Configuring Solr with Alfresco running on WebLogic

These instructions describe how to configure Solr to communicate with Alfresco deployed on WebLogic 11g Rel1 (10.3.5).

Solr must be deployed on a separate Tomcat instance.

Configure Solr using the following instructions: Configuring Solr.

Please note that the SSL certificate provided with your Alfresco installation will not work on WebLogic. You need to generate a new SSL certificate for Solr to work correctly. For more information, see the instructions in the Generating Secure Keys for Solr Communication section.

Ensure that Alfresco is installed on WebLogic using the instructions described in the section Installing Alfresco on WebLogic .

Edit the <Weblogic_HOME>/user_projects/domains/alf_domain/alfresco-global.properties file, and add the following properties:

dir.keystore=<Weblogic_HOME>/user_projects/domains/alf_domain/keystore
index.subsystem.name=solr
solr.host=<SOLR_HOST>
solr.port=8080     
solr.port.ssl=8443

Create and populate a keystore directory for the Alfresco and Solr servers.
1. Create a folder called <Weblogic_HOME>/user_projects/domains/alf_domain/keystore.
  
  At this stage, the keystore directory will just be a template, containing standard keys that are incompatible with Weblogic.
2. Copy all the files from <alfresco.war>/WEB-INF/classes/alfresco/keystore to this new folder.
  
  To secure the installation, you must follow the steps to generate new keys as explained in the Generating Secure Keys for Solr Communication section.

Open the WebLogic Admin Console:

Go to Environment – Servers – AlfrescoServer – Configuration – General.
Select the SSL Listen Port Enabled checkbox and then enter 8443 in the SSL Listen Port field.
Click Save.
On the Keystores tab, click Change and then select the Custom Identity and Custom Trust value in drop down menu.
Click Save.

In the Identity section, enter following parameter values:

Custom Identity Keystore:
<Weblogic_HOME>/user_projects/domains/alf_domain/keystore/ssl.keystore
Custom Identity Keystore Type:   JCEKS
Custom Identity Keystore Passphrase:   kT9X6oe68t
Confirm Custom Identity Keystore Passphrase:   kT9X6oe68t

In the Trust section provide following parameters:

Custom Trust Keystore: <Weblogic_HOME>/user_projects/domains/alf_domain/keystore/ssl.truststore
Custom Trust Keystore Type:  JCEKS
Custom Trust Keystore Passphrase:   kT9X6oe68t
Confirm Custom Trust Keystore Passphrase:   kT9X6oe68t

Click Save.

Select the SSL tab and then enter the following fields:

Private Key Alias:   ssl.repo     
Private Key Passphrase:   kT9X6oe68t     
Confirm Private Key Passphrase:  kT9X6oe68t

Click Save.

Expand the Advanced link and then enter the following fields:

Two Way Client Cert Behavior: Client Certs Requested But Not Enforced

Click Save.

Test that Alfresco can now be accessed over SSL.
For example, enter https://localhost:8443/alfresco.
In the WebLogic Admin Console, go to Security Realms – myrealm – Providers – Authentication – DefaultIdentityAsserter.
1. In Available Types: select X.509 and move it to the Chosen: list.
2. Click Save.
3. Select the Provider Specific tab and fill following parameters as below:
```
Default User Name Mapper Attribute Delimiter: , (Comma)     
Default User Name Mapper Attribute Type: CN     
Use Default User Name Mapper: true (check the checkbox).
```
4. Click Save.
Restart AdminServer and AlfrescoServer.
In the WebLogic Admin Console, go to Security Realms – myrealm – Users and Groups - Users.
Click New.

In Create a New User page fill following parameters as below:

Name:   Alfresco Repository
Client     Password:   kT9X6oe68t     
Confirm Password:    kT9X6oe68t

Click OK.
To complete the installation, it is necessary to secure the two-way communication between Alfresco and Solr by generating your own keys. Please see the Generating Secure Keys for Solr Communication section.
Restart AlfrescoServer.