Create your own user to log in to bpel console-OID

You can create your own user and log in to bpel console through that user.

The BPEL is configured with OID as a security provider.

We will see how to create a user from OID and assign him the roles to log in to bpel console.

Open OID manager

Click on entry management.

Navigate till user bpeladmin as shown .



Right click on the user bpeladmin and select create like and following window will come up



Now change the properties there to have your own user.

In the dintinguished name cn and sn user filed provide the user name you want to provide.As in my case i have given example as user name.





Now go to optional properties and provide the password.




You need to add one more field .SCroll up in the same page and provide the details for uid.



So now you have created the user.Now we need to assign the roles to the user to log in to the bpel console.

The user sholud have the bpelSystem admin role in order to log into the bpel console.

so to assign the user required role we will copy the user's DN name and paste it in the unique member field of the bpelsystem admin.

First we will copy the user's DN name.



Here i am taking DN of arpit user because you have to use the DN of example user only.I don't want to create a new user so to illustrate i am using my previously created user arpit.

Now go to groups and select bpelsystem Admin

and copy the dn name in the unique member field of the group




So you are done now restart the server and try to log into the bpel console using the user example.

Reverting from OID to xml based provider

To convert back to xml based provider from OID based provider.

Use the following steps

Log in to em console

http://localhost:port/em

Go to container

Select administration tab

Go to security and click on security providers

Edit the file for orabpel and hw services and change it back to file based provider.

REstart both orabpel and hw_services.

Now go to following location

SOA_home/bpel/system/services/config

Delete is_config.xml

and rename is_config.xml.BPM to is_config.xml

Again go to

SOA_HOME\j2ee\oc4j_soa\config

and remove the jazn.xml and restore it with the original jazn.xml

Restart the server and now try to log in to bpel console.

User does not have enough privileges to access the Admin Console

This is the most common error one gets after he configure his bpel/humanworkflow with OID.

The error received are

while trying to log in to bpel console

http://localhost:port/BPELConsole

“No domains accessible to the user logged in.”

and while trying to log in to bpel admin

http://localhost:port/BPELAdmin

User does not have enough privileges to access the Admin Console

There is a very simple solution to this.

The configure.bat command changes the jazn.xml file in home conatiner and not in oc4j_soa container.Our application is running on oc4j_soa container.So to overcome this problem.

Just take the backup of jazn.xml and rename the jazn.xml file in

SOA_HOME\j2ee\oc4j_soa\config to some other file name.

NOw copy and paste the jazn.xml from SOA_HOME\j2ee\home\config to SOA_HOME\j2ee\oc4j_soa\config folder and restart the server.

Thats it now you will be able to log in to bpel console and bpel admin console.


Now you can try to create your own user and assign them roles to log in to the console.

YOu can also grant permission to the user by using jazn shell.

To open up jazn shell



First navigate to $ORACLE_HOME/j2ee/home directory

set ORACLE_HOME

Start the jazn shell via the following command

java -Xbootclasspath/a:/$ORACLE_HOME/bpel/lib/orabpel-boot.jar -jar jazn.jar -shell

AbstractLoginModule username: oc4jadmin

AbstractLoginModule password: welcome1(provide your own password)

After the shell prompt has started you can now grant permissions/create users.

The following example will grant permissions to user orcladmin to the default domain in the jazn.com realm.

grantperm idc -user orcladmin com.collaxa.security.DomainPermission default all


You may get following error while creating or granting users

com.collaxa.security.DomainPermission: Permission class not found.

This is because

Changes made through jazn admin tool are reflected in file located $SOA_HOME/j2ee/home/config/system-jazn-data.xml but the application is using file located in oc4j_soa directory. Due to this JAZN tool is giving "permission class not found" error for any standard BPEL related permissions.

To overcome this issue you need to replace the

$OH/j2ee/home/config/system-jazn-data.xml with $OH/j2ee/oc4j_soa/config/system-jazn-data.xml

and $OH/j2ee/home/config/system-application.xml with $OH/j2ee/oc4j_soa/config/system-application.xml

Configuring OID with BPEL

To start up i believe you already have OID and SOA Suite installed at your end.

YOu can follow my previous post to install OID and SOA Suite.

The version here we are working with is SOA Suite 10.1.3.1

and OID we are using that comes with Application server 10.1.2.0.2.

So once these things are ready at your end.

Go to em console
http://localhost:port/em

go to container (oc4j_soa)

Go to administration tab

Click on security and click on go to task for identity management.



IT will tell you whether OID is configured or not.Since it is not configured right now it will say OID not configured.



Click on Configure and provide the details for your OID



IN the Oracle Internet Directory Host provide your ip address

In the Oracle Internet Directory User DN provide the superuser cn=orcladmin

Provide your password and choose non-ssl port as 389 and say next



Choose orabpel and hw_services for bpel and human workflow authetication an say next




It will come up with a screen that the instance is succesfully associated with the oid.REstart the container after that.



Though it gives an option to restart from the console dont do it from console.Go to command console and restart your server

opmnctl stopall

opmnctl startall

Now again log in to em console.

Go to container->applications tab and


To configure OID go to task for Security providers

There orabpel is for bpel and hw_services is for human workflow security providers

Click the edit button for the security providers.

There click on the edit button for orabpel



Click on change security provider and select Oracle identity management security provider and say ok



Say ok



REstart the orabpel to implement the changes.

NOw do the same for hw_services also.Same steps which you have to follow for orabpel.

Now next step is to run configure_oid.bat command.

This step seed all the users in oc4j to the OID.

SO go to the following location.


SOA_HOME\bpel\system\services\install\ant-tasks

And run the configure_oid.bat command as displyed





The command is as per the following

configure_oid.bat oid_admin_user oid_admin_passwd
oid_nonssl_port ssl_enabled oid_realm_name seedAllUsers | seedRequiredUsers
oc4j_admin_user oc4j_admin_passwd oc4j_container_name

my case
oid_admin_user is orcladmin
oid_admin_passwd is welcome1
oid_nonssl_port is 389
not using ssl so ssl_enabled is set to false
oid_realm_name will be your realm name my case it is idc
i want to seed all the users so using seedAllUsers
oc4j_admin_user is oc4jadmin
oc4j_admin_passwd is welcome1
oc4j_container_name is oc4j_soa

Once you run the command check if it build completely or not.


In successful run you will now be able to see all the users in the oid.




To verify Go to

SOA_Home/j2ee/home/application-deployments/hw_services

and open the orion-application.xml



Verify that the jaas-mode attribute for the JAZN provider configuration is set to doAsPrivileged. For example:

<jazn provider="LDAP" jaas-mode="doAsPrivileged"/>

Similary check it for orabpel also in the following folder

SOA_Home/j2ee/home/application-deployments/orabpel-orion-application.xml


For workflow pages to be displayed however we need to do some more settings

Edit in file $ORACLE_HOME/bpel/system/services/config/is_config.xml.

<provider providerType="JAZN" name="OID" service="Identity">

It should automatically update the connection url,binding address and the password for the OID

Edit in file $ORACLE_HOME/bpel/system/services/config/wf_client_config.xml.

<realmMapping>{oid_realmname}</realmMapping>

provide the realm name.

also

Edit in file $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml.

provider="LDAP" location="ldap://{oid_hostname}.{oid_domainname}:{oid_port}" default-realm="{oid_realmname}">


SAve these changes and restart your server.Now you should be able to log in to the workflow console with the users in AD.

No domains accessible to the user logged in-BPEL console issue

YOu have done a fresh install of SOA Suite and when trying to open the bpel console it is giving following error.


No domains accessible to the user logged in.

What does it mean.

The domains are not accessible that means the process is not able to get the data from the schemas in database.so you need to check if your database and listener is up and running or not and you need to check your data source.

Go to your em console

The container usually oc4j_soa

go to administration tab and go to task in jdbc resouces.

If issue is there in bpel console check the connection pool

BPELPM_COnnection_POOL


Then check the data sources which are associated with this connectin pool if they are all up and running.

If test does not succed.Check the user and password.

Check the URL which contains the information about the database where the port and SID mentioned in the URL are correct or not.


Correct it and test the connection again.REstart the server and you will be able to log in to the bpel console.


In the worst case your schema might have corrupted so you need to drop you shcmea and recreate it.Before dropping schema please stop the SOA suite.

Got o data base.Log in as sys as sysdba

and do

drop user orabpel cascade
drop user oraesb cascade
drop user orawsm cascade

One schema gets delete.go to SOA Suite irca.bat and run it to recreate the schemas.

Then start your SOA suite got to em console and point the connection to the new schema created.

Again restart the server and check u will be able to log in to the bpel console.

NOt able to open em console-404 Not found error

Ok you just have installed SOA Suite.Every thing went fine and now when you are trying to open the em console you are getting error

NOt able to open em console
Not Found
The requested URL /em was not found on this server.

NO need to worry

Just go to the following location in your installation
SOA_HOME\j2ee\oc4j_soa\config

you need to change two files over here

default-web-site.xml and server.xml

SCroll till bottom in server.xml you will find an entry

application name="ascontrol" path="../../home/applications/ascontrol.ear" parent="system" start="false"


YOu have to change this false to true and save the file.

Similarly open the default-web-site.xml and

check the following entry

web-app application="ascontrol" name="ascontrol" load-on-startup="false" root="/em" ohs-routing="false"

Change the false values to true and save.

ONce the changes are done .REstart the sever and try to open the console.

You will be able to open it up.

Installing OID-Oracle INternet Directory

Oracle Internet Directory is a standards-based LDAP directory which serves as the central user repository for Oracle Identity Management, simplify administration of users in the Oracle environment and provide a standards-based directory for different enterprises.

Here we will see how to install OID.

We need to download the application server version 10.1.2.0.2 which contains three disk.Unzip zip and double click on setup.exe.





Choose the name and the directory where you need to install the OID




In product selection choose the second option which install OID along with metadata repository.We have separate installation wizard for OID which will install only OID but i m not aware of it,Will update once i will get information on the same.






Choose identity management and metadatarepository as option




Confirm preinstallation requirement and select the administration priviledges




Leave the default configuration as it is



Port configuration let it be automatic




Specify the namespace in the internet directory



Provide global database name and the SID




Choose single password for all the schemas



Specify the instance name and the password for the installation




Check the summary and say install.




say next



DAtabase configuration assistant will start and will install the infra database which is by default 10.1.0.4 version.




Finally the end of installation wil the following screen will come up.





So you are now done with the installation.

Now to start OID

go to Start->Instance->Integration Management tools and click on directory integration and provisining server administration.

YOu will come up with the following screen



Browse the user and select orcladmin and say ok.





Provide the password which you have provided at the time of installation and say log in





Once you say login it will enter the OID

Installing SPec Builder

SpecBuilder is the tool of choice for managing B2B business document specifications.

Oracle provide its own spec builder for creating,transforming and converting the documents.

These screenshots will help you with the installation of spec builder.

Download the software and click on setup.exe

You will come up with the following screen.



Once you have selected the document type you want to install it will start installing each component idividually.

For each document












Similarly the installation will complete for all the other documents type>once the installation of all the individual component will took place it will come up with the following screen.



Subsequent screen will come up like





Provide your name and company details.



Provide the installation directory




Choose complete installation.

















Once the installation is complete.The next requirement is to provide the registeration key and validate the gui.



You need to install patch 5550097 to overcome the registration issue.
Doc id 796158.1 also discuss about the same.