10-22 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle WebCenter 1. Log into Weblogic Console, if not already logged in. 2. Navigate to SecurityRealms\Default Realm Name\Providers.

3. Click New and Select OAM Identity Asserter from the dropdown menu.

4. Name the asserter for example, OAM ID Asserter and click Save.

5. Click the newly added asserter to see the configuration screen for OAM Identity Asserter.

6. Set the control flag to ’REQUIRED’ and click Save.

7. Check that OAM_REMOTE_USER and ObSSOCookie is set for Active Types.

8. Save the settings.

10.2.6.3 Setting the Order of Providers

Reorder the OAM Identity Asserter, OID Authenticator, and Default Authenticator by ensuring that the control flag for each authenticator is set as follows: ■ OAM Identity Asserter: REQUIRED ■ OID LDAP Authenticator or OVD LDAP Authenticator: SUFFICIENT ■ Default Authenticator: SUFFICIENT

10.2.7 Understanding Virtual Host configuration

The WebCenter Suite includes applications that use as the context root. To route these applications through Oracle HTTP Server without virtual hosts you can add the following entry to mod_wl_ohs.conf file: Location SetHandler weblogic-handler WebLogicHost webcenter.example.com WebLogicPort 8889 Location However, this would affect all context roots not explicitly defined. The term virtual host refers to the practice of running more than one Web site such as www.company1.com and www.company2.com on a single machine. Virtual hosts can be IP-based, where you have a different IP address for each Web site, or name-based, where you have multiple names running on each IP address. You must configure virtual hosts both on the HTTP Server and on the load balancer. On the load balancer, configure an externally-facing URL, such as wcedg-pagelet.mycompany.com. This configuration routes to the virtual host configured on the HTTP Servers. For example: ■ wcedg.mycompany.com - webhostn:7777 ■ wcedg-pagelet.mycompany.com - webhostn-pagelet:7777 The steps for configuring the virtual host on the HTTP Server are outlined in Section 10.2.8, Configuring Virtual Hosts for OAM 10g.

10.2.8 Configuring Virtual Hosts for OAM 10g

To configure OAM 10g for virtual hosts, bypass single sign-on and the authentication end points for RSS and the SES crawler, as their use by external RSS readers and SES only support BASIC authorization. In addition, these integrations do not require single Integration With Oracle Identity Management 10-23 sign-on. For more information, see Associating a WebGate with Particular Virtual Hosts, Directories, or Files in the Oracle Access Manager Access Administration Guide for 10g. Locate and comment out the following configuration in httpd.conf file: Comment out this and move to VirtualHost configuration LocationMatch AuthType Oblix require valid-user LocationMatch This entry causes the WebGate to intercept all requests and process them. Move this entry into the virtual host configuration where single sign-on is required, as shown below: NameVirtualHost :7777 VirtualHost :7777 ServerName webhost1.example.com LocationMatch AuthType Oblix require valid-user LocationMatch VirtualHost VirtualHost :7777 ServerName https:wc.mycompany.com:443 LocationMatch AuthType Oblix require valid-user LocationMatch VirtualHost VirtualHost :7777 ServerName admin.mycompany.com:80 LocationMatch AuthType Oblix require valid-user LocationMatch VirtualHost VirtualHost :7777 ServerName wcinternal.mycompany.com:80 LocationMatch AuthType Oblix require valid-user LocationMatch VirtualHost VirtualHost :7777 ServerName webhost1-pagelet.example.com Location SetHandler weblogic-handler WLExcludePathOrMimeType oamsso WebLogicCluster wchost1:9001,wchost2:9001 AuthType Oblix require valid-user Location VirtualHost 10-24 Oracle Fusion Middleware Enterprise Deployment Guide for Oracle WebCenter Restart Oracle HTTP Server. Also be sure to update the DNS with entries for webhost1-pagelet.example.com.

10.3 Oracle Access Manager 11g Integration

This section describes how to set up Oracle Access Manager 11g as the single sign-on solution for the Oracle WebCenter Enterprise Deployment topology. This section contains the following sections: ■ Section 10.3.1, Overview of Oracle Access Manager Integration, ■ Section 10.3.2, Prerequisites for Oracle Access Manager, ■ Section 10.3.3, Install WebGate, ■ Section 10.3.4, Register the WebGate Agent, ■ Section 10.3.5, Setting Up the WebLogic Authenticators, ■ Section 10.3.6, Understanding Virtual Host configuration,