Thursday, March 21, 2013

SSO Integration for OBIEE


Configurations in Oracle BI Server and Oracle BI Presentation Services
1. Create an Impersonator user in the RPD file which will be used by the Oracle BI Presentation services to establish a connection to the Oracle BI Server on behalf of the authenticated end user



2. Add the Impersonator user credentials to the Oracle BI Presentation Services credential store by executing the Crypto Tool Utility
a) Open a command prompt window or command shell on the machine where the BI Presentation Services has been installed
b) Navigate to the directory <OracleBI>/Web/bin
cute the Crypto Tool utility to add the impersonator user credentials to the BI Presentation Services credential Store



3. Configure Oracle BI Presentation Services to identify the credential store and decryption passphrase by adding <CredentialStore> element in the instanceconfig.xml file

< CredentialStore>
< CredentialStorage type="file" path="<path to CredentialStore>" passphrase="<passphrase>”/>
< /CredentialStore>
4. Configure the Oracle BI Presentation Service to operate with SSO enabled by adding the <Auth> element in instanceconfi.xml file
< Auth>
< SSO enabled="true">
< ParamList>
< Param name="IMPERSONATE" source="httpHeader" nameInSource="SSO_UID"/>
< ParamList>
< LogoffUrl>
< /LogoffUrl>
< /SSO>
< /Auth>
5. Secure the machines that are permitted to communicate with the BI Presentation Services directly by setting the Listener\Firewall node in instanceconfig.xml with the list of HTTP servers or servlet container IP addresses
< Listener>
< Firewall>
< Allow address="110.22.33.1">
< /Listener>
< /Firewall>
6. Restart the BI presentation services
7. Try accessing the application through the actual server URLhttp://hostname:port/analytics/


8. Test the integration accessing the Reverse proxy URL http://proxy_host:port/analytics/. Once the user is successfully authenticated, he is redirected to the application successfully


Point to Remember:
· Once analytics is SSO enabled, the Log Out tab is invisible and the session stays live. To resolve this issue a custom Logout page can be designed and the details can be configured in the instanceconfig.xml file
<Auth>
<SSO enabled="true">
<ParamList>
<Param name="IMPERSONATE" source="httpHeader" nameInSource="SSO_UID"/>
</ParamList>
<LogoffUrl>
http://Custom Logout Page/access/oblix/lang/en-us/logout.html
</LogoffUrl>
</SSO>
</Auth>
· Access the analytics URL ending with '/ ' e.g. ' http://proxy_host:port/analytics/ ' or you’ll end up with '404 Not found error' (control stops at OAM Action URL) if you don’t specify '/' character in the end of the URL.

Thanks,
Satya Ranki Reddy

No comments:

Post a Comment