Using Segregation of Duties SoD 27-19 Figure 27–6 Workflow with SoDCheck Web Service Call After this, a switch case with approval tasks are assigned to the SoD Administrators role. Any user that has this role can claim the task and approve it. The switch is based on whether the SoD check result has passed or failed, as shown in Figure 27–7 : 27-20 Oracle Fusion Middleware Developers Guide for Oracle Identity Manager Figure 27–7 Switch Case With Approval Tasks Figure 27–8 shows the assignment of the approval task. Using Segregation of Duties SoD 27-21 Figure 27–8 Assignment of the Approval Task Approval workflow has migrated to BPEL in Oracle Identity Manager 11g Release 1 11.1.1, and therefore, you must use JDeveloper to view or modify the default workflows. The default SoD workflow is available in the OIM_HOMEworkflowscompositesDefaultSODApproval.zip file. You can unzip this file and open the DefaultSODApproval.jpr in JDeveloper. In addition, you can create a new workflow by modifying any of the default approval workflows to call the SoD Check Web service and start SoD check on demand. To do so: Creating and Deploying Workflows on SOA a. Create a new workflow project by running OIM_HOMEworkflowsnew-workflownew_project.xml. Here: – WEBLOGIC_HOME is the directory on which Oracle WebLogic Server is installed. – NEW_PROJECT is the name of the new project that you want to create. To create the new workflow project, run the following command: ant -f new_project.xml This prompts for Project Name, Application Name, and Service Name for the new workflow name. Provide any name, such as SODWorkflow for all three. This creates a new project with the provided name in the workflowsnew-workflowprocess-template directory. 27-22 Oracle Fusion Middleware Developers Guide for Oracle Identity Manager b. Navigate to process-templateAPPLICATION_NAMEPROJECT_NAME and open PROJECT_NAME.jpr from JDevepoler, where APPLICATION_NAME and PROJECT_NAME are the names of the application and project respectively. The PROJECT_NAME.jpr workflow is same as the DefaultRequestApproval workflow. You can modify this workflow to call the SoDCheck Web Service. Figure 27–9 shows the default workflow modified to perform SoD Check after human approval: Figure 27–9 Modified Workflow To Perform SoD Check c. Extract OIM_HOMEworkflowscompositesDefaultSODApproval.zip and copy asyncsod.wsdl from the extracted directory to OIM_HOMEworkflows process-templateAPPLICATION_NAMEPROJECT_NAME. Add a Web service, such as SODCheckService1, in the composite.xml and provide the asyncsod.wsdl as the WSDL file. The SoDCheck partner link is as shown in Figure 27–10 : Note: BPEL connects to all external entities through a partner link.