7.2 Creating a BPEL Connection

To create a BPEL process, you must first create a connection to a BPEL server. To do this, do the following:

  1. From the navigator pane, under Manage Connections, click the Add icon and select the Create BPEL Connection. The BPEL Connection Basic Information Page is displayed.

  2. Enter a name for the connection. The name will display in the Manage Connections panel. This field is required.

  3. Optionally enter a brief description of the connection and click Next. The BPEL Connection Settings Page is displayed.

  4. Specify the hostname or IP address, domain, and port number of the BPEL Server. For example, enter bpelserver.company.com in the Machine field, and 8001 in the Server Port field. This field is required.

    If the BPEL server is a single instance, it is the hostname or IP of the BPEL machine. If the BPEL server is operating within a cluster, this parameter value can be a comma-separated list of machine names or IP addresses of servers in the cluster, or it can be the cluster name for the cluster.

    If multiple machine names are provided in a comma-separated list, the machines must all use the same port (the value supplied by the port parameter). If the BPEL managed servers in the cluster need to be defined with different ports, then the cluster-name configuration must be used.

    When a cluster name is used, the name must be defined in DNS to resolve to the multiple machines within the cluster. Neither Oracle I/PM nor BPEL defines this behavior. Rather, it is defined by the Oracle WebLogic Server support for JNDI in a cluster.

  5. Enable SSL if desired. This field is optional. If the SSL option is checked, then the port provided must be the SSL listening port for the server, and T3 communication will actually use T3S, the SSL version of T3. For setting the listening port on the BPEL server, see "Configuring SSL for the BPEL Server".

  6. Enter the Credential Alias. For example, basic.credential. This field is required. The credential alias is an alias, or key, used to look up the user name and password in the Credential Store Framework (CSF), which encrypted them to provide for proper security.

    This credential must be created in the CSF before the BPEL connection configuration can be completed. A credential can be created in the CSF in one of two ways: through Fusion Middleware Control or through WLST.

  7. Click Test Connection to ensure the connection is made. When successful, a list of BPEL composites is displayed.

  8. Click Next. The BPEL Connection Security Page is displayed.

  9. Add any additional users required. To add a user, do the following:

    1. Click Add. The Add Security Member Page is displayed.

    2. Select either Search Groups or Search Users, then click Search. A listing of available groups or users is displayed.

    3. Select the users or groups to be added. You can make multiple selections by holding down the Control or Shift key on your keyboard when making a selection.

    4. When you have selected all the users or groups you wish to add to the connection, click Add. The Add Security Member Page is closed and the new users or groups are listed on the BPEL Connection Security Page.

  10. Enable the security permissions desired for each user or group and click Next. The BPEL Connection Review Settings Page is displayed.

  11. Ensure that settings are correct. If they are not, click Back to return to the page you need to modify, or click the link in the navigation train to return directly to the desired page. When satisfied with the settings, return to the BPEL Connection Security Page and click Submit.

7.2.1 Configuring SSL for the BPEL Server

For the Oracle I/PM SSL configuration to work with BPEL, the SSL listening port must be enabled on the BPEL server. This can be done at the time the BPEL server is first installed, through the configuration wizard, or after installation, through the Oracle WebLogic Server Administration Console.

To configure SSL for the BPEL server:

  1. Log in to the Administration Console for the BPEL managed server domain.

  2. From Domain Structure, click Environment and then Servers.

  3. Select the BPEL managed server instance.

  4. Check SSL Listen Port Enabled.

  5. Enter an available port number for SSL Listen Port.

  6. Click SAVE. SSL is enabled on the BPEL managed server.

In the Oracle I/PM connection, the SSL check can be checked and the SSL listen port used for the port parameter. At this point, communication to the server will work properly if both the BPEL managed server and the Oracle I/PM managed server are configured to use the default DemoTrust certificates. All Oracle WebLogic Server instances use the same DemoTrust self-signed certificates and, therefore, are configured to trust the others by default. Note that this should only be used to test the system in a demonstration or test environment. For security, DemoTrust certificates should never be used in production.


These files should be used for test and demonstration purposes only. In a production environment, you should obtain proper and valid certificates and follow appropriate procedures for importing and configuring those certificates to establish identity and trust. When properly signed certificates are used and configured properly, SSL will work properly without special configuration.

You can also configure SSL for the BPEL server in the Oracle I/PM user interface, using the Managed Connections section to create the BPEL connection.

7.2.2 Configuring a BPEL Connection CSF Credential

A credential store framework (CSF) credential is a username/password pair that is keyed by an alias and stored inside a named map in the CSF. Because of its integration with Oracle Web Services Manager (OWSM), Oracle I/PM leverages the standard OWSM CSF map named oracle.wsm.security.

A credential can be created through Enterprise Manger (EM) or through WebLogic Scripting Tool (WLST).

Creating a Credential Using EM

To create a credential using EM, do the following:

  1. Log in to Enterprise Manager.

  2. Click WebLogic Domain.

  3. Click Security and then Credentials.

  4. Select the oracle.wsm.security map. If it does not exist, do the following:

    1. Select Create Map.

    2. Enter oracle.wsm.security in the map field and click OK.

    3. Click Create Key. The key is now available for selection.

  5. Enter a key name. This is the credential alias used in the BPEL connection configuration.

  6. Select password as the type.

  7. Enter a user name and password.

  8. Optionally, enter a description for the credential.

  9. Click OK.

Creating a Credential Using WLST

To create a credential using WLST, execute the following command:

createdCred(map="oracle.wsm.security", key="basic.credential", user="weblogic", password="Welcome1")

where key is the alias which is used for the credential alias property of a BPEL connection definition in the user interface. In the API, it is used for the Connection.CONNECTION_BPEL_CSFKEY_KEY property. The alias, basic.credential, is used in the example because it is a standard default name used by OWSM and BPEL. However, the alias can be anything as long as it is unique within the map.