Enabling SSL on Oracle B2B 11g

In this post I will discuss that how do we enable SSL on Oracle B2B 11g and how do we configure keystore (known as “Wallet” in 10g era) for message security (signing & encryption)


First of all you need digital certificates for enabling security. You may use self-signed certificates for development purpose but it is recommended to use a certificate signed by a trusted certificate-issuing authority (CA) like Verisign, Thwate etc. for higher environments (Test, Pre-prod and Prod)



Step #1 – Generating certificates and Preparing Keystore

As I mentioned earlier that you may use both self-signed and third party issued certificates so I will show you that how to create both.

In Oracle Fusion Middleware 11g stack, we use keytool utility for certificate management. Keytool utility gets shipped with JDK installation itself.

So let us start with certificates generation-

a) Create a directory to store all the certificates and keystore in it. I create one directory D:\b2bkeystores

b) Open a command prompt and execute $MW_HOME/user_projects/domains//bin/setDomainEnv.cmd to set the environment (setting proper JDK in PATH will also do but it is recommended to execute above command to make sure that you are using right JDK and you are generating certificates on the server machine itself)

c) Run below command to create a new keystore and generate a new self-signed key-pair (public and private key) in it –

keytool -genkeypair -alias serverCert -keyalg RSA -keysize 1024 -validity 365 –dname "CN=localhost.myCompany.com,OU=Support,O=myCompany,L=Gandhinagar,ST=Gujrat,C=IN" -keypass welcome1 -keystore keystore.jks -storepass welcome1

where localhost.myCompany.com (HostName.Domain) is name of certificate holder, “Support” is organizational unit, “myCompany” is name of the organization , “Gandhinagar” is city/locality, “Gujrat” is State/Province, “IN” is the two-letter country code for this unit

Above command will create a keystore with name “keystore.jks” and it will add a self-signed key-pair in the keystore. You may directly use this self-signed certificate or may get it signed by a third party CA.

Note that the PEM (Privacy Enhanced Mail) format is the preferred format for private keys, digital certificates, and trusted certificate authorities (CAs) and the preferred keystore format is the JKS (Java KeyStore) format in Weblogic server.

Remember that when you use the Keytool utility, the default key pair generation algorithm is Digital Signature Algorithm (DSA) but WebLogic Server does not support DSA so specify another key pair generation and signature algorithm when using WebLogic Server. Here we are using RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) algorithm.

To view the content of the keystore anytime, you may run below command –

keytool -list -keystore keystore.jks -storepass welcome1

If you run above command just after generating the certificates, then below would be shown –


Keystore type: JKS


Keystore provider: SUN


Your keystore contains 1 entry


servercert, Oct 25, 2010, PrivateKeyEntry,


Certificate fingerprint (MD5): CE:38:E1:29:56:72:5F:26:DB:92:27:16:FD:74:5B:DE

If you want to use self-signed certificate (do not want to get your cert signed by any CA) then skip the steps d,e and f



d) Now run below command to generate a CSR (Certificate Signing Request) –

keytool -certreq -v -alias serverCert -file serverCert.csr -keypass welcome1 -storepass welcome1 -keystore keystore.jks

You should see below lines on prompt –

Certification request stored in file


Submit this to your CA


This command will generate a CSR with name “serverCert.csr”. You have to pass this CSR to the third party CA to get it signed by them. The content of the CSR looks like below –

-----BEGIN NEW CERTIFICATE REQUEST-----


MIIBvDCCASUCAQAwfDELMAkGA1UEBhMCSU4xDzANBgNVBAgTBkd1anJhdDEUMBIGA1UEBxMLR2Fu


ZGhpbmFnYXIxEjAQBgNVBAoTCW15Q29tcGFueTEQMA4GA1UECxMHU3VwcG9ydDEgMB4GA1UEAxMX


bG9jYWxob3N0Lm15Q29tcGFueS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKSt9gLC


TcRU5DynNuAO1Clp/3ygzH1Vdqf4RlQg7p9B5xuNX8ZqhpaN5Ua7pmp9LcLDLUFu3Kzqv6oD7Wa+


nUWvaHKK6Xmz6lclOiapR029FheTx+iZ06qAoi1P/OYu8PVOO+Ldzalz5+dJE9fC51ofRcSJ9xFx


mYsqH9oznUFxAgMBAAGgADANBgkqhkiG9w0BAQUFAAOBgQB560z7cUiaNLI4mN6IqtqfgVsLgp29


86rV+5Xi3PqGgJaVTqpKotR5gMRUMMcvDETdhsY6feTnYkUHlGYXNdLjkGEkIG2qHXiWzZDjxXym


tDIDlToa3FzWEYAyGWshJaoHXzXbicvY3abHcK8ZgADAZgJXjMF8xKMOJ1ua5aI8fw==


-----END NEW CERTIFICATE REQUEST-----


Make sure to take a backup of keystore because once it gets lost/damaged, then you will not be able to recover it and remember that CSR can be imported back into the same keystore (or in it’s backup copy) only after getting signed.


e) Once you get the signed certificate back from third party CA, you have to import it into your keystore along with the certificate of CA who signed your certificate.

Convert the CA certificates and signed certificate received from CA, into PEM format and store them in the same directory where our keystore is (D:\b2bkeystores). As there may be a chain of CA certs so store each and every certificate of the chain, separately.

Now run below command to import the top certificate in the chain (Root CA cert – this must be a self-signed certificate of the CA) –

keytool -importcert -v -noprompt -trustcacerts -alias rootCA -file rootCA.pem -keystore keystore.jks -storepass welcome1

where “rootCA” is the alias of this certificate and “rootCA.pem” is the file which contains the Root CA certificate.

You should see below line if certificate gets added to keystore successfully –

Certificate was added to keystore

Now repeat this step for each and every CA certificate in the certificate chain with different and meaningful alias each time.

For Verisign issued certificates, there may be two CA certs in the chain – Root CA Certificate & Intermediate CA Certificate. So you have to execute above command once for Root CA and after that once for Intermediate CA

f) If you are done with importing the CA certificates then now import the signed reply certificate by using below command –

keytool -importcert -v -alias serverCert -file serverCert.pem -keystore keystore.jks -keypass welcome1 -storepass welcome1

where “serverCert” is the alias of the certificate we generated, “serverCert.pem” is the signed certificate sent by the CA (in PEM format)

If it gets imported successfully then you would see below line –

Certificate reply was installed in keystore

Make sure that you use same alias as what you used while generating certificate and generating CSR (step C and D)

Now if you will run the list command then it will show you all the CA certs you imported as “trustedCertEntry” and the certificate you generated (and got it signed) as a “keyEntry” -

keytool -list -keystore keystore.jks -storepass welcome1


Keystore type: jks


Keystore provider: SUN

Your keystore contains 3 entries


verisignintermediate, Oct 18, 2010, trustedCertEntry,


Certificate fingerprint (MD5): BA:B0:65:B4:3B:9C:E8:40:30:21:7D:C5:C6:CD:3F:EB


serverCert, Oct 18, 2010, keyEntry,


Certificate fingerprint (MD5): 89:C3:19:1D:17:43:76:0A:C3:2E:FB:1F:1F:35:74:D1


verisignroot, Oct 18, 2010, trustedCertEntry,


Certificate fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C


g) Run below command to export the public certificate of your server from the kesytore -

keytool -exportcert -alias serverCert -file serverCert.cer -keystore keystore.jks -storepass welcome1


You should see below line on prompt -

Certificate stored in file

Above command will create a file with name “serverCert.cer” which is actually the public certificate of your server which you may share with your Trading Partners.

h) Now import the certificate of all your Remote Trading Partners along with their CA certificates, in the keystore we created. First of all store your TP’s certificate and their respective CA’s certificate in separate files in PEM format (as we did in step ‘e’). After that import all the Root CA certificates (if any) with different alias and then import all the intermediate CA certificates (if any) with different alias and after that import the certificates of all your TP’s with different alias, in the keystore we created.

To add first root CA cert in the keystore, you may use below command –

keytool -importcert -v -noprompt -trustcacerts -alias VerisignRootCA -file VerisignRootCA.pem -keystore keystore.jks -storepass welcome1

where “VerisignRootCA.pem” is a file which holds the VerisignRootCA certificate in PEM format

You should see below lines on prompt –

Certificate was added to keystore


[Storing keystore.jks]

Repeat this process and re-run the above mentioned importcert command for all the certificates.


Step #2 – Configuring Keystore on SOA Server


Now we have to configure the keystore we created on, SOA server. Open the Oracle Weblogic Admin console (by default http://localhost:7001/console) and login into it.

Go to Environment --> Servers and click on the SOA server name (by default soa_server1). Select the checkbox against “SSL Listen Port Enabled” and provide the value for “SSL Listen Port” (by default 8002). Now click on “Save” to save the changes.

Now go to “keystore” sub-tab of “Configuration” tab and click on “Change” button against setting “Keystores”  and select the “Custom Identity and Custom Trust” from the “Keystores” dropdown –

Click on “Save” and it will ask you to provide keystore location (absolute path and filename), type and password for both Trust and Identity. Provide the information of kesytore we created in both the sections (Identity & Trust) –

Click on “Save” to save the configuration. Now go to SSL sub-tab, provide the private key alias and password and save the configuration –

Now you are done with the configuration on SOA server. Now to check whether keystore and SSL configuration is behaving properly open Oracle B2B console over HTTPS in any browser (by default https://localhost:8002/b2b where 8002 is SSL listen port of SOA server). If it opens properly, then it means that configuration is working and you may also see the certificate it is presenting on Microsoft Internet Explorer (IE7/IE8)

You may see a warning related to certificate on IE if your certificate has not been signed by a trusted third party CA and you have not installed it yet on windows. You may safely ignore this warning.




Another test case is to access the Oracle B2B default HTTP delivery channel over HTTPS (https://localhost:8002/b2b/httpreceiver) in any web-browser. If it is accessible over HTTPS then on web-browser you should see below text –

B2B Server

B2B Server is ready to accept HTTP messages from the Trading Partner

Step #3 – Configuring Keystore on Oracle B2B Console


Now we have to configure the keystore for Host Trading Partner on Oracle B2B console (by default http://localhost:8001/b2b or http://localhost:8001/b2bconsole)

First of all open the b2b console and login into it. Now navigate to “Profile” tab of Host Trading Partner. Scroll downward and you would see “Key Store” configuration section there. Provide the location of keystore (absolute path with name) and it’s password –

Click on “Save” button to save the configuration –

You are done with the configuration and guess what, you may now use message security and transport security with Oracle B2B 11g!!!

Installing Oracle B2B Document Editor 11g (11.1.1.1.0)

Oracle B2B Document Editor is an integral part of the Oracle B2B product. You may use Oracle B2B Document Editor to create and to implement guidelines for Oracle B2B custom document definitions.

In this post I will discuss that how to install Oracle B2B Document Editor. First of all you have to download Oracle B2B Document Editor (11.1.1.1.0) from here. Oracle B2B Document Editor runs on Microsoft Windows only so you will find installable for windows version only on the download link.


There are three zip files (total size is almost 4GB) which you need to download –

ofm_b2b_doc_editor_win_11.1.1.1.0_disk1_1of3.zip

ofm_b2b_doc_editor_win_11.1.1.1.0_disk1_2of3.zip

ofm_b2b_doc_editor_win_11.1.1.1.0_disk1_3of3.zip

Now right click on first zip file (ofm_b2b_doc_editor_win_11.1.1.1.0_disk1_1of3.zip) and extract it into a local directory. I extracted its content in D:\OracleB2BDocEditor


Similarly extract the content of other two zip files in the SAME (D:\OracleB2BDocEditor) directory. Now you should see below structure under directory D:\OracleB2BDocEditor –

Inside directory “D:\OracleB2BDocEditor\Multisetup”, you should be able to find below files –

Inside directory “D:\OracleB2BDocEditor\Oracle B2B”, you should be able to find below files –

 Inside directory “D:\OracleB2BDocEditor\Standards”, you should find below structure –

If above all is correct then run the “Install.exe” (D:\OracleB2BDocEditor\Install.exe). It would open up the Oracle B2B document editor installation wizard –

Select “Oracle B2B” and click on “Next”. It will take you to the screen where it will show all the operations which will be performed –

Click on “Next” and installshield wizard for Oracle B2B will get opened –

I changed the installation directory because on Vista you may face access issues if you install it in Program Files directory.

Once done with selection, click on “Install” and it should install Oracle B2B Document Editor in your machine.


Now Standards Installation will start automatically –

You may install the standards locally or a network drive (for sharing purpose). I installed them locally.


Now I will change the installation directory to a subdirectory of Document Editor Installation directory (it is an optional configuration. You may keep the default location value) –

Once done with selection, click on “Install” to install the standard.


Now you have to repeat above standard installation steps for each and every standard. Installation prompt will keep opening up one by one and you have to repeat the steps.

It may take almost 25 minutes to get all the standards installed. Once all the standards will get installed, you will be prompted with the result –

Make sure that “Result” is “Ok” for all operations. You are finish with the installation process now.


You may run “D:\OFMW11g\OracleDocEditor\SpecBuilder.exe” to start the Oracle B2B Document Editor.

Installing Oracle SOA-BPM 11.1.1.3.0 (PS2), Oracle Service Bus (OSB) 11.1.1.3.0 and JDeveloper 11.1.1.3.0 on Windows 7 64Bit

In this post I will walk you through the installation procedure of Oracle SOA 11.1.1.3.0 (PS2), Oracle BPM 11.1.1.3.0 and Oracle Service Bus (OSB) 11.1.1.3.0 on Windows 7 64Bit in a single middleware home including the installation of JDeveloper, it’s SOA extension and; SOA, BPM and OSB common domain configuration.


Step 1: Downloading Required Software:-

a) JDK 1.6.18 or higher - 64bit and 32bit both. 32 bit JDK will be required to run    JDeveloper.download JDK
 You may use JRockit as well.

b) Database (I would use Oracle XE Universal which you may download from here)

c) Weblogic 10.3.3 Generic Installer (jar)

d) OEPE 11.1.1.5.0 or OEPE 11.1.1.6.0 (download OEPE )

e) Repository Creation Utility 11.1.1.3.0

f) Oracle SOA 11.1.1.2.0 (PS1)

g) Oracle SOA 11.1.1.3.0 (PS2)

h) Oracle Service Bus 11.1.1.3.0

i) Oracle JDeveloper Studio 11.1.1.3.0 Generic Installer (jar)

j) Oracle SOA- JDev Extension (Oracle SOA Composite Editor 11.1.1.3.0.25.57)

You may download Oracle Fusion Middleware components from here.

So here is what I have downloaded –

Step 2: Installing Database:-


Run file OracleXEUniv.exe and install the XE database. You may refer the Oracle XE installation guide.

After installing XE, run below commands to meet the requirements of SOA 11g installation -

connect sys/password as sysdba;


alter system set processes=500 scope=spfile;


shutdown immediate;


startup;


Note that SOA requires 300 processes and BAM requires more 100 processes (total 400) which is additional to any other requirement, hence I assigned 500 to processes parameter. In above commands I have assumed that password of “sys” user is “password”.

Step 3: Running RCU to create repository:-


To run RCU, go to rcuHome\BIN and run the file rcu.bat and after that follow below steps -

a) On welcome page click on the "Next" button

b) On “Create Repository” Page select the “Create” radio button.

c) On “Database Connection Details” page provide the database connection related info–

You may be prompted for a version related warning but if you are using XE then you may safely ignore that warning. After successful validation you should see below window –

d)      On “Select Components” page chose the prefix and select the components for which you want to create the schema –

e) On “Schema Passwords” page configure the password for the created schemas


f) On “Map Tablespaces” page change anything if you want. I chose the default. After this step required tablespaces will get created in the DB.

g) Now check the summary and click on “Create” button

h) On “Completion Summary” page you should see success status for all the components you chosen –

Step 4: Enable XA support in DB for dev_soainfra schema:-


As in SOA, we frequently use XA, hence it is required to provide transactional management capabilities to SOAINFRA schema. For this grant, please run below SQL commands –

connect sys/password as sysdba;


Grant select on sys.dba_pending_transactions to dev_soainfra;


Grant force any transaction to dev_soainfra;

Step 5: Installing JDK's:-

Now I will install JDK 1.6.21 64bit and I assume that my $middleware_home is E:\ofmw11g\mw, so I will install the JDK under directory E:\ofmw11g\mw\jdk160_21

So after installation, under directory E:\ofmw11g\mw\jdk160_21, you would be able to see below structure –

After installing 64bit JDK, install the 32bit JDK as well at any location. I installed the 32bit JDK in directory E:\ofmw11g\jdk160_18_32bit


We will use this 32 bit JDK for starting JDeveloper as JDev can not be run with 64bit JDK.

Step 6: Installing Weblogic 10.3.3:-


Now we will install Weblogic by running below command from a command prompt –

java -jar wls1033_generic.jar

Make sure that you are using 64bit JDK to run above command.

This command will open up the Weblogic installer GUI –

On “Select Middleware Home” screen, select the radio button “create a new middleware home” and in middleware home path, browse the directory E:\ofmw11g\mw –

On clicking "Next" button it may prompt a warning that middleware home is not empty. Safely ignore that warning.


On “Choose Install Type” page select the “custom” install type.

On “Choose Products and Components” page, select all the components.

Now on “JDK Selection” page, browse to the 64bit JDK we installed.

Now let the default settings remain at next two pages and install the Weblogic.

After successful installation you should see below screen –

Now, under middleware home directory (E:\ofmw11g\mw), you should see below structure -

Step 7: Installing OEPE (Enterprise Pack for Eclipse):-


This is the simplest one. Just unzip the OEPE zip file you downloaded, into the directory - E:\ofmw11g\mw\oepe_11gR1PS2

You should see below content under directory E:\ofmw11g\mw\oepe_11gR1PS2 –

Step 8: Installing SOA 11.1.1.2.0 (PS1):-


Now we have to install Oracle SOA PS1. To start installation, run the setup.exe inside Disk1. Provide the JDK/JRE location as “E:\ofmw11g\mw\jdk160_21” to start installer.

On “welcome” screen click on the next button.

On “Prerequisites Check” screen, make sure that all prerequisite checks gets passed –

On “Specify Installation Location” screen make sure that middleware home path is correct.


On “Installation Summary” screen check the summary and click the “install” button.

You should see below screen on successful installation –

On “Installation Complete” screen review the information and click “Finish” to complete the PS1 installation.


Step 9: Installing SOA and BPM 11.1.1.3.0 (PS2):-

Run the setup.exe inside Disk1 of PS2 installer to start installer GUI.

Follow the same steps as we did in PS1 installation (Step#8) and on successful installation you should see below screen –

Note that PS2 will install Oracle BPM along with SOA suite in your middleware home.


Step 10: Installing OSB 11g:-

To start the installer GUI, go to Disk1 of OSB installer and run setup.exe

Click on the next button on welcome page and select “Custom” on “Select Installation Type” screen.

On “Components to Install” screen, select all the components. All pre-requisites check should be cleared on “Prerequisites Check” screen.

On “Specify Installation Location” screen, make sure that all locations selected are valid. On “Installation Summary” page, review the summary and click on “Install” button.

On successful installation you should see below screen –

Step 11: Installing JDeveloper and JDev SOA Extension:-


To start the installation of JDeveloper, run below command from command prompt –

java -jar jdevstudio11113install.jar

Make sure that you are using 64bit JDK to run above command.

On “Choose Middleware Home” screen select “Use an existing middleware home” and make sure that it is pointing to the middleware home we created earlier.

On “Choose Products and Components” screen select each and every component which is enabled.

On “JDK Selection” screen, select the 64bit JDK which we have installed in our middleware directory.

Click “Next” on rest of the screens and start installation. On successful installation, you should see below screen –

Now go to directory E:\ofmw11g\mw\jdeveloper\jdev\bin and edit file jdev.conf to change the SetJavaHome setting. SetJavaHome should point to the 32bit JDK location –

 Save the jdev.conf file and close it.


Now run the E:\ofmw11g\mw\jdeveloper\jdev\bin\jdev.exe to start JDeveloper. Once the JDeveloper IDE gets opened, go to Help --> Check for Updates

It will open up the check for updates wizard. Click on “Next” on the “Welcome” page of the wizard.

Now in “Source” page, select “Install from local file” and browse to the soa-jdev-extension.zip file you downloaded.

Click on “Next” and it should take you to the summary page where it will show you the extension name being installed –

Now click on finish and let the extension get installed. It will ask you to restart JDeveloper. Click on “Yes” and restart the JDeveloper


Now you should be able to create a “SOA Application” in JDeveloper.

Here we are done with installation. Now we will configure a common domain for SOA and OSB.

Step 12: Configuring Domain for SOA, BPM and OSB:-

Run file E:\ofmw11g\mw\wlserver_10.3\common\bin\config.exe to start the Domain Configuration Wizard.

Select the “Create a new Weblogic domain” radio button and then click on “Next”

Now select the desired products for which you want to create the common domain and click on “Next” –

 Now specify the Domain Name on the “Specify Domain Name and Location” screen and click on “Next”.

Now configure the administrator Username and Password and click on “Next”.


Now select the server start mode and JDK and click on “Next”

Now configure the JDBC components –

 

And click on “Next” to get them configured after connection testing.


On “select optional configuration” page select the components which you want to configure. I select all.

Now click on “Next” and configure the resources as you desire. If you do not want to make any change in default configuration settings then keep clicking on “Next” until you reach to the “Configuration Summary” screen –

Now click on “Create” to create the domain. Once domain gets created, click on “Done” to exit the wizard-

Now you have a ready to use Oracle SOA-BPM-OSB 11g setup on Windows 7 64Bit operating system.

Listening Channel vs. Host TP Channel in Oracle B2B 11g

In 10g era of Oracle B2B, we had two kinds of channels to send/receive documents –


1. Internal Delivery Channel – IDC’s (Internal Delivery Channels) are used to enable Oracle B2B to communicate with backend applications. When I say backend, then it may be any application/product running behind Oracle B2B within same enterprise network.

In case of an outbound flow, Oracle B2B receives documents from backend applications through an IDC and sends it to the targeted remote trading partner after required processing.

In case of an inbound flow, Oracle B2B receives documents from remote trading partners through a Delivery Channel and sends it to backend application through an IDC.

In Oracle B2B 10g, there were only two default IDC’s - IP_IN_QUEUE and IP_OUT_QUEUE(both are AQ’s) where as in Oracle B2B 11g, we have two more default IDC’s which are B2B_IN_Queue and B2B_Out_Queue (both are JMS) however at a time either of JMS or AQ IDC’s may be active.

2. Delivery Channel – DC’s (Delivery Channels) are used to enable Oracle B2B to communicate with remote trading partners.

In case of an outbound flow, Oracle B2B sends the document to remote trading partner using the remote TP’s DC selected in the agreement, however in case of an inbound flow, Oracle B2B receives a document through a Host TP delivery channel.

In Oracle B2B 10g, there is one default Host TP delivery channel – http://host:port/b2b/transportServlet and similarly in Oracle B2B 11g, we have one default Host TP delivery channel – http://host:soa_server_port/b2b/httpReceiver



Now after brief introduction of IDC and DC let’s come back to our topic – Listening Channel vs. Host TP channel.



Host TP Channels – Channels defined under host TP configuration can be either used as an IDC (if “internal” checkbox is checked) or it can be used as a shared delivery channel for all remote TP’s (if “internal” checkbox is NOT checked).



The first use is something which you are very familiar with, but second one is a new feature. If you mark a channel, defined under host TP configuration, as external then it serves as a common delivery channel that all remote trading partners can use as their delivery endpoints and will appear in the list of channels under the remote trading partner in the agreement(as this is considered outbound delivery channel).



Listening Channels – A listening channel listens on an endpoint for messages from remote trading partner or backend applications hence it can be used as an IDC or as a DC, depending upon the “internal” checkbox selection but in both the cases it is used to send messages to your Oracle B2B system. When a Listening Channel is marked as External (Internal checkbox not selected in the channel attributes), then it can be used by Remote Trading Partner(s) to send messages to your B2B system (Inbound).



When a Listening Channel is marked as Internal, then it can be used by backend application(s) to send messages to your B2B system (Outbound).



A listening channel never participates in any agreement hence it can be modified or deleted without affecting any existing deployments.



There is one more thing very important here that the channel’s marked as internal can be of “Generic Protocols” only. No internal channel can use any other protocol except “Generic” ones however Oracle B2B allows to select any protocol for an internal channel.

Enabling a weblogic user to login on b2b console

By default all weblogic users who are assigned to group “Administrators” can login to b2b 11g console but if you want to enable a non-admin user to login to b2b console, you need to do some additional configuration.

First of all let us see that how to add a user in weblogic. For adding a user, you have to login to Weblogic admin console (http://localhost:7001/console) with an admin user id. Once you logged on navigate to page - Security Realms >myrealm >Users and Groups (tab) >Users (sub-tab)

Click on new button and provide the Name, Password and Confirm Password –














Click on “OK” button and you should see message “User created successfully” on top of the page and you would be able to see a user with name you created, in the Users tab list-

















Now click on the user name you created and go to groups tab. Now add this user into desired groups and click on “Save” button –

















If everything works fine then you would be able to login to weblogic admin console with the new user id you created. Now let’s see that how we can enable this user to login to b2b console.

Now login to b2b console (http://localhost:8001/b2bconsole) with an admin user id and navigate to Host TP profile --> Users tab. Click on green plus (+) button on right side to add a user –












It would open a pop-up window asking for the registered user’s (user which has been added in weblogic security realm) username. Provide the complete username in the textbox (it is not case-sensitive) and click on “Search” button. It would show you the details of user and ask you to select a role for the user. You may select one of the below roles –

Monitor – This type of user can view only reports section on b2b console
Administrator – This type of user has complete access on b2b console on all the documents assigned to it (by default it has access to all the documents)

















Select one role and click on “OK” button. Now you would be able to see the username in the users list. Now click on “Save” button which is at right top of b2b console and you would see message that “ has been saved.The user will be assigned all document types by default.” –











If you want then you may select and add the document for this user as well so that this user has limited access only.

Now you can login to b2b console with this newly created user id and it will show you the pages according to the user’s role.