How to integrate WebCenter 11g with Oracle Access Manager 11g for Single Sign-On

Oracle WebCenter11g is user interaction product that helps to create social applications, enterprise portals, collaborative communities and internet/intranet websites.

Oracle Access Manager 11g is Oracle’s recommended Single Sign-On solution for Fusion Middleware (SOA, WebCenter, OBIEE, UCM..) and Fusion Applications.

This post covers high level overview and documents related to WebCenter 11g integration with OAM 11g for Single Sign-On.

By default when you install WebCenter you get WebLogic domain with one Admin Server few Managed Servers(Spaces, Portlet, Services). If you are new to WebLogic then check my post on Domain, Admin & Managed server here

    For Single Sign-On integration, you deploy OHS (Oracle HTTP Server) infront of WebLogic Server (check steps to configure OHS in front of WebLogic here), configure WebGate plug-in with OHS check here and migrate from WebLogic’s embedded LDAP store to Oracle Internet Directory check here . You must also use OID as primary identity store of OAM 11g steps here and unprotect some of WebCenter URLs in OAM Console (details to follow in my coming posts).

If you are new to Oracle Access Manager then you can install OAM 11g using my step by step series here  (If you just need OAM then OIM, SOA, OAAM, OAPM and OIN are not required)  

.

Key Points for OAM 11g integration with WebCenter 11g

1. WebCenter 11g R1 PS3 and higher (11.1.1.4+) are certified with OAM 11g R1 (11.1.1.3)

2. When you configure OHS in front of WebLogic then configure following URI’s
a) /webcenter , /rss, /workflow, integration, /soa-infra, and /rest pointing to weblogic Managed Server – Spaces (port 8888)
b) /owc_wiki, owc_discussions pointing to weblogic Managed Server – Discussions (8890)

3. Configure system property oracle.webcenter.spaces.osso &owc_discussions.sso.mode  to true

4. Unprotect following URI from OAM Console (or during WebGate Registration)  /webcenter/…/* ,  /webcenterhelp,  /webcenterhelp/…/*,  /owc_discussions, /owc_discussions/…/*,
/rss, /rss/…/*, /workflow, /workflow/…/*, /integration/services,
/integration/services/…/*,  /soa-infra,  /soa-infra/…/*, 
/rest/api/cmis/…/*, /cs,  /cs/…/*

5. Grant WebCenter Spaces Administrator role to OID user using grantAppRole or Fusion Middleware Control (/em)

.

High Level Steps to configure OAM 11g with WebCenter 11g for Single Sign-On

1. Install OAM 11g (11.1.1.3)

2. Install OID 11g (11.1.1.4 or 11.1.1.5)

3. Change OAM’s primary identity store to OID

4. Install OHS 11g (11.1.1.4 or 11.1.1.5)

5. Configure OID as Authentication Provider in WebLogic (where WebCenter is running)

6. Configure OHS in from of WebLogic (where WebCenter is running)

7. Configure an Instance of Webgate in OAM using RREG or OAM Console

8. Install Webgate with OHS

9. Run configuration steps on WebCenter (changing system properties and other things as mentioned above)

.

Related/References

About the Author Masroof Ahmad

Leave a Comment:

21 comments
Add Your Reply