Implementing SSO in OBIEE 11g

Similar Messages

• Mapping Roles/Groups between Oracle EBS R12 and OBIEE 11g

  Hi,
  We are implementing OBIEE 11g with Oracle EBS R12 as source system. Also we are using Out of the box RPD for Oracle EBS R12.
  But we are facing lot of challenges to map OBIEE 11g groups and EBS roles and responsibilities. We do not have prior experience with EBS as source system.
  Can anyone tell how to map between obiee groups with Oracle E-Business suit R12
  Is there any document link or notes regarding this.
  Any information regarding this will be a great help.
  Thanks in advance

  Hi,
  I am also looking for the solution to implement SSO of OBI 11g with EBS r12, what i understand from your post that you have configured SSO between OAM and EBS R12.
  Below is the link to configure SSO between EBSR12 and OBI 11g.
  http://www.astcorporation.com/images/PDFs/White_Papers/2012/AST_White_Paper-EBS-OBIEE_11g_Integration.pdf
  I want one clarification from you , once you read the above article what is your opinion do we require OAM integration if we want only EBS SSO with OBI11g ? I am bit confused in this ?
  Whats the use of OAM in this integartion ?
  Can you please help me.
  Thanks in Advance.
  Regards,
  Tarang Jain

• SSO Implementation in OBIEE 11g

  Hi All,
  I have a requirement in OBIEE 11g to implement SSO for the users. The actual requirement is that OBIEE should be able to authenticate users when they access the OBIEE URL through windows authentication credentials that they have used to log in into their machine.
  Please let me know if this can be achieved and if so what are all the configuration changes that has to be made for this to work.
  Any pointers on this will be highly helpful.
  Thanks.

  Has anyone verified this with Oracle?
  The documentation would suggest otherwise (http://docs.oracle.com/cd/E14571_01/bi.1111/e10543/sso.htm) - but I've yet to try to make it work on 11g.
  Would be nice to know if it is at all possible (without having to install a separate IIS server to host it) before embarking on the setup.... :-S
  Regards,
  -Haakon-

• Establish SSO between OBIEE 10g/11g and SAP BW

  We would like to know if there is a provision in SAP to use
  Single-Sign-On mechanism between 3rd party reporting tool and SAP BW7,
  where in the 3rd party tool uses XMLA connector.
  The 3rd party tool that we are using is Oracle Business Intelligence
  Suite Enterprise Edition Plus (OBIEE version 10.1.3.4.1) which connects
  to SAP using XMLA connector.OBIEE is on Oracle Application Server (OC4J
  server). We would like to now if there is single-sign-on mechanism
  between OC4J and SAP.
  If we use OBIEE 11g using Weblogic would we have any additional options
  for single sign on with SAP BW7

  Hi,
  ABAP stack should support SAML in newer version (maybe 7.02). Anyway, SSO cookie has a simple structure and it's signed by private key. The receiving system just verifies signature using public key.I've seen somewhere on net that somebody uses proxy to authenticate user, generate SSO ticket and redirect user to SAP system. So you could try to implement custom solution. Obviously, these homemade solutions have disadvantages.
  Good luck,
  Cheers

• SSO in Microsoft Application, SQL Server 2005 & OBIEE 11g

  Dear Gurus,
  Any experienced how to enable SSO(Single Sign On) in OBIEE 11g, when the application platform is microsoft instead of Oracle EBS and the data source from SQL server 2005?
  I am new on this.
  Any help will be appreciated
  Regards
  JOE

  Hi,
  Try below link
  http://sranka.wordpress.com/2008/06/06/enabling-sso-authentication-for-obiee/
  http://gellio.wordpress.com/2009/10/23/enabling-oracle-single-sign-on-osso-with-obiee/
  OBIEE, OAS, OID, SSO Integration
  http://sranka.wordpress.com/2008/06/06/enabling-sso-authentication-for-obiee/
  http://www.addidici.com/blog/?p=8
  http://download.oracle.com/docs/cd/E12096_01/books/AnyDeploy/AnyDeploySSO3.html
  Check the security guide here,
  http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10543/sso.htm#CEGJJFED
  Hope thsi help's
  Thanks
  Satya

• OBIEE 11g and SSO with Browser Cookie

  In OBIEE 10g we were able to configure the Presentation Server to accept a browser cookie. The cookie value would be passed to the BI Server as the :USER variable. A BI Server Repository Initialization Block would execute a SQL SELECT statement which would return the PeopleSoft username based on the cookie value.
  We added the following to the 10g instanceconfig.xml:
  <CredentialStore>
  <CredentialStorage type="file" path="D:\oracle\OBIEE_UD\Data\web\config\credentialstore.xml" passphrase="another_secret" />
  </CredentialStore>
  <Auth>     
  <SSO enabled="true">
  <ParamList>
  <Param name="IMPERSONATE" source="cookie" nameInSource="PS_TOKEN"/>
  </ParamList>
  </SSO>
  </Auth>
  The Initialization Block SQL is:
  SELECT mGetTokenUserid(':USER') FROM DUAL
  mGetTokenUserid is a PL/SQL function which invokes a PeopleSoft web service. The web service simply returns the username for a valid PS_TOKEN cookie.
  The Initialization Block works fine in OBIEE 11g.
  Unfortunately the instanceconfig.xml settings from 10g do not work in 11g. There is also nothing in the OBIEE 11g documentation which discusses how to tell the system to use a specific cookie value for authentication.
  Any guidance as to where in the Fusion Middleware or WebLogic security documentation we might find details on how to get the system to pass the PS_TOKEN cookie to the BI Server in 11g?
  Thanks,
  Mark Johnson
  State of Minnesota

  Not a full answer but....
  , WebLogic can accept third party tokens as defined here:
  http://download.oracle.com/docs/cd/E14571_01/web.1111/e13718/ia.htm#DEVSP258

• Implement "Act As" in OBIEE 11g

  Hi,
  I am trying to implement the 'Act As' in OBIEE 11g using the same xml template that I used to implement the same in OBIEE 10g.
  But whenever I am providing the "Target USer" an error message pops up saying " *Invalid XML Payload: XML document must have a top level element.*"
  Below is the xml i am using
  <?xml version="1.0" encoding="utf-8" ?>
  <WebMessageTables xmlns:sawm="com.siebel.analytics.web.messageSystem">
  <WebMessageTable system="SecurityTemplates" table="Messages">
  <WebMessage name="LogonParamSQLTemplate">
  <XML>
  <logonParam name="RUNAS">
  <getValues>EXECUTE PHYSICAL CONNECTION POOL "SA"."Connection Pool" select targetID,TARGETNAME from PROXY where proxyId='@{USERID}'</getValues>
  <verifyValue>
  EXECUTE PHYSICAL CONNECTION POOL "SA"."Connection Pool" select targetNAME from PROXY where proxyId ='@{USERID}' and targetId='@{VALUE}'
  </verifyValue>
  <getDelegateUsers>
  EXECUTE PHYSICAL CONNECTION POOL "SA"."Connection Pool" select proxyId, proxyLevel from PROXY where targetId ='@{USERID}'
  </getDelegateUsers>
  </logonParam>
  </XML>
  </WebMessage>
  </WebMessageTable>
  </WebMessageTables>
  Thanks in advance,
  DS
  Edited by: DS on Dec 19, 2010 7:42 PM

  Hi All,
  after migration from 10 to 11 act is working but only sometimes.
  Sometimes the authentication with the user is refused.
  Is there a timeout parameter?
  Regards,
  Stefan Hess
  [email protected]

• Essbase SSO Token with OBIEE 11g

  Has anyone had success is setting up SSO token security in OBIEE 11g for Essbase. I have followed the steps in the documents of 11.1.1.x and still am not getting users to authenticate against the cube I am using. When I log in as one of those users, and view the report I get a invalid user.

  Hi J.A.M.
  If you got this working, please can you share the steps?
  Thanks!

• OBIEE 11G Implemented - Upgrading Oracle EBS 11g to R12

  We have OBIEE 11G implemented and are currently sourcing the data from Oracle EBS 11g.  We are upgrading our source database to R12 and need to know the impact on our Informatica mappings.  Can anyone point me to some documentation, or have leave some helpful hints on how to proceed with this project.  Thanks.

  Hello,
  I assume you are using BI APPS, there shouldn't be any impact on informatica mappings. Informatica comes with prebuit adapters for EBS 12 version, you need to use ORAR12 adapter.

• Implementing pyramid kind of chart in OBIEE 11G

  Hi All,
  We have reports developed in flash, where we have a pyramid report which is divided into 4 parts and top part will show no of partners associated to top 25% of bookings, and next part will show # of partners asociated to next 25% of bookings and so on.
  Now we need to get this report done in OBIEE 11G, I see that there is no Pyramid view report in OBIEE.
  can anyone let me know if there is any way to get this pyramid done in OBIEE11G
  OR
  suggest which report will best suite this requirement, if i go with other report types present in OBIEE11G...
  Thanks in advance...
  Edited by: user8708843 on Sep 27, 2011 4:07 PM

  Work around you can use Narrative view with HTML to get a pyramid kind of structure. not triangle one but rectangular boxes. You need to get html images rectangular,polygon and triangle in the HTML.

• Write Back implementation in OBIEE 11G

  Hi,
  i have created new table for implemetation of write back using obiee 11g.
  i have finished confirutation for that.but i am getting " THE SYSTEM NOT ABLE TO READ THE WRITE BACK TEMPLATE.PLEASE contact your system administrator.
  Could you please clearify this issue
  Regards,
  Akurathi

  Hi Cristian,
  You must use '' at script when call some column value. (use '@1' instead of @1)
  Tip.. note you can use your "WebMessage Name" (from your script, like "filling", "machine_filing") into your analisys.
  Hope this help
  Felipe Idalgo

• OBIEE 11g RPD password reset and Hierarchy implementation

  HI All,
  How to get the forgot password in OBIEE 11g. Please refer the below link you will get one good Suitable  solution.
  http://satyaobieesolutions.blogspot.com/2013/06/how-to-reset-forgotten-obiee-11g-rpd.html
  How to reset the forgot password in OBIEE 10g. Please refer the below link.
  ttp://satyaobieesolutions.blogspot.com/2013/06/how-to-reset-forgotten-obiee-10g-rpd.html
  How to create Time Hierarchy in OBIEE 11g:
  http://satyaobieesolutions.blogspot.com/2013/06/dimension-hierarchy-111170.html
  Hope this help's
  Thanks,
  Satya Ranki Reddy

  looks like there is a way to recover the lost passwords for RPD's using listcred() method of wlst
  look at the following doc http://www.rittmanmead.com/2011/04/oracle-bi-ee-11g-migrating-security-credential-store-part-3/
  Listing the Credential in Dev Environment:
  All the Credential Keys are generally stored in an encrypted format (the passwords). So, to migrate we will need to first extract these passwords and then do the migration to Production. The passwords can be extracted through the listCred() method of WLST. We need to be connected to the Admin Server for this method to work. The exact command is given below
  connect(“weblogic”,”welcome1″,”localhost:7001″)
  listCred(“DevMap”,”DevKey”)
  This will show the encrypted password entered inside the key as shown below
  And this is what we see in the enterprise manager.
  As you see, with listCred we are able to extract the full credentials. Now, lets try to see what is the default password for the BISystemUser.
  listCred(“oracle.bi.system”,”system.user”)
  In the same way lets extract the passwords of the SampleAppLite repository.
  listCred(“oracle.bi.enterprise”,”repository.SampleAppLite”)
  With this we can even extract the lost Repository passwords."
  i am going to try it out now

• OBIEE 11g agents are failed to connect to Essbase

  OBIEE 11g agents are failed to connect to Essbase. We are using :USER & :PASSWORD (SSO) in connection pool setting to connect to Essbase.
  User account exists in both OBIEE and Essbase. OBIEE dashboards which are based on Essbase are working fine. Essbase variables in RPD are upto date.
  Only agents are failing and error says invalid credentials, but dashboard pages are running without any issue.
  OBIEE: 11.1.1.5 (BP4)
  Essbase: 11.1.2.1
  Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError: 43119] Query Failed: [nQSError: 96002] Essbase Error: Login fails due to invalid login credentials (HY000)
  Essbase and OBIEE services are up and running.
  Any help will be appreciated.

  We finally implemented CSS Token option and ended up with this error. We are unable to connect to essbase with CSS Token option.
  We followed the Oracle document to implement this.
  [nQSError: 43119] Query Failed: EPMCSS-00301: Failed to authenticate user. Invalid credentials. Enter valid credentials. (HY000)
  We did update this property:
  JAVA_PROPERTIES="-Dplatform.home=${WL_HOME} -Dwls.home=${WLS_HOME} -Dweblogic.home=${WLS_HOME} -Didstore.identityAttribute=objectguid"
  Any help will be appreciated!

• Error while exporting to PDF document in OBIEE 11g

  Hi
  In OBIEE 11g we are facing an issue regarding exporting a few reports to pdf. It is resulting in following error: "Error generating PDF document".
  The reports are placed on a dashboard which has a prompt too. However, when we remove the prompts, the export is working fine.
  We will really appreciate any help in this regard.
  Thanks.

  Hi,
  Looks like this is a sort of known bug with PDF creator in 11g. Try implementing the below solution:
  To configure the Javahost service, edit the Javahost service configuration parameters in the
  instanceconfig.xml file. The parameters are
  identified by their relative path starting from the /WebConfig/ServerInstance node
  For example:
  <JavaHost>
  <PDF>
  <InputStreamLimitInKB>50000</InputStreamLimitInKB>
  </PDF>
  </JavaHost>
  After changes restart Siebel Analytics Java Host and Siebel Analytics Web services
  If it doesn't work try to create same report in xml publisher as presentations services in obiee has limited capacities in printing out reports.
  Refer to this thread for related useful information: Error in creating a PDF
  Hope it helps.
  Thanks,
  -Amith.

• OBIEE 11g - Integrating via external corporate website to OBIEE

  Hi all -
  Unusual challenge, our we offer a hosted application (SaaS) where our users are authenticated on our application. Recently, we've invested in OBIEE 11g and have successfully deployed recommended Oracle Enterprise Deployment. We have a custom security solution (user permissions in Oracle tables, not LDAP), and have not implemented Oracle Identity Mgmt and don't plan to.
  We would like to use GoURL / Action Framework to access Report content, dashboard content, content as port lets embedded in an app dashboard to an iFrame.
  My Question: can we configure OBIEE to accept just "username" without password in a trusted login scenario? we are trying not to expose password in URL (encrypted or clear text).
  We done an exhaustive search to review GoUrl, web service / soap calls, reviewing impersonator passcode techniques (everyone having same pad in initialization block), etc.
  Thank you in advance for your most needed responses,

  There is a good post that lead me on the way to solving this problem here:
  http://obiee101.blogspot.com/2010/07/obiee-remove-whole-portalbanner.html
  The code he posts won't work for 11g, but it's close.
  Paste this code into a text box on each page of your dashboard, make sure you check the box that says "contains HTML"
  <script type="text/javascript">
  var tds = document.getElementsByTagName('table');
  for (var td = 0; td < tds.length; td++) {
  if (tds[td].className != 'HeaderTopBar' && tds[td].className != 'HeaderSecondBar' ) {
  continue;
  if (tds[td].className == 'HeaderTopBar') {
  //alert (tds[td].className);
  var x = tds[td].parentNode;
  //alert (x.className);
  x.removeChild(tds[td]);}
  if (tds[td].className == 'HeaderSecondBar') {
  //alert (tds[td].className);
  var x = tds[td].parentNode;
  //alert (x.className);
  x.removeChild(tds[td]);}
  </script>