Saturday, October 4, 2008

How to configure SOA Suite 10.1.3.1.0 with 10.1.2 Oracle Internet Directory?

Task 1: Perform Preconfiguration Procedures

1. Log in to the Oracle Enterprise Manager 10g Application Server Control Console:

http://hostname:port/em

where hostname is name of the host on which Oracle BPEL Process Manager is
installed and port is the Oracle HTTP Server port.The Cluster Topology page
appears.

2. Click the OC4J instance name in the Members section.

The OC4J: oc4j_soa page appears.

3. Click the Administration tab.
4. Go to the Security section in the Task Name column.
5. Click the icon in the Go to Task column for Identity Management.

In the screen as shown above, provide the details as shown above
  •   Oracle internet Directory Host
  •  Oracle Internet Directory User DN
  •  Password
  •  Oracle Internet Directory Port (non-ssl)
In the third screen, check the “Checkbox” against orabpel & hw_services under the Column 
 Use OID Security Provider” and click finish.
Task 2: Re-check the association of Oracle Internet Directory with the Oracle Application Server Instance
1. Go to the Security section.
2. Click the icon in the Go to Task column for Security Providers

3. Go to the Application Name section
4. The orabpel (for Oracle BPEL Process Manager) and hw_services (for human workflow) applications appear.

5. The Security Provider page appears.
6. Check if the Security Provider is Oracle Identity Management Security Provider for orabpel & hw_services.

Task 3: Perform Configuration Procedures
This section describes how to seed users into Oracle Internet Directory, configure the identity service, and grant privileges to BPM roles.

1) Ensure that the ORACLE_HOME, ANT_HOME environment variables are set to the
root directory of the Oracle Application Server instance being configured
2) Navigate $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml
3) Change the values as indicated in bold in jazn.xml

<jazn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn- 10_0.xsd" schema-major-version="10" schema-minor-version="0" provider="LDAP" location="ldap://host.namecom:389" default-realm="DEFAULT_REALM_NAME"
4) Restart oc4j_soa 
5) Open an operating system command prompt and go to the following directory, which includes the configuration scripts: SOA_Oracle_Home/bpel/system/services/install/ant-tasks

Open the file configure_oid.sh and comment out Line No.85 85 #export PATH=$JAVA_HOME/bin/:$ANT_HOME/bin:$PATH

5) Execute configure_oid.sh with the required parameters. Oracle recommends you use the bash shell to execute the script on Linux. For example, to run this script on Linux:

sh ./configure_oid.sh oid_admin_user oid_admin_passwd oid_nonssl_port ssl_enabled oid_realm_name seedAllUsers | seedRequiredUsers oc4j_admin_user oc4j_admin_passwd oc4j_container_name

For example: $ sh ./configure_oid.sh orcladmin welcome1 389 false DEFAULT_REALM_NAME seedAllUsers oc4jadmin welcome1 oc4j_soa

The execution of this command internally modifies the SOA_Oracle_Home/bpel/system/services/config/is_config.xml file. The file contents look as follows:
<?xml version = '1.0' encoding = 'UTF-8'?> 
<ISConfiguration xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig"> <configurations> 
<configuration realmName="us" displayName="us Realm"> 
<provider providerType="JAZN" name="OID"> 
<connection url="ldap://my.oid.com:389" binddn="cn=orcladmin" password="passwd" encrypted="false"/> 
</provider> 
</configuration> 
</configurations> 
</ISConfiguration>
The command also modifies the J2EE_Home/application-deployments/hw_services/orion-application.xml and J2EE_Home/application-deployments/orabpel/orion-application.xml

files and adds the Oracle Internet Directory details to the descriptor. where J2EE_Home is: $ORACLE_HOME/j2ee/OC4J_Instance_Name for Oracle Application Server SOA installations

Task 4: Test the Oracle Internet Directory Configuration
There are multiple ways to test the Oracle Internet Directory configuration: Go to the Oracle BPEL Worklist Application at
http://hostname:portno/integration/worklistapp/Login
And enter oc4jadmin as the user name and OC4JADMIN_PWD as the password to see if you can connect.
Posted by at
Labels:

2 comments:

  1. Jay HombalFebruary 2, 2009 at 6:05 AM

    Do we have execute step 3 even if you are not using OID - Say I am using OpenLDAP. I have configured everything but for running this script. Worklist login works but BPELControl login does not seem to work.

    ReplyDelete
  2. Damian AcevedoFebruary 26, 2009 at 8:58 AM

    Hi great article ,

    you said
    "For example: $ sh ./configure_oid.sh orcladmin welcome1 389 false DEFAULT_REALM_NAME seedAllUsers oc4jadmin welcome1 oc4j_soa"

    do you have any idea of how can i get the DEFAULT_REALM_NAME or its "DEFAULT_REALM_NAME" literally on the argument to configure_oid ?

    thanks for any suggestion

    ReplyDelete

Subscribe to: Post Comments (Atom)