Thursday, November 26, 2009

Configuring OID with BPEL

To start up i believe you already have OID and SOA Suite installed at your end.

YOu can follow my previous post to install OID and SOA Suite.

The version here we are working with is SOA Suite 10.1.3.1

and OID we are using that comes with Application server 10.1.2.0.2.

So once these things are ready at your end.

Go to em console
http://localhost:port/em

go to container (oc4j_soa)

Go to administration tab

Click on security and click on go to task for identity management.



IT will tell you whether OID is configured or not.Since it is not configured right now it will say OID not configured.



Click on Configure and provide the details for your OID



IN the Oracle Internet Directory Host provide your ip address

In the Oracle Internet Directory User DN provide the superuser cn=orcladmin

Provide your password and choose non-ssl port as 389 and say next



Choose orabpel and hw_services for bpel and human workflow authetication an say next




It will come up with a screen that the instance is succesfully associated with the oid.REstart the container after that.



Though it gives an option to restart from the console dont do it from console.Go to command console and restart your server

opmnctl stopall

opmnctl startall

Now again log in to em console.

Go to container->applications tab and


To configure OID go to task for Security providers

There orabpel is for bpel and hw_services is for human workflow security providers

Click the edit button for the security providers.

There click on the edit button for orabpel



Click on change security provider and select Oracle identity management security provider and say ok



Say ok



REstart the orabpel to implement the changes.

NOw do the same for hw_services also.Same steps which you have to follow for orabpel.

Now next step is to run configure_oid.bat command.

This step seed all the users in oc4j to the OID.

SO go to the following location.


SOA_HOME\bpel\system\services\install\ant-tasks

And run the configure_oid.bat command as displyed





The command is as per the following

configure_oid.bat oid_admin_user oid_admin_passwd
oid_nonssl_port ssl_enabled oid_realm_name seedAllUsers | seedRequiredUsers
oc4j_admin_user oc4j_admin_passwd oc4j_container_name

my case
oid_admin_user is orcladmin
oid_admin_passwd is welcome1
oid_nonssl_port is 389
not using ssl so ssl_enabled is set to false
oid_realm_name will be your realm name my case it is idc
i want to seed all the users so using seedAllUsers
oc4j_admin_user is oc4jadmin
oc4j_admin_passwd is welcome1
oc4j_container_name is oc4j_soa

Once you run the command check if it build completely or not.


In successful run you will now be able to see all the users in the oid.




To verify Go to

SOA_Home/j2ee/home/application-deployments/hw_services

and open the orion-application.xml



Verify that the jaas-mode attribute for the JAZN provider configuration is set to doAsPrivileged. For example:

<jazn provider="LDAP" jaas-mode="doAsPrivileged"/>

Similary check it for orabpel also in the following folder

SOA_Home/j2ee/home/application-deployments/orabpel-orion-application.xml


For workflow pages to be displayed however we need to do some more settings

Edit in file $ORACLE_HOME/bpel/system/services/config/is_config.xml.

<provider providerType="JAZN" name="OID" service="Identity">

It should automatically update the connection url,binding address and the password for the OID

Edit in file $ORACLE_HOME/bpel/system/services/config/wf_client_config.xml.

<realmMapping>{oid_realmname}</realmMapping>

provide the realm name.

also

Edit in file $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml.

provider="LDAP" location="ldap://{oid_hostname}.{oid_domainname}:{oid_port}" default-realm="{oid_realmname}">


SAve these changes and restart your server.Now you should be able to log in to the workflow console with the users in AD.

No comments: