Configuring the Web Service Call

You must use a web service task to call a BPM service.

You must use a SOAP/HTTP binding to call a BPM service. Currently, you cannot use other bindings for the following reasons:

  • SOAP/JMS: BPM services are not exposed on SOAP/JMS bindings.
  • Virtualization: A security policy must be applied to the outgoing call to authenticate the calling user. You cannot apply such a policy on a virtualized binding.
  • You must identify the calling user. The calling user is identified by an Identity Provider application referenced by the system participant that is used by the call - see Configuring how the Call will be Authenticated. The BPM runtime will only accept the call to the service if it can authenticate the calling user as a valid BPM user.
    Note: The calling user is NOT the user who is running the process from which the call is being made. Although different users may run the same process, the call to the BPM service will always be made using the same fixed identity of the user specified by the Identity Provider application.

    This tutorial uses Clint Hill as the calling user. This is a user provided by the sample EasyAs organization model, used in earlier tutorials.

  • The calling user can be authenticated using either an X509 Token, Username Token or SAML Token - which one you use will depend on the security configuration used by the BPM runtime.
  • The calling user must also be authorized to execute any system actions that are required by the particular operation being called. This authorization is determined by the privileges held by the calling user.

    See the BPM Developer’s Guide for more information:

    • The description of each operation lists any system actions required to execute that operation.
    • The "System Actions Reference" appendix describes how required privileges can be assigned to system actions by configuring the organization model.

      For example, lookupUser requires the resolveResource system action. By default, resolveResource can be can be performed by any user (for example, Clint Hill) without them having to hold specific privileges.

  1. Calling the lookupUser Operation
  2. Identifying the Shared Resource to be Used to Call the Service
  3. Configuring how the Call will be Authenticated
Next topic: Configuring Input Parameters
Previous topic: Importing the WSDL that Defines the Required BPM Service