Thursday, 13 February 2014

Configuring Oracle BPM and SOA Suite 11g with a SQL Authentication Provider

Login to integrated weblogic server with admin user (weblogic) and password

click on security realms and select my realm option

click on new provider to create a new SQLAuthenticator

provide the name of the SQLAuthenticator and set the control flag as sufficient.
Provide the data source to the database.
The table USERS, GROUPS and GROUPS_MEMBER have to be already created
into the database. For instance this script uses the default table and column
names.
Using the attached script the query to access to the users and groups don't need to be
modified. Otherwise, using a custom DB the query needs to be changed.
Reorder the providers and keep the SQL one at the top
Change the control flag of default authenticator from required to sufficient.

Restart WLS and check that users and groups from the database have been
imported into WLS.
For the SOA/BPM environment there is a known issue (Logon To Oracle Workspace Failed With Users Of SQL Authenticator (Doc ID 1499679.1)). I followed this approach as a workaround as suggested by oracle to being able to see the accounts in BPM. Here are the steps to apply it

  • Download the DBProvider
  • Copy dbprovider.jar to MW_HOME/user_projects/domains/{soa_domain}/lib
  • Shutdown SOA and Admin Server
  • Navigate to MW_HOME/user_projects/domains/{domain_name}/config/fmwconfig
  • Take a backup of jps-config.xml
  • Edit jps-config.xml and make the following modifications
In the section starting with <jpsContext name="default" 
modify <serviceInstanceRef ref="idstore.ldap"/> to 
<serviceInstanceRef ref="idstore.custom"/>

Within the <serviceInstances>...</serviceInstances> section, 
add the following (change the db_* parameters as per the environment): 
<serviceInstance name="idstore.custom" provider="custom.provider" location="dumb"> 
<description>Custom Identity Store Service Instance</description> 
<property name="idstore.type" value="CUSTOM"/> 
<property name="ADF_IM_FACTORY_CLASS" value="org.sample.providers.db.DBIdentityStoreFactory"/> 
<property name="DB_SERVER_NAME" value="db_host_name"/> 
<property name="DB_DATABASE_NAME" value="db_sid"/> 
<property name="ST_SECURITY_PRINCIPAL" value="db_user"/> 
<property name="ST_SECURITY_CREDENTIALS" value="db_passwd"/>
</serviceInstance>


Within the <serviceProviders>...</serviceProviders> section,
add the following 
<serviceProvider type="IDENTITY_STORE" name="custom.provider" 
class="oracle.security.jps.internal.idstore.generic.GenericIdentityStoreProvider"> 
<description>Custom IdStore Provider</description> </serviceProvider>

  • Start SOA/Admin server




Posted by at
Labels: ,

3 comments:

  1. Fabio Persico2 January 2017 at 10:24

    Hi Pavankumar
    did you apply the patch at Oracle doc ID 1499679.1?

    regards

    ReplyDelete
  2. Unknown3 January 2017 at 04:22

    Thanks for the Reply Fabio, No I didnt apply. I am using my local SOA 11.1.1.6 version.
    Could you please provide the exact link and steps to apply the patch? I could not find the exact link for doc ID 1499679.1.

    Thank you in advance

    Regrds,
    Pavan

    ReplyDelete
  3. khaled26 June 2023 at 14:14

    the file DBProvider need access to download

    ReplyDelete

Subscribe to: Post Comments (Atom)