Upload
trinhdang
View
224
Download
3
Embed Size (px)
Citation preview
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
1 | P a g e
OIG 11G R2 Field Enablement Training
Lab 3.1 - Deploying Composites and creating Access Policies
Disclaimer: The Virtual Machine Image and other software are provided for
use only during the workshop. Please note that you are responsible for
deleting them from your computers before you leave. If you would like to try
out any of the Oracle products, you may download them from the Oracle
Technology Network (http://www.oracle.com/technology/index.html) or the
Oracle E-Delivery WebSite (http://edelivery.oracle.com)
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
2 | P a g e
Table of Contents
OIG 11G R2 Field Enablement Training ................................................................................................... 1
Deploying Composites and creating Access Policies........................................................................... 1
1. Deploy the Composite................................................................................................................. 3
2. Configure Approval Policies ........................................................................................................ 7
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
3 | P a g e
Introduction
In this lab we will deploy an already prepared SOA composite. This is a generic composite which can
handle various approvals i.e Single Approval, Serial Approval, Parallel Approval.
We will also create approval policies to invoke the composite we are deploying so that the same
composite can be invoked when requesting for Role, Application Instance & Entitlement.
Pre Requisite: [This is already done in the VM, please login to EM and check the Key]
The SOA composite will use CSF to get the credential to connect to OIM Server. We need to create
the entry in CSF so that SOA composite can use it.
Note: You need to have Admin & SOA Servers running
Login to the Fusion Middleware Control
Expand WebLogic Domain
Click the domain name
Click WebLogic Domain under the domain name, in the right pane
Click Security
Click Credentials
Select oracle.wsm.security
Click Create Key from the toolbar
Provide the following information in the Create Key form
Key Requestwskey
User Name xelsysadm
Password Password for the xelsysadm user
Confirm Password Password for the xelsysadm user
Description Optional
Click OK
1. Deploy the Composite Note: you need not do this exercise if you have completed Lab 3.
Follow the steps below to deploy the composite. Also please ensure to start just the below services.
Admin server
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
4 | P a g e
SOA server.
Ensure that any other services like OIM are down.
1. In the VM navigate to the below folder.
2. Unzip the AddAccessApprovalApplication.zip file.
3. Ensure that Admin and SOA are up.
4. Hit the Enterprise Manager console in a new browser window.
5. Login as weblogic.
6. Expand the SOA soa-infra default folders.
7. Right click on default and choose SOA Deployment Deploy to this Partition.
cd /app/home/oracle/Lab3\ Final\ Composite\ -\ Back\ up/
unzip AddAccessApprovalApplication.zip
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
5 | P a g e
8. In the Select Archive screen, choose the second option.
a. Archive on the server where Enterprise Manager is running.
9. Provide the path of the jar as follows.
a. /app/home/oracle/Lab3 Final Composite - Back
up/AddAccessApprovalApplication/AddAccessApproval/deploy/
sca_AddAccessApproval_rev7.0.jar
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
6 | P a g e
10. Click Next at the top.
11. In the confirmation page, just click on Deploy. EM deploys the composite and this activity
might take a while to complete.
12. You will see the new composite now in the default partition.
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
7 | P a g e
2. Configure Approval Policies
Shutdown the Admin Server.
Start OIM server and check the status of SOA. SOA Server should be up.
1. Login to the System Administration Console as ADMIN.
2. Click on Approval Policies under Policies.
3. Click on the create button to create request-level approval policy to Grant Application
Instance.
4. Fill the form with the below details.
Policy Name Application Instance – RL – Beneficiary Manager Approval
Description Application Instance – RL – Beneficiary Manager Approval
Request Type Provision ApplicationInstance
Level Request Level
Auto Approval Checked
5. Click on Next.
6. Click on Add Simple Rule.
7. Fill the form with the below details.
Entity Request
Attribute Request Type
Condition Equals
Value Provision ApplicationInstance
Parent Rule Container Approval Rule
8. Click on Save.
9. Under Rule Components expand the Approval Rule. You should see it as shown below.
10. Provide a value for the Rule Name.
a. Request Rule
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
8 | P a g e
11. Click Next.
12. Click Finish.
13. Click OK on the confirmation dialogue.
14. Click on the search button to see the newly created approval policy.
15. Click on the create button to create request-level approval policy to Grant Role.
16. Fill the form with the below details.
Policy Name Assign Roles – RL – Auto Approve
Description Assign Roles – RL – Auto Approve
Request Type Assign Roles
Level Request Level
Auto Approval Checked
17. Click on Next.
18. Click on Add Simple Rule.
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
9 | P a g e
19. Fill the form with the below details.
Entity Request
Attribute Request Type
Condition Equals
Value Assign Roles
Parent Rule Container Approval Rule
20. Click on Save.
21. Under Rule Components expand the Approval Rule. You should see it as shown below.
22. Provide a value for the Rule Name.
a. Request Rule
23. Click Next.
24. Click Finish.
25. Click OK on the confirmation dialogue.
26. Click on the create button to create request-level approval policy to Grant Entitlement.
27. Fill the form with the below details.
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
10 | P a g e
Policy Name Provision Entitlement – RL – Auto Approve
Description Provision Entitlement – RL – Auto Approve
Request Type Provision Entitlement
Level Request Level
Auto Approval Checked
28. Click on Next.
29. Click on Add Simple Rule.
30. Fill the form with the below details.
Entity Request
Attribute Request Type
Condition Equals
Value Provision Entitlement
Parent Rule Container Approval Rule
31. Click on Save.
32. Under Rule Components expand the Approval Rule. You should see it as shown below.
33. Provide a value for the Rule Name.
a. Request Rule
34. Click Next.
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
11 | P a g e
35. Click Finish.
36. Click OK on the confirmation dialogue.
37. Click on the create button to create request-level approval policy for Heterogeneous
Request.
38. Fill the form with the below details.
Policy Name Heterogeneous Request
Description Heterogeneous Request
Request Type Heterogeneous Request
Level Request Level
Auto Approval Checked
39. Click on Next.
40. Click on Add Simple Rule.
41. Fill the form with the below details.
Entity Request
Attribute Request Type
Condition Equals
Value Heterogeneous Request
Parent Rule Container Approval Rule
42. Click on Save.
43. Under Rule Components expand the Approval Rule. You should see it as shown below.
44. Provide a value for the Rule Name.
a. Request Rule
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
12 | P a g e
45. Click Next.
46. Click Finish.
47. Click OK on the confirmation dialogue.
48. Create Operational-Level approval policies to Grant Application Instance.
49. Fill the form with the below details.
Policy Name Prov App Instance – OL
Description Prov App Instance – OL
Request Type Provision ApplicationInstance
Level Operation Level
Auto Approval UNChecked
Approval Process Default/AddAccessApproval7.0
Scope Type Application Instance
All Scope Checked
50. Click on Next.
51. Click on Add Simple Rule.
52. Fill the form with the below details.
Entity Request
Attribute Request Type
Condition Equals
Value Provision ApplicationInstance
Parent Rule Container Approval Rule
53. Click on Save.
54. Provide a value for the Rule Name.
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
13 | P a g e
a. Operational Rule
55. Click Next.
56. Click Finish.
57. Click OK on the confirmation dialogue.
58. Create Operational-Level approval policies to Grant Role.
59. Fill the form with the below details.
Policy Name Assign Roles – OL – Custom Composite
Description Assign Roles – OL – Custom Composite
Request Type Assign Roles
Level Operation Level
Auto Approval UNChecked
Approval Process Default/AddAccessApproval7.0
Scope Type Role
All Scope Checked
60. Click on Next.
61. Click on Add Simple Rule.
62. Fill the form with the below details.
Entity Request
Attribute Request Type
Condition Equals
Value Assign Roles
Parent Rule Container Approval Rule
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
14 | P a g e
63. Click on Save.
64. Provide a value for the Rule Name.
a. Operational Rule
65. Click Next.
66. Click Finish.
67. Click OK on the confirmation dialogue.
68. Create Operational-Level approval policies to Grant Entitlement.
69. Fill the form with the below details.
Policy Name Entitlement Approval
Description Entitlement Approval
Request Type Provision Entitlement
Level Operation Level
Auto Approval UNChecked
Approval Process Default/AddAccessApproval7.0
Scope Type Application Instance
All Scope Checked
70. Click on Next.
71. Click on Add Simple Rule.
72. Fill the form with the below details.
Entity Request
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
15 | P a g e
Attribute Request Type
Condition Equals
Value Provision Entitlement
Parent Rule Container Approval Rule
73. Click on Save.
74. Provide a value for the Rule Name.
a. Operational Rule
75. Click Next.
76. Click Finish.
77. Click OK on the confirmation dialogue.
78. Click on the search button to see all the latest policies created.
Note: You can sort by the Level to get the above result in the order shown. You should have 4
Request Level Polices created (Excluding Self Reg Policy) and 3 Operation level Policies.
OIG 11G R2 Training
Oracle Proprietary - Restricted to Personal Use in an Oracle partner training class
16 | P a g e
79. Close the popup window.
80. Logout of sysadmin console and close the browser.