BPM:SSO consideration

Hi,
We are implementing EP with SSO and XI in an envrronment where R/3,SRM and other 2-3 systems are involved in BPM.Now if a user process one R/3 transaction through portal then system should perform some transaction into SRM and other legacy system too sequentially. This integration process are hapening in background(not visible to user),how XI will get logon information at runtime to perform transaction into SRM/legacy system as User mapping with EP user is maintained into EP.
2. How we can change logon information in Adapter configuration at runtime?
regards,
Himanshu

Similar Messages

BPM Workspace with custom SSO

We need to develop a new Single Sign On security provider to automatically authenticate Oracle BPM Workspace application.
Following some samples and tips from Oracle Forum, blogs[1], OTN Samples[2], and also the documentation[3] we build a new Assertion Provider.
We created a new MBean type, implemented the classes AuthenticationProvider, IdentityAsserter, and installed it at MBeanTypes folder at Weblogic Server.
The new Assertion Provider appears at realm providers and was configured without errors.
In this first test we develop a very simple authentication, just decoding the username from the new token and trusting it.
But when we try to call the BPM Workspace passing the new token in the http headers, seems nothing happend: the BPM Workspace login page it is opened and there isn't any message in the log indicating that the new provider has been used.
In fact we need to develop a SSO that receive the token at URL (not in the http headers) run a specific library to decrypt the token, check the token validity and proceed with the authentication. But at now we haven't even a simple sample working ...
Is it possible to have SSO at Oracle BPM Workspace only configuring a provider at Weblogic realm or we need to config/hack something at BPM Workspace application?
BPM Workspace web.xml it is already configured by default with these options:
<auth-method>CLIENT-CERT,FORM</auth-method>
<realm-name>myrealm</realm-name>
Infra:
RHEL 5.5 64Bits - Kernel 2.6.18-194.el5
Oracle SOA Suite 11gR1 PS2 - 11.1.1.3.0
Some references checked:
[1] http://fusionsecurity.blogspot.com/2009/07/building-custom-security-providers-with.html
[2] code-sample ID S224: Sample Security Providers for WLS 9.1
https://www.samplecode.oracle.com/tracker/tracking/linkid/prpl1004?sfLoginToken=088763F78B4F7961288649650A424AF3&sfProj=codesamples&isLoggedIn=true&id=S224&dapCheckedPassed=false
[3] Oracle® Fusion Middleware Developing Security Providers for Oracle WebLogic Server 11g Release 1 (10.3.3) E13718-02
http://download.oracle.com/docs/cd/E21043_01/web.1111/e13718/intro.htm

...seems nothing happend: the BPM Workspace login page it is opened and there isn't any message in the log indicating that the new provider...
Is there an Audit provider configured, which collects and stores the security logs.
To my knowledge, WebLogic uses the same cookie name (<code>JSESSIONID</code>) for all web applications on the server.
That way, no matter what type of authentication method is used in a particular web application, an authenticated user will have
single sign-on to all other web applications in the server.
If you want to have a global single sign-on a good solution would be to use Oracel Single Sign-On (http://download.oracle.com/docs/cd/E17904_01/core.1111/e10043/osso_d_10g.htm)
With your own implementation how is the authentication token mapped to a username?

BPM 10.3 WebService and SSO

Hi,
I exposed a Process as simple WebService, (e.g.
http://localhost:7001/albpmServices/bpmengine/ws/ProcessTestServiceListener?wsdl=true), and works fine.
My problem is, in our enviroment we use a custom Single Sign On class to log into workspace and
PAPI. As I discovered, the application that expose webservices derivated from process is the engine app, not PAPI or other application.
Is there a way to configure a custom SSO class in engine?
Or use another kind of authentication in exposed webservices process?

Hi Fernando,
Thank you very much for the tip. It worked indeed. Although it worked only in a seperate process that had also a seperate global interactive process creation activity in it and calls my main process. It did not work with my main project.
Although it is actually another question, but just out of curiosity: does a process indeed need a process creation activity to be able to be started using a WebService?
Regards,
Martien

Oracle BPM 10gr3 PAPI-WS SSO

Hi all,
I am trying to implement custom SSO for PAPI-WS.
I reference the following link http://download.oracle.com/docs/cd/E12483_01/albsi60/pdf/ALBPM60_PAPI_Developer_Guide.pdf
but i don't know how to test my configuration.
I have no idea how to configure in my client.
actually my client is Oracle Service Bus.
we expose PAPI WS as Business Service in OSB.
1. how should i configure in OSB to test my PAPI WS SSO.
2. after i configure SSO in OBPM Admin Center, do i need to configure Transport level authenticatioin and webservice security?
if necessary, which one i should use?
With Regards,
Wai Phyo

Hi all,
I am trying to implement custom SSO for PAPI-WS.
I reference the following link http://download.oracle.com/docs/cd/E12483_01/albsi60/pdf/ALBPM60_PAPI_Developer_Guide.pdf
but i don't know how to test my configuration.
I have no idea how to configure in my client.
actually my client is Oracle Service Bus.
we expose PAPI WS as Business Service in OSB.
1. how should i configure in OSB to test my PAPI WS SSO.
2. after i configure SSO in OBPM Admin Center, do i need to configure Transport level authenticatioin and webservice security?
if necessary, which one i should use?
With Regards,
Wai Phyo

SSO on bpm workspace console

Helllo,
i need to protect the bpm workspace administration console with OAM 11g. I can't find how this resource can be created on OAM.
This is the url to protect:
http://<machine>:8001/bpm/workspace
Do you know how i can define this resource in OAM?
Thank you,
Nik

The above issue is seen when we don't have proper FP patchset. after applying a patchset all issues sloved

SSO using Windows Active Directory but without EP or Java stack

Good morning and thank you in advance for your help.
The question is:
our environment includes windows domain with Active Directory, ECC 6.0 ABAP (DEV, QAS, PROD), BW 7.0 (DEV, QAS, PROD) only ABAP stack.
I would like to know if we can enable SSO using only this configuration without introducing EP or Java stack.
Best regards
Max

Hi Willi,
It won't be that easy to understand each other... as my english is not that good either
Most of the points introduced in the SAP help link are automatically performed by sapinst.
Almost all my customers running on MS are not using an AV, and neither get into troubles...
but no user ever connect on the SAP server, only admin, for maintenance purpose or SAP admin when needed...
Internet explorer should not be used on a sever, MS itself says it should be uninstalled...
Best regards
SAP on SQL General Update for Customers & Partners April 2014
10. Do Not Install SAPGUI on SAP Servers
Windows Servers have the ability to run many desktop PC applications such as SAPGUI and Internet Explorer however it is strongly recommended not to install this software on SAP servers, particularly production servers.
To improve reliability of an operating system it is recommended to install as few software packages as possible. This will not only improve reliability and performance, but will also make debugging any issues considerably simpler
“A server is a server, a PC is a PC”. Customers are encouraged to restrict access to production servers by implementing Server Hardening Procedure.
SAP Servers should not be used as administration consoles and there should be no need to directly connect to a server. Almost all administration can be done remotely
SAP on SQL General Update for Customers & Partners September 2013
Internet Explorer (and any other non-essential software) should always be removed from every SAP DB or Application server.
The following command line removes IE from Windows 2008 R2, Windows 2012 and Windows 2012 R2:
Open command prompt as an Administrator -> dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64

How to check SSO user from database?

Hi:
I've posted this topic in Forms forum:
How to check SSO user from database?
then as I've been told, it's better to post it here, so ...... here is the question:
I'm writing a "before delete trigger" to insert into log table before delete. Is there a way that I know from database the current SSO user when SSO users share one database user?
Just like in Oracle Application Express there is v('APP_USER') to know the current user.
Saad,

End users are manipulating data through Oracle Forms(and SSO through portal) and the thing I need is to trace the SSO username from database without modifying forms, I mean purely from database taking into consideration that SSO users are sharing one database user. Is it possible?
Saad,

SSO between 2 ABAP systems

Hello All,
There are 2 ABAP systems into consideration here.
A custom application is running on R/3 4.7 system.
This application also accesses data from another system - ECC 6.0
Issue:
Users get a login prompt to access ECC..which is to be removed...
Question:
How can I set a SSO connection between these two ABAP systems?
Awaiting Reply.
Thanks and Warm Regards,
Ritu

Hi Ritu,
First you need to ensure that your systems support SSL.
Use the procedure given here:
http://help.sap.com/saphelp_nw70/helpdata/en/65/6a563cef658a06e10000000a11405a/frameset.htm
Once SSL works, you can then setup SSO as per the link given in the previous post.

SSO and external applications

Hello folks,
Due to my inexperience with PS6, I'm looking for some high-level outline that will help me look in the right places and understand things better here.
I have an external application that requires authentication via a web form (or by attaching the username and password on the URL as parameters).
What I want to do is have a channel of this application and utilize information from the SSO mechanism to redirect the request to that remote app and provide the credentials for a transparent login.
From what I understand this can be done by having a servlet in that channel to retrieve the credentials of the user for that remote application from the SSO and then redirect to the external application, attaching the credentials to the URL.
Is the above correct? I would appreciate any pointers or considerations since my experience with PS is minimal.
Thanks in advance,
Manos

I don't see a way to that servlet to retrieve a password for the user - it's not stored in the session.
There are following options:
1. OpenText LiveLink way: You have some "hidden" password for every user (based on user's ID and a shared key) known only to your server and this servlet. Servlet will supply this password.
2. Normal way - web server: Implement login module to this application, which will trust REMOTE_USER variable provided by the agent on the web server.
3. Normal way - standalone app: Implement login module to this application which will validate DSAME session cookie on the DSAME server. You can use example code in the SUNWam/samples/ of your server.

How to raise alert in BPM

Hi Experts,
Please tell me how to raise alert using control step in BPM. What are the other steps to be used with control step for raising alerts?
Is CCMS Alerts and Alerts by BPM are same? If they are not the same, how they are different to each other?
my requirement is, simply i want to raise a mapping, data related errors by Alert.
in addition to it, i want to raise alerts for any failure in IE.
Could any one tell , what are the sequence of steps needed in BPM for the above requirement? Plz take a IDOC to FTP receiver scenario and explain me BPM steps.
thnx
RAMS

Hi rams
for more details refer these
refer these link for more details about Alert
For email alerts
/people/aravindh.prasanna/blog/2005/12/24/configuring-scenario-specific-e-mail-alerts-in-xi-ccms-part-2
/people/aravindh.prasanna/blog/2006/02/20/configuring-scenario-specific-e-mail-alerts-in-xi-ccms-part-3
/people/sap.user72/blog/2005/01/14/alert-management--improving-monitoring-of-your-landscape
/people/michal.krawczyk2/blog/2005/09/09/xi-alerts--step-by-step
You have to do SMTP Configuration for EMail and SMS.....
http://help.sap.com/saphelp_nw04/helpdata/en/af/73563c1e734f0fe10000000a114084/content.htm
Alerts
/people/michal.krawczyk2/blog/2005/09/09/xi-alerts--troubleshooting-guide
/people/michal.krawczyk2/blog/2005/09/09/xi-alerts--step-by-stepCheck out these:
RWB- Alert Configuration LInk isnot working
Unable to login into Alert configuration
Get all the details here
CCMS ALERTS
/people/sap.user72/blog/2005/11/24/xi-configuring-ccms-monitoring-for-xi-part-i
/people/sap.user72/blog/2005/12/05/xi-grmg-customizing-for-xi-ccms-heartbeat-monitoring-part-ii
/people/aravindh.prasanna/blog/2006/02/20/configuring-scenario-specific-e-mail-alerts-in-xi-ccms-part-3
Alerts
transaction handling in XI
/people/michal.krawczyk2/blog/2005/03/13/alerts-with-variables-from-the-messages-payload-xi--updated
Auto triggering of alerts
transaction handling in XI
SCOT
not sending email from alert inbox
See this link : http://help.sap.com/saphelp_nw70/helpdata/en/da/a3a7408f031414e10000000a1550b0/frameset.htm
heck this weblogs on creating them and troubleshooting:
/people/michal.krawczyk2/blog/2005/09/09/xi-alerts--step-by-step
/people/michal.krawczyk2/blog/2005/09/09/xi-alerts--troubleshooting-guide
/people/michal.krawczyk2/blog/2005/03/13/alerts-with-variables-from-the-messages-payload-xi--updated
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/9418d690-0201-0010-85bb-e9b2c1af895b
/people/michal.krawczyk2/blog/2005/09/09/xi-alerts--step-by-step
Further reference
http://help.sap.com/saphelp_nw04/helpdata/en/80/942f3ffed33d67e10000000a114084/content.htm
Also suggested go through the blog:Alerts with variables from the messages payload
/people/michal.krawczyk2/blog/2005/03/13/alerts-with-variables-from-the-messages-payload-xi--updated
/people/bhavesh.kantilal/blog/2006/07/25/triggering-xi-alerts-from-a-user-defined-function
/people/ginger.gatling/blog/2005/12/02/innovative-ways-to-use-alerts
/people/matt.kangas/blog/2006/06/27/personalized-alert-delivery
U may proceed in the following ways:
1. Reduce the securit settings of ur browser and enable the cookies
2. Try to SSO enable ur scenario
Have a look here:
SAP Note 840849
The configuration required as per ur patch level
SAP Note 913858
Check out these:
RWB- Alert Configuration LInk isnot working
Unable to login into Alert configuration
Thanks !!

Calling to BPM via PI

Basically I have already found a solution by trial and error, but I still don't understand what's going on, maybe someone can help me understand.
I am trying to make a web service call
from a CRM system (CRM 7.0 EhP3 SP 3), outbound interface {http://sap.com/xi/CRM/FS/Global2}NewLoanBoardingFSCreateRequest_Out
via PI (double-stack, PI 7.31 SP 3)
to a NW Java BPM system (NW 7.40 SP 4, inbound interface {http://sap.com/xi/FS-AO/Global}NewLoanBoardingProcessingNewLBrdngIn. The host name of the system is ilbnknw1 and the port is 50300.
I created an EJB for the implementation of the service provider NewLoanBoardingProcessingNewLBrdngIn and a BPM process according to note 1891861 in NW Developer Studio and deployed all of it to the NW Java BPM server.
There is a web service end point for NewLoanBoardingProcessingNewLBrdngIn on the NW Java BPM server the URL looks like this: http://ilbnknw1:50300/bpm/testsapcom/polnlbv0/start?wsdl&mode=ws_policy (visible in WS Administrator > Configuration > Connectivity > Single Service Administration > (stay on tab Service Definitions) > search for WSDL Port Type Name: NewLoanBoardingProcessingNewLBrdngIn ... I don't remember if it was created automatically during the deployment or I created it manually.)
The security settings for the end point are set like this:
Transport protocol: HTTP (not HTTPs)
HTTP Authentication: Checkmarks for Login with User ID/Password and for Logon ticket are set. (X.509 is not set and also grayed out.)
Message Authentication: No checkmarks are set.
I can test the above WSDL URL (http://ilbnknw1:50300/bpm/testsapcom/polnlbv0/start?wsdl&mode=ws_policy) from WS Navigator and it works - I don't get an error message, and in WS Administrator I see that the process is started (at Operations > Processes and Tasks > Manage Processes).
Now I wanted to test it from CRM. One possibility would be to go into SOAMANAGER and create a port that connects to the end point. But we prefer to go via PI. So I set up a receiver determination, interface determination and receiver agreement. The first two have no problems, the correct receiver (a business system referring to the NW Java BPM system) and the correct receiver interface are found. With the receiver agreement I was not so sure what to do and I tried different things.
First I thought: It's a call to a web service, let me use a web service receiver channel, i.e. Adapter Type = WS of version SAP BASIS 7.31 (I tried 7.40 because the NW Java BPM server is 7.40, but the PI doesn't like that because it's only 7.31).
I entered:
WSDL Access URL: I used the complete URL (http://ilbnknw1:50300/bpm/testsapcom/polnlbv0/start?wsdl&mode=ws_policy).
Authentication Method for WSDL Access: Basic Authentication using HTTP. (The other option No authentication and SSO using SAP Assertion ticket don't seem to fit.)
User name for WSDL access: A user in the NW Java BPM system.
Password for WSDL access: Password of the user
Security
Communication Security: None
Authentication Method: User ID/Password (Transport Channel Authentication)
Technical Transport Settings
Target Host: ilbnknw1
Service Name/Port: 50300
URL Access Path: /bpm/testsapcom/polnlbv0/start (this can be selected with the value help button and that was the only choice int he value help)
Then in the receiver agreement I chose this channel and entered the user and password on the NW Java system that should be used for the actual WS call (while the other one in the channel is only for accessing the WSDL) ... actually I used the same user and password for both, it has enough authorizations.
Result: Didn't work at all, PI showed a red flag for the message with the error WS_ADAPTER_SYS_ERROR and text System error while calling Web service adapter: Error when initializing SOAP client application: 'Error when initializing SOAP client application: "SRT: Unexpected failure in SOAP processing occurre"'
Question: Is this totally the wrong adapter to call to a NW Java system, or were my parameters wrong?
Then I found some things in the forum that said: Just use SOAP adapter, not WS adapter! And for communication between (newer releases of) PI and (new releases of) NW Java BPM it's best to use the SOAP adapter with the XI 3.0 protocol.
So I tried a SOAP receiver channel with XI 3.0 protocol, i.e. Adapter type SOAP with version SAP BASIS 7.31,
Transport Protocol: HTTP,
Message Protocol: change from SOAP 1.1 to XI 3.0,
Adressing Type: URL address (HTTP destination was the alternative),
Target URL: I used the whole URL (http://ilbnknw1:50300/bpm/testsapcom/polnlbv0/start?wsdl&mode=ws_policy),
Authentication Mode: Use Logon Data for Non-SAP system (because Logon Data for SAP system wanted a client and language, so I think it refers to ABAP systems only),
User Name: A user in the NW Java BPM system,
User Password: the matching password
(No settings in receiver agreement, just chose the channel.)
Result: The PI didn't show any error anymore, the flag was black-white. But on NW Administrator (Operations > Processes and Tasks > Manage Processes) I could not see the process starting!
Question: How is this possible? Where else could the error be seen? Are my parameters wrong? Probably not, otherwise PI should already show the error.
Next try: SOAP receiver channel with SOAP 1.1 protocol, i.e. Adapter type SOAP with version SAP BASIS 7.31,
Transport Protocol: HTTP,
Message Protocol: SOAP 1.1 (the default, instead of XI 3.0 in the previous attempt)
Adressing Type: URL address (HTTP destination was the alternative),
Target URL: I used the URL just up to the ? for the parameters, i.e. only http://ilbnknw1:50300/bpm/testsapcom/polnlbv0/start,
Checkmark for Configure User Authentication,
User Name: A user in the NW Java BPM system,
User Password: the matching password
At the bottom:
Checkmark for Use Query String,
SOAP Action: wsdl&mode=ws_policy
(No settings in receiver agreement, just chose the channel.)
Result: Success in PI (black-white flag) - and now two processes were started shortly after each other (within 15 seconds)!
I tested again to see if it would always trigger two process starts, but now it only started one as expected.
So it looks like the other process start "pushed out" a hanging previous process start? Is such a thing possible? Where could I monitor this? (Apparently not in NW Administrator > Operations > Processes and Tasks > Manage Processes).
So now I have a solution, I use a SOAP receiver channel with SOAP 1.1 protocol, not with XI 3.0 protocol, and certainly not thw WS adapter. But I still wonder why it's not working with the XI 3.0 protocol, even though this seems to be the most recommended way for PI and BPM to communicate in recent releases that support this, and what exactly happened there, where the first process start was "hiding" in the meantime.

Hi Monika,
did you choose the URL
http(s)://<hostname>:<port>/MessagingSystem/receive/JPR/XI
in the XI 3.0 communication channel as described in the SAP Help? As far as I understand your description you didn't. Maybe this is the reason that it was not working with XI 3.0.
Please check this link for proper setup:
http://help.sap.com/saphelp_nw73ehp1/helpdata/en/99/0d45d39bb442bc96925f4a5db8b7ee/content.htm?frameset=/en/f1/24e6e6f548480b85197bde372d13c9/frameset.htm
Best Regards
Harald

BPM task not coming in inbox

Dear Experts,
This regarding the UWL issue which we are facing in our landscape.
We have an EP 7.01 SP11 system by which users access the BPM task and CE 7.2 SP06 system
Where the BPM workflow is created.
SSO is configured properly between these two systems where both systems UME is pointing
to the same LDAP. System configurations and UWL configurations are done properly ,in fact the
tasks where coming properly in the inbox before.
But all of sudden without any changes its not working now . we are not able to find the root cause
of it.
Kindly help us to resolve this issue and let us know if you need more inputs.
Many thanks in advance.
Regards,
Parthibaraja

Dear Parthibaraja
I hope you are well and many thanks for using the SAP Discussion Forums .
In relation to the issue you described you mentioned:
We have an EP 7.01 SP11 system by which users access the BPM task and CE 7.2 SP06 system Where the BPM workflow is created.
SSO is configured properly between these two systems where both systems UME is pointing to the same LDAP. System configurations and UWL configurations are done properly ,in fact the tasks where coming properly in the inbox before.
Now although you mentioned the configurations are setup accordingly. I would like you to kindly review the UWL Destination Service Configuration as the smallest discrepancy maintained can cause unpredictable and unexpected behaviour.
SAP Note: Note 1133821 - UWL Destination Service configuration
When you followed and implemented SAP Note 1133821 - UWL Destination Service Configuration we need to make sure that connector names and also destination names match exactly (Case Sensitive).
Example: I mean if your portal system alias (=UWL connector name) is for example XYZCLNT100, then the rfc destination name should be exactly XYZCLNT100$WebFlowConnector.
After checking this and if you make any configuration changes
Clear the UWL Cache
Restart the UWL Service (during a period of downtime/low usage levels)
Now in terms of the UWL and BPM tasks there are some important points to highlight which are covered in the following documentation link:
http://help.sap.com/saphelp_nw73/helpdata/de/4a/ee9c7488946d62e10000000a
42189c/frameset.htm
I have come across similar scenarios in the past which have been resolved after consulting the following SAP Note Documentation:
SAP Note: 1585226 - BPM UWL Connector Failure
Kindly Check whether the proxy settings are done correctly and http.nonProxyHosts has proper entries as explained in the note 1507174. (Proxy settings for the J2EE engine). You NEED to have SSO configured as in a case with 730, absolutely no user mapping should be used on webflowconnectors.
Kindly update me as per your findings.
I greatly appreciate your time and patience and I look forward to recieving your reply.
Kind Regards & All The Best
Troy Cronin - Enteprise Portal Support Engineer

Differences between Oracle BPM and Aqualogic BPM 6.0

Hello,
Does anyone know where I can find information that spells out the differences between Aqualogic 6.0 and Oracle BPM (if there are any)? I've searched the Oracle sites, documentation sections, etc. and I cannot find a datasheet that spells out anything related to the differences between the two aside from the name change.
Thank you.

I thought that there no major differences between the versions, only changes in the skin, logo and an improvement in the engine, but I was wrong.
My production enviroment runs BPM Enterprise in version 6, in other words runs Aqualogic BPM Enterprise, not Oracle BPM Enterprise, but in the development enviroment I made the decision to use the version 10 (Oracle BPM Studio 10g), because I thought there were no considerable changes between versions.
So I could not make the deployment of the project in the enterprise version, the log reported that many processes and screenflows of the project were not found, then I tried to open the project that was done in version 10 in version 6 of the BPM Studio and then try to export the ".exp" to try to do the deployment again. When I opened the project in BPM Studio 6 some errors occurred, but no significant errors. I fixed the errors, export the project again and try to do the deployment in the enterprise version and the same problems as before still occurring.
The only solution I found was to make the project in BPM Studio 6.04 (Aqualogic). Now I can make the deployment of the project in the production environment.
Conclusion: always use the same version in BPM studio/enterprise. If you use Oracle BPM Studio in development enviroment, use Oracle BPM Enterprise for production enviroment. The same way if you use Aqualogic BPM Studio in development enviroment, use Aqualogic BPM Enterprise in the production enviroment.

Active Directory, SSO, Integrated Windows Authentication

Hi,
I have to setup a NW BPM environment using Windows/Active Directory SSO.
In the desired scenario, I would use UME to create BPM specific roles and/or groups and then I would associate:
- specific AD users to UME groups or roles, and/or
- associate AD groups to UME groups or roles.
Is it possible? I would really appreciate any directions/hints on how to do that.
Thanks in advance,
Ricardo Giacomin

It is possible you have the xml configuration file in the administration of ume and you need to edit that one in order to link it to your AD. if you're using LDAPs to connect you will also have to load the certificates in NWA before the first connection.

Oracle BPM directory database

Hi,
IHAC that has a custom application to manage their users and roles. They are using Oracle BPM and they want to keep creating, managing and authenticating user with that application, that is not a LDAP.
How can I syncronize the creation/updating/deleting/ of users in their application with the Oracle BPM Directory? I have been looking for Oracle BPM Directory schema documentation but I haven't found anything
I know that activating SSO I could manage the user authentication but I still have the issue about users administration
thanks in advance
Ana
Edited by: user_Ana on Apr 7, 2010 5:40 PM
Edited by: user_Ana on Apr 7, 2010 5:41 PM

Hi
In OBPM 10gR3 we can create the participants & manage & update user roles dynamically using the FDI components.
simple solution to your requirement is check the user roles in both the application DB & in FDI database & write your code accordingly.
To check the participant existance in directory DB:
//=======FDI Participant verfication=======
Fuego.Lib.Participant primary = Participant.find(name : "participant_id"));.
If the above value is null then create a new participant & assign the roles using the below code.
i. Participant Creation : Fuego.FDI. DirHumanParticipant
Ans: // Reuse Engine session to the Directory
session = DirectorySession.currentEngineSession
// Load the Organization Unit to which the participant will belong to
myOU = DirOrganizationalUnit.fetch(dir : session, id : "Dallas")
// Load the Role that the participant will have assigned,
// and create a role assignment for it
myRole = DirOrganizationalRole.fetch(session : session, id : "Role1")
myAssignment[] = RoleAssignment.create(role : myRole, permissions : 255)
// Create the new participant.
myparticipant = DirHumanParticipant.create(
session : session, id : "example_participant",
firstName : "NewName",
lastName : "NewLastname,
displayName : "NewLastname, NewName",
mail : "[email protected]",
telephone : "0000000000",
fax : "1111111111",
password : "secret",
ou : myOU, rolesAssignment : myAssignment,
enabled : true)
// set it NOT to receive emails when new instances arrive to
// this participant inbox:
myparticipant using receivesMail = false
ii. Role Assign / Update : Fuego.Fdi : RoleAssignment.
Ans:
// fetch all roles
mySession = DirectorySession.currentEngineSession
allroles = DirOrganizationalRole.fetchAll(session : mySession)
// Generate array of RoleAssignments for all non-parametric Roles
for each r in allroles
do
aRole = DirOrganizationalRole.fetch(session : mySession, id : r.id)
if not aRole.parametric then
newAssignments[] = RoleAssignment.create(role : aRole,
permissions : 255)
end
end
// Replace role assignments for this participant
currentPart = DirHumanParticipant.fetch(session : mySession,
id : Participant.id)
currentPart.rolesAssignment = newAssignments
update currentPart
For reference go through the this link: http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/standard_components/index.html
I hope this might help.
Thanks

BPM:SSO consideration

Similar Messages

Maybe you are looking for