Creating a root Node
30.1 Introduction to Single Sign-on
Single sign-on can be implemented for WebCenter applications using several solutions. This section describes their benefits and recommended application. Oracle Access Manager OAM, part of Oracles enterprise class suite of products for identity management and security, provides a wide range of identity administration and security functions, including several single sign-on options for WebCenter Spaces and WebCenter Portal applications. OAM in particular, OAM 11g is the recommended single sign-on solution for Oracle WebCenter 11g installations. For deployment environments that are already invested in Oracle 10g infrastructure, and where the Oracle Application Server Single Sign-On OSSO server is used as the primary SSO solution, WebCenter 11g can also be configured to use OSSO for single sign-on. For non-production, development environments where you do not have an enterprise-class single sign-on infrastructure like Oracle Access Manager or Oracle SSO, and you only need to provide a single sign-on capability within WebCenter Spaces and its associated Web applications like Discussions, and Worklist, you can configure a SAML-based SSO solution. If you need to provide single sign-on for other enterprise applications as well, this solution is not recommended.Parts
» Oracle Fusion Middleware Online Documentation Library
» WebCenter Spaces Oracle WebCenter Architecture
» Oracle Composer WebCenter Services
» WebCenter Topology Out-of-the-Box Oracle WebCenter Topology
» WebCenter Managed Servers Oracle WebCenter Topology
» WebCenter Startup Order Oracle WebCenter Topology
» WebCenter Dependencies Oracle WebCenter Topology
» WebCenter Configuration Considerations Oracle WebCenter Topology
» WebCenter State and Configuration Persistence
» WebCenter Log File Locations
» Introducing Oracle WebCenter Oracle WebCenter Spaces
» WebCenter Portal Applications Oracle Fusion Middleware Online Documentation Library
» Understanding Administrative Operations, Roles, and Tools
» Performance Monitoring and Diagnostics
» Understanding Security Oracle Fusion Middleware Online Documentation Library
» WebCenter Application Deployment Oracle Fusion Middleware Online Documentation Library
» Oracle WebLogic Server Administration Console
» System MBean Browser WebCenter Spaces Administration
» WebCenter Portal Administration Console
» Data Migration, Backup, and Recovery Role of the Fusion Middleware Administrator
» Customizing WebCenter Spaces for the First Time Roadmap
» Role of the Fusion Middleware Administrator
» Role of the WebCenter Spaces Administrator
» System Administration for WebCenter Spaces Roadmap
» Application Administration for WebCenter Spaces Roadmap
» System Administration for WebCenter Portal Applications Roadmap
» Displaying Fusion Middleware Control Console Navigating to the Home Page for WebCenter Spaces
» Navigating to the Home Page for WebCenter Portal Applications
» Navigating to Dependent Components
» Deployment Roadmap Deploying WebCenter Portal Applications
» Click Next. Select Create and click Next.
» Provide the connection details for the database to which to add the schema by
» Check Create a New Prefix and enter a prefix to be prepended to the schema
» Check the Metadata Services component. All other components should be left
» Click Next, and click OK when prompted by the Prerequisites pop-up.
» Click Next. Creating an MDS Schema Using the Repository Creation Utility
» On the Map Tablespaces page, click Next
» When prompted to create the tablespaces, click OK, and then click OK again when
» On the Summary page, click Create to create the schema.
» Open Fusion Middleware Control and log in to the target domain.
» In the Navigation pane, expand the farm, then WebLogic Domain.
» Select the domain to which you want to deploy.
» From the WebLogic Domain menu, select Metadata Repositories.
» In the Database-Based Repositories section, click Register.
» In the Database Connection section, enter the following information:
» Click Query. Registering an MDS Schema Using Fusion Middleware Control
» Click OK. Registering an MDS Schema Using Fusion Middleware Control
» Register the MDS schema using the following command:
» Choosing the Information Artifact Store
» Select the target servers to deploy the application to see
» Under Target Metadata Repository, click the icon to display the Select metadata
» Click Next. Deploying Applications Using Fusion Middleware Control
» Click the edit icon for Configure ADF Connections to check connection settings
» Click the edit icon for each connection and check that the connection settings are
» Deploying Applications Using WLST
» In the Domain Structure pane, click Deployments.
» On the Deployment Summary pane, click Install.
» Using the Install Application Assistant Path field, locate the EAR file that
» Select Install this deployment as an application for both WebCenter Portal
» Configuring Applications to Run in a Distributed Environment
» Undeploying WebCenter Applications Using Fusion Middleware Control
» Undeploying WebCenter Applications Using WLST
» Removing an Applications Credential Map
» Preserving Application Configuration Redeployment Considerations
» Redeploying WebCenter Applications Using Fusion Middleware Control
» Checking Security Configurations After Deployment
» Checking Application Connections After Deployment
» Checking Data Source Connections
» Tuning the Application Post-Deployment Configuration
» Starting Node Manager Oracle Fusion Middleware Online Documentation Library
» Starting and Stopping Managed Servers for WebCenter Application Deployments
» Starting WebCenter Portal Applications Using Fusion Middleware Control
» Stopping WebCenter Portal Applications Using WLST
» Setting Application Properties for WebCenter Spaces
» Setting Application Properties for WebCenter Portal Applications
» Specifying the BPEL Server Hosting WebCenter Spaces Workflows
» Configuring Search Crawlers for WebCenter Applications
» Exposing WebCenter Spaces Templates From a Previous Release
» Setting Up the MDS Repository
» Setting Up Database Connections
» Setting Up External Application Connections
» What You Should Know About Content Repository Connections
» Roadmap - Configuring Oracle Content Server for WebCenter Spaces
» Roadmap - Configuring Oracle Content Server for WebCenter Portal Applications
» Oracle Content Server 11g - Installation
» Expand the Administration node, then select Admin Server.
» In the Component Manager, click the advanced component manager link.
» In the Install New Component section, select WebCenterConversions.zip from the
» Select OpenOfficeConversion and click Enable.
» In the Conversions table, select the Accept checkbox for HtmToPDFOpenOffice,
» What You Should Know About the WebCenterConfigure Component Consider the
» What You Should Know About Creating Content Profiles in Oracle Content Server
» What You Should Know About Item Level Security Oracle WebCenter allows
» How to Configure Item Level Security To configure Item Level Security ILS:
» From the Administration menu, choose Admin Server to open Component
» In the Component Manager section, click the Advanced Component Manager
» In the Advanced Component Manager page, scroll down to the Disabled
» From the Options pane on left, select General Configuration.
» How to Configure Additional Settings for WebCenter Portal Applications For a
» From the Administration menu, choose Admin Applets.
» On the Administration Applet page, click User Admin to display the User Admin
» From the Security menu, choose Permissions by Group.
» In the Permission By Group dialog, click Add Group.
» How to Create a Folder using the Oracle Content Server Console To create a folder:
» From the Browse Content menu, choose Contribution Folders to display the root
» On the Contribution Folders page, from the New Item menu, choose New Folder
» From the Security Group dropdown, select WikiBlog that you created as
» How to Create Roles Groups using the Fusion Middleware Control Console In this
» In the table under the Summary of Security Realms section, click myrealm, for
» Select the Users and Groups tab and then the Groups subtab.
» Under the Groups section, click New to display the Create a New Group section.
» How to Create Users using the Fusion Middleware Control Console In this section
» Under Domain Structure, click Security Realms.
» In the table under the Summary of Security Realms section, click myrealm, the
» Select the Users and Groups tab and then the Users subtab.
» Under the Users section, click New to display the Create a New User section.
» In the Name field, specify a name, for example Joe.
» In the Password field, specify a password.
» How to Grant a Role to a User using the Fusion Middleware Control Console In this
» How to Migrate Security to a Production Environment For information about
» Oracle Content Server - Security Considerations
» Oracle Content Server - Limitations in WebCenter
» What You Should Know About Microsoft SharePoint Server Installation
» From the Domain Structure pane, click Deployments.
» In the Summary of Deployments section, under Control, click Install.
» In Install Application Assistant, in Note, click the upload your files link in the
» Click Browse next to Deployment Archive, select the
» Select Install this deployment as a library, if not already selected, and click Next.
» In Select deployment targets, select the managed server on which the WebCenter
» Click Next. Installing Oracle WebCenter Adapter for Microsoft SharePoint
» In Optional Settings, accept the defaults and click Finish.
» Installing WLST Command Scripts for Managing Microsoft SharePoint Connections
» Microsoft SharePoint - Configuration
» Oracle Portal - Security Considerations Oracle Portal - Limitations in WebCenter
» File System - Security Considerations
» File System - Limitations in WebCenter
» What You Should Know About Registering Content Repositories for WebCenter Spaces
» Registering Content Repositories Using Fusion Middleware Control
» Changing the Active or Default Content Repository Connection Using Fusion Middleware Control
» Changing the Active or Default Content Repository Connection Using WLST
» Modifying Cache Settings for Content Presenter
» Setting Connection Properties for the WebCenter Spaces Content Repository Using WLST
» Testing Oracle Content Server Connections
» Testing Oracle Portal Connections
» Changing the Maximum File Upload Size
» What You Should Know About the Activity Graph Service
» Configuration Roadmaps for the Activity Graph Service
» Activity Graph Service Prerequisites
» Running the Activity Graph Engines on a Schedule
» Running the Activity Graph Engines on Demand
» Customizing Reason Strings for Similarity Calculations
» Exporting Activity Graph Metadata
» Deleting Activity Graph Metadata
» Setting Up Activity Rank for Oracle Secure Enterprise Search
» Troubleshooting the Activity Graph Engines Schedule and Status Page
» WebCenter Analytics Components What You Should Know About Oracle WebCenter Analytics
» WebCenter Analytics Task Flows
» Configuration Roadmap for the Analytics Service
» Analytics - Installation Analytics Prerequisites
» Analytics - Configuration Analytics Prerequisites
» Analytics - Security Considerations
» Analytics - Limitations Analytics Prerequisites
» Registering an Analytics Collector Using Fusion Middleware Control
» Registering an Analytics Collector Using WLST
» Disabling WebCenter Event Collection Using WLST
» Validating Analytic Event Collection
» Viewing the Current WebCenter Analytic Event List
» Purging Analytics Data Oracle Fusion Middleware Online Documentation Library
» Partitioning Analytics Data Oracle Fusion Middleware Online Documentation Library
» Troubleshooting Issues with Analytics
» What You Should Know About Discussions Server Connections
» Discussions Server - High Availability Installation
» Discussions Server - Configuration
» Discussions Server - Security Considerations
» Discussions Server - Limitations
» Registering Discussions Servers Using Fusion Middleware Control
» Registering Discussions Servers Using WLST
» Choosing the Active Discussion for Discussions and Announcements Using WLST
» Setting Up Discussions Service Defaults
» Setting Up Announcements Service Defaults
» Granting the Administrator Role with WLST Granting the Administrator Role
» Revoking the Administrator Role
» Authentication Failed Troubleshooting Issues with Announcements and Discussions
» Category Not Found Exceptions
» Configuration Roadmaps for the Events Service
» Addmodify connection Microsoft Exchange Server 2007 - Installation
» Open the WSDL file for the Microsoft Exchange Server Web service, for example:
» Add a service section that points to your Microsoft Exchange Server Web
» Under Node computer_name Web Sites Default Web Site EWS, click
» On the Directory Security tab, in the Authentication and access control, click Edit.
» Select Basic authentication. Microsoft Exchange Server 2007 - Security Considerations
» Click OK. Microsoft Exchange Server 2007 - Security Considerations
» Right-click Services.wsdl and choose Edit.
» On the File Security tab, in the Authentication and access control, click Edit.
» Select Enable anonymous access.
» Repeat steps 6 through 9 for Messages.xsd and Types.xsd.
» Microsoft Exchange Server 2007 - Limitations
» Microsoft Exchange Server 2003 - Installation
» Under Node computer_name Web Sites Default Web Site, create a new
» Make sure the folder has Read privileges.
» Right-click the virtual directory and choose Properties.
» On the Virtual Directory tab, under Application settings, click Create.
» Set the Execute permissions to Scripts and Executables.
» On the ASP.NET tab, ensure that the ASP.NET version is 2.0.XXXXX.
» Click Edit Configuration. Microsoft Exchange Server 2003 - Configuration
» Microsoft Exchange Server 2003 - Security Considerations
» Microsoft Exchange Server 2003 - Limitations
» Registering Events Servers Using Fusion Middleware Control
» Deleting Event Server Connections Using Fusion Middleware Control
» Deleting Event Server Connections Using WLST
» Testing Event Server Connections
» Troubleshooting Issues with Events
» What You Should Know About Instant Messaging and Presence Connections
» OCS - Installation Microsoft Office Communications Server OCS Prerequisites
» Install Microsoft Unified Communications Managed API UCMA 2.0 on the OCS
» Remote Deployment In this topology, the WebCenter Proxy Application is
» Building Application Provisioner This section lists the steps Microsoft provides
» Install Visual Studio 2008 on any developer box not necessarily IISOCS.
» Install UCMA version 0 on the same box following the steps in
» OCS - Security Considerations
» Click Next. LCS - Configuration
» Click Finish. The newly created virtual directory appears under Default Web Site
» In the Virtual Directory tab, under Application settings, click Create. Notice that
» Select Scripts and Executables from the Execute permissions dropdown list
» Under the ASP.NET tab, select the ASP.NET version as 2.0 or higher from the
» Click OK. LCS - Configuration
» Ensure that the LSC pool name in the LCS connection has been set.
» Test the Web service by accessing the Web site from the following URL format:
» LCS - Installation LCS - Security Considerations
» OWLCS - Installation Oracle WebLogic Communications Server OWLCS Prerequisites
» OWLCS - Configuration Oracle WebLogic Communications Server OWLCS Prerequisites
» OWLCS - Security Considerations
» OWLCS - Limitations Oracle WebLogic Communications Server OWLCS Prerequisites
» Registering Instant Messaging and Presence Servers Using Fusion Middleware Control
» Registering Instant Messaging and Presence Servers Using WLST
» Modifying Instant Messaging and Presence Connections Details Using Fusion Middleware Control
» Modifying Instant Messaging and Presence Connections Details Using WLST
» Setting Up Instant Messaging and Presence Service Defaults
» Testing Instant Messaging and Presence Connections
» What You Should Know About Mail Server Connections
» Configuration Roadmaps for the Mail Service
» Add the Certificate to the WebCenter Keystore
» Microsoft Exchange Server Considerations
» Mail Server - Security Considerations
» Registering Mail Servers Using Fusion Middleware Control
» Registering Mail Servers Using WLST
» Deleting a Mail Connection Using Fusion Middleware Control
» Setting Up Mail Service Defaults Testing Mail Server Connections
» Mail Service is Not Accessible in Secure Mode
» Mail Service is Not Accessible in Non-Secure Mode
» Unable to Create Distribution Lists in the Non-Secure Mode
» Unable to Create Distribution Lists in the Secure Mode
» Unable to Configure the Number of Mails Downloaded
» Unable to Publish and Archive Space Mail Changing Passwords on Microsoft Exchange
» Mail Content Sent as Attachments
» What You Should Know About Subscription Defaults
» Setting Subscription Defaults Setting Up Default Subscription Preferences
» In the Sender Mail Address field, enter a mail address from which all
» Setting the Connection Type for Notifications Using WLST
» What You Should Know About Overwriting Default Notification Templates
» Overwriting a Default Notifications Template
» Testing the Notifications Connection
» Troubleshooting Issues with Notifications
» What You Should Know About WebCenter Personalization
» WebCenter Personalization Installation Requirements
» WebCenter Personalization Configuration Requirements
» WebCenter Personalization Security WebCenter Personalization Prerequisites
» WebCenter Personalization Limitations WebCenter Personalization Prerequisites
» WebCenter Personalization Configuration Options
» Configuring the Trust Service in the WebCenter Domain
» Configuring the Trust Service in the Integrated WLS Domain
» Configuring Cross-Domain Trust Configuring the WebCenter OPSS Trust Service
» Understanding WebCenter Personalization Connection Information
» Connection Configuration Attributes Creating or Modifying Provider Connection Settings
» Configuring Connections Using WLST
» Editing Connection Settings Using JConsole
» Configuring the CMIS Provider
» Configuring the Activity Graph Provider Configuring the Oracle People Connections Locator
» Configuring Coherence Oracle Fusion Middleware Online Documentation Library
» Configuring the Content Presenter Task Flow Parameters Configuring the Conductor’s Scenario Tags
» Configuring Single Sign-on Oracle Fusion Middleware Online Documentation Library
» Allowing Anonymous Execution of Scenarios
» Disabling Scenario Creation by Anonymous Users Disabling Scenario Creation by Authenticated Users
» What You Should Know About the RSS Service
» RSS Prerequisites Oracle Fusion Middleware Online Documentation Library
» Setting Up a Proxy Server Using Fusion Middleware Control
» Setting Up a Proxy Server Using WLST
» Testing External RSS News Feed Connections
» To connect to a new Oracle SES instance, click Add
» Use the WLST command createSESConnection to create a connection to
» Select the Active Connection checkbox
» Log in to Fusion Middleware Control and navigate to the home page for the
» From the Service Connection drop-down, select Search.
» Select the connection name, and click Delete.
» Deleting Search Connections Using WLST
» Testing Oracle SES Connections
» Setting Up Oracle Content Server for Oracle SES Search
» From the Administration dropdown menu, select Admin Server
» Restart Oracle Content Server.
» Setting Up Oracle WebCenter Discussions for Oracle SES Search
» Configure the Document Service Manager one time for each Oracle SES instance.
» From the Source Type dropdown list, select Oracle Content Server, and click
» Enter the following parameters:
» Click Create Customize or edit a created source to see other source
» Click Enable and select the pipeline you created.
» To crawl a Microsoft SQL Server or IBM DB2 database, download the
» In Oracle SES, go to Home Sources.
» From the Source Type dropdown list, select Database, and click Create
» Click Next. Oracle Fusion Middleware Online Documentation Library
» From the WebCenter menu, choose Settings Application Configuration.
» Setting Up WebCenter for Oracle SES Search
» On the Data Browser tab, navigate to the target cn and click Create. This
» Find the distinguished name DN path, and click Select
» In the Create New Entry dialog, enter properties, and click Next
» Log on to Oracle Content Server as a system administrator. For example:
» Click Create to complete the source creation.
» Configuring Search Crawlers Using WLST
» Oracle SES Crawling No Search Results Found
» Search Failure Errors Cannot Grant View Permissions to WebCenter
» Restricting Oracle SES Results by Source Group or Source Type
» Roadmap - Configuring the Worklist Service for WebCenter Spaces
» Roadmap - Configuring the Worklist Service for WebCenter Portal Applications
» What You Should Know About BPEL Connections
» BPEL Server - Installation and Configuration
» BPEL Server - Security Considerations
» BPEL Server - Limitations in WebCenter
» What You Should Know About Worklist Connections
» To register a new connection, click Add
» Click OK to save this connection.
» Click Test to verify if the connection you created works. For a successful
» Registering Worklist Connections Using WLST
» Select the Worklist check box to activate this Worklist connection in the
» Click OK to update the connection.
» Click Test to verify if the connection you activated works. For a successfully
» Activating a Worklist Connections Using WLST
» Log in to Fusion Middleware Control and navigate to the home page for
» From the list of services on the WebCenter Services Configuration page, select
» Select the Worklist connection you want to activate, and then click Edit.
» Edit connection details, as required. For detailed parameter information, see
» Click Test to verify if the updated connection works. For a successfully updated
» Modifying Worklist Connection Details Using WLST
» Select the Worklist connection you want to delete, and then click Delete.
» To effect this change you must restart the managed server on which the
» Deleting Worklist Connections Using WLST
» adf-config.xml Refers to a Non-Existent BPEL Connection
» adf-config.xml Has No Reference to a BPEL Connection
» No Rows Yet Message Displays
» Users Mismatch in Identity Stores Shared User Directory Does Not Include the weblogic User
» Issues with the wsm-pm Application
» Clocks are Out of Sync for More Than Five Minutes
» Worklist Service Timed Out or is Disabled
» What You Should Know About Portlet Producers
» Registering a WSRP Producer Using Fusion Middleware Control
» Registering a WSRP Producer Using WLST
» Adding a Grant to the Policy Store for a Mapped User Identity
» Registering a WSRP Portlet Producer in WebCenter Spaces
» Registering a WSRP Portlet Producer in WebCenter Portal Applications
» Testing WSRP Producer Connections
» Registering an Oracle PDK-Java Producer Using Fusion Middleware Control
» Registering an Oracle PDK-Java Producer Using WLST
» Registering an Oracle PDK-Java Portlet Producer in WebCenter Spaces
» Registering an Oracle PDK-Java Portlet Producer in WebCenter Portal Applications
» Testing Oracle PDK-Java Producer Connections
» Editing Producer Registration Details Using Fusion Middleware Control
» Editing Producer Registration Details Using WLST
» Migrating WSRP Producer Metadata to a New WSDL URL
» Deploying Portlet Producer Applications Using Oracle JDeveloper
» Deploying Portlet Producer Applications Using Fusion Middleware Control
» Deploying Portlet Producer Applications Using Oracle WebLogic Server Administration Console
» Deploying Portlet Applications Using WLST
» Producer Registration Fails for a WebCenter Portal Application
» Portlet Unavailable: WSM-00101 Exception
» What You Should Know About the Oracle WebCenter Pagelet Producer
» Registering the Pagelet Producer for WebCenter Applications Using Fusion Middleware Control
» Registering the Pagelet Producer for WebCenter Applications Using WLST
» Configuring the Pagelet Producer Service
» General Creating Pagelet Producer Resources and Pagelets
» CSP Creating Pagelet Producer Resources and Pagelets
» On the Autologin page for the resource, expand the Form Login section.
» The login page can be identified by an URL or a regular expression. In the Login
» Set the login form action. In the Form Submit Location section, choose one of the
» To map fields from the form to authentication field sources, either click
» Click Create to add a new row to the Form Fields list.
» Type the name of the HTML form input in the Field Name box.
» For details on how to configure the Source and Value properties, see
» Headers Parsers To delete field mappings, click Delete.
» Consuming WSRP Portlets Oracle Fusion Middleware Online Documentation Library
» Open the Pagelet Producer Console and select Producers from the drop-down
» Using WSRP Producers Click Refresh, then click Save.
» Logging Configuring Pagelet Producer Settings
» Troubleshooting Pagelets Oracle Fusion Middleware Online Documentation Library
» What You Should Know About External Applications
» Registering External Applications Using Fusion Middleware Control
» Registering External Applications Using WLST
» Registering External Applications in WebCenter Spaces
» Registering External Applications in WebCenter Portal Applications
» Modifying External Application Connection Using Fusion Middleware Control
» Modifying External Application Connection Using WLST
» Testing External Application Connections
» Deleting External Application Connections Using Fusion Middleware Control
» Deleting External Application Connections Using WLST
» Deleting External Applications Connections in WebCenter Spaces
» Deleting External Applications Connections in WebCenter Portal Applications
» What You Should Know About REST Services
» Handling Authentication Oracle Fusion Middleware Online Documentation Library
» Introduction to WebCenter Application Security
» Administrator Accounts Application Roles and Enterprise Roles
» File-based Credential Store Default Identity and Policy Stores
» Permission-based Authorization Default Policy Store Permissions and Grants
» Role-mapping Based Authorization Default Policy Store Permissions and Grants
» Default Policy Store Permissions for WebCenter Spaces
» Post-deployment Security Configuration Tasks
» Configuring SAML Single Sign-on Produces 403 Error
» Reassociating the Identity Store with an External LDAP Server
» Tuning the Identity Store for Performance
» Adding Users to the Identity Store Using the WLS Administration Console
» Adding Users to the Identity Store Using an LDIF File
» From the WebCenter menu, select Security - Application Roles.
» Search for the WebCenter Spaces Administrator role:
» Select Select Application Stripe to Search.
» Select webcenter. Oracle Fusion Middleware Online Documentation Library
» Migrating the WebCenter Discussions Server to Use an External LDAP
» Changing the Administrator Group Name
» Restoring the Single Authenticator
» Understanding the REST Service Instance and Identity Asserter
» Setting up the Client Application
» Configuring the WLS Trust Service Asserter
» Reassociating the Credential and Policy Store Using Fusion Middleware Control
» Reassociating the Credential and Policy Store Using WLST
» Reassociating the Policy and Credential Store with a Database Managing Credentials
» Configuring Self-Registration By Invitation in WebCenter Spaces
» Introduction to Single Sign-on
» Installing and Configuring OAM 11g
» Set the control flag to SUFFICIENT and click Save.
» Open the Provider Specific tab.
» From the Domain Structure pane, click Security Realms.
» Click New to create a provider.
» Set the control flag to REQUIRED and check that OAM_REMOTE_USER and
» Navigate to the Provider Settings pane see
Show more