I have two applications, one is a ADF application deployed in a SOA domain (11gR1 based) and another one is a BPM application deployed in a Non-SOA domain (11gR2). And ADF application needs to connect to BPM app, looks up the tasks assigned to the current user and display in a page like inbox.
Now, the question: I want to propagate the identity from the ADF application, so that if a user logs into that application, the identity will be propapage to the BPM application. And since applicaitons are in different domains, there should be a trusted connection between them.
I don't want to use "Global Truest" because of its security risk.
I guess there should be defined a public/private key and something like digital certificates, but not sure how? Or where in oracle docs it's mentioned?
There's is brief doc here, but not explained clearly how to achieve that!
End users log in to the client application with the correct user name and password. The users using the client application must be available in the identity store used by the SOA application. As a best practice, configure the client to use the same identity store as the workflow services and Oracle SOA Suite are using. This guarantees that if the user exists on the client side, they also exist on the server side.