RSS

Using the Human Task identification key to set your own taskId with Oracle BPM (and BPEL)

Requirement

Our Oracle ACM/BPM system will create tasks which will not only be handled by users in a front-end but also through a B2B connection with our external partners. So we need to publish a message to our B2B partners when a task is available. The challenge here is that the taskId is externally generated in the Human Task component and for the BPM (and BPEL) process the taskId is unknown until the task is closed. So we need to generate our own taskId or a trick to capture and retrieve the taskId outside the process and send it back to the process.

Solution

We first looked at the option to use the Human Task onAssigned event which we could capture through EDN and handle accordingly. However one of the requirements was that we would not communicate an internal (task) ID to our B2B partners so needed to generate our own ID instead. So we thought about generate our own guid() and place it on one of the ProtectedTextAttributes so we could use this to query the correct task. But Laurens van der Starre pointed us out that Oracle actually has a solution for this and we could use the identification key on the Human Task.

So below is an example of a process where our own key (a guid) is generated in the script task and then placed on the human task.

process

Map the generated variable on the Identification Key

task

Runtime

In EM I can see that the generated key is 35373030303632323333383139353637. So we would normally communicate this to our B2B partner. Then on request from our B2B partner to send the details of the task service we can query the correct task using the Oracle TaskQueryService:


<soapenv:Envelope>
 <soapenv:Header/>
 <soapenv:Body>
 <tas:taskListRequest>
 <com:workflowContext>
 <com:credential>
 <com:login>${#Project#username}</com:login>
 <com:password>${#Project#password}</com:password>
 </com:credential>
 </com:workflowContext>
 <tas1:taskPredicateQuery>
 <tas1:displayColumnList>
 <tas1:displayColumn>IDENTIFICATIONKEY</tas1:displayColumn>
 </tas1:displayColumnList>
 <tas1:optionalInfoList>
 <!--tas1:taskOptionalInfo>Comments</tas1:taskOptionalInfo-->
 <!--tas1:taskOptionalInfo>Attachments</tas1:taskOptionalInfo-->
 <!--tas1:taskOptionalInfo>Payload</tas1:taskOptionalInfo-->
 </tas1:optionalInfoList>
 <tas1:predicate>
 <tas1:assignmentFilter>All</tas1:assignmentFilter>
 <tas1:clause>
 <tas1:column>IDENTIFICATIONKEY</tas1:column>
 <tas1:operator>EQ</tas1:operator>
 <tas1:value>35373030303632323333383139353637</tas1:value>
 </tas1:clause>
 </tas1:predicate>
 </tas1:taskPredicateQuery>
 </tas:taskListRequest>
 </soapenv:Body>
</soapenv:Envelope>

Result

 

<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
 <env:Header/>
 <env:Body>
 <taskListResponse xmlns="http://xmlns.oracle.com/bpel/workflow/taskQueryService">
 <task xmlns="http://xmlns.oracle.com/bpel/workflow/task">
 <title>task-identification-key</title>
 <ownerRole>task-identification-key.ProcessOwner</ownerRole>
 <priority>3</priority>
 <processInfo/>
 <systemAttributes> ... </systemAttributes>
 <systemMessageAttributes/>
 <identificationKey>35373030303632323333383139353637</identificationKey>
 <percentageComplete>100.0</percentageComplete>
 <sca>
 <compositeDN>default/task-identification-key!1.0*soa_.....</compositeDN>
 </sca>
 <applicationContext>OracleBPMProcessRolesApp</applicationContext>
 <taskDefinitionId>default/task-identification-key!1.0/htMyTask</taskDefinitionId>
 <mdsLabel>soa_...</mdsLabel>
 <customAttributes/>
 </task>
 </taskListResponse>
 </env:Body>
</env:Envelope>

Example / Sources

 

 
Leave a comment

Posted by on 29-04-2016 in BPM, Oracle

 

Tags: , ,

Limitation in Oracle Adaptive Case Management (ACM) revision ID length

All our Oracle BPM projects use a revision id during deployment of the SCA component which is something like [4 digits].[svn-revision] which might look like 1602.71234

The Oracle SCA version format convention

In the Oracle documentation it states that the Oracle SCA composite revision must apply this format:
n0[.n1[.n2[.n3[.n4]]]][-milestone-name[milestone-number] | _patch-number]
Where all but “milestone-name” and “comment” are numeric, composed of one or more digits (0-9) from 0 up to a maximum value of 99999999.

This is the same convention you see on the error when deploying a composite with an incorrect revision format.

foutmelding_jdev

So we are good due to the fact that our revision naming standard only use n0.n1 and both numbers will not reach the max value of 99999999 anywhere soon.

The problem

However when testing we discovered that when our revision passed 99999 we have a problem. Not due to the normal SOA or BPM components, they can easily handle the longer n1 digits. But due to the fact that our Oracle ACM projects will throw the following error when deploying a composite with a total(!) revision length of 10+

Logging:

: Case metadata deployment failed. 
Case metadata deployment failed for MyCase. 
Contact system administrator for assistance. 
{rootCauses=[]} 
at oracle.bpm.casemgmt.fabric.CaseManagementServiceEngine.deploy(CaseManagementServiceEngine.java:1941) 
at oracle.bpm.casemgmt.fabric.CaseManagementServiceEngine.deploy(CaseManagementServiceEngine.java:401) 
at oracle.bpm.casemgmt.fabric.CaseManagementServiceEngine.deploy(CaseManagementServiceEngine.java:182) 
... 
Caused By: BPM-72806 
..... 
at java.lang.Thread.run(Thread.java:662) 
Caused By: javax.persistence.PersistenceException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException 
Internal Exception: java.sql.SQLException: ORA-12899: value too large for column "SOA_SOAINFRA"."CM_CASE_DEFINITION"."COMPOSITE_VERSION" (actual: 12, maximum: 10)</pre>

So when checking the SOAINFRA database design we discovered that for ACM components the revision is also stored in a column with a definition of VARCHAR2(10)


DESC CM_CASE_DEFINITION
Name Null Type
----------------- -------- --------------
DEFINITION_ID NOT NULL VARCHAR2(400)
NAME NOT NULL VARCHAR2(255)
TITLE VARCHAR2(500)
DESCRIPTION VARCHAR2(1000)
CATEGORY VARCHAR2(400)
NAMESPACE VARCHAR2(2000)
COMPONENT_NAME VARCHAR2(200)
COMPOSITE_DN VARCHAR2(500)
COMPOSITE_NAME VARCHAR2(200)
COMPOSITE_VERSION VARCHAR2(10)
APPLICATION_NAME VARCHAR2(200)

table_soainfra

The solution

So we logged a service request (SR 3-12014738981) and together with Oracle Support we concluded that this is actually a bug in both 11g and 12c.
Bug 22564283 – Limitation in ACM revision ID due to CM_CASE_DEFINITION.COMPOSITE_VERSION

Yesterday we received confirmation from Oracle Support that the bug is fixed and we will receive a patch.
Meanwhile we can already use the workaround to update COMPOSITE_VERSION column in CM_ACTIVITY_DEFINITION and CM_CASE_DEFINITION to VARCHAR2(200).
So actually an easy fix on the SOAINFRA schema we assumed would work if we “hacked” it in our self, but we’re still very glad that it was quickly handled and solved through Oracle Support with an official supported patch.

alter table CM_ACTIVITY_DEFINITION modify (COMPOSITE_VERSION varchar2(200))
alter table CM_CASE_DEFINITION modify (COMPOSITE_VERSION varchar2(200))

So, if you run into the same problem you can refer with Oracle Support to the SR and BUG numbers mentioned above

 
Leave a comment

Posted by on 17-02-2016 in Uncategorized

 

Tags: , , , ,

Error in getting XML input stream with Oracle Business Rules 12.2.1

When trying to compile a Oracle ACM/BPM 12.2.1 project (with Oracle Business Rules) the following message throws up: “Error in getting XML input stream”

Jdev_Error

When Oracle Business Rules 12.2.1 generates it’s default XSD it uses the full system path instead of a relative path for it’s imports. So make sure to manually change the import configuration.

XSD_file

 
1 Comment

Posted by on 12-02-2016 in Oracle

 

Tags: , , ,

Oracle Service Bus 11g – Another session operation is in progress. Please retry later.

Since our Bamboo pipeline uses the same account for deployments we sometimes get this error “Another session operation is in progress. Please retry later.” during deployment.
So 1st of all, don’t use the same user (like weblogic) to deploy when your with a lot of developers / build pipelines / etc.
Time for us to use multiple users for each agent (or think of something else really smart), but in the meanwhile we sometimes have to discard the changes from an open session.

sbconsole -> View all Sessions -> Select session -> Discard all changes

2

1

However sometimes the sbconsole does not allow this action and we need to restart the Admin + Managed server.
Usually this fixes the issue, however this time it didn’t.

Luckily for us the great Pierluigi has a blog which tells us to clear the OSB domain session folder, so:

  • shutdown the Admin + Managed servers
  • clear all the SessionXXX folders in the ${DOMAIN_HOME}/osb/config/sessions
  • start the environment

The content of

[oracle@server sessions]$ ls -l
drwxr—–. 5 oracle oinstall 4096 Jan 13 13:22 SessionScript1452682586592
drwxr—–. 5 oracle oinstall 4096 Jan 13 13:22 SessionScript1452687725653
[oracle@server sessions]$ rm * -rf

References

 
Leave a comment

Posted by on 13-01-2016 in OSB

 

Tags: , ,

Using the Weblogic External Listen Address to support Network Address Translation (NAT) firewalls

When trying to connect or deploy from JDeveloper 12.2.2 to our Oracle Fusion Middleware 12.2.1 domain in the Amazon EC cloud I keep having connection problems. Contacting the consoles is not a problem, however extending the IDE Connection results in this error:

Pic0

t3://127.0.0.1:7011: [RJVM:000575]Destination 127.0.0.1, 7011 unreachable.; nested exception is:
java.net.ConnectException: Connection refused: connect; [RJVM:000576]No available router to destination.; nested exception is: java.rmi.ConnectException: [RJVM:000576]No available router to destination.Dec 08, 2015 9:50:35 AM oracle.tip.tools.ide.soabrowser.LogUtil logStackTrace

And deploying an artifact to the server results the same

PicError

Weblogic configuration

I couldn’t find anything regarding the error on Oracle Support, but luckily my collegue Daljit Singh had the answer. Since the Amazon EC2 uses a public IP (which we use to connect to the admin server) the internal passthrough to the Managed Servers fails. To solve this we should use the Weblogic “external listen address” configuration. The external listen address and port are used to support Network Address Translation (NAT) firewalls. These should match the IP address or DNS name that clients use to access application on the server.

Go to the Weblogic console -> Environment -> Servers -> Managed Server -> Configuration -> General -> Advanced

Make sure the public ip-adres is stored in the External Listen Address here

Pic2

Your managed server requires a restart afterwards. But then the connection issue is solved.

restart

 
1 Comment

Posted by on 08-12-2015 in Weblogic

 

Tags: , , ,

JPS-01050: Opening of wallet based credential store failed

After installing a new Oracle Fusion Middleware 12.2.1 domain on a Ubuntu server (for development purposes) and starting the AdminServer I get the following error:

<Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: There are 1 nested errors: oracle.security.jps.JpsException: JPS-01050: Opening of wallet based credential store failed. Reason java.io.IOException at oracle.security.jps.internal.config.OpssCommonStartup.preStart(OpssCommonStartup.java:334)
at oracle.security.jps.JpsStartup.preStart(JpsStartup.java:286) at oracle.security.jps.wls.JpsBootStrapService.start(JpsBootStrapService.java:80)

However, when checking the cwallet file it is there with proper access rights

ubuntu@ip-10-0-1-170:/opt/oracle/config/domains/rbx_dev/config/fmwconfig$ ls -l cwallet.sso
-rw——- 1 ubuntu ubuntu 194 Dec 1 13:11 cwallet.sso

So when searching we found this Oracle Support Doc ID 1923395.1

Unable Start AdminServer: JPS-01050: Opening of wallet based credential store failed. The FMW WebLogic Server (WLS) installation has been configured to use a non-default Java temporary files directory, i.e. the following has been set in the WebLogic startup or setDomainEnv.sh script:

EXTRA_JAVA_PROPERTIES=”-Djava.io.tmpdir=/appl/oracle/temp_java_files ${EXTRA_JAVA_PROPERTIES}”

Reference: How to Change the WebLogic Server Location for Temporary Files (Doc ID 1336002.1)
When the Middleware home was restored the directory specified by java.io.tmpdir parameter was missing,
Therefore an IOException occurred when opening the wallet and WLS was unable to initialize the OPSS successfully.

The description however is not completely accurate for our specific problem, but pointed us in the right direction. Since in our case the default /tmp folder is owned by root on Ubuntu and the “normal” ubuntu:ubuntu user/group running the Weblogic scripts has no access.

So we could fix the issue in 2 ways:

    1. Using a custom tmp folder in our setDomainEnv.sh script which the ubuntu user had access
      ## CUSTOM FOR RBX_DEV ##
      EXTRA_JAVA_PROPERTIES=”-Djava.io.tmpdir=/opt/oracle/tmp -Djava.security.egd=file:/dev/./urandom ${EXTRA_JAVA_PROPERTIES}”
      export EXTRA_JAVA_PROPERTIES
      ## CUSTOM FOR RBX_DEV ##
    2. Giving access to the default /tmp folder for our ubuntu user
      sudo chmod o+rwx /tmp
 
Leave a comment

Posted by on 08-12-2015 in Weblogic

 

Tags: , ,

Cloud integration using federation between Microsoft Office 365 Azure Active Directory (AAD) and Amazon Web Service (AWS)

Not an Oracle blog for a change, but when an organization uses both Amazon Web Services (AWS) and Microsoft Office 365 it is possible to allow single sign-on with the internal LDAP Microsoft uses (Azure AD). Since RubiX uses both cloud products since day 1, I decided to look into integration between both products when Microsoft recently allowed SAML federation.

In this blog I will demonstrate how to connect Amazon Web Services (AWS) to the internal Azure Active Directory (AAD) that is used by Microsoft. As a result of this blog your users should be able to login to AWS from the Office 365 menu.

RESULT

1. Configure Microsoft Office 365 / Azure Active Directory (AAD)

Go to your Administration console and select Azure AD from ADMIN

AZURE000_01

In the Azure AD console select “Active Direcory”, click on your Office 365 domain name and the AD menu should open. Click on “Applications” from the top menu

AZURE000

By defaut you will see a lot of Microsoft web applications, so we click on “Add+” on the bottom menu. Then select “Add application from the gallery”

AZURE000-2

The AWS application will be added to your list. Select Configure Single Sign-On next.

AZURE001

We will select the 1st option (MS AAD SSO) to establish federation between AAD & AWS. The Federated Single Sign-On enables the users in your organization to be automatically signed in to a third-party application like AWS by using the AAD user account information. In this scenario, when you have already been logged into Office 365 the federation eliminates the need for you to login again to AWS.

AZURE002

In this case, we don’t need to perform any extra advanced settings. So NEXT

AZURE003

Download the metadata XML and store it for future use and make sure to accept the checkbox

AZURE004

Go to the users tab and assign (bottom button) your users that are allowed to login to AWS

AZURE011

Before we can finalize our SSO from AAD, we first need to setup AWS.

2. Configure Amazon Web Service (AWS)

Login to your AWS account and select the Identity & Access Management

EC2001

First we will create an Identity Provider for AAD.
Select SAML as Provider Type and choose a logical name (I use “Office365” in my example).
Browse to the exported metadata we downloaded from the AAD console earlier.

Important: check your metadata xml file

  • The exported metadata XML file from Azure might be encoded as UTF-8 with byte order mark (BOM). Make sure to convert it to UTF-8 without BOM otherwise the AWS console will not be able to import it.
  • Make sure to remove the <?xml version=”1.0″?> on line 1, otherwise AWS will not be able to parse the file

EC2001_provider

As a result we now have a SAML provider configured, so time to set some roles.
Select Roles in the IAM menu, select “Create New Role” and give your role a logical name (I use “RubixUsers” here)
In the Role Type select “Grant Web Single Sign-On (WebSSO) access to SAML providers“.

EC2004

  • Select the SAML provider we trust, so we use the earlier created “Office365” provider here.
  • Next step we can customize the policy, which we won’t do so next.
  • In the next step we can select the policy you want to attach to your SSO users.
    You can go fine grained with policies, but for now I will use the default PowerUser policy
  • The last screen you will receive a review of the configuration, make sure to note down the Role ARN and Thrusted Entities
    Role ARN = arn:aws:iam::[customerID]:role/[RoleName]
    Trust = arn:aws:iam::[customerID]:saml-provider/[ProviderName]

EC2001_review

 

3. Configure Microsoft Office 365 / Azure Active Directory (AAD) – part 2

Go back to the AAD management console (https://manage.windowsazure.com).
Select applications -> Amazon Web Services (AWS) -> Attributes

Add the following 2 attributes:

EC2_attributes

 

4. Result

With these configuration steps you are now able to login to AWS from your Office 365 apps tile.

RESULT

 
Leave a comment

Posted by on 16-10-2015 in Uncategorized

 

Tags: , , , , , , ,

 
Follow

Get every new post delivered to your Inbox.

Join 446 other followers