Steps to enable SSO with OBIEE.
Environment details ...SSO version: v1.2
OAS version 10.1.3.3.0
OBIEE version 10.1.3.4.1
Register the http://xyz.company.com/ url as parner application, then generate osso.conf file using iasobf command.
Eg: $ORACLE_HOME/Apache/Apache/bin/iasobf osso.txt
osso.conf root
II. Application Server Side Changes:
mod_osso.conf Changes :
a. To statically
protect the application URL, add the following to $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf in
between <IfModule mod_osso.c>.
<Location
/analytics>
Header unset Pragma
OssoSendCacheHeaders off
require valid-user
AuthType Basic
</Location>
- Also make sure OssoConfigFile is there and pointing to right osso.conf file.
Eg: OssoConfigFile
/sxrpam/oas/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/osso/osso.conf
httpd.conf Changes :
- Uncomment following fine in …./conf/ httpd.conf and make sure it is pointing right mod_osso.conf file.
include
"/sxrpam/oas/product/10.1.3.1/OracleAS_1/Apache/Apache/conf/mod_osso.conf"
- Make sure the Servername parameter in
httpd.conf is set to machine alias name
ServerName xyz001.domain.com
- Give ServerName as url and port within <VirtualHost *:*> tag.
<VirtualHost *:*>
ServerName
xyz.company.com
Port 80
</VirtualHost>
To enable SSO
Authenication for Oracle BI Presentation Server
Step 1: Create the Oracle BI Server
Impersonator User:
1 Open the Oracle BI Server repository file (.rpd) using Oracle BI
Administration Tool.
2 Select Manage >
Security to display the Security Manager.
3 Select Action >
New > User to open the User dialog box.
4
Enter a name and
password for this user.
For example, Name = Impersonator and
Password = secret
5 Click OK to
create the user.
6 Make this user a member of the group Administrators.
Step 2: Add Impersonator user credentials to Oracle
BI Presentation Services Credential Store:
1 Open a command prompt window or command shell on the machine where
Oracle BI Presentation Services has been installed.
2 Navigate to the directory OracleBI_HOME\web\bin on Windows. This is the location for the CryptoTools
utility.
3 Execute the CryptoTools utility to add the impersonator user
credentials to the Oracle BI
Presentation Services Credential
Store:
Syntax:
cryptotools credstore -add -infile
<OracleBIData>/web/config/credentialstore.xml
Eg:
cryptotools credstore -add –infile <OracleBIData>/web/config/credentialstore.xml
>Credential
Alias: impersonation
>Username:
Impersonator
>Password:
Impersonator
>Do
you want to encrypt the password? y/n (n): secret
>Passphrase
for encryption: Impersonator
>Do
you want to write the passphrase to the xml? y/n (y):
Step 3: Configure the Oracle BI
Presentation Services to identify the Credential Store and decryption
passphrase. (Updates
instanceconfig.xml file)
1 Open the instanceconfig.xml file for editing.
2 Locate the <CredentialStore> node within this file.
Specify attribute values as
shown below. If the <CredentialStore> node does not exist, create
this element with sub-elements
and attributes with attribute values as shown in the following
example.
<WebConfig>
<ServerInstance>
<!-- other settings ... -->
<CredentialStore>
<CredentialStorage type="file"
path="/OracleBIData/web/config/credentialstore.xml"
passphrase="secret"/>
</CredentialStore>
<!-- other settings ... -->
</ServerInstance>
</WebConfig>
Step 4:
Configure BI Presentation Services to operate in SSO environment: (Also
updates instanceconfig.xml file). In environments where
Single Sign-On (SSO) is enabled, you can configure log out and log on links to
appear on Oracle BI Presentation Services screens.
1 Open instanceconfig.xml for editing. Locate the <Auth>
element. If this does not exist, create
this element, sub-elements and
parameters as shown in the following example:
<!-- other settings ... -->
<Auth>
<SSO
enabled="true">
<ParamList>
<Param
name="IMPERSONATE" source="serverVariable" nameInSource="REMOTE_USER"/>
</ParamList>
<LogoffUrl>https://ls_logout </LogoffUrl>
<LogonUrl>https://ls_login </LogonUrl>
</SSO>
</Auth>
<!-- other settings ... -->
No comments:
Post a Comment