Today we have such scenarios that the application has to be approved by several persons from different departs or branches. So i use multiple realms in identity service to simulate the branches.
The multi-realm support does work in 10.1.3.
Multi-realm functionality works as follows: A task can only refer to users in one realm during its life cycle. If you choose a sequential pattern then all users need to be in the same realm. If you want a task to be routed between users in different realms then you need to model them different usages of the task (different human task activities) in BPEL where each one has a different realm associated with it and use the continue task (include task history from another task) feature while modeling so the same information gets routed to assignees across realms.
To associate a specific realm to a task you need to do the following to overcome a Jdev limitation. Go to the source editor of BPEL and locate the assign statement before the initiation of the task. Specify an extra copy statement in the assign to set the realm for that usage of the task in the BPEL process (note: realm and identityContext are often used interchangeably). For assigning tasks to users in branch office 1 (realm configured as 'branchOffice1') you should do the following:
<copy>
<from expression="string('branchOffice1')"/>
<to variable="initiateTaskInput" part="payload"
query="/taskservice:initiateTask/task:task/task:identityContext"/>
</copy>
Here are the steps' details to support multiple realms:
1. create different realms to be used through application server console: under orabpel application.
2. create users and groups for each realm defined in the above through application server console.
3. add more configures of realms new defined into identity service: <soa_home>/bpel/system/services/config/is_config.xml
For example:
<?xml version = '1.0' encoding = 'UTF-8'?>
<ISConfiguration xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
<configurations>
<configuration realmName="jazn.com" default="true">
<provider providerType="JAZN" name="XML" service="Identity">
<property name="usersPropertiesFile" value="users-properties.xml"/>
</provider>
</configuration>
<configuration realmName="test.com">
<provider providerType="JAZN" name="XML" service="Identity">
<property name="usersPropertiesFile" value="test-users-properties.xml"/>
</provider>
</configuration>
</configurations>
</ISConfiguration>
Note: if more than one realms are provided, you have to set one as default using this attribute:default="true".
4. add the users and groups' information into a new user property file. Such as: test-users-properties.xml in above case under the same folder of is_config.xml.
5. Open up JDev to develop human task in BPEL view. You can find all the configured realms are listed in a select-input box. Then you assign the tasks to the users or groups picked up from different realms.
6. This step is quite important as it has to be done manually. After that, you will find there is no any information about the realm, which the choosen user or group belong to. So we have to add the realm info into this human task manually, assign the realm used to task identity context before invoking the task services:
<copy>
<from expression="string('branchOffice1')"/>
<to variable="initiateTaskInput" part="payload"
query="/taskservice:initiateTask/task:task/task:identityContext"/>
</copy>
7. Run it. It should work now.