1 Reply Latest reply on Feb 1, 2013 4:27 PM by JuJuZ

    Only users with admin privileges can authenticate on behalf of another user

      Where do I have to configure this admin roles? my user is BPMAdministrator ....
      Code bellow

      import java.util.HashMap;
      import java.util.Map;
      import java.util.logging.Logger;

      import oracle.bpel.services.bpm.common.IBPMContext;
      import oracle.bpel.services.workflow.client.IWorkflowServiceClient;
      import oracle.bpel.services.workflow.client.IWorkflowServiceClientConstants;
      import oracle.bpel.services.workflow.client.WorkflowServiceClientFactory;

      import oracle.bpm.client.BPMServiceClientFactory;
      import oracle.bpm.services.client.IBPMServiceClient;
      import oracle.bpm.services.common.exception.BPMException;

      public class BPMServiceFacade {
      //private String wlsserver = "HumanWorkFlow";
      private String soaserver = null;
      private String wsurl = null;
      private String t3url = null;
      private String contextFactory = "weblogic.jndi.WLInitialContextFactory";

      private String identityDomain = "jazn.com";
      private String identityUsername = null;
      private String identityPassword = null;
      private IBPMContext mainContext = null;

      private static BPMServiceFacade instance;

      private BPMServiceFacade() throws BPMException {
      soaserver = "s001861:8001";
      wsurl = "http://" + soaserver;
      t3url = "t3://" + soaserver;
      identityUsername = "weblogic";
      identityPassword = "welcome1";

      mainContext = getBPMServiceClientFactory().getBPMUserAuthenticationService().authenticate(identityUsername, identityPassword.toCharArray(), null);

      public static BPMServiceFacade getInstance() {
      if (instance == null) {
      try {
      instance = new BPMServiceFacade();
      } catch (BPMException e) {
      throw new RuntimeException(e);
      return instance;

      private static Logger logger = Logger.getLogger("Fixture");

      public BPMServiceClientFactory getBPMServiceClientFactory() {
      Map<IWorkflowServiceClientConstants.CONNECTION_PROPERTY, String> properties = new HashMap<IWorkflowServiceClientConstants.CONNECTION_PROPERTY, String>();

      properties.put(IWorkflowServiceClientConstants.CONNECTION_PROPERTY.CLIENT_TYPE, WorkflowServiceClientFactory.REMOTE_CLIENT);
      properties.put(IWorkflowServiceClientConstants.CONNECTION_PROPERTY.EJB_PROVIDER_URL, t3url);
      properties.put(IWorkflowServiceClientConstants.CONNECTION_PROPERTY.EJB_INITIAL_CONTEXT_FACTORY, contextFactory);
      return BPMServiceClientFactory.getInstance(properties, null, null);

      public IBPMContext getBPMContext(String username) {
      IBPMContext context = ContextCache.get(username);
      if (context == null) {
      try {
      context = getBPMServiceClientFactory().getBPMUserAuthenticationService().authenticateOnBehalfOf(mainContext, username);
      } catch (BPMException e) {
      if(context == null){
      context = mainContext;
      ContextCache.put(username, context);
      return context;

      public IWorkflowServiceClient getIWorkflowServiceClient() {
      return getBPMServiceClientFactory().getWorkflowServiceClient();

      public IBPMServiceClient getBPMServiceClient() {
      return getBPMServiceClientFactory().getBPMServiceClient();

      Edited by: JuJuZ on Feb 1, 2013 8:27 AM
        • 1. Re: Only users with admin privileges can authenticate on behalf of another user

          Imaging can only authenticate users and groups from the top LDAP Provider in the list of providers as displayed in the WebLogic Server Console. In this case, the [admin_user] was not in the top provider.
          **Note** This issue can also be encountered if the user specified in the CSF Credential does not have the SOAAdmin role to fix this problem:
          a. Log in to EM(for the SOA domain).
          b. Click on soa-Infra

          c. Click on the Soa Infrastructure dropdown and navigate to security -> Application Roles

          d. Click on the Search button in the middle of the screen (this will display the SOA App roles)

          e. Click the 'SOAAdmin' role. Add the 'weblogic'(or any user that is going to be used in the csf-key) user to the SOAAdmin role.

          Edited by: JuJuZ on Feb 1, 2013 8:27 AM