Configuring Human Workflow Service Components and Engines 19-25

3. Expand the cn=subconfigsubentry cn=osdldapd cn=oid1 nodes.

4. In the Attributes page, set the orclsslinteropmode attribute to 0.

5. Click the Apply button.

19.7.4 Customizing the Identity Provider

To customize the identity provider for example, to handle user and role information stored in home grown solutions, visit the following URL: http:www.oracle.comtechnologyproductsid_mgmtopssindex.html

19.8 Seeding Users, Groups, and Application Roles using LDAP Tools

This section provides an overview of the procedures required for seeding users, groups, and application roles with LDAP tools. When you create a task, you assign humans to participate in and act upon the task. Participants can perform actions upon tasks during runtime from Oracle BPM Worklist, such as approving a vacation request, rejecting a purchase order, providing feedback on a help desk request, or some other action. There are three types of participants: ■ Users ■ Groups ■ Application roles For more information, see Oracle Fusion Middleware Developers Guide for Oracle SOA Suite.

19.8.1 Changing the Default Password in the Embedded LDAP Server

The password credential is accessible from the Oracle WebLogic Server Administration Console by selecting Security Embedded LDAP for your domain. 19-26 Oracle Fusion Middleware Administrators Guide for Oracle SOA Suite and Oracle BPM Suite For instructions on changing the default password credential, see Chapter 9, Managing the Embedded LDAP Server of Oracle Fusion Middleware Securing Oracle WebLogic Server.

19.8.2 Seeding Users or Groups through the LDAP Browser

To seed users or groups through the LDAP browser: 1. Start an LDAP browser for example, openLdap browser, ldapbrowser, jXplorer, and so on. See the documentation for your browser for instructions. 2. Connect to the LDAP server by providing the hostname, port number on which the server is running, and the administration user credentials with which to log in. ■ For Embedded LDAP: a. The default managed server port number is 7001. b. The administration credential username is cn=admin. c. The administration credential password is what you set in Section 19.8.1, Changing the Default Password in the Embedded LDAP Server. ■ For OIDm: a. The default port number is 3060. b. The administration username is cn=orcladmin. c. The administration password is the password for the LDAP server. 3. Seed a user or group through the browser by performing the following steps: a. Select a parent under which to add a user or group.

b. Select the Edit menu and choose an appropriate option to add a new entry.

c. Enter all required attribute values for the entry. 4. Seed users or groups through the LDIF file by performing the following steps: a. Select the domain under which to seed the users or groups.

b. Select the LDIF menu and choose to import an LDIF file.

c. In the Import LDIF File dialog, browse for and select the LDIF file and click Import . Similarly, the users or groups seeded on the LDAP server can be exported to an LDIF file by selecting the Export option from the LDIF menu. 5. Add attributes to the users or groups by performing the following steps: a. Select an entry for which to add a new attribute. b. Right-click and choose the option to add a new attribute. c. In the Add Attribute dialog, provide the name and value of the attribute. You can only add attributes that are defined in the LDAP server schema. 6. Delete attributes for users or groups by performing the following steps: a. Select an entry for which to delete a new attribute. b. Select an attribute from the list of attributes and delete it. Configuring Human Workflow Service Components and Engines 19-27

19.8.3 Seeding Application Roles using WLST Scripts

For instructions on using the WebLogic Scripting Tool WLST to seed application roles, see Chapter 4, Infrastructure Security Custom WLST Commands of Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

19.8.4 Managing Application Roles in Oracle Enterprise Manager Fusion Middleware Control

This section describes how to manage application roles in Oracle Enterprise Manager Fusion Middleware Control. To manage application roles in Oracle Enterprise Manager Fusion Middleware Control:

1. In the navigator, select the appropriate Oracle WebLogic Server under WebLogic

Domain Farm_Domain_name. 2. Right-click the domain name, and select Security Application Roles. 3. Create an application role by performing the following steps:

a. Select the Create option in the Application Roles page.

The Create Application Role page appears.

b. In the Application list, select the application name server_namesoa-infra

under which to create a role.

c. Enter the role name, display name, and description for the application role.

d. Add members by selecting Add Role in the Roles section and Add User in the

Users section. e. Click OK to create the application role.

4. Edit application roles by performing the following steps:

a. In the Select Application Name to Search list of the Search section of the

Application Roles page, select an appropriate application for example, soa_ server1soa-infra .

b. To the right of the Role Name list, click the Search icon.

This action lists all the application roles created for that application.

c. Select the application role to edit for example, select SOADesigner.

d. Click Edit.

The Edit Application Role page appears.

e. Add application roles and groups in the Roles section and users in the Users

section for example, assign SOADesigner to a user to which to provide access to Oracle SOA Composer. The user must be defined in the Oracle WebLogic Server realm. Note: Follow these steps if you want to provide nonadministrators with access to Oracle SOA Composer. This is accomplished by assigning the SOADesigner role to users or groups on the Edit Application Role page. The users must exist in the Oracle WebLogic Server realm.