7 Managing Connections

To successfully have all aspects of your business flow communicate with Imaging, you must define the appropriate connection types. Using the Imaging user interface, you can create a connection to both an Content Server repository or a workflow server.

Note:

You must ensure that the Imaging support component IpmRepository is installed and enabled on the Content Server you are connecting to. For information on enabling Content Server components, see Oracle WebCenter Content System Administrator's Guide for Content Server.

This section describes the connection configuration options available to an Imaging administrator and how they are accessed. It contains the following topics:

7.1 Creating an Content Server Connection

To connect Imaging to an Content Server document repository, do the following:

  1. From the navigator pane, under Manage Connections, click the Create new connection icon and select the Create Content Server Connection. The Content Server Connection Basic Information Page is displayed.

  2. Enter a name for the connection. The name will display in the Manage Connections panel. This field is required.

  3. Enter a brief description of the connection and click Next. The Content Server Connection Content Server Settings Page is displayed.

  4. Optionally, enable SSL to connect to the repository over SSL. Note that to connect over SSL, the Content Server must be configured for SSL connections. For more information, see Configuring WebCenter Content to Use SSL.

  5. Enable Use Local Content Server and set the port number in order to specify localhost as the machine name and connect Imaging to the Content Server sharing the computer. Local communication offers the fastest connection option. If enabled, localhost is used exclusively unless a communication failure occurs. If there is a communication failure to localhost and a pool of Content Servers is defined, messages are sent to the machines named in the Content Server pool until communication to localhost resumes.

    Alternately, disable Use Local Content Server and define a pool of Content Servers. Each connection in the connection pool must be unique. Messages are then sent to multiple Content Servers. This option is for load balancing in a clustered environment.

    Note:

    If a single server is identified in the connection pool and it is a load balancer to a Content Server cluster, then stickiness should be configured in the load balancer for a short period of time (30 to 60 seconds). This is necessary to avoid errors when an application is created and the application summary page tries to display. There can be latency in the propagation of application data from the Content Server where the application is defined to other Content Servers in the cluster.

  6. Click Next. The Content Server Connection Security Page is displayed.

  7. Add any additional users required. To add a user, do the following:

    1. Click Add. The Add Security Member Page is displayed.

    2. Select either Search Groups or Search Users, then click Search. A listing of available groups or users is displayed.

    3. Select the users or groups to be added. You can make multiple selections by holding down the Control or Shift key on your keyboard when making a selection.

    4. When you have selected all the users or groups you wish to add to the connection, click Add. The Add Security Member page is closed and the new users or groups are listed on the Connection Security page.

  8. Enable the security permissions desired for each user or group and click Next. The Content Server Connection Review Settings Page is displayed.

  9. Ensure that settings are correct. If they are not, click Back to return to the page you need to modify, or click the link in the navigation train to return directly to the desired page. When satisfied with the settings, return to the Review settings page and click Submit. The Connection Summary page is displayed that includes the audit history of changes made to the connection.

  10. Review the details of the connection. Click Modify to go back to the Content Server Connection Basic Information Page to make any changes, if necessary. When satisfied with the connection, return to the Content Server Connection Review Settings Page and click Submit.

7.2 Creating a Workflow Connection

To integrate a workflow process with an Imaging application, you must first create a connection to a workflow server. An Imaging workflow connection makes no distinction between BPEL or BPM engines. A single workflow connection can be used to configure an application for use with BPEL or BPM as long as both engines are available on the workflow server.

Note:

To create a workflow connection, a user must be members of all three of the following WebLogic Server groups or the connection is not created:

  • Operators

  • Monitors

  • Administrators

Failure to create the connection is logged on the workflow server.

To create a workflow connection, do the following:

  1. From the navigator pane, under Manage Connections, click the Create new connection icon and select the Create Workflow Connection. The Workflow Connection Basic Information Page is displayed.

  2. Enter a name for the connection. The name will display in the Manage Connections panel. This field is required.

  3. Optionally enter a brief description of the connection and click Next. The Workflow Connection Settings Page is displayed.

  4. Specify the HTTP front end address for the workflow server. The address should include the listening port if it is not the default port for the protocol defined in the URL. For example, enter http://soa.server.company.com:8001 in the HTTP Front End Address. This field is required.

  5. Enter the Credential Alias. For example, basic.credential. This field is required. The credential alias is an alias, or key, used to look up the user name and password in the Credential Store Framework (CSF), which encrypted them to provide for proper security.

    This credential must be created in the CSF before the workflow connection configuration can be completed. A credential can be created in the CSF in one of two ways: through Fusion Middleware Control or through WLST. This field is required.

  6. If necessary, enter providers by specifying the host name or names used for the connection. If the workflow server is a single instance, the provider is the host name or IP and port of the workflow machine. For example, t3://server:8001. If the workflow server is operating within a cluster, this parameter value must be a comma-separated list of machine names or IP addresses and ports of servers in the cluster. Entering only the front end address of a workflow server with multiple providers does not work. This step is necessary only if integrating with Oracle E-Business Suite Adapter for Oracle Enterprise Content Management.

  7. Click Test Connection to ensure the connection is made. When successful, a list of BPEL composites is displayed.

  8. Click Next. The Workflow Connection Security Page is displayed.

  9. Add any additional users required. To add a user, do the following:

    1. Click Add. The Add Security Member Page is displayed.

    2. Select either Search Groups or Search Users, then click Search. A listing of available groups or users is displayed.

    3. Select the users or groups to be added. You can make multiple selections by holding down the Control or Shift key on your keyboard when making a selection.

    4. When you have selected all the users or groups you wish to add to the connection, click Add. The Add Security Member Page is closed and the new users or groups are listed on the Workflow Connection Security Page.

  10. Enable the security permissions desired for each user or group and click Next. The Workflow Connection Review Settings Page is displayed.

  11. Ensure that settings are correct. If they are not, click Back to return to the page you need to modify, or click the link in the navigation train to return directly to the desired page. When satisfied with the settings, return to the Workflow Connection Review Settings Page and click Submit. The Connection Summary page is displayed that includes the audit history of changes made to the connection.

  12. Review the details of the connection. Click Modify to go back to the Workflow Connection Basic Information Page to make any changes, if necessary. When satisfied with the connection, return to the Workflow Connection Review Settings Page and click Submit.

7.2.1 Configuring SSL for the Workflow Server

For the Imaging SSL configuration to work with a workflow, the SSL listening port must be enabled on the workflow server. This can be done at the time the workflow server is first installed, through the configuration wizard, or after installation, through the Oracle WebLogic Server Administration Console. For more information on configuring SSL, see Oracle Fusion Middleware Administration Guide: Chapter 6, SSL Configuration in Oracle Fusion Middleware.

In order to create a connection to an SSL enabled workflow server, the HTTPS protocol and listen port must be specified in the Workflow Connection's HTTP Front End Address on the Workflow Connection Settings Page when the connection is created. For example, https://yourhost.com:8002.

Communication to the server will work properly if both the workflow managed server and the Imaging managed server are configured to use the default DemoTrust certificates. All Oracle WebLogic Server instances use the same DemoTrust self-signed certificates and, therefore, are configured to trust the others by default. Note that this should only be used to test the system in a demonstration or test environment. For security, DemoTrust certificates should never be used in production.

Note:

These files should be used for test and demonstration purposes only. In a production environment, you should obtain proper and valid certificates and follow appropriate procedures for importing and configuring those certificates to establish identity and trust. When properly signed certificates are used and configured properly, SSL will work properly without special configuration.

7.2.2 Configuring a Workflow Connection CSF Credential

A credential store framework (CSF) credential is a username/password pair that is keyed by an alias and stored inside a named map in the CSF. Because of its integration with Oracle Web Services Manager (OWSM), Imaging leverages the standard OWSM CSF map named oracle.wsm.security.

A credential can be created through Enterprise Manger (EM) or through WebLogic Scripting Tool (WLST).

Creating a Credential Using EM

To create a credential using EM, do the following:

  1. Log in to Enterprise Manager.

  2. Click WebLogic Domain.

  3. Click Security and then Credentials.

  4. Select the oracle.wsm.security map. If it does not exist, do the following:

    1. Select Create Map.

    2. Enter oracle.wsm.security in the map field and click OK.

    3. Click Create Key. The key is now available for selection.

  5. Enter a key name. This is the credential alias used in the workflow connection configuration.

  6. Select password as the type.

  7. Enter a user name and password.

  8. Optionally, enter a description for the credential.

  9. Click OK.

Creating a Credential Using WLST

To create a credential using WLST, execute the following command:

createdCred(map="oracle.wsm.security", key="basic.credential", user="weblogic", password="Welcome1")
 

where key is the alias which is used for the credential alias property of a workflow connection definition in the user interface. In the API, it is used for the Connection.CONNECTION_WORKFLOW_CSFKEY_KEY property. The alias, basic.credential, is used in the example because it is a standard default name used by OWSM and BPEL. However, the alias can be anything as long as it is unique within the map.