Using Credential Mapping to Associate a Specific Identity with a Process Instance

This tutorial provides an example of what you need to do to enable a business process application to ensure that a process instance always runs using fixed credentials.

You should work through each section in turn to complete the tutorial.

  1. Credential Mapping
    By default, when a process instance is started it takes on the identity of the user who started the process. Whenever an activity in the process instance is executed, the BPM runtime authenticates the starting user’s credentials against the appropriate LDAP directory. The activity can only be executed if that authentication request succeeds.
  2. Process Design
    The wrapper process (CredentialMapper) is the service consumer. The main business process (Claim) is the service provider. When designing a credential mapping service like this, you could choose to develop the two processes in either order - consumer first or provider first.
  3. Creating a Keystore Containing the Security Credentials to Run the Business Process
    The credentials that will be used to run the business process must be defined in a keystore that is available to the BPM runtime.
  4. Creating the Links to the Keystore
    A keystore provider resource instance provides a reference to the keystore created.
  5. Configuring the Credential Mapping Process to Assign the Security Policy
    In the wrapper process, you must assign the appropriate security policy to the system participant that identifies the web service endpoint used to call the main business process.