Assembling the ALBPM Portlets WAR

ALBPM Portlets can allow authenticated Portal users to automatically connect to an engine and process instances without the need to log in again.

If you want to implement SSO, follow all of the following steps. If you want users to enter a password when they access the ALBPM Portlets, start with step six.

To configure the ALBPM Portlets WAR for container-based authentication:

  1. If you have installed ALBPM Enterprise for WebLogic, from the ALBPM Process Admin Console, under Engines, download the BEA AquaLogic WorkSpace Portlets WAR.

    If you have installed ALBPM Enterprise Standalone, from the ALBPM Admin Center, click Configuration. From the Workspace tab, download the ALBPM Portlets WAR.

  2. Explode the WAR to a local directory.

  3. Configure the directory.properties file to create Directory sessions without asking the user for a password. You are configuring the Directory Service to work in a trusted domain behind the portal container. To do this, add the following three properties to WEB-INF/directory.properties:

    1. directory.<directory_id>.preset.container-auth.jdbc-user. This is the JDBC user that will be used to connect to the ALBPM Directory database. For example, directory.default.preset.container-auth.jdbc-user=ALBPMFDIADM.

    2. directory.<directory_id>.preset.container-auth.jdbc-password. This is the JDBC password for the user specified. For example, directory.default.preset.container-auth.jdbc-password=<encrypt>password.

    3. directory.<directory_id>.preset.container-auth.skip-auth. This property must be set to true in order to automatically log the user in without requesting a password. For example, directory.default.preset.container-auth.skip-auth=true.

  4. Edit the portal.properties file to automatically obtain the user and perform authentication by configuring SSO. In WEB-INF/portal.properties set the following two properties:

    1. fuego.portal.enableSSO=false

    2. fuego.portal.SSO.loginClassName=fuego.portlets.SSOUserLogin

  5. Add participant trust entries into the Directory. When the Directory is implemented on top of a relational database, insert the following rows into the FUEGO_PARTTRUST table.

FUEGO_ID

FUEGO_TRUSTID

null

ALBPMFDIADM*

admin

ALBPMFDIADM

The first row indicates that the Directory service JDBC user ALBPMFDIADM should trust any Participant that has been already authenticated. The * suffix indicates the already authenticated Participant does not need to be authenticated again. Note that the JDBC user is the same one specified previously in directory.properties.

The second row indicates that the Directory service JDBC user ALBPMFDIADM should trust Participant admin after authenticating. This is the Administrator Participant. Since the value of FUEGO_TRUSTID lacks the * suffix, authentication is performed for this participant.

  1. Create a new file ALBPMPortlet.portlet in the root of the WAR file with the following content:

    <?xml version="1.0" encoding="UTF-8"?>
    <portal:root
     xmlns:netuix="http://www.bea.com/servers/netuix/xsd/controls/netuix/1.0.0"
     xmlns:portal="http://www.bea.com/servers/netuix/xsd/portal/support/1.0.0"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.bea.com/servers/netuix/xsd/portal/support/1.0.0 portal-support-1_0_0.xsd">
     <netuix:javaPortlet
         definitionLabel="BPMWorkSpace" title="BPMWorkSpace"/>
    </portal:root>

  2. Rebuild the WAR.