How to share OPSS policy store between two ADF applications

[Jakub Pawłowski]

Hi,

My architecture

Managed Server 1 – BPM

Managed Server 2 – ADF BC/RC application (UI for BPM engine)

both servers belong to the same admin server.

Is it possible to use roles defined in BPM Workspace (uses OPSS) in my ADF app. OPSS policies are defined (mapping between enterprise groups and application roles) per application in separate policy store, but my requirement is populate (or better - share policy store) roles defined for BPM in Workspace or EM to ADF application, to have a single place to manage security.

[Edwin Biemond]

Hi,

I don't think it is possible.

Everything is defined in the local jazn file and it is merged to the
central jazn file.
The main item is application name and everything is defined under that
( applications roles ,pages etc)

maybe you have something as a global jazn policy which you can apply
to both applicaties.

thanks

On Dec 27 2011, 8:45 am, Jakub Pawłowski <kubapawlowsk...@gmail.com>
wrote:
> Hi,
>
>  *My architecture*

[Jakub Pawłowski]

Hi Edwin,

Policy store may be configured to use database tables - it works for us. See:

http://redstack.wordpress.com/2011/10/29/soa11g-database-as-a-policy-store/

http://docs.oracle.com/cd/E17904_01/core.1111/e10043/cfgauthr.htm#CHDHAIBJ

Our problem is that policy store is configured for application, but we need to share this policy contex between BPM Workspace (uses OPSS to managed roles) and ADF app (our BPM UI for human Tasks)

Kuba

[Jan Vervecken]

hi

(as a related question)
What is the best OTN forum to ask OPSS questions?

many thanks
Jan Vervecken

On Dec 27 2011, 8:45 am, Jakub Pawłowski <kubapawlowsk...@gmail.com>
wrote:
> Hi,
>
>  *My architecture*
>

[fnimphiu]

There is a forum WebLogic Server Security https://forums.oracle.com/forums/forum.jspa?forumID=581.
Once I am back from vacation, I can check with the OPSS PM for which
forums they monitir. However, WLS server security sounds like a good
fit

Frank

[fnimphiu]

>  Is it possible to use roles defined in BPM Workspace (uses OPSS) in my ADF
> app. OPSS policies are defined (mapping between enterprise groups and
> application roles) per application in separate policy store, but my
> requirement is populate (or better - share policy store) roles defined for
> BPM in Workspace or EM to ADF application, to have a single place to manage
> security.

I don't know how BPM defines its policies in system-jazn-data.xml (or
OID or RDBMS), but OPSS saves policies by application and if the
application name is the same for ADF and BPM then they share the same
policies. I need to do some research for how to do this in ADF (I know
that you can share policies between two ADF applications by given them
both the same application name.

Frank

[Dmitry Nefedkin]

Jakub, 

 OPSS has a feature named "Application Stripe", that's the logical partition of the policy store. So my idea is the following: with the help of FMW Control you can identify what stripe is used by Oracle BPM Workspace application and use the same stripe when you will deploy your custom ADF app using FMW Control, have a look at the doc here: http://docs.oracle.com/cd/E25054_01/core.1111/e10043/addlsecfea.htm#CHDDJEIB 

Regards,

 Dmitry

[Jakub Pawłowski]

Hi,

Wery nice idea, I'will check it and provide feedback here.

Kuba