdfDefaultConnection',connUrl='idc://adc2120610.example.com:4444',
credUsername='weblogic')

The port number 4444 is the IntradocServerPort value for Content Server.

Restart the WebCenter Content user interface Managed Server.

12.8.5 Configuring an HTTP Connection from the WebCenter Content User Interface Server to Content Server

To configure an HTTP connection to Content Server:

Connect to the WebCenter Content user interface.

Run the following updateRIDCConnection() command, on one line:

updateRIDCConnection('Oracle WebCenter Content – Web UI',
'WccAdfDefaultConnection',connUrl='http://adc2120610.example.com:7777/cs
/idcplg',credUsername='weblogic',credPassword='password',
httpLibrary='oracle',credImpersonationAllowed='true')

Restart the WebCenter Content user interface Managed Server.

12.8.6 Configuring an HTTPS Connection to Content Server Without a Certificate

To configure an HTTPS connection to Content Server without a certificate:

Enable the SSL listen port in the WebLogic Server Administration Console. For example:
```
SSL listen port: 16201
```
Update the following two entries in the Content Server configuration file, config.cfg, under WCC_MW_HOME/user_projects/domains/cs_domain/ucm/cs/config:
```
HttpServerAddress=adc2120610.example.com:16201
UseSSL=Yes
```
Restart the Oracle WebCenter Content Managed Server.
Connect to the WebCenter Content user interface.
Run the following updateRIDCConnection() command, on one line, with the appropriate SSL port:
```
updateRIDCConnection('Oracle WebCenter Content – Web UI',
'WccAdfDefaultConnection',
connUrl='https://adc2120610.example.com:16201/cs/idcplg',
credUsername='weblogic',credPassword='password',httpLibrary='oracle',
credImpersonationAllowed='true')
```
Note:
In case the httpLibrary attribute is not set to oracle in the preceding command, Apache 3/4 is used for HTTP or HTTPS communication, so it is necessary to explicitly add the httpclient/httpcodec JAR in the WebCenter Content user interface (Model) classpath.
Restart the WebCenter Content Managed Server.

Over any secured connection, you need to follow the Certificate Authorities required to access secure sites using the SSL protocol. These Certificate Authorities may comprise the Identity and Trusted store.

If you see the following error on the WebCenter Content user interface Managed Server as soon as you try accessing it, you need to import the certificate for Content Server from the Oracle WebCenter Content domain to the WebCenter Content user interface domain:

Caused By: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target

This error happens because the certificate present in the WebLogic Server trusted store for the WebCenter Content user interface domain does not match or contain the cacerts present in the Oracle WebCenter Content domain (which includes Content Server). Therefore, you need to import this certificate and install it in the trusted keystore for the WebCenter Content user interface domain.

To import the certificate from the Oracle WebCenter Content domain to the WebCenter Content user interface domain:

Export the Content Server certificate from a browser by opening the Content Server HTTPS URL and saving the certificate as, for example, contentservercertificate.cer.
Run the keytool utility from the same JDK location that is used by the WebLogic Server trusted keystore. You can find this location in the Administration Console, on the Keystores tab for the WebCenter Content user interface Managed Server. For example:
```
JAVA_HOME/bin/java/keytool -import -keystore
JAVA_HOME/jre/lib/security/cacerts -file contentservercertificate.cer
```
The output from this command is details about the certificate and a request for confirmation.
Confirm the certificate:
```
Trust this certificate? [no]: y

Certificate was added to keystore
```
If you are prompted for a password after running the preceding command, you can specify the common password for a keystore.

12.8.7 Setting Connection Attributes Through Fusion Middleware Control

Instead of using the WLST updateRIDCConnection command, you can set connection attributes for the WebCenter Content user interface Managed Server through Oracle Enterprise Manager Fusion Middleware Control, in the System MBean Browser.

To set connection attributes through Fusion Middleware Control:

Log in to Fusion Middleware Control for the WebCenter Content user interface managed server.
In the navigation tree on the left, expand WebLogic Domain, then the folder for the WebCenter Content user interface domain, then the cluster name, and then click the name of the Managed Server.
From the WebLogic Domain drop-down menu at the top of the Managed Server page, choose System MBean Browser.
In the System MBean Browser navigation tree, expand Application Defined MBeans, then oracle.adf.share.connections, then Server: WCCADF_server1, then Application: Oracle WebCenter Content – Web UI, then ADFConnections, and then RIDC.

Or you can enter the connection name, WccAdfDefaultConnection, in the MBean filtered search.
Click WccAdfDefaultConnection.
On the Attributes tab, change the values of the connection attributes to set up the connection, then click the Apply button (top right), as Figure 12-1 shows.

Figure 12-1 System MBean Browser

Description of "Figure 12-1 System MBean Browser"

Note:
If you leave the PropConnectionSocketTimeout attribute blank, then the default, 60 seconds, becomes the RIDC Connection Socket Timeout value. This value could be a problem for downloading large files that are being converted to TIFF or PDF documents with the annotations burned in. You can set this attribute to a larger value in case you have large files.
Go back to the ADFConnections page (Application Defined MBeans>oracle.adf.share.connections> Server: WCCADF_server1> Application: Oracle WebCenter Content – Web UI> ADFConnections).
On the Operations tab, click Save to persist the changes made to the connection attributes, as Figure 12-2 shows.

Figure 12-2 ADFConnections MBean

Description of "Figure 12-2 ADFConnections MBean"
Restart the WebCenter Content user interface Managed Server.

12.9 Completing the Workflow Configuration

To complete the workflow configuration for the WebCenter Content user interface, you need to restart the Managed Servers and verify the configuration. The UseDatabaseWfInQueue configuration variable enables the WebCenter Content user interface to filter workflows assigned to a user. The EmailNotificationType configuration variable specifies where the links in notification emails point for workflows and subscriptions in different Content Server user interfaces, and its default value is NativeWebUI.

To complete the workflow configuration:

Make sure that the WCC_DOMAIN/ucm/cs/config/config.cfg file contains the EmailNotificationType variable with either of the following settings:
- To generate emails with links that point only to the WebCenter Content user interface, set EmailNotificationType=ContentUI in config.cfg.
- To generate emails with links that point to both the WebCenter Content user interface and the native 11g user interface, set EmailNotificationType=ContentUI,NativeWebUI in config.cfg.
Restart the Content Server Managed Server, as described in Section 10.3, "Restarting a Managed Server."
Click the alert that appears on the Content Server home page after restart: Click to complete workflow setup.

Ensure that Content Server returns a success message: Workflow setup is now complete.
Restart the WebCenter Content user interface Managed Server.

For more information about workflows, see "Managing Workflows" in Managing Oracle WebCenter Content.