iKnowBase Installation Guide

Welcome to the iKnowBase Installation Guide. Note that this installation guide only covers upgrades from iKnowBase 5.7.2 and newer. If you are upgrading from an older version, you must first upgrade to iKnowBase 5.7.2 using the old upgrade instructions, and then use these upgrade instructions to upgrade to the latest version.

Introduction

This book is conceptually structure into three parts:

• Part one (comprised of the chapters Installation toplogies, Quick installation and upgrade overview and Configuration overview) gives an overview of the installation. For experience users, the installation and upgrade overview chapter contains most of the required information.

• Part two (comprised of a chapter for the Database repository, one chapter for each of some of the java applications and one chapter for the Solr search server) gives a more detailed understanding of what the installation of these components actually include.

• Part three (comprised of one chapter for each supported servlet- or application server) contains detailed information about installations on that particular platform.

Table of contents

1. iKnowBase Installation Guide
   1. Introduction
   2. Table of contents
2. Installation topologies
   1. iKnowBase components
   2. Deployment options
      1. The iKnowBase repository
      2. The web tier
   3. Supported infrastructure
3. Quick installation and upgrade overview
   1. Recommended directory structure
   2. Download and install the iKnowBase software
   3. Prepare the instance-specific home directory and configuration
   4. Install or upgrade the database repository
   5. Start the iKnowBase application
4. Configuration
   1. Overview
   2. Property sources
      1. System properties
      2. The ikb_installation_properties database table
5. Database repository
   1. Fresh install
      1. Prepare the database schema
      2. Custom step for Oracle 12c database with Pluggable databases (PDB)
      3. Import startup data based on a export file
   2. Upgrade
      1. Export existing scripts
      2. Prepare the database schema
      3. Upgrade schema and install latest code
      4. Recompile invalid packages
   3. De-installation
   4. Advanced topics
      1. Global runtime preferences
      2. Duplicate an existing installation
      3. Running iKnowBase in a Oracle Enterprise Edition database
6. Java applications
   1. Overview
   2. Special requirements
   3. Install/upgrade
   4. Web application security
   5. Advanced topics
      1. Deploy with alternate context root (/ikbViewer)
      2. Clustering
7. The web application runtime module
   1. The in-memory cache manager
   2. The SecureToken engine
8. Viewer module
   1. ContentServer
   2. PageEngine
   3. SearchClientConfiguration
      1. Activiti BPM Platform
      2. iKnowBase ProcessServices BPEL Client
9. Batch module
   1. ContentIndexer
   2. EmailReader
   3. EmailSender
   4. FileConverter
      1. Understanding the FileConverter
      2. Installing Outside In technology
      3. Configuration properties
      4. Testing and troubleshooting
         1. Running tests
         2. Missing libraries
         3. Missing fonts
   5. ImageEditor
   6. PageEngine
10. Development Studio module
11. WebDav module
    1. Installation
    2. Configuring the FTP Service
    3. Client configuration
    4. Troubleshooting
       1. Microsoft Office on Mac requires SSLv3 protocol support
12. Instant module
    1. Installation
       1. Special requirements
    2. Configuring the Instant module
       1. InstantQueueServerConfiguration
    3. Testing and troubleshooting
13. Web Application Security
    1. Quick install
    2. Overview
    3. Configuration
    4. Authentication
       1. Default authentication module
          1. Instant and WebDav
       2. Force a specific authentication mechanism
       3. Available authentication modules
          1. Username and password capable Providers
          2. SAML capable Providers
             1. SAML account connection
             2. SAML and multiple identity providers
             3. SAML and multiple service providers
             4. SAML services and endpoints
             5. SAML verified identity providers
          3. Social capable Providers
          4. Trusted HTTP request header as authentication
          5. iKnowBase Auth Token
             1. iKnowBase Auth Token: LOGIN
             2. iKnowBase Auth Token: ACTIVATION
          6. Authentication token processing
    5. Authorization
       1. Administrator
       2. Development toolkit
       3. iKnowBase 6.5 and earlier versions
    6. Switch user
       1. Switch user access check procedure
       2. Switch user audit procedure
       3. Switch user database object ot_switch_user
       4. Trigger switch user
    7. Logout
    8. Custom security implementation
    9. Examples
       1. Set password for users in iKnowBase User Repository
       2. Form based authentication against iKnowBase User Repository
       3. Custom login form
       4. Basic authentication against iKnowBase User Repository
       5. Username and password authentication against LDAP User Repository
       6. Authentication against LDAP User Repository with mapping for the iKnowBase username
       7. Windows single sign on
          1. Prerequisites
          2. Configure Active Directory (Windows Server 2008 R2)
          3. Configure Web Application Security (SPNEGO and LDAP)
          4. Configure Active Directory for end users
          5. Configure user synchronization for Active Directory users
          6. Using an alternative username
          7. Configuring multiple and separate user dn patterns
          8. Combined Windows single sign on and iKnowBase User Repository
          9. Conditional SPNEGO support
          10. SPNEGO fallback
       8. Explicit authentication trigger with redirect
       9. Integrating with Oracle SSO 10g
          1. Guarantee integrity of HTTP server Osso-User-Dn
          2. Rely on Oracle HTTP Server OSSO plugin
          3. Configure the iKnowBase Header authentication module
       10. Integrating with ADFS using SAML
           1. Set up iKnowBase as a service provider
           2. Register ADFS identity provider with iKnowBase
           3. Register iKnowBase service provider with ADFS
           4. Map identity provider user account attributes
           5. Login options and verify setup
       11. Switch user database procedures
           1. Package spec
           2. Package body
       12. Enable Social authentication with user activation link
    10. Troubleshooting
        1. I only want to change the configuration for a specific web application
        2. 'AES-256-bit is not supported', 'java.security.InvalidKeyException: Illegal key size' or 'Unable to initialize due to invalid secret key'
        3. Error creating bean with name 'aesBytesEncryptor'
        4. On demand LDAP Sync during login fails
        5. SAML custom ADFS claim as iKnowBase username is not picked up
    11. SpringSecurityConfiguration
        1. Debug
        2. Default authentication module
        3. Authentication modules
           1. Basic module configuration
           2. Container module configuration
           3. Form module configuration
           4. FormAuto module configuration
           5. Header module configuration
           6. Spnego module configuration
           7. LDAP UsernamePassword authentication provider
           8. iKnowBase UsernamePassword authentication provider
           9. SAML authentication provider
           10. Social authentication provider
        4. Secure Token authentication
        5. Anonymous / Public authentication provider
        6. iKnowBase User Details
        7. Switch User
        8. User Account Activation
        9. IKB Auth Token
14. Apache Solr Search Server
    1. Installation
    2. Upgrade an existing SOLR instance
    3. Starting and stopping
    4. Configuration
       1. Security-plugin
       2. SolrCloud
       3. Configure the iKnowBase applications
15. iKnowBase Quickstart embedded web server
    1. Preparations
    2. Configure the quickstart instance
    3. Run and test the quickstart instance
    4. Deploy the applications
       1. Default deployment
       2. Specify applications to deploy
       3. Add custom applications
       4. Customizing the url mount point
       5. Defining virtual hosts
    5. Configure Web Application Security
    6. Configure SSL
       1. Terminating SSL in an external proxy
       2. Configuring SSL listener in iKnowBase Quickstart
    7. Advanced topics
       1. Specify session cookie domain
       2. Specify work directory
       3. Specify logs directory
       4. Setting max form size
    8. Troubleshooting
       1. Database connections through firewall or on an unreliable network
       2. Unexpected error occurred: java.lang.IllegalStateException: Form too large
16. Installing on Oracle WebLogic Server
    1. Installation and configuration of WebLogic
       1. Non-clustered:
       2. Clustered:
    2. JDBC drivers for WebLogic <= 12.1.2
       1. For Oracle Database 11g and higher
    3. Create and deploy data source
    4. Configure web application security
    5. Deploy applications
       1. Non-clustered
       2. Clustered
          1. Clusters and session replication
    6. Configure user realms (authentication)
       1. Using Oracle Internet Directory for authentication
       2. Using the iKnowBase user repository for authentication
          1. Overview
          2. Installation
          3. Troubleshooting
    7. Configure SSL
       1. Terminating SSL in the application server
       2. Terminating SSL in an external proxy
    8. Troubleshooting
       1. Database connections through firewall or on an unreliable network
       2. WARN - BEA-101388 - The ServletContext was passed to the ServletContextListener.contextInitialized method of a ServletContextListener that was neither declared in web.xml or web-fragment.xml, nor annotated with javax.servlet.annotation.WebListener
       3. WebServices: java.lang.NoSuchMethodError: oracle.xml.parser.v2.XMLDocument.setSkipNodeNameValidate
17. Installing on GlassFish Server
    1. Installation and configuration of GlassFish itself.
       1. Non-clustered:
       2. Clustered:
    2. Configuring a database data source
    3. Configuring cluster single-sign-on-state
    4. Configuring the HTTP listener for ikbInstant
    5. Deploy the applications
       1. Non-clustered
       2. Clustered
    6. Deploy the /ressurs-directory
    7. Configure Web Application Security
    8. Configure SSL
       1. Terminating SSL in the application server
       2. Terminating SSL in an external proxy
    9. Troubleshooting
       1. Using custom passwords on java keystores
       2. GlassFish server.log: AS-NAMING-00006 and RAR8067
       3. GlassFish server.log: log4j called after unloading and Class invariant violation
       4. Database connections through firewall or on an unreliable network