Overview
Currently we are deploying all SOA and ADF components to soa_server1.
The purpose of this guide is to explain how to configure a second managed server which will be used solely for ADF components deployment.
Create new managed server
Go to https://<host>:7001/console/ .
Navigate to Home -> Environment > Servers.
Create a new Managed server. In this case we will call it adf_server1, port 7201.
Associate it with “LocalMachine”
You can do that when you are creating the server, but if you have forgotten you will get an error that your server is not associated with any machine.
To do this, go to Environment -> Machines -> LocalMachine -> Configuration-> Servers -> Add.
Choose “Select an existing server, and associate it with this machine” and adf_server1.
Install required libraries required for deploying an ADF application
Try to deploy an ADF application to your newly create server.
You can’t. Deployment console will show different missing libraries.
Some of them are coming from weblogic-application file which is part of the UI project you are deploying.
The list of error you will receive is this:
[J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml:
[Extension-Name: oracle.soa.workflow, exact-match: false],
[Extension-Name: oracle.soa.bpel, exact-match: false],
[Extension-Name: oracle.rules, exact-match: false],
[Extension-Name: oracle.bpm.runtime, exact-match: false],
[Extension-Name: oracle.bpm.client, exact-match: false],
[Extension-Name: oracle.bpm.projectlib, exact-match: false],
[Extension-Name: oracle.bpm.workspace, exact-match: false],
[Extension-Name: oracle.bpm.webapp.common, exact-match: false].
[Extension-Name: oracle.soa.rules_dict_dc.webapp, exact-match: false].
All those libraries are already included in soa_server1 so you do not need to install them.
They are targeted to soa_server1, so what you need to do is to select teach for those libraries and target it also to adf_srver1.
One example
Navigate to Home -> Environment > Deployments.
If you do not see libraries click “Customize this table”
Un-check “exclude libraries when displaying deployments”
Select library ”jsf(1.2, 1.2.8.0)”, click “Targets”. Check adf_server1.
You will have to restart adf_server1 after targeting so, do it for several libraries first and then restart. It will save you some time.
Make soa_server1 accessible from adf_server1
You need to “expose” a part of the soa_server1 JNDI tree to adf_server1 so you can access it. This is done via ForeignJNDIProvider.
Go to Services -> Foreign JNDI Providers
Initial Context Factory:weblogic.jndi.WLInitialContextFactory
Provider URL: t3://<host>:8001/soa-infra
User: weblogic
Password: <password>
 
Target is to adf_server1.
Add link to JNDI provider
You will also need to provide links to all elements of the soa_server1’s JNDI tree.
Foreign JNDI Providers -> ForeignJNDIProvider-SOA -> Links
The list is:
Name: ejb/bpel/services/workflow/TaskMetadataServiceBean
Local JNDI Name: ejb/bpel/services/workflow/TaskMetadataServiceBean
Remote JNDI Name: ejb/bpel/services/workflow/TaskMetadataServiceBean
Name: ejb/bpel/services/workflow/TaskServiceBean
Local JNDI Name: ejb/bpel/services/workflow/TaskServiceBean
Remote JNDI Name: ejb/bpel/services/workflow/TaskServiceBean
Name: ejb/bpel/services/workflow/TaskServiceGlobal/TransactionBean
Local JNDI Name: ejb/bpel/services/workflow/TaskServiceGlobal/TransactionBean
Remote JNDI Name: ejb/bpel/services/workflow/TaskServiceGlobal/TransactionBean
Name: ejb/bpm/services/BPMUserAuthenticationServiceBean
Local JNDI Name: ejb/bpm/services/BPMUserAuthenticationServiceBean
Remote JNDI Name: ejb/bpm/services/BPMUserAuthenticationServiceBean
Name: ejb/bpm/services/InstanceManagementServiceBean
Local JNDI Name: ejb/bpm/services/InstanceManagementServiceBean
Remote JNDI Name: ejb/bpm/services/InstanceManagementServiceBean
Name: ejb/bpm/services/InstanceQueryServiceBean
Local JNDI Name: ejb/bpm/services/InstanceQueryServiceBean
Remote JNDI Name: ejb/bpm/services/InstanceQueryServiceBean
Name: ejb/bpm/services/ProcessDashboardServiceBean
Local JNDI Name: ejb/bpm/services/ProcessDashboardServiceBean
Remote JNDI Name: ejb/bpm/services/ProcessDashboardServiceBean
Name: ejb/bpm/services/ProcessMetadataServiceBean
Local JNDI Name: ejb/bpm/services/ProcessMetadataServiceBean
Remote JNDI Name: ejb/bpm/services/ProcessMetadataServiceBean
Name: ejb/bpm/services/ProcessModelServiceBean
Local JNDI Name: ejb/bpm/services/ProcessModelServiceBean
Remote JNDI Name: ejb/bpm/services/ProcessModelServiceBean
Name: RuntimeConfigService
Local JNDI Name: RuntimeConfigService
Remote JNDI Name: RuntimeConfigService
Name: TaskEvidenceServiceBean
Local JNDI Name: TaskEvidenceServiceBean
Remote JNDI Name: TaskEvidenceServiceBean
Name: TaskQueryService
Local JNDI Name: TaskQueryService
Remote JNDI Name: TaskQueryService
Name: TaskReportServiceBean
Local JNDI Name: TaskReportServiceBean
Remote JNDI Name: TaskReportServiceBean
Name: UserMetadataService
Local JNDI Name: UserMetadataService
Remote JNDI Name: UserMetadataService
Name: ejb/bpm/services/BPMOrganizationServiceBean
Local JNDI Name: ejb/bpm/services/BPMOrganizationServiceBean
Remote JNDI Name: ejb/bpm/services/BPMOrganizationServiceBean
And your JNDI tree will look like this:
Summary of Servers > adf_server1 -> View JNDI tree
The documentation on this topic is here:
https://docs.oracle.com/cd/E23943_01/dev.1111/e10224/bp_designtf.htm#SOASE85258
30.8.4.4 Defining the Foreign JNDI Provider on a non-SOA Oracle WebLogic Server
30.8.4.5 Defining the Foreign JNDI Provider Links on a non-SOA Oracle WebLogic Server.
A couple of very helpful posts on this topic:
https://andrejusb.blogspot.com/2012/07/running-oracle-bpm-11g-ps5-worklist.html
https://onkaroracle.blogspot.com/2013/07/how-to-separate-bpm-11g-adf-task-page.html
Add wf_client_config.xml to UI project
Several articles suggests that we need the wf_client_config.xml file added to our UI project to make security propagation work properly.
<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>
<workflowServicesClientConfiguration clientType=”REMOTE”>
<server default=”true” name=”default”>
<localClient>
<participateInClientTransaction>false</participateInClientTransaction>
</localClient>
<remoteClient>
<serverURL>t3://<host>:8001</serverURL>
<initialContextFactory>weblogic.jndi.WLInitialContextFactory</initialContextFactory>
<participateInClientTransaction>false</participateInClientTransaction>
</remoteClient>
<soapClient>
<rootEndPointURL>https://<host>:8001</rootEndPointURL>
<identityPropagation mode=”dynamic” type=”saml”>
<policy-references>
<policy-reference enabled=”true” category=”security”
uri=”oracle/wss10_saml_token_client_policy”/>
</policy-references>
</identityPropagation>
</soapClient>
</server>
</workflowServicesClientConfiguration>
Apply JRF template to fix Error 403
All the libs were targeted properly and deployment went smoothly but I was still getting error while I was trying to open the UI project in BPM workspace.
To solve it you need to go to  https://<host>:7001/em/
Go to your domain, select adf_server1 and click the “Apply JRF template” on the top.
Possibly that installs some of the libraries that you already have.
There is a good article on this topic here:
https://andrejusb.blogspot.com/2009/09/hint-for-oracle-adf-application.html
Configure our UI project to be shown in workspace
Notice that the port is 7201, it is adf_server1.
User credentials are not being passed properly
Everything is configured properly. You can see your UI in BPM workspace.
You try to Update/Complete tasks and it works.
It works, until you try to retrieve the current user from the security context.
It appears that user credentials are not passed properly. The UI project can’t identify the current user logged in BPM Workspace.
There are 2 solutions for this one:
1. Deploy the OracleBPMWorkspaceon adf_server1 also.
As you can see:
The UI project (<projectHumanTask>_UI) is deployed on adf_server1.
OracleBPMWorkspace is also deployed on adf_serrver1 also.
OracleBPMcomposerRolesApp and OracleBPMProcessrolesApp are left as they are.
2. Implement SAML authentication.
This one is being researched.
