Undeploying Applications Oracle Fusion Middleware Online Documentation Library
6.2 Configuring Oracle HTTP Server with Oracle BPM Worklist
You must add the integration location in the mod_wl_ohs.conf file of Oracle HTTP Server for Oracle BPM Worklist to work through Oracle HTTP Server. Location integration SetHandler weblogic-handler PathTrim weblogic ErrorPage http:WEBLOGIC_HOME:WEBLOGIC_PORT Location6.3 Setting up SAML Message-Protected Policy Configuration for the SOA Infrastructure
This section describes how to set up and validate Security Assertion Markup Language SAML message-protected policy configuration for the SOA Infrastructure with the WebLogic Scripting Tool WLST. The example in this section describes task query service configuration. However, these instructions are relevant to all human workflow services that support SAML-token ports: ■ AG query service ■ AG metadata service ■ AG admin service ■ Task query service ■ Task service ■ Task metadata service ■ Runtime config service ■ Task evidence service ■ User metadata service If you want to change the policy for another service, you must apply the same WLST commands to that services SAML-token port. Securing and administering web services Oracle Fusion Middleware Security and Administrators Guide for Web Services Understanding Oracle WebLogic Server security Oracle Fusion Middleware Understanding Security for Oracle WebLogic Server Securing an Oracle WebLogic Server production environment Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server Securing Oracle WebLogic Server Oracle Fusion Middleware Securing Oracle WebLogic Server Developing new security providers for use with Oracle WebLogic Server Oracle Fusion Middleware Developing Security Providers for Oracle WebLogic Server Securing web services for Oracle WebLogic Server Oracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server Programming security for Oracle WebLogic Server Oracle Fusion Middleware Programming Security for Oracle WebLogic Server Table 6–1 Cont. Security Documentation For Information On... See The Following Guide... Securing SOA Composite Applications 6-3 To set up an SAML message-protected policy configuration: 1. Log in to the SOA domain for example, named base_domain using WLST. 2. Detach the existing out-of-the-box service policy named wss10_saml_token_ service_policy. wls:base_domaindomainRuntime detachWebServicePolicybase_domainsoa _server1soa-infra,integrationservicesTaskQueryService,web, WorkflowProvider,TaskQueryServicePortSAML,oracle wss10_saml_token_service_policy 3. Restart the application to activate any policy or configuration change. 4. Attach the new policy. In this case, the policy is named oraclewss10_saml_ token_with_message_protection_service_policy. wls:base_domaindomainRuntime attachWebServicePolicybase_domainsoa _server1soa-infra,integrationservicesTaskQueryService, web,WorkflowProvider,TaskQueryServicePortSAML,ora clewss10_saml_token_with_message_protection_service_policy 5. Restart the application to activate any policy or configuration change. 6. List the policy to validate. wls:base_domaindomainRuntime listWebServicePoliciesbase_domainsoa _server1soa-infra,integrationservicesTaskQueryService, web,WorkflowProvider,TaskQueryServicePortSAML TaskQueryServicePortSAML : security : oraclewss10_saml_token_with_message_protection_service_policy, enabled=true Attached policy or policies are valid; endpoint is secure. 7. Create a keystore, add the orakey alias, and run the Oracle Web Service Manager OWSM configuration to activate the SAML message-protected policy. For example: keytool -genkeypair -keystore domain_homeconfigfmwconfigdefault-keystore.jks -keyalg RSA -dname cn=consumer,dc=example,dc=com -alias clientalias -keypass password -storepass password -validity 3600 keytool -exportcert -keystore domain_homeconfigfmwconfigdefault-keystore.jks -v -alias clientalias -storepass password -rfc -file domain_homeconfigfmwconfigcertificate.cer keytool -importcert -keystore domain_homeconfigfmwconfigdefault-keystore.jks -alias orakey -file domain_homeconfigfmwconfigcertificate.cer -storepass password createCredmap=oracle.wsm.security, key=keystore-csf-key, user=owsm, password=welcome1, desc=Keystore key 6-4 Oracle Fusion Middleware Administrators Guide for Oracle SOA Suite and Oracle BPM Suite createCredmap=oracle.wsm.security, key=enc-csf-key, user=clientalias, password=welcome1, desc=Encryption key createCredmap=oracle.wsm.security, key=sign-csf-key, user=clientalias, password=welcome1, desc=Signing key 8. Restart the servers.6.4 Automatically Authenticating Users
This section describes how to authenticate Oracle BPM Worklist and Oracle Business Process Management users in different environments.6.4.1 Automatically Authenticating Oracle BPM Worklist Users in SAML SSO Environments
In order to be automatically authenticated when accessing a second Oracle BPM Worklist from a first Oracle BPM Worklist in SAML SSO environments, you must perform the following steps. Otherwise, you are prompted to log in again when you access the second Oracle BPM Worklist. In these environments, the first Oracle BPM Worklist is configured as the SAML identity provider and the second Oracle BPM Worklist that you are attempting to access is configured as the SAML service provider. To automatically authenticate Oracle BPM Worklist users in SAML SSO environments: 1. Add integrationworklistapp as the redirect URL for worklistapp to the SAML service provider sites SAML2IdentityAsserter configuration as follows.a. In the Oracle WebLogic Server Administration Console, select Security
Realms . b. Click the realms for the service providers.c. Select the Providers tab, and then the Authentication subtab.
d. From the provider list, select the provider with the description SAML 2.0
Identity Assertion Provider. If you do not see the SAML identity assertion provider configuration, follow the instructions in Oracle Fusion Middleware Securing Oracle WebLogic Server.e. Select the Management tab.
Under the Management tab, you can see a list of identity provider partners. These are hosts that have been configured as the SAML identity provider partners for this SAML identity service provider site. Remember that this configuration step is performed on the identity service provider site on which the worklist application is hosted. f. Select the identity provider site where you want the user to perform the initial login.g. Scroll down the page until you see the field Redirect URIs.
h. Add integrationworklistapp to the list. After performing this step, you can log in to Oracle BPM Worklist at the SAML identity provider site though the regular URL ofintegrationworklistapp. If necessary, you can then navigate to the URL integrationworklistappssologin at the SAML service provider site, where you gain access to Oracle BPM Worklist and are automatically authenticated. Securing SOA Composite Applications 6-5 For more information on SAML2IdentityAsserter and configuring SSO with web browsers and HTTP clients, see Oracle Fusion Middleware Securing Oracle WebLogic Server. 6.4.2 Automatically Authenticating Oracle BPM Worklist Users in Windows Native Authentication Environments For Windows native authentication through Kerberos to work with Oracle BPM Worklist, you must use the integrationworklistappssologin protected URL. For example, after configuring Windows native authentication, you access Oracle BPM Worklist as follows: http:host_name.domain_name:8001integrationworklistappssologin For information on configuring SSO with Microsoft clients, see Oracle Fusion Middleware Securing Oracle WebLogic Server. 6.4.3 Automatically Authenticating Oracle Business Process Management Process Composer Users in Windows Native Authentication Environments For Windows native authentication through Kerberos to work with Oracle Business Process Management Process Composer, you must use the bpmcomposerssologin protected URL. For example, after configuring Windows native authentication, you access Process Composer as follows: http:host_name.domain_name:8001bpmcomposerssologin For information on configuring SSO with Microsoft clients, see Oracle Fusion Middleware Securing Oracle WebLogic Server.6.5 Listing the Authentication Provider
This section describes how to set the first authentication provider.6.5.1 Listing Oracle Internet Directory as the First Authentication Provider
The Oracle BPM Worklist and workflow services use Java Platform Security JPS and the User and Role API. For this reason, the Oracle Internet Directory authenticator must be the first provider listed when workflow is used with Oracle Internet Directory. If Oracle Internet Directory is not listed first for example, it is listed below DefaultAuthenticator, login authentication fails. For information about changing the order of authentication providers, see Oracle Fusion Middleware Securing Oracle WebLogic Server.6.5.2 Accessing Web-based Applications with the Default Authentication Provider
Logins to web-based applications may fail when using Oracle Internet Directory authentication. This is caused when the Oracle WebLogic Server configuration is set to use the Oracle Internet Directory authentication before default authentication. This may produce the following error: User weblogic is not found in configuration jazn.com Check if the user exists in the repository specified by the configurations. Check the error stack and fix the cause of the error. Contact oracle support if error is not fixable. The order of the security providers should be:Parts
» Oracle Fusion Middleware Online Documentation Library
» Introduction to the SOA Infrastructure Application
» Introduction to SOA Composite Applications
» Introduction to SOA Composite Application Instances
» Introduction to Service Components and Service Component Instances
» Introduction to Binding Components
» Introduction to Service Engines
» Introduction to the Service Infrastructure
» Introduction to the Contents of SOA Composite Applications
» What Is Oracle Fusion Middleware? What Is Oracle Business Process Management Suite?
» Introduction to the Order of Precedence for Audit Level Settings
» Monitoring of Oracle SOA Suite and Oracle BPM Suite
» Introduction to Fault Recovery
» Introduction to How Policies are Executed Policies are executed before a message
» Introduction to the Lifecycle State of SOA Composite Applications
» Administration for Application Developers
» Logging In to Oracle Enterprise Manager Fusion Middleware Control
» Navigating Through the SOA Infrastructure Home Page and Menu
» Navigating Through the SOA Composite Application Home Page and Menu
» Navigating Through the Partition Home Page and Menu Navigating to Deployed Java EE Applications
» Logging Out of Oracle Enterprise Manager Fusion Middleware Control
» Disabling Instance and Fault Count Metrics Retrieval with the System MBean Browser
» Waiting for SOA Infrastructure Startup Initialization to Complete
» Changing the SOA Infrastructure Server URL Property Port
» Configuring Log Files Oracle Fusion Middleware Online Documentation Library
» Configuring the Logging File Encoding Property
» Specifying a Nondefault XA Transaction Timeout Value for XA Data Sources
» Monitoring SOA Infrastructure Recent Instances and Faults
» Redeploying Applications Oracle Fusion Middleware Online Documentation Library
» Undeploying Applications Oracle Fusion Middleware Online Documentation Library
» Introduction to Securing SOA Composite Applications
» Configuring Oracle HTTP Server with Oracle BPM Worklist
» Setting up SAML Message-Protected Policy Configuration for the SOA Infrastructure
» Automatically Authenticating Oracle BPM Worklist Users in SAML SSO Environments
» In the Oracle WebLogic Server Administration Console, select Security
» Select the Providers tab, and then the Authentication subtab.
» From the provider list, select the provider with the description SAML 2.0
» Scroll down the page until you see the field Redirect URIs.
» Configuring SOA Composite Applications for Two-Way SSL Communication
» From the SOA Infrastructure menu, select SOA Administration Common
» At the bottom of the page, click More SOA Infra Advanced Configuration
» Click KeystoreLocation. Oracle Fusion Middleware Online Documentation Library
» In the Value column, enter the keystore location.
» Click Apply. Oracle Fusion Middleware Online Documentation Library
» Invoking References in One-Way SSL Environments in Oracle JDeveloper
» Configuring Oracle HTTP Server for SSL Communication
» Configuring Certificates for Oracle Client, Oracle HTTP Server, and Oracle WebLogic Server
» Configuring SSL Between SOA Composite Application Instances and Oracle WebCache
» Using a Custom Trust Store for One-Way SSL During Design Time
» Configuring Security for Human Workflow WSDL Files
» Monitoring SOA Composite Application Recent Instances and Faults
» Specifying RPCLiteral-Style WSDL Files on the Test Page
» Managing the State of All Applications at the SOA Infrastructure Level
» Managing the State of an Application from the SOA Composite Application Home Page
» Starting and Stopping a Managed Oracle WebLogic Server
» Monitoring and Deleting SOA Composite Application Instances from the Application Home Page
» In the Instance ID column, click a specific instance ID to show the message
» In the State column, if an instance state is marked as Unknown, click it to
» Recovering from SOA Composite Application Faults at the SOA Infrastructure Level
» From the View list, select Columns Fault ID to display the fault IDs for each
» In the Composite column, click a specific SOA composite application to access
» In the Fault Location column, click a specific location to access the faults page
» In the Composite Instance ID column, click a specific ID to access the flow
» Example: Single Fault Recovery for BPEL Processes
» Example: Bulk Fault Recovery for BPEL Processes
» Example: Single Fault Recovery for BPMN Processes
» Example: Single Fault Recovery for Oracle Mediator
» Recovering from SOA Composite Application Faults in the Application Home Page
» Automating the Testing of SOA Composite Applications
» WS-RM Sessions Policy Attachments and Local Optimization in Composite-to-Composite Invocations
» Exporting a Running SOA Composite Application
» Creating and Deleting Partitions
» In the Name field, enter a partition name, and click Create.
» Performing Bulk Lifecycle Management Tasks on Composites in Partitions
» Deleting Large Numbers of Instances with the Purge Script
» Referential Integrity and Equipartioning
» Introduction to Partition Key Selection
» Developing a Purging and Partitioning Methodology
» delete_instances Procedure Looped Purge Script
» Purge States Deleting Large Numbers of Instances with the Purge Scripts
» Configuring Partitions Introduction to the Verification Scripts
» Component Tables Partitioning Component Tables
» Executing the Verification Scripts
» Verifying and Dropping Partitions
» Partial Partitioning of Components
» Retrieving the State of a Composite Finding Composite and Component Instances
» Configuring Automatic Recovery Attempts for Invoke and Callback Messages
» Setting the Audit Level at the BPEL Process Service Component Level
» Monitoring BPEL Process Service Component Instances and Faults
» Monitoring BPEL Process Service Component Instances
» Behavior of Activity Sensors in Compensate and CompensateScope Activities in BPEL 2.0
» Monitoring BPEL Process Service Engine Instances
» In the Instance ID column, click an instance ID for a service component to
» In the Component column, click a specific service component to access its
» In the Logs column, click a specific log to access the Log Messages page with
» Monitoring Deployed BPEL Processes in the Service Engine
» Recovering from BPEL Process Service Component Faults
» Click the Show only recoverable faults checkbox to display only faults from
» From the Fault Type list, select to display all faults, system faults, business
» Recovering from BPEL Process Service Engine Faults
» Configuring Oracle Mediator Service Engine Properties
» Configuring Resequenced Messages Oracle Fusion Middleware Online Documentation Library
» Monitoring Oracle Mediator Service Component Instances and Faults
» In the Instance ID column, click an instance ID to view its instance details,
» Introductions to the Sections of the Dashboard Page
» Monitoring Oracle Mediator Instance Information
» Monitoring Oracle Mediator Faults
» Dashboard Page Instances Page Faults Page
» Mediator Resequencing Group Dialog
» Monitoring Resequenced Messages from the Mediator Instance Dialog
» Managing Oracle Mediator Faults
» Managing Oracle Mediator Policies
» Deleting Cross-Reference Values Oracle Fusion Middleware Online Documentation Library
» Monitoring Business Rules Service Engine Instances and Faults
» Monitoring Business Rules Service Engine Statistics
» Monitoring Business Rules Service Engine Instances
» Tracing Rule Execution at the Development Audit Level
» Tracing Rule Execution at the Production Audit Level
» Viewing Decision Service Component Logs
» Setting the Diagnostic Logging Level with a Log Configuration
» Configuring Human Workflow Notification Properties
» Configuring Human Workflow Task Service Properties
» Pluggable Notification Service Implementation Pluggable Notification Service Registration
» Configuring Oracle HTTP Server for Task Form Attachments Configuring Multiple Send Addresses
» Adding an Authentication Provider
» Creating Users and Groups Using WebLogic Console
» Creating Users and Groups Using Oracle Internet Directory
» Configuring the Directory Service
» Changing the Default Password in the Embedded LDAP Server
» Click Edit. Add application roles and groups in the Roles section and users in the Users
» Configuring Security Policies for Human Workflow Web Services
» Monitoring Human Task Service Component Instances and Faults
» Viewing the Status of Human Workflow Tasks
» Monitoring Human Task Service Component Instances
» Monitoring Human Workflow Service Engine Instances and Faults
» Click Show All below the section to access the Instances page of the service
» In the Name column, click a specific service component to access its home
» In the Composite columns, click a specific SOA composite application to
» Click Show All below the section to access the Deployed Components page of
» Monitoring Human Workflow Service Engine Active Requests and Operation Statistics
» Monitoring Deployed Human Workflows in the Service Engine
» Managing Human Task Service Component Policies
» Recovering from Human Workflow Service Engine Faults
» In the Error Message column, click a specific message to display complete
» In the Recovery column, click a fault that is marked as recoverable to invoke
» In the Component Instance ID column, click a specific service component ID
» Managing the URI of the Human Task Service Component Task Details Application
» Recovering from Human Task Service Component Faults
» Managing Outgoing Notifications and Incoming Email Notifications
» Moving Human Workflow Data from Test to Production Environments
» Exporting All Attribute Labels The following example exports all attribute
» Importing Task Payload Mapped Attribute Mappings for All Task Definition IDs The
» Exporting Task Payload Mapped Attribute Mappings for a Specific Task Definition ID
» Importing Task Payload Mapped Attribute Mappings for a Specific Task Definition ID
» Exporting All User Views This example exports all user views.
» Importing All User Views This example imports all user views.
» Exporting a Specific User View This example exports a specific user view.
» Importing a Specific User View This example imports a specific user view.
» Export All Standard Views This example exports all standard views.
» ant Script Data Migration Syntax
» Configuring Oracle BAM Web Applications Properties
» Configuring Oracle BAM Server Properties
» Configuring Data Source JNDI Configuring Application URL
» Configuring Oracle Data Integrator Integration Properties
» Introduction to Configuring Oracle BAM Configuring the Logger
» Configuring Oracle User Messaging Service
» Configuring Oracle BAM Distribution Lists
» Configuring HTTPS for Oracle BAM Adapter
» Configuring Trusted Domains Configuring Credential Mapping
» Configuring Oracle BAM Batching Properties
» Configuring Credential Mapping Configuring Security
» Configuring Oracle BAM User Permissions
» Configuring Secure Socket Layer
» Using Oracle Internet Directory With Oracle BAM
» Securing Oracle BAM JMS Resources
» Protecting Oracle BAM Web Services, An Example
» Configuring Advanced Properties Oracle Fusion Middleware Online Documentation Library
» Oracle BAM Configuration Property Reference
» Monitoring Oracle BAM Active Data Cache
» Monitoring the Event Engine Component
» Monitoring the Report Cache Component Monitoring the Enterprise Message Sources
» Monitoring Oracle BAM Report Server
» Monitoring Open Connections Monitoring Oracle BAM Web Applications
» Introduction to Monitoring Oracle BAM Monitoring Oracle BAM Web Services
» Monitoring Oracle BAM Performance
» Introduction to Managing Oracle BAM
» Managing Oracle BAM Availability
» Using Previously Seeded Group Members
» Adding Members to Application Roles Introduction to Oracle BAM Application Roles
» Using the Oracle WebLogic Server Administration Console
» Adding a Group Configuring Oracle WebLogic Server Embedded LDAP Server
» Adding a User Configuring Oracle WebLogic Server Embedded LDAP Server
» Using the Registerusers Utility
» Managing Oracle BAM Object Ownership Removing Invalid Users from Oracle BAM Administrator
» Components Introduction to User Messaging Service
» Introduction to Oracle User Messaging Service Configuration
» Adding Business Terms Adding or Removing User Messaging Preferences Business Terms
» Introduction to Driver Properties
» Securing Passwords Configuring a Driver
» Driver Application Archive EAR The EAR file is oracle_
» Common Properties These are common driver properties that are indicative of
» Implement and deploy a web service listener endpoint based on the
» Click User Messaging Service Driver Properties.
» Under Driver-Specific Configuration, add a new extension endpoint
» Under Common Configuration, update Supported Protocols with a Click OK to save the configuration.
» Configuring User Messaging Service Access to LDAP User Profile
» Troubleshooting Oracle User Messaging Service
» Using Message Status Monitoring Oracle User Messaging Service
» Viewing Metrics and Statistics
» Deploying Drivers Using Oracle Enterprise Manager Fusion Middleware Control
» Deploying Drivers Using the Oracle Fusion Middleware Configuration Wizard
» Undeploying and Unregistering Drivers
» Click Invoke. Oracle Fusion Middleware Online Documentation Library
» Adding Predefined Properties for an Inbound Adapter
» Creating a New Property for an Inbound Adapter
» Deleting a Property for an Inbound Adapter
» Click the Properties tab to see a list of the currently defined binding
» Select the property you want to delete, and then click Delete.
» Reverting a Property Value for an Inbound Adapter
» Editing a Predefined Property for an Outbound Adapter
» Select the property you want to edit.
» Adding a Predefined Property for an Outbound Adapter
» Click the Select Value icon in the Name field of the new row.
» Creating a New Property for an Outbound Adapter
» Specify the property name and value in the Name and the Value fields of the
» Deleting a Property for an Outbound Adapter
» Reverting a Property Value for an Outbound Adapter
» Click OK to confirm. Click the Properties tab to see a list of the currently defined binding
» Select the property you want to revert, and then click Revert. Click OK to confirm.
» Click Save. Oracle Fusion Middleware Online Documentation Library
» Searching for Rejected Messages for an Inbound Adapter
» Monitoring Properties for an Inbound Adapter Click Properties.
» Click Dashboard. Oracle Fusion Middleware Online Documentation Library
» View the recent faults listed in the Recent Faults section.
» Monitoring Faults for an Outbound Adapter
» Monitoring Adapter Logs Oracle Fusion Middleware Online Documentation Library
» Configuring Oracle B2B Server Properties Configuring Oracle B2B Operations
» Configuring Oracle B2B Attributes
» Monitoring the Oracle B2B Infrastructure
» Introduction to the Event Delivery Network
» Subscribing to Business Events
» Managing Business Event Subscribers
» Recovering from Business Event Faults
» Configuring Properties for Web Services
» Oracle AQ Adapter Configuring Properties for Oracle JCA Adapters
» Oracle Database Adapter Configuring Properties for Oracle JCA Adapters
» Oracle File Adapter Configuring Properties for Oracle JCA Adapters
» Oracle FTP Adapter Configuring Properties for Oracle JCA Adapters
» Oracle JMS Adapter Configuring Properties for Oracle JCA Adapters
» Oracle Socket Adapter Configuring Properties for Oracle JCA Adapters
» Oracle JCA Adapters Endpoint Properties
» Configuring Caching of WSDL URLs
» Monitoring Binding Component Instances and Faults
» Monitoring Binding Component Rejected Messages
» Configuring the Environment for Publishing Web Services to UDDI
» Enter the following syntax and provide host, port, and proxy host details
» Run setDomainEnv.sh or setDomainEnv.bat.
» Publishing a Web Service to the UDDI Registry
» Configuring BPMN Process Service Engine Properties
» Task 1: Configure the Oracle BAM Adapter on Oracle BPM Server
» Task 2: Enable Oracle BAM on the Oracle BPM Server
» Viewing the Audit Trail and Process Flow of a BPMN Process Service Component
» Monitoring BPMN Process Service Component Instances and Faults
» Monitoring BPMN Process Service Engine Request and Thread Statistics
» Monitoring BPMN Process Service Engine Instances
» Monitoring Deployed BPMN Processes in the Service Engine
» Recovering from BPMN Process Service Component Faults
» Managing BPMN Process Service Component Policies
» Recovering from BPMN Process Service Engine Faults
Show more