These instructions describe how to configure Solr 4 to communicate with SkyVault deployed
on WebLogic.
Solr 4 must be deployed on a separate Tomcat instance.
- Configure Solr 4 using these instructions: Configure Solr 4 search service.
Note: The SSL certificate provided with your SkyVault installation will not work on WebLogic.
You need to generate a new SSL certificate for Solr to work correctly. For more information,
see the instructions in Generating secure keys for Solr 4 communication.
Ensure that SkyVault is installed on WebLogic using the instructions described in Installing SkyVault on WebLogic.
-
Edit the
<Weblogic_HOME>/user_projects/domains/alf_domain/alfresco-global.properties
file, and add the following properties:
dir.keystore=<Weblogic_HOME>/user_projects/domains/alf_domain/keystore index.subsystem.name=solr4 solr.host=<SOLR_HOST> solr.port=8080 solr.port.ssl=8443
-
Create and populate a keystore directory for the SkyVault and Solr servers.
-
Create a folder called
<Weblogic_HOME>/user_projects/domains/alf_domain/keystore.
Note: At this stage, the keystore directory will just be a template, containing standard keys that are incompatible with Weblogic.
-
Copy all the files from <SOLR_HOME>/alf_data/keystore to
this new folder.
Note: To secure the installation, you must follow the steps to generate new keys as explained in Generating secure keys for Solr 4 communication.
-
Create a folder called
<Weblogic_HOME>/user_projects/domains/alf_domain/keystore.
-
Open the WebLogic Admin Console:
- Go to Environment – Servers – SkyVaultServer – Configuration – General.
- Select the SSL Listen Port Enabled checkbox and then enter 8443 in the SSL Listen Port field.
- Click Save.
- On the Keystores tab, click Change and then select the Custom Identity and Custom Trust value in drop down menu.
- Click Save.
-
In the Identity section, enter following parameter values:
Custom Identity Keystore: <Weblogic_HOME>/user_projects/domains/alf_domain/keystore/ssl.keystore Custom Identity Keystore Type: JCEKS Custom Identity Keystore Passphrase: kT9X6oe68t Confirm Custom Identity Keystore Passphrase: kT9X6oe68t
-
In the Trust section provide following parameters:
Custom Trust Keystore: <Weblogic_HOME>/user_projects/domains/alf_domain/keystore/ssl.truststore Custom Trust Keystore Type: JCEKS Custom Trust Keystore Passphrase: kT9X6oe68t Confirm Custom Trust Keystore Passphrase: kT9X6oe68t
- Click Save.
-
Select the SSL tab and then enter the following fields:
Private Key Alias: ssl.repo Private Key Passphrase: kT9X6oe68t Confirm Private Key Passphrase: kT9X6oe68t
- Click Save.
-
Expand the Advanced link and then enter the following fields:
Two Way Client Cert Behavior: Client Certs Requested But Not Enforced
- Click Save.
-
Test that SkyVault can now be accessed over SSL.
For example, enter https://localhost:8443/SkyVault.
-
In the WebLogic Admin Console, go to Security Realms – myrealm – Providers –
Authentication – DefaultIdentityAsserter.
- In Available Types: select X.509 and move it to the Chosen: list.
- Click Save.
-
Select the Provider Specific tab and fill following
parameters as below:
Default User Name Mapper Attribute Delimiter: , (Comma) Default User Name Mapper Attribute Type: CN Use Default User Name Mapper: true (check the checkbox).
- Click Save.
- Restart AdminServer and SkyVaultServer.
- In the WebLogic Admin Console, go to Security Realms – myrealm – Users and Groups - Users.
- Click New.
-
In Create a New User page fill following parameters as below:
Name: SkyVault Repository Client Password: kT9X6oe68t Confirm Password: kT9X6oe68t
- Click OK.
- To complete the installation, it is necessary to secure the two-way communication between SkyVault and Solr by generating your own keys. For details, see Generating secure keys for Solr 4 communication.
- Restart SkyVaultServer.