Obiee 11.1.1.5 integration with OAM
Hi,
I integrated OBIEE 11.1.1.5 with OID11g (as a part of OAM integration),all OID users are getting reflected into obiee.Im able to login in to the ‘analytics’ but not able to access the reports.Also I'm not able to assign any BI groups to OID users.
Have anyone faced this kind of a scenario?Can anyone please help me?
If anyone have done obiee 11.1.1.5 integration with oam 11g,please provide me the document which you followed.
Thanks in advance,
Fathima farsatha.
Edited by: 927873 on Jul 16, 2012 12:11 AM
Hi,
Please try to access Analytics Webservices by using 'analytics-ws' instead of only 'analytics' in the URL as below,
http://<Host Name>:<Port>/analytics-ws/saw.dll?WSDL
Give a try with below link it may help you..
http://onlineappsdba.com/index.php/2011/12/05/integrate-obiee-11g-with-oam-11g-for-single-sign-on-in-13-steps/
http://fusionsecurity.blogspot.com/2012/06/integrating-obiee-11g-into-weblogics.html
http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/sso.htm#CEGJBAED
Thanks
Deva
Similar Messages
-
Hi,
I am integrating OBIEE 11.1.1.5 with OAM 11gR1 (11.1.1.5).
I have configured as per section 12.3 of following link:
http://docs.oracle.com/cd/E22203_01/doc.31/e20664/chapter_12.htm#CHDFAFHH
After making all these configurtions, when i access:
http://<OHS server>:<OHS port>/analytics
User is getting prompted for auth from OAM. After successful auth, request gets redirected to WebLogic server hosting the OBIEE app. I have verified in OBI logs that the header value OAM_REMOTE_USER gets passed to OBI.
But even with all this, after successful OAM authentication, user is getting prompted with OBI login page.
Pls help.
ThanksHi Abhinay,
I have already make the following configurations as per the documentation:
To enable SSO:
1.Log in to OBIEE at
http://[OBIEE server:port]/em.
2.Click Farm_<OBIEEDomain>_domain > Business Intelligence > Coreapplication.
3.Click the Security tab.
4.Select Enable SSO.
5.Select SSO Provider: Oracle Access Manager.
6.Click Apply and Activate Changes.
Do we need to make some other configurations also at OBIEE EM ?
Thanks -
IBM websphere 6.1 integration with OAM
Hi,
1) Is the "interceptorClassName" Clases Name important? can i name it as other thing rather than what is stated in the documentation?
example:
According to the WAS integtraion guide the Interceptor classname is as: com.oblix.tai.was5.WebGate2TrustAssociationInterceptor
Can i change it to com.oblix.tai.was5.WebGateTrustAssociationInterceptor
2) Is there anywhere to verify that TAI is loaded properly and how do i test it?
================================================================================
Interceptor classname is under WAS, Secure administration -> applications, and infrastructure -> Trust association -> Interceptors
Thanks and Regards,
GreyThanks! i got the figure out. but i encouter something else while integrating with WAS
im trying to integrate OAM with WAS without reverse proxy and i followed the documentation religiously. in the documentation
Defining an Oracle Access Manager Policy Domain for WebSphere without Reverse Proxy_
Without reverse proxy, disabling SSO in WAS is required. I will need to protect the WebSphere Administrative Console SSL URL. Otherwise, I will not be able to access the console after disabling SSO in WAS. I have create the policy domain as the documentation.
■ Resource Type: http
■ Host Identifier: xxx
■ URL Prefix: _/ibm/console; and /admin_
■ Description: Used by NetPointWASRegistry TAI component.
Authorization Rules: Click the Authorization Rules tab, click Add, and then create and save an authorization rule to allow access to WebSphere Administrative
Console resources. For example:
a. Click General, then enter and save:
* Name: Allow Administrator.
* Description: Allow access to WebSphere Administrative Console resources.
* Enabled: Yes
* Allow takes Precedence: Yes
Without Reverse Proxy: Click Actions, then enter and save the following WebSphere Administrative Console SSL URL for Authentication Success. For example:
Redirect to: https://hostname:port/ibm/console *<- i found out that once I had this implemented. I will be going in an authentication cycle (keep getting authenticated and redirected back to the same page) because it is part of the resources I had it declare previously to be protected.*
Is there a work around or is it due to documentation error? -
OBIEE Installation doc's and integration with EBS 12.0.6.
HI,
I had installed OAS 10g with OSS and OID and integration with EBS R12.0.6.
Now I want to install OBIEE(On Linux) and wants to iuntegrate with SSO.
Please provide me the Master Doc for this and anyother private doc also if any.
thxHi,
Check this might be helpful... http://gerardnico.com/wiki/dat/obiee/linux_installation
http://onlineappsdba.com/index.php/2007/10/29/biee-installation-on-linux-business-intelligence-enterprise-edition/
To integrate with EBS check these.....http://it.toolbox.com/blogs/eye-on-obi/oracle-bi-applications-obiee-security-integration-with-oracle-ebusiness-suite-17246
http://obibb.wordpress.com/2010/07/30/integrating-oracle-ebs-and-oracle-bi-ee-part-i/
Thanks,
Srikanth -
OSB inbound http webservice integration with OAM
Hi,
I have a requirment where I need to protect OSB inbound http webservice with OAM. So that OAM can fetch the user details from webservice SOAP header & authenticate the user against LDAP.
Can someone tell me if this is a feasible approach. If yes, please share the details as to what configuration changes need to be done at OAM & OSB end.
If not, is there any alternative approach to secure webservice with OAM.
This webservice is not called from any web application. External sources dirctly make a call to this webservice through some java client.The solution to this issue is to put following line in mod_wl_ohs.conf file
MatchExpression /imaging WebLogicHost=test-ipm.atfoods.com|WebLogicPort=16000
The complete element will look like this.
<IfModule weblogic_module>
WebLogicHost test-ipm.atfoods.com
WebLogicPort 7001
Debug ALL
WLLogFile e:/logs/weblogic_ohs.log
MatchExpression /imaging WebLogicHost=test-ipm.domain.com|WebLogicPort=16000
</IfModule>
<Location /imaging>
SetHandler weblogic-handler
WebLogicHost 192.168.140.74
WeblogicPort 16000
Debug ALL
WLLogFile f:/log/wlipm.log
</Location>
Make sure that you use IP for Weblogic host in 2nd element and not the host name.
Thanks & Regards,
Vikrant Korde -
OBIEE 11.1.1.5 Integration with HFM 11.1.1.3
Hi,
We are in the process of integrating OBIEE 11.1.1.5 with HFM 11.1.1.3. We have client installed and we require Hyperion Application Builder(HAB) which is compatible with BEA web logic server 10.3.5. If possible Please share the link.
we found HAB(7.2.0) which is compatible with BEA weblogic server 8.1, but it is not compatible with weblogic server 10.3.5.
Please help if someone find related information ASAP.
Thanks.Hi,
Any suggestions please.
Regards, -
Hi Everyone!
I have configured a OAM(webgate)+OID+OBIEE+OHS system.
The OBIEE is protected via OHS(weblogic module) and webgate. It is working very well.
The OAM authenticates from OID(default user identity store).
The *"User Search Base"* is same ( *"cn=Users,dc=mydomain,dc=com"* ) in identity store and in OBIEE's OID authentication provider too.
The SSO is enabled in OBIEE and the providers are:
OID (Provider that performs LDAP authentication 1.0) SUFFICIENT
OAM Provider (Oracle Access Manager Identity Asserter 1.0) REQUIRED
DefaultAuthenticator (WebLogic Authentication Provider 1.0) SUFFICIENT
DefaultIdentityAsserter
IF the *"User Name Attribute"* is *"cn"* in OAM's user identity store and the OBIEE's OID provider's *"user name attribute"* is *"cn"* (default) too, everything is working fine.
But I have to use *"orclSAMAccountName"* instead of *"cn"* (OAM and OID provider). And in this case I have the problem.
In the OBIEE's OID provider are:
All Users Filter: (&(orclSAMAccountName=*)(objectclass=person))
User From Name Filter: (&(orclSAMAccountName=%u)(objectclass=person))
User Name Attribute: orclSAMAccountName
I made a test user:
cn=test
sn=test_sn
orclsamaccountname=test_sama
uid=test_uid
krbprincipalname=test_krb
I can authenticate with test_sama in OAM, but OBIEE say: *"You are not logged in here: Oracle BI Server."*
The bi log shows that:
+Default (self-tuning)'> <BISystemUser> <> <00093dFuR^HFW7PMye7i6G00052S000Tt7> <1345642607333> <BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User test javax.security.auth.login.LoginException: [Security:090300]Identity Assertion Failed: User test does not exist+
+oracle.security.jps.internal.api.jaas.AssertionException: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User test javax.security.auth.login.LoginException: [Security:090300]Identity Assertion Failed: User test does not exist+
Why does search OBIEE the *"cn"* and why does not use the *"orclsamaccountname"* ?
Any idea???
Regards, JaniHello Jani,
This is a known issue in OBIEE 11.1.1.6.0 , Please refer to : OBIEE 11.1.1.6 Agent failed with Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC [nQSError: 13039] The impersonator does not exist in the BI Security Service [ID 1446877.1]
We have configured OBIEE 11.1.1.6 on Linux and using Single Sign On (SSO) with Windows Native Authentication (WNA).
Configured AD Authenticator, selected sAMAccountName instead of CN for User Attribute. Enabled SSO in EM. When trying to access OBIEE Presentation services we have encountered the error below.
"You are not logged in here: Oracle BI Server."
When checking the biserver1 log file found : [Security:090300]Identity Assertion Failed: User OracleSystemUser does not exist
After applying the patch 13553428 on top of OBIEE 11.1.1.6.0 we have successfully logged into OBIEE Presentation services.
This works fine with OBIEE 11.1.1.5.0 and 11.1.1.6.1
Fixed in OBIEE 11.1.1.6.1. Apply Patch 13742915.
If you want to stay in OBIEE 11.1.1.6.0. Apply Patch 13553428.
Let me know if this solves the Asserter issue.
Pls mark if helpful or answered.
Thanks,
-SVS -
OBIEE 11.1.1.5 integration with Iphone
Hi All,
Can any one please let me know how to connect the OBIEE 11.1.1.5 to the iphone.
Steps i did:
1) VPN to the network from the iPhone
2) I did gave the host name,port number, analytics path and for the user name and password i tried the domain login credentials and the OBIEE login credentials
seems none of it is working
Error: Server Authentication failed: could not connect to the sever.[-1004]
Please let me know if i am missing anything.
Thanks in advance
Regards,Hi,
Kindly refer below link
http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10544/bimobile.htm
iBot Phone Delivery
Thanks
Deva -
OAM 11g integration with Kerberos on cluster with load-balanced virtualhost
Hello!
I need to make a Kerberos integration with OAM.
I find following notes about OAM 11g: WNA Configuration for HA Clusters [ID 1365888.1] (https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx?_afrLoop=223640518878014&type=DOCUMENT&id=1365888.1&displayIndex=1&_afrWindowMode=0&_adf.ctrl-state=14ehvbh4z2_61).
"In an OAM Clustered environment, the OAM Principal for WNA must be the same on all tiers i.e. the load-balanced virtualhost for the OAM cluster.
Therefore each OAM managed server will reference the same keytab file, generated for Principal HTTP/<virtualhost.domain>, and the keytab file will be in the same location on all OAM managed servers.
For example: ${DOMAIN_HOME}/domains/${DOMAIN_NAME}/config/fmwconfig/oam/<keytab filename>.
After copying the keytab file to the same directory on all OAM managed server machines, complete the configuration of the Kerberos authentication module in OAM Administration Console (/oamconsole).
The AdminServer will ensure that the oam-config.xml file on all OAM managed server tiers in the cluster is updated with this configuration."
The question is; When I generate oam.keytab with following command, What is the name of the server that I will must put in the command? Virtualhost (load-balanced), Node1 or Node2?
ktpass -princ HTTP/<servername>@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
Thanks in advance and best regards!
PS: Sorry if my english is not clear.David,
Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
Also make sure sso.mycomany.com has a reverse DNS configured correctly.
you can check using dig command
ping sso.mycomany.com
What ever the ip-address
dig -x <IP-ADDRESS>
Check in the reverse DNS section there should be 1 record.
;; ANSWER SECTION:
1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
Let me know if you have more questions.
Thanks
Saurabh -
Integrating Webcenter 11g (Discussions) with OAM for SSO
Hi,
I need some help in integrating Webcenter 11g with OAM 10g.
Objective:
=========
My customer is using Webcenter 11.1.1.2.0 and they are primarily using Discussions and wiki .I would like to integrate OAM with Webcenter for providing SSO.
Steps Followed:
============
I have followed the steps mentioned in the section 23.7.1 and 23.7.1.7 in the doc
http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBCEHGE
and also referred metalink note ID 829122.1
Scenario after integrating with OAM:
===========================
1.Accessed the dicussions url through OHS proxy http://<ohs_host>:<ohs_proxy>/owc_discussions
2.Click on Login button
3.OAM Login page appears
4.Provide credentials for orcladmin (admin user of OAM OID LDAP)
5.Discussions default login screen appears ( I dont expect this default login page,as I have already authenticated with OAM)
6.Provide orcladmin credentials
7.Login screen is keep on popping and not able to login
if i set owc_discussions.sso.mode=false,then looping (Step 7) is not occuring and could able to login.
Am I doing anything wrong here? Or is there a way I can make it work.
Thanks in Advance.Did you setup weblogic as per this doc? - http://download.oracle.com/docs/cd/E17904_01/webcenter.1111/e12405/wcadm_security_sso.htm#WCADM8175
-
OBIEE Integration with Oracle Access Manager (OAM)
Hi All,
I am new to OBIEE and not familiar with Security part. We have one request from the client to have OBIEE Integration with Oracle Access Manager (OAM) through eternal identity management tool (OID/other LDAP).
I tried google and found some information, but non of them has Step-by-Step process.
Does anyone has document or know good portal which gives step by step information on how to Integrate OBIEE with OAM using external identity management tool?
Appreciate if you share the information.Hi,
You can use this note/doc attached in the note to configure:
Oracle Access Manager (OAM) and Oracle Business Intelligence (OBI) Integration [ID 1217103.1]
Regards,
Jay -
OBIEE 10g integration with mapviewer
hello all,
i am trying integrate mapviewer map in obiee dashboard. and i am able to show maps which do not use bi answers data for any kind of interaction (i.e,no "nsdp" section in the map file). this works fine. if i am using any dashboard prompt to filter the map ( for example if want to see a particular county from a statewide map using dashboard prompt as filter) it is giving error as below:
*[MVThemeBasedFOIControl.foiLoaded] MAPVIEWER-05523: Cannot process response from MapViewer server. (MAPVIEWER-06009: Error processing an FOI request.*
Root cause:FOIServlet:Missing IN or OUT parameter at index:: 1)
there are two databases with same set of data. one is poc which was created by some one else. so we had to setup new schema to properly define all the data.
so problem occurs when using new schema as datasource. all the html datasource configurations are properly defined on mapviewer for new data.
followed these steps in setting up new schema:
->initially did not run any scripts nor created mvdemo , started clean and loaded the required tables using map builder from GIS shape files with geometry projected to world_mercator(54004). on the contrary POC schema two geometry columns in each table where one is actual coordinate system from GIS file and then it is projected to world_mercator system and loaded into second column using sql. all the geometry indexes looked similar.
->created all the mapping metadata exactly same as the POC. where all the themes uses world_mercator geometry.
both schemas are on same database. i have no idea of what causing the error when i use dashboard prompts. i am not sure if there are additional steps to be followed in creating database or if something else is missing some where. i have no prior experience with mapviewer and oracle spatial. this is kind of learning curve for me.
please let me know any suggestions or solutions .
regards,
mallik
Edited by: 863261 on Jun 2, 2011 12:33 PM
Edited by: 863261 on Jun 8, 2011 5:49 AMHello,
Is your environment similar to this in http://obiee-bip.blogspot.com/2010/10/obiee-integration-with-oracle-access.html or something different like diid you have create groups in OAM .?
Also assuming your repository groups and presentation catalog groups are already setup. In the different authorization init block you have created enable the ‘Required for Authentication’ check box.
NOTE: According to Oracle Access Manager (OAM) and Oracle Business Intelligence (OBI) Integration [ID 1217103.1]
Creation of group should be done by loging as Administrator user to rpd and webcat. This should be done on different machine that does not have OAM integration. With OAM integration only OAM user can log into presentation services and they don’t have Administrator user privileges.
Hope this helps. Pls mark if it does.
Thanks,
SVS -
Hi All,
Can I use OAM 10.1.4.3 (Authentication Provider & Identity Asserter) to implement SSO with weblogic App Server 10.3.0 or below?
OAM 10.1.4.3 Authentication Provider & Identity Asserter is the recommended way to configure SSO with Web Logic App server 10.3.1 ( Oracle Middleware 11g).
And
OAM 10.1.4.2 uses WebLogic SSPI to configure SSO between OAM 10g and WebLogic App Server 10.3.0 or below.Hi,
This is how the integration goes with different versions of WLS and OAM.
There is oamAuthnProvider.jar available with OAM 10.1.4.3 downloads. So it provides the assertion functionality.
Can I use OAM 10.1.4.3 (Authentication Provider & Identity Asserter) to implement SSO with weblogic App Server 10.3.0 or below?
Mahendra: Yes
OAM 10.1.4.3 Authentication Provider & Identity Asserter is the recommended way to configure SSO with Web Logic App server 10.3.1 ( Oracle Middleware 11g).
Mahendra: Yes, this is the recommended and easy approach.
OAM 10.1.4.2 uses WebLogic SSPI to configure SSO between OAM 10g and WebLogic App Server 10.3.0 or below.
Mahendra: Yes, older version of OAM uses SSPI connector installation.
HTH.
Mahendra. -
OAM 11g is supporting direct integration with E Business Suite ??
Hi All,
I have to integrate the OAM 11g with the E-Business suite, can i directly integrate the OAM 11g with E-Buz without going through the Oracle Single Sign On server ?
Please any one help me regarding this one.
Thanks & Regards,
VaasuDuplicate thread (please post only once).
Integrating E-Business suite with OAM 11g
Re: Integrating E-Business suite with OAM 11g -
OAM 11g is supporting direct integration with E Business ??
Hi All,
Is OAM 11g supporting Direct integration with E Business suite instead of going through the OSSO ??
Please give me some pointers how to do the OAM 11g and E Business suite integration.
Thanks & Regards,
Vaasu.Duplicate thread (please post only once).
Integrating E-Business suite with OAM 11g
Re: Integrating E-Business suite with OAM 11g
Maybe you are looking for
-
I hope the title says enough but im going to repeat it, I have my macbook a couple of months now and there is iTunes on it but when i want to download an app it doesnt appear on my screen is that because the app isnt for MacBook ? And is there an sto
-
what is output of this???? Shift l_deviation-dev_temp left deleting leading space. where l_deviation is an internal table.
-
I tunes will not let me sign in even the the secret questions
i tunes will not let me sign in even the the secret questions
-
ITunes proxy authorisation window does not appear (and account is being blocked randomly)
Many users have iTunes installed on their PC. iTunes requires proxy authorization to connect to internet. Appropriate popup window appears when opening iTunes and trying to open some internet-based page there. Entering current AD account credentials
-
Event propagation and inheritance
Hi, I have a button inheriting from another. In the ancester I have a CLICK event handler registered.I have another CLICK event handler in the descendent button. In the descendent I want to handle the CLICK event combined with the CTRL key. Without t