Matt’s book

Posted on April 1, 2009 by Mark Nelson

My colleagues Matt Wright and Antony Reynolds have released a great book on Oracle SOA Suite, available from Amazon.

Posted in Uncategorized | Tagged | Leave a comment

Single Sign On for WebCenter Interaction

Posted on April 1, 2009 by Mark Nelson

I have spent a little time recently setting up single sign on for WebCenter Interaction.

My environment is WebCenter Interaction 10.3 running on Oracle WebLogic Server 10.3 on Windows 2003 Server, with an Oracle HTTP Server (Apache 1.3) HTTP Proxy, Oracle Access Manager providing SSO, and Oracle Internet Directory as the LDAP Authentication Server.  The portal data store is the Oracle 11g Database (11.1.0.7).

There were a few issues, and the documentation does not reflect current versions, which meant I needed to rely on some assistance and a little bit of guessing in addition to the documentation.  As such, I though this would be a good piece of work to document to make it easier for others to repeat (and for the next time I need to do it!)

I would like to acknowledge assistance from the following people (alphabetical order): Clarence Cheah, Rory Douglas, Iyad Kloub, Ali Mukadam, Luke McQueen, Igor Polyakov, Tamer Qumhieh, Mike Wertzberger and Tanya Williams.

This post contains just the highlights – the stuff that is not in the documentation, or easy to work out.  Following this, I will post complete step by step instructions.

Oracle 11g Database Configuration Issue

There is an issue running WebCenter Interaction 10.3 with Oracle Database 11g.  It seems to be introduced when you install the WebCenter Identity Integration for LDAP module.  After doing this, the overnight jobs start to fail with an SQL error, the portal fails, and will no longer start.  Here is the query you may find in your log files when this happens:

SELECT
  MAX(CS.ACCESSLEVEL) AS ACCESSLEVEL,
  C.NAME,
  C.ISLOCALIZED,
  C.OBJECTID,
  MC2.MEMBERSHIPTYPE
FROM
  PTCOMMUNITIES C,
  PTCOMMSECURITY CS,
  PTVGROUPMEMBERSHIP GM,
  (SELECT
    MAX(MC.MEMBERSHIPTYPE) AS MEMBERSHIPTYPE,
    MC.COMMUNITYID
  FROM
    PTMYCOMMUNITIES MC,
    PTVGROUPMEMBERSHIP GM
  WHERE
    GM.GROUPID=MC.GROUPID
    AND GM.USERID=263
  GROUP BY
    MC.COMMUNITYID) MC2
  WHERE GM.GROUPID=CS.GROUPID
  AND GM.USERID=263
  AND C.OBJECTID=CS.OBJECTID
  AND C.OBJECTID=MC2.COMMUNITYID
GROUP BY
  C.NAME,
  C.ISLOCALIZED,
  C.OBJECTID,
  MC2.MEMBERSHIPTYPE
ORDER BY
  LOWER(C.NAME) ASC

This query will fail with the error “not a GROUP BY expression.”  Careful inspection of the query seems to indicate that it is fine.  I ran it on an Oracle 10g database and it did run successfully.  After some digging, it seems that the 11g query optimiser may be causing this issue, and the following database setting seems to fix it:

ALTER SYSTEM SET "_OPTIMIZER_GROUP_BY_PLACEMENT"=FALSE;

I also applied the 11.1.0.7 patch to the database.  I did not test this setting on 11.1.0.6, so can’t tell you if it will solve the issue on 11.1.0.6 too.

WebCenter Interaction Configuration

To make WebCenter Interaction work with the HTTP proxy, you need to make some changes to the configuration files located in <BEA_HOME>\alui\settings\portal:

In configuration.xml, you need to locate SystemProperties and change ServerName and HTTPPort to match your proxy server, as shown in the example:

    <component name="portal:SystemProperties" type="http://www.plumtree.com/config/component/types/portal/systemproperties">
       <!-- lines removed for brevity -->
       <setting name="ServerName">
            <value xsi:type="xsd:string">proxy.server</value>
       </setting>
       <setting name="HTTPPort">
            <value xsi:type="xsd:integer">8080</value>
       </setting>
       <!-- lines removed for brevity -->
    </component>

You also need to make a couple of changes in the portalconfig.xml file, which is located in <BEA_HOME>\alui\settings\portal.  The first change goes into the URLMapping component, shown below.  You need to set the ApplicationURL0 and the SecureApplicationURL0 to the URL of the proxy server, not the portal server.  These changes are highlighted below.  In the example, the proxy server is proxy.server:8080.

   <component name="portal:URLMapping" type="http://www.plumtree.com/config/component/types/portal/urlmapping">
        <!-- URLMapping - Entry 0 -->
        <setting name="URLFromRequest0">
            <value xsi:type="xsd:string">*</value>
        </setting>
        <setting name="ApplicationURL0">
            <value xsi:type="xsd:string">http://proxy.server:8080/portal/server.pt</value>
        </setting>
        <setting name="SecureApplicationURL0">
            <value xsi:type="xsd:string">http://proxy.server:8080/portal/server.pt</value>
        </setting>
        <clients>
            <client name="portal"/>
        </clients>
    </component>

The other change you need to make, it to turn on the SSO.  This is done in the Authentication component.  You need to set the SSO vendor (to 3 for Oracle Access Manager) and the cookie domain.  These are highlighted in the example below.

  <component name="portal:Authentication" type="http://www.plumtree.com/config/component/types/portal/authentication">
     <!-- lines removed for brevity -->
     <setting name="SSOVendor">
         <value xsi:type="xsd:integer">3</value>
     </setting>
     <setting name="CookieDomain">
         <value xsi:type="xsd:string">.server</value>
     </setting>
     <!-- lines removed for brevity -->
  </component>

Oracle Access Manager Configuration

When you set up the Policy Domain for the WebGate on the HTTP proxy, you need to make the following settings:

  • In the Resources tab, add a resource of type http with URL /portal.
  • In the Default Rules tab, create a Default Rule, with an Authentication post success action that redirects to /portal/SSOServlet and passes a HeaderVar called UID with the cn as its value.
  • Make sure your policy includes GET and POST for http.

Summary

These are key things that needed to be done to get this all working, which were not always easy to work out from the documentation.  I am working with a few of the others here to fully document the whole procedure, and will post that when it is done.

Posted in Uncategorized | Tagged , , , | 4 Comments

Restoring an Oracle database backup to another version of the database

Posted on December 26, 2008 by Mark Nelson

Picked up a handy little tip.  If you want to move a bunch of data from one Oracle database to another, you can use the exp and imp utilities to dump the data and restore it respectively.

But what if the two databases are different versions?  I wanted to do this recently to copy data from an 11g database into an Oracle XE 10g database on my laptop, so I could take it with me.  But the imp utility that comes with XE can’t restore the data from the dump produced by the exp utility in 11g.

What to do?  Turns out the answer was very easy!  All you have to do is use the lower version to do the dump.  So in this case, create an entry in the tnsnames.ora on the XE database, pointing to the 11g database, and then use the XE (10g) exp utility to dump the 11g database.  This dump can be easily imported into the 10g database.

Simple!

Posted in Uncategorized | Tagged , | Leave a comment

Running SOA Suite 10g on Oracle Database 11g

Posted on December 9, 2008 by Mark Nelson

This is not the first time I have gone looking for this patch, which allows you to install Oracle SOA Suite 10g with an Oracle 11g database, and I know it wont be the last.  So here is the link:

http://updates.oracle.com/download/6265268.html

This will ask you for your Metalink credentials.  Alternatively, you can just log on to metalink.oracle.com and then search for patch number 6265268.

You may have to edit the irca.bat script to update the name of the jdbc library to ojdbc5.jar, instead of ojdbc14.jar.  IRCA will ask for a Java 1.4/5 JDK.  There is usually one installed with the 11g database, in the jdk directory in the database home.

Happy installing

Posted in Uncategorized | Tagged , | Leave a comment

Calling BPEL web services from Application Express

Posted on October 30, 2008 by Mark Nelson

Just a quick post, on an issue that seems to come up a lot – how to call a BPEL web service from Application Express.  This used to be quite challenging, but now, with APEX 3.1.2, APEX can understand a lot more WSDL files, including those from BPEL, and it has also got the “manual web service” definition capability, which can help.

I used APEX 3.1.2 on Database 11g, and called a synchronous BPEL process running on SOA Suite 10.1.3.4.  The one thing I had to do to make it work, was to create a network access rule so that the APEX user could call the service.  This is done by running the following code as SYS.

DECLARE
ACL_PATH VARCHAR2(4000);
ACL_ID RAW(16);
BEGIN
-- Look for the ACL currently assigned to '*' and give FLOWS_030100
-- the "connect" privilege if FLOWS_030100 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = '*' AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL; 

-- Before checking the privilege, make sure that the ACL is valid
-- (for example, does not contain stale references to dropped users).
-- If it does, the following exception will be raised:
--
-- ORA-44416: Invalid ACL: Unresolved principal 'FLOWS_030100'
-- ORA-06512: at "XDB.DBMS_XDBZ", line ...
--
SELECT SYS_OP_R2O(extractValue(P.RES, '/Resource/XMLRef')) INTO ACL_ID
FROM XDB.XDB$ACL A, PATH_VIEW P
WHERE extractValue(P.RES, '/Resource/XMLRef') = REF(A) AND
EQUALS_PATH(P.RES, ACL_PATH) = 1; 

DBMS_XDBZ.ValidateACL(ACL_ID); 

IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, 'FLOWS_030100', 'connect')
IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
'FLOWS_030100', TRUE, 'connect');
END IF; 

EXCEPTION
-- When no ACL has been assigned to '*'.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL('power_users.xml',
'ACL that lets power users to connect to everywhere',
'FLOWS_030100', TRUE, 'connect');
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL('power_users.xml','*');
END; 
/
COMMIT;
/

After doing this, it works fine.  You can use the test feature in the web service reference page in APEX to test your web service (you may need to change the view from Icons to Details to be able to see the test button.)

Hope this helps someone out there fix this faster than I did.

Posted in Uncategorized | Tagged , | Leave a comment

Monday at OpenWorld

Posted on September 23, 2008 by Mark Nelson

Spent the day at OpenWorld today.  It is my first time.  I am doing a presentation on using a Business Process-driven approach to integrating ERP systems on Thursday with Juliana Button from Product Management.

I attended Thomas Kurian’s Middleware General Session/Keynote, where Thomas annouced Oracle Application Grid, and talked about how the Fusion Middleware products are converging into a suite that will sit on top of the Application Grid, and power the applications that we will run on it.

As Thomas spoke, I could not help but compare the Application Grid concept to mainframe computing.  I spoke to some other attendees who felt the same way.  I think that we are approaching a time when distributed computing will be able to provide the same kinds of quality of service, availability, etc. as mainframe customers have enjoyed for many years.  I am looking forward to playing with the Application Grid and experiencing its virtualisation, and service level/goal based management.  Mike Lehmann showed us a great demo of doubling the workload on a grid, and how it automatically provisioned extra capacity in the application server tier and in the Coherence data grid tier to handle the additional workload.  It even halfed the response time while running at double the transaction volume – impressive stuff.

Dave Shaffer showed us JDeveloper 11g, which he said is going to ship soon.  The SCA tooling looks really good, and Dave showed us how JDeveloper has now been integrated into Oracle Enterprise Repository, to provide easier governance and service lifecycle management, right from the IDE.  ADF 11g also looks good, and I think the new mobile development tools, and integration with Microsoft Office will be heavily used.  Dave also told us about JDeveloper having new integration with Project Management systems, including Microsoft Project.

I also attended the Database General Session today and heard about a number of great features in the Oracle 11g database, including Advanced Compression – which can save heaps of storage, and provide faster (read) query performance, and Real Application Testing, which should ease migrations and regression testing greatly.

We saw a demonstration of how Application Express can automatically migrate (most) Oracle Forms applications to Application Express, which is fantastic, I know I talk to a lot of people who have investments in Oracle Forms, and have been wanting to understand the options for moving forward.

Also visited the Exhibition Halls, which are enormous.  Was great to see how many partners show up, from the regional ones (even a few from New Zealand) through to the large multinationals like HP, IBM, EMC, VMWare and many others.

It is great to see a lot of customers and partners from New Zealand here, who have made the trip to learn more about Oracle.  I hear that the hands on labs are very good, and that you can see a lot of work has been put into them to make sure that everything works – might go and take a hands on lab or two tomorrow!

Posted in Uncategorized | Tagged , , | Leave a comment

On Becoming Process Oriented

Posted on June 26, 2008 by Mark Nelson

Today, we are witnessing a significant change in the way that businesses use Information Technology to support their needs for agility and flexibility.  Part of this is the shift from monolithic applications and Enterprise Application Integration, to Service Orientation and loose coupling.

A significant challenge in adopting a service oriented approach is the need to refocus on business processes as the key requirements of IT.  In this post, we will discuss what it means to become process oriented.  Subsequent posts will explore in detail how this is actually achieved, using Oracle software.

What is a business process?

There are many different definitions of “business process.”  For the purposes of this series of posts, we present the following definition:

“A collection of related, structured activities – a chain of events – that produce a specific product or service.”

Importantly, business processes exist at many levels in an organisation, from the high level “macro” business processes (often referred to as Level 0, Level 1, etc.) which refer to large business processes, through to low level, operational processes.  Some examples of high level business processes are “hire to retire,” “order to cash,” and “procure to pay.”  An example of an operational process is “invoice matching.”  We will explore these in later posts.

Business processes may be automated or manual.  Often, they are “coded into” application systems.  This could be as a result of acquisition of an “off the shelf” application package, which includes its own predefined business processes.  Alternatively, it may be as the result of custom development based on requirements stated at some point in time in the past.

Importantly, business processes cross organisational and systems boundaries.  This leads to a common problem of identifying process owners, and reluctance on the part of business people to own processes that are not completely contained within their own area of responsibility.  Some business processes also tend to change quite often, as a result of external and internal factors, e.g. change in regulation, a response to a competitor’s action, change of strategy, merger or acquisition, etc.

What is a Process Oriented Organisation?

There are several characteristics that distinguish a process oriented organisation.  Most importantly, they attach value to business processes, i.e. they know how much value is created by a process, and how much it costs (in time, resources, etc.) to operate that process.

They have process owners, and these people are usually in “the business,” as opposed to IT.  Many of these organisations are introducing a position in their organisation for a process manager, sometimes called a Chief Process Officer (CPO).

These organisations derive their business processes from their strategy, they understand that business processes cross organisational and system boundaries, and they seek to constantly measure and improve the performance of their business processes.

Continuous Improvement

A key aim of process oriented organisations is to continuously improve the efficiency of their business processes.  This means they need to be able to objectively measure the performance of processes using business metrics, which they can attach a value to.  These metrics could be things like “average time to process an order,” “number of employees required to process 1000 orders per day,” etc.

It is important to understand that not all processes would be focussed on for improvement.  It is normal to identify which processes have scope for signifcant improvement, and the realisable value of making such imrpovements, and then focussing efforts on those processes which provide the opportunity with the highest potential realisable value.

The cycle of continuous improvement would normally be carried out as described below:

  • Business Analysts speak to process owners, workers and other stakeholders to understand the business process,
  • Business Analysts create a model of the business process and review this with the stakeholders to ensure accuracy and agreement,
  • Business Analysts validate the model, usually using standard Operations Research methods, to ensure that it does behave like the real world process and that it can be used to make decisions about the real world process,
  • Business Analysts model various potential changes to the process, e.g. reording the process flow, adjusting resource levels, automation of some steps, etc., and test these to understand what the impact on the process woule be, e.g. in terms of cost, time, throughput, resource requirements, etc.,
  • Business Analysts produce a business case for implementation of a change to the process, based on the information produced from the modelling and simulation activities,
  • A business case approval and funding process takes place,
  • Requirements are released to IT (where appropriate) to implement the changes to the business process,
  • The performance of the business process is then monitored against the established performance indicators, to validate that the proposed value has been realised, and finally
  • We return to the beginning and do another iteration.

Finally

To wrap up this first post in this series on business processes, let us consider also that process oriented organisations tend to have higher levels of accountability and visibility within their organisations.  That is, they have a much clearer view of how their business processes are performing, often in “real” time, and they are able to hold people accountable for their performance.

Many organisations today use project based funding, i.e. funding is allocated on a project by project basis.  This can create a challenge for service and process oriented approaches, because we often see that no one project is willing to assume the extra cost of establishing infrastructure, when they will not be realising all of the value themselves.  Process modelling and orientation provide a very good mechanism for clearly demonstrating mathematically defensible business value, which can help to obtain support for “infrastructure” style business cases.

In the next post in this series, we will discuss process modelling – what it is, how we do it, and what the value of modelling is.

Posted in Uncategorized | Tagged | Leave a comment