To start up i believe you already have OID and SOA Suite installed at your end.
YOu can follow my previous post to install OID and SOA Suite.
The version here we are working with is SOA Suite 10.1.3.1
and OID we are using that comes with Application server 10.1.2.0.2.
So once these things are ready at your end.
Go to em console
http://localhost:port/em
go to container (oc4j_soa)
Go to administration tab
Click on security and click on go to task for identity management.
IT will tell you whether OID is configured or not.Since it is not configured right now it will say OID not configured.
Click on Configure and provide the details for your OID
IN the Oracle Internet Directory Host provide your ip address
In the Oracle Internet Directory User DN provide the superuser cn=orcladmin
Provide your password and choose non-ssl port as 389 and say next
Choose orabpel and hw_services for bpel and human workflow authetication an say next
It will come up with a screen that the instance is succesfully associated with the oid.REstart the container after that.
Though it gives an option to restart from the console dont do it from console.Go to command console and restart your server
opmnctl stopall
opmnctl startall
Now again log in to em console.
Go to container->applications tab and
To configure OID go to task for Security providers
There orabpel is for bpel and hw_services is for human workflow security providers
Click the edit button for the security providers.
There click on the edit button for orabpel
Click on change security provider and select Oracle identity management security provider and say ok
Say ok
REstart the orabpel to implement the changes.
NOw do the same for hw_services also.Same steps which you have to follow for orabpel.
Now next step is to run configure_oid.bat command.
This step seed all the users in oc4j to the OID.
SO go to the following location.
SOA_HOME\bpel\system\services\install\ant-tasks
And run the configure_oid.bat command as displyed
The command is as per the following
configure_oid.bat oid_admin_user oid_admin_passwd
oid_nonssl_port ssl_enabled oid_realm_name seedAllUsers | seedRequiredUsers
oc4j_admin_user oc4j_admin_passwd oc4j_container_name
my case
oid_admin_user is orcladmin
oid_admin_passwd is welcome1
oid_nonssl_port is 389
not using ssl so ssl_enabled is set to false
oid_realm_name will be your realm name my case it is idc
i want to seed all the users so using seedAllUsers
oc4j_admin_user is oc4jadmin
oc4j_admin_passwd is welcome1
oc4j_container_name is oc4j_soa
Once you run the command check if it build completely or not.
In successful run you will now be able to see all the users in the oid.
To verify Go to
SOA_Home/j2ee/home/application-deployments/hw_services
and open the orion-application.xml
Verify that the jaas-mode attribute for the JAZN provider configuration is set to doAsPrivileged. For example:
<jazn provider="LDAP" jaas-mode="doAsPrivileged"/>
Similary check it for orabpel also in the following folder
SOA_Home/j2ee/home/application-deployments/orabpel-orion-application.xml
For workflow pages to be displayed however we need to do some more settings
Edit in file $ORACLE_HOME/bpel/system/services/config/is_config.xml.
<provider providerType="JAZN" name="OID" service="Identity">
It should automatically update the connection url,binding address and the password for the OID
Edit in file $ORACLE_HOME/bpel/system/services/config/wf_client_config.xml.
<realmMapping>{oid_realmname}</realmMapping>
provide the realm name.
also
Edit in file $ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml.
provider="LDAP" location="ldap://{oid_hostname}.{oid_domainname}:{oid_port}" default-realm="{oid_realmname}">
SAve these changes and restart your server.Now you should be able to log in to the workflow console with the users in AD.
No comments:
Post a Comment