These instructions describe how to configure Solr to communicate with SkyVault
deployed on WebLogic 11g Rel1 (10.3.5).
Solr must be deployed on a separate Tomcat instance.
Note: The SSL certificate provided with your SkyVault installation will not work on WebLogic.
You need to generate a new SSL certificate for Solr to work correctly. For more information,
see the instructions in the Generating Secure
Keys for Solr Communication topic.
Ensure that SkyVault is installed on WebLogic using the instructions described in the section Installing SkyVault on WebLogic .
-
Edit the
<Weblogic_HOME>/user_projects/domains/alf_domain/alfresco-global.properties
file, and add the following properties:
dir.keystore=<Weblogic_HOME>/user_projects/domains/alf_domain/keystore index.subsystem.name=solr solr.host=<SOLR_HOST> solr.port=8080 solr.port.ssl=8443
-
Create and populate a keystore directory for the SkyVault and Solr servers.
-
Create a folder called
<Weblogic_HOME>/user_projects/domains/alf_domain/keystore.
Note: At this stage, the keystore directory will just be a template, containing standard keys that are incompatible with Weblogic.
-
Copy all the files from
<alfresco.war>/WEB-INF/classes/alfresco/keystore to this new
folder.
Note: To secure the installation, you must follow the steps to generate new keys as explained in the Generating Secure Keys for Solr Communication section.
-
Create a folder called
<Weblogic_HOME>/user_projects/domains/alf_domain/keystore.
-
Open the WebLogic Admin Console:
- Go to Environment – Servers – SkyVaultServer – Configuration – General.
- Select the SSL Listen Port Enabled checkbox and then enter 8443 in the SSL Listen Port field.
- Click Save.
- On the Keystores tab, click Change and then select the Custom Identity and Custom Trust value in drop down menu.
- Click Save.
-
In the Identity section, enter following parameter values:
Custom Identity Keystore: <Weblogic_HOME>/user_projects/domains/alf_domain/keystore/ssl.keystore Custom Identity Keystore Type: JCEKS Custom Identity Keystore Passphrase: kT9X6oe68t Confirm Custom Identity Keystore Passphrase: kT9X6oe68t
-
In the Trust section provide following parameters:
Custom Trust Keystore: <Weblogic_HOME>/user_projects/domains/alf_domain/keystore/ssl.truststore Custom Trust Keystore Type: JCEKS Custom Trust Keystore Passphrase: kT9X6oe68t Confirm Custom Trust Keystore Passphrase: kT9X6oe68t
- Click Save.
-
Select the SSL tab and then enter the following fields:
Private Key Alias: ssl.repo Private Key Passphrase: kT9X6oe68t Confirm Private Key Passphrase: kT9X6oe68t
- Click Save.
-
Expand the Advanced link and then enter the following fields:
Two Way Client Cert Behavior: Client Certs Requested But Not Enforced
- Click Save.
-
Test that SkyVault can now be accessed over SSL.
For example, enter https://localhost:8443/SkyVault.
-
In the WebLogic Admin Console, go to Security Realms – myrealm – Providers –
Authentication – DefaultIdentityAsserter.
- In Available Types: select X.509 and move it to the Chosen: list.
- Click Save.
-
Select the Provider Specific tab and fill following
parameters as below:
Default User Name Mapper Attribute Delimiter: , (Comma) Default User Name Mapper Attribute Type: CN Use Default User Name Mapper: true (check the checkbox).
- Click Save.
- Restart AdminServer and SkyVaultServer.
- In the WebLogic Admin Console, go to Security Realms – myrealm – Users and Groups - Users.
- Click New.
-
In Create a New User page fill following parameters as below:
Name: SkyVault Repository Client Password: kT9X6oe68t Confirm Password: kT9X6oe68t
- Click OK.
- To complete the installation, it is necessary to secure the two-way communication between SkyVault and Solr by generating your own keys. For details, see the Generating Secure Keys for Solr Communication topic.
- Restart SkyVaultServer.