7 Managing Connections

To successfully have all aspects of your business flow communicate with Oracle I/PM, you must define the appropriate connection types. Using the Oracle I/PM user interface, you can create a connection to both an Oracle Content Server repository or a workflow server.

Note:

You must ensure that the I/PM support component IpmRepository is installed and enabled on the Content Server you are connecting to. For information on enabling Content Server components, see Oracle Fusion Middleware System Administrator's Guide for Content Server.

This section describes the connection configuration options available to an Oracle I/PM administrator and how they are accessed. It contains the following topics:

7.1 Creating a Content Server Connection

To connect Oracle I/PM to a Content Server document repository, do the following:

  1. From the navigator pane, under Manage Connections, click the Add icon and select the Create Content Server Connection. The Content Server Connection Basic Information Page is displayed.

  2. Enter a name for the connection. The name will display in the Manage Connections panel. This field is required.

  3. Enter a brief description of the connection and click Next. The Content Server Connection Content Server Settings Page is displayed.

  4. Enter the name of the repository proxy. The repository proxy is a user created in Content Server when Oracle I/PM is installed. The proxy is given rights to Content Server that allows it to fulfill requests to Content Server on behalf of I/PM users who may not have the necessary rights in Content Server to perform the required tasks. For example, a user may have the rights in I/PM to create an application and add metadata fields, but may not have the rights in Content Server to create metadata fields to support the application. When the application is created, the request to Content Server to create the necessary metadata fields is made by the repository proxy. By default, the repository proxy name is fmwadmin. This field is required.

  5. Optionally, enable SSL to connect to the repository over SSL.

  6. Enable Use Local Content Server and set the port number in order to specify localhost as the machine name and connect I/PM to the content server sharing the computer. Local communication offers the fastest connection option. If enabled, localhost is used exclusively unless a communication failure occurs. If there is a communication failure to localhost and a pool of content servers is defined, messages are sent to the machines named in the Content Server pool until communication to localhost resumes.

    Alternately, disable Use Local Content Server and define a pool of content servers. Each connection in the connection pool must be unique. Messages are then sent to multiple content servers. This option is for load balancing in a clustered environment.

  7. Click Next. The Content Server Connection Security Page is displayed.

  8. Add any additional users required. To add a user, do the following:

    1. Click Add. The Add Security Member Page is displayed.

    2. Select either Search Groups or Search Users, then click Search. A listing of available groups or users is displayed.

    3. Select the users or groups to be added. You can make multiple selections by holding down the Control or Shift key on your keyboard when making a selection.

    4. When you have selected all the users or groups you wish to add to the connection, click Add. The Add Security Member page is closed and the new users or groups are listed on the Connection Security page.

  9. Enable the security permissions desired for each user or group and click Next. The Content Server Connection Review Settings Page is displayed.

  10. Ensure that settings are correct. If they are not, click Back to return to the page you need to modify, or click the link in the navigation train to return directly to the desired page. When satisfied with the settings, return to the Review settings page and click Submit. The Connection Summary page is displayed that includes the audit history of changes made to the connection.

  11. Review the details of the connection. Click Modify to go back to the Content Server Connection Basic Information Page to make any changes, if necessary. When satisfied with the connection, return to the Content Server Connection Review Settings Page and click Submit.

7.2 Creating a Workflow Connection

To integrate a workflow process with an Oracle I/PM application, you must first create a connection to a workflow server. To do this, do the following:

  1. From the navigator pane, under Manage Connections, click the Add icon and select the Create Workflow Connection. The Workflow Connection Basic Information Page is displayed.

  2. Enter a name for the connection. The name will display in the Manage Connections panel. This field is required.

  3. Optionally enter a brief description of the connection and click Next. The Workflow Connection Settings Page is displayed.

  4. Specify the hostname or IP address, domain, and port number of the workflow server. For example, enter soa.server.company.com in the Machine field, and 8001 in the Server Port field. This field is required.

    If the workflow server is a single instance, it is the hostname or IP of the workflow machine. If the workflow server is operating within a cluster, this parameter value can be a comma-separated list of machine names or IP addresses of servers in the cluster, or it can be the cluster name for the cluster.

    If multiple machine names are provided in a comma-separated list, the machines must all use the same port (the value supplied by the port parameter). If the workflow managed servers in the cluster need to be defined with different ports, then the cluster-name configuration must be used.

    When a cluster name is used, the name must be defined in DNS to resolve to the multiple machines within the cluster. Neither Oracle I/PM nor BPEL defines this behavior. Rather, it is defined by the Oracle WebLogic Server support for JNDI in a cluster.

  5. Enable SSL if desired. This field is optional. If the SSL option is checked, then the port provided must be the SSL listening port for the server, and T3 communication will actually use T3S, the SSL version of T3. For setting the listening port on the workflow server, see "Configuring SSL for the Workflow Server".

  6. Enter the Credential Alias. For example, basic.credential. This field is required. The credential alias is an alias, or key, used to look up the user name and password in the Credential Store Framework (CSF), which encrypted them to provide for proper security.

    This credential must be created in the CSF before the workflow connection configuration can be completed. A credential can be created in the CSF in one of two ways: through Fusion Middleware Control or through WLST.

  7. Click Test Connection to ensure the connection is made. When successful, a list of BPEL composites is displayed.

  8. Click Next. The Workflow Connection Security Page is displayed.

  9. Add any additional users required. To add a user, do the following:

    1. Click Add. The Add Security Member Page is displayed.

    2. Select either Search Groups or Search Users, then click Search. A listing of available groups or users is displayed.

    3. Select the users or groups to be added. You can make multiple selections by holding down the Control or Shift key on your keyboard when making a selection.

    4. When you have selected all the users or groups you wish to add to the connection, click Add. The Add Security Member Page is closed and the new users or groups are listed on the Workflow Connection Security Page.

  10. Enable the security permissions desired for each user or group and click Next. The Workflow Connection Review Settings Page is displayed.

  11. Ensure that settings are correct. If they are not, click Back to return to the page you need to modify, or click the link in the navigation train to return directly to the desired page. When satisfied with the settings, return to the Workflow Connection Security Page and click Submit. The Connection Summary page is displayed that includes the audit history of changes made to the connection.

  12. Review the details of the connection. Click Modify to go back to the Content Server Connection Basic Information Page to make any changes, if necessary. When satisfied with the connection, return to the Content Server Connection Review Settings Page and click Submit.

7.2.1 Configuring SSL for the Workflow Server

For the Oracle I/PM SSL configuration to work with BPEL, the SSL listening port must be enabled on the workflow server. This can be done at the time the workflow server is first installed, through the configuration wizard, or after installation, through the Oracle WebLogic Server Administration Console.

To configure SSL for the workflow server:

  1. Log in to the Administration Console for the workflow managed server domain.

  2. From Domain Structure, click Environment and then Servers.

  3. Select the workflow managed server instance.

  4. Check SSL Listen Port Enabled.

  5. Enter an available port number for SSL Listen Port.

  6. Click SAVE. SSL is enabled on the workflow managed server.

In the Oracle I/PM connection, the SSL check can be checked and the SSL listen port used for the port parameter. At this point, communication to the server will work properly if both the workflow managed server and the Oracle I/PM managed server are configured to use the default DemoTrust certificates. All Oracle WebLogic Server instances use the same DemoTrust self-signed certificates and, therefore, are configured to trust the others by default. Note that this should only be used to test the system in a demonstration or test environment. For security, DemoTrust certificates should never be used in production.

Note:

These files should be used for test and demonstration purposes only. In a production environment, you should obtain proper and valid certificates and follow appropriate procedures for importing and configuring those certificates to establish identity and trust. When properly signed certificates are used and configured properly, SSL will work properly without special configuration.

You can also configure SSL for the workflow server in the Oracle I/PM user interface, using the Managed Connections section to create the workflow connection.

7.2.2 Configuring a Workflow Connection CSF Credential

A credential store framework (CSF) credential is a username/password pair that is keyed by an alias and stored inside a named map in the CSF. Because of its integration with Oracle Web Services Manager (OWSM), Oracle I/PM leverages the standard OWSM CSF map named oracle.wsm.security.

A credential can be created through Enterprise Manger (EM) or through WebLogic Scripting Tool (WLST).

Creating a Credential Using EM

To create a credential using EM, do the following:

  1. Log in to Enterprise Manager.

  2. Click WebLogic Domain.

  3. Click Security and then Credentials.

  4. Select the oracle.wsm.security map. If it does not exist, do the following:

    1. Select Create Map.

    2. Enter oracle.wsm.security in the map field and click OK.

    3. Click Create Key. The key is now available for selection.

  5. Enter a key name. This is the credential alias used in the workflow connection configuration.

  6. Select password as the type.

  7. Enter a user name and password.

  8. Optionally, enter a description for the credential.

  9. Click OK.

Creating a Credential Using WLST

To create a credential using WLST, execute the following command:

createdCred(map="oracle.wsm.security", key="basic.credential", user="weblogic", password="Welcome1")
 

where key is the alias which is used for the credential alias property of a workflow connection definition in the user interface. In the API, it is used for the Connection.CONNECTION_WORKFLOW_CSFKEY_KEY property. The alias, basic.credential, is used in the example because it is a standard default name used by OWSM and BPEL. However, the alias can be anything as long as it is unique within the map.