Managing Portlet Producers 23-7

5. Use the Keystore section to specify the location of the key store that contains the

certificate and private key that is used for signing some parts security token and SOAP message body of the SOAP message. Only configure these properties if you want to override the configuration specified for the domain For detailed parameter information, see Table 23–3 . Default User Enter a user name to assert to the remote producer when the user is not authenticated with the WebCenter application. When unauthenticated, the identity anonymous is associated with the application user. The value anonymous may be inappropriate for the remote producer, so it may be necessary to specify an alternative identity here. Keep in mind though, that in this case, the WebCenter application has not authenticated the user so the default user you specify should be a low privileged user in the remote producer. If the user has authenticated to the application, the users identity is asserted rather than the default user. The remote WSRP producer must be set up to accept this information. You must also add a grant to the policy store as described in Section 23.2.3, Adding a Grant to the Policy Store for a Mapped User Identity. Valid for: WSS 1.0 SAML Token With Message Integrity, WSS 1.0 SAML Token With Message Protection, WSS 1.0 SAML Token, WSS 1.1 SAML Token with Message Protection and WSS 1.0 Username Without Password. Associated External Application Username With Password If this producer uses an external application for authentication, use the Associated External Application dropdown list to identify the application. If the application you want is not listed, select Create New to define the external application now. An external application is required to support producers using the security option WSS 1.0 Username With Password. The external application stores and supplies the user credentials. See also Section 25.2, Registering External Applications. Valid for: WSS 1.0 Username With Password only. Table 23–3 WSRP Producer Key Store Connection Parameters Field Description Recipient Alias Specify the key store alias that is associated with the producers certificate. This certificate is used to encrypt the message to the producer. Store Path Enter the absolute path to the keystore that contains the certificate and the private key that is used for signing or encrypting the SOAP message security token and message body. The signature, encryption, and recipient keys described in this table must be available in this keystore. The keystore file specified must be created using JDK’s keytool utility. Password Provide the password to the keystore that was set when the keystore was created. The producer is not available if a password is not specified or incorrect. Table 23–2 Cont. WSRP Producer Security Connection Parameters Field Description 23-8 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter

6. Click OK.

The new producer appears in the connection table.

23.2.2 Registering a WSRP Producer Using WLST

Use the WLST command registerWSRPProducer to create a connection to a WSRP portlet producer and register the producer with your WebCenter application. For command syntax and examples, see the section registerWSRPProducer in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference. For information on how to run WLST commands, see Section 1.13.3.1, Running Oracle WebLogic Scripting Tool WLST Commands.

23.2.3 Adding a Grant to the Policy Store for a Mapped User Identity

If you are using the Default User field to map an alternative user identity you must also add a grant to the policy store by doing one of the following: ■ Adding the following grant directly to the policy store: grant grantee codesource urlfile:{common.components.home}modulesoracle.wsm.agent.common_11.1.1wsm- agent.jarurl codesource grantee permissions permission classoracle.wsm.security.WSIdentityPermissionclass nameresource=MyAppIDname actionsassertactions permission permissions grant Signature Key Alias Enter the signature key alias. The Signature Key Alias is the identifier for the certificate associated with the private key that is used for signing. Signature Key Password Enter the password for accessing the key identified by the alias specified in Signature Key Alias. Encryption Key Alias Enter the key alias used by the producer to encrypt the return message. A valid value is one of the key aliases that is located in the specified key store. This property is optional. If not specified, the producer uses the signing key for encrypting the return message. Encryption Key Password Enter the password for accessing the encryption key. See Also: deregisterWSRPProducer, listWSRPProducers, refreshProducer, registerOOTBProducers, registerSampleProducers Table 23–3 Cont. WSRP Producer Key Store Connection Parameters Field Description Managing Portlet Producers 23-9 Replacing MyAppID in the line above with the name of the client application, including the version number if any. ■ Granting the permission by running the following WLST command: grantPermissioncodeBaseURL=file:{common.components.home}modulesoracle.wsm. agent.common_11.1.1wsm-agent.jar, permClass=oracle.wsm.security.WSIdentityPermission, permTarget=resource=MyAppID, permActions=assert Replacing MyAppID with the name of the client application, including the version number if any.

23.2.4 Registering a WSRP Portlet Producer in WebCenter Spaces

For information about registering a WSRP portlet producer in WebCenter Spaces, see the section Registering Portlet Producers Through WebCenter Administration in the Oracle Fusion Middleware Users Guide for Oracle WebCenter.

23.2.5 Registering a WSRP Portlet Producer in WebCenter Portal Applications

For information about registering a WSRP portlet producer in WebCenter Portal applications, see the section How to Register a WSRP Portlet Producer in the Oracle Fusion Middleware Developers Guide for Oracle WebCenter.

23.3 Testing WSRP Producer Connections

To verify a WSRP producer connection, first obtain the producer URL from: http:host_name:port_numbercontext_rootinfo Then, run the producer URL in a browser window. For a WSRP v1 producer connection, the URL format is: http:host_name:port_numbercontext_rootportletswsrp1?WSDL For example: http:myhost.com:7778MyPortletAppportletswsrp1?WSDL For a WSRP v2 producer connection, the URL format is: http:host_name:port_numbercontext_rootportletswsrp2?WSDL For example: http:myhost.com:7778MyPortletAppportletswsrp2?WSDL

23.4 Registering Oracle PDK-Java Producers

This section describes how to register PDK-Java producers for a deployed WebCenter application using Fusion Middleware Control and WLST commands. This section includes the following subsections: ■ Section 23.4.1, Registering an Oracle PDK-Java Producer Using Fusion Middleware Control ■ Section 23.4.2, Registering an Oracle PDK-Java Producer Using WLST 23-10 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter ■ Section 23.4.3, Registering an Oracle PDK-Java Portlet Producer in WebCenter Spaces ■ Section 23.4.4, Registering an Oracle PDK-Java Portlet Producer in WebCenter Portal Applications For information about how to register PDK-Java producers at design-time, using JDeveloper, see the section How to Register an Oracle PDK-Java Portlet Producer in the Oracle Fusion Middleware Developers Guide for Oracle WebCenter.

23.4.1 Registering an Oracle PDK-Java Producer Using Fusion Middleware Control

To register an Oracle PDK-Java portlet producer: 1. Log in to Fusion Middleware Control and navigate to the home page for your WebCenter Portal application or WebCenter Spaces: ■ Section 6.3, Navigating to the Home Page for WebCenter Portal Applications ■ Section 6.2, Navigating to the Home Page for WebCenter Spaces 2. Do one of the following: ■ For WebCenter Portal applications - From the Application Deployment menu, choose WebCenter Register Producer. ■ For WebCenter Spaces - From the WebCenter menu, choose Register Producer .

3. In the Add Portlet Producer Connection section, enter connection details for the

Oracle PDK-Java producer. For detailed parameter information, see Table 23–4, Oracle PDK-Java Producer Connection Parameters . Table 23–4 Oracle PDK-Java Producer Connection Parameters Field Description Connection Name Enter a unique name that identifies this portlet producer registration within the WebCenter application. The name must be unique across all WebCenter connection types. The name you specify here appears in Oracle Composer under the Portlets folder. Producer Type Indicate the type of this producer. Select Oracle PDK-Java Producer . URL End Point Enter the Oracle PDK-Java producers URL using the following syntax: http:host_name:port_numbercontext_rootprovi ders Where: ■ host_name is the server where the producer is deployed ■ port_number is the HTTP Listener port number ■ context_root is the Web applications context root ■ providers is static text For example: http:myHost.com:7778myEnterprisePortletspro viders Managing Portlet Producers 23-11 Service ID Enter a unique identifier for this producer. PDK-Java enables you to deploy multiple producers under a single adapter servlet. Producers are identified by their unique service ID. A service ID is required only if the service ID is not appended to the URL end point. For example, the following URL endpoint requires sample as the service ID: http:domain.example.com:7778axyzproviders However, the following URL endpoint, does not require a service ID: http:domain.example.com:7778axyzproviderss ample The service ID is used to look up a file called service_id.properties, which defines the characteristics of the producer, such as whether to display its test page. Use any value to create the service ID. When no Service ID is specified, _default.properties is used. Use Proxy? Select this checkbox if the WebCenter application must use an HTTP proxy when contacting this producer. If selected, enter values for Proxy Host and Proxy Port. A proxy is required if the WebCenter application and the remote portlet producer are separated by a firewall and an HTTP proxy is needed for communication with the producer. Proxy Host Enter the host name or IP address of the proxy server. Do not prefix http: to the proxy server name. Proxy Port Enter the port number on which the proxy server listens. The default port is 80. Associated External Application If one of this producers portlets requires authentication, use the Associated External Application dropdown to identify the correct external application. If the application you want is not listed, select Create New to define the external application now. See also Section 25.2, Registering External Applications. Establish Session? Select to enable a user session when executing portlets from this producer. When sessions are enabled, they are maintained on the producer server. This allows the portlet code to maintain information in the session. Message authentication uses sessions, so if you specify a shared key, you must also select this option. For sessionless communication between the producer and the server, do not select this option. Default Execution Timeout Seconds Enter a suitable timeout for communications with the producer, in seconds. For example, the maximum time the producer may take to register, deregister, or display portlets on WebCenter pages. This defaults to 30 seconds. Individual portlets may define their own timeout period, which takes precedence over the value expressed here. Table 23–4 Cont. Oracle PDK-Java Producer Connection Parameters Field Description 23-12 Oracle Fusion Middleware Administrators Guide for Oracle WebCenter

4. Click OK.

The new producer appears in the connection table.

23.4.2 Registering an Oracle PDK-Java Producer Using WLST

Use the WLST command registerPDKJavaProducer to create a connection to a PDK-Java portlet producer and register the producer with your WebCenter application. For command syntax and examples, see the section registerPDKJavaProducer in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference. For information on how to run WLST commands, see Section 1.13.3.1, Running Oracle WebLogic Scripting Tool WLST Commands.

23.4.3 Registering an Oracle PDK-Java Portlet Producer in WebCenter Spaces

For information about registering an Oracle PDK-Java portlet producer in WebCenter Spaces, see the section Registering Portlet Producers Through WebCenter Administration in the Oracle Fusion Middleware Users Guide for Oracle WebCenter.

23.4.4 Registering an Oracle PDK-Java Portlet Producer in WebCenter Portal Applications

For information about registering an Oracle PDK-Java portlet producer in WebCenter Portal applications, see the section How to Register an Oracle PDK-Java Portlet Producer in the Oracle Fusion Middleware Developers Guide for Oracle WebCenter.

23.5 Testing Oracle PDK-Java Producer Connections

To verify an Oracle PDK-Java producer connection, run the producer URL in a browser window in the following format: Subscriber ID Enter a string to identify the consumer of the producer being registered. When a producer is registered with an application, a call is made to the producer. During the call, the consumer WebCenter application in this instance passes the value for Subscriber ID to the producer. If the producer does not see the expected value for Subscriber ID, it might reject the registration call. Shared Key Enter a shared key to use for producers that are set up to handle encryption. The shared key is used by the encryption algorithm to generate a message signature for message authentication. Note that producer registration fails if the producer is set up with a shared key and you enter an incorrect shared key here. The shared key can contain between 10 and 20 alphanumeric characters. This key is also used when registering a producer using the Federated Portal Adapter FPA. The Shared Key is also known as the HMAC key. See Also: deregisterPDKJavaProducer, listPDKJavaProducers, refreshProducer Table 23–4 Cont. Oracle PDK-Java Producer Connection Parameters Field Description