Oracle WebCenter Configuration

Oracle® WebCenter DiscussionsInstallation and Configuration Guide

10g Release 3 (10.1.3.4.0)

E14210-01

June 2009

Oracle WebCenter Discussions Installation and Configuration Guide, 10g Release 3 (10.1.3.4.0)

E14210-01

Copyright © 2007, 2009, Oracle and/or its affiliates. All rights reserved.

Primary Author: Michele Cyran

Contributing Authors: Rahmath Baig, Marcie Caccamo, Vineet Duggal, Sumit Dubey, Medini Kakade, Pankaj Mittal, Pedro Nunes, Skip Sauls, Nitin Shah, Savita Thakur, Vanessa Wang

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:

U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.

This software is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications which may create a risk of personal injury. If you use this software in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure the safe use of this software. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software in dangerous applications.

Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This software and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.

iii

Contents

Preface ................................................................................................................................................................. v

Audience....................................................................................................................................................... vDocumentation Accessibility ..................................................................................................................... vRelated Documents ..................................................................................................................................... viConventions ................................................................................................................................................. vi

1 Installing Oracle WebCenter Discussions

1.1 Introducing Oracle WebCenter Discussions........................................................................... 1-11.1.1 Adding Discussions by Using Sample Portlets ............................................................... 1-21.2 Installing Oracle WebLogic Server 10.3 .................................................................................. 1-21.3 Creating a Domain...................................................................................................................... 1-21.4 Installing Oracle WebCenter Discussions 5.5.20 .................................................................... 1-51.5 Upgrading an Existing Deployment ..................................................................................... 1-10

2 Configuring Single Sign-On

2.1 Configuring Oracle Access Manager for Single Sign-On...................................................... 2-12.1.1 Installing Oracle Access Manager ..................................................................................... 2-22.1.2 Installing an Access Server................................................................................................. 2-22.1.3 Installing Oracle HTTP Server for Oracle WebCenter Discussions ............................. 2-32.1.3.1 Configuring mod_weblogic ........................................................................................ 2-42.1.3.2 Validating the OPMN .................................................................................................. 2-52.1.4 Installing an Access Gate .................................................................................................... 2-62.1.4.1 Creating the Access Gate Instance in the Access System Console ........................ 2-62.1.4.2 Installing the Access Gate............................................................................................ 2-62.1.5 Setting Up Oracle Access Manager ................................................................................... 2-72.1.5.1 Configuring the Access Gate ...................................................................................... 2-72.1.5.2 Configuring the Access Server ................................................................................... 2-82.1.6 Configuring Authentication Management....................................................................... 2-92.1.6.1 Configuring the Authentication Scheme................................................................... 2-92.1.6.2 Creating a New Policy Domain in Oracle Access Manager ................................ 2-112.1.7 Configuring a Custom Login Page for Oracle Access Manager ................................ 2-152.1.8 Installing the Security Provider for WebLogic SSPI .................................................... 2-162.2 Configuring Oracle WebCenter Discussions for Single Sign-On...................................... 2-212.2.1 Using the LDAP User Identity Store.............................................................................. 2-212.2.2 Configuring SSO in Oracle WebCenter Discussions ................................................... 2-24

iv

2.2.2.1 Configuring SSO within the Jive Forums Admin Console.................................. 2-242.2.2.2 Running deploy-discussions-sso.jar to Complete SSO Configuration .............. 2-252.2.2.3 Manually Completing Single Sign-On Configuration ......................................... 2-272.2.3 Accessing Oracle WebCenter Discussions .................................................................... 2-29

A Oracle WebLogic Configuration Screens

A.1 Welcome Screen ......................................................................................................................... A-2A.2 Select Domain Source Screen ................................................................................................... A-3A.3 Configure Administrator Username and Password Screen ................................................ A-4A.4 Configure Server Start Mode and JDK Screen....................................................................... A-5A.5 Customize Environment and Service Settings Screen.......................................................... A-6A.6 Configure RDBMS Security Store Database Screen .............................................................. A-7A.7 Configure the Administration Server Screen......................................................................... A-8A.8 Configure Managed Servers Screen ........................................................................................ A-9A.9 Configure Clusters Screen ...................................................................................................... A-10A.10 Assign Servers to Clusters Screen ......................................................................................... A-11A.11 Configure Machines Screen.................................................................................................... A-12A.12 Assign Servers to Machines Screen ....................................................................................... A-13A.13 Review WebLogic Domain Screen ........................................................................................ A-14A.14 Create WebLogic Domain Screen .......................................................................................... A-15A.15 Creating Domain Screen ......................................................................................................... A-16

B Frequently Asked Questions

Index

v

Preface

This guide describes how to install Oracle WebCenter Discussions and configure it for use with Oracle WebCenter, Oracle WebLogic Portal, and Oracle WebCenter Interaction applications

AudienceThis guide is written for the portal application developer and the portal site administrator looking to discussions to their application.

This guide assumes that the audience has access to the Oracle Application Development Framework Developer's Guide and is familiar with the following concepts:

■ Java

■ Oracle JDeveloper

■ Java Server Faces

■ Oracle Application Development Framework (Oracle ADF) (purpose, basic architecture, basic development skills)

■ Oracle ADF Faces components

■ Oracle WebLogic Server

Documentation AccessibilityOur goal is to make Oracle products, services, and supporting documentation accessible to all users, including users that are disabled. To that end, our documentation includes features that make information available to users of assistive technology. This documentation is available in HTML format, and contains markup to facilitate access by the disabled community. Accessibility standards will continue to evolve over time, and Oracle is actively engaged with other market-leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers. For more information, visit the Oracle Accessibility Program Web site at http://www.oracle.com/accessibility/.

Note: For the portable document format (PDF) version of this manual, when a URL breaks onto two lines, the full URL data is not sent to the browser when you click it. To get to the correct target of any URL included in the PDF, copy and paste the URL into your browser's address field. In the HTML version of this manual, you can click a link to directly display its target in your browser.

vi

Accessibility of Code Examples in DocumentationScreen readers may not always correctly read the code examples in this document. The conventions for writing code require that closing braces should appear on an otherwise empty line; however, some screen readers may not always read a line of text that consists solely of a bracket or brace.

Accessibility of Links to External Web Sites in DocumentationThis documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites.

Deaf/Hard of Hearing Access to Oracle Support ServicesTo reach Oracle Support Services, use a telecommunications relay service (TRS) to call Oracle Support at 1.800.223.1711. An Oracle Support Services engineer will handle technical issues and provide customer support according to the Oracle service request process. Information about TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html, and a list of phone numbers is available at http://www.fcc.gov/cgb/dro/trsphonebk.html.

Related DocumentsDetailed documentation on Oracle WebCenter, Oracle WebCenter Interaction, Oracle Application Development Framework (ADF), Oracle Application Server, Oracle WebLogic Portal, and Oracle WebLogic Server is available at http://webcenter.oracle.com.

ConventionsThe following text conventions are used in this document:

Convention Meaning

boldface Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary.

italic Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values.

monospace Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter.

1

Installing Oracle WebCenter Discussions 1-1

1 Installing Oracle WebCenter Discussions

This chapter explains how to integrate Oracle WebCenter Discussions into Oracle WebCenter, Oracle WebLogic Portal, and Oracle WebCenter Interaction applications. Discussion forums let users share information and discuss topics. This chapter includes the following sections:

■ Section 1.1, "Introducing Oracle WebCenter Discussions"

■ Section 1.2, "Installing Oracle WebLogic Server 10.3"

■ Section 1.3, "Creating a Domain"

■ Section 1.4, "Installing Oracle WebCenter Discussions 5.5.20"

■ Section 1.5, "Upgrading an Existing Deployment"

For more information about installation and configuration, see Appendix B, "Frequently Asked Questions."

1.1 Introducing Oracle WebCenter DiscussionsOne of the services that you can integrate into your application is a discussion forum. Users can browse to locate pertinent messages from the discussion forum to read, and they can add their own posts or replies. In particular, Oracle WebCenter Discussions provides a J2EE application with an open architecture and extensive features.

Table 1–1 shows the supported technologies available for releases that include Oracle WebCenter Discussions.

Notes:

■ This release has been certified on supported Linux and Windows platforms only.

■ This release has been certified to work with Oracle Access Manager.

Installing Oracle WebLogic Server 10.3

1-2 Oracle WebCenter Discussions Installation and Configuration Guide

Oracle WebCenter Discussions 10.1.3.4.0 is a complete product release that includes fresh installation and upgrade options. It contains a discussions server that can be deployed on Oracle WebLogic Server 10.3 and configured for single sign-on (SSO) with Oracle Access Manager 10g. This release does not support the following SSO servers supported in previous releases: Oracle SSO and JSSO. This 10.1.3.4.0 release also deprecates the JSR 168-based discussion portlets included with previous releases (10.1.3.x).

Hence, Oracle WebCenter Discussions 10.1.3.4.0 is focused on customers who are installing Oracle WebCenter Discussions for the first time or who are upgrading from an Oracle Access Manager-based authentication setup. Current customers who use Oracle SSO or JSSO should migrate to this release if, and only if, they are ready to migrate to Oracle WebLogic Server 10.3 with Oracle Access Manager for SSO and they do not need out-of-the-box portlets.

1.1.1 Adding Discussions by Using Sample PortletsIn your applications, you can add the sample portlets available on the Oracle WebCenter Additional Services 10g Release 3 (10.1.3.4.0) page on the Oracle Technology Network:

http://www.oracle.com/technology/products/webcenter/owcs_10134_addtlservices.html

The page has information about the sample portlets, including how to download and install them.

1.2 Installing Oracle WebLogic Server 10.3 Oracle WebCenter Discussions 10.1.3.4.0 is deployed on Oracle WebLogic Server 10.3. Before you can deploy Oracle WebCenter Discussions, you must have Oracle WebLogic Server 10.3 installed. For information on system requirements and the steps to install Oracle WebLogic Server, see the installation guide posted at:

http://download.oracle.com/docs/cd/E12840_01/common/docs103/install/index.html

1.3 Creating a DomainYou will deploy Oracle WebCenter Discussions in a domain. A domain is the basic administrative unit of Oracle WebLogic Server. The domain infrastructure consists of one administration server and optional managed servers and clusters.

To deploy Oracle WebCenter Discussions on Oracle WebLogic Server, you must create a new domain with the Oracle WebLogic Configuration Wizard.

Table 1–1 Oracle WebCenter Discussions Supported Technologies

Release OC4JJive Forums

Oracle WebLogic Server

Oracle Access Manager

Oracle Single Sign-On

Java Single Sign-On (JSSO) Portlet

10.1.3.2.0 10.1.3.2+ Jive 5.1.0 yes

10.1.3.3.0 10.1.3.3+ Jive 5.1.0 yes yes yes yes

10.1.3.4.0 Jive 5.5.20 10.3+ yes

Creating a Domain


To create a new domain, follow the instructions in Table 1–2. For additional information about the configuration pages, see Appendix A, "Oracle WebLogic Configuration Screens".

Table 1–2 Configuration Flow for Creating a New Domain

No. ScreenWhen Does This Screen Appear? Description and Action Required

1 None. Always Start the Oracle WebLogic Configuration Wizard from the $ORACLE_HOME/wlserver_10.3/common/bin directory.

$ORACLE_HOME refers to the directory where you installed Oracle WebLogic Server.

On Linux:

Run ./config.sh

On Windows:

Double-click config.cmd

2 Welcome Screen Always Select Create a new WebLogic domain.

Click Next to continue.

3 Select Domain Source Screen

Always Select Generate a domain configured automatically to support the following products.


4 Configure Administrator Username and Password Screen

Always Specify a user name and password for the Administrator user account. This is the user name and password that you will use to log on to your discussions server. By default, the weblogic user comes seeded in the screen.


5 Configure Server Start Mode and JDK Screen

Always Select the domain startup mode and the JDK to be used for the domain.


6 Customize Environment and Service Settings Screen

Always Specify whether you want to customize any environment or service settings listed on the screen.

If you select Yes, then the wizard displays screens where you can configure the Admin server, managed servers, clusters, and other settings for your domain.

If you select No, the Create WebLogic Domain Screen displays directly.


7 Configure RDBMS Security Store Database Screen

If you selected Yes on the Customize Environment and Service Settings Screen.

If necessary, make changes to your RDBMS for security store.


8 Configure the Administration Server Screen


If necessary, customize the Admin server of your domain.


9 Configure Managed Servers Screen


Configure one or more managed servers for your enterprise applications. Click Add and then specify the name, listen address, listen port, and secure socket layer (SSL) details of the managed server.


Creating a Domain


10 Configure Clusters Screen If you selected Yes on the Customize Environment and Service Settings Screen.

If necessary, configure one or more clusters.


11 Assign Servers to Clusters Screen

If you selected Yes on the Customize Environment and Service Settings Screen, and Add on the Configure Clusters Screen.

Assign managed servers to a cluster in the domain.


12 Configure Machines Screen


If necessary, configure machines to host the WebLogic Server instance.


13 Assign Servers to Machines Screen

If you selected Yes on the Customize Environment and Service Settings Screen and Add on the Configure Machines Screen.

Assign each WebLogic Server instance to the machine on which it runs.


14 Review WebLogic Domain Screen

Always Review the contents of your domain.


15 Create WebLogic Domain Screen

Always Specify the name as owc_discussions, and specify the location of the domain you want to create.

Click Create to create the domain.

16 Creating Domain Screen Always Click Done when finished.

Table 1–2 (Cont.) Configuration Flow for Creating a New Domain

No. ScreenWhen Does This Screen Appear? Description and Action Required

Installing Oracle WebCenter Discussions 5.5.20


1.4 Installing Oracle WebCenter Discussions 5.5.20This section describes how to install Oracle WebCenter Discussions 5.5.20.

1. Download Oracle WebCenter Discussions 5.5.20 from Oracle's Electronic Delivery (edelivery) at http://edelivery.oracle.com/ or from the Oracle WebCenter Additional Services 10g Release 3 (10.1.3.4.0) page on the Oracle Technology Network at http://www.oracle.com/technology/products/webcenter/owcs_10134_addtlservices.html. Follow the instructions on OTN to download the V15935-01.zip file to a folder on your system. The V15935-01.zip file contains two more zip files:

■ Oracle-Discussions.zip (Oracle WebCenter Discussions)

■ Oracle-Wikis-Blogs.zip (Oracle WebCenter Wiki and Blog Server)

2. Unzip the Oracle-Discussions.zip file. This contains the following files:

■ deploy-discussions-sso.jar

■ jive_forums_silver_5_5_20_oracle_01092009.zip

■ oracle-discussions-sso.zip

3. Unzip jive_forums_silver_5_5_20_oracle_01092009.zip.

This document refers to this folder as $unzipped_dir.

4. Install Oracle WebCenter Discussions 5.5.20:

Note: To increase the memory settings, edit setDomainEnv.cmd in Windows or setDomainEnv.sh in Linux (located in $WLS_HOME/user_projects/domains/owc_discussions/bin) as follows:

MEM_ARGS="-Xms512m -Xmx1024m"export MEM_ARGS MEM_PERM_SIZE="-XX:PermSize=128m"export MEM_PERM_SIZE MEM_MAX_PERM_SIZE="-XX:MaxPermSize=256m"export MEM_MAX_PERM_SIZE

Note: The default values are the following:

MEM_ARGS="-Xms256m -Xmx512m"export MEM_ARGS MEM_PERM_SIZE="-XX:PermSize=48m"export MEM_PERM_SIZE MEM_MAX_PERM_SIZE="-XX:MaxPermSize=128m"export MEM_MAX_PERM_SIZE

Note: This document refers to the domain directory as $WLS_HOME/user_projects/domains.



a. Copy the jiveHome directory from the distribution ($unzipped_dir/jive_forums_silver_5_5_20_oracle/jiveHome) to a permanent directory. We use /opt/product/JIVE as an example.

cd $unzipped_dir/jive_forums_silver_5_5_20_oracle/mkdir -p /opt/product/JIVE (for example)cp -R $unzipped_dir/jive_forums_silver_5_5_20_oracle/jiveHome /opt/product/JIVE

b. Set the location of the jiveHome directory using the EditWAR tool. The EditWAR tool is a small application that will modify the packaged web application (jiveforums.war) to point to the jiveHome directory. The jiveforums.war file is also in the base directory of this distribution.

export PATH=$WLS_HOME/jdk160_05/bin:$PATHcd $unzipped_dir/jive_forums_silver_5_5_20_oracle java -jar EditWAR.jar jiveforums.war---------------------------------------------------------------------This utility will modify your WAR file to correctly point toyour jiveHome directory by editing WEB-INF/classes/jive_init.xml Enter the full path to your jiveHome directory:> /opt/product/JIVE/jiveHome Setting jiveHome to: /opt/product/JIVE/jiveHome.....................................................................---------------------------------------------------------------------

Complete instructions are located in $unzipped_dir/jive_forums_silver_5_5_20_oracle/documentation/install-guide.html.

For more information, see the Administrator's Guide located in $unzipped_dir/jive_forums_silver_5_5_20_oracle/documentation/forums-admin-guide.pdf.

5. Go to the $WLS_HOME/user_projects/domains/owc_discussions directory and create a directory in it with the name owc_discussions. For example:

cd $WLS_HOME/user_projects/domains/owc_discussionsmkdir owc_discussions

The new directory structure is $WLS_HOME/user_projects/domains/owc_discussions<this is the newly-created domain for Discussions>/owc_discussions (this is where you will deploy Discussions>.

6. Copy jiveforums.war from the zip extracted directory ($unzipped_dir/jive_forums_silver_5_5_20_oracle) to this owc_discussions directory. For example:

cd owc_discussions <to go into the newly created directory>cp $unzipped_dir/jive_forums_silver_5_5_20_oracle/jiveforums.war

Note: The directory must be readable and writable by your application server, but it should not be in the document path of your web server. That is, people should not be able to access the directory from a URL like http://www.yourserver.com/jiveHome.



7. Extract jiveforums.war (for example, with unzip jiveforums.war) in the owc_discussions directory.

8. Delete jiveforums.war (for example, with rm jiveforums.war) from this directory.

9. Start your Oracle WebLogic Server from $WLS_HOME/user_projects/domains/owc_discussions/bin using startWebLogic.cmd on Windows or ./startWebLogic.sh on Linux.

10. After the server has started, access the WebLogic console from the URL http://<host>:<port>/console. The console port is the port entered when you created the domain. (See Section A.9, "Configure Clusters Screen") If you did not enter a console port when you created the domain, then, by default, the port is 7001.

11. Log on with the user name and password that you gave when creating the domain. By default, the user name in weblogic.

12. After you are logged-in, click the Deployments option on the left.

13. Click Install and choose the owc_discussions directory that you created under $WLS_HOME/user_projects/domains/owc_discussions when creating the domain. (Figure 1–1).

Figure 1–1 Install Application Assistant

14. Click Next.

15. Choose targeting style as Install this deployment as an application.

16. Click Next.

17. Choose the managed server where you will deploy the owc_discussions application; for example, the discussionserver managed server.

Note: If you are using Production Mode, then click the Lock and Edit button on the left side to activate the Install button.



18. Click Next.

19. For the default options, under Source Accessibility, select to enter the location of the target server on which owc_discussions will be installed. (Figure 1–2)

The option Use the defaults defined by the deployment's targets may go to the same location.

Figure 1–2 Source Accessibility

20. Click Next.

21. Click Finish.

22. Start the managed server.

■ To start the managed server on Linux:

a. Navigate to $WLS_HOME/user_projects/domains/owc_discussions/bin.

b. Run the following

./startManagedWebLogic.sh <managedserver name> <Admin-Server URL>

For example, if your managed server named discussionserver is deployed on the default port on your local machine, then you can run the following command to start the managed server:

Note: Oracle recommends deploying custom applications on a separate managed server.

If you are not running a managed Oracle WebLogic Server as the target to deploy, then it will be deployed in the Admin Server. If you are using Production Mode, then you must click Activate changes after the deployment, select the application, and click Start - Servicing all request.



./startManagedWebLogic.sh discussionserver http://localhost:7001 .

c. Enter the user name and password of the domain administrator to start the managed server.

■ To start the managed server on Windows:

a. Navigate to $ORACLE_HOME/user_projects/domains/owc_discussions/bin.

b. Run startManagedWebLogic.cmd discussionserver http://localhost:7001.

c. Enter the user name and password of the domain administrator to start the managed server.

23. Access the Oracle WebCenter Discussions URL http://<host>:<port>/owc_discussions and follow the steps in the document $unzipped_dir/jive_forums_silver_5_5_20_oracle/documentation/install-guide.html.

a. For Installation Checklist, make sure that the jiveHome directory contains a valid jive.license file. If the jive.license file is not in the /opt/product/JIVE/jiveHome directory, then you must or copy and paste its value on to the UI.

b. For Datasource Settings, choose the Standard Database Connection option, and fill in all fields.

First, you must create the JIVE schema within the database. Do so with the following:

sqlplus system/<password>CREATE USER jiveIDENTIFIED BY jive;GRANT CONNECT, RESOURCE TO jive;exit cd $unzipped_dir/jive_forums_silver_5_5_20_oracle/databasesqlplus jive/jive @jive_forums_oracle.sqlexit

Then, choose Oracle as JDBC Presets, and fill in the rest of the details: JDBC URL, Username, Password, Connections and Connection Timeout.

c. For User System, choose the authentication.

d. For Email Settings, fill in all the details in case you'd like watch updates, password resetting and other features, Jive Forums needs a way to connect to an email (SMTP) server.

Note: If you cannot access the jive.license file, see note 789952.1 on My Oracle Support (formerly MetaLink) at https://metalink.oracle.com/.

Note: Most installations should use the default implementation. The other options can be used when you need to integrate Jive Forums with an existing user database or authentication system, such as Oracle Internet Directory.

Upgrading an Existing Deployment


e. For Admin Account, choose the administrator account for Discussions.

24. When Jive prompts you to restart, restart your managed server.

25. To confirm that you have successfully set up Oracle WebCenter Discussions, go to the Admin Console and log on as the administrator you created during the installation process. For example:

a. Go to http://<host>:<port>/owc_discussions/admin.

b. Log on as the administer for Discussions (Jive 5.5.20). This was created in step 21.e.

c. To start the upgrade process, verify that you have backed up your database and your Jive Forums configuration files (jiveHome). Also verify that your jiveHome directory is located at: /opt/product/JIVE/jiveHome.

d. Click Start Upgrade.

e. A message will display saying that all upgrade tasks have been completed and that you should restart the application before proceeding to the community home page.

f. Restart again the managed server that contains the owc_discussions discussions server.

cd $WLS_HOME/user_projects/domains/owc_discussions/bin./startManagedWebLogic.sh discussionserver http://<host>:<port>:7001

g. Go to http://<host>:<port>/owc_discussions/admin.

h. Log on as the administrator the Discussions (Jive 5.5.20), created in step 21.e, to get to the Oracle WebCenter Discussions Admin Console.

1.5 Upgrading an Existing DeploymentThis release supports Oracle WebCenter Discussions deployed on Oracle WebLogic Server 10.3 and integrated with Oracle Access Manager for single sign-on.

Only the database upgrade from previous releases to this release is supported.

This section describes the steps to upgrade to Oracle WebCenter Discussions 10.1.3.4.0, but you may also want to refer to upgrade-guide.html along with forums-admin-guiide.html and install-guide.html from $unzipped_dir/jive_forums_silver_5_5_20_oracle/documentation.

Upgrade steps:

1. Take a backup of your existing Oracle WebCenter Discussions database schema and jiveHome directory.

2. Log on to the Oracle WebCenter Discussions Admin Console; for example, http://<host>:<port>/owc_discussions/admin.

3. Go to the System Properties link from the sidebar, and the remove following system properties. You need to remove the below system properties only if they are pointing to custom Oracle classes as defined below:

Note: The first time after successful login, you are prompted to follow the upgrade page before starting to use Oracle WebCenter Discussions.

■ AuthFacotry.className

(if this is set to Oracle-specific class oracle.jive.sso.OracleSSOAuthFactory)

■ UserManager.className

(if this is set to Oracle-specific class oracle.jive.sso.OracleSSOUserManager)

4. Install Oracle WebCenter Discussions 10.1.3.4.0, following the previous steps in this chapter.

5. You can use the same jiveHome directory that you have already configured with your existing setup. This will ensure that it points to the same database configured for existing setup even after migration.

6. Make sure jive_startup.xml in your jiveHome directory does not have tryAlternativeLogin option set to true for admin. If the following tag is present, remove it or comment it out:



7. Restart Oracle WebLogic Server.

8. Go to your Oracle WebCenter Discussions index page: http://<host>:<port>/owc_discussions.

9. It will display an upgrade page. Log on with the appropriate administrator user name and password. (For example: The user can be oc4jadmin with your configured password.)

10. If you do not see the upgrade page, your browser page hangs with the "System is running upgrade" message, or logs show errors that table or view does not exist, then you can apply following steps as a workaround:

a. Stop your Oracle WebLogic managed server.

b. Go to your database schema, and run following SQL command:

UPDATE "JIVEVERSION" SET VERSION = '0' WHERE NAME='community'; commit;

c. Start your Oracle WebLogic Managed server.

d. Go to discussions page at http://host:port/owc_discussions.

e. After login, the upgrade will start.

Notes:

■ You may need to restart Oracle WebLogic Server and run through the upgrade screen a couple times.

■ Ignore any errors on the WebLogic console about upgrade or table not found.

Note: There is only one row in this table.



f. You may see error messages for table or view already exists: "name is already used by an existing object".

Figure 1–3 Error: name is already used by an existing object

g. Choose the Manual option.

h. On the verification page, click Finished when you are done.

Figure 1–4 Upgrade Finished

i. Now the upgrade will resume.

j. If you are prompted again with the same table or view already exists error, then follow the previous steps to fix it.

k. After all the required tables are upgraded successfully, restart your Oracle WebLogic managed server.

l. Try to access the discussions URL. If it prompts for upgrade, then follow the Upgrade console page, and complete the process.

m. After the second time, you should see the upgrade success page.

n. Restart your Oracle WebLogic managed server again.

o. Go to the discussions server URL. It should show the community home page.

11. After the upgrade is complete and you can successfully see the Oracle WebCenter Discussions index page, follow the instructions in Chapter 2, "Configuring Single Sign-On."

Note: Check the Oracle WebLogic managed server and Jive logs. They should not report any errors that table or view does not exist.

2

Configuring Single Sign-On 2-1

2 Configuring Single Sign-On

This chapter explains how to configure single sign-on in an Oracle WebCenter Discussions application. This chapter includes the following sections:

■ Section 2.1, "Configuring Oracle Access Manager for Single Sign-On"

■ Section 2.2, "Configuring Oracle WebCenter Discussions for Single Sign-On"

For more information about installation and configuration, see Appendix B, "Frequently Asked Questions."

2.1 Configuring Oracle Access Manager for Single Sign-OnThis section describes the steps, summarized below, to configure Oracle Access Manager for single sign-on:

1. Install Oracle Access Manager (Section 2.1.1)

2. Install an Access Server (Section 2.1.2)

3. Install Oracle HTTP Server (Section 2.1.3)

4. Install an Access Gate (WebGate) (Section 2.1.4)

5. Configure Oracle Access Manager (Section 2.1.5)

6. Configure authentication (Section 2.1.6)

7. Configure a custom login page for Oracle Access Manager (Section 2.1.7)

8. Install the security provider for WebLogic SSPI (Section 2.1.8)

Oracle Access Manager authentication for Oracle WebCenter Discussions requires the following components:

■ Oracle HTTP Server 10.1.3.3+

■ Each Oracle HTTP Server configured for integration with Oracle Access Manager must have an Access Gate installed

■ Oracle Access Manager Identity Server 10.1.4.0.1

■ Oracle Access Manager WebPass 10.1.4.0.1

■ Oracle Access Manager 10.1.4.2.0

■ Oracle Internet Directory 10.1.4.0.1 (Oracle Virtual Internet Directory 10.1.4.0.1 is optional)

Configuring Oracle Access Manager for Single Sign-On


2.1.1 Installing Oracle Access ManagerOracle Access Manager Release 10g (10.1.4.2.0) is a patch set, so it cannot be installed directly. For example, after installing 10g (10.1.4.0.1), you can apply Release 10.1.4 patch set 1 (10.1.4.2.0) to installed components. See note 736372.1 on My Oracle Support (formerly MetaLink) for the Oracle Access Manager bundle patch release history.

This document explains how to also add base patch 5957301 and the latest bundle patch 7408035. In summary, here are the steps to install Oracle Access Manager:

1. Confirm that prerequisites have been satisfied for Oracle Access Manager.

2. Install the Identity Server

3. Install Oracle HTTP Server 10.1.3.3+ (from the Companion CD) for Identity Server and WebPass

http://<hostname>.<domain>:<port>

4. Install the Web Pass

5. Test the user interface

http://<hostname>.<domain>:<port>/identity/oblix

6. Install the Policy Manager

7. Test the user interface

http://<hostname>.<domain>:<port>/access/oblix

8. Configure the Identity System Console

9. Configure the Access System Console

10. Create an Access Server Instance within the Access System Console (Section 2.1.2)

11. Install the Access Server (Section 2.1.2)

The documentation in this chapter is provided as a general guideline. For detailed information about Oracle Access Manager, see the Oracle Access Manager documentation posted at:

http://download.oracle.com/docs/cd/E10761_01/doc/index.htm

2.1.2 Installing an Access ServerAn Access Server must be installed for Oracle WebCenter Discussions.

For detailed information about installing an Access Server, see Oracle® Access Manager Installation Guide 10g (10.1.4.2.0) "Chapter 8, Installing the Access Server". This is posted at:

http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32412/a_srvr.htm

You will be asked to create an Access Server instance in the Access System Console. Leave all defaults as they are, except the following specific entries:

Note: You must apply Oracle Access Manager Release 10g patch 5957301 (or higher) and patch 7408035 (or higher) to all Oracle Access Manager components.



■ Set Name to wls-jive-access-server

■ Set Hostname to the host on which Oracle HTTP Server resides

■ Set Port to 6021 or to any other available port

■ Set Access Management Service to On

The saved values should look something like the following:

Name wls-jive-access-server Hostname host.domain.com Port 6021 Debug Off Debug File Name Transport Security Open Maximum Client Session Time (hours) 24 Number of Threads 60 Access Management Service On Audit to Database (on/off) Off Audit to File (on/off) Off Audit File Name Audit File Size (bytes) 0 Buffer Size (bytes) 512000 File Rotation Interval (seconds) 0 Engine Configuration Refresh Period 14400 (seconds) URL Prefix Reload Period (seconds) 7200 Password Policy Reload Period (seconds)7200 Maximum Elements in User Cache 100000 User Cache Timeout (seconds) 1800 Maximum Elements in Policy Cache 10000 Policy Cache Timeout (seconds) 7200 SNMP State Off SNMP Agent Registration Port Session Token Cache Enabled Maximum Elements in Session Token Cache 10000

After creating this instance in the Access System Console, install the actual Access Server, using the Oracle Access Manager command appropriate to your platform.

For more information, see the installation guide posted at:

http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32412/a_srvr.htm

2.1.3 Installing Oracle HTTP Server for Oracle WebCenter DiscussionsEach Oracle HTTP Server configured for integration with Oracle Access Manager must have an Access Gate installed.

Install Oracle HTTP Server 10.1.3.3+ for Apache 2.0. This can be downloaded from edelivery at http://edelivery.oracle.com/ from the Oracle® Application Server 10g Release 3 (10.1.3) Media Pack, or from the Oracle10g Release 3 Companion CD (10.1.3.x) at:



http://www.oracle.com/technology/software/products/ias/htdocs/101310.html

After installing Oracle HTTP Server, install the Apache HTTP Server plug-in (mod_wl_20). This can be downloaded from:

http://download.oracle.com/otn/bea/weblogic/server103/WLSWebServerPlugins1.0.1150354-Apache.zip

Detailed installation instructions are posted at:

http://e-docs.bea.com/wls/docs103/plugins/apache.html#wp131399

2.1.3.1 Configuring mod_weblogicFollow these steps to configure mod_weblogic:

1. Install mod_wl into Oracle HTTP Server 10.1.3.3+.

Without this step, you get the following error when you start Oracle HTTP Server:

--------09/02/12 01:35:25 Start process--------/scratch/ohsoam/install/ohs/ohs/bin/apachectl startssl: execing httpdSyntax error on line 247 of/scratch/ohsoam/install/ohs/ohs/conf/httpd.conf:Cannot load /scratch/ohsoam/install/ohs/ohs/modules/mod_wl_20.so intoserver: /scratch/ohsoam/install/ohs/ohs/modules/mod_wl_20.so: cannot openshared object file: No such file or directory

2. Confirm that you have the following entries at the end of httpd.conf (after the automatic updates to httpd.conf through Webgate Installer).

For Linux:

#*** BEGIN WebGate Specific ****

LoadFile "/scratch/ohsoam/install/webgate/access/oblix/lib/libgcc_s.so.1"LoadFile "/scratch/ohsoam/install/webgate/access/oblix/lib/libstdc++.so.5" LoadModule obWebgateModule "/scratch/ohsoam/install/webgate/access/oblix/apps/webgate/bin/webgate.so"WebGateInstalldir "/scratch/ohsoam/install/webgate/access" LoadModule weblogic_module modules/mod_wl_20.so <IfModule mod_weblogic.c>MatchExpression /owc_discussions WebLogicHost=<host>|WebLogicPort=<port></IfModule> WebGateMode PEER <Location /access/oblix/apps/webgate/bin/webgate.cgi>SetHandler obwebgateerr</Location> <Location "/oberr.cgi">SetHandler obwebgateerr</Location> <LocationMatch "/*">AuthType Oblix



require valid-user</LocationMatch>

#*** END WebGate Specific ****

For Windows:

#*** BEGIN WebGate Specific **** LoadModule obWebgateModule "C:\OHSOAM\webgate\access/oblix/apps/webgate/bin/webgate.dll"WebGateInstalldir "C:\OHSOAM\webgate\access" LoadModule weblogic_module modules/mod_wl_20.so <IfModule mod_weblogic.c>MatchExpression /owc_discussions WebLogicHost=<host>|WebLogicPort=<port></IfModule>

WebGateMode PEER <Location /access/oblix/apps/webgate/bin/webgate.cgi>SetHandler obwebgateerr</Location> <Location "/oberr.cgi">SetHandler obwebgateerr</Location> <LocationMatch "/*">AuthType Oblixrequire valid-user</LocationMatch> #*** END WebGate Specific ****

3. Configure the module mod_wl in Oracle HTTP Server so that it forwards requests to Oracle HTTP Server. To configure Oracle HTTP Server to work with multiple non-clustered servers, use the following example in httpd.conf:

LoadModule weblogic_module modules/mod_wl_20.so <IfModule mod_weblogic.c> MatchExpression /owc_discussions WebLogicHost=jive.wls.example.com|WebLogicPort=8888</IfModule>

2.1.3.2 Validating the OPMNConfirm that you have the following configuration in Oracle HTTP Server. The opmn.xml entries for Oracle HTTP Server where the Access Gate will be installed should include the following:

<ias-component id="HTTP_Server"> <process-type id="HTTP_Server" module-id="OHS2"> <environment>

Note: The WebLogic port is the port of the managed server where Discussions is deployed.



<variable id="TMP" value="/tmp"/> <variable id="LD_ASSUME_KERNEL" value="2.4.19"/> </environment> <module-data> <category id="start-parameters"> <data id="start-mode" value="ssl-enabled"/> </category> </module-data> <process-set id="HTTP_Server" numprocs="1"/> </process-type> </ias-component> </ias-instance>…

2.1.4 Installing an Access GateFor Oracle WebCenter Discussions to be protected with Oracle Access Manager single sign-on, first install Oracle HTTP Server 10.1.3.3+ for Apache 2.0. Next, install the Access Gate module on the same machine where Oracle HTTP Server is installed. This is the Oracle HTTP Server and Access Gate installation that will be used to protect the Oracle WebCenter Discussions URL.

For information about installing an Access Gate, see Oracle Access Manager Installation Guide 10g (10.1.4.2.0) "Chapter 9, Installing the WebGate." This is posted at:

http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32412/webgate.htm

2.1.4.1 Creating the Access Gate Instance in the Access System ConsoleBefore installing an Access Gate, you must create an Access Gate instance within the Access System Console.

When creating the instance, provide the following properties:

■ Set Name to wls-jive-access-gate or to any other name

■ Set Hostname to the host on which the Oracle HTTP Server is installed (This should be in host:port format, with the port set to the Oracle HTTP Server port.)

■ Set Preferred HTTP Host to the Oracle HTTP Server host name.

■ Set ASDK Client, Access Management Service to On

■ Set Primary HTTP Cookie Domain to an appropriate value depending on your installation. Typically, this would be a domain-based cookie; for example, ".yourcompany.com".

■ Set Port to the Oracle HTTP Server port.

Click Save to retain this setup.

2.1.4.2 Installing the Access GateInstall WebGate 10.1.4.0.1 for OHS2 (Oracle_Access_Manager10_1_4_0_1_linux_OHS2_WebGate). The installer is included with the Oracle Access Manager CD. After successfully installing WebGate 10.1.4.0.1, you must apply the base patch 5957301 (Oracle_Access_Manager10_1_4_2_0_Patch_linux_OHS2_

Note: WebGate and Access Gate are synonymous.



WebGate.zip), which can be downloaded from My Oracle Support (formerly MetaLink):

https://metalink.oracle.com/metalink/plsql/f?p=130:5:1642971897004974741::::P_SOURCE,P_SRCHTXT:8,5957301%20

On Linux only: After applying base patch 5957301, you must apply bundle patch 7408035 (Oracle_Access_Manager10_1_4_2_0_BP06_Patch_linux_OHS2_WebGate.zip), which can downloaded from My Oracle Support (formerly MetaLink):

https://metalink2.oracle.com/metalink/plsql/f?p=130:5:6778718287832208728::::P_SOURCE,P_SRCHTXT:8,7408035

Make sure that you install the WebGate for your platform and that it is for Oracle HTTP Server with Apache 2.0.

2.1.5 Setting Up Oracle Access ManagerTo set up Oracle Access Manager, you must configure the Access Gate and the Access Server. This section provides samples of each configuration specifically for Jive Forums integration.

For detailed information about setting up Oracle Access Manager, see Oracle Access Manager Installation Guide 10g (10.1.4.2.0) "Chapter 9, Installing the WebGate." This is posted at:

http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32412/webgate.htm

Ensure that the following configuration is done in Oracle Access Manager:

2.1.5.1 Configuring the Access GateFigure 2–1 shows Access Gate configuration.



Figure 2–1 Access Gate Configuration

2.1.5.2 Configuring the Access ServerFigure 2–2 shows Access Server configuration.



Figure 2–2 Access Server Configuration

2.1.6 Configuring Authentication ManagementThere are two parts to authentication management:

■ Configuring the Authentication Scheme

■ Creating a New Policy Domain in Oracle Access Manager

2.1.6.1 Configuring the Authentication SchemeThe Oracle Access Manager Access System Console lets you configure the authentication mechanism. Form-based authentication requires that you give the challenge redirect to the Oracle HTTP Server where Oracle WebCenter Discussions is deployed.

The following steps describe how to configure a new authentication scheme.

1. Go to http://<hostname>:<port>/access/oblix and click Access System Console.

2. Enter orcladmin/welcome1, and click Login.

3. Click the Access System Configuration tab, then click Authentication Management when the side navigation bar appears.

4. Click the Add button to define a new authentication scheme.

5. On the General tab (Figure 2–3), enter the following:

■ Name: Form Auth Scheme Discussions

■ Description: For WebCenter Discussions



■ Level: 1

■ Challenge Method: Form

■ Challenge Parameter:

form:/login.html --> Add a rowcreds:userid password --> Add a rowaction:/access/oblix/apps/webgate/bin/webgate.so --> Add a row

■ SSL Required: No

■ Challenge Redirect: URL with host and port where the HTTP server/Webgate is installed; for example, http://<hostname>:<port>

■ Enabled: Yes

■ Update Cache: [X] (checkbox checked)

Click Save.

Figure 2–3 General Tab for Form-Based Authentication Scheme

6. On the Plugins tab, enter the following:

■ credential_mapping = obMappingBase="cn=users,dc=vm,dc=oracle,dc=com",obMappingFilter="(&(&(objectclass=inetorgperson)(uid=%userid%))(|(!(obuseraccountcontrol=*)) (obuseraccountcontrol=ACTIVATED)))"

■ validate_password = password

Make sure that the user name field in login.html (which is created in Section 2.1.7, "Configuring a Custom Login Page for Oracle Access Manager") matches what you enter for uid in the credential_mapping plugin. In this example, it is assumed that login.html would define the username field as userid and the password field as password.



7. On the Steps tab, do nothing. (Figure 2–4)

Figure 2–4 Steps for Authentication Scheme

8. On the Authentication Flow tab, do nothing.

After creating a plug-in, you can enable the authentication scheme by clicking the General tab, then Modify, then Enable, and then Save.

2.1.6.2 Creating a New Policy Domain in Oracle Access ManagerTo enable single sign-on using Oracle Access Manager, create a new policy domain in Oracle Access Manager.

Figure 2–5 shows a policy domain overview.

Table 2–1 Extensions

Plugin Name Plugin Parameter

credential_mapping obMappingBase="cn=users,dc=us,dc=oracle,dc=com",obMappingFilter="(&(&(objectclass=inetorgperson)(uid=%userid%))(|(!(obuseraccountcontrol=*)) (obuseraccountcontrol=ACTIVATED)))"

validate_password password



Figure 2–5 Policy Overview

For more information about policy domains, see chapter 4 of Oracle Access Manager Access Administration Guide at

http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/b32420/v2policy.htm

An example domain is provided here.

1. To get to the Policy Manager, go to http://<host>:<port>/access/oblix, and click Policy Manager. If you have not yet logged on, then you are asked for your user logon credentials.

Jive-domain: This defines the policy for the Jive application resources. Most discussion pages are public. However, access to the /admin path is secured, and the /login!withRedirect.jspa is used to trigger authentication and is used by the login link in the application.

2. Create a new domain for 10.1.3.4.0 Jive. Give a unique name for the domain. (Figure 2–6)



Figure 2–6 Create Policy Domain - General

3. Configure the host identifiers. The host identifier should be the one you registered for your Oracle HTTP Server.

4. Protect the Jive login and admin URLs, as shown in Figure 2–7. The following URLs need to be protected:

■ /owc_discussions/login!withRedirect.jspa, which converts to /owc_discussions/login%21withRedirect.jspa for URL encoding

■ /owc_discussions/login!default.jspa, which converts to /owc_discussions/login%21default.jspa

■ /owc_discussions/login.jspa

■ /owc_discussions/admin

Figure 2–7 Create Policy Domain - Resources

5. Define a new authorization rule and enable it. (Figure 2–8)

Figure 2–8 Create Policy Domain - Authorization Rules

6. On the Actions tab of Authorization Rules, define SSO_USER to return a custom header variable on authorization success. Make sure to put uid in the Return Attribute field and not in the value field. (Figure 2–9)



Figure 2–9 Create Policy Domain - Authorization Rules - Actions

7. On the Allow Access tab of Authorization Rules, specify the role Any one. (Figure 2–10)

Figure 2–10 Create Policy Domain - Authorization Rules - Allow Access

8. On the Authentication Rule tab of Default Rules, select the Form Authorization scheme defined earlier. (Figure 2–11)

Figure 2–11 Create Policy Domain - Default Rules - Authentication Rule

9. On the Authorization Expression tab of Default Rules, select the authorization rule defined earlier on the Authorization Rules tab. (Figure 2–12)

Figure 2–12 Create Policy Domain - Default Rules - Authorization Expression

10. On the Actions tab of Default Rules, define return actions for authorization success for the uid and obmygroups attributes, as shown in Figure 2–13.



Figure 2–13 Create Policy Domain - Default Rules - Authorization Expression - Actions

11. After creating the policy domain, make sure to enable the policy domain by modifying the existing domain.

2.1.7 Configuring a Custom Login Page for Oracle Access ManagerForm-based authentication requires a custom login page to be created on the Oracle HTTP Server for the Access Gate. This custom login page will be displayed when the user has to be challenged for credentials. The name of the page should match the name specified in the authentication scheme on the Oracle Access Server authentication scheme configuration. In this example, it is specified as login.html. This file must be in the document root ($OHS_HOME/ohs/htdocs) on the Oracle HTTP Server.

Here is the sample login.html file:

<html><head> <title>Test Login Form</title> <script language="JavaScript"> function submitForm() { document.forms[0].submit(); } </script> </head> <body bgcolor="#ffffff" onLoad="self.focus();document.loginform.login.focus()"> <center> <h2>Test Login Form</h2> <form name="loginform" action="/access/oblix/apps/webgate/bin/webgate.so"method="post"> <table cellspacing="0" cellpadding="0" border="0"> <tr><td valign="center" align="left"><b>Username</b></td> <td> </td><td valign="center" align="left"> <input type="username" name="userid" size="20" value=""></td> </tr> <tr> <td valign="center" align="left"><b>Password</b></td> <td> </td><td valign="center" align="left"> <input type="password" name="password" size="20" value=""></td> </tr> </table> <input type=submit id=submit name=submit value=submit /> </form> </body></html>



2.1.8 Installing the Security Provider for WebLogic SSPITo assert the identity of logged in users, you must install the Security Provider for WebLogic SSPI (Security Service Provider Interface) on the WebLogic machine. The Security Provider ensures that only appropriate users and groups can access Oracle Access Manager-protected WebLogic resources to perform specific operations. The Security Provider also enables you to configure single sign-on between Oracle Access Manager and WebLogic resources.

The Security Provider for WebLogic SSPI (under Oracle Access Manager - 3rd Party Integration) is available at:

http://www.oracle.com/technology/software/products/ias/htdocs/101401.html

CD7 of the Oracle Access Manager 3rd party integration package contains WebLogic SSPI Provider installer, Oracle_Access_Manager10_1_4_2_2_linux_BEA_WL_SSPI.zip.

Required Tasks

The following tasks need to be completed:

1. Install the Security Provider, typical installation

2. Set up the WebLogic policy in Oracle Access Manager

3. Run the NetPoint Policy Deployer

4. Prepare the WebLogic environment

For detailed information about these tasks, see http://download.oracle.com/docs/cd/E10761_01/doc/oam.1014/e10356/weblogic.htm.

After completing these tasks, configure the Oracle Access Manager Identity Asserter in the WebLogic console.

1. Log on to WebLogic Server Administration Console.

2. Click Security Realms in the Domain Structure panel. (Figure 2–14)

3. Click the myrealm link in the list of realms on the right panel.

Note: It is important to install from this link. (Do not install the default Security Provider for WebLogic SSPI 10.1.4.0.1.) For detailed installation instructions, see the webcenter.pdf file included with the download.



Figure 2–14 WebLogic Console - Domain Structure - Security Realms

4. Under Settings for myrealm, click the Providers tab. (Figure 2–15)

5. Create a new Authentication Provider by clicking New.

Figure 2–15 Settings for myrealm - Providers

6. Enter a unique name for the authenticator, and select OblixAuthenticator as the Type. (Figure 2–16)

7. Click OK.



Figure 2–16 Create a New Authentication Provider

8. Click Reorder to alter the authentication sequence. (Figure 2–17)

Figure 2–17 Authentication Providers

9. Reorder the sequence of the newly created authenticator by moving OblixAuthenticator to top of the list using the arrow button on the right. (Figure 2–18)

10. Click OK.



Figure 2–18 Reorder Authentication Providers

11. Under the Name column, click the hyperlink of the newly created OblixAuthenticator to display its properties.

12. From the Control Flag list, select SUFFICIENT. (Figure 2–19)

Figure 2–19 Control Flag Setting

13. Click Save.

14. Click New to create an identity asserter.

15. Enter a unique name for the identity asserter, and select Type as OblixIdentityAsserter. (Figure 2–20)

16. Click OK to create the identity asserter.



Figure 2–20 Create an Identity Asserter

17. Reorder the newly created identity asserter to the second position. (Figure 2–21)

Figure 2–21 Reorder Authentication Providers

18. Set the Control Flag for the identity asserter to SUFFICIENT. (See Figure 2–19)

19. Restart the Admin Server and all managed servers to uptake the configuration changes.

Note: After creating the OblixAuthenticator authentication provider, ensure that the OB_UserSearchAttr property of the provider is set to cn (the default) in the NetPointProvidersConfig.properties file.

Configuring Oracle WebCenter Discussions for Single Sign-On


After SSPI configuration, Oracle WebCenter Discussions can be accessed at the following URL: http://<host>:<port>/owc_discussions/index.jspa, where <host> and <port> are the host and port of the Oracle HTTP Server.

In addition to following these instructions, you must remove xerces.jar from the CLASSPATH. Specifically, edit startWebLogic.sh on Linux or startWebLogic.cmd on Windows to change the following from:

CLASSPATH="${CLASSPATH}${CLASSPATHSEP}${MEDREC_WEBLOGIC_CLASSPATH}:/scratch/ohsoam/install/SSPI_wiki/NetPointSecuProvForWeblogic/oblix/lib/wlNetPoint.jar:/scratch/ohsoam/install/SSPI_wiki/NetPointSecuProvForWeblogic/oblix/lib/bcprov-jdk14-125.jar:/scratch/ohsoam/install/SSPI_wiki/NetPointSecuProvForWeblogic/oblix/lib/xerces.jar:/scratch/ohsoam/install/SSPI_wiki/NetPointSecuProvForWeblogic/oblix/lib/jobaccess.jar"

to

CLASSPATH="${CLASSPATH}${CLASSPATHSEP}${MEDREC_WEBLOGIC_CLASSPATH}:/scratch/ohsoam/install/SSPI_wiki/NetPointSecuProvForWeblogic/oblix/lib/wlNetPoint.jar:/scratch/ohsoam/install/SSPI_wiki/NetPointSecuProvForWeblogic/oblix/lib/bcprov-jdk14-125.jar:/scratch/ohsoam/install/SSPI_wiki/NetPointSecuProvForWeblogic/oblix/lib/jobaccess.jar"

2.2 Configuring Oracle WebCenter Discussions for Single Sign-OnThis section describes how to configure LDAP for user identity management and single sign-on (SSO) for Oracle WebCenter Discussions applications. Perform the steps in this section after you have successfully deployed and configured the Oracle WebCenter Discussions application.

Oracle suggests using LDAP for user identity in Oracle WebCenter Discussions. Section 2.2.1 describes LDAP setup.

SSO integration requires deploying custom classes to override the standard authentication scheme to route the authentication through Oracle Access Manager. Section 2.2.2 describes SSO configuration.

2.2.1 Using the LDAP User Identity StoreBy default, the discussions server uses its own database tables for user identity management. If you use SSO for user authentication, then Oracle recommends to use LDAP-Oracle Internet Directory server. This avoids managing the same user identity for the SSO server and the discussions server.

When using LDAP-Oracle Internet Directory for user identity management in the discussions server, all user management tasks (such as creating, updating, or deleting user profiles) must be done in the LDAP-Oracle Internet Directory server.

To use LDAP as the user identity store, follow the instructions in the Jive Administration Guide. Also, if you already have a Jive setup, you must follow the corresponding section in Jive Administration Guide to rerun the setup tool.

For more information about setting up and using LDAP, see $unzipped_dir\jive_forums_silver_5_5_20_oracle\documentation\ldap.html.

The following section describes how to configure LDAP-Oracle Internet Directory for user identity.

Jive Forums Setup



On the Setup Progress -> Install Checklist -> Datasource Settings -> User System page, select LDAP. (Figure 2–22)

Figure 2–22 Jive Forums Setup

Then, specify the LDAP-specific information. (Figure 2–23) For example:

■ LDAP Host: host.oracle.com

■ LDAP Port: 389

■ Base DN: cn=Users,dc=us,dc=oracle,dc=com

■ Admin DN: cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com

■ Admin Password: welcome1

Note: In the Jive Forums Setup, on the Setup Progress -> Install Checklist -> Datasource Settings page, it is a known issue that the fields are prepopulated only on Internet Explorer 7 and Firefox 3.



Figure 2–23 LDAP User System

After the email configuration screen, Jive gives you the option to select LDAP User Data Storage Mode. If you do not want to change the LDAP schema, then select the first option: LDAP and User Database. Provide the administrative user ID, as shown in Figure 2–24.

Figure 2–24 LDAP User Data Storage Mode

The admin user specified in the previous step will be created as the system administrator in Jive; that is, orcladmin. (If you are re-running the setup tool to change the user identity store to LDAP, then you need to restart your discussions server after the LDAP setup is done.) To log on as that user, first configure single sign-on in Oracle WebCenter Discussions, as described in next section.



2.2.2 Configuring SSO in Oracle WebCenter DiscussionsConfiguring SSO in Oracle WebCenter Discussions requires replacing the default AuthFactory class with OracleSSOAuthFactory. This AuthFactory implementation performs the SSO authentication based on two request headers. First, it attempts to check the HttpServletRequest.getRemoteUser for the logged-in user name. If this is null, then it will fall back to HttpServletRequest.getHeader("SSO_USER") to know the valid user name.

In addition, some of the seeded actions should be replaced to perform SSO redirection instead of local database authentication. This involves updating xworks-community.xml file to change a few action classes for user login and logout, filter classes for presence and administration.

Finally, to integrate, you must edit web.xml. You also may want to change the system property jiveURL in the discussions server to point to the SSO URL.

2.2.2.1 Configuring SSO within the Jive Forums Admin Console1. Access the Jive Admin (Oracle WebCenter Discussions) administration interface

using the following URL:

http://host:port/owc_discussions/admin/

When using LDAP for user identity, log on with the specified LDAP user’s credentials to be the Jive administrator.

The Admin Console appears (Figure 2–25).

Figure 2–25 Oracle WebCenter Discussions Admin Console

Notes: The following are known issues with email settings:

■ If a user attribute is changed but the change is not visible, then clear the user cache from the Admin UI. For information on how to do this, see the Jive Administration Guide.

■ SSL-enabled email settings for Outgoing and Incoming mail in Jive are not supported if the mail server uses SSL.



2. Set necessary system properties. From the Forums System list, click System Properties (Figure 2–26) and scroll to the bottom of the page where you should see the Add new property section.

Figure 2–26 Jive System Properties

3. Add or update the property with the name AuthFactory.className and the value oracle.jive.sso.OracleSSOAuthFactory. (The default value is AuthFactory.className = com.jivesoftware.base.ldap.LdapAuthFactory.) Then click Save Property (Figure 2–27).

Figure 2–27 Add New Property

2.2.2.2 Running deploy-discussions-sso.jar to Complete SSO ConfigurationTo complete the SSO setup process, you must modify some configuration files. The recommended way to make these modifications is to run deploy-discussions-sso.jar, which is included with this release. The deploy-discussions-sso.jar file configures web.xml, xwork-community.xml (in jiveforums-<version>.jar), and jive_startup.xml, and it unzips oracle-jive-sso.zip.



Oracle recommends using the deploy tool deploy-discussions-sso.jar, because it reduces the risk of manual errors in the configuration files. It also automatically backs up the previous versions of your configurations files, which can be useful if you later undeploy the SSO configuration and return to your previous configuration.

To run deploy-discussions-sso.jar, perform the following steps:

1. Copy deploy-discussions-sso.jar and oracle-discussions-sso.zip to $WLS_HOME/user_projects/domains/<domain_name>/owc_discussions.

2. Ensure that you have JDK 1.6 in your PATH variable. If not, then set PATH to point to the JDK 1.6 found in $WLS_HOME/jdk160_05/bin.

3. From WebLogic Server console, stop the Oracle WebCenter Discussions application.

4. Run the following command from $WLS_HOME/user_projects/domains/<domain_name>/owc_discussions:

java -client -Dhttp.proxyHost=<proxy_host> -Dhttp.proxyPort=<proxy_port>-jar deploy-discussions-sso.jar jive_version=5.5.20-oracle

For example:

java -client -Dhttp.proxyHost=www-myproxy.mycomp.com -Dhttp.proxyPort=80-jar deploy-discussions-sso.jar jive_version=5.5.20-oracle

To undeploy, you must reset AuthFactory.className to com.jivesoftware.base.ldap.LdapAuthFactory (from the Jive Forums Admin Console), stop the managed server on which Oracle WebCenter Discussions is deployed, and then run the following command from $WLS_HOME/user_projects/domains/owc_discussions:

java -client -Dhttp.proxyHost=<proxy_host> -Dhttp.proxyPort=<proxy_port>-jar deploy-discussions-sso.jar jive_version=5.5.20-oracle undeploy=true

For example:

java -client -Dhttp.proxyHost=www-myproxy.mycomp.com -Dhttp.proxyPort=80-jar deploy-discussions-sso.jar jive_version=5.5.20-oracle undeploy=true

5. Restart the managed server on which Oracle WebCenter Discussions is deployed, then start the WebLogic Server.

When you run the command to deploy, the tool prompts you for the full path to your jiveHome directory. Enter the path that you used when you set up the jiveHome

Note: This will not work properly if the machine running the deploy-discussions-sso.jar does not have access to the internet or if the proxy is set up incorrectly. To perform this process manually, follow the steps in Section 2.2.2.3, "Manually Completing Single Sign-On Configuration".

Note: The proxy server and port are necessary to access the internet from the machine running this script. If the machine does not need proxy server and port to connect to internet, then you do not need to provide these values.

directory according to the instructions in owc_discussions\jive_forums_silver_5_5_20_oracle\documentation\install-guide.html.

You can also use the Jive Forums Admin Console to create and manage categories, forums, users, and groups (when using Jive database for user identity). For more information, see the Jive Forums Administrator's Guide (forums-admin-guide.pdf) on the companion CD.

2.2.2.3 Manually Completing Single Sign-On ConfigurationAs an alternative to running deploy-jive-sso.jar, you can manually perform the following steps:

1. The SSO-related files are available in the oracle-discussions-sso.zip file on the companion CD. Unzip the file into $WLS_HOME/user_projects/domains/owc_discussions.

2. Stop the WebLogic Server.

3. Extract xwork-community.xml from $WLS_HOME/user_projects/domains/owc_discussions /WEB-INF/lib/jiveforums-5.5.20-oracle.jar. To extract the file, run the following command:

jar xvf jiveforums-5.5.20-oracle.jar xwork-community.xml

4. Open xwork-community.xml in a text editor and modify all of the log on/log off actions between the  and  tags. The XML snippet to replace these action classes are available in the WEB-INF/sso-action-classes.xml file:

The entries in the file are given below:

<action name="login" class="oracle.jive.sso.actions.SSOLoginAction"> <result name="input">loginform.jsp</result> <result name="success" type="redirect">${#attr['jive.login.successURL']}</result> <result name="cancel" type="redirect">${#attr['jive.login.cancelURL']}</result> <result name="error">loginform.jsp</result> <result name="newaccount" type="redirect">account!input.jspa?username=${username}</result> <result name="fatal" type="redirect">index.jsp</result> <result name="success-no-redirect" type="chain">index</result> <result name="create-account" type="chain">create-account</result> <result name="cancel-no-redirect" type="chain">index</result> </action> <action name="login-default" class="oracle.jive.sso.actions.SSOLoginAction" method="default"> <result name="input">loginform.jsp</result> <result name="success" type="redirect">${#attr['jive.login.successURL']}</result> <result name="cancel" type="redirect">${#attr['jive.login.cancelURL']}</result> <result name="error">loginform.jsp</result> <result name="newaccount"

Note: For the jar commands in these steps, Oracle recommends using the jar executable located in $MWHOME/jdk160_05/bin/java.



type="redirect">account!input.jspa?username=${username}</result> <result name="fatal" type="redirect">index.jsp</result> <result name="success-no-redirect" type="chain">index</result> <result name="create-account" type="chain">create-account</result> <result name="cancel-no-redirect" type="chain">index</result> </action> <action name="login-withRedirect" class="oracle.jive.sso.actions.SSOLoginAction" method="withRedirect"> <result name="input">loginform.jsp</result> <result name="success" type="redirect">${#attr['jive.login.successURL']}</result> <result name="cancel" type="redirect">${#attr['jive.login.cancelURL']}</result> <result name="error">loginform.jsp</result> <result name="newaccount" type="redirect">account!input.jspa?username=${username}</result> <result name="fatal" type="redirect">index.jsp</result> <result name="success-no-redirect" type="chain">index</result> <result name="create-account" type="chain">create-account</result> <result name="cancel-no-redirect" type="chain">index</result> </action> <action name="logout" class="oracle.jive.sso.actions.SSOLogoutAction"> <result name="success" type="redirect">logout-success.jspa</result> <result name="error">error.jsp</result> </action> <action name="logout-success" class="oracle.jive.sso.actions.SSOLogoutAction" method="input"> <result name="success">logout-success.jsp</result> </action>

5. Save the file, and run the following command to copy it back into the jar file:

jar uvf jiveforums-5.5.20-oracle.jar xwork-community.xml

6. Make a backup of web.xml in $WLS_HOME/user_projects/domains/owc_discussions/WEB_INF.

7. To configure SSO with the Oracle WebCenter Discussions application, modify the web.xml file:

a. Modify AdminActionFilter and PresenceFilter in the web.xml file as shown in the following example to override the Java SSO integration. If these filters are not present already, then you must create them.

<filter> <filter-name>AdminActionFilter</filter-name> <filter-class> oracle.jive.sso.actions.SSOAdminActionFilter </filter-class></filter><filter> <filter-name>PresenceFilter</filter-name> <filter-class> oracle.jive.sso.actions.SSOPresenceFilter </filter-class></filter>

b. In the beginning of the web.xml file after <web-app> tag, insert following lines:

<security-constraint>



<web-resource-collection> <web-resource-name>sample</web-resource-name> <url-pattern>/owc_discussions</url-pattern> </web-resource-collection> <auth-constraint> <role-name>valid-users</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>CLIENT-CERT</auth-method> <realm-name>myrealm</realm-name> </login-config>

8. Set admin.tryAlternativeLogin in jiveHome/jive_startup.xml by adding the following lines somewhere before the </jive> tag:

<admin> <tryAlternativeLogin>true</tryAlternativeLogin></admin>

9. To complete the configuration, start Oracle WebLogic Server and the managed server on which Oracle WebCenter Discussions is deployed.

2.2.3 Accessing Oracle WebCenter DiscussionsVisit one of the following two URLs to confirm that Oracle WebCenter Discussions is running:

■ Discussion Forums: http://<host>:<port_of_HTTP_server>/owc_disscussions

■ Jive Forums Admin Console: http://<host>:<port_of_HTTP_server>/owc_disscussions/admin

Both URLs will redirect to the http://<host>:<port_of_HTTP_server>/login.html set up in Section 2.1.7, "Configuring a Custom Login Page for Oracle Access Manager."

Oracle WebLogic Configuration Screens A-1

AOracle WebLogic Configuration Screens

This appendix contains screen shots and descriptions for creating a domain in Oracle WebLogic Server.

Welcome Screen

A-2 Oracle WebCenter Discussions Installation and Configuration Guide

A.1 Welcome Screen

The Welcome screen is displayed each time you start the configuration tool.

Select Create a new WebLogic domain to create a new WebLogic domain in your user_projects directory.

Select Extend an existing WebLogic domain if you want to add applications and services, or to override existing database access (JDBC) and messaging (JMS) settings.


Select Domain Source Screen


A.2 Select Domain Source Screen

Select the source from which you want to create your new domain.

Select Generate a domain configured automatically to support the following products to create your domain to support selected products.

Select Base this domain on an existing template to create your domain based on an existing domain template. Click Browse to navigate your directories to find an existing template.


Configure Administrator Username and Password Screen


A.3 Configure Administrator Username and Password Screen

Create a user that will be assigned the Administrator role. This user is the default administrator used to start development mode servers. Specify details in the following fields:

■ User name: Specify the user name

■ User password: Specify the password for the user.

■ Confirm user password: Re-enter the user password.

■ Description: Enter a description for the user. This field is optional.


Configure Server Start Mode and JDK Screen


A.4 Configure Server Start Mode and JDK Screen

In the WebLogic Domain Startup Mode section, select one of the following startup modes:

■ Development Mode

In this mode, boot.properties is used for user names and passwords and polling is used for application deployment. Sun JDK is recommended for this mode.

■ Production Mode

In this mode, user names and passwords are required and polling is not used for application deployment. WebLogic JRockit JDK is recommended for this mode.

In the JDK Selection section, select a JDK from the list of available JDKs, or select Other JDK and click Browse to find another JDK on your system.


Customize Environment and Service Settings Screen


A.5 Customize Environment and Service Settings Screen

Select whether you want to customize any of the environment or service settings listed.


Configure RDBMS Security Store Database Screen


A.6 Configure RDBMS Security Store Database Screen

Click I want to create, change, or remove RDBMS support to make changes to your RDBMS. Make sure that your RDBMS tables are created prior to booting your domain. The scripts used by the DBA are located in the WebLogic Server server/lib directory.

Click I don’t want to change anything here if you do not want to make any changes to your security store.


Configure the Administration Server Screen


A.7 Configure the Administration Server Screen

Each Oracle WebLogic Server domain must have one Administration Server, which hosts the Administrative Console used to perform administration tasks. You can customize the name, listen address and port, and secure socket layer (SSL) settings of the Administration Server of your domain.


Configure Managed Servers Screen


A.8 Configure Managed Servers Screen

A managed server is an instance of Oracle WebLogic Server used to host enterprise applications. A typical production environment has at least one managed server.

Use this screen to add or delete managed servers. For each managed server, specify the following details:

■ Name: Specify the name of the managed server.

■ Listen Address: Select an address from the dropdown list; the server will listen on the specified addresses.

■ Listen Port: Specify the listen port number.

■ SSL Listen Port: Specify the port number for SSL connections - this column is only active if the corresponding SSL enabled checkbox in the same row is selected.


Configure Clusters Screen


A.9 Configure Clusters Screen

Use this screen to add or delete configuration information for clusters.

A cluster contains multiple Oracle WebLogic Server instances running simultaneously and working together for scalability and reliability. To clients, a cluster appears as a single Oracle WebLogic Server instance.


Assign Servers to Clusters Screen


A.10 Assign Servers to Clusters Screen

Use this screen to assign a managed server to a cluster. This screen is displayed if you added a cluster on the Configure Clusters screen.


Configure Machines Screen


A.11 Configure Machines Screen

Use this screen to add or delete machines that host Oracle WebLogic Server instances.

The Administration Server and Node Manager use the machine definition on this screen to start remote servers.


Assign Servers to Machines Screen


A.12 Assign Servers to Machines Screen

Use this screen to assign each WebLogic Server instance to the corresponding machine on which it runs. This screen is displayed if you added a machine on the Configure Machines screen.


Review WebLogic Domain Screen


A.13 Review WebLogic Domain Screen

Review the contents of your domain.


Create WebLogic Domain Screen


A.14 Create WebLogic Domain Screen

In the Domain name field, specify the name of the domain you want to create.

In the Domain location field, specify the location where the domain will be created. Click Browse to navigate your system to find a location.

Click Create to create the domain.

Creating Domain Screen


A.15 Creating Domain Screen

This screen shows the progress of the domain creation. In Windows, you can select the Start Admin Server checkbox to start the Admin Server.

When finished, click Done to close the wizard.

B

Frequently Asked Questions B-1

BFrequently Asked Questions

This appendix covers frequently asked questions about Oracle WebCenter Discussions 10.1.3.4.0.

1. When using LDAP-Oracle Internet Directory for the user identity store, can I manage user profiles from the Jive administration user interface?

No. Manage user profiles from the Oracle Internet Directory server.

2. When using LDAP-Oracle Internet Directory for user identity, are email ID updates in user profiles handled by Jive?

No. Jive does not handle email ID updates from user profiles. Restart the Jive server.

3. When using LDAP-Oracle Internet Directory, are any extra settings required for email notifications for watches (forum or thread)?

When using LDAP-Oracle Internet Directory for the Jive user identity store, make sure that email and watch settings are configured correctly. See the Jive Administration Guide for details. Try sending a test email from the Jive administration user interface. If the email or watch settings are not configured correctly, then the email notification for watched objects will not be sent by Jive.

4. When using the Jive database for user profiles, how can I add new users to those I have added from Enterprise Manager or LDAP-Oracle Internet Directory?

Explicitly create all users in the Jive administration user interface

5. What Jive versions does the deployment tool support for Jive SSO and portlet integration?

The deployment tool supports any version. For example, 5.5.20-oracle.

6. How do I find the Jive version?

Find the Jive version from your distribution or from the Jive administration user interface.

7. Can I redeploy changes?

Yes, you can redeploy changes, but you must undeploy first.

8. I’ve set up the jiveHome directory, but I cannot find the jive.license file. Where is it?

Paste the license key from the jive.license file (located in the JiveHome directory), and click Continue to continue with the setup.

9. A user attribute was changed, but the change is not visible.

When Jive is configured with Oracle Access Manager and Oracle Internet Directory, if you make any changes to user attributes in LDAP, then you must

B-2 Oracle WebCenter Discussions Installation and Configuration Guide

clear the user cache in the Jive Admin UI. For information on how to do this, see the Jive Administration Guide.

Index-1

Index

AAccess Gate

configuring, 2-7installing, 2-6

Access Serverconfiguring, 2-8installing, 2-2

Apache HTTP Server plug-ininstalling, 2-4

Ddiscussion forums, 1-1, 2-1domains, 1-2

policy domain, 2-11

Eextending a domain, A-2

Fform-based authentication, 2-9

custom login page, 2-15

Iidentity management, 2-21

JJive Forums

See Oracle WebCenter Discussions

LLDAP

configuring, 2-21

Mmanaged server

starting up, 1-8

OOracle Access Manager

authentication, 2-1, 2-9configuring, 2-1, 2-7form-based authentication, 2-9Identity Asserter, 2-16policy domain, 2-11Policy Manager, 2-11

Oracle HTTP Server, 2-1installing, 2-3

Oracle Internet Directory, 2-1, 2-21Oracle WebCenter Discussions, 1-1, 2-1

configuring, 2-21configuring manually, 2-27configuring single sign-on, 2-1frequently asked questions, B-1installing, 1-5introduction, 1-1sample portlets, 1-2upgrading, 1-10

Oracle WebLogic Server, 1-2configuration screens, 1-3installing, 1-2

Pportlets

samples, 1-2

SSecurity Provider for WebLogic SSPI, 2-16single sign-on, 2-1

WWebGate

installing, 2-6

Index-2

Oracle WebCenter Configuration

Documents

Transcript of Oracle WebCenter Configuration