5-16 Oracle Fusion Middleware System Administrators Guide for Oracle Content Server OAM. For example, if OAM is using OID, then an OID Authentication provider must be added to the Oracle UCM domain. See Installing the Authentication Provider with Oracle Access Manager 11g and Setting Up Providers for Oracle Access Manager Identity Assertion in Oracle Fusion Middleware Application Security Guide. See Table 12-1 in Oracle Fusion Middleware Application Security Guide for information on the differences when deploying the Authentication Provider with OAM 10g versus OAM 11g. c. Configure the OPSS OAM Single Sign-On provider. See Configuring Oracle WebLogic Server for a Web Application Using ADF Security, OAM SSO, and OPSS SSO in Oracle Fusion Middleware Application Security Guide. 3. After installing and configuring OAM 11g, check that you can access all of the configured applications, and that the login is giving you access to all of your configured applications without prompting you to sign in again. Also test global logout where available and make sure you are logged out of all other related applications. For more information, see Configuring Centralized Log Out for Oracle Access Manager 11g in Oracle Fusion Middleware Application Security Guide and Oracle Fusion Middleware Administrators Guide for Oracle Access Manager.

5.2.3.2 Configuring Oracle Access Manager 10g with Oracle UCM

This section describes how to integrate Oracle UCM with Oracle Access Manager OAM 10g. Configuration information is provided for Universal Content Management UCM, Universal Records Management URM, and Inbound Refinery IBR. Before you can configure Oracle Access Manager OAM, install the software. See Oracle Access Manager Integration in Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Enterprise Content Management Suite, and Installing the Oracle Identity Note: When the Oracle WebLogic Server domain for Oracle UCM is configured to use a different authentication provider than the DefaultAuthenticator provider, the new authentication provider must be the first authentication provider listed in the security realm configuration, or Oracle UCM will fail to load any user privileges. Make sure to re-order the authentication providers so the new authentication provider is listed before the DefaultAuthenticator provider. Also ensure that the DefaultAuthenticator control flag is set to SUFFICIENT. For more information, see Section 5.2.3.4, Configuring the First Authentication Provider. Note: Deploying Oracle UCM version 11gR1 in an environment using Oracle Access Manager version 10g requires additional configuration to process logout requests properly. For detailed information, see the section Configuring Global Logout for Oracle Access Manager 10g and 10g WebGates in the Oracle Fusion Middleware Application Security Guide. Managing Security and User Access 5-17 Management 10g Software in Oracle Fusion Middleware Installation Guide for Oracle Identity Management. 1. Configure Oracle Access Manager OAM, Oracle HTTP Server OHS, and WebGate as described in Deploying SSO Solutions with Oracle Access Manager 10g in Oracle Fusion Middleware Application Security Guide. a. Append entries to the mod_wl.conf file for Oracle UCM to add Enterprise Content Management ECM Uniform Resource Identifiers URIs to forward. Use the appropriate location entries from the following example. The entries in the following Location list map the incoming paths to the appropriate Oracle WebLogic Server on which the corresponding applications reside. In the following list of entries, hostname represents the name of the computer hosting the Oracle UCM server, and portnumber represents the port number of the Oracle WebLogic Server on which the corresponding applications resides. Replace hostname and portnumber with your systems host name and port name. UCM Content Server Location cs SetHandler weblogic-handler WebLogicHost hostname WebLogicPort portnumber Location UCM Content Server authentication Location adfAuthentication SetHandler weblogic-handler WebLogicHost hostname WebLogicPort portnumber Location UCM online help Location _ocsh SetHandler weblogic-handler WebLogicHost hostname WebLogicPort portnumber Location IBR Location ibr Note: The URIs you forward depend on the Oracle UCM functionality that you have installed. Use the appropriate location entry for your functionality. For example: cs, adfAuthentication, _ocsh, ibr, urm. For Site Studio, the URI to forward is defined by the customer. For example, if the site is accessed as mysite, then you need to append a location entry for mysite. Caution: The Oracle UCM Content Server location cs can be customized, so the cs designation can not guarantee that HTTP requests will include the correct location. If cs has been changed, then forward the location the administrator has configured. 5-18 Oracle Fusion Middleware System Administrators Guide for Oracle Content Server SetHandler weblogic-handler WebLogicHost hostname WebLogicPort portnumber Location URM Location urm SetHandler weblogic-handler WebLogicHost hostname WebLogicPort portnumber Location SS Location customer-configured-for-site-studio SetHandler weblogic-handler WebLogicHost hostname WebLogicPort portname Location b. Use the OAM Configuration tool oamcfgtool to specify Oracle UCM URIs to protect. The Oracle Access Manager Configuration tool is a command-line utility, which you can use to launch a series of scripts to request information and set up the required profiles and policies in Oracle Access Manager. For details, see About Using OAMCtgTool in Oracle Fusion Middleware Installation Guide for Oracle Identity Management. 2. Configure the Oracle UCM domain by ensuring you perform these tasks. For details, see Deploying SSO Solutions with Oracle Access Manager 10g in Oracle Fusion Middleware Application Security Guide. a. Configure the OAM Identity Asserter. The control flag for the OAM Identity Asserter must be set to REQUIRED. Note: The URIs you protect depend on the Oracle UCM functionality that you have installed: Content Server UCM, Inbound Refinery IBR, Universal Records Management URM, Site Studio SS. For Site Studio, the URI to protect is configured by the customer. For example, if the site is accessed as mysite, then you need to specify the URI mysite. Functionality URI UCM adfAuthentication IBR ibradfAuthentication URM urmadfAuthentication SS customer_configured_site_studio Note: If the URL for Oracle UCM does not link correctly after completing the OAM configuration, you might need to change the server host and server port values. For details, see Section 5.2.3.5, Configuring the Oracle UCM URL for Single Sign-On. Managing Security and User Access 5-19 See Configuring OAM Identity Assertion for SSO with Oracle Access Manager 10g in Oracle Fusion Middleware Application Security Guide. b. Configure the Authentication provider. This is necessary to specify the external LDAP server for the user store, such as Oracle Internet Directory OID or Oracle Virtual Directory OVD, to match the LDAP server used by OAM. For example, if OAM is using OID, then an OID Authentication provider must be added to the Oracle UCM domain. See Installing and Setting Up Authentication Providers for OAM 10g and Configuring the Authenticator for Oracle Access Manager 10g in Oracle Fusion Middleware Application Security Guide. See Table 12-1 in Oracle Fusion Middleware Application Security Guide for information on the differences when deploying the Authentication Provider with OAM 10g versus OAM 11g. c. Configure the OPSS OAM Single Sign-On provider. See Configuring Single Sign-On using Oracle Access Manager 10g in Oracle Fusion Middleware Application Security Guide. 3. After installing and configuring OAM 10g, check that you can access all of the configured applications, and that the login is giving you access to all of your configured applications without prompting you to sign in again. Also test global logout where available and make sure you are logged out of all other related applications. For more information, see Configuring Global Logout for Oracle Access Manager 10g and 10g WebGates in Oracle Fusion Middleware Application Security Guide, and Oracle Fusion Middleware Administrators Guide for Oracle Access Manager.

5.2.3.3 Configuring Oracle Single Sign-On for Oracle UCM