This discussion is archived
1 Reply Latest reply: Aug 2, 2013 5:14 AM by BakkerJ RSS

Authentication procedure to run Human Workflow tasks from SAML binding port

879699 Newbie
Currently Being Moderated
Can you please let me know the authentication procedure to run Oracle Human workflow tasks for SAML based binding.

Below are the steps I am following:

1. I have created a sample request from SOAP UI for the TaskQueryService (SAML binding port) for queryTasks operation.
2. Generated SAML Header from OSB test client (Sender-Vouches type) and pasted in the soap Header section of the XML in queryTasks input.
3. From the documentation, a typical pattern to execute a human task, is stated as follows:
(a) Requiring a token using the TaskQueryService.*authenticate* operation,
(b) Getting a list of tasks based upon some filter using the TaskQueryService.*queryTasks* operation,
(c) Acquiring (locking) a specific task for execution using the TaskService.acquireTask operation,
(d) Updating the payload of the task using the TaskService.updateTask operation,
(f) Setting the outcome (commiting) the task using the TaskService.updateOutcome operation.

4. I have tried the below two options and both approaches work. The below given options are fine for non-SAML based clients.
(a) Querying for tasks using "login" and "password"
<com:credential>
<com:login>weblogic</com:login>
<com:password>weblogic1</com:password>
</com:credential>
(b) Authenticating the task using authenticate method and generate the token. Use the token to query the tasks instead of cleartext login/password.
<com:token>dafaoljhdsolfjhafodsjffjhdslfslfjdsalfjds</com:token>

5. My question is, for SAML binding, we don't want to use clear text login/password to query the tasks or to perform any other operation on tasks.
(a) Can you please provide a sample request message xml for the authenticate method pointing to SAML binding port?
(b) If I pass in clear text login/password in the queryTasks request for SAML binding, it works fine but for my requirement, the external client won't be sending these login details
other than the saml token?

If you have any suggestions to get around the authentication for SAML binding then please let me know the steps.
Can you please suggest the correct step by step instructions to test the human workflow task services for the saml binding port?


Below is the sample queryTasks input*
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:tas="http://xmlns.oracle.com/bpel/workflow/taskQueryService" \
xmlns:com="http://xmlns.oracle.com/bpel/workflow/common"
xmlns:tas1="http://xmlns.oracle.com/bpel/workflow/taskQuery"
xmlns:task="http://xmlns.oracle.com/bpel/workflow/task">
<soapenv:Header>
.......
</soapenv:Header>
<soapenv:Body>
<tas:taskListRequest>
<com:workflowContext>
<com:credential>
<com:login>weblogic</com:login>
<com:password>weblogic1</com:password>
</com:credential>
</com:workflowContext>
<tas1:taskPredicateQuery>
<tas1:predicate>
<tas1:assignmentFilter>All</tas1:assignmentFilter>
<tas1:clause>
<tas1:column>taskNumber</tas1:column>
<tas1:table>WFTask</tas1:table>
<tas1:sortOrder>DESCENDING</tas1:sortOrder>
<tas1:nullFirst>false</tas1:nullFirst>
</tas1:clause>
</tas1:predicate>
</tas1:taskPredicateQuery>
</tas:taskListRequest>
</soapenv:Body>
</soapenv:Envelope>

Many thanks

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points