Step 1: Perform Pre-configuration Procedures
1. Log in to the Oracle Enterprise Manager 10g Application Server Control Console: http://hostname:port/em
2. Click the OC4J instance name in the Members section OC4J: oc4j_name page appears
3. Click the Administration tab
4. Go to the Security section in the Task Name column
5. Click the icon in the Go to Task column for Identity Management and configure the OID host and port as show below:
7. Click the icon in the Go to Task column for Security Providers
Application names --> Security Provider changed to Oracle Identity Management Security Provider as shown in the figure below:
* Orabpel
* BPELPortlet
* hw_services
* worklist
* deploy_service
Step 2: Perform Configuration Procedures
1. Ensure that the ORACLE_HOME environment variable is set to the root directory of the Oracle Application Server instance being configured.
Example: set ORACLE_HOME = c:\soa
2. cd SOA_Oracle_Home/bpel/system/services/install/ant-tasks
3. configure_oid.bat oid_admin_user oid_admin_passwd oid_nonssl_port ssl_enabled oid_realm_name seedAllUsers seedRequiredUsers oc4j_admin_user oc4j_admin_passwd oc4j_container_name
Example: configure_oid.bat orcladmin welcome1 389 false gen2 seedAllUsers oc4jadmin welcome1 oc4j_soa
On Successful build: The execution of this command internally modifies the SOA_Oracle_Home/bpel/system/services/config/is_config.xml file. The file contents look as follows:
<?xml version ='1.0' encoding = 'UTF-8'?>
<ISConfiguration xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
<configurations>
<configuration realmName="gen2" displayName="gen2 Realm">
<provider providerType="JAZN" name="OID" service="Identity">
<connection url="ldap://ofm-poc2.au.oracle.com:389" binddn="cn=orcladmin" password="blah!==" encrypted="true"/>
</provider>
</configuration>
</configurations>
</ISConfiguration>
4. If the build fails for reasons below:
bpel-grant-privileges:
[echo] Granting Server privileges to BPMSystemAdmin role...
[java] May 04, 2008 9:46:17 AM oracle.security.jazn.login.module.RealmLogin
Module authenticate
[java] SEVERE: [RealmLoginModule] authentication failed
[java] Authentication Failed
It was because there was an old account with same username (such as bpeladmin, oc4jadmin) on the OID server. The setup script tried to authenticate with the old accounts with different passwords and failed. The solution is to delete and re-create those accounts, and reset the passwords.
5. Configure OID as shown in the figure below:
7. Assign the users created in step #6 above to BPMPublic group as shown in the figure below:
Change the following setting:
<portal>
<realmMapping>gen2</realmMapping>
</portal>
9. Navigate to C:\soa\j2ee\home\config\jazn.xml and change the following to:
<jazn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-10_0.xsd" schema-major-version="10" schema-minor-version="0" provider="LDAP" location="ldap://ofm-poc2.au.oracle.com:389" default-realm="gen2" >
10. Navigate to C:\soa\j2ee\home\config\jazn.xml and change the following to:
<jazn xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/jazn-10_0.xsd" schema-major-version="10" schema-minor-version="0" provider="LDAP" location="ldap://ofm-poc2.au.oracle.com:389" default-realm="gen2" >
I would like to thank Pieter, Mark and Clarence for their contribution.
No comments:
Post a Comment