Achieve Tomorrow, Today

Oracle BPM 11g ( Exposing Identity Service XPath Functions

When working with Oracle BPM 11g you may find that there is an overwhelming amount of functionality that is available.  Learning every trick and every secret is a constant effort that will never end due to new patches, patch sets, and product releases coming down the pipe.  In any case, I have a nice little trick of exposing the existing Identity Service XPath functions within the BPM Expression Builder editor for JDeveloper version 11g (PS3).  The Identity Service XPath functions are not automatically exposed in this version of JDeveloper.  I believe that in JDeveloper version PS4 the services are available without having to do anything but I will let you confirm whether or not the functions are actually there.

The Identity Service XPath functions will allow you to access LDAP information (internal Weblogic or 3rd party LDAP configured for your Weblogic domain) such as existing groups/roles, users assigned to groups/roles, user profile properties, etc.  See the following documentation to understand all of the documented functionality that the Identity Service provides:

 In the upcoming example I will explain the following:

  1. How to update the existing BPM XPath function configuration for JDeveloper
  2. The new list of functions
  3. How to get an email address using a new Identity Service XPath function


  1. Download the new BPM XPath function configuration file:
  2. Copy the downloaded file to the following locaction of your JDeveloper installation: <jdevhome>\jdeveloper\integration\seed\soa\configuration  
  3. Close JDeveloper if you have it open
  4. Rename the existing configuration file from "bpm-xpath-functions-config.xml"  to another name or cut and paste the existing file to a different directory.  DO NOT delete the file.  In the chance that something goes wrong and you need the original file, you should keep it available to undo any changes.
  5. Rename the new configuration file from "bpm-xpath-functions-config.xml_.txt" to "bpm-xpath-functions-config.xml"
  6. Start JDeveloper
  7. Create a BPM process model or open an existing application that contains a BPM process model.  This example will reference an existing BPM application that I have created.
  8. The new Identity Service XPath functions will be available in any associations mapping of any BPM activity.  For this example, I am opening an Interactive Activity (a green activity) to use one of the new functions.

    Function Options

    New Identity Service Functions:
    Identity Service Functions

  9. I am going to take the user id of the user who executes this activity (or more correctly the human task associated to the BPM instance of this activity) and I will use the user id with one of the newly exposed Identity Service XPath functions to get the email address of the user.

    Get Email Address Of User

  10. You may wonder how I have access to the user Id of the user who executed the activity.  There is a tiny bit of information available within the "execData" field that is returned upon execution of any BPM Interactive Activity.  The following segment of code: 


   used within the XPath function:

"id1:getUserProperty(bpmn:getDataOutput('execData')/ns:systemAttributes/ns:updatedBy/ns:id, 'mail')"

   will give you the email address of the user.


Now that you have the steps for exposing and using the Identity Service XPath functions you can save yourself the trouble of adding external service references, LDAP api's, etc. to your SOA composites in order to get the identity information that you need.


Submitted by VikramInside (not verified) on

Thanks for revealing the secret. Is there way to add delete modify integrated/external LDAP data via Oracle 11g BPM identity services? I wish to change those via BPM to automate LDAP functionality. Just something similar to LDAP editor on BPM.

I cannot see the functions even if the user is a privileged weblogic administrator/soa role.

If not the only way I think of is implementing using a AD/LDAP WSDL.



Submitted by VikramInside (not verified) on

This works as documented in this page. I am able to retrieve mail id of the participant who is executing the process and output was successfully written to an xml and same is being confirmed.

<?xml version="1.0" encoding="UTF-8" ?><LoanDetails xmlns="">

I used weblogic security realms to modify the email is there any other way?

What are the extended user properties that is available in BPM workspace administrator? Will it override security realms of weblogic?

Why is the default realm name is "" returned in BPM XPath while it is "myrealm" in weblogic console?



Submitted by sjhon (not verified) on

QDC is the best engineering consultant in the field of Engineering, Construction, Piping Design, and Procurement & Construction Projects. Our Services Piping engineering Consultant Engineering Consultant in Qatar. QATAR DESIGN CONSORTIUM (QDC) is a leading Consultancy firm offering high quality services in Engineering, Project Management, Construction Management / Supervision, Environmental Engineering,Management Consultancy and Energy & Utility Engineering.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.