Skip Headers
Oracle® Fusion Middleware Developer's Guide for Oracle Identity Manager
11g Release 1 (11.1.1)

Part Number E14309-08
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

26 Using Oracle Identity Manager APIs in SOA Composites

If the business process requires data that is be used in addition to the standard payload data in the SOA composite, then you can use a Java embedding step to obtain more information about the requester, the beneficiary, or what is being requested.

This chapter describes how to use Oracle Identity Manager APIs from SOA composites in the following topics:

26.1 Software Prerequisites

Before you configure SOA Server to load Oracle Identity Manager APIs from SOA composites, perform the following:

  1. Install the version of JDeveloper that is compatible with the Oracle Identity Manager deployment. In addition, install any patches for JDeveloper so that JDeveloper works correctly with the SOA composites.

  2. Ensure that OIM_HOME points to the directory on which Oracle Identity Manager is installed. For example: /scratch/shiphome/beahome/Oracle_IDM1/server/ must point to OIM_HOME.

In this document, OIM_HOME refers to the directory in which Oracle Identity Manager is deployed. For example, /scratch/shiphome/beahome/Oracle_IDM1/ must point to OIM_HOME.

26.2 Configuring the SOA Composite By Using JDeveloper

This section describes the configuration required in JDeveloper as well as in the SOA composite so that the required Java code can be introduced in the composite and deployed to the SOA server.

This section contains the following topics:

26.2.1 Setting an Application Server Connection in JDeveloper

Ensure that a new application server connection, which represents the application server on which Oracle Identity Manager is installed, is first setup in JDeveloper . Make sure that the WebLogic Administrative Server and the SOA server are running before performing these steps.

To set up the new application server connection:

  1. From the File menu, select New. The New Gallery dialog box is displayed.

  2. From the left menu, select All Items. On the right pane, select Application Server Connection, and then click OK. The Create Application Server Connection wizard is displayed.

  3. In the Name and Type window, enter a name that will identify the application server in JDeveloper. Select Weblogic 10.3 as the connection type, and then click Next.

  4. In the Authentication window, provide the username and password of the WebLogic user. Click Next.

  5. In the Configuration window, enter the host name, port number, and the WebLogic domain name in which the SOA managed server is running. The port must be the WebLogic Administrative Server port (usually 7001). Click Next.

  6. In the Test window, click Test Connection to make sure all the information entered is correct. The test passes with success status. Click Next.

  7. Click Finish to exit the wizard. This creates the connection to the application server. This connection is required to deploy the composite to the server after making all changes.

26.2.2 Setting Up the SOA Composite in JDeveloper

To set up the SOA composite in JDeveloper for editing:

  1. Copy the DefaultRequestApproval.zip file from the OIM_HOME/workflows/composites/ directory to your JDeveloper working directory. Unzip it in the same directory to create the DefaultRequestApproval directory.

  2. Start JDeveloper in the Default Role.

  3. From the File menu, select Open. The file-open dialog box is displayed. Select the DefaultRequestApproval.jpr file in the DefaultRequestApproval directory. This opens the composite in JDeveloper. Click OK or Yes while the project file is created.

  4. To successfully compile the Java code that you want to write in the composite, the oimclient.jar file must be in the JDeveloper copy of the composite. Copy the oimclient.jar file from the OIM_HOME/server/client/ directory to the JDEVELOPER_WORKING_DIRECTORY/DefaultRequestApproval/SCA-INF/lib/ directory. This directory is the lib/ directory of the composite that you are editing.

See Also:

"Deploying a Single SOA Composite in Oracle JDeveloper" in the Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite for more information about setting up the SOA composite in JDeveloper

26.2.3 Updating the SOA Composite

To edit the SOA composite in JDeveloper:

  1. In the left pane, click the Projects tab.

  2. Select the ApprovalProcess.bpel file under the DefaultRequestApproval project and open it. This displays the approval workflow.

  3. In the right pane, in the Component Palette, select the Java Embedding task, and drag and drop it after the receiveInput task in the workflow, before the ApprovalTask_1 human task. This creates a new task called Java_Embedding_1. Optionally, you can rename it to Invoke_OIM_API.

  4. Double-click the Invoke_OIM_API Java task. This opens an editor in which you can add the required Java code. Add the Java code as shown in Example 26-1:

    Example 26-1 Embedded Java Source Code

    try {
          System.out.println("Prototype for invoking an OIM API from a SOA Composite");
          System.out.println("RTM Usecase: Organization Administrator");
          String oimUserName = "";
          String oimPassword = "";
          String oimURL = "";
          String roleApprover = "";
          String actKey = "";
          
          //get oimuser credentials
          oracle.security.jps.JpsContext ctx =
                 oracle.security.jps.JpsContextFactory.getContextFactory().getContext();
                 
          final oracle.security.jps.service.credstore.CredentialStore cs =
                 (oracle.security.jps.service.credstore.CredentialStore)
                 ctx.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);
                 
          oracle.security.jps.service.credstore.CredentialMap cmap =
                 cs.getCredentialMap("oracle.oim.sysadminMap ");
                 
          oracle.security.jps.service.credstore.Credential cred = cmap.getCredential("sysadmin");
          
          if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential) {
                 oracle.security.jps.service.credstore.PasswordCredential pcred =
                 (oracle.security.jps.service.credstore.PasswordCredential)cred;
                 char[] p = pcred.getPassword();
                 oimUserName = pcred.getName();
                 oimPassword = new String(p);
          }
          
          //get oimurl
          Object obj = getVariableData("oimurl");
          oimURL = obj.toString();
          
          // set the initial context factory
          String oimInitialContextFactory = "weblogic.jndi.WLInitialContextFactory";
          
          // set up the environment for making the OIM API invocation
          java.util.Hashtable env = new java.util.Hashtable();
          
          env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,
                 oimInitialContextFactory);
                 
          env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL, oimURL);
          oracle.iam.platform.OIMClient client = new oracle.iam.platform.OIMClient(env);
          client.login(oimUserName, oimPassword.toCharArray());
          System.out.println("Login Successful");
     
          // get Service
          oracle.iam.request.api.RequestService reqSvc =
                      client.getService(oracle.iam.request.api.RequestService.class);
                      
          oracle.iam.identity.rolemgmt.api.RoleManager roleSvc =
                      client.getService(oracle.iam.identity.rolemgmt.api.RoleManager.class);
                      
          oracle.iam.identity.usermgmt.api.UserManager usersvc =
                      client.getService(oracle.iam.identity.usermgmt.api.UserManager.class);
                      
          Object reqIdXMLElem = getVariableData("inputVariable", "payload",
                                              "/ns3:process/ns4:RequestID");
          String reqId = ((oracle.xml.parser.v2.XMLElement)reqIdXMLElem).getText();
          System.out.println("The request ID is "+reqId);
          
          // invoke the getBasicRequestData() method on the RequestService API
          oracle.iam.request.vo.Request req = reqSvc.getBasicRequestData(reqId);
          java.util.List<oracle.iam.request.vo.Beneficiary> beneficiaries = req.getBeneficiaries();
          
          if(beneficiaries != null){
                for(oracle.iam.request.vo.Beneficiary benf: beneficiaries){
                
                //get org key
                java.util.HashSet<String> searchAttrs = new java.util.HashSet<String>();
                searchAttrs.add(oracle.iam.identity.usermgmt.api.UserManagerConstants.
                                              AttributeName.USER_LOGIN.getId());
                                              
                searchAttrs.add(oracle.iam.identity.usermgmt.api.UserManagerConstants.
                                              AttributeName.USER_ORGANIZATION.getId());
                                              
                oracle.iam.identity.usermgmt.vo.User user1 =
                            usersvc.getDetails(benf.getBeneficiaryKey(),searchAttrs, false);
                            
                actKey = user1.getAttribute("act_key").toString();
     
                //get org admin
                if(actKey != "" && actKey != " ") {
                      Thor.API.Operations.tcOrganizationOperationsIntf orgAPI = 
                            (Thor.API.Operations.tcOrganizationOperationsIntf)client.getService(
                                  Thor.API.Operations.tcOrganizationOperationsIntf.class);
                                  
                      Thor.API.tcResultSet rset =
                            orgAPI.getAdministrators(Long.parseLong(actKey));
                            
                      StringBuffer sb = new StringBuffer();
                      
                      for (int i = 0; i < rset.getRowCount();i++){
                          rset.goToRow(i);
                          sb.append(rset.getStringValue("Groups.Group Name")) ;
                          if(i >= 0 && i < (rset.getRowCount()-1)){
                            sb.append(",");
                          }
                      }
                      String grpNames = sb.toString();
                      System.out.println("Groups="+grpNames);
                      setVariableData("orgAdmin",grpNames);
                }
                
                //get role approver
                java.util.List<oracle.iam.request.vo.RequestBeneficiaryEntity> rbes =
                benf.getTargetEntities();
                
                for(oracle.iam.request.vo.RequestBeneficiaryEntity rbe : rbes){
                      String key = rbe.getEntityKey();
                      String type = rbe.getEntityType();
                      
                      if(type.equalsIgnoreCase("Role")){
                            java.util.HashSet<String> roleAttrs = new
                                        java.util.HashSet<String>();
                            roleAttrs.add("Role Approver");
                            oracle.iam.identity.rolemgmt.vo.Role role =
                                        roleSvc.getDetails(key,roleAttrs);
                            roleApprover = (String)role.getAttribute("Role Approver");
                            setVariableData("roleApprover", roleApprover);
                            break;
                            }
                      }
                break;
              }
          }
          System.out.println("OrgAdmin=" + getVariableData("orgAdmin").toString());
          System.out.println("roleApprover=" + getVariableData("roleApprover").toString());
    }
     
          catch (Exception e){
          System.out.println("----------------------");
          e.printStackTrace();
          System.out.println("----------------------");
    }
    

    In Example 26-1, to retrieve the organization administrator by using Oracle Identity Manager APIs, the following is performed in the Java code:

    1. Get credentials for the system administrator.

      Credentials of the system administrator are stored in a credential store (cwallet). First, the credential store, then the credential map, and then the credential by using the key are retrieved. This is shown in the following code snippet:

      //get Credential store
      oracle.security.jps.JpsContext ctx =
            oracle.security.jps.JpsContextFactory.getContextFactory().getContext();
            final oracle.security.jps.service.credstore.CredentialStore cs =
      (oracle.security.jps.service.credstore.CredentialStore)ctx.getServiceInstance(
      oracle.security.jps.service.credstore.CredentialStore.class);
       
      //get Credential
      oracle.security.jps.service.credstore.CredentialMap cmap =
            cs.getCredentialMap("oracle.oim.sysadminMap");
      oracle.security.jps.service.credstore.Credential cred = cmap.getCredential("sysadmin");
      
    2. Login as system administrator.

      The environment is setup, and then logged in to Oracle Identity Manager as system administrator. This is shown in the following code snippet:

      //setup the environment
      String oimInitialContextFactory = "weblogic.jndi.WLInitialContextFactory";
      java.util.Hashtable env = new java.util.Hashtable();
      env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,
            oimInitialContextFactory);
      env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL, oimURL);
       
      //login to OIM
      oracle.iam.platform.OIMClient client = new oracle.iam.platform.OIMClient(env);
      client.login(oimUserName, oimPassword.toCharArray());
            System.out.println("Login Successful");
      
    3. Retrieve the organization administrator and the role approver.

      This is done by using the following Oracle Identity Manager APIs:

      • oracle.iam.request.api.RequestService: Used to retrieve the request object

      • Thor.API.Operations.tcOrganizationOperationsIntf: Used to retrieve the organization administrator

      • oracle.iam.identity.usermgmt.api.UserManager: Used to retrieve the role approver

      See Also:

      Oracle Fusion Middleware Java API Reference for Oracle Identity Manager for information about Oracle Identity Manager APIs

26.2.4 Deploying the SOA Composite

Before deploying the SOA composite, set the BPELClasspath property in the System MBean Browser of the Enterprise Manager.

After updating the composite, you must deploy the composite to SOA. To do so:

  1. In the Projects section, right-click the composite name, and select Deploy.

  2. Select the DefaultRequestApproval ... option. A wizard is displayed that prompts you to select the application server on which the composite is to be deployed. Make sure you select the application server connection created earlier. In addition, select the Override any existing composites with the same revision ID option if you want to override the composite that is already deployed.

After deploying the composite, either re-register the composite or disable and enable the composite from the Oracle Identity Manager side. This is to ensure that Oracle Identity Manager is able to invoke the composite correctly.

See Also:

"Deploying a Single SOA Composite in Oracle JDeveloper" in the Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite for more information about deploying the SOA composite

26.2.5 Testing the Setup

After the SOA composite is updated, you can test the changes to the composites to make sure that the Oracle Identity Manager API is being loaded. The Java code runs as soon as the Request Approval is started in SOA because the code is added to the SOA composite and before the human task in the workflow.

To create a request and test the Java code:

  1. Login to Oracle Identity Manager Administrative and User Console.

  2. Click Advanced to go to Advanced Administration.

  3. In the Welcome page, under Administration, click Requests. Alternatively, click the Administration tab, and then click Requests.

  4. From the Actions menu, select Create Request. Alternatively, click the Create Request icon on the toolbar. The Request Creation wizard is displayed.

    Note:

    • This must be performed in the test environment.

    • Make sure that no approval polices are associated with the Create User request type.

  5. From the Type of Request list, select Create User. Then, click Next.

  6. In the Enter Details page, enter sample values in the fields to create the user. Then, click Next.

  7. In the Confirm page, click Finish.

  8. Monitor the SOA server console for output from the Java code that you have embedded. Clicking Finish runs the SOA composite. The following text is displayed in the SOA server console:

    Prototype for invoking an Oracle Identity Manager API from a SOA Composite
    Login Successful
    <Request ID and other request data>
    

This output is displayed if the code is successfully run.