Skip Headers
Oracle® Fusion Middleware Developer's Guide for Oracle Identity Manager
11g Release 1 (11.1.1)

Part Number E14309-08
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

25 Developing SOA Composites

The primary goal of any provisioning system is to manage requests submitted by users and provision resources to users. Request completion involves execution of associated approval processes. These approval processes are deployed as Service Oriented Architecture (SOA) composites running on the SOA Server. Request service is responsible for execution and management of such approval processes. Figure 23-1, "Request Service and SOA Integration" shows the integration of the request service and SOA.

The interaction between Oracle Identity Manager and SOA Server is explained in the following steps:

  1. The user creates a request by using the Oracle Identity Manager Self Service. The request can be of any one of all the request types supported by Oracle Identity Manager.

  2. Request service evaluates the approval policy, and the SOA composite to be instantiated is selected.

    Note:

    The composites must be registered with Oracle Identity Manager in order for them to be kicked off when the request is submitted. For information about registering workflows with Oracle Identity Manager, see "Registering a SOA Composite with Oracle Identity Manager".

  3. Request service contacts SOA Server to instantiate the selected SOA composite. Instantiates selected composite instance on SOA server.

  4. SOA composite run starts and human approval task is assigned for approval.

  5. The approver logs in to the Task List in the Oracle Identity Manager Self Service console, and approves the request.

  6. After the approval, the composite instance run is completed, which is notified to the request service.

  7. Request service moves the request to the next stage.

This chapter discusses the following topics:

25.1 Creating New SOA Composites

To create a new SOA composite that can be used as an approval process, you must perform the following steps:

  1. Creating a New SOA Composite

  2. Deploying a SOA Composite in Oracle SOA Server

  3. Prerequisites for Communication to Oracle Identity Manager Through SSL Mode

  4. Registering a SOA Composite with Oracle Identity Manager

25.1.1 Creating a New SOA Composite

To use a SOA composite as an approval process, it must adhere to certain standards. These standards ensure that the request service is able to instantiate and manage such composites correctly. These standards are:

  • The following attributes are mandatory for BPEL process:

    • RequestID of type String

    • RequestModel of type String

    • RequestTarget of type String

    • URL of type String

    • RequesterDetails of XML Element

    • BeneficiaryDetails of XML Element

    • ObjectDetails of XML Element

    • OtherDetails of XML Element

    The RequestID, RequestModel, RequestTarget, and URL attributes are always set with valid values for all types of requests.

    RequesterDetails is an XML element. This element is filled up with valid values for all requests that requires authentication. Requester details is empty for the requests of type Self-Register User because the requester is anonymous user.

    BeneficiaryDetails is an XML element. This element is filled up with valid values for all requests that have a beneficiary, for example, Provision Resource and Assign Roles. This is filled up only if the request is associated with single beneficiary. If the request is associated with multiple beneficiaries, then BeneficiaryDetails is empty. BeneficiaryDetails element always has valid value for simple requests and child requests that have a beneficiary. Therefore, it is recommended to use this XML element in SOA composites that are used as approval processes at the operational level of approval. This is because at the operational level of approval, the request is associated with only one beneficiary.

    ObjectDetails is an XML element. This element is filled up with valid values for all requests that are associated with the Resource entity. This is filled up only if the request is associated with single resource. If the request is associated with multiple resources, then ObjectDetails is empty. The ObjectDetails element always has valid value for simple and child requests that are associated with resource. Therefore, it is recommended to use this XML element in SOA composites that are used as approval processes at the operational level of approval. This is because at the operational level of approval, the request is associated with only one resource.

  • All the attributes that are mandatory for the BPEL process are referred from RequestDetails.xsd and ApprovalProcess.xsd. These files are present in the template SOA composite, which must not de modified or deleted.

Oracle Identity Manager provides a helper utility for creating custom SOA composites. This utility creates a template SOA project that adheres to all the necessary standards. This utility is located in the OIM_HOME/workflows/new-workflow directory.

Note:

  • JAVA_HOME environment variable must be set before running this utility.

  • This utility requires Apache Ant version 1.7 or later.

To create a custom SOA composite by running the helper utility:

  1. Run the following commands:

    cd OIM_HOME/workflows/new-workflow
    ant -f new_project.xml
    
  2. Enter the JDeveloper application name when the following prompt is displayed:

    Please enter application name

  3. Enter the JDeveloper project name when the following prompt is displayed:

    Please enter project name

  4. Enter the name of the ADF binding service for the composite when the following prompt is displayed:

    Please enter the service name for the composite. This needs to be unique across applications

The new application is created in the OIM_HOME/workflows/new-workflow/process-template/ directory. You can open the new application in JDeveloper for modification.

Human task in the template SOA composite is configured to send notifications to the assignee of the human task. In the custom composite that is created, the notification message can be modified based on the requirement. All the notifications to be sent to the approver must be configured in the SOA composite. For configuring Oracle SOA server to send notifications, refer to "Configuring Oracle User Messaging Service" in the Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite.

Human task in the template SOA composite is configured to be assigned to the SYSTEM ADMINISTRATORS role.

25.1.2 Deploying a SOA Composite in Oracle SOA Server

For information about deploying the workflow composite in BPEL, see Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite.

Note:

If a composite is redeployed in SOA, then all the pending approvals in Oracle Identity Manager initiated by the composite becomes stale and are removed from the user's TaskList. See "Deploying an Existing SOA Archive in Oracle JDeveloper" in the Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite for information about deploying existing SOA composites.

25.1.3 Prerequisites for Communication to Oracle Identity Manager Through SSL Mode

If the communication to Oracle Identity Manager is through the SSL mode, then you must:

Note:

For a non-SSL connection, skip this section.

  • Set the TRUSTSTORE_LOCATION environment variable, where TRUSTSTORE_LOCATION is the trusted key store file location.

  • Use t3s protocol instead of t3. For example, the URL for Oracle Identity Manager is:

    t3s://HOST_NAME:PORT

25.1.4 Registering a SOA Composite with Oracle Identity Manager

The SOA composite must be registered with Oracle Identity Manager before it can be used as an approval process. To register a SOA composite with Oracle Identity Manager:

  1. Create the COMPOSITE_NAME.props property file in the OIM_HOME/workflows/registration/ directory with the following content:

    name=COMPOSITE_NAME
    category=Approval
    providerType=BPEL
    serviceName=REQUEST_APPROVAL_SERVICE
    domainName=DOMAIN
    version=REVISION_ID
    payLoadID=PAYLOAD
    operationID=OPERATION_ID
    listOfTasks=HUMAN_TASK_NAMES
    

    Where:

    • Replace COMPOSITE_NAME with the name of the SOA composite as specified in the composite.xml file.

    • Replace REQUEST_APPROVAL_SERVICE with the name of the service exposed in the composite. This service is invoked while instantiating the composite for approval.

    • Replace OPERATION_ID with the name of operation to be invoked on the service mentioned for the serviceName property.

    • Replace PAYLOAD with the part name of the operation specified as the value of the operationID property.

    • Replace REVISION_ID with the SOA composite revision as specified in the composite.xml file.

    • Replace DOMAIN with name of SOA partition in which the composite is deployed. By default, SOA has one partition named default.

    • Replace HUMAN_TASK_NAMES with the names of the approval tasks associated with the SOA composite. Separate the names with colon (:).

      Note:

      Do not add any extra spaces in the properties file.

  2. Run the following command from the OIM_HOME/workflows/registration/ directory:

    Note:

    ant -f registerworkflows-mp.xml register
    
  3. Enter Oracle Identity Manager administrator username when prompted.

  4. Enter Oracle Identity Manager administrator password when prompted.

    Note:

    When you login to the SOA server by using the Oracle Identity Manager administrator credentials, the login attempt fails if your challenge questions and answers and password are not reset in Oracle Identity Manager. You must reset the challenge questions and answers and password when you first login to Oracle Identity Manager.

  5. Enter Oracle Identity Manager server t3 URL when prompted.

  6. Enter the complete path of the property file name that you created in step 1 when prompted.

25.2 Modifying Existing SOA Composites

To modify an existing SOA composite that can be used as an approval process, you must perform the following:

  1. Modifying a SOA Project in JDeveloper

  2. Disabling a SOA Composite on Oracle Identity Manager

  3. Deploying a SOA Composite in Oracle SOA Server

  4. Enabling a SOA Composite with Oracle Identity Manager

Note:

If the SOA composite modification involves adding or removing human tasks, then perform the following steps:

  1. Modify the SOA composite in JDeveloper. While modifying the composite, make sure that the SOA composite version ID is changed. The existing SOA composite version ID, which is already registered with Oracle Identity Manager, cannot be used.

  2. Disable the existing SOA composite in Oracle Identity Manager.

  3. Deploy the SOA composite in Oracle SOA Server with new version ID.

  4. Register the SOA composite with the new version to Oracle Identity Manager.

25.2.1 Modifying a SOA Project in JDeveloper

You can modify SOA composites by using JDeveloper. If you want to modify the default SOA composites, then you can access the respective JDeveloper projects in the paths listed in Table 25-1:

Table 25-1 Location of Default SOA Composites

SOA Composite Path

BeneficiaryManagerApproval

OIM_HOME/workflows/composites/BeneficiaryManagerApproval.zip

DefaultOperationalApproval

OIM_HOME/workflows/composites/DefaultOperationalApproval.zip

DefaultRequestApproval

OIM_HOME/workflows/composites/DefaultRequestApproval.zip

DefaultRoleApproval

OIM_HOME/workflows/composites/DefaultRoleApproval.zip

ResourceAuthorizerApproval

OIM_HOME/workflows/composites/ResourceAuthorizerApproval.zip

ResourceAdministratorApproval

OIM_HOME/workflows/composites/ResourceAdministratorApproval.zip

RequesterManagerApproval

OIM_HOME/workflows/composites/RequesterManagerApproval.zip

DefaultSODApproval

OIM_HOME/workflows/composites/DefaultSODApproval.zip


For information about using JDeveloper to build applications with Oracle SOA Suite, see Oracle® Fusion Middleware Developer's Guide for Oracle SOA Suite.

25.2.2 Disabling a SOA Composite on Oracle Identity Manager

You can disable a SOA composite on Oracle Identity Manager by using the registerworkflows-mp utility located in the OIM_HOME/workflows/new-workflow/ directory.

Note:

To disable a SOA composite on Oracle Identity Manager:

  1. Using a command prompt, go to the OIM_HOME/workflows/registration/ directory.

  2. Run the following command:

    ant -f registerworkflows-mp.xml disable
    
  3. When prompted to enter username, enter the Oracle Identity Manager administrator username.

  4. When prompted to enter password, enter the Oracle Identity Manager administrator password.

  5. When prompted to enter the server t3 URL, enter the Oracle Identity Manager server t3 URL, for example, t3://localhost:7001.

  6. Specify the domain of the workflow. By default, this is set to the default domain.

  7. When prompted for the name of the workflow, enter the SOA composite name.

  8. When prompted for the version of the workflow, enter the SOA composite version.

25.2.3 Deploying a SOA Composite in Oracle SOA Server

For information about deploying the workflow composite in BPEL, see Oracle Fusion Middleware Developer's Guide for Oracle SOA Suite.

25.2.4 Enabling a SOA Composite with Oracle Identity Manager

To enable a SOA Composite with Oracle Identity Manager:

Note:

  1. Run the following command:

    ant -f registerworkflows-mp.xml enable
    
  2. Perform steps 3 through 8 in listed "Disabling a SOA Composite on Oracle Identity Manager".