WebCenter Personalization Security WebCenter Personalization Prerequisites

19-6 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter You should also see the following default log entry in the WC_Spaces-diagnostic.log if accessing services there: [2010-11-10T07:30:40.236-08:00] [WC_Spaces] [NOTIFICATION] [] [oracle.jps.trust] [tid: [ACTIVE].ExecuteThread: 1 for queue: weblogic.kernel.Default self-tuning] [ecid: d461d36d4a552b90:-1fe62a5d:12c365bb19b:-8000-000000000000002c,0] [APP: webcenter11.1.1.4.0] Token validate operation.

19.3.2 Configuring the Trust Service in the Integrated WLS Domain

A separate python script is shipped with the JDeveloper installer to configure the integrated WLS domain located in the following directory: DefaultDomain\scrpts-wcps\ This script can be run manually or using JDeveloper’s Run External Script function. Edit the properties file if you are using a non-default user or password. After creating and starting the integrated WLS domain, run the script from the scrpts-wcps directory: Oracle\MiddlewareRC8\oracle_common\common\bin\wlst.cmd configureWCPS.py configureWCPS.properties Restart the integrated WLS domain. Testing the Configuration Default logging levels are not enough to confirm token-issue and token-validate operations. Use the Configure Oracle Diagnostic Logging feature in JDeveloper and navigate to the oracle.jps.trust logger and set the level to Finest. Now run a scenario involving a custom JEE Web application calling the Conductor or Property Services.

19.3.3 Configuring Cross-Domain Trust

The Trust Service supports cross-domain trust, meaning if keystores have been created in different WLS domains, a client may allocate a token in domain A, issue an HTTP request with the token to domain B, and have the identity asserter validate and authenticate the userrequest in domain B through single sign-on. Note that a key assumption is that the user in domain A exists in, and is the same user in domain B. By default, when running the configureWCPS.py script in the integrated WLS domain a certificate named extDomain.cer is generated. To enable cross-domain trust between the integrated WLS domain and WebCenter domain: Copy extDomain.cer to your WebCenter wc_domain installation and import it there. Copy the extDomain.cer file to the scripts location: oracleuser_projectsapplicationswc_domainscripts Type in the following command to import the certificate: keytool -importcert -alias orakey1 -file extDomain.cer -keystore ........wlserver_10.3wc_domainconfigfmwconfigdefault-keystore.jks -storepass weblogic Restart the servers in the WebCenter domain. Managing WebCenter Personalization 19-7 Testing the Configuration The simplest way to validate cross domain trust is to create a People Connections WebCenter Personalization connection in the integrated WLS domain that points to the WebCenter domains WC_Spaces server. Then, create and deploy a simple scenario to the integrated WLS domain that fetches a People Connections property value. Finally, confirm that the Token Validate Operation message described above is logged on the WC_Spaces server.

19.4 Configuring Providers

WebCenter Personalization provides out-of-the-box providers for Activity Graph and the Oracle Content Server, and a locator for People Connections. For scenarios using any of these providers, you must configure them using the configureWCPY.py WLST script as described in the following sections. If you are using custom providers or locators, then you must also configure them as described in the section on configuring custom providers. You do not need to configure providers or locators if they are not being used in your scenarios. You can develop scenarios without the out-of-the-box providers, or exclusively with custom providers or downloaded from OTN. Also, if you are developing exclusively within the JDeveloper integrated domain, you do not ordinarily have access to these WC_Spaces-based services since WebCenter Spaces does not run in the integrated domain. With advanced configurations also supported by configureWCPS.py you can access the WebCenter Spaces services in the WC_Spaces domain from the integrated domain’s WebCenter Personalization server. This uses cross-domain trust and does require the provider connections to be configured. The configureTrustWCPS.py and configureConnectionsWCPS.py scripts located in the WC_Spaces domain, or configureWCPS.py for JDeveloper’s integrated WLS domain located in the DefaultDomainscrpts-wcps domain directory are used to configure the corresponding domains by pointing to the appropriate WLS Administration server. ■ Section 19.4.1, Creating or Modifying Provider Connection Settings ■ Section 19.4.2, Configuring the CMIS Provider ■ Section 19.4.3, Configuring the Activity Graph Provider ■ Section 19.4.4, Configuring the Oracle People Connections Locator ■ Section 19.4.5, Configuring Custom Providers

19.4.1 Creating or Modifying Provider Connection Settings

This section describes how to use WLST, JConsole, Fusion Middleware Control to create or change the connection information stored in wcps-connections.xml. It also describes how you can write a custom configuration class to configure a custom provider. This section contains the following subsections: ■ Section 19.4.1.1, Understanding WebCenter Personalization Connection Information ■ Section 19.4.1.2, Connection Configuration Attributes ■ Section 19.4.1.3, Configuring Connections Using WLST ■ Section 19.4.1.4, Configuring Connections Using JConsole