What You Should Know About WebCenter Search with Oracle SES Configuration Roadmaps for Oracle SES in WebCenter

21-6 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter Figure 21–2 Configuring Oracle SES for WebCenter Spaces Managing Oracle SES Search in WebCenter 21-7

21.3 Prerequisites for using Oracle SES

This section includes the following subsections: ■ Section 21.3.1, Oracle SES - Installation ■ Section 21.3.2, Oracle SES - Configuration ■ Section 21.3.3, Oracle SES - Security

21.3.1 Oracle SES - Installation

Supported Oracle SES versions include 10.1.8.4.x and later. Oracle SES 11.1.2 is provided on the Oracle WebCenter companion CD. For Oracle SES installation directions, see the section, Back-End Requirements for the Search Service in Oracle Fusion Middleware Installation Guide for Oracle WebCenter. Table 21–2 Configuring Oracle SES for WebCenter Spaces Actor Task Administrator 1. Install WebCenter and Oracle SES 2. Configure Oracle SES with an identity management system 3. Set up a Document Service Manager in Oracle SES 4. Create a Federation Trusted Entity using one of the following tools: ■ Oracle SES Admin Tool ■ WLST 5. Create a crawl user 6. Create three crawl sources: Oracle WebCenter Documents Crawler, Oracle WebCenter Discussions Crawler, and Oracle WebCenter Spaces Crawler using one of the following tools: ■ Oracle SES Admin Tool ■ WLST 7. Create a source group for the crawl sources using one of the following tools: ■ Oracle SES Admin Tool ■ WLST 8. Configure a connection between WebCenter Spaces and Oracle SES using one of the following tools: ■ Oracle SES Admin Tool ■ WLST 9. Optional Secure the connection to Oracle SES with SSL 10. Configure additional search parameters using one of the following tools: ■ Fusion Middleware Control ■ Oracle SES Admin Tool ■ WLST End User 11. Optional Add a Search service task flow to a Space in WebCenter Spaces 21-8 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter This chapter assumes that you have the latest supported products: Oracle SES 11.1.2 and Oracle Content Server 11.1.1.3; however, the following scenarios also are supported. Oracle WebCenter 11.1.1.4 is supported with these installations: ■ Oracle SES 11.1.2 with Oracle Content Server 11.1.1.3 ■ Oracle SES 10.1.8.4 with Oracle Content Server 1.1.1.3 ■ Oracle SES 10.1.8.4 with Oracle Content Server 10.1.3.3.3 WebCenter Spaces 11.1.1.4 is supported with these installations: ■ Oracle SES 11.1.2 with Oracle Content Server 11.1.1.3 ■ Oracle SES 10.1.8.4 with Oracle Content Server 11.1.1.3 Run the following steps to set up WebCenter for Oracle SES search. 1. Get webcenter_search_ses_plugins.zip from the WC_ORACLE_HOMEses directory on the WebCenter instance, and put it in the Oracle_Home directory on the Oracle SES instance. 2. Change to the Oracle SES home directory. For example: cd Oracle_Home 3. Delete the file .searchlibpluginswebcentersearch-crawl-ucm.jar. 4. Run the following command to install necessary WebCenter plug-ins: unzip webcenter_search_ses_plugins.zip This adds the following WebCenter jar files to an Oracle SES installation: ■ Oracle_Homesearchlibpluginswebcentersearch-auth-share.j ar ■ Oracle_Homesearchlibpluginswebcentersearch-auth-plugin. jar ■ Oracle_Homesearchlibpluginsdocsearch-crawl-ucm.jar

21.3.2 Oracle SES - Configuration

1. Oracle SES must be configured with an identity management system to validate and authenticate users. This is necessary for secure searches, so searches return only results that the user is allowed to view based on access privileges. See Also: It is important to verify that you have installed all required patches for Oracle SES. For the latest information on required patches, see Back-End Requirements for the Search Service in Oracle Fusion Middleware Installation Guide for Oracle WebCenter and the Release Notes. Note: Oracle_Home represents the software location that you specified at the time of installing Oracle SES. The WebCenter instance and the Oracle SES instance might be on different computers. Managing Oracle SES Search in WebCenter 21-9 Because WebCenter uses identity propagation when communicating with Oracle SES, WebCenters user base must match that in Oracle SES. One way this can happen is by configuring WebCenter and Oracle SES to the same identity management system, such as Oracle Internet Directory. The following example sets up the identity plug-in for Oracle Internet Directory: a. In the Oracle SES administration tool, navigate to the Global Settings - Identity Management Setup page, select Oracle Internet Directory from the available identity plug-ins, and click Activate. b. Provide the following values: Host name : The host name of the computer where Oracle Internet Directory is running Port : The Oracle Internet Directory port number Use SSL : true or false, based on your preference Realm : The Oracle Internet Directory realm, for example, dc=us,dc=oracle,dc=com User name : The Oracle Internet Directory admin user name; for example, cn=orcladmin Password : Admin user password

c. Click Submit.

2. Each Oracle SES instance must have a trusted entity for allowing WebCenter end users to be securely propagated at search time. A trusted entity allows the WebCenter application to authenticate itself to Oracle SES and assert its users when making queries on Oracle SES. This trusted entity can be any user that either exists on the identity management server behind Oracle SES or is created internally in Oracle SES. You can do this either in WLST or in Oracle SES. Note: For information on all WebCenter-supported identity management systems, see Section 27.2.3, Default Identity and Policy Stores. Only one identity plug-in can be set up for each Oracle SES instance. All repositories Oracle Content Server, Oracle WebCenter Discussions, and WebCenter Spaces must share the same user base as Oracle SES. Oracle SES includes numerous identity plug-ins for identity management systems including Oracle Internet Directory, Oracle Content Server, and Microsoft Active Directory. For information, see the Oracle SES documentation included with the product. This is listed in the WebCenter product area on the Oracle Fusion Middleware documentation library. Note: This trusted entity name and password is required later as the appUser and appPassword properties in the WLST command createSESConnection. 21-10 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter To do this with WLST, use the createFederationTrustedEntity command Example 21–1 . Example 21–1 createFederationTrustedEntity Command createFederationTrustedEntity webcenter, http:ses-host:ses-portsearchapiadminAdminService, ses-admin-pw, webcenter-proxy-user, webcenter-proxy-user-pw, Trusted entity for WebCenter; where: ■ ses-host = Oracle SES host name ■ ses-port = Oracle SES port number ■ ses-admin-pw = Oracle SES admin user password ■ webcenter-proxy-user = Proxy user to log on WebCenter end users ■ webcenter-proxy-user-pw = Password of proxy user to log on WebCenter end users For command syntax and examples, see the section, createFederationTrustedEntity in Oracle Fusion Middleware WebLogic Scripting Tool Command Reference. To do this in Oracle SES, follow these steps. a. In the Oracle SES administration tool, navigate to the Global Settings - Federation Trusted Entities page. b. Enter a name for a trusted entity. This is the name that WebCenter uses to authenticate itself to Oracle SES at search time before it propagates the end user identity to Oracle SES. To allow the entity to be authenticated through the active identity plug-in : - Make sure that the entity name is the name of a user that exists in the identity management system. - Leave the password field blank. - Select the Use Identity Plug-in for authentication checkbox. - Enter the authentication attribute value corresponding to the Authentication Attribute in your active identity plug-in. To allow the entity to be authenticated through Oracle SES : - Enter any user name for example, wcsearch and password for example, welcome1. - Do not select the Use Identity Plug-in for authentication checkbox. For more information, see the online help for the Federation Trusted Entities page in Oracle SES. Managing Oracle SES Search in WebCenter 21-11

21.3.3 Oracle SES - Security

Most enterprise deployments require that their HTTP connections be secure. SSL secure socket layer is an encryption protocol for securely transmitting private content on the internet. Oracle strongly recommends that you use an SSL-protected channel to transmit password and other secure data over networks. For instructions, see Section 31.10, Securing the Connection to Oracle SES with SSL.

21.4 Setting Up Oracle SES Connections

This section includes the following subsections: ■ Section 21.4.1, Registering Oracle Secure Enterprise Search Servers ■ Section 21.4.2, Choosing the Active Oracle SES Connection ■ Section 21.4.3, Modifying Oracle SES Connection Details ■ Section 21.4.4, Deleting Oracle SES Connections ■ Section 21.4.5, Testing Oracle SES Connections

21.4.1 Registering Oracle Secure Enterprise Search Servers

You can register multiple Oracle SES connections with a WebCenter application but only one of them is active at a time. You can register Oracle SES connections using either Fusion Middleware Control or WLST. This section includes the following subsections: ■ Section 21.4.1.1, Registering Oracle SES Search Connections Using Fusion Middleware Control ■ Section 21.4.1.2, Registering Oracle SES Connections Using WLST

21.4.1.1 Registering Oracle SES Search Connections Using Fusion Middleware Control

To register an Oracle SES instance with WebCenter applications: 1. Log in to Fusion Middleware Control and navigate to the home page for the WebCenter application. For more information, see: ■ Section 6.2, Navigating to the Home Page for WebCenter Spaces ■ Section 6.3, Navigating to the Home Page for WebCenter Portal Applications 2. Do one of the following: Note: For reference, the following sample user names are used in this chapter: ■ wcsearch: User of the Oracle SES Federation Trusted Entity ■ mycrawladmin: Crawl admin user in Spaces and in the identity management system to crawl certain WebCenter Spaces objects, such as lists, pages, Spaces, and people connections profiles ■ sescrawer or admin user: Crawl admin user in Oracle Content Server with sescrawlerrole or admin role