How to configure local integrated WebLogic non-SOA domain to access BPM worklist on separate SOA-enabled domain?

ADF and BPM task flow on separate domains? No doubt this is frequent issue for developers working with ADF/BPM.There are several advantages to have it working:
  • No need to install SOA stuff locally if You're developing just ADF
  • Faster deployments to integrated WebLogic
  • Possibility of debugging
  • Isolated ADF enviroment for developing
In my case the last one was most important. An application I was working on had interaction with BPM worklist through BPM API. Steps which I completed to access BPM worklist on remote SOA enabled domain from my integrated non-SOA domain:

  • Create foreign JNDI provider in local integrated non-SOA WebLogic:

 Provider URL - link to SOA infrastructure on SOA enabled domain.

  • Create foreign JNDI provider links:


  • Deploy these 4 libraries into integrated WebLogic:

 Those libraries can be found in "%MIDDLEWARE_HOME%\jdeveloper\soa\modules". Of course SOA and BPM jdeveloper extensions should be installed to find these libraries here.

  • Inject following grant for bpm-services.jar into system-jazn-data.xml (locatedin: ORACLE_WEBLOGIC_INSTALL/user_projects/domains/your_domain_name/config/fmwconfig )
<grant>
  <grantee>
   <codesource>
    <url>file: ORACLE_JDEV_HOME/jdeveloper/soa/modules/oracle.soa.workflow_
11.1.1/bpm-services.jar</url>
   </codesource>
  </grantee>
  <permissions>
   <permission>
    <class>oracle.security.jps.JpsPermission</class>
    <name>VerificationService.createInternalWorkflowContext</name>
   </permission>
  <permission>
  <class>oracle.security.jps.service.credstore.CredentialAccessPermission
  </class>
  <name>credstoressp.credstore.BPM-CRYPTO.BPM-CRYPTO</name>
  <actions>read,write</actions>
  </permission>
  <permission>
   <class>oracle.security.jps.JpsPermission</class>
   <name>IdentityAssertion</name>
   <actions>*</actions>
  </permission>
 </permissions>
</grant>

  • Establish trust between non-SOA (integrated WebLogic) domain and SOA-enabled domain:
To do this follow steps:
  • Select domain name (i.e. DefaultDomain) in left-hand domain structure menu.
  • Choose "Security" tab, "General" sub-tab
  • Expand "Advanced" pane
  • Enter 



  • Make sure your application (which runs on integrated WebLogic) has proper URL set for SOA-enabled server in wf_client_config.xml (by default it is located in "Your app"\model\src) file:




When a domain is created, a unique credential is generated for the domain. If you want to establish trust between two or more domains, decide on a credential that will be shared by the domains, then specify it here and in the other domains. In our case it is non-SOA and SOA-enabled domains.

Thats it. It was enough for me to get things working. If it is not enough for You, check these links which helped me to set up this enviroment:


      Weblogic version 10.3.6

      No comments:

      Post a Comment