Welcome to the Capgemini Global Business Process Management (BPM) Report. This report is an exploration of key trends in BPM as seen by CXOs across a broad selection of sectors and geographies.

BPM is perhaps at a tipping point - it’s certainly at an exciting stage in its evolution. As both an engineer and an Operational Research practitioner in my early career, and subsequently as a consultant, I have seen BPM through its development over the last 26 years. BPM has its roots in management practices such as Total Quality Management, Business Process Reengineering & Model Based Development; but the advent of the new generation of sophisticated modelling and process execution technologies has greatly enhanced BPM’s power to truly transform businesses. This has created one of the most rapidly growing and attractive market sectors for both services and technology. We see BPM as a critical management discipline that when executed against clear, cross organizational business objectives, can deliver exceptional value to that organization.

However, we also see that the potential for BPM is not well understood. Our decision to conduct this global survey stemmed from discussions with our clients. We sought to gain a better impression of their understanding of BPM, how they measure its value, and how far it is prioritized within their Business and Technology Transformation efforts. This research confirms our belief that BPM needs to be a jointly owned Business and IT discipline. It also demonstrates that it is starting to gain significant traction in the market and investments are starting to pay dividends to the early adopters. At Capgemini we are being asked by our clients to help them simplify and improve their business models and the technology that supports them and we are already seeing BPM become an integral and key part of this proposition. Business Process Management is becoming ever more relevant to both large and small organizations in the current economic climate. At a time when many different market sectors are facing slow revenue growth, customer churn and increased pressures on costs, BPM becomes a critical weapon in the battle for efficiency and effectiveness in processes.

Furthermore, in a challenging and changing business environment that is characterized by uncertainty, it allows organizations to adapt, be more agile and fleet of foot. Capgemini is seeing strong demand for BPM services in markets such as the USA, the UK, the Netherlands and France; and there are clear signs of increased interest in other geographies such as, Germany, Sweden, Spain, Italy and Australia. In sector terms, the financial services industry has led the way in BPM adoption over the recent past, driven by increased focus on customer- centricity and regulatory compliance. Other sectors, public sector, utilities, telco, retail and manufacturing are now not only catching up, but are starting o use BPM in new ways to create new business models to serve customers and outsmart the competition. The research findings also show however that this is a complex landscape, and we are not seeing adoption of BPM in a clear and consistent way. This report also looks at some of the barriers to adoption, with organizational silos being a major obstacle. Waters are further muddied by fragmented budgets, lack of clear governance and ownership and internal politics.

The objective of our investment in this research project was to shed some light on these elements with a view to assisting organizations to create strategies that avoid or at least mitigate some of these barriers to success. Management of change in such endea vours is a key part in enabling the appropriate alignment of business and technology to support their transformation efforts. I hope that you find this report of benefit in the further adoption of Business Process Management. Get the full report here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

BlogTwitterLinkedInFacebookWiki

A recent Oracle internal performance evaluation for computer-based product design demonstrated that Oracle's SPARC T5-4 server running MSC's SimManager simulation software with Oracle Database 12c consolidates the work of multiple x86 servers while delivering better overall performance.   Engineering simulation solutions have taken the center stage in helping companies design and develop innovative products while reducing physical prototyping costs, and exploring a larger design space, resulting in more design possibilities.

For this solution, a single SPARC T5-4 server running Oracle Solaris 11 was deployed to consolidate the MSC SimManager server, the Oracle Database 12c server, and the web application server onto a single platform. An automotive design workload was deployed to demonstrate how the SPARC T5-4 server can be used to consolidate the work of multiple x86 servers and deliver better overall performance while reducing complexity and achieving optimal product designs. 

PAYBACK GmbH operates the largest marketing and couponing platforms in the world—with more than 50 million subscribers in Germany, Poland, India, Italy, and Mexico. 

In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry.

I will show examples for the three protocols supported by OIF:

• SAML 2.0 SSO
• SAML 1.1 SSO
• OpenID 2.0

Enjoy the reading!

Configuration

As I mentioned in my previous article, mapping Federation Authentication Methods to OAM Authentication Schemes is protocol dependent, since the methods are defined in the various protocols (SAML 2.0, SAML 1.1, OpenID 2.0).

As such, the WLST commands to set those mappings will involve:

• Either the SP Partner Profile and affect all Partners referencing that profile, which do not override the Federation Authentication Method to OAM Authentication Scheme mappings
• Or the SP Partner entry, which will only affect the SP Partner

It is important to note that if an SP Partner is configured to define one or more Federation Authentication Method to OAM Authentication Scheme mappings, then all the mappings defined in the SP Partner Profile will be ignored.

WLST Commands

The two OIF WLST commands that can be used to define mapping Federation Authentication Methods to OAM Authentication Schemes are:

• addSPPartnerProfileAuthnMethod() to define a mapping on an SP Partner Profile, taking as parameters:
• The name of the SP Partner Profile
• The Federation Authentication Method
• The OAM Authentication Scheme name
• addSPPartnerAuthnMethod() to define a mapping on an SP Partner , taking as parameters:
• The name of the SP Partner
• The Federation Authentication Method
• The OAM Authentication Scheme name
• Note: I will discuss in a subsequent article the other parameters of those commands.

In the next sections, I will show examples on how to use those methods:

• For SAML 2.0, I will configure the SP Partner Profile, that will apply all the mappings to SP Partners referencing this profile, unless they override mapping definition
• For SAML 1.1, I will configure the SP Partner.
• For OpenID 2.0, I will configure the SP/RP Partner

SAML 2.0

Test Setup

In this setup, OIF is acting as an IdP and is integrated with a remote SAML 2.0 SP partner identified by AcmeSP.

In this test, I will perform Federation SSO with OIF/IdP configured to:

• Use LDAPScheme as the Authentication Scheme
• Use BasicScheme as the Authentication Scheme
• Map BasicSessionScheme  to  the urn:oasis:names:tc:SAML:2.0:ac:classes:Password Federation Authentication Method
• Use OAMLDAPPluginAuthnScheme as the Authentication Scheme
• Map OAMLDAPPluginAuthnScheme to  the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method

LDAPScheme as Authentication Scheme

Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme.

Also the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme.

After authentication via FORM, OIF/IdP would issue an Assertion similar to:

<samlp:Response ...>
    <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion ...>
        <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
        <dsig:Signature>
            ...
        </dsig:Signature>
        <saml:Subject>
            <saml:NameID ...>bob@oracle.com</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData .../>
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z">
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>
                   urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
                </saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
    </saml:Assertion>
</samlp:Response>

BasicScheme as Authentication Scheme

For this test, I will switch the default Authentication Scheme for the SP Partner Profile to BasicScheme instead of LDAPScheme. I will use the OIF WLST setSPPartnerProfileDefaultScheme() command and specify which scheme to be used as the default for the SP Partner Profile referenced by AcmeSP (which is saml20-sp-partner-profile in this case: getFedPartnerProfile("AcmeSP", "sp") ):

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the setSPPartnerProfileDefaultScheme() command:
  setSPPartnerProfileDefaultScheme("saml20-sp-partner-profile", "BasicScheme")
• Exit the WLST environment:
  exit()

The user will now be challenged via HTTP Basic Authentication defined in the BasicScheme for AcmeSP.

Also, as noted earlier, the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme.

After authentication via HTTP Basic Authentication, OIF/IdP would issue an Assertion similar to:

<samlp:Response ...>
    <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion ...>
        <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
        <dsig:Signature>
            ...
        </dsig:Signature>
        <saml:Subject>
            <saml:NameID ...>bob@oracle.com</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData .../>
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z">
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>
                   urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
                </saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
    </saml:Assertion>
</samlp:Response>

Mapping BasicScheme

To change the Federation Authentication Method mapping for the BasicScheme to urn:oasis:names:tc:SAML:2.0:ac:classes:Password instead of urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport for the saml20-sp-partner-profile SAML 2.0 SP Partner Profile (the profile to which my AcmeSP Partner is bound to), I will execute the addSPPartnerProfileAuthnMethod() method:

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the addSPPartnerProfileAuthnMethod() command:
  addSPPartnerProfileAuthnMethod("saml20-sp-partner-profile", "urn:oasis:names:tc:SAML:2.0:ac:classes:Password", "BasicScheme")
• Exit the WLST environment:
  exit()

After authentication via HTTP Basic Authentication, OIF/IdP would now issue an Assertion similar to (see that the AuthnContextClassRef was changed from PasswordProtectedTransport to Password):

<samlp:Response ...>
    <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion ...>
        <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
        <dsig:Signature>
            ...
        </dsig:Signature>
        <saml:Subject>
            <saml:NameID ...>bob@oracle.com</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData .../>
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z">
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>
                   urn:oasis:names:tc:SAML:2.0:ac:classes:Password
                </saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
    </saml:Assertion>
</samlp:Response>

OAMLDAPPluginAuthnScheme as Authentication Scheme

For this test, I will switch the default Authentication Scheme for the SP Partner Profile to OAMLDAPPluginAuthnScheme instead of BasicScheme. I will use the OIF WLST setSPPartnerProfileDefaultScheme() command and specify which scheme to be used as the default for the SP Partner Profile referenced by AcmeSP (which is saml20-sp-partner-profile in this case: getFedPartnerProfile("AcmeSP", "sp") ):

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the setSPPartnerProfileDefaultScheme() command:
  setSPPartnerProfileDefaultScheme("saml20-sp-partner-profile", "OAMLDAPPluginAuthnScheme")
• Exit the WLST environment:
  exit()

The user will now be challenged via FORM defined in the OAMLDAPPluginAuthnScheme for AcmeSP.

Contrarily to LDAPScheme and BasicScheme, the OAMLDAPPluginAuthnScheme is not mapped by default to any Federation Authentication Methods. As such, OIF/IdP will not be able to find a Federation Authentication Method and will set the method in the SAML Assertion to the OAM Authentication Scheme name.

After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthnContextClassRef set to OAMLDAPPluginAuthnScheme):

<samlp:Response ...>
    <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion ...>
        <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
        <dsig:Signature>
            ...
        </dsig:Signature>
        <saml:Subject>
            <saml:NameID ...>bob@oracle.com</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData .../>
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z">
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>
OAMLDAPPluginAuthnScheme
                </saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
    </saml:Assertion>
</samlp:Response>

Mapping OAMLDAPPluginAuthnScheme

To add the OAMLDAPPluginAuthnScheme  to the Federation Authentication Method urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport mapping, I will execute the addSPPartnerProfileAuthnMethod() method:

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the addSPPartnerProfileAuthnMethod() command:
  addSPPartnerProfileAuthnMethod("saml20-sp-partner-profile", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "OAMLDAPPluginAuthnScheme")
• Exit the WLST environment:
  exit()

After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from OAMLDAPPluginAuthnScheme to PasswordProtectedTransport):

<samlp:Response ...>
    <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </samlp:Status>
    <saml:Assertion ...>
        <saml:Issuer ...>https://idp.com/oam/fed</saml:Issuer>
        <dsig:Signature>
            ...
        </dsig:Signature>
        <saml:Subject>
            <saml:NameID ...>bob@oracle.com</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData .../>
            </saml:SubjectConfirmation>
        </saml:Subject>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthnInstant="2014-03-21T20:53:55Z" SessionIndex="id-6i-Dm0yB-HekG6cejktwcKIFMzYE8Yrmqwfd0azz" SessionNotOnOrAfter="2014-03-21T21:53:55Z">
            <saml:AuthnContext>
                <saml:AuthnContextClassRef>
                   urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
                </saml:AuthnContextClassRef>
            </saml:AuthnContext>
        </saml:AuthnStatement>
    </saml:Assertion>
</samlp:Response>

SAML 1.1

Test Setup

In this setup, OIF is acting as an IdP and is integrated with a remote SAML 1.1 SP partner identified by AcmeSP.

In this test, I will perform Federation SSO with OIF/IdP configured to:

• Use LDAPScheme as the Authentication Scheme
• Use OAMLDAPPluginAuthnScheme as the Authentication Scheme
• Map OAMLDAPPluginAuthnScheme to  the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method
• Use LDAPScheme as the Authentication Scheme
• Map LDAPScheme to  the urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Federation Authentication Method

LDAPScheme as Authentication Scheme

Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme.

Also the default Federation Authentication Method mappings configuration maps only the urn:oasis:names:tc:SAML:1.0:am:password to LDAPScheme (also marked as the default scheme used for authentication), FAAuthScheme, BasicScheme and BasicFAScheme.

After authentication via FORM, OIF/IdP would issue an Assertion similar to:

<samlp:Response ...>
    <samlp:Status>
        <samlp:StatusCode Value="samlp:Success"/>
    </samlp:Status>
    <saml:Assertion Issuer="https://idp.com/oam/fed" ...>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp/ssov11</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
            <saml:Subject>
                <saml:NameIdentifier ...>bob@oracle.com</saml:NameIdentifier>
                <saml:SubjectConfirmation>
                   <saml:ConfirmationMethod>
                       urn:oasis:names:tc:SAML:1.0:cm:bearer
                   </saml:ConfirmationMethod>
                </saml:SubjectConfirmation>
            </saml:Subject>
        </saml:AuthnStatement>
        <dsig:Signature>
            ...
        </dsig:Signature>
    </saml:Assertion>
</samlp:Response>

OAMLDAPPluginAuthnScheme as Authentication Scheme

For this test, I will switch the default Authentication Scheme for the SP Partner to OAMLDAPPluginAuthnScheme instead of LDAPScheme. I will use the OIF WLST setSPPartnerDefaultScheme() command and specify which scheme to be used as the default for the SP Partner:

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the setSPPartnerDefaultScheme() command:
  setSPPartnerDefaultScheme("AcmeSP", "OAMLDAPPluginAuthnScheme")
• Exit the WLST environment:
  exit()

The user will be challenged via FORM defined in the OAMLDAPPluginAuthnScheme for AcmeSP.

Contrarily to LDAPScheme, the OAMLDAPPluginAuthnScheme is not mapped by default to any Federation Authentication Methods (in the SP Partner Profile). As such, OIF/IdP will not be able to find a Federation Authentication Method and will set the method in the SAML Assertion to the OAM Authentication Scheme name.

After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthenticationMethod set to OAMLDAPPluginAuthnScheme):

<samlp:Response ...>
    <samlp:Status>
        <samlp:StatusCode Value="samlp:Success"/>
    </samlp:Status>
    <saml:Assertion Issuer="https://idp.com/oam/fed" ...>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp/ssov11</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="OAMLDAPPluginAuthnScheme">
            <saml:Subject>
                <saml:NameIdentifier ...>bob@oracle.com</saml:NameIdentifier>
                <saml:SubjectConfirmation>
                   <saml:ConfirmationMethod>
                       urn:oasis:names:tc:SAML:1.0:cm:bearer
                   </saml:ConfirmationMethod>
                </saml:SubjectConfirmation>
            </saml:Subject>
        </saml:AuthnStatement>
        <dsig:Signature>
            ...
        </dsig:Signature>
    </saml:Assertion>
</samlp:Response>

Mapping OAMLDAPPluginAuthnScheme

To map the OAMLDAPPluginAuthnScheme  to the Federation Authentication Method urn:oasis:names:tc:SAML:1.0:am:password for this SP Partner only, I will execute the addSPPartnerAuthnMethod() method:

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the addSPPartnerAuthnMethod() command:
  addSPPartnerAuthnMethod("AcmeSP", "urn:oasis:names:tc:SAML:1.0:am:password", "OAMLDAPPluginAuthnScheme")
• Exit the WLST environment:
  exit()

After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from OAMLDAPPluginAuthnScheme to password):

<samlp:Response ...>
    <samlp:Status>
        <samlp:StatusCode Value="samlp:Success"/>
    </samlp:Status>
    <saml:Assertion Issuer="https://idp.com/oam/fed" ...>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp/ssov11</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
            <saml:Subject>
                <saml:NameIdentifier ...>bob@oracle.com</saml:NameIdentifier>
                <saml:SubjectConfirmation>
                   <saml:ConfirmationMethod>
                       urn:oasis:names:tc:SAML:1.0:cm:bearer
                   </saml:ConfirmationMethod>
                </saml:SubjectConfirmation>
            </saml:Subject>
        </saml:AuthnStatement>
        <dsig:Signature>
            ...
        </dsig:Signature>
    </saml:Assertion>
</samlp:Response>

LDAPScheme as Authentication Scheme

I will now show that by defining a Federation Authentication Mapping at the Partner level, this now ignores all mappings defined at the SP Partner Profile level.

For this test, I will switch the default Authentication Scheme for this SP Partner back to LDAPScheme, and the Assertion issued by OIF/IdP will not be able to map this LDAPScheme to a Federation Authentication Method anymore, since

• A Federation Authentication Method mapping is defined at the SP Partner level and thus the mappings defined at the SP Partner Profile are ignored
• The LDAPScheme is not listed in the mapping at the Partner level

I will use the OIF WLST setSPPartnerDefaultScheme() command and specify which scheme to be used as the default for this SP Partner:

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the setSPPartnerDefaultScheme() command:
  setSPPartnerDefaultScheme("AcmeSP", "LDAPScheme")
• Exit the WLST environment:
  exit()

After authentication via FORM, OIF/IdP would issue an Assertion similar to (see the AuthenticationMethod set to LDAPScheme):

<samlp:Response ...>
    <samlp:Status>
        <samlp:StatusCode Value="samlp:Success"/>
    </samlp:Status>
    <saml:Assertion Issuer="https://idp.com/oam/fed" ...>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp/ssov11</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="LDAPScheme">
            <saml:Subject>
                <saml:NameIdentifier ...>bob@oracle.com</saml:NameIdentifier>
                <saml:SubjectConfirmation>
                   <saml:ConfirmationMethod>
                       urn:oasis:names:tc:SAML:1.0:cm:bearer
                   </saml:ConfirmationMethod>
                </saml:SubjectConfirmation>
            </saml:Subject>
        </saml:AuthnStatement>
        <dsig:Signature>
            ...
        </dsig:Signature>
    </saml:Assertion>
</samlp:Response>

Mapping LDAPScheme at Partner Level

To fix this issue, we will need to add the LDAPScheme  to the Federation Authentication Method urn:oasis:names:tc:SAML:1.0:am:password mapping for this SP Partner only. I will execute the addSPPartnerAuthnMethod() method:

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the addSPPartnerAuthnMethod() command:
  addSPPartnerAuthnMethod("AcmeSP", "urn:oasis:names:tc:SAML:1.0:am:password", "LDAPScheme")
• Exit the WLST environment:
  exit()

After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from LDAPScheme to password):

<samlp:Response ...>
    <samlp:Status>
        <samlp:StatusCode Value="samlp:Success"/>
    </samlp:Status>
    <saml:Assertion Issuer="https://idp.com/oam/fed" ...>
        <saml:Conditions ...>
            <saml:AudienceRestriction>
                <saml:Audience>https://acme.com/sp/ssov11</saml:Audience>
            </saml:AudienceRestriction>
        </saml:Conditions>
        <saml:AuthnStatement AuthenticationInstant="2014-03-21T20:53:55Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
            <saml:Subject>
                <saml:NameIdentifier ...>bob@oracle.com</saml:NameIdentifier>
                <saml:SubjectConfirmation>
                   <saml:ConfirmationMethod>
                       urn:oasis:names:tc:SAML:1.0:cm:bearer
                   </saml:ConfirmationMethod>
                </saml:SubjectConfirmation>
            </saml:Subject>
        </saml:AuthnStatement>
        <dsig:Signature>
            ...
        </dsig:Signature>
    </saml:Assertion>
</samlp:Response>

OpenID 2.0

In the OpenID 2.0 flows, the RP must request use of PAPE, in order for OIF/IdP/OP to include PAPE information.

For OpenID 2.0, the configuration will involve mapping a list of OpenID 2.0 policies to a list of Authentication Schemes. The WLST command will take a list of policies, delimited by the ',' character, instead of SAML 2.0 or SAML 1.1 where a single Federation Authentication Method had to be specified.

Test Setup

In this setup, OIF is acting as an IdP/OP and is integrated with a remote OpenID 2.0 SP/RP partner identified by AcmeRP.

In this test, I will perform Federation SSO with OIF/IdP configured to:

• Use LDAPScheme as the Authentication Scheme
• Map LDAPScheme to  the http://schemas.openid.net/pape/policies/2007/06/phishing-resistant and http://openid-policies/password-protected policies Federation Authentication Methods (the second one is a custom for this use case)

LDAPScheme as Authentication Scheme

Using the OOTB settings regarding user authentication in OAM, the user will be challenged via a FORM based login page based on the LDAPScheme.

No Federation Authentication Method is defined OOTB for OpenID 2.0, so if the IdP/OP issue an SSO response with a PAPE Response element, it will specify the scheme name instead of Federation Authentication Methods

After authentication via FORM, OIF/IdP would issue an SSO Response similar to:

https://acme.com/openid?refid=id-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fidp.com%2Fopenid&openid.claimed_id=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.identity=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.return_to=https%3A%2F%2Facme.com%2Fopenid%3Frefid%3Did-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.response_nonce=2014-03-24T19%3A20%3A06Zid-YPa2kTNNFftZkgBb460jxJGblk2g--iNwPpDI7M1&openid.assoc_handle=id-6a5S6zhAKaRwQNUnjTKROREdAGSjWodG1el4xyz3&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.mode=fetch_response&openid.ax.type.attr0=http%3A%2F%2Fsession%2Fcount&openid.ax.value.attr0=1&openid.ax.type.attr1=http%3A%2F%2Fopenid.net%2Fschema%2FnamePerson%2Ffriendly&openid.ax.value.attr1=My+name+is+Bobby+Smith&openid.ax.type.attr2=http%3A%2F%2Fschemas.openid.net%2Fax%2Fapi%2Fuser_id&openid.ax.value.attr2=bob&openid.ax.type.attr3=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ax.value.attr3=bob%40oracle.com&openid.ax.type.attr4=http%3A%2F%2Fsession%2Fipaddress&openid.ax.value.attr4=10.145.120.253&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_time=2014-03-24T19%3A20%3A05Z&openid.pape.auth_policies=LDAPScheme&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ax%2Cax.mode%2Cax.type.attr0%2Cax.value.attr0%2Cax.type.attr1%2Cax.value.attr1%2Cax.type.attr2%2Cax.value.attr2%2Cax.type.attr3%2Cax.value.attr3%2Cax.type.attr4%2Cax.value.attr4%2Cns.pape%2Cpape.auth_time%2Cpape.auth_policies&openid.sig=mYMgbGYSs22l8e%2FDom9NRPw15u8%3D

Mapping LDAPScheme

To map the LDAP Scheme to the http://schemas.openid.net/pape/policies/2007/06/phishing-resistant and http://openid-policies/password-protected policies Federation Authentication Methods, I will execute the addSPPartnerAuthnMethod() method (the policies will be comma separated):

• Enter the WLST environment by executing:
  $IAM_ORACLE_HOME/common/bin/wlst.sh
• Connect to the WLS Admin server:
  connect()
• Navigate to the Domain Runtime branch:
  domainRuntime()
• Execute the addSPPartnerAuthnMethod() command:
  addSPPartnerAuthnMethod("AcmeRP", "http://schemas.openid.net/pape/policies/2007/06/phishing-resistant,http://openid-policies/password-protected", "LDAPScheme")
• Exit the WLST environment:
  exit()

After authentication via FORM, OIF/IdP would now issue an Assertion similar to (see that the method was changed from LDAPScheme to the two policies):

https://acme.com/openid?refid=id-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fidp.com%2Fopenid&openid.claimed_id=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.identity=https%3A%2F%2Fidp.com%2Fopenid%3Fid%3Did-38iCmmlAVEXPsFjnFVKArfn5RIiF75D5doorhEgqqPM%3D&openid.return_to=https%3A%2F%2Facme.com%2Fopenid%3Frefid%3Did-9PKVXZmRxAeDYcgLqPm36ClzOMA-&openid.response_nonce=2014-03-24T19%3A20%3A06Zid-YPa2kTNNFftZkgBb460jxJGblk2g--iNwPpDI7M1&openid.assoc_handle=id-6a5S6zhAKaRwQNUnjTKROREdAGSjWodG1el4xyz3&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ax.mode=fetch_response&openid.ax.type.attr0=http%3A%2F%2Fsession%2Fcount&openid.ax.value.attr0=1&openid.ax.type.attr1=http%3A%2F%2Fopenid.net%2Fschema%2FnamePerson%2Ffriendly&openid.ax.value.attr1=My+name+is+Bobby+Smith&openid.ax.type.attr2=http%3A%2F%2Fschemas.openid.net%2Fax%2Fapi%2Fuser_id&openid.ax.value.attr2=bob&openid.ax.type.attr3=http%3A%2F%2Faxschema.org%2Fcontact%2Femail&openid.ax.value.attr3=bob%40oracle.com&openid.ax.type.attr4=http%3A%2F%2Fsession%2Fipaddress&openid.ax.value.attr4=10.145.120.253&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.auth_time=2014-03-24T19%3A20%3A05Z&openid.pape.auth_policies=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fphishing-resistant+http%3A%2F%2Fopenid-policies%2Fpassword-protected&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle%2Cns.ax%2Cax.mode%2Cax.type.attr0%2Cax.value.attr0%2Cax.type.attr1%2Cax.value.attr1%2Cax.type.attr2%2Cax.value.attr2%2Cax.type.attr3%2Cax.value.attr3%2Cax.type.attr4%2Cax.value.attr4%2Cns.pape%2Cpape.auth_time%2Cpape.auth_policies&openid.sig=mYMgbGYSs22l8e%2FDom9NRPw15u8%3D

In the next article, I will cover how OIF/IdP can be configured so that an SP can request a specific Federation Authentication Method to challenge the user during Federation SSO.
Cheers,
Damien Carru

Tnsnames.ora [DOCS] is a configuration file for SQL*Net that describes the network service names for the databases in your organization. Basically, it tells Oracle applications how to find your databases.

This post is just a quick overview on how to get SQL Developer to ‘see’ this file and define a connection.

There’s only a single prerequisite for having SQL Devleoper setup such that it can use TNSNAMES to connect:

1. You have somewhere a tnsnames.ora file

You don’t need a client, instant or otherwise, on your machine. You just need the file.

Now, if you DO you have a client or HOME on your machine, SQL Developer will look for those and find the tnsnames file for you. IF we can’t find it at the usual places, you can simply tell us where it is via this preference:

On the Database – Advanced page

Once you’ve done this, assuming you have a file (or 10) in that directory, we’ll read it, parse it, and list the entries in the connection dialog.

The File(s)

That’s right, files. Just like SQL*Plus, we’ll read any file that starts with ‘tnsnames’ – that includes files you’ve renamed to .bak or .old. Kris talks about that more here. I have just the one, which is all I need anyway.

There we go!

Defining the Connection

Just set the connection type to TNS.

This is a lot easier to do than manually defining the connections – esp as they’re likely to frequently change in ‘the real world.’

No Client or Home Required

That’s right. You don’t need an Oracle Client or $ORACLE_HOME to have SQL Developer see and read a TNS file.

Just so you know I’m not cheating…

SQL Dev doesn’t know which client to use and won’t use it even if it DID know…

I’m able to define a new connection AND connect with these preferences ON|OFF.

The list below is comprised of the Top 10 most popular articles, blog posts, videos, and other content shared over the last seven days with the more than 5,100 people fans of the OTN ArchBeat Facebook Page.

1. What is REST? | Maarten Smeets
   "Most Middleware developers will encounter RESTful services," says Oracle SOA / BPM / Java integration specialist Maarten Smeets. "It is good to understand what they are, what they should be and how they work." His extensive post will help you achieve that understanding.
2. Integrating with Fusion Applications using SOAP web services and REST APIs | Arvind Srinivasamoorth
   This article, part one of Arvind Srinivasamoorth's two-part series on Integrating with Fusion Applications using SOAP web services and REST APIs, shows you how to identify the Fusion Applications SOAP web service to be invoked.
3. Oracle Technology Network | Architect Community
   Have you visited the OTN Solution Architect homepage lately? I've just updated it with information about the big OTN Virtual Tech Summit on July 9, plus the latest OTN tech articles, and a fresh list of community videos and podcasts. Check it out!
4. Starting and Stopping a Java EE Environment when using Oracle WebLogic | Rene van Wijk
   Oracle ACE Director and Oracle Fusion Middleware specialist Rene van Wijk explores ways to simplify the life-cycle management of a Java EE environment through the use of scripts developed with WebLogic Scripting Tool and Linux Bash.
5. Application Composer Series: Where and When to use Groovy | Richard Bingham
   Richard Bingham describes his post as "more of a reference than an article." The post is comprised of a table that highlights where you can add your own custom logic via Groovy code and when you might use the various features.
6. Kscope 2014: HFM Metadata Diagnostics | Eric Erikson
   Oracle Certified Hyperion Financial Management Specialist Eric Erikson will present three sessions at ODTUG Kscope 2014, June 22-26 in Seattle. Why should you care? Watch the video.
7. Tuning Asynchronous Web Services in Fusion Applications | Jian Liang
   This article, the fourth in solution architect Jian Liang's five-part series on Fusion Applications and asynchronous Web Services, shows you how to conduct performance tuning of the asynchronous web services in relation to Fusion Applications.
8. IDM FA Integration Flows | Thiago Leoncio
   Fusion Applications uses the Oracle Identity Management for its identity store and policy store by default. This article by solution architect Thiago Leoncio explains how user and role flows work from different points of view, using key IDM products for each flow in detail.
9. GoldenGate and Oracle Data Integrator - A Perfect Match in 12c... Part 1: Getting Started | Michael Rainey
   Michael Rainey has already written extensively about about integration between Oracle Data Integrator and GoldenGate -- but he's not done. "With the release of the 12c versions of ODI and GoldenGate last October, and a soon-to-be-updated reference architecture, it’s time to write a few posts on the subject again, " he says. Here's the first of those posts.
10. Video: Kscope 2014 Preview: Tim Tow on Essbase Java API and ODTUG Community
    Oracle ACE Director and ODTUG board member Tim Tow talks about his Kscope 2014 sessions focused on the Essbase Java API in this short video interview.

AT&T es una de las pocas multinacionales modernas que han participado de todas las etapas anteriores de la innovación de las telecomunicaciones, de Alexander Graham Bell como inventor solitario, a Bell Labs, a los lanzamientos acelerados en las fundiciones de AT&T. La tecnología es el corazón de todo lo que AT&T hace, incluyendo sus inversiones en innovaciones tecnológicas para permitir que las finanzas de AT&T trabajen más estratégicamente con los negocios para asegurar que las inversiones en las iniciativas de crecimiento sean exitosas.

Según John Stephens, Vicepresidente Ejecutivo y director financiero de AT&T, la empresa ha trazado un plan de inversión de tres años para mejorar y aumentar sus redes IP de banda ancha alámbricas e inalámbricas.

El plan incluye la implementación del servicio 4G LTE para 300 millones de personas en los Estados Unidos, expansión de IP de banda ancha de alta velocidad a unos 57 millones de hogares de clientes y una expansión de la fibra a 1 millón de clientes corporativos adicionales en su área de servicio de telefonía fija.

"La necesidad de velocidad es mayor que nunca, y este proyecto es nuestro paso hacia la innovación para ofrecer tal velocidad," dice Stephens.

Como AT&T moderniza su infraestructura global, sus procesos operacionales se hacen tan poderosos como su red. Ha sido una tarea grande y compleja, pero Stephens se complace al decir que el departamento de finanzas de AT&T ha adoptado su papel de catalizador corporativo. Empezó con un concepto simple:"Vamos a hacer que todos hablen en el mismo idioma". Esto llevó a la consolidación de sistemas financieros heredados de las empresas adquiridas. No fue una tarea sencilla, dado que la empresa pasó por más de cinco adquisiciones importantes y un sinfín de otras transacciones. En 2007, AT&T tenía 17 aplicaciones apenas en la función de cuentas por pagar.

Hoy, el número se ha reducido a dos. Asimismo, hubo 50 sistemas de reportes gerenciales oficiales y ahora hay tres, con planes de excluir uno de ellos. Al tener unúnico lenguaje volcado a las Finanzas en toda la empresa, el equipo de finanzas de AT&T ha eliminado las varias versiones de los mismos datos, reduciendo la posible confusión en las discusiones y en las decisiones de estrategia de negocios. Estos pasos también han reducido los costos y aceleraron la toma de decisiones.

"Lo lindo de los sistemas es que permiten que la gente talentosa con habilidades analíticas usen su tiempo en esa zona, en vez de gastar tiempo en recolección, agregación y organización de los datos," señala Stephens. "Tenemos un proceso eficiente y eficaz que hace que nosotros, dejemos a la gente libre para dedicarse a aquello en que son realmente buenos. Y tenemos un equipo de alta calidad y ellos están en su mejor punto cuando son capaces de hacer su función para apoyar a la unidad de negocio”AT&T es una de las pocas multinacionales modernas que han participado de todas las etapas anteriores de la innovación de las telecomunicaciones, de Alexander Graham Bell como inventor solitario, a Bell Labs, a los lanzamientos acelerados en las fundiciones de AT&T. La tecnología es el corazón de todo lo que AT&T hace, incluyendo sus inversiones en innovaciones tecnológicas para permitir que las finanzas de AT&T trabajen más estratégicamente con los negocios para asegurar que las inversiones en las iniciativas de crecimiento sean exitosas. 

Según John Stephens, Vicepresidente Ejecutivo y director financiero de AT&T, la empresa ha trazado un plan de inversión de tres años para mejorar y aumentar sus redes IP de banda ancha alámbricas e inalámbricas.

El plan incluye la implementación del servicio 4G LTE para 300 millones de personas en los Estados Unidos, expansión de IP de banda ancha de alta velocidad a unos 57 millones de hogares de clientes y una expansión de la fibra a 1 millón de clientes corporativos adicionales en su área de servicio de telefonía fija.

"La necesidad de velocidad es mayor que nunca, y este proyecto es nuestro paso hacia la innovación para ofrecer tal velocidad," dice Stephens.

Como AT&T moderniza su infraestructura global, sus procesos operacionales se hacen tan poderosos como su red. Ha sido una tarea grande y compleja, pero Stephens se complace al decir que el departamento de finanzas de AT&T ha adoptado su papel de catalizador corporativo. Empezó con un concepto simple:"Vamos a hacer que todos hablen en el mismo idioma". Esto llevó a la consolidación de sistemas financieros heredados de las empresas adquiridas. No fue una tarea sencilla, dado que la empresa pasó por más de cinco adquisiciones importantes y un sinfín de otras transacciones. En 2007, AT&T tenía 17 aplicaciones apenas en la función de cuentas por pagar.

Hoy, el número se ha reducido a dos. Asimismo, hubo 50 sistemas de reportes gerenciales oficiales y ahora hay tres, con planes de excluir uno de ellos. Al tener unúnico lenguaje volcado a las Finanzas en toda la empresa, el equipo de finanzas de AT&T ha eliminado las varias versiones de los mismos datos, reduciendo la posible confusión en las discusiones y en las decisiones de estrategia de negocios. Estos pasos también han reducido los costos y aceleraron la toma de decisiones.

"Lo lindo de los sistemas es que permiten que la gente talentosa con habilidades analíticas usen su tiempo en esa zona, en vez de gastar tiempo en recolección, agregación y organización de los datos," señala Stephens. "Tenemos un proceso eficiente y eficaz que hace que nosotros, dejemos a la gente libre para dedicarse a aquello en que son realmente buenos. Y tenemos un equipo de alta calidad y ellos están en su mejor punto cuando son capaces de hacer su función para apoyar a la unidad de negocio”

Happy Friday, everyone!

Our Spotlight this week is on a fantastic new article by Oracle's Robert Chase and posted on Oracle Technology Network. The article steps through, with command line examples, several strategies for tracking down network connectivity issues. From the article:

"When applications that use network connectivity for communication are not working, the cause is often a mystery. Despite advances in modern operating systems, many users believe there is no way to directly "see" what's going over the wire, and that often leads to confusion and difficulties when something goes wrong.

The reality is that you can actually see what's going over the wire, and there are a number of tools built into Oracle Linux for troubleshooting network issues. This article will help solve some of the mystery and make network connectivity a bit more user friendly."

I highly recommend checking this article out, it's a good one!

Network Troubleshooting with Oracle Linux 

We'll see you next week!

-Chris 

When you need to connect to Amazon Web Services, NetBeans IDE gives you a nice start. You can drag and drop the "itemSearch" service into a Java source file and then various Amazon files are generated for you.

From there, you need to do a little bit of work because the request to Amazon needs to be signed before it can be used.

Here are some references and places that got me started:

• http://associates-amazon.s3.amazonaws.com/signed-requests/helper/index.html
• http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html
• https://affiliate-program.amazon.com/gp/flex/advertising/api/sign-in.html

You definitely need to sign up to the Amazon Associates program and also register/create an Access Key ID, which will also get you a Secret Key, as well.

Here's a simple Main class that I created that hooks into the generated RestConnection/RestResponse code created by NetBeans IDE:

public static void main(String[] args) {
    try {
        String searchIndex = "Books";
        String keywords = "Romeo and Juliet";
        RestResponse result = AmazonAssociatesService.itemSearch(searchIndex, keywords);
        String dataAsString = result.getDataAsString();
        int start = dataAsString.indexOf("<Author>")+8;
        int end = dataAsString.indexOf("</Author>");
        System.out.println(dataAsString.substring(start,end));
    } catch (Exception ex) {
        ex.printStackTrace();
    }
}

Then I deleted the generated properties file and the authenticator and changed the generated AmazonAssociatesService.java file to the following:

public class AmazonAssociatesService {
    private static void sleep(long millis) {
        try {
            Thread.sleep(millis);
        } catch (Throwable th) {
        }
    }
    public static RestResponse itemSearch(String searchIndex, String keywords) throws IOException {
        SignedRequestsHelper helper;
        RestConnection conn = null;
        Map queryMap = new HashMap();
        queryMap.put("Service", "AWSECommerceService");
        queryMap.put("AssociateTag", "myAssociateTag");
        queryMap.put("AWSAccessKeyId", "myAccessKeyId");
        queryMap.put("Operation", "ItemSearch");
        queryMap.put("SearchIndex", searchIndex);
        queryMap.put("Keywords", keywords);
        try {
            helper = SignedRequestsHelper.getInstance(
                    "ecs.amazonaws.com",
                    "myAccessKeyId",
                    "mySecretKey");
            String sign = helper.sign(queryMap);
            conn = new RestConnection(sign);
        } catch (IllegalArgumentException | UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException ex) {
        }
        sleep(1000);
        return conn.get(null);
    }
}

Finally, I copied this class into my application, which you can see is referred to above:

http://code.google.com/p/amazon-product-advertising-api-sample/source/browse/src/com/amazon/advertising/api/sample/SignedRequestsHelper.java

Here's the completed app, mostly generated via the drag/drop shown at the start, but slightly edited as shown above:

That's all, now everything works as you'd expect.

Problem Statement

With many Oracle WebCenter Sites environments - how do you know if the various configuration assets and settings are in sync across all of those environments?

Background

At Oracle we typically have a "W" shaped set of environments. 

For the "Production" environments we typically have a disaster recovery clone as well and sometimes additional QA environments alongside the production management environment. In the case of www.java.com we have 10 different environments.

All configuration assets/settings (CSElements, Templates, Start Menus etc..) start life on the Development Management environment and are then published downstream to other environments as part of the software development lifecycle.

Ensuring that each of these 10 environments has the same set of Templates, CSElements, StartMenus, TreeTabs etc.. is impossible to do efficiently without automation.

Solution Summary 

The solution comprises of two components.

1. A JSON data feed from each environment.
2. A simple HTML page that consumes these JSON data feeds. 

Data Feed:

• Create a JSON WebService on each environment.
• The WebService is no more than a SiteEntry + CSElement.
• The CSElement queries various DB tables to obtain details of the assets/settings returning this data in a JSON feed.

Report:

• Create a simple HTML page that uses JQuery to fetch the JSON feed from each environment and display the results in a table.
• Since all assets (CSElements, Templates etc..) are published between environments they will have the same last modified date. If the last modified date of an asset is different in the JSON feed or is mising from an environment entirely then highlight that in the report table.

<ics:sql sql="SELECT name,updateddate FROM Template WHERE status != 'VO'"
    listname="TemplateList" table="Template" />"templates": [<ics:listloop listname="TemplateList">{"name":"<ics:listget listname="TemplateList" fieldname="name"/>","modified":"<ics:listget listname="TemplateList" fieldname="updateddate"/>"},</ics:listloop>
],

ENVS['dev-mgmngt'] = 'http://dev-mngmnt.example.com/sites/ContentServer?d=&pagename=settings.json';
ENVS['dev-dlvry'] = 'http://dev-dlvry.example.com/sites/ContentServer?d=&pagename=settings.json'; 
ENVS['test-mngmnt'] = 'http://test-mngmnt.example.com/sites/ContentServer?d=&pagename=settings.json'; 
ENVS['test-dlvry'] = 'http://test-dlvry.example.com/sites/ContentServer?d=&pagename=settings.json';  

function getDataForEnvironment(url){
  return $.ajax({
    type: 'GET',
    url: url,
    dataType: 'jsonp',
    beforeSend: function (jqXHR, settings){
      jqXHR.originalEnv = env;
      jqXHR.originalUrl = url;    },    success: function(json, status, jqXHR) {
      console.log('....success fetching: ' + jqXHR.originalUrl);      // store the returned data in ALLDATA
      ALLDATA[jqXHR.originalEnv] = json;
    },
    error: function(jqXHR, status, e) {
      console.log('....ERROR: Failed to get data from [' + url + '] ' + status + '' + e);
    }
  });
}

for (var env in ENVS) {
  console.log('Fetching data for env [' + env +'].');
  var promisedData = getDataForEnvironment(ENVS[env]);  promisedData.success(function (data) {});
} 

1) Get a list of unique CSElement names from all of the returned JSON data.
2) For each unique CSElement name, create a row in the table 
3)   Select 1 environment to represent the master or ideal state
     (e.g. "Everything should be like Production Delivery")
4)   For each environment, compare the last modified date of this envs CSElement to the master.
     Highlight any differences in last modified date or missing CSElements.
5)   Repeat... 

<ics:sql
      sql="SELECT name,updateddate FROM Template WHERE status != 'VO'"
      listname="TemplateList"
      table="Template" />

<ics:sql
      sql="SELECT name,updateddate FROM CSElement WHERE status != 'VO'"
      listname="CSEList"
      table="CSElement" />

<ics:sql sql="select sm.id, sm.cs_name, sm.cs_description, sm.cs_assettype,
      sm.cs_assetsubtype, sm.cs_itemtype, smr.cs_rolename, p.name
      from StartMenu sm, StartMenu_Sites sms, StartMenu_Roles smr, Publication p
      where sm.id=sms.ownerid and sm.id=smr.cs_ownerid and sms.pubid=p.id
      order by sm.id"
      listname="startList"
      table="Publication,StartMenu,StartMenu_Roles,StartMenu_Sites"/> 

<ics:sql
      sql="select id, name, description, type, dest, factors from PubTarget"
      listname="pubTargetList"
      table="PubTarget" />

<ics:sql
      sql="select tt.id, tt.title, tt.tooltip, p.name as pubname, ttr.cs_rolename, ttsect.name as sectname
      from TreeTabs tt, TreeTabs_Roles ttr, TreeTabs_Sect ttsect,TreeTabs_Sites ttsites
      LEFT JOIN Publication p  on p.id=ttsites.pubid
      where p.id is not null and tt.id=ttsites.ownerid and ttsites.pubid=p.id and
      tt.id=ttr.cs_ownerid and tt.id=ttsect.ownerid
      order by tt.id"
      listname="treeTabList"
      table="TreeTabs,TreeTabs_Roles,TreeTabs_Sect,TreeTabs_Sites,Publication" /> 

<ics:sql
      sql="select name,description,classname from Filters"
      listname="filtersList"
      table="Filters" />

<ics:sql
      sql="select id,valuetype,name,updateddate from AttrTypes where status != 'VO'"
      listname="AttrList"
      table="AttrTypes" />

<ics:sql
      sql="select id,webroot,pattern,assettype,name,params,publication from WebReferencesPatterns"
      listname="WebRefList"
      table="WebReferencesPatterns" />

<ics:sql
      sql="select id,devicegroupsuffix,updateddate,name from DeviceGroup"
      listname="DeviceList"
      table="DeviceGroup" />

<ics:sql
      sql="select se.id,se.name,se.pagename,se.cselement_id,se.updateddate,cse.rootelement from SiteEntry se
            LEFT JOIN CSElement cse on cse.id = se.cselement_id where se.status != 'VO'"
      listname="SiteList"
      table="SiteEntry,CSElement" />

<ics:sql
      sql="select id,name,rooturl,updatedby,updateddate from WebRoot"
      listname="webrootList"
      table="WebRoot" />

<ics:sql
      sql="select pd.id, pd.name, pd.updatedby, pd.updateddate, pd.description, pdt.attributeid,
            pa.name as nameattr, pdt.requiredflag, pdt.ordinal 
      from PageDefinition pd, PageDefinition_TAttr pdt, PageAttribute pa where pd.status != 'VO'
            and pa.id=pdt.attributeid and pdt.ownerid=pd.id order by pd.id,pdt.ordinal"
      listname="pageDefList"
      table="PageDefinition,PageAttribute,PageDefinition_TAttr" />

<ics:sql
      sql="select id,name,updateddate from FW_Application where status != 'VO'"
      listname="FWList" table="FW_Application" />

<ics:sql
      sql="select elementname from ElementCatalog where elementname like 'CustomElements%'"
      listname="elementList"
      table="ElementCatalog" />

While I often am talking to big companies or discussing enterprise solutions. There are times when individuals ask me about Small or Medium sized business trends. 

Interestingly,  the Enterprise Social, Mobile, and Sensor initiatives I regularly discuss are in fact related to even the Mom and Pop storefront. The eco-system of new service players in the Social-Mobile-Sensor space generally emerge developing partnerships with enterprises as they develop and bring economy to scale to their services for the larger market. And of course Oracle has an entire division dedicated for delivering products and support to help emerging companies compete without the need to open an industrial strength credit line..

So here are some trends that we are helping large enterprises to deploy today, but small and medium businesses should be able to take advantage of by the end of this year and starting into 2015.

1) The typical small business is generally "Localized". But the ability to be"Hyper-Localized" will come as location based services become ubiquitous. Many small businesses have one or several storefronts and theirs are typically within a single regional economic footprint. While the internet provides global reach, it will be the businesses that invest in social, mobile and local that will win in the end. 

Of course I am a huge SoMoLo evangelist. The SMBs' content and targeting with platforms for Geo-Fencing, Geo-Conquesting and Path-Matching to HHI are all going to be accessible to them, if not for Mobile Apps, then via Mobile messaging in Social Networks that offer it.. Expect to be able to target FaceBook messaging not by city, but by store or mall…

This makes being able to be "Hyper-Local" even more important. And with new proximity services coming online more than ever before, SMBs will operate and service customers with pinpoint accuracy right down to where they stand in an aisle.

Geo-Conquesting will be huge for small players to place ads when customers pass through competitors regions. Car Dealers are doing this now.. But also of course iBeacons are now very cheap and getting easier to put in retail stores. The ability for sales to happen anywhere in the store via a mobile phone or tablet is huge, as it will give the small shop the flexibility to not have to "Guard the Register" as more or most transactions will be digital. Thus, M-Commerce and T-Commerce will change the job of cashier dramatically..

2) Intra-Brand Advocacy, the idea now is that rather than just depend on your trusty social media manager and his team, you are going to push more and more individuals with expertise inside the organization to help manage, reach-out, and utilize social channels to manage the incoming questions and answers customers need.

While for years CRM was the tool of the enterprise, today CRMs enable this now "Salesforce et al" capability to trickle throughout the company. This gives greater pressure to organize roles, but also flatten out the organization. Internal collaboration around topics and customer needs is going to be the key for SMBs to finally get serious about customer experiences. Their customers are online and in social networks. This includes not just B2C SMBs but also B2B companies as well. Don't believe me? To find the players just use hashtag #SocialSelling and you will see…

3) The Visual Networks will begin to move from Content Aggregators to Content Collaboration platforms, which means Pinterest, Instagram, Vine, & others will begin to move to add more features brands want, first marketing platforms, rather than unique brand partnerships as they do today, but this will open ways for SMBs to engage with clear brand messaging and metrics.

Eventually providing more "Collaboration" between Brand and Consumer.. Don't think for a minute Facebook bought Oculus Rift so you could see your timeline in 3-D. The Social Networks I advise customers to invest in are ones that are audio and visual intrinsically. Players from SoundCloud to Pinterest are deploying ways for brands to harness their interactive visual or audio based social networks to sell ad units aka brand messaging.

While the Social Media revolution is going on, the emphasis was on the social, today it more and more about the media in social, that enterprises soon small and medium businesses will be connected to. 

Az Oracle Database Express Edition egy ingyenes adatbázis-kezelő, amivel ki lehet ingyen próbálni az Oracle Database-t. Support viszont nem áll hozzá rendelkezésre, fórumokat lehet használni ehelyett.

Az Oracle Database Express Edition 11gR2 most megjelent 64 bites változatban is:

http://www.oracle.com/technetwork/database/database-technologies/express-edition/downloads/index.html

Az Oracle Database SE One, SE és EE itt érhető el 30 napos kipróbálásra:

http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html

During the OFM Forum last week, there were a few discussions around the relationship between the Human Workflow (WF_TASK*) tables in the SOA_INFRA schema and BPMN processes.  It is important to know how these are related because it can have a performance impact.  We have seen this performance issue several times when BPMN processes are used to model high volume system integrations without knowing all of the implications of using BPMN in this pattern.

Most people assume that BPMN instances and their related data are stored in the CUBE_*, DLV_*, and AUDIT_* tables in the same way that BPEL instances are stored, with additional data in the BPM_* tables as well.  The group of tables that is not usually considered though is the WF* tables that are used for Human Workflow.  The WFTASK table is used by all BPMN processes in order to support features such as process level comments and attachments, whether those features are currently used in the process or not.

For a standard human task that is created from a BPMN process, the following data is stored in the WFTASK table:

• One row per human task that is created
• The COMPONENTTYPE = "Workflow"
• TASKDEFINITIONID = Human Task ID (partition/CompositeName!Version/TaskName)
• ACCESSKEY = NULL

Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

BlogTwitterLinkedInFacebookWiki

Most of the times you implement a WebCenter Content based system, you require some sort of customization. Sometimes these customizations need a Java class or two, or libraries (for example, the JavaMail API), or Database Objects (like new tables, views, indexes, etc).

I have seen that libraries and Database Objects are usually put in place using manual steps. This means that the library jar files are copied to one of the common classes directory (set in the Content CLASSPATH variable) and/or the database scripts are executed manually. I have also seen people place the custom Java classes in the common classes directory.

While this may seem like an easy solution, think about a scenario where you need to disable or uninstall the component or if you have to upgrade or migrate the system. You have to keep these manual steps documented and execute them every time you encounter the above scenarios. It is very common that some of these manual steps are missed when you have multiple teams and people working on the system.

Here are a few points to ponder upon:

• Place all your custom Java classes within your component. Create a new directory, say ${COMPONENT_DIR}/classes, and place your code there. You can choose to bundle all your classes into a jar or you can place the entire class directory structure. Add a path entry to the Build Settings so that it is bundled with the component when you build it. You also need to update the Custom Class Path and the Custom Class Path Load Order under the Advanced Build Settings. This will ensure that the system CLASSPATH is updated to add this new directory.
• Create a new component for any new library that you want to add. Add the appropriate path entries to the Build Settings so that it is bundled with the component when you build it. You also need to update the Custom Class Path, Custom Class Path Load Order and/or the Custom Library Path under the Advanced Build Settings. Enter a comma separated list of features that this component will provide. When you create other components that will use the features exposed by this component, make sure that you specify a dependency to this library component by specifying the comma separated list of features in the Advanced Build Settings.
• The component wizard allows you to create custom install/uninstall Java code. The wizard will create a install filter class when you check the “Has Install” checkbox on the “Install/Uninstall Settings” tab. Consider using this filter class to create database objects when you install the component and drop the objects when you uninstall the component. If you do a lot of custom component development, consider creating a install/uninstall Java class, which can execute queries defined within the component.

To sum up, whenever you write a new custom component, make sure that you bundle everything within the component.

To continue from yesterday, let's set up a scenario that enables us to make use of this drag/drop service in NetBeans IDE:

The above service is applicable to Amazon S3, an Amazon storage provider that is typically used to store large binary files. In Amazon S3, every object stored is contained in a bucket. Buckets partition the namespace of objects stored in Amazon S3. More on buckets here. Let's use the tools in NetBeans IDE to create a Java application that accesses our Amazon S3 buckets.

Create a Java application named "AmazonBuckets" with a main class named "AmazonBuckets". Open the main class and then drag the above service into the main method of the class. Now, NetBeans IDE will create all the other classes and the properties file that you see in the screenshot below.

The first thing to do is to open the properties file above and enter the access key and secret:

access_key=SOMETHING
secret=SOMETHINGELSE

Now you're all set up. Make sure to, of course, actually have some buckets available:

Then rewrite the Java class to parse the XML that is returned via the generated code:

package amazonbuckets;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.netbeans.saas.amazon.AmazonS3Service;
import org.netbeans.saas.RestResponse;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
public class AmazonBuckets {
    public static void main(String[] args) {
        try {
            RestResponse result = AmazonS3Service.getBuckets();
            String dataAsString = result.getDataAsString();
            DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
            DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
            Document doc = dBuilder.parse(
                    new InputSource(new ByteArrayInputStream(dataAsString.getBytes("utf-8"))));
            NodeList bucketList = doc.getElementsByTagName("Bucket");
            for (int i = 0; i < bucketList.getLength(); i++) {
                Node node = bucketList.item(i);
                System.out.println("Bucket Name: " + node.getFirstChild().getTextContent());
            }
        } catch (IOException | ParserConfigurationException | SAXException | DOMException ex) {
        }
    }
}

That's all. This is simpler to setup than the scenario described yesterday.

Also notice that there are other Amazon S3 services you can interact with from your Java code, again after generating a heap of code after drag/drop into a Java source file:

I tried the above, e.g., I created a new Amazon S3 bucket after dragging "createBucket", adding my credentials in the properties file, and then running the code that had been created. I.e., without adding a single line of code I was able to programmatically create new buckets.

The above outlines a handy set of tools and techniques to use if you want to let your users store and access data in Amazon S3 buckets directly from the application you've created for them.

There has been a delay in publishing these past event summaries from early 2014--JFokus in February, JavaLand in March, and GeeCon in May. As we plan for Devoxx UK next week, I found these summaries that did not make it past 'draft' stage.  We had some great successes with the first three events of 2014, a Java developer conference trifecta! Participation topics included Java, the JCP program overall and the Adopt-a-JSR programs.  

First up in February was JFokus in Stockholm. The energy and talent in Stockholm is amazing and the conference organizers do a stellar job running it and welcoming the speakers of this event.  I enjoyed the city walk and speaker dinner, as well as many opportunities to interact with conference speakers and attendees, both during and after the conference hours. Reza Rehman invited me to speak during his Java EE 7 lab session about the Adopt-a-JSR program, and I gave a quickie session on the JCP and Adopt-a-JSR.  There was also a late night Birds of a Feather (BoF) session held jointly with Cecelia Borg, Martijn Verburg and Reza Rehman.  This was an interactive conversation with a focus on the Java EE community survey results and encouraging more community participation and collaboration in Java development.  The Java 8 keynote by Georges Saab and Mark Reinhold was also very entertaining,  I was sorry to miss FOSDEM happening the previous weekend this year in Brussels, but I hope to attend in 2015.  Favorite take home gift -- Lambdas cap!

In March, the inaugural version of the JavaLand conference happened inside Phantasialand, an amusement park in Germany. Markus Eisele suggested having an Early Adopters area at the conference, which I was keen to implement. In 2013 at Devoxx Belgium we held some activities in the Hackergaren area around Lambdas and Java EE 7, so this was a great opportunity to expand on a more interactive conference format and Andreas Badelt from the program committee helped in the planning for this area.  Daniel Bryant and Mani Sarkar from the London Java Community led some general Adopt-a-JSR discussions and AdoptOpen JDK activities.  JCP Spec Leads, Anatole Tresch from Credit Suisse, leading JSR 354, Money & Currency API, and Ed Burns from Oracle, leading JSR 344, JavaServer Faces 2.2, attended to engage with conference attendees on their JSRs.  Favorite - Stephen Chin's roller coaster video.

In May, GeeCon in Krakow was anther awesome conference!  The conference organizers were warm and welcoming and I enjoyed time getting to know the other speakers at the event. There was a JCP and Adopt-a-JSR participation session as well as a moderated panel session on Early Adopters.  We had an amazing panel -- Daniel Bryant, Arun Gupta, Tomasz Borek , and Peter Lawrey. The panel discussed the Adopt-a-JSR and Adopt OpenJDK program, and how the participants work together to get involved and contribute to both the Java SE and Java EE platforms.  If was an interesting discussion and sparked some new ideas on how Java User Groups in Poland and around the world can contribute in a significant and meaningful way to create better and more practical Java standards today and in the future.  Favorite take home gift - GeeCon mug!  

These were some of the highlights of the events--looking forward to Devoxx UK next week.  I will publish these details tomorrow!

Next, having looked at how to integrate from Java with Amazon Associates and Amazon S3, let's take a look at Amazon EC2, the elastic compute cloud which provides remote computing services. I started by launching an instance of Ubuntu Server 14.04 on Amazon EC2, which looks a bit like this in the on-line AWS Management Console, though I whitened out most of the details:

Now that I have at least one running instance available on Amazon EC2, it makes sense to use the services that are integrated into NetBeans IDE: 

I created a new application with one class, named "AmazonEC2Demo". Then I dragged the "describeInstances" service that you see above, with the mouse, into the class. Then the IDE automatically created all the other files you see below, i.e., 4 Java classes and one properties file:

In the properties file, register the access ID and secret keys. These are read by the other generated Java classes. Signing and authentication are done automatically by the code that is generated, i.e., there's nothing generic you need to do and you can immediately begin working on your domain-specific code.

Finally, you're now able to rewrite the code in "AmazonEC2Demo" to connect to Amazon EC2 and obtain information about your running instance:

public class AmazonEC2Demo {
    public static void main(String[] args) {
        String instanceId1 = "i-something";
        RestResponse result;
        try {
            result = AmazonEC2Service.describeInstances(instanceId1);
            System.out.println(result.getDataAsString());
        } catch (IOException ex) {
            Logger.getLogger(AmazonEC2Demo.class.getName()).log(Level.SEVERE, null, ex);
        }
    }
}

From the above, you'll receive a chunk of XML with data about the running instance, it's name, status, dates, etc. In other words, you're now ready to integrate Amazon EC2 features directly into the applications you're writing, without very much work to get started. Within about 5 minutes, you're working on your business logic, rather than on the generic code that anyone needs when integrating with Amazon EC2.

Under the propose of a project customization customization on BPM workspace and designed webforms were applied using custom css and used as skin and as webforms theme. Its important also to highlight that a workspace skin appliance is enough to bring customization to your webforms since they will inherit the workspace skin customization, nevertheless, themes offers you the possibility to enrich that customization or even to overlap it if desired. This blog post shares my experience trying what is available today as sample from Oracle Samples site but also how I found it starting from scratch.
I have follow the following contents to achieve a full workspace and webforms customization: Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

BlogTwitterLinkedInFacebookWiki