BPEL with OID a SSO

Hello, i'm desperatly trying to integrate BPEL human service with SSO.
I want to use but wfCtx is null
wfCtx = wfSvcClient.getTaskQueryService().createContext(request);
Instead this way works but I want SSO
wfCtx = wfSvcClient.getTaskQueryService().authenticate("bpeloid1", "bpeloid1", "localdomain", null);
Could anyone help me by providing a working config for these files (or any other required) ?
$ORACLE_HOME/bpel/system/services/config/is_config.xml
$ORACLE_HOME/bpel/system/services/config/wf_client_config.xml
$ORACLE_HOME/j2ee/oc4j_soa/config/jazn.xml
$ORACLE_HOME/j2ee/oc4j_soa/application-deployments/hw_services/orion-application.xml
$ORACLE_HOME/j2ee/oc4j_soa/application-deployments/orabpel/orion-application.xml
Regards

I have the same Problem. Please Help me.
Thanks

Similar Messages

Configuring BPEL with OID

I'm trying to configure the BPEL PM with OID-LDAP. Whenever I run the configure_oid.sh script, there are a few errors being returned.
Has anyone had problems with this script? There was already a BPEL PM 10.1.2.0.2 configured with this infrastructure and this may be the cause of the problem.
[oracle@myserver ant-tasks]$ ant -f oid-config.xml -Doid.admin.user=orcladmin -Doid.admin.pwd=xxxxx -Doid.nonssl.port=389 -Dssl.enabled=true -Doid.realm=testrealm -Doid.seed=seedRequiredUsers -Doc4j.admin.user=oc4jadmin -Doc4j.admin.pwd=xxxxx -Doc4j.container=oc4j_soa
Buildfile: oid-config.xml
config-oid:
[echo] Configuring OID...
[java] Install Configuration
[java] Install Type: ConfigureOID
[java] Oracle Home: /oracle/soa10g
[java] JDK Home: /oracle/soa10g/jdk
[java] Proxy Required: false
[java] Database Vendor: oracle
[java] OID Host: ${oid.host}
[java] OID Port: 389
[java] OID Realm: testrealm
[java] OID Seed: seedRequiredUsers
[java] Admin User: orcladmin
[java] ***************************************************************
[java] Trying to obtain OID specific details from configuration files.
[java] Warning: You would encounter problems if you have not associated you r instance with an OID.
[java] ***************************************************************
[java] OID Host is: myserver.mydom.com
[java] OID Port is: 636
[java] Seeding users/roles in OID realm : testrealm...
[java] Buildfile: bpminstall.xml
[java] seed-oid:
[java] init:
[java] seed-oid:
[java] Seeding system users/roles into OID ...
[java] Migration of LDIF data failed. Not all the entries are successfully migrated
[java] Demo users/roles will not be seeded into OID ...
[java] BUILD SUCCESSFUL
[java] Total time: 2 seconds
[java] Exit: 0
[java] Configuring BPEL identity service configuration file ...
[java] Adding jaas-mode attribute to hw_services orion-application.xml
[java] Adding jaas-mode attribute to orabpel orion-application.xml
bpel-grant-privileges:
[echo] Granting Server privileges to BPMSystemAdmin role...
[echo] Granting Domain privileges to BPMDefaultDomainAdmin role...
all:
BUILD SUCCESSFUL
Total time: 10 seconds

Looks like you have the same problem I had. I needed to remove any users/groups/roles created by running the script the first time.
My problem was slightly different, I had a issue with multiple realms, which required changing the user search base and group search base in OID.
Once I resolved that removed the users/groups/roles that were created everything worked fine.

Problem integrating BPEL with OID

Hey,
We are setting BPEL up to work with collabsuite mid-tier. When applying the configuration steps in the ContentServices_CustomWorkflows.html provided in the devkit we run into the following problem:
Change to perform:
Create the Service-to-Service (S2S) Application Entity for BPEL, as follows:
Set the CLASSPATH variable:
CLASSPATH=$ORACLE_HOME/integration/orabpel/system/services/config:
$ORACLE_HOME/integration/orabpel/system/services/lib/bpm-services.jar:
$ORACLE_HOME/integration/orabpel/lib/orabpel.jar:$ORACLE_HOME/jlib/repository.jar:
$ORACLE_HOME/jlib/ldap.jar:$ORACLE_HOME/jlib/ldapjclnt10.jar:
$ORACLE_HOME/integration/orabpel/lib/bpm-infra.jar:
$ORACLE_HOME/integration/orabpel/lib/orabpel-common.jar:$CLASSPATH
Run the following command to create an application entity in Oracle Internet Directory:
ORACLE_HOME/jdk/bin/java oracle.tip.pc.services.identity.oid.OIDApplicationEntry AppEntity AppSubentity
Results in the following error trying to run the command:
Exception in thread "main" java.lang.NoClassDefFoundError: oracle.tip.pc.services.identity.oid.OIDApplicationEntry
at gnu.gcj.runtime.FirstThread.run() (/usr/lib/libgcj.so.5.0.0)
at JvThreadRun(java.lang.Thread) (/usr/lib/libgcj.so.5.0.0)
at JvRunMain(java.lang.Class, byte const, int, byte const, boolean) (/usr/lib/libgcj.so.5.0.0)
at __gcj_personality_v0 (/home/oracle/product/J2EE_101200/jdk/bin/java.version=1.4.2)
at __libc_start_main (/lib/tls/libc-2.3.4.so)
at JvRegisterClasses (/home/oracle/product/J2EE_101200/jdk/bin/java.version=1.4.2)
Anybody any ideas on how to solve the problem?
Kind regards and thanks in advance,
Kristof

The file WFLDAPB.pls should be used to recreate the package body for WF_LDAP (this file is in the wf/sql directory).

Setup BPEL Process Manager with OID

I followed all the instructions provided by the Content Services Custom BPEL workflow to setup BPEL with OID but I have The error "Identity Service cannot find user" while log in to http://fr101sv0226.corp.tpnet.intra:9700/integration/worklistapp/Login
I have configured :
1)
[oracle@fr101sv0226 orabpel]$ more ./system/services/config/is_config.xml
<BPMIdentityServiceConfig xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
<provider providerType="JAZN" name="oid">
<connection url="ldap://fr101sv0226.corp.tpnet.intra:389" binddn="cn=orcladmin" password="CLxKPM04EzA=" encrypted="true">
<pool initsize="2" maxsize="25" prefsize="10" timeout="300000"/>
</connection>
</provider>
</BPMIdentityServiceConfig>
2)[oracle@fr101sv0226 orabpel]$ more ./system/appserver/oc4j/j2ee/home/config/jazn.xml
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">
<jazn provider="LDAP" location="ldap://fr101sv0226.corp.tpnet.intra:389">
<property name="ldap.cache.session.enable" value="false"/>
<property name="ldap.cache.realm.enable" value="false"/>
<property name="ldap.user" value="cn=orcladmin"/>
<property name="ldap.password" value="{903}q/BL01wZ0UsS9H+PIN25ih4tlPcSWaLm"/>
<property name="ldap.cache.policy.enable" value="false"/>
</jazn>
(password value was "!password"
3)oracle@fr101sv0226 orabpel]$ more ./system/appserver/oc4j/j2ee/home/application-deployments/hw_services/orion-application.xml
<?xml version="1.0"?>
<!DOCTYPE orion-application PUBLIC "-//ORACLE//DTD OC4J Application runtime 9.04//EN" "http://xmlns.oracle.com/ias/dtds/orion-application
-9_04.dtd">
<orion-application deployment-version="10.1.2.0.0" default-data-source="jdbc/OracleDS" treat-zero-as-null="true">
<ejb-module remote="false" path="hw_services.war" />
<web-module id="testconnection" path="testconnection.war" />
<web-module id="deploy" path="deploy.war" />
<web-module id="worklistxpress" path="worklistxpress.war" />
<web-module id="hw_services" path="hw_services.war" />
<persistence path="persistence" />
<principals path="principals.xml" />

<jazn provider="LDAP" location="ldap://fr101sv0226.corp.tpnet.intra:389" >
<property name="ldap.cache.session.enable" value="false" />
<property name="ldap.cache.realm.enable" value="false" />
<property name="ldap.user" value="cn=orcladmin" />
<property name="ldap.password" value="!sv0226" />
<property name="ldap.cache.policy.enable" value="false" />
</jazn>
(the password has not beend encrypted for this file???)
Please Help....
Thanks
JO

Hi JO,
Can you confirm the following:
That the 10.1.2.0.0 Application Server instance to which you installed BPEL was configured with the same Oracle Internet Directory that is used by Content Services (you would have had an option during AS install to specify OID integration - aka Identity Management access).
Note - that the OID Server must also be running on both SSL and non SSL Ports.
The bpel integration documentation has been revised since the 10.1.1 release.
As per the OC4J J2EE Security Guide, one should not need to specify full OID jazn provider information should the IAS instance be associated with Identity Management.
Thus, you should now be able to set the following revised values in the various configuration files:
$ORACLE_HOME/j2ee/OC4J_BPEL/config/jazn.xml
<jazn provider="LDAP" />
$ORACLE_HOME/integration/orabpel/system/appserver/oc4j/j2ee/home/config/jazn.xml
<jazn provider="LDAP" />
Also, the orion-application.xml file should not need to be changed at all, as it should inherit the jazn information from the containers default JAZN configuration specified in $ORACLE_HOME/j2ee/OC4J_BPEL/config/jazn.xml
To summarize:
1) $ORACLE_HOME/j2ee/OC4J_BPEL/application/deployments/hw_services/orion-application.xml should not need to be modified.
2) $ORACLE_HOME/j2ee/OC4J_BPEL/config/jazn.xml and $ORACLE_HOME/integration/orabpel/system/appserver/oc4j/j2ee/home/config/jazn.xml should contain a jazn entry <jazn provider=LDAP/>
The steps for configuring Identity Service Provider (is_config.xml) are correct. However it should not noted that due to limitations with BPELs OIDIdentityService and OIDProvider classes, there is no way of setting up ssl connectivity in is_config.xml this however has no effect on the workflows.
thanks,
Matt

Oracle Forms 11g SSO with OID and IAM

What versions of OID and Access Manager are required to get an Oracle Forms and Reports 11.1.1.2 application
on Weblogic 10.3.2 configured for Oracle SSO using OID authentication?
We want the OID to store and authenticate Users for username and password logins to the database, then
ultimately by user Certificate authentication in OID. I have OID 11.1.1.2 installed and SSO enabled for Forms
in Enterprise Manager.
Is Access Manager required for Forms SSO with OID authentication to work or just to allow user interaction
for registration and Password reset?
Things mention OAM 10.4.3 and others talk about IAM 11g for Forms 11.1.1.2 SSO to work with OID.
We did this back in Oracle Forms and OID 10g with JSP and LDAP to setup users but I understand 11g is
different and IAM can help or is required for this type of SSO to work.
Any help?
Edited by: Kirch on Apr 30, 2013 7:39 AM

Hi,
According to Oracle's certification matrix found at http://www.oracle.com/technetwork/middleware/downloads/fmw-11gr1certmatrix.xls, Oracle Forms 11.1.1.2 is not supported to use any Oracle Access Manager (OAM) version. OAM is a component of IAM. It is only supported with Oracle SSO 10.1.4.x. The best solution would be to upgrade the Forms and Reports environment to either 11gR2 (11.1.2.1) or to the latest 11gR1 patchset 11.1.1.7. Both versions are compatible with OAM 11.1.1.7.0 and OID 11.1.1.7.0 where only Forms 11gR2 (11.1.2.1) is compatible with OAM 11.1.2.0 and OID 11.1.1.7.0. That would be the best solution as we have ran into configuration problems in the past with using Oracle SSO 10.1.4.x.
Since OID 11.1.1.2.0 is already installed, you should be able to patch it up to 11.1.1.7.0.
For user authentication in OID, it is required to have OAM or Oracle SSO as both products use WebGate or mod_osso agents for authentication and authorization. For purposes of allowing end users to register accounts and password reset, you will either need to also install another IAM component called Oracle Identity Manager (OIM) or create a customized SSO login page that can be coded to perform these actions. I believe there are some examples available on the Internet.
Thanks,
Scott
http://pitss.com/us

How to Proceed oracle database 10.2.0.4 with OID 10.1.4.0.1

Hi,
We have Oracle Metadata Repository version 10.2.0.4 and our Oracle Identity Management version is 10.1.4.0.1
While installing/configuring OID 10.1.4.0.1 we are getting the below error.
"You must have an OID schema version 10.1.4.0.1 to 10.1.4.9.9.Please select another Metadata Repository or upgrade the OID schema in this Metadata Repository to a compatable version."
Is it possible to have oracle database 10.2.0.4 with OID 10.1.4.0.1?
How to proceed further?

Hi.
We have installed Metadata Repository on the Existing database using RepCA
During installation of Oracle Identity Management we are getting the below error
"You must have an OID schema version 10.1.4.0.1 to 10.1.4.9.9.Please select another Metadata Repository or upgrade the OID schema in this Metadata Repository to a compatable version."
Here there are some of the details from metadata repository database
SQL> select * from INTERNET_APPSERVER_REGISTRY.components;
PRODUCT COMPONENT_NAME COMPONENT_VERSION
Metadata Repository Container mrc 9.0.4.0.0
SQL> select comp_id,version,status from app_registry;
COMP_ID VERSION STATUS
SYNDICATION 10.1.2.0.2 VALID
PORTAL 10.1.2.0.2 VALID
SSO 10.1.2.0.2 VALID
WORKFLOW 10.1.2.0.2 VALID
B2B 10.1.2.0.2 VALID
BAM 10.1.2.0.2 VALID
MRC 10.1.2.0.2 VALID
OCA 10.1.2.0.2 VALID
OID 10.1.2.0.2 VALID
DCM 10.1.2.0.2 VALID
DISCOVERER 10.1.2.0.2 VALID
COMP_ID VERSION STATUS
WCS 10.1.2.0.2 VALID
UDDI 10.1.2.0.2 VALID
WIRELESS 10.1.2.0.2 VALID
14 rows selected.
From the above query we see that OID version is 10.1.2.0.2 and we have to upgrade the OID schema version to 10.1.4.0.1.
Can you tell us how to upgrade the OID schema version and with proper document to follow?
Kindly update for any output from my side
Thanks

Install Forms and Report 11g, Weblogic, OID and SSO ?

Hello,
I want to migrate our system from Forms and Reports 6i to 11g with weblogic server 10.3.3 and I have two questions:
1st: If we considered to obtain a system consists of (Weblogic 11g + Forms and Reports 11g + OID + SSO + Weblogic Portal + BI Publisher)
What is the steps and the sequence of products installation and configuration, and what is the required versions of each one ?
2nd: Can I abandon OID and SSO, is there a substitute ?
If so, what's the steps and the sequence of products installation and configuration ?
Thank you very much

>
You use the Oracle WebLogic Server installer to install Oracle WebLogic Server and to create a Middleware home (which is required before you can install Oracle Forms and Reports).
For Oracle Forms and Reports 11g Release 2 (11.1.2), download Oracle WebLogic Server 11g (10.3.5) from OTN or Oracle Software Delivery Cloud.
Be sure to select the proper Oracle WebLogic Server installer for your platform.
>
weblogic you can download from http://www.oracle.com/technetwork/middleware/ias/downloads/wls-main-097127.html

Worklist application not able to authnticate with OID

Hi,
I have configured my BPEL PM (Out side Mid-Tier) with OID by configuring is_config.xml file. But the Worklist is not logging into. I made modification in jazn.xml by adding OID entry and also modified the orion-application.xml of that working application to pointing to OID. Still not able to login.
Any clue?
Thanks in Adv
Venkata

hi
It seems to work now. I can't quite figure out what I did differently this time as I just changed the "comment" signs ..
but here's the files I changed ..
[ORACLE_HOME]\j2ee\OC4J_BPEL\config\jazn.xml
<?xml version = '1.0' encoding = 'UTF-8' standalone = 'yes'?>
<!DOCTYPE jazn PUBLIC "JAZN Config" "http://xmlns.oracle.com/ias/dtds/jazn-9_04.dtd">

<jazn provider="LDAP" location="ldap://[HOST]:8285" default-realm="local">
<property name="ldap.user" value="cn=orcladmin"/>
<property name="ldap.password" value="!welcome1"/>
</jazn>
[ORACLE_HOME]/quioto1/sw/as/1012/as/j2ee/OC4J_BPEL/application-deployments/hw_services/orion-application.xml
<?xml version="1.0"?>
<!DOCTYPE orion-application PUBLIC "-//ORACLE//DTD OC4J Application runtime 9.04//EN" "http://xmlns.oracle.com/ias/dtds/orion-application-9_04.dtd">
<orion-application deployment-version="10.1.2.0.0" default-data-source="jdbc/OracleDS" treat-zero-as-null="true">
     <ejb-module remote="false" path="hw_services.war" />
     <web-module id="testconnection" path="testconnection.war" />
     <web-module id="deploy" path="deploy.war" />
     <web-module id="worklistxpress" path="worklistxpress.war" />
     <web-module id="hw_services" path="hw_services.war" />
     <persistence path="persistence" />
     <principals path="principals.xml" />

     <jazn provider="LDAP" location="ldap://[HOST]:8285" default-realm="local" />
     <log>
          <file path="application.log" />
     </log>
     <namespace-access>
          <read-access>
               <namespace-resource root="">
                    <security-role-mapping name="<jndi-user-role>">
                         <group name="administrators" />
                    </security-role-mapping>
               </namespace-resource>
          </read-access>
          <write-access>
               <namespace-resource root="">
                    <security-role-mapping name="<jndi-user-role>">
                         <group name="administrators" />
                    </security-role-mapping>
               </namespace-resource>
          </write-access>
     </namespace-access>
</orion-application>
[ORACLE_HOME]/quioto1/sw/as/1012/as/j2ee/OC4J_BPEL/config/application.xml
<?xml version = '1.0' standalone = 'yes'?>
<!DOCTYPE orion-application PUBLIC "-//Evermind//DTD J2EE Application runtime 1.2//EN" "http://xmlns.oracle.com/ias/dtds/orion-application-9_04.dtd">

<orion-application autocreate-tables="true" default-data-source="jdbc/OracleDS">
<web-module id="defaultWebApp" path="../../home/default-web-app"/>
<web-module id="dms" path="../../home/applications/dms.war"/>
<commit-coordinator>
<commit-class class="com.evermind.server.OracleTwoPhaseCommitDriver"/>
<property name="datasource" value="jdbc/OracleDS"/>

</commit-coordinator>
<persistence path="../persistence"/>

<library path="../applib"/>
<library path="../../../BC4J/lib"/>

<library path="/quioto1/sw/as/1012/as\integration\orabpel\system\services\lib\oraclepki.jar"/>
<library path="/quioto1/sw/as/1012/as\integration\orabpel\system\services\lib\phaos.jar"/>
<library path="../../../jlib/ojmisc.jar"/>
<library path="../../../ord/jlib/ordim.jar"/>
<library path="../../../ord/jlib/ordhttp.jar"/>
<library path="../../../jlib/jdev-cm.jar"/>
<library path="../../../lib/dsv2.jar"/>
<library path="../../../lib/xsu12.jar"/>

<library path="../../../j2ee/home/jsp/lib/taglib"/>
<library path="../../../uix/taglib"/>
<library path="../../../lib/oraclexsql.jar"/>
<library path="../../../lib/xsqlserializers.jar"/>

<library path="/quioto1/sw/as/1012/as/integration/orabpel/system/classes"/><library path="/quioto1/sw/as/1012/as/jdk/lib/tools.jar"/><library path="/quioto1/sw/as/1012/as/adapters/lib/orabpel-adapters.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orabpel-common.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orabpel-thirdparty.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orabpel.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orabpel-ant.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/ant-launcher_1.6.2.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/ant_1.6.2.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/oracle_http_client.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/commons-fileupload-1.0.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/bpm-infra.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/olite40.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/orawsdl.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/config"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/bpm-services.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/wdk.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/pushapi.jar"/><library path="/quioto1/sw/as/1012/as/jlib/ldap.jar"/><library path="/quioto1/sw/as/1012/as/jlib/ldapjclnt10.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/soap.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/fndctx.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/wfapi.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/system/services/lib/wfjava.jar"/><library path="/quioto1/sw/as/1012/as/integration/orabpel/lib/b2b.jar"/><principals path="./principals.xml"/>
<log>
<file path="../log/global-application.log"/>

</log>
<jazn provider="XML" location="./jazn-data.xml"/>
<data-sources path="data-sources.xml"/>
<connectors path="./oc4j-connectors.xml"/>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping>
<group name="administrators"/>
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping>
<group name="administrators"/>
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
<password-manager>
          <jazn provider="XML" location="./jazn-data.xml"/>
</password-manager>
</orion-application>
[ORACLE_HOME]/quioto1/sw/as/1012/as/integration/orabpel/system/services/config/is_config.xml
<BPMIdentityServiceConfig xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
<provider providerType="JAZN" name="oid">
<connection url="ldap://[HOST]:8285" binddn="cn=orcladmin" password="welcome1" encrypted="false"/>
</provider>
</BPMIdentityServiceConfig>
Then I restarted the OC4J_BPEL container.
I tried the following URL:
http://[HOST]:8220/integration/services/IdentityService?operation=lookupUser
and could find all my users.
I then tried logging in from the Worklist Application and that also worked ..
So good luck
Jan Willem

OAM with OID Architecture

Hi All,
Can anybody help me with the deployment architecture for OAM along with OID for an SSO solution. I could not find such a asset in any of the datasheets/documentation od Oracle (typical deployments).

I can understand the confusion. It's a complex product with a lot of documentation. And it has undergone several name changes in its history. In reality, it's two products in one:
OAM - Access - This is the security half of the product that performs authentication and authorization, controls access to web applications, and provides web sso. It consists of an Access Server, Policy Manager, and security agents called webgates or access gates. Webgates are pre-built security agents that Oracle ships with the product. They provide webgates for many lead web and application servers. Access gates are basically custom webgates, built and deployed using the Access SDK.
See details here:
http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12494/access.htm#BEIEJFFJ
OAM - Identity - Identity system is the user mgmt half of the product, providing features like self-registration, user self-services, delegated administration, and approval workflow. It consists of an Identity server and a webpass, which is the presentation layer to get into the Identity server. You install a webpass on a web server so users and administrators can access the Identity system.
See details here:
http://download.oracle.com/docs/cd/E15217_01/doc.1014/e12494/identity.htm#CHDCCEDA
OAM does not require a Java application server to operate because it is not a Java application. What it does require is a web server and an LDAP directory server. The LDAP directory stores all your user data as well all the security policies, configurations, and workflows.
Take a look at the Oracle-By-Example training series for OVD and OAM:
http://www.oracle.com/technology/obe/fusion_middleware/im1014/ovd-oam/index.html
It can help you get started with how to install the products. Note that OVD (Oracle's virtual LDAP directory) is not required for OAM, but is used in this example. You need a physical LDAP repository like OID, Sun, OpenLDAP, Novell eDirectory, or Microsoft AD.

Integrating Oracle Applications with Siteminder for SSO.

We currently have a Oracle Apps implementations with Oracle 9iAS as Application server. We are planning to integrate it in SSO using Netegrity Siteminder.
Please let me know your thoughts on the following
1) Additional softwares or patches needed to be applied at Oracle Application Server level before integrating with Siteminder. Do we need to install Oracle SSO seprately or does it come as part of Oracle 9iAS.
2) Also how will we implement SSO using siteminder without OID.
Any documents on it will help.

The Netegrity Siteminder Webagent will authenticate to some third party, probably the corporate LDAP. Using Oracle SSO (OSSO) is required and a java plugin needs to be customized. See:
Oracle® Application Server Single Sign-On Administrator's Guide
10g Release 2 (10.1.2) < I know different version but doesn't matter
B14078-02
Specifically Chapter - 13 Integrating with Third-Party Access Management Systems. That is a minor task.
Loading OID is a prerequisite and needs to contain the users that will need access to the protected resources in the environment. If it's a small amount of users, manually maintaining OID may not be a big deal utilizing OIDDAS but if it is a large amount, then this effort is a big deal. Big deal meaning a load utilizing the bulkload utility and a custom job that syncronizes the "Corporate LDAP" with OID. Mapping is important. External dependancy with the "Corporate LDAP" folks.
Another couple of important things to consider:
1. The seeded users in OID, such as orcladmin will most likely not be in the "Corporate LDAP" so once Netegrity Simplified Sign On (SSO) comes into play, those users are locked out. Orcladmin is a superuser in OIDDAS. For that reason, server administrators or DBA's that are in OID need to be granted OIDDAS privileges prior to enabling the Netegrity agent to prevent being locked out of that important but sensative tool. Disabling and re-enabling SSO is as simple as editing 2 config files and bouncing a few things though.
2. The OIDDAS Password lockout policy will start locking users after 60 days with no warning unless changed. If oidadmin gets locked, the fix is Note:251354.1. Very important to change the policy since it will be handled by the "Corporate LDAP". Note:251354.1 covers this. Basically using the oidadmin utility, change the "Password Expiry Time" from the default 5184000 to zero "0" which turn off the policy.
The realms that should be protected on the Netegrity policy server are both infrastructure. 7777/oiddas and 7777/sso need to be protected realms on the policy server. If you have a protected application going to mid-tier applications like 7778/discoverer/viewer, they get redirected to the infrastructure 7777/sso because if the directive in mod_osso.conf. Forms will be protected by the 7777/sso realm as well. On the Netegrity Policy Server, unprotected sub-realms can be created under protected realms.
The custom java plugin tells Oracle to trust the "Corporate LDAP" for authentication but authorization can still be performed within OID.
This all sounds difficult but it is really simple. The only part than can get difficult and time consuming is the OID load. Hopefully you get Siteminder DAS access to administer your realms on the Policy server.
Hope this helps! - Ron

Integrating EBS12 with OID and Oracle Single Sign-On

Hi All,
I recently installed EBS12 and followed all the instructions on metalink note 376811.1 to integrate it with OID and OSSO server.
At the end of integration to verify SSO integration with EBS12, when I access EBS login page via http://[host]:[port]/OA_HTML/AppsLogin, the following error message is displayed:
<< Start of Error Message>>
500 Internal Server Error
java.lang.NoClassDefFoundError
at oracle.apps.fnd.sso.AppsLoginRedirect.AppsSetting(AppsLoginRedirect.java:120)
at oracle.apps.fnd.sso.AppsLoginRedirect.init(AppsLoginRedirect.java:161)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.loadServlet(HttpApplication.java:2231)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.findServlet(HttpApplication.java:4617)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.findServlet(HttpApplication.java:4541)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:2821)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:740)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:451)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:299)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.AJPRequestHandler.run(AJPRequestHandler.java:187)
at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
at java.lang.Thread.run(Thread.java:595)
<< End of Error Message>>
Please let me know what can be the cause of this error?
Thanks,
Shyam

PLease use NOTE.249669.1 How To Collect Apache and Jserv Debugging Details
You will collect more informations.

Oracle9iAS R2 - Virtual Hosts with Portal and SSO with OIDDAS application

Hi!
I have installed a the machine with name minsk.discover.local. The machine have installed Infrastructure and Portal. The instalation is sucessfull and i work fine. But i have publish Portal to WEB with name intranet.discover.com.br. The Oracle describe:
1 - Create the virtual hosts in SSO and PORTAL - OK
2 - run ptlasst to create SSO Partners Applications - OK
After this steps iwork fine with Portal and SSO, but when i click in portlet to create user to access the application OIDDAS, the Portal redirect to login page of SSO in address mct.com.br, the internal name, when then name not responde in the internet.
I need a help!!!!
Marcio Mesti

I just spoke to the Oracle App server admins, the two servers in question are clustered.
So my question changes slightly to:
What is the best way to install and configure a webgate for clustered Oracle App servers with mulitple virtual hosts, that are residing behind a load balancer (Traffic Manager)?
Thanks,
Andy

OIM 11g R1 LDAP Synch with OID.

Hi,
We are doing an LDAP Synch with OID directly. The users from various organisations in OIM needs to be synched to different OU's in OID, instead of a single container. How do we acheive this? would it be easy if we involve OVD also?

Here is some sample code configuration which may give you a start - hope it helps.
Sample code that can be called in a pre-process event handler to copy the users organinisation to the LDAP Organization Unit
HashMap<String, Serializable> parameters = orchestration.getParameters();
Serializable param = parameters.get("act_key");
String act_key = null;
if (param instanceof ContextAware) {
act_key = ((ContextAware) param).getObjectValue().toString();
} else {
act_key = param.toString();
if (act_key != null) {
OrganizationManager orgMgr = Platform.getService(OrganizationManager.class);
Set<String> retAttrs = new HashSet<String>();
retAttrs.add("Organization Name");
Organization org = null;
try {
org = orgMgr.getDetails(act_key, retAttrs, false);
} catch (OrganizationManagerException e) {
} catch (AccessDeniedException e) {
String orgName = (String) org.getAttribute("Organization Name");
orchestration.addParameter("LDAP Organization Unit", orgName);
Sample container mapping rule
<rule>
<expression>LDAP Organization Unit=Test Organization</expression>
<container>ou=Test Organization,ou=users,o=org</container>
<description>Add user to the Test Organization OU in LDAP if their OU is set to Test Organization</description>
</rule>
Sample change in /db/LDAPUser



<reconAttr>
<oimFormDescriptiveName>act_key</oimFormDescriptiveName>
<reconFieldName xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">Organization Name</reconFieldName>
<reconColName>RECON_ACT_KEY</reconColName>
<emDataType>number</emDataType>
<formFieldType/>
<targetattr keyfield="false" encrypted="false" required="false" type="String" name="act_key"/>
</reconAttr>
<reconAttr>
<oimFormDescriptiveName>act_key</oimFormDescriptiveName>
<reconFieldName xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xsi:type="xs:string">ou</reconFieldName>
<reconColName>RECON_ACT_KEY</reconColName>
<emDataType>number</emDataType>
<formFieldType/>
<targetattr keyfield="false" encrypted="false" required="false" type="String" name="act_key"/>
</reconAttr>

BPEL with Reliable Processing

Hi,
I read and work on the "BPEL with Reliable Processing" cookbook.
http://www.oracle.com/technology/pub/articles/bpel_cookbook/qualcomm-bpel.html
It's great!
I try to enhance the process by adding notion of priority between different records.
A priority-based process will favour those processes with high priority values.
To achieve that, I made the following modifications:
1) Add the "PRIORITY" column into the "DB_POLL_SOURCE" table.
CREATE TABLE "DB_POLL_SOURCE"
"ID" NUMBER (17,0) NOT NULL,
"VALUE1" VARCHAR2 (32),
"VALUE2" VARCHAR2 (32),
"VALUE3" VARCHAR2 (32),
"PROCESS_NOT_BEFORE" DATE,
"RETRY_COUNT" NUMBER (7,0) DEFAULT 0 NOT NULL,
"BPEL_STATE" VARCHAR2 (16) DEFAULT 'P_NEW',
"CREATED_DTS" DATE DEFAULT SYSDATE,
"MODIFIED_DTS" DATE DEFAULT SYSDATE,
"PRIORITY" NUMBER (7,0) DEFAULT 5 NOT NULL
2) Add an order by clause to sort the "PRIORITY" column in descending order.
3) Add the where clause (rownum<N) for getting the first N records from the query record set.
CREATE OR REPLACE VIEW DB_POLL_SOURCE_VW
(ID, BPEL_STATE)
AS
select *
from (
select
dbps.ID,
dbps.BPEL_STATE
from
DB_POLL_SOURCE dbps
where
(dbps.PROCESS_NOT_BEFORE is NULL or dbps.PROCESS_NOT_BEFORE < SYSDATE)
and dbps.BPEL_STATE like 'P_%'
order by dbps.PRIORITY desc
where rownum < 5
The problem is that the view must be updatable and ROWNUM cannot be used inside an updatable view.
The message error I got is the following:
ORA-01732: data manipulation operation not legal on this view.
So my question is:
How can I define an updatable view to sort the "PRIORITY" column and then limit the number of rows returned?
Thanks a lot
Olivier

If you want to update a view, you must use database triggers to perform this. You can user the statement:
CREATE OR REPLACE TRIGGER <triggername>
INSTEAD OF INSERT (or other UPDATE/DELETE or both)
ON <view>
FOR EACH ROW
BEGIN
.. PLSQL code here ..
END <triggername>;
/

Calling ora:processXQuery from bpel with parameters

I am trying to call ora:processXQuery from bpel with parameters. I am using SOA Suite 11.1.1.7
ora:processXQuery('selectVersionNumber.xq',bpws:getVariableData('XML_FILE_VAR','/ns4:InputParameters'),"OBJ_ID_VAR","OBJ_ID_INNER_VAR", bpws:getVariableData('OBJ_ID_VAR'),bpws:getVariableData('OBJ_ID_INNER_VAR'))
selectVersionNumber.xq :
xquery version "1.0";
declare namespace ns4="http://www.example.org";
let $item := //ns4:P_RELATIONSHIP_TBL
for $x in $item/P_RELATIONSHIP_TBL_ITEM
    for $y in $x/ns4:P_RELATIONSHIP_TBL_INNER/ns4:P_RELATIONSHIP_TBL_ITEM_INNER
    where $x/ns4:OBJECT_ID = $OBJ_ID_VAR and $y/ns4:OBJECT_ID=$OBJ_ID_INNER_VAR
        return <objectVersion>{ $y/ns4:OBJECT_VERSION_NUMBER }</objectVersion>
but ora:processXQuery dosen't accept more than two arguments. Is there any work around?

Create a specific xml schema for your xquery as a input and pass that. Extract the required values from xml in your xquery.

BPEL with OID a SSO

Similar Messages

Maybe you are looking for