Overview
Currently we are deploying all SOA and ADF components to soa_server1. The purpose of this guide is to explain how to configure a second managed server which will be used solely for ADF components deployment.Create new managed server
Go to https://<host>:7001/console/ . Navigate to Home -> Environment > Servers. Create a new Managed server. In this case we will call it adf_server1, port 7201.
Associate it with “LocalMachine”
You can do that when you are creating the server, but if you have forgotten you will get an error that your server is not associated with any machine. To do this, go to Environment -> Machines -> LocalMachine -> Configuration-> Servers -> Add. Choose “Select an existing server, and associate it with this machine” and adf_server1.Install required libraries required for deploying an ADF application
Try to deploy an ADF application to your newly create server. You can't. Deployment console will show different missing libraries. Some of them are coming from weblogic-application file which is part of the UI project you are deploying. The list of error you will receive is this: [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.soa.workflow, exact-match: false], [Extension-Name: oracle.soa.bpel, exact-match: false], [Extension-Name: oracle.rules, exact-match: false], [Extension-Name: oracle.bpm.runtime, exact-match: false], [Extension-Name: oracle.bpm.client, exact-match: false], [Extension-Name: oracle.bpm.projectlib, exact-match: false], [Extension-Name: oracle.bpm.workspace, exact-match: false], [Extension-Name: oracle.bpm.webapp.common, exact-match: false]. [Extension-Name: oracle.soa.rules_dict_dc.webapp, exact-match: false]. All those libraries are already included in soa_server1 so you do not need to install them. They are targeted to soa_server1, so what you need to do is to select teach for those libraries and target it also to adf_srver1. One example Navigate to Home -> Environment > Deployments. If you do not see libraries click “Customize this table” Un-check “exclude libraries when displaying deployments”
Select library ”jsf(1.2, 1.2.8.0)”, click “Targets”. Check adf_server1.
You will have to restart adf_server1 after targeting so, do it for several libraries first and then restart. It will save you some time.
Make soa_server1 accessible from adf_server1
You need to “expose” a part of the soa_server1 JNDI tree to adf_server1 so you can access it. This is done via ForeignJNDIProvider. Go to Services -> Foreign JNDI Providers Initial Context Factory:weblogic.jndi.WLInitialContextFactory Provider URL: t3://<host>:8001/soa-infra User: weblogic Password: <password>
Target is to adf_server1.
Add link to JNDI provider
You will also need to provide links to all elements of the soa_server1’s JNDI tree. Foreign JNDI Providers -> ForeignJNDIProvider-SOA -> Links The list is: Name: ejb/bpel/services/workflow/TaskMetadataServiceBean Local JNDI Name: ejb/bpel/services/workflow/TaskMetadataServiceBean Remote JNDI Name: ejb/bpel/services/workflow/TaskMetadataServiceBean Name: ejb/bpel/services/workflow/TaskServiceBean Local JNDI Name: ejb/bpel/services/workflow/TaskServiceBean Remote JNDI Name: ejb/bpel/services/workflow/TaskServiceBean Name: ejb/bpel/services/workflow/TaskServiceGlobal/TransactionBean Local JNDI Name: ejb/bpel/services/workflow/TaskServiceGlobal/TransactionBean Remote JNDI Name: ejb/bpel/services/workflow/TaskServiceGlobal/TransactionBean Name: ejb/bpm/services/BPMUserAuthenticationServiceBean Local JNDI Name: ejb/bpm/services/BPMUserAuthenticationServiceBean Remote JNDI Name: ejb/bpm/services/BPMUserAuthenticationServiceBean Name: ejb/bpm/services/InstanceManagementServiceBean Local JNDI Name: ejb/bpm/services/InstanceManagementServiceBean Remote JNDI Name: ejb/bpm/services/InstanceManagementServiceBean Name: ejb/bpm/services/InstanceQueryServiceBean Local JNDI Name: ejb/bpm/services/InstanceQueryServiceBean Remote JNDI Name: ejb/bpm/services/InstanceQueryServiceBean Name: ejb/bpm/services/ProcessDashboardServiceBean Local JNDI Name: ejb/bpm/services/ProcessDashboardServiceBean Remote JNDI Name: ejb/bpm/services/ProcessDashboardServiceBean Name: ejb/bpm/services/ProcessMetadataServiceBean Local JNDI Name: ejb/bpm/services/ProcessMetadataServiceBean Remote JNDI Name: ejb/bpm/services/ProcessMetadataServiceBean Name: ejb/bpm/services/ProcessModelServiceBean Local JNDI Name: ejb/bpm/services/ProcessModelServiceBean Remote JNDI Name: ejb/bpm/services/ProcessModelServiceBean Name: RuntimeConfigService Local JNDI Name: RuntimeConfigService Remote JNDI Name: RuntimeConfigService Name: TaskEvidenceServiceBean Local JNDI Name: TaskEvidenceServiceBean Remote JNDI Name: TaskEvidenceServiceBean Name: TaskQueryService Local JNDI Name: TaskQueryService Remote JNDI Name: TaskQueryService Name: TaskReportServiceBean Local JNDI Name: TaskReportServiceBean Remote JNDI Name: TaskReportServiceBean Name: UserMetadataService Local JNDI Name: UserMetadataService Remote JNDI Name: UserMetadataService Name: ejb/bpm/services/BPMOrganizationServiceBean Local JNDI Name: ejb/bpm/services/BPMOrganizationServiceBean Remote JNDI Name: ejb/bpm/services/BPMOrganizationServiceBean And your JNDI tree will look like this: Summary of Servers > adf_server1 -> View JNDI tree
The documentation on this topic is here:
https://docs.oracle.com/cd/E23943_01/dev.1111/e10224/bp_designtf.htm#SOASE85258
30.8.4.4 Defining the Foreign JNDI Provider on a non-SOA Oracle WebLogic Server
30.8.4.5 Defining the Foreign JNDI Provider Links on a non-SOA Oracle WebLogic Server.
A very helpful post on this topic:
https://andrejusb.blogspot.com/2012/07/running-oracle-bpm-11g-ps5-worklist.html
Add wf_client_config.xml to UI project
Several articles suggests that we need the wf_client_config.xml file added to our UI project to make security propagation work properly. <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <workflowServicesClientConfiguration clientType="REMOTE"> <server default="true" name="default"> <localClient> <participateInClientTransaction>false</participateInClientTransaction> </localClient> <remoteClient> <serverURL>t3://<host>:8001</serverURL> <initialContextFactory>weblogic.jndi.WLInitialContextFactory</initialContextFactory> <participateInClientTransaction>false</participateInClientTransaction> </remoteClient> <soapClient> <rootEndPointURL>https://<host>:8001</rootEndPointURL> <identityPropagation mode="dynamic" type="saml"> <policy-references> <policy-reference enabled="true" category="security" uri="oracle/wss10_saml_token_client_policy"/> </policy-references> </identityPropagation> </soapClient> </server> </workflowServicesClientConfiguration>Apply JRF template to fix Error 403
All the libs were targeted properly and deployment went smoothly but I was still getting error while I was trying to open the UI project in BPM workspace. To solve it you need to go to https://<host>:7001/em/ Go to your domain, select adf_server1 and click the “Apply JRF template” on the top. Possibly that installs some of the libraries that you already have. There is a good article on this topic here: https://andrejusb.blogspot.com/2009/09/hint-for-oracle-adf-application.htmlConfigure our UI project to be shown in workspace
https://<host>:7001/em/
Notice that the port is 7201, it is adf_server1.
User credentials are not being passed properly
Everything is configured properly. You can see your UI in BPM workspace.
You try to Update/Complete tasks and it works.
It works, until you try to retrieve the current user from the security context.
It appears that user credentials are not passed properly. The UI project can't identify the current user logged in BPM Workspace.
There are 2 solutions for this one:
1. Deploy the OracleBPMWorkspaceon adf_server1 also.
As you can see:
The UI project (<projectHumanTask>_UI) is deployed on adf_server1.
OracleBPMWorkspace is also deployed on adf_serrver1 also.
OracleBPMcomposerRolesApp and OracleBPMProcessrolesApp are left as they are.
2. Implement SAML authentication.
This one is being researched. 
