10-6 Administrators Guide for Oracle Imaging and Process Management e.g., [DocUrl]. Field Values are coded by include the mapping function Field Value, a colon, and then the desired field name, all within square brackets. For an example, suppose that the workflow process includes a data variable that is expected to contain custom URL. The custom URL must include a customerId, which is available in the metadata of the document, and the documents unique identifier. The root of the URL is hard coded. This example might be coded in a format value as follows: http:example.comsvc.jspx?custId=[FieldValue:custId]docId=[DocId]

10.2.1.7 Supporting Content Function

The Supporting Content function maps supporting content data associated with a document to a workflow process payload element. Supporting content can be mapped to any complex node within the process payload. When the supporting content function is mapped, a supporting content key and XPath parameter are both required. The supporting content key is used to associate the XML content with the document and is limited to 30 characters. The XPath expression identifies the node within the XML content to be mapped to the payload element and is limited to 224 characters. When mapping to a complex payload element at runtime, the supporting content is treated as a mapping of elements into the payload complex element rather than just copying the supporting content element in verbatim. Each element in the payload element is processed one by one. For each element, a matching element sought in the supporting content, starting at the node identified by the XPath parameter. If a match is found, the value of the matching element in the XML is assigned to payload element. Processing the supporting content avoids namespace conflict issues between the supporting content XML and the payload XML. Supporting content can also be assigned to an anyType node in the payload. When mapped this way, the supporting content identified by the XPath is copied into the anyType element. When used this way, namespace prefixes should be avoided in the supporting content because the namespaces may not be defined correctly in the payload.

10.2.2 Payload Limitations

In general, the workflow payload mapping can handle payloads containing nesting of complex types. However, there are of number of standard XSD constructs that it cannot handle. Workflow process service payload definitions containing any of the following cannot be used: ■ Hierarchical depth greater than 10 ■ Choice element types ■ List elements with minOccurs greater than 1 Payload definitions containing list like structures maxOccurs is greater than 1 or unbounded with a minOccurs equal 0 or 1 can be used, but only support mapping to a single element in the array.

10.2.3 Mapping Secure Workflow Services

When the Workflow Process service has server-side Oracle Web Services Manger OWSM policies applied to it, additional parameters need to be supplied in the imaging applications workflow configuration such that the client-side policy is also used. These additional configuration parameters are provided on the Workflow Understanding Workflow Agents 10-7 Payload Properties Page with the normal workflow process instance payload mappings. If the service has a OWSM policy applied, Oracle IPM detects this policy and provides an additional payload mapping section labeled with the policy name. The full set of keys that are possible for all OWSM policies is provided by the OWSM API in the class oracle.wsm.security.util.SecurityConstants. Oracle IPM however filters out the full set and lists only those parameters relevant to the server policy in use. Currently, only parameters are provided for wss_username_token and wss11_username_ token_with_message_protection policies. The following parameters are possible:

10.2.3.1 Configuring Message Protection Policies

When configuring message protection policies, the proper credentials and certificates must also be configured to support encryption of the message. In default installations, the exact keys required are defined in the jps-config.xml file located in the DOMAIN_ HOMEconfigfmwconfig directory. This file also defines the location of the default keystore file. The jps-config.xml file is generally configured to look for this file in the fmwconfig directory with the file name default-keystore.jks. However, this file does not exist by default and must be provided. The default jps-config.xml file defines the following: For more information on setting up keystores, CSF keys and aliases for Oracle Web Services Manager, see Oracle Web Services Manager Administrators Guide.

10.2.3.2 Configuring SAML Policies

The user used to connect to a workflow for a SAML policy is provided by the basic.credential CSF key value. In order for the server to be allowed to authenticate as the user provided by the CSF key, the following policy grant must be issued from WebLogic Scripting Tool WLST, where MW_HOME is the correct path to the installations Oracle Fusion Middleware Home directory: grantPermissionpermClass=oracle.wsm.security.WSIdentityPermission, permTarget=resource=imaging,permActions=assert,codeBaseURL=file:MW_ HOMEoracle_commonmodulesoracle.wsm.agent.common_11.1.1wsm-agent-core.jar Parameter Description Policies csf.key Provides the username and password for the policy. wss_username_token wss11_username_token_with_message_ protection policies recipient.key.alias Provides the key store alias for encrypting the sent message. wss11_username_token_with_message_ protection policies Description Policies keystore-csf-key Provides the credentials for opening the keystore file. Only the password portion of the credential is used. enc-csf-key Provides the credentials for accessing the encryption certificate within the keystore used to encrypt the message. sign-csf-key Provides the credentials for accessing the certificate used to sign the message. Note that the jps-config.xml file may be configured to use the enc-csf-key for both encryption and signing. In such a case the sign-csf-key is not necessary but does not cause a problem if defined. 10-8 Administrators Guide for Oracle Imaging and Process Management

10.2.4 Changing WebLogic Server Work Manager Settings

A work manager is a WebLogic server concept for controlling how many threads are assigned to a process. In Oracle IPM, they are used to control how many threads are assigned to the input and workflow agents and for increasing or decreasing their load on the system. On a new installation, the workflow agent is assigned 20 threads. You can reconfigure how many threads WebLogic server WLS should provide to the input and workflow agents by changing the default settings of the WLS work managers WorkflowAgentMaxThreadsConstraint default 20 to match your system needs. The number of maximum threads should be adjusted equally on all systems to avoid one machine falling behind and creating a backlog. A value of -1 or 0 disables the constraint. Values above 1 constrain the number of threads to the specified number. To update thread settings, complete the following steps from the WLS administration console. For more information about the WebLogic server, see Weblogic Web Services Reference for Oracle Weblogic Server. 1. Open the WebLogic Server console and click Deployments.

2. Select the Imaging deployment to display the details for Oracle IPM.

3. Click the Configuration tab and then the Workload tab to display the Work

Manager list.

4. Select the agent you want to adjust, such as WorkflowAgent.

5. Select the Max Threads Constraint.

6. Update the count to the new maximum thread count and click Save.

7. Restart the managed server or servers and the new thread count will be in effect.

10.2.5 Using a Workflow Connection CSF Credential