Scribd Logo
Carica

Benvenuto in Scribd!

  • Mapping Roles Between Oracle BPM and Oracle IDM

    Caricato da

    andrealmar4139
    4K visualizzazioni12 pagine
    1) The document discusses how to integrate and map Oracle BPM roles into Oracle Identity Management (IDM). This involves changing the default XML policy store to an LDAP store in Oracle Internet Directory and configuring authentication providers and role mappings. 2) Key steps include creating an OracleInternetDirectoryAuthenticator, configuring it with LDAP server details, reordering authentication providers with the new one set as sufficient, and associating BPM application roles with users or groups in the LDAP store. 3) Testing involves logging in with a user configured in the LDAP store and checking they have the correct BPM role permissions assigned.

    Descrizione originale:

    Titolo originale

    Mapping Roles between Oracle BPM and Oracle IDM

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    1) The document discusses how to integrate and map Oracle BPM roles into Oracle Identity Management (IDM). This involves changing the default XML policy store to an LDAP store in Oracle Internet Directory and configuring authentication providers and role mappings. 2) Key steps include creating an OracleInternetDirectoryAuthenticator, configuring it with LDAP server details, reordering authentication providers with the new one set as sufficient, and associating BPM application roles with users or groups in the LDAP store. 3) Testing involves logging in with a user configured in the LDAP store and checking they have the correct BPM role permissions assigned.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    4K visualizzazioni12 pagine

    Mapping Roles Between Oracle BPM and Oracle IDM

    Caricato da

    andrealmar4139
    1) The document discusses how to integrate and map Oracle BPM roles into Oracle Identity Management (IDM). This involves changing the default XML policy store to an LDAP store in Oracle Internet Directory and configuring authentication providers and role mappings. 2) Key steps include creating an OracleInternetDirectoryAuthenticator, configuring it with LDAP server details, reordering authentication providers with the new one set as sufficient, and associating BPM application roles with users or groups in the LDAP store. 3) Testing involves logging in with a user configured in the LDAP store and checking they have the correct BPM role permissions assigned.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 12

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT) Hello people, I`m here again to show you

    how to integrate/map the roles of Oracle BPM into Oracle IDM (Identity Management). First, you have to understand some concepts. As the official documentation says, Oracle Fusion Middleware allows using different types of credential and policy stores in a WebLogic domain. Domains can use stores based on an XML file or on different types of LDAP providers. When a domain uses an LDAP store, all policy and credential data is kept and maintained in a centralized store. However, when using XML policy stores, the changes made on Managed Servers are not propagated to the Administration Server unless they use the SAME domain home. By default Oracle WebLogic Server domains use an XML file for the policy store. The following sections describe the steps required to change the default store to Oracle Internet Directory LDAP for credentials or policies. More information on the official documentation: http://download.oracle.com/docs/cd/E17904_01/core.1111/e12036/oam.htm#B ABFGBED Before creating the LDAP Authenticator, first make a backup of this following files:
    ORACLE_BASE/admin/<domain_name>/aserver/<domain_name>/config/config.xml ORACLE_BASE/admin/<domain_name>/aserver/<domain_name>/config/fmwconfig/j ps-config.xml ORACLE_BASE/admin/<domain_name>/aserver/<domain_name>/config/fmwconfig/s ystem-jazn-data.xml

    Backup the boot.properties too. Log into Weblogic Console and go to Security Realm/myrealm

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT)

    Go to Providers tab.

    Note that DefaultAuthenticator exists here.

    Click NEW to add a new provider.

    Enter a name for your new provider, for example OIDAuthenticator or OIDAuth.

    On Provider Type, choose OracleInternetDirectoryAuthenticator

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT) It will appear on the provider screen.

    Click on the newly created provider and set the control flag to SUFFICIENT.

    Go to Provider Specific tab to enter the details for the LDAP server.

    For example in my environment:

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT)

    Follow this table of Official Documentation:

    IMPORTANT: Check this BOX

    Click SAVE to Activate the Changes. Now we have to re-order the Providers. Go to Security Realms/myrealm/Providers TAB And REORDER the provider as shown in the screen above:

    Be sure that DefaultAuthenticator has his Control Flag set to SUFFICIENT.

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT) Now, RESTART the Administration Server and the Managed Servers of your SOA environment. Go to Security Realms/myrealm/Roles and Policies TAB.

    Expand Global Roles and then expand Roles.

    You will see a list of Global Roles displayed on the screen. On the column Role Policy of Admin role, click on View Role Conditions.

    In this screen you will associate one condition for this Admin role. For example, in your LDAP you have a group called SOAAdministrators and an user assigned to this group. Every user that is assigned to this group will be an Administrator of my soa_domain. Now, I will create a Role Condition: Click ADD CONDITIONS

    On Predicate List choose Group and click NEXT.

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT) On GROUP ARGUMENT NAME put the name of your SOAAdministrator group and click ADD.

    After that, click FINISH. You will see the newly group added to the Admin Role Conditions

    If youre having trouble with this part, I suggest you to create the SOAAdministrator group and the User assigned to this group through and ldif file. Ive faced some problems when doing this group and user creation through ODSM (Oracle Directory Services Manager). To create this group and the user just create 2 (TWO) ldif files: Admin_group.ldif which contains the following: dn: cn=SOAAdministrators, cn=Groups, dc=andrealmar, dc=com (obviously fill this with your correspondent DC configuration) displayname: SOAAdministrators objectclass: top objectclass: groupOfUniqueNames objectclass: orclGroup uniquemember: cn=weblogic_soa,cn=users, dc=andrealmar, dc=com (obviously fill this with your correspondent DC configuration) cn: SOAAdministrators description: Administrators Group for the SOA Domain

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT) admin_user.ldif which contains the following: dn: cn=weblogic_soa, cn=Users, dc=andrealmar,dc=com orclsamaccountname: weblogic_soa givenname: weblogic_soa sn: weblogic_soa userpassword: welcome1 mail: weblogic_soa objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetorgperson objectclass: orcluser objectclass: orcluserV2 objectclass: inetorgperson uid: weblogic_soa cn: weblogic_soa description: Admin User for the SOA Domain So import this 2 Ldif files via LDAP Browser. Ive used the GAWOR LDAP BROWSER. User shown on GAWOR LDAP BROWSER Group shown on GAWOR LDAP BROWSER

    Group shown on ODSM (Directory services Manager)

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT)

    To see if the configuration works, logout and try to login with the newly user weblogic_soa which is now an Administrator of soa_domain.

    Now, go to http://yourserver:7001/em and expand the Weblogic Domain/soa_domain

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT) Go to Security / Application Roles

    On Select Application Stripe to Search, select OracleBPMProcessRolesApp as shown below:

    Click on All your BPM roles will appear, my application doesnt have any application deployed so the only role that appears is BPMProcessAdmin.

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT)

    To assign an OID (Oracle Internet Directory) user to this role just click on the role name.

    You can assign a Group or a User. I decide to assign an user (weblogic_soa), previously created in this tutorial, to this role.

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT)

    Note, that weblogic_soa now appears on the Users table.

    Andre Almar http://www.andrealmar.com

    MAPPING BPM ROLES INTO IDM (ORACLE IDENTITY MANAGEMENT)

    Log into workspace (http://yourserver:8001/bpm/workspace) and see if your user has the correct BPM Role assigned to him.

    Andre Almar http://www.andrealmar.com

    Potrebbero piacerti anche