13 Switching to External Authentication

For maximum security in production environments, Oracle recommends integrating Oracle WebCenter Sites with Oracle Access Management, for an advanced identity management solution and a seamless single sign-on user experience. You also have the option of integrating WebCenter Sites with an external LDAP authentication provider directory.

The following topics describe how to configure WebCenter Sites for authentication against either external identity management solution:

13.1 Switching to Authentication Against an LDAP Directory

This topic describes how to switch WebCenter Sites to authentication against an external LDAP authentication provider directory. This is a recommended solution for production environments if integration with Oracle Access Management is not viable.

Before you change your authentication provider, install and configure WebCenter Sites.
To switch WebCenter Sites to authentication against an external LDAP directory:
  1. (Optional) Modify ldap.caseAware property value to true, if the LDAP server you are using is case sensitive.
    By default the value of ldap.caseAware is set to false. Log in will fail if you are using a case-sensitive LDAP server and this property is set to false. To modify the ldap.caseAware value to True follow the steps:
    • Log in to the WebCenter Sites Admin interface and navigate to Admin tree tab>System Tools>Property Management option.

    • Search for ldap and change the value from False to True.

    • Restart the Managed server.

    Note:

    During the integration of Sites with LDAP, if the users data in LDAP is separated by a comma the data does not get fetched. for example: test,user. To retrieve the data, you need to change the syntax in the dir.ini file located at ..sites/install directory from "syntax.escape=\\ to syntax.escape=\#".
  2. Access the LDAP Configurator at http://sites-host:sites-port/sites-context/ldapconfig, follow the instructions on the screen, and enter the values for your environment.
  3. For LDAP rollback, restart the WebCenter Sites Managed Server, and go to the same LDAP Configurator URL.

    Now there is only manual LDAP integration. Nothing is written to your LDAP Server, only an LDIF file is created under the DOMAIN_HOME/wcsites/wcsites/config/ldap folder (This is the default install location of WebCenter Sites application. All customizations and path modifications should be made after successful LDAP integration). The peopleparent, groupparent, username, and other fields are not prepopulated, as in the previous release.

  4. (Optional) Modify the LDIF file located in DOMAIN_HOME/wcsites/wcsites/config/ with values appropriate for your environment.

    Because the fields are not prepopulated, follow this example for ORACLEDIR :

    ldap server type -- ORACLEDIR
    ldap DSN -- dc=oracle,dc=com
    ldap host -- localhost
    ldap port -- 389
    ldap username -- cn=orcladmin
    ldap password -- password
    ldap peopleParent -- cn=Users,dc=oracle,dc=com
    ldap groupparent -- cn=Groups,dc=oracle,dc=com
    
  5. If you choose Oracle Virtual Directory as your LDAP authentication provider, WebCenter Sites generates an LDIF file, which you can import to your Oracle Internet Directory server and then create an adaptar in Oracle Virtual Directory to connect to the Oracle Internet Directory server.

    You cannot import an LDIF file directly to an Oracle Virtual Directory LDAP server because it does not have a storage of its own.

  6. Import the LDIF file into the external LDAP authentication provider.
  7. Restart the WebLogic Managed Server running this WebCenter Sites instance.

13.2 Switching to Authentication Against Oracle Access Manager

You can configure WebCenter Sites for authentication against Oracle Access Manager. This solution is recommended for production environments.

It is assumed that customer already has OAM Server running. This OAM integration would require configuration in the OAM Server using oamconsole and some configuration changes in the Sites.
WebCenter Sites integration is supported for Oracle Access Manager 11.1.2.2.0 and 11.1.2.3.0.
To switch WebCenter Sites to authentication against Oracle Access Manager:
  1. Log in to Oracle Access Manager Server through oamconsole, for example: http://<oam_host:oam_port>/<oam console>/ and configure a WebGate. For more information, see Integrating OAM with Oracle WebCenter Sites.
  2. Deploy the oamlogin.war and oamtoken.war application files located under ORACLE_HOME/wcsites/webcentersites/sites-home on the WebLogic domain containing the target WebCenter Sites instance.
  3. Create the wemsites_settings.properties property file under DOMAIN_HOME/wcsites/wcsites/config/.
  4. Enter the values in the wemsites_settings.properties file as follows:
    Elements Properties
    oamredirect http://oam_server_host:oam_port/oam/server/auth_cred_submit
    oamlogout oamlogout=http://oam_server_host:oam_port/oam/server/logout
    forgotpassword helpdesk-email-address
  5. Set following properties in DOMAIN_HOME/wcsites/wcsites/config/SSOConfig.xml. For more information see Step 12 of Integration Steps
    Elements Properties
    serviceUrl http://{ohs_server_host}:{ohs_port}/{sites_context_root}/REST
    ticketUrl http://{oamtoken_server_host}:{oamtoken_port}/oamtoken
    signoutURL

    http://{oam_server_host}:{oam_port}/oam/server/logout?end_url={end_url}

    Use this URL when invoking WebCenter Sites logout. It includes the encoded URL where the browser will return after all logout processing has been completed by Oracle Access Manager.
    end_url

    For test (staging) environments: http%3A%2F%2F{ohs_server_host}%3A{ohs_port}%2F{sites_context_root}%2Fwem%2Ffatwire%2Fwem%2FWelcome

    For production (delivery) environments: http%3A%2F%2F{ohs_server_host}%3A{ohs_port}%2F{sites_context_root}%2FXcelerate%2FLoginPage.html
    dbUsername Name of the WebCenter Sites general Administrator user account.
    dbPassword Password for the WebCenter Sites general Administrator user account.

    Note:

    The ohs_server host and ohs_port can be WebLogic host and port or any other HTTP server host and port depending on your configuration. For more information on OHS configuration, see Step 2 to Step 9 of Integration Steps. Add the below example for configuration in OAM OHS, mod_wl_ohs.conf file.
    <IfModule weblogic_module>
        <Location /oamlogin>
         SetHandler weblogic-handler
           WebLogicHost SITES_HOST       
    WebLogicPort SITES_PORT   
    </Location> 
    </IfModule>
      <IfModule weblogic_module>
     <Location /sites>
           SetHandler weblogic-handler
           WebLogicHost SITES_HOST
           WebLogicPort SITES_PORT
     </Location>
     </IfModule>
    
  6. Copy the obAccsessClient.xml and cwallet.sso files from your Oracle Access Manager instance into the DOMAIN_HOME/wcsites/wcsites/config/oblix/lib/ directory on the target WebCenter Sites instance.

    Note:

    These files are auto-generated after the WebGate is configured.
  7. Edit the oamtoken.xml file in the sites-config directory by setting the compatibility mode and oblix path. The compatibility mode should be set to 11G and the oblix path to the sites-config folder under which you have the oblix/lib folder.
  8. In the Oracle Access Manager configuration for WebCenter Sites, update the protected, public, and excluded resources as follows:
  9. To integrate the OAMSDK Client with WebLogic Server as the oamtoken.war application, edit the jps-config.xml file for the WebCenter Sites domain. By default, the WebLogic domain runs with this file, which is part of the WebLogic Server 12 c startup script:

    -Doracle.security.jps.config=ORACLE_HOME/user_projects/domains/DOMAIN_NAME/config/fmwconfig/jps-config.xml

    1. Add a service instance, as the following example shows, next to existing service instances in the existing jsp-config.xml file:
      <serviceInstance name="credstore.oamtoken" provider="credstoressp" location="./oamtoken">
      <description>File Based Credential Store Service Instance</description>
      <property name="location" value="./oamtoken"/>
      </serviceInstance>
      location is the path to the directory that contains the cwallet.sso file. The preceding example sets this path with reference to the current jsp-config.xml file. Make sure the omtoken folder is created with respect to the current directory and the cwallet.sso file is placed there. The location value can also be an absolute path to where the cwallet.sso file is placed
    2. Add <serviceInstanceRef ref="credstore.oamtoken"/> under <jpsContext name="default">.
    3. Add following <jpsContext> element under <jpsContexts default="default">:
      <jpsContext name="OAMASDK">
      <serviceInstanceRef ref="credstore.oamtoken"/>
      </jpsContext>
  10. Add permissions so that code in oamtoken.war can be used.
    The WebGate instance created in Oracle Access Manager is accessed by the client. You need to add the credential to the WebCenter Sites domain so that the security restriction can be taken care of.
    1. Launch the WebLogic Scripting Tool with the wlst.sh script:
      cd ORACLE_HOME/oracle_common/common/bin/./wlst.sh
    2. Connect to the Administration Server for the WebCenter Sites domain:
      connect('user-name','password','sites-host:admin-port')
    3. Grant the permissions:
      grantPermission(codeBaseURL="file:/scratch/idc/newoam/rend/Oracle_Home/user_projects/domains/renddomain/servers/wcsites_server1/tmp/_WL_user/oamtoken/-", permClass="oracle.security.jps.service.credstore.CredentialAccessPermission",permTarget="context=SYSTEM,mapName=OAMAgent,keyName=*",permActions="*")
      The preceding path is basically the path where WebLogic Server has deployed the oamtoken.war application.
    4. Restart the target WebCenter Sites Managed Server.
  11. (Optional) If trust between WebCenter Sites and Oracle Access Manager has not been established, modify the configuration of the WebCenter Sites web tier as follows:
    1. Log in to the Oracle Access Manager Console.
    2. In the WebGate authorization policy (under the protected resource policy), go to the Responses tab.
    3. Enable (select) the Identity Assertion check box.
    4. Click Apply to save your changes.
  12. (Optional) If WebCenterSites is deployed on a cluster is using OAM Integration. Following steps are required to be replicated on oamticketcache cache.
    1. In the config directory, we have cas-cache.xml where oamticketcache is configured by default.
    2. Uncomment the commented section in the cache named oamticketcache the section appear as:
      <cacheEventListenerFactory
      class="net.sf.ehcache.distribution.RMICacheReplicatorFactory"  
      properties="replicateAsynchronously=true, replicatePuts=true,
      replicateUpdates=true,
              replicateUpdatesViaCopy=false, replicateRemovals=true"/>
      <bootstrapCacheLoaderFactory 
      class="net.sf.ehcache.distribution.RMIBootstrapCacheLoaderFactory"
                      properties="bootstrapAsynchronously=false,
                              maximumChunkSizeBytes=5000000"
                      propertySeparator="," />
      
    3. Change the cacheManagerPeerProviderFactory as follows, make sure port is unique. 
      <cacheManagerPeerProviderFactory
      class="net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory"
              properties="peerDiscovery=automatic,
      multicastGroupAddress=230.0.0.8,
                      multicastGroupPort=40002, timeToLive=1" />
      
    4. The port should be different for cacheManagerPeerProviderFactory and cacheManagerPeerListenerFactory as specified in the earlier steps.
    5. All the cluster nodes should have same port for both the properties.
  13. For working on the SSOConfig.xml file, follow the steps:
    1. Modify the SSOConfig.xml file of the WebCenter Sites deployment. This file controls the loaded authentication classes and the properties that are required by those classes.
    2. Shutdown the Sites server.
    3. Backup the SSOConfig.xml file located in the WEB-INF/classes directory of the deployed WebCenter Sites application.
      For example: /u01/software/Apps/OraMiddleware/user_projects/domains/OAMSitesDomain/wcsites/wcsites/config/SSOConfig.xml.
    4. Modify SSOConfig.xml as follows: 

      Note:

      Further steps explains on setting properties for the following: serviceUrl, ticketUrl, signoutURL, dbUsername, and dbPassword, see Step 5 for more information.
    5. The signoutUrl property specifies the URL to be used when invoking WebCenter Sites logout. It includes the encoded URL where the browser will return after all logout processing has been completed by OAM.
    6. For Sites management, use the following value for end_url: http%3A%2F%2F{ohs_server_host}%3A{ohs_port}%2F{sites_context_root}%2Fwem%2Ffatwire%2Fwem%2FWelcome 
    7. For Sites delivery, use the following value for end_url:  http%3A%2F%2F{ohs_server_host}%3A{ohs_port}%2F{sites_context_root}%2FXcelerate%2FLoginPage.html.
      For the dbUsername and dbPassword properties, you can enter the credentials of the WebCenter Sites general administrator, which by default is fwadmin/xceladmin. The values for these properties will be encrypted on startup of the WebCenter Sites application.

      Note:

      In the code example below, you will set the following properties: csServerUrl, serviceUrl, ticketUrl, signoutURL, dbUsername, dbPassword, see Step 5 for more information.
      <?xml version="1.0" encoding="UTF-8"?>
      <!--
      
          Copyright (c) 2010 FatWire Corporation. All Rights Reserved.
          Title, ownership rights, and intellectual property rights in and
          to this software remain with FatWire Corporation. This  software
          is protected by international copyright laws and treaties, and
          may be protected by other law.  Violation of copyright laws may
          result in civil liability and criminal penalties.
      
      -->
      
      <beans xmlns="http://www.springframework.org/schema/beans"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
              xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context"
              xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
              http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
              http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
      
              <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />
              <!-- Root Context: defines shared resources visible to all other web components -->
              
              <jdbc:initialize-database data-source="dataSource"   enabled="true" ignore-failures="ALL">                
                      <!-- For installer the first jdbc:script will opened. Installer will configure it automatically -->
                      <jdbc:script location="classpath:crawler_oracle_db.sql" />
                      <!--jdbc:script location="classpath:crawler_hsql_db.sql" /-->
                      <!--jdbc:script location="classpath:crawler_sql_server_db.sql" /-->
                      <!--jdbc:script location="classpath:crawler_oracle_db.sql" /-->
                      <!--jdbc:script location="classpath:crawler_db2_db.sql" /-->
              </jdbc:initialize-database>
              
              <!-- Section# 1 Installer will consume below configuration to configure a datasource name created on the appservers -->
              <bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
                      <property name="jndiName" value="wcsitesDS"/>
              </bean>
              
              <!-- Single Sign On provider -->
              <bean id="ssoprovider" class="com.fatwire.wem.sso.oam.OAMProvider">
                      <property name="config" ref="ssoconfig" />
              </bean>
              <!--It is invoked by the OAM filter to resolve an OAM authenticated user against a remote Site CS instance.--> 
              <bean id="oamIdentity" class="com.fatwire.auth.identity.RemoteUsernameResolver" >
                      <property name="csServerUrl" value="http://{ohs_server_host}:{ohs_port}/{sites_context_root}/custom/customCsResolver.jsp"/>
              </bean>
        
              <!-- Single Sign On filter -->
              <bean id="ssofilter" class="com.fatwire.wem.sso.oam.filter.OAMFilter">
                      <property name="config" ref="ssoconfig" />
                      <property name="provider" ref="ssoprovider" />
                      <property name="identityResolver" ref="oamIdentity" />
                      
                      <!-- Set "trustConfigured" to "true" in case of trust relationship configured between WebGate and WLS.
                      It will turn off check for OAM_ASSERTION header. -->
                      <property name="trustConfigured" value="false" />
              </bean>
        
      
              <!-- Single Sign On listener -->
              <bean id="ssolistener" class="com.fatwire.wem.sso.oam.listener.OAMListener">
              </bean>
              
              <!-- Single Sign On configuration -->
              <bean id="ssoconfig" class="com.fatwire.wem.sso.oam.conf.OAMConfig">
                      <!-- URL prefix for REST service endpoint -->
                      <property name="serviceUrl" value="http://{ohs_server_host}:{ohs_port}/{sites_context_root}/REST" />
                      
                      <!-- URL prefix for Token Service servlet -->
                      <property name="ticketUrl" value="http://{oamtoken_server_host}:{oamtoken_port}/oamtoken" />
                      
                      <!-- URL to be called when WEM logout is required. -->
                      <property name="signoutUrl" value="http://{oam_server_host}:{oam_port}/oam/server/logout?end_url=http%3A%2F%2F{ohs_server_host}%3A{ohs_port}%2F{sites_context_root}%2Fwem%2Ffatwire%2Fwem%2FWelcome"/>
                      
                      <!-- Do not proxy tickets, tt's the last server in thecall chain -->
                      <property name="proxyTickets" value="false" />
                      
                      <!-- Database Credentials needed by user lookup inOAMFilter -->
                      <property name="dbUsername" value="fwadmin" />
                      <property name="dbPassword" value="xceladmin"/>
                      
                      <!-- Your application protected resources (relative to applicationUrl) -->
                      <property name="protectedMappingIncludes">
                              <list>
                                      <value>/__admin</value>
                                      <value>/__admin/**</value>
                              </list>
                      </property>
                      
                      <!-- Your application protected resources excludes (relative to applicationUrl) -->
                      <property name="protectedMappingExcludes">
                              <list>
                                      <value>/__admin/layout</value>
                              </list>
                      </property>
                      <property name="applicationProxyCallbackPath" value="/sso/proxycallback" />
                      <property name="gateway" value="false" />
              </bean>
              
              <context:component-scan base-package="com.fatwire.crawler.remote.dao" />
              <context:component-scan base-package="com.fatwire.crawler.remote.support" />
              <context:component-scan base-package="com.fatwire.crawler.remote.di" />
              <context:component-scan base-package="com.fatwire.crawler.remote.resources.support" />
      
      </beans>
      

13.2.1 SiteCapture integrating with OAM

Oracle Access Manager integration for SiteCapture you need to follow the steps:
  1. Integrate Oracle WebCenter Sites with Oracle Access Manager. For more information see, Integrating Oracle WebCenter Sites with OAM .
  2. Additional configuration required for Oracle Access Manager for SiteCapture.
    1. Create additional resource definitions (see table below) for the WebCenter Sites application domain.
      Resource URL Protection level Authentication Authorization
      /<sites-context>/REST/roles

      Unprotected

      Public

      All Allowed

      /<sites-context>/custom/customCsResolver.jsp

      Unprotected

      Public

      All Allowed

      /resources/.../*

      Excluded

      NA

      NA

      /__admin/.../*

      Protected

      Protected

      Protected

    2. Configure the Protected Resource Policy as follows:
    1. Click Application Domains and click the Open icon.
    2. Click Search and select WCSitesWebGate.
    3. Click the Authentication Policies tab and select Authentication Policies . For Authentication Scheme, select LDAPWemScheme, the authentication scheme previously created.
    4. Click Responses tab.
    5. Select the Identity Assertion checkbox.
    6. When an Authentication policy is satisfied, it can create responses. The responses are required by the WebCenter Sites HTTP filter to recognize LDAP attributes and provide information about the authenticated user. In the following steps, you will create these responses.
    7. Click the Add (+) icon. and enter the following:
    1. For Name: Enter FATGATE_CSTIMEOUT
    2. For Type: Select Header
    3. For Value: Enter 30
  3. SiteCapture Application Installation. During installation process of SiteCapture use parameters that are mentioned below:
    Property Description Property Value
    Content server host name or IP

    fw.cs.hostname

    {ohs_host}

    Content server app server port

    fw.cs.port

    {ohs_port}

    Content server context

    fw.cs.context

    {sites_context_root}

    Content server protocol (http or https)

    fw.cs.protocol

    {sites.protocol}

    Content Server user name having RESTADMIN role

    fw.cs.username

    {username}

    Content server user password

    fw.cs.password

    {password}

    SiteCapture server hostname or IP

    fw.sc.hostname

    {sc_host}

    SiteCapture app server port

    fw.sc.port

    {sc_port}

    SiteCapture protocol (http or https)

    fw.sc.protocol

    {sc.protocol}

    CAS server hostname

    fw.cas.host

    {ohs_host} in installer. Or

    Empty in sitecapture.properties

    CAS server port

    fw.cas.port

    {ohs_port} in installer. Or

    Empty in sitecapture.properties

    CAS server context

    fw.cas.context

    cas in installer. Or

    Empty in sitecapture.properties

  4. Adjust the root-context.xml file in SiteCapture Application. SiteCapture shipped with two files:
    1. root-context.xml
      Backup root-context.xml file and rename to root-context.xml.bak file.
    2. oam_root-context.xml
      Rename oam_root-context.xml file to root-context.xml file.
      <?xml version="1.0" encoding="UTF-8"?>
      <!--
      
          Copyright (c) 2010 FatWire Corporation. All Rights Reserved.
          Title, ownership rights, and intellectual property rights in and
          to this software remain with FatWire Corporation. This  software
          is protected by international copyright laws and treaties, and
          may be protected by other law.  Violation of copyright laws may
          result in civil liability and criminal penalties.
      
      -->
      
      <beans xmlns="http://www.springframework.org/schema/beans"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
              xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context"
              xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
              http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsd
              http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
      
              <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" />
              <!-- Root Context: defines shared resources visible to all other web components -->
              
              <jdbc:initialize-database data-source="dataSource"   enabled="true" ignore-failures="ALL">                
                      <!-- For installer the first jdbc:script will opened. Installer will configure it automatically -->
                      <jdbc:script location="classpath:crawler_oracle_db.sql" />
                      <!--jdbc:script location="classpath:crawler_hsql_db.sql" /-->
                      <!--jdbc:script location="classpath:crawler_sql_server_db.sql" /-->
                      <!--jdbc:script location="classpath:crawler_oracle_db.sql" /-->
                      <!--jdbc:script location="classpath:crawler_db2_db.sql" /-->
              </jdbc:initialize-database>
              
              <!-- Section# 1 Installer will consume below configuration to configure a datasource name created on the appservers -->
              <bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
                      <property name="jndiName" value="wcsitesDS"/>
              </bean>
              
              <!-- Single Sign On provider -->
              <bean id="ssoprovider" class="com.fatwire.wem.sso.oam.OAMProvider">
                      <property name="config" ref="ssoconfig" />
              </bean>
              <!--It is invoked by the OAM filter to resolve an OAM authenticated user against a remote Site CS instance.--> 
              <bean id="oamIdentity" class="com.fatwire.auth.identity.RemoteUsernameResolver" >
                      <property name="csServerUrl" value="http://{ohs_server_host}:{ohs_port}/{sites_context_root}/custom/customCsResolver.jsp"/>
              </bean>
        
              <!-- Single Sign On filter -->
              <bean id="ssofilter" class="com.fatwire.wem.sso.oam.filter.OAMFilter">
                      <property name="config" ref="ssoconfig" />
                      <property name="provider" ref="ssoprovider" />
                      <property name="identityResolver" ref="oamIdentity" />
                      
                      <!-- Set "trustConfigured" to "true" in case of trust relationship configured between WebGate and WLS.
                      It will turn off check for OAM_ASSERTION header. -->
                      <property name="trustConfigured" value="false" />
              </bean>
        
      
              <!-- Single Sign On listener -->
              <bean id="ssolistener" class="com.fatwire.wem.sso.oam.listener.OAMListener">
              </bean>
              
              <!-- Single Sign On configuration -->
              <bean id="ssoconfig" class="com.fatwire.wem.sso.oam.conf.OAMConfig">
                      <!-- URL prefix for REST service endpoint -->
                      <property name="serviceUrl" value="http://{ohs_server_host}:{ohs_port}/{sites_context_root}/REST" />
                      
                      <!-- URL prefix for Token Service servlet -->
                      <property name="ticketUrl" value="http://{oamtoken_server_host}:{oamtoken_port}/oamtoken" />
                      
                      <!-- URL to be called when WEM logout is required. -->
                      <property name="signoutUrl" value="http://{oam_server_host}:{oam_port}/oam/server/logout?end_url=http%3A%2F%2F{ohs_server_host}%3A{ohs_port}%2F{sites_context_root}%2Fwem%2Ffatwire%2Fwem%2FWelcome"/>
                      
                      <!-- Do not proxy tickets, tt's the last server in thecall chain -->
                      <property name="proxyTickets" value="false" />
                      
                      <!-- Database Credentials needed by user lookup inOAMFilter -->
                      <property name="dbUsername" value="fwadmin" />
                      <property name="dbPassword" value="xceladmin"/>
                      
                      <!-- Your application protected resources (relative to applicationUrl) -->
                      <property name="protectedMappingIncludes">
                              <list>
                                      <value>/__admin</value>
                                      <value>/__admin/**</value>
                              </list>
                      </property>
                      
                      <!-- Your application protected resources excludes (relative to applicationUrl) -->
                      <property name="protectedMappingExcludes">
                              <list>
                                      <value>/__admin/layout</value>
                              </list>
                      </property>
                      <property name="applicationProxyCallbackPath" value="/sso/proxycallback" />
                      <property name="gateway" value="false" />
              </bean>
              
              <context:component-scan base-package="com.fatwire.crawler.remote.dao" />
              <context:component-scan base-package="com.fatwire.crawler.remote.support" />
              <context:component-scan base-package="com.fatwire.crawler.remote.di" />
              <context:component-scan base-package="com.fatwire.crawler.remote.resources.support" />
      
      </beans>
      

      Note:

      To update mod_wl_ohs.conf file the following code has to be included:
      <IfModule weblogic_module>
      <Location /__admin>
                      SetHandler weblogic-handler
                      WebLogicHost SITECAPTURE_HOST
              WebLogicPort SITECAPTURE_HOST 
      </Location>
      </IfModule>
      
       

13.2.2 Integrating OAM with Oracle WebCenter Sites: Satellite Server

Configuring a Satellite Server for Oracle Access Manager integration is a simpler procedure than for WebCenter Sites. For more information on Integrating OAM with WebCenter Sites using Satellite Server, see Integrating OAM with Oracle WebCenter Sites: Satellite Server

Note:

The code example below gives the RSS configuration in OAM OHS, and mod_wl_ohs.conf file.
<IfModule weblogic_module>
 <Location /ss>
       SetHandler weblogic-handler
       WebLogicHost SATELLITESERVER_HOST
     WebLogicPort SATELLITESERVER_HOST
 </Location>
 </IfModule>

13.2.3 Integrating OAM with Visitor Services

Before performing steps described in this section, ensure that you have configured the OAMIdentityProvider provided with Visitor Services.  The OAM identity provider enables Visitor Services to communicate with OAM. For more information on Integrating OAM with Visitor Services, see Oracle Fusion Middleware Developing with Oracle WebCenter Sites.

Note:

The code example below gives the Visitor configuration in OAM OHS, and mod_wl_ohs.conf file.
<IfModule weblogic_module>
    <Location /oamlogin>
      SetHandler weblogic-handler
       WebLogicHost SITES_HOST
       WebLogicPort SITES_PORT
   </Location>
 </IfModule>
 <IfModule weblogic_module>
 <Location /visitors-webapp>
   SetHandler weblogic-handler       
        WebLogicHost VISITORSERVICES_HOST    
        WebLogicPort VISITORSERVICES_HOST
 </Location>
 </IfModule>