How to configure Indirect Password using Enterprise Manager Data Source?

In production environments, while configuring datasources in OC4J using Enterprise Manager, the credential password should not be exposed as clear text. To secure it, there is an option called "Use Indirect Password" while configuring datasources in Oracle SOA Suite 10.1.3.1.

Step 1:

As shown above, provide the "Indirect Password" such as "PwdForORABPEL" & save the data source. This updates the following file

ORACLE_HOME\j2ee\OC4J_HOME\config\data-sources.xml

Step 2:

Provide the actual Indirect Password in ORACLE_HOME\j2ee\OC4J_HOME\config\system-jazn-data.xml

Step 3:

Restart the OC4J. This encrypts the password like the one as shown below

What is a BPEL Worklist Application & How to customize the Worklist Application?

The Oracle BPEL Worklist Application (Worklist Application) is a Web interface that enables users to act on their assigned human workflow tasks.

Accessing the Worklist Application in Local Languages

Using the sample worklist configured with the user community in the JAZN XML file, you can set the user's preferred language and time zone in the demo-users-properties.xml file as follows:

<timeZone>America/Los_Angeles</timeZone> <languagePreference>en_US</languagePreference>

The demo-users-properties.xml file is found in Oracle_Home\bpel\system\services\config

When a user opens a browser and logs in to the Worklist Application, the worklist screens are rendered in the browser's locale and time zone. Most strings in the Worklist Application come from the worklist application bundle. By default, this is the class
oracle.bpel.services.workflow.resource.WorkflowResourceBundle

Customizing the Worklist Application

I. Worklist Application Architecture 

The Worklist Application follows the standard model-view-controller approach.

i. A request coming from the browser is handled by a servlet. The servlet validates the request and calls the appropriate workflow service client API to query or update data.

ii. The worklist client APIs support a variety of different protocols (local and remote EJBs, direct java invocation, SOAP) for invoking the underlying workflow service.

iii. After the API call, the servlet stores the data required for rendering the next page in the session. The JSP picks up the data from the session, renders the data, and removes it from the session.

iv. The servlets are responsible for making the back-end API calls and the JSPs are responsible for formatting the data.

The Worklist Application servlets are at

$ORACLE_HOME/j2ee/oc4j_soa/applications/hw_services/worklistapp/src/worklistapp/servlets

All servlets extend the class worklistapp.servlets.BaseServlet. This class implements common functionality required by all servlets, such as authentication.

The JSPs are at $ORACLE_HOME/j2ee/oc4j_soa/applications/hw_services/worklistapp/public_html

The workflow client API is a public interface made available by the workflow services. The

interface is at oracle.bpel.services.workflow.client.IWorkflowServiceClient

An instance of the API interface can be obtained by invoking the getWorkflowServiceClient

method on oracle.bpel.services.workflow.client.WorkflowServiceClientFactory

A typical page flow sequence is as follows

• The first time a user enters the login URL, the login servlet redirects the page to the login JSP that is sent to the browser.
• The user enters a username and password and the login servlet calls the authenticate method on the task query service.
• If successful, it redirects to the TaskList servlet URL.
• The browser's request then goes to the TaskList servlet that calls the queryTasks method on the task query service for getting the tasks that the user should see.
• Then it redirects the page to the TaskList JSP that is sent to the browser.
• When a user clicks a task link, the request is handled by the TaskDetails servlet.
• This calls the getTaskDetailsById method on the task query service and redirects the page to the TaskDetails JSP that is sent to the browser.

II. Changing the Client-Service Binding for the Worklist Application
The workflow services client interfaces can use a number of protocols to communicate with the workflow services. The client implementations encapsulate all the communication details,
and users of the client interfaces do not need to be concerned with the details.

The Worklist Application is deployed in the same container as the workflow services, by default, and the application uses the Java client.

To switch the client type used by the Worklist Application, modify the init method in BaseServlet.java as follows:

public void init(ServletConfig config) throws ServletException
{
super.init(config);
try
{
wfSvcClient = WorkflowServiceClientFactory.getWorkflowServiceClient(
WorkflowServiceClientFactory.JAVA_CLIENT);
}
catch (Exception e)
{
wlSvcError = getStackTraceString(e);
}
}
Also, change WorkflowServiceClientFactory.JAVA_CLIENT to one of the following:

• WorkflowServiceClientFactory.SOAP_CLIENT—to use the SOAP-based Web services interface
• WorkflowServiceClientFactory.LOCAL_CLIENT—to use the local EJB interface
• WorkflowServiceClientFactory.REMOTE_CLIENT—to use the remote EJB interface

In addition, ensure that the wf_client_config.xml file is correctly set up for the client type that you select.

How to configure BPEL Worklist Application to use Oracle Single Sign On Server?

Before starting with the below mentioned steps, make sure you have configured 10.1.3.x Mid-tier Instance to Use Oracle Single Sign On Server.

Step 1. Protect URL/Web Context Root (Statically)

Now, you can protect URLs with mod_osso by applying directives to the mod_osso.conf file.

This file is found at $ORACLE_HOME/Apache/Apache/conf.

<IfModule mod_osso.c> 

<Location /integration/worklistapp > 

AuthType Basic 

require valid-user 

</Location> 

</IfModule>

Step 2. Configure SSO Realm Information

Navigate to the following file.

$ORACLE_HOME/bpel/system/services/config/wf_client_config.xml Change jazn.com to the realm name in SSO.

<portal> 

<realmmapping>

your_realm

</realmmapping> 

</portal>

Step 3:Modification of Servlet Code under worklistapp

Step 3a:

Open the $ORACLE_HOME\j2ee\oc4j_soa\applications\hw_services\worklistapp\src\worklistapp\ser vlets\BaseServlet.java file.

Remove the following code fragment that begins on line 218 in the validateSession() method:

else 

{ // forward request to login page, if user session is null

//(not if session store or wfCtx is null, as login servlet will set them) 

if ( userSession == null ) 

{ 

RequestDispatcher rd = getServletContext().getRequestDispatcher(WorklistappConstants.PAGE_LOGIN_JSP); 

if (rd != null) 

{ 

rd.forward(request,response); 

return false; 

} 

} 

}

Step 3b:

Open the Login.java file in the same directory. Replace the code up to the end of the try{} block in the handleRequest() method with the following:

user = getParameter(request,WorklistappConstants.PARAM_LOGIN_USER); 

String password = getParameter(request,WorklistappConstants.PARAM_LOGIN_ PASSWORD);

String realm = getParameter(request,WorklistappConstants.PARAM_LOGIN_REALM); 

String redirectURL = getParameter(request,WorklistappConstants.PARAM_REDIRECT_ URL);

HttpSession userSession = request.getSession(true); 

SessionStore sessStore = new SessionStore(userSession); 

String remoteUser = request.getRemoteUser(); 

if ((user == null) && (password == null) && (remoteUser == null)) 

{ 

pageRedirect(request, response, WorklistappConstants.PAGE_LOGIN_JSP); 

return; 

} 

try 

{ 

IWorkflowContext wfCtx = null; 

if ( user != null ) 

{ //Authenticate the supplied credentials 

wfCtx = wfSvcClient.getTaskQueryService().authenticate(user, password, realm, null); 

}

else 

{ //Create context using remoteUser in request (pre-authenticated request)

wfCtx = wfSvcClient.getTaskQueryService().createContext(request); 

} 

initSessionAttributes(sessStore, wfCtx); 

initRequestStatus(sessStore); 

if (redirectURL != null) 

response.sendRedirect(redirectURL); 

else 

response.sendRedirect(WorklistappConstants.SERVLET_TASK_LIST); 

}

Step 3b:

After making the entry, restart the Mid-tier Instance: $ORACLE_HOME/opmn/bin/opmnctl stopall $ORACLE_HOME/opmn/bin/opmnctl startall

Now, when a user accesses the Worklist application from the mid-tier host like the one shown below, http://hostname: 7778/integration/worklistapp/TaskList, the default SSO page shows up & login as oc4jadmin (any valid OID user). It should login successfully & reach TaskList Homepage.

How to secure BPEL Admin using JAZN LDAP?

Step 1:

Create a user in OID using OIDDAS . For e.g “admin_user”.

Step 2:

Create the privilege group by name “AdminPrivGroup” in OID. Make this group available as a role in OID using OIDDAS

Step 3:

Add the user created in Step 1 to the role created in Step 2.

Step 4:

Login to the SOA Suite 10.1.3.1 Midtier & edit the following file

$ORACLE_HOME/j2ee/oc4j_soa/application-deployments/orabpel/admin/orion-web.xml

Add the following lines inside <orion-web-app>

<security-role-mapping name=" ConsolePrivGroupRole"> 

<group name=" AdminPrivGroup" /> 

</security-role-mapping>

Step 5:

Edit $ORACLE_HOME/j2ee/oc4j_soa/applications/orabpel/admin/WEB-INF/web.xml . Make the following changes, Add <auth-constraint> inside <security-constraint> as shown below

a) <security-constraint>

... 

<auth-constraint> 

<role-name> 

AdminPrivGroup

</role-name> 

</auth-constraint> 

</security-constraint>

b) Add <login-config> inside <web-app>

<login-config> 

<auth-method>

BASIC

</auth-method> 

<realm-name>

DEFAULT_REALM_NAME

</realm-name> 

</login-config>

c)Provide the <security-role> inside <web-app> as shown below

<security-role>

<description>

BPEL PM User

</description> 

<role-name> 

AdminPrivGroup

</role-name> 

</security-role>

How to secure BPEL Console using JAZN LDAP?

Step 1:

Create a user in OID using OIDDAS . For e.g “admin_user”.

Step 2:

Create the privilege group by name “ConsolePrivGroup” in OID. Make this group available as a role in OID using OIDDAS

Step 3:

Add the user created in Step 1 to the role created in Step 2.

Step 4:

Login to the SOA Suite 10.1.3.1 Midtier & edit the following file

$ORACLE_HOME/j2ee/oc4j_soa/application-deployments/orabpel/console/orionweb.xml

Add the following lines inside <orion-web-app>

<security-role-mapping name=" ConsolePrivGroupRole"> 

<group name=" ConsolePrivGroup" /> 

</security-role-mapping>

Step 5:

Edit $ORACLE_HOME/j2ee/oc4j_soa/applications/orabpel/console/WEB-INF/web.xml . Make the following changes, Add <auth-constraint> inside <security-constraint> as shown below

a) <security-constraint>

... 

<auth-constraint> 

<role-name> 

ConsolePrivGroup

</role-name> 

</auth-constraint> 

</security-constraint>

b) Add <login-config> inside <web-app>

<login-config> 

<auth-method>

BASIC

</auth-method> 

<realm-name>

DEFAULT_REALM_NAME

</realm-name> 

</login-config>

c)Provide the <security-role> inside <web-app> as shown below

<security-role>

<description>

BPEL PM User

</description> 

<role-name> 

ConsolePrivGroup

</role-name> 

</security-role>

How to invoke a BPEL Process from a Remote OC4J in SOA Suite?

Step 1:

Create a Shared Library in the Remote OC4J by name BPEL & add the following archives

$ORACLE_HOME/bpel/lib/ant_1.6.5.jar

$ORACLE_HOME/bpel/lib/bicmn.jar

$ORACLE_HOME/bpel/lib/bipres.jar

$ORACLE_HOME/bpel/lib/bpm-infra.jar

$ORACLE_HOME/bpel/lib/connector15.jar

$ORACLE_HOME/bpel/lib/orabpel.jar

$ORACLE_HOME/bpel/lib/orabpel-ant.jar

$ORACLE_HOME/bpel/lib/orabpel-common.jar

$ORACLE_HOME/bpel/lib/orabpel-exts.jar

$ORACLE_HOME/bpel/lib/orabpel-thirdparty.jar

$ORACLE_HOME/bpel/lib/oracle_http_client.jar

$ORACLE_HOME/bpel/registry/lib/builtin_serialization.jar

$ORACLE_HOME/bpel/registry/lib/core_services_client.jar

$ORACLE_HOME/bpel/registry/lib/jaxm.jar

$ORACLE_HOME/bpel/registry/lib/jaxrpc.jar

$ORACLE_HOME/bpel/registry/lib/saaj.jar

$ORACLE_HOME/bpel/registry/lib/uddiclient_api_v3.jar

$ORACLE_HOME/bpel/registry/lib/uddiclient_core.jar

$ORACLE_HOME/bpel/registry/lib/wasp.jar

$ORACLE_HOME/bpel/system/classes/

$ORACLE_HOME/bpel/system/services/config/

$ORACLE_HOME/bpel/system/services/lib/bpm-services.jar

$ORACLE_HOME/bpel/system/services/lib/fndctx.jar

$ORACLE_HOME/bpel/system/services/lib/phaos.jar

$ORACLE_HOME/bpel/system/services/lib/pushapi.jar

$ORACLE_HOME/bpel/system/services/lib/wdk.jar

$ORACLE_HOME/bpel/system/services/lib/wfapi.jar

$ORACLE_HOME/bpel/system/services/schema/

$ORACLE_HOME/integration/esb/lib/bpm-ide-common.jar

$ORACLE_HOME/integration/esb/lib/ide.jar

$ORACLE_HOME/integration/esb/lib/javatools.jar

$ORACLE_HOME/integration/esb/lib/oraesb.jar

$ORACLE_HOME/integration/esb/lib/xmleditor.jar

$ORACLE_HOME/jdk/lib/tools.jar

$ORACLE_HOME/jlib/javax-ssl-1_1.jar

$ORACLE_HOME/jlib/jewt4.jar

$ORACLE_HOME/jlib/jssl-1_1.jar

$ORACLE_HOME/jlib/ldapjclnt10.jar

$ORACLE_HOME/jlib/netcfg.jar

$ORACLE_HOME/jlib/regexp.jar

$ORACLE_HOME/jlib/share.jar

$ORACLE_HOME/jlib/uix2.jar

$ORACLE_HOME/rdbms/jlib/xdb.jar

$ORACLE_HOME/rules/lib/jr_dav.jar

$ORACLE_HOME/rules/lib/rl.jar

$ORACLE_HOME/rules/lib/rulesdk.jar

$ORACLE_HOME/rules/lib/webdavrc.jar

$ORACLE_HOME/webservices/lib/wsif.jar

See the diagram as shown below.

Step 2:

While creating a Location object while calling from JSP make sure the properties are passed with proper values. The below code snippet would be used for

Properties props = new java.util.Properties();

props.put("orabpel.platform", "ias_10g" );

props.put("java.naming.factory.initial",

"com.evermind.server.rmi.RMIInitialContextFactory" );

props.put("java.naming.provider.url",

"opmn:ormi://hostname:6004:oc4j_soa/orabpel" );

props.put("java.naming.security.principal", "oc4jadmin" );

props.put("java.naming.security.credentials", "welcome1" );

String securityCredentials = "bpel123";

String selectedDomain = "default";

Locator locator = new Locator(selectedDomain, securityCredentials, props);

Step 3:

Create the war file and deploy it in the new OC4J (OC4J_J2EE) as shown below. Provide the war file location on the disk.

Click on next. In the next screen provide the parent application as “default” and provide “Application Name” and “Context Root”.

Click next. Click on “Select Security Provider” link as shown below

Step 4:Provide Security Provider while deploying war file

In the “Security Provider” Drop down, select “Oracle Identity Management” as shown below

Press “OK” button.

Step 5: Configure Class Loading

Click on “Configure Class Loading” as shown below

As shown below, select the checkbox across “BPEL” (which has been created in Step 1) and “JSP_Runtime” and Press OK.

Now, deploy the application by pressing “Deploy” Button.

How to deploy Oracle BPEL Portlets?

This posting describes how to deploy the Oracle BPEL Portlets and configure the Oracle Application Server Portal (OracleAS Portal) to provide access to data from these portlets.

OracleAS Portal Introduction

OracleAS Portal is a component of Oracle Application Server used for the development,deployment, administration, and configuration of enterprise class portals. A portal page, can contain one or more components called portlets that can each get their content from different data sources.

Oracle Application Server Portal and BPEL Process Integration

You can configure OracleAS Portal to access the following portlets:

• Oracle BPEL Console reports portlets
  
• Oracle BPEL Worklist Application portlets
  

I. Deploy the BPEL Portlets with Oracle Enterprise Manager 10g Application Server Control Console

1) Login to the EM using ias_admin

2) Select the OC4J_SOA from the Name column of the System Components table.

3) Click the Applications tab & click Deploy EAR file

4) Enter the following details:

J2EE Application: Oracle_Home\integration\orabpel\system\services\lib\BPELPortlet.ear

Application Name:BPELPortlet

Parent Application:orabpel

5) Click Continue. The Deploy Application: URL Mapping for Web Modules window appears. Accept the default BPELPortlet for Oracle BPEL Process Manager value or enter a different name in the URL Mapping field. Click Next. The Deploy Application: User Manager window appears.

6) Select Use JAZN LDAP User Manager. The LDAP Location field displays the Oracle Internet Directory instance associated with the Oracle Application Server Infrastructure. Click Next. The Deploy Application: Review window appears.

7) Review a summary of the selections you made on previous windows:

The EAR file to deploy 

The deployment destination instance

The URL mapping for Web modules & click Deploy.

8) Messages display indicating that deployment is in progress. When complete, the following message appears:

Application "BPELPortlet" was successfully deployed.

II. Create the BPEL Provider in Oracle AS Portal

Create a new Provider by name BPEL Provider by logging in as Adminsitrator in Portal ->

Navigator -> Registered Providers.

In the connection settings, provide the deployed URL as 

http://hostname:portno/BPELPortlet/providers

Once the provider is properly configured, the BPEL portlets can be added to any portal page.

How to create a new BPEL Custom Domain in Oracle SOA Suite 10.1.3.1?

We know that Oracle BPEL PM comes with a domain “default”. The roles (which are available in OID) related to this “default” domain includes

BPMDefaultDomainAdmin

This role is to control the access to the “default” domain

BPMSystemAdmin

This role is to control the access to the entire BPEL PM including the “default” domain and all other custom domains

I.Steps to create a Custom Domain

1. Login to Oracle BPEL PM as BPEL Administrator

2. Click on BPEL Domains & click on “Create New BPEL Domain”

3. Enter the Domain Id as “custom”. Please note according to Note:406979.1 When you have domain with capital letters in the domain id then you get a file not found error when logging into BPEL console.

4. Click on Create to complete the Custom Domain Creation

II.Steps to implement for allowing access to Custom Domain (custom)

1. Create a new user using OIDDAS by the name ‘custom’

2. Create a new OID group called “BPMcustomDomainAdmin"

3. Add the above-created user to this group

4. Login to the SOA Suite mid-tier & navigate to $ORACLE_HOME/j2ee/oc4j_soa

5. Grant permissions to the role created by running the command as shown below

java -Xbootclasspath/a:../../bpel/lib/orabpel-boot.jar -jar ../home/jazn.jar -user oc4jadmin -password bpel123 -grantperm DEFAULT_REALM_NAME  -role BPMcustomDomainAdmin com.collaxa.security.DomainPermission custom all

6. Grant System Administrator privileges by running the following command

java -Xbootclasspath/a:../../bpel/lib/orabpel-boot.jar -jar ../home/jazn.jar -user oc4jadmin -password bpel123 -grantperm DEFAULT_REALM_NAME -role BPMcustomDomainAdmin com.collaxa.security.ServerPermission server all

Note:

As per Note:403225.1, the user ‘custom’ or group BPMcustomDomainAdmin, gets "all" or "nothing" privileges to the "custom" domain. In 10.1.3 it is not possible to go for finer actions like "read-only", "update-also" etc.

1. You can grant access to domains to selected user pool.

2. You can't control the access at different levels.

How to change logging levels in Oracle BPEL PM 10.1.3.1?

1. Login to the BPEL Console, e.g. http://yourHost.yourDomain:yourPort/BPELConsole

2. In the top right page of the returned page, click on the 'Manage BPEL Domain' link. - You are now on the 'Configuration' sub-tab.

3. Click on the 'Logging' sub-tab link, the third option to the right of the highlighted 'configuration'.

4. Once the desired logging level is selected, scroll down the page and click the 'Apply' button.

The changes take effect instantly and no OAS processes need to be restarted.

Location of the BPEL Process log file in SOA Suite 10.1.3.1?

The log file is present in the following location ORACLE_HOME/bpel/domains/default/logs.

How to change ORABPEL Schema Password?

Step 1: Change ORABPEL Schema Password

Execute the following steps,

$ sqlplus /nolog

SQL> CONNECT / AS SYSDBA

SQL> ALTER USER orabpel IDENTIFIED BY

E.g. ALTER USER orabpel IDENTIFIED BY welcome1

Step 2: Manually change password in Oracle Internet Directory (OID)

Login as (root) orcladmin in Oracle Directory Manager

Navigate to

OrclResourceName=ORABPEL,orclReferenceName=SERVICE_NAME,cn=IAS

Infrastructure Databases,cn=IAS,cn=Products,cn=OracleContext in the System Objects Frame. In the properties frame, input the new password across the orclpasswordattribute and click ‘Apply’.

Step 3: Change OC4J JDBC Datasources in OC4J_SOA

Login to Application Server Console as ‘oc4jadmin’ and navigate to OC4J_SOA. Click on Administration Tab
-> JDBC Resources

Click on BPELPM_CONNECTION_POOL link. In the credentials, provide this new password after clicking on ‘Use Cleartext Password’ radio button.

How to Configure SOA Suite 10.1.3.1 to use Oracle Single Sign On Server?

I. Configure 10.1.3.x Mid-tier Instance to Use Oracle Single Sign On Server

1. On the host where the Oracle Internet Directory is available set the variables, ORACLE_HOME & ORACLE_SID

2. On the Identity Management host, run the ssoreg script, using the -remote_midtier option. The file is located at ORACLE_HOME/sso/bin/ssoreg.sh

For example, on SOLARIS/UNIX:

$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path $ORACLE_HOME

-config_mod_osso TRUE

-site_name hostname.com:7778

-remote_midtier

-config_file $ORACLE_HOME/Apache/Apache/conf/osso/myosso.conf

-mod_osso_url http://hostname.com:7778

3. Running the above scripts, results in creation of an obfuscated file,myosso.conf in the following location,ORACLE_HOME/Apache/Apache/conf/osso

4. Copy the obfuscated osso configuration file to the following location 10.1.3.x middle-tier

instance ORACLE_HOME/Apache/Apache/conf/osso

NOTE: You must do a binary transfer.

5. On the middle-tier host, run the following script to complete the registration, set the PERL5LIB environment variable before running the osso1013 script as follows:

$ PERL5LIB=$ORACLE_HOME/perl/lib/5.8.3/sun4-solaristhreadmulti:$

ORACLE_HOME/perl/lib/5.8.3:$ORACLE_HOME/perl/5.8.3/lib

$ export PERL5LIB

6. Run the following script to complete the registration,

ORACLE_HOME/Apache/Apache/bin/osso1013 config_file

For example,

ORACLE_HOME/Apache/Apache/bin/osso1013 ../conf/osso/mysso.conf

7. Once the above script runs successfully, you should find an entry similar to the one shown

below in ORACLE_HOME /Apache/Apache/conf/mod_osso.conf

<IfModule mod_osso.c> 

OssoConfigFile /user1/soa/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/osso/myosso.conf

How To Reset the Domain Password of BPEL Console?

The password is stored in

ORACLE_HOME/bpel/domains/default/config/auth.properties

Rename this file, then no password is required to log into the BPEL Console. After logging into the BPEL Console, the password can then be set.

Where does BPEL process explodes itself into SOA Suite after deployment?

All the BPEL processes deployed under default domain are available at the following location

$ORACLE_HOME/bpel/domains/default/tmp

For e.g "Test Process" would available in the above mentioned folder as

.bpel_TestProcess_1.2_5a2b6f8dcfbb2ee6b830fb3a5a3b9ac1.tmp

The Human Task related information of the process is available under

$ORACLE_HOME /j2ee/oc4j_soa/applications

For e.g

If there are three human task related to the BPEL process by name Approval1, Approval2, Approval3, then there would be corresponding folder available by name

DOMAINNAME_PROCESSNAME_VERSIONNUMBER_HUMANTASKNAME

e.g

default_TestProcess_1_2_Approval1

How to configure SOA Suite 10.1.3.1.0 with 10.1.2 Oracle Internet Directory?

Task 1: Perform Preconfiguration Procedures

1. Log in to the Oracle Enterprise Manager 10g Application Server Control Console:

http://hostname:port/em

where hostname is name of the host on which Oracle BPEL Process Manager is

installed and port is the Oracle HTTP Server port.The Cluster Topology page

appears.

2. Click the OC4J instance name in the Members section.

The OC4J: oc4j_soa page appears.

3. Click the Administration tab.

4. Go to the Security section in the Task Name column.

5. Click the icon in the Go to Task column for Identity Management.

In the screen as shown above, provide the details as shown above

•   Oracle internet Directory Host
  
• 
  Oracle Internet Directory User DN
  
• 
  Password
  
• 
  Oracle Internet Directory Port (non-ssl)
  

In the third screen, check the “Checkbox” against orabpel & hw_services under the Column 

“ Use OID Security Provider” and click finish.

Task 2: Re-check the association of Oracle Internet Directory with the Oracle Application Server Instance

1. Go to the Security section.

2. Click the icon in the Go to Task column for Security Providers

3. Go to the Application Name section

4. The orabpel (for Oracle BPEL Process Manager) and hw_services (for human workflow) applications appear.

5. The Security Provider page appears.

6. Check if the Security Provider is Oracle Identity Management Security Provider for orabpel & hw_services.

Task 3: Perform Configuration Procedures

This section describes how to seed users into Oracle Internet Directory, configure the identity service, and grant privileges to BPM roles.

1) Ensure that the ORACLE_HOME, ANT_HOME environment variables are set to the

root directory of the Oracle Application Server instance being configured

2) Navigate $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml

3) Change the values as indicated in bold in jazn.xml

<jazn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn- 10_0.xsd" schema-major-version="10" schema-minor-version="0" provider="LDAP" location="ldap://host.namecom:389" default-realm="DEFAULT_REALM_NAME"

4) Restart oc4j_soa 

5) Open an operating system command prompt and go to the following directory, which includes the configuration scripts: SOA_Oracle_Home/bpel/system/services/install/ant-tasks

Open the file configure_oid.sh and comment out Line No.85 85 #export PATH=$JAVA_HOME/bin/:$ANT_HOME/bin:$PATH

5) Execute configure_oid.sh with the required parameters. Oracle recommends you use the bash shell to execute the script on Linux. For example, to run this script on Linux:

sh ./configure_oid.sh oid_admin_user oid_admin_passwd oid_nonssl_port ssl_enabled oid_realm_name seedAllUsers | seedRequiredUsers oc4j_admin_user oc4j_admin_passwd oc4j_container_name

For example: $ sh ./configure_oid.sh orcladmin welcome1 389 false DEFAULT_REALM_NAME seedAllUsers oc4jadmin welcome1 oc4j_soa

The execution of this command internally modifies the SOA_Oracle_Home/bpel/system/services/config/is_config.xml file. The file contents look as follows:

<?xml version = '1.0' encoding = 'UTF-8'?> 

<ISConfiguration xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig"> <configurations> 

<configuration realmName="us" displayName="us Realm"> 

<provider providerType="JAZN" name="OID"> 

<connection url="ldap://my.oid.com:389" binddn="cn=orcladmin" password="passwd" encrypted="false"/> 

</provider> 

</configuration> 

</configurations> 

</ISConfiguration>

The command also modifies the J2EE_Home/application-deployments/hw_services/orion-application.xml and J2EE_Home/application-deployments/orabpel/orion-application.xml

files and adds the Oracle Internet Directory details to the descriptor. where J2EE_Home is: $ORACLE_HOME/j2ee/OC4J_Instance_Name for Oracle Application Server SOA installations

Task 4: Test the Oracle Internet Directory Configuration

There are multiple ways to test the Oracle Internet Directory configuration: Go to the Oracle BPEL Worklist Application at

http://hostname:portno/integration/worklistapp/Login

And enter oc4jadmin as the user name and OC4JADMIN_PWD as the password to see if you can connect.