INTEGRATING PUBLISHER WITH OBI EE SECURITY USING LDAP

Similar Messages

• Security - using LDAP groups

  I want to protect my EJB using LDAP groups. WLS is recognizing WLS users but unable
  to recogniz groups. Here is my weblogic-ejb-jar.xml
  <security-role-assignment>
  <role-name>channel-role</role-name>
  <principal-name>system</principal-name>
  <principal-name>mygroup</principal-name>
  <principal-name>cn=mygroup,ou=groups,o=mycompany</principal-name>
  </security-role-assignment>
  It recognizes user system but not the group. LDAP group is cn=mygroup,ou=groups,o=mycompany.
  When I pass the credentials from the client of a uniquemember, WLS generates a
  security exception. It won't recognise mygroups or cn=mygroup,ou=groups,o=mycompany
  either.
  Any suggestions?
  Thanks
  -Surya

  Yes, It has impact. You create groups in the Repository & Answers and assign the object level permissions.
  You Populate Group Variable during authentication via LDAP server. Once you login with X name you see the authorized groups in the my account.
  For dashboard A - For group Executive - User X - You have given full access.
  Now you have changed the Group name to AD_Executive. When You Login variable values would be
  User - X
  Group - Ad_Executive
  Dashboard A - No permissions.
  If you have a scenario of changing the group names then get Groups from database using Init block after authorization.

• Authentication Problem with ACS 5.2 Using LDAP

  HI!
  I  want to use LDAP for connecting to active directory but I get this   Error from ACS 5.2 ( 22056 subject not found in the applicable identity  stores).Is there anyone who can HELP me?
  I used this configuration in ACS 5.2:
  Users and Identity Stores / External identity store / ldap / Directory Organization
  Subject ObjectClass : User
  Subject Name attribute ; sAMAccountName
  Group ObjectClass : Group
  Group Map Attribute : MemberOf

  Two questions:
  - did you press "Test Bind to Server" from LDAP "Server Connection" tab and "Test Configuration" from "Directory Organization" tab?
  - did you select the LDAP database as the result in the identity policy?

• ADF Security integration with Web Logic Security using SQL authenticator

  Hi,
  I was trying to find a suitable way of handling the following requirements:
  1. Administrators should be able to create the roles, groups, users and assign users to roles.
  2. User, Roles, Groups should be stored in DB and Users need to be authenticated accordingly.
  3. I need to be able to map roles with security permissions on Taskflows, JSF Pages, on UI level using groovy expressions and even at Entities level.
  I performed the following tasks:
  1. I created back end Security tables, created SQL authenticator as provider and defined the queries in it then I created ADF Application and used JMX APIs to call the SQL authenticator to perform its operations.
  2. I defined the roles and respective resource permissions in ADF i.e. Jazn xml file because my requirement no 3 would not be achievable without using ADF security.
  Now in this scenario how I can login a user in ADF context and assign roles programmatically that I authenticated from JMX APIs? Or is there any other suitable way to handle these requirements?
  Thanks.
  -Moeen

  Hi Charu,
  Thanks for your reply.
  Can we programmatically add a user in adfsecuritycontext as a currently logged in user, a user which is not present in jazn.xml file? If yes then can we programmatically assign the roles which are defined in jazn.xml to that specific user?
  Moeen

• BI Publisher with Siebel 8.1 using custom SQL data source

  Hello ,
  We have Siebel 8.1 implemented with embedded BI Publisher for reporting .
  For some custom requirements , we want to connect to other oracle database table and display the results in Siebel reporting environment .
  I know this is possible with normal BI Publisher environment . But Since I am new to Siebel , I am not sure it will work with SQL as data source .
  Could you please guide me how to do that (if feasible )
  Thanks and regards
  Amit

  Hi,
  I am trying to call the a BIP Report in a workflow. I do several steps prior and then do an insert into the Report Output BC to get the Run Id and then a step to Generate the report output calling XMLP Driver Service with method GenerateBIPReport. I am passing in the argurments but I am unsure of all the dwtails as there isnt alot of documentation on using it in workflow. Can you please assist me or point me to some documentation> I followed the Information of the Doc ID 823360.1 but I may be missing something. Not sure how it knows what to include. Thought it was the bookmark input but not sure. I want to pass it an activity id and return the data associate with that activity (ei. orders). Thanks in advance.... Tracy

• Installation & Integrating Publisher with Presentation Service

  Hello All,
  I installed presentation services on one machine (let's A) on IIS, BI publisher & BI Servers are on other machine (B) on OC4J. since, i can't directly use IIS for BI Publisher as per the documentation.
  Installation went well.
  After logging into my publisher, i configured integration part of presentation service which points to machine: A. And, at this place, i'm able to browse the BI
  Answer report & can see the results in xml view. Also, able to navigate to dashboard from publisher.
  But, if i try to browse any bi publisher report, which is in Machine: B, i'm getting error: An error occured while connecting to BI Publisher Enterprise. Please contact your administrator.
  Can, somebody helps me in browse publisher reports & run them.

  Got it,
  it's happened because, i didn't congifure xmlpserver tags of instanceconfig.ini to the machine name, where publisher is installed.

• Integration of BI Publisher with presentation services

  Hello,
  I have installed and configured OBI Answers and Publisher in a Linux infrastructure and configured thro' Websphere/IHS. Answers/Dashboards is working fine. I am trying to integrate BI publisher with OBI answers/dashboards. This is working fine through OC4J but when I try to integrate through Websphere, I get a crypto error.
  I have to deployed a plug-in in web server and tried to integrate BI publisher with presentation services through "cryptotools" and configuring it through instance config. When I hit http://myserver:port/xmlpserver I get "Error 500: com.phaos.crypto.CipherException ". Similarly when I select more products/BI Publisher through OBI Dashboards/Answers, I get the following
  Reporting Login: java.lang.NoClassDefFoundError: com.phaos.crypto.CipherException; nested exception is: java.lang.NoClassDefFoundError: com.phaos.crypto.CipherException
  I feel this is a common issue across both the end points. Has anyone come across this type of issue or similar issue ?
  Help is greatly appreciated.
  thx
  Dinesh

  I'm installing 10.1.3.4 and YES, i have installed BIP war in Websphere.
  I think I may have resolved my original problem but faced with a different one now. I am able to logon to BI publisher standalone and integrated with OBI Answers (thro websphere). But when i click the dashboards link from BI Publisher, its going to the default OC4J installation and not my websphere. The similar re-direction works fine from OBI - Publisher but not from Publisher - OBI.
  I need to find out, how its finding the server name and port to redirect from BIP -> OBI. Can you guys help please ?
  thx
  dinesh Veera

• Integrating Oracle BI Publisher with Oracle Single Sign-on security.

  I am trying to integrate BI Publisher with Oracle Single Sign-on running on a different machine.
  The BI Publisher is installed with an Oracle application server 10.3.1 (includes a HTTP server). These are the steps I followed:
  1) Registered BI publisher as a partner application in the Oracle SSO admin console which generated a single sign-off url.
  2) Made the required modifications in the mod_osso.xml config file.
  3) On the BI publisher admin page went to the securities tab and opted the SSO security and entered the single sign-off url generated in the previous step.
  4) Restarted the Oracle ID mgt infrastructure and the BI pub server.
  The BI pub login is not getting redirected to the SSO page.
  Please let me know as what is that I am missing. I've been cracking my head with this for quite long - any help will be highly appreciated.

  "user589320"
  APEX is only using BI Publisher to transform the XML data of your report and the template you provide into PDF, Word or Excel. For this, APEX sends the XML data and the template to BI Publisher, and BI Publisher sends back to completed document. So there's nothing stored in BI Publisher, all templates, report definitions, etc are stored in the APEX schema. This has the advantage that you can reference item values and other information in your print documents, and it also ensures that you don't have to access the database again from within BI Publisher, i.e. you don't need to communicate any authentication information to BI Publisher.
  Of course BI Publisher itself also provide the ability to store reports and to store templates. But those are not accessible from APEX through the built-in integration. You can however use the same templates you use for BI Publisher directly on load them into APEX for use there.
  Lastly, if you want to use and print reports in both BI Publisher and your APEX applications, you can do that through web services, take a look at Tyler Muth's BLOG for more information on this topic:
  http://tylermuth.wordpress.com/2008/03/31/call-bi-publisher-web-services-from-apex/
  Regards,
  Marc

• Java ftp server which can use LDAP, how to integrate with WLS' implementation of LDAP?

  Howdy.
  I'm setting up a java ftp server
  (http://www.mycgiserver.com/~ranab/ftp/index.html) which is capable of using
  LDAP for it's user security. I would like to integrate this ftp server with
  wls' implementation of LDAP so I only have to admin one user list.
  Does wls put it's user list in the LDAP or in it's own proprietary setup? I
  tried playing around with it, but the users don't seem to appear in the JNDI
  tree. Is this where the LDAP stuff is located? I thought it was in there?
  If it's in it's own setup, is there a way to propagate the users to LDAP?
  If these look like newbie Q&A, I guess they kind of are, I'm new to LDAP.
  Thanks for any input you might have.

  Peter,
  If you are talking about using the embedded LDAP server in WLS 7.0 for this purpose
  I think you are going done the wrong path.
  Look at the following URL on how to use an external LDAP server for your custom
  application
  http://e-docs.bea.com/wls/docs70/secmanage/realm.html#1172008
  Chuck Nelson
  DRE
  BEA Technical Support

• What is the mean of using Portal with Role Based security as entry point

  Hi Experts we have requirement of integration of Portal and MDM
  I am completely new to the MDM. So please give me some idea , what is the meanin for following points.
  1) Using the Portal with Role Based security as entry point for capacity and Routing Maintaince(These two are some modules).
  2) Additionally , Portal should have capability to enter in to the MDM for future master data maintence. Feeds of data will need to be come from  SAP 4.6c
  Please give me the clarity of what is the meanin of second point
  Regards
  Vijay

  Hi
  It requires the entire land scape like EP server and MDM server both should be configured in SLD.
  Your requirement is maintaing and updating the MDM data with Enterprise portal.We have some Business Packages to install in Portal inorder to access the functionality of MDM.
  Portal gives you a secure role based functionality of MDM through Single sign on (login into the portal access any application) to their end users.
  Please go through this link
  http://help.sap.com/saphelp_mdmgds55/helpdata/EN/45/c8cd92dc7f4ebbe10000000a11466f/frameset.htm
  You need to develope some custom applications which should be integrated into the portal to access MDM Server master data
  The estimation involves as per your requirement clearly
  Its depends upon the Landscape settings, Requirement complexity,Identify how many number of custom applications need to be developed
  Regards
  Kalyan

• Using LDAP as security realm

  Hi,
  Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
  for Weblogic Personalization and Commerce 3.5.
  Using the WLCS console, I've modified the config.xml file and following
  elements are added:
  <LDAPRealm AuthProtocol='simple' Credential='admin'
  GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
  GroupUsernameAttribute='uniquemember'
  LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
  Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
  UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
  UserNameAttribute='uid'/>
  <CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
  Name='wlcsCachingRealm'/>
  But when we try to restart the WLCS, it throws java exceptions that context
  is not initialized and I get the following error
  <Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
  ser
  ver: 'Fatal initialization exception
  Throwable: weblogic.security.ldaprealm.LDAPException: could not get
  context - wi
  th nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
  Credential
  s]]]
  weblogic.security.ldaprealm.LDAPException: could not get context - with
  nested e
  xception:
  I tried using Windows NT as a security realm but that gave me errors too.
  Does anyone has any experience using anything other than the default Realm?
  Any help would be appreciated. Thanks!
  Asim Raja
  [email protected]

  I'm not sure, but I suspect you can't
  since this would create a circular dependency -
  your realm would rely on the upper level security
  checking calls but those calls would rely on your
  realm.
  My suggestion is to give it a try and see what
  happens.
  -Tom
  Ozcan ADIYAMAN <[email protected]> wrote:
  Hi ,
  I am implementing a simple custom security realm using LDAP as the
  security store and I can see the users, groups and acls from the admin
  console.
  My question is (a custom realm newbie question) ;
  Is it possible to use weblogic.security.acl.Security with my custom
  realm to check permissions, get the current user,etc.,
  OR
  is this class ONLY used with default realms (when ACL is stored in a
  file) ?
  Thanks
  Ozcan

• OEL ldap client setup with SSL against OID using either ldaps or starttls

  Hi, I've got OID 11.1.1.1.0 running with SSL enabled on port 3132. It's running in mode 2, SSL Server Authentication mode (orclsslauthentication is set to 32). I'd like to setup my OEL 5.3 and Solaris 10 ldap clients to connect to OID using SSL for user authentication. I have everything already working on the non-SSL port (3060), but I need to switch over to SSL. So far I can't get it to work on either OEL or Solaris. Does anyone out there know how to configure the client to use SSL?
  Here's my /etc/ldap.conf file on OEL 5.3.
  timelimit 120
  bind_timelimit 120
  idle_timelimit 3600
  nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
  URI ldaps://FQDN:3132/
  port 3132
  ssl yes
  host FQDN
  base dc=DOMAIN,dc=com
  pam_password clear
  tls_cacertdir /etc/oracle-certs
  tls_cacertfile /etc/oracle-certs/oid-test-ca.pem
  tls_ciphers SSLv3
  # filter to AND with uid=%s
  pam_filter objectclass=posixaccount
  #The search scope
  scope sub
  I have /etc/nsswitch.conf set to check for files first, then ldap
  passwd: files ldap
  shadow: files ldap
  group: files ldap
  Here's my /etc/openldap/ldap.conf file
  URI ldaps://FQDN:3132/
  BASE dc=DOMAIN,dc=com
  TLS_CACERT /etc/openldap/cacerts/oid-test-ca.pem
  TLS_CACERTDIR /etc/openldap/cacerts
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  The oid-test-ca.pem is a self-signed cert from the OID server. I also have the hash file configured.
  4224de9f.0 -> oid-test-ca.pem
  I can run ldapsearch using ldaps and it works fine.
  ldapsearch -v -d 1 -x -H ldaps://FQDN:3132 -b "dc=DOMAIN,dc=com" -D "cn=user,cn=users,dc=DOMAIN,dc=com" -w somepass -s sub objectclass=* | more
  But when I run the 'getent passwd' command, it only shows me my local user accounts and none of my ldap accounts. I also can't SSH in using a ldap account.
  Solaris 10 is actually a whole other beast...I'm using the native Solaris ldap client (not PADL based) and I don't think it even works with SSL unless you're using the default ports (389/636).
  Does anyone out there know how to setup the client-side for ldap authentication using SSL? Any tips, howto docs, or advice are appreciated. Thanks!

  Hello again...
  after some research and work together with Oracle Support I found out how to get it to work:
  1. You have to create your own ConfigSet in OID using
  SSL-Server-Authentication
  (OpenSSL seems not to support SSL-encryption-only).
  The following link shows on how to do that:
  http://otn.oracle.com/products/oid/oidhtml/oidqs/html_masters/a_port01.htm
  2. Add the following lines to your $HOME/ldaprc
  TLS_CACERT /home/frank/oid-caroot.pem
  TLS_REQCERT allow
  TLS_CIPHERS SSLv3
  ssl on
  tls_checkpeer no
  oid-caroot.pem is the CA-Root Certificate you got
  during step 1
  3. you should now be able to use ldapsearch using SSL
  If you still can't connect using SSL you may have run into another issue with OpenSSL which affects systems using OpenSSL version 0.9.6d and above. The problem seems to be caused by an security fix which may not be compliant with the SSL implementation of Oracle.
  I opened an Bug for that problem with RedHat. This Bug Description also includes an proposal for an Patch which solves the problem (but may introduce some security risks). See the Bug at RedHat:
  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123849
  Bye
  Frank Berger

• Configuring ADF Security to use LDAP

  HI All
  We are building an application which is secured using SSO authentication. We have an LDAP setup for this.
  During development, we wanted to configure LDAP in ADF Security Wizard in Jdeveloper for authentication. I tried the following in ADF Security Wizard in the 10 steps of the wizard:
  1) Configure ADF for Web Application, enforce Authorization
  2) Enable Credential Store
  3) No Policy Store
  4) LDAP Identity Store
  5) Enter LDAP credentials, LdAp URL, user base
  6) No Anonymous Provider
  7) Did not select any login module
  8) Form Based Authentication, generate default
  9) Added pages that need to be secured
  10) Finish
  The login page is rendered whenever i try to access a protected page. But when I enter the LDAP user credentials for login, it does not work. It says "You are not authorized to view this page".
  Is there anything missing in the setup that is causing the issue. Any pointers on this would be helpful.
  Thanks
  Srinidhi.

  Hi,
  note that there don't exist documentation for configuring ADF Security in JDeveloper 11 with LDAP. In general, ADF Security in JDeveloper 11 is not yet ready for SSO and LDAP testings and still is under development. Note that LDAP authentication - as container managed authentication - is configured in the jps-config.xml file of the deployed application. However, as said, its not documented and would be just too much at this point to put into a forum answer
  Frank

• Integrating EP with R/3, BW & third party systems such as LDAP directories

  Hi Expersts,
     I am looking for Integrating EP with R/3, BW & third party systems such as LDAP directories and Portal application development using HTMLB. Can any one send the related information. if you send the detailed documents with real time scenarios it could be very useful for me. Please send the docs to [email protected]
  Thanks in advance.

  hi praveen,
  refer to this links of integrating EP with BW.it will be useful....
  <b>https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/a5067965-0901-0010-6f8a-bbf0b7424283,
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/6b1472a7-0301-0010-64bd-dc96509db6f7,
  The Architect's World - Episode 23>
  /* points r welcome for a helpful answer*/

• Integration of Oracle BI Publisher with Oracle Business Intelligence Enterp

  Hi,
  I have started the tutorial " Integration of Oracle BI Publisher with Oracle Business Intelligence Enterp" today but got stuck at the very first step.
  The tutorial shows that I can see "SH" and "CountryManagers" in the shared folder but I only see the Paint Demo rpd.
  I previously completed the "Creating a Repository Using the Oracle Business Intelligence Administration Tool " tutorial.
  Do I need to learn anything prior to this tutorial .
  I already have the default rpd as SH in NQSConfig.ini
  Please suggest.
  Thanks

  Nico,
  That didnt help.
  I already have the
  Star = SH.rpd, default; set
  I have tried restarting OC4J and Oracle BI Server.
  Is there someplace where we need to put the rpd so that it appears in the shared folders.
  Even if the Paint Demo rpd is seen, when I try to view the reports I get the following errors:
  View Display Error
  Odbc driver returned an error (SQLExecDirectW).
  Error Details
  Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P:OI2DL65P
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 27004] Unresolved table: "Paint". (HY000)
  SQL Issued: {call NQSGetQueryColumnInfo('SELECT "Sales Measures"."% Chg Year Ago Dollars", "Sales Measures"."Chg Year Ago Dollars", "Sales Measures"."Year Ago Dollars", "Sales Measures".Dollars, Markets.Market, Markets.Region, Periods."Year", Products.Brand, Products.UPC FROM Paint')}
  SQL Issued: SELECT "Sales Measures"."% Chg Year Ago Dollars", "Sales Measures"."Chg Year Ago Dollars", "Sales Measures"."Year Ago Dollars", "Sales Measures".Dollars, Markets.Market, Markets.Region, Periods."Year", Products.Brand, Products.UPC FROM Paint
  Hope this helps.
  Any help is appreciated.
  Thanks in advance