Obiee 11.1.1.5 integration with OAM

Similar Messages

• OBIEE 11.1.1.5 SSO integration with OAM 11gR1 (11.1.1.5)

  Hi,
  I am integrating OBIEE 11.1.1.5 with OAM 11gR1 (11.1.1.5).
  I have configured as per section 12.3 of following link:
  http://docs.oracle.com/cd/E22203_01/doc.31/e20664/chapter_12.htm#CHDFAFHH
  After making all these configurtions, when i access:
  http://<OHS server>:<OHS port>/analytics
  User is getting prompted for auth from OAM. After successful auth, request gets redirected to WebLogic server hosting the OBIEE app. I have verified in OBI logs that the header value OAM_REMOTE_USER gets passed to OBI.
  But even with all this, after successful OAM authentication, user is getting prompted with OBI login page.
  Pls help.
  Thanks

  Hi Abhinay,
  I have already make the following configurations as per the documentation:
  To enable SSO:
  1.Log in to OBIEE at
  http://[OBIEE server:port]/em.
  2.Click Farm_<OBIEEDomain>_domain > Business Intelligence > Coreapplication.
  3.Click the Security tab.
  4.Select Enable SSO.
  5.Select SSO Provider: Oracle Access Manager.
  6.Click Apply and Activate Changes.
  Do we need to make some other configurations also at OBIEE EM ?
  Thanks

• IBM websphere 6.1 integration with OAM

  Hi,
  1) Is the "interceptorClassName" Clases Name important? can i name it as other thing rather than what is stated in the documentation?
  example:
  According to the WAS integtraion guide the Interceptor classname is as: com.oblix.tai.was5.WebGate2TrustAssociationInterceptor
  Can i change it to com.oblix.tai.was5.WebGateTrustAssociationInterceptor
  2) Is there anywhere to verify that TAI is loaded properly and how do i test it?
  ================================================================================
  Interceptor classname is under WAS, Secure administration -> applications, and infrastructure -> Trust association -> Interceptors
  Thanks and Regards,
  Grey

  Thanks! i got the figure out. but i encouter something else while integrating with WAS
  im trying to integrate OAM with WAS without reverse proxy and i followed the documentation religiously. in the documentation
  Defining an Oracle Access Manager Policy Domain for WebSphere without Reverse Proxy_
  Without reverse proxy, disabling SSO in WAS is required. I will need to protect the WebSphere Administrative Console SSL URL. Otherwise, I will not be able to access the console after disabling SSO in WAS. I have create the policy domain as the documentation.
  ■ Resource Type: http
  ■ Host Identifier: xxx
  ■ URL Prefix: _/ibm/console; and /admin_
  ■ Description: Used by NetPointWASRegistry TAI component.
  Authorization Rules: Click the Authorization Rules tab, click Add, and then create and save an authorization rule to allow access to WebSphere Administrative
  Console resources. For example:
  a. Click General, then enter and save:
  * Name: Allow Administrator.
  * Description: Allow access to WebSphere Administrative Console resources.
  * Enabled: Yes
  * Allow takes Precedence: Yes
  Without Reverse Proxy: Click Actions, then enter and save the following WebSphere Administrative Console SSL URL for Authentication Success. For example:
  Redirect to: https://hostname:port/ibm/console *<- i found out that once I had this implemented. I will be going in an authentication cycle (keep getting authenticated and redirected back to the same page) because it is part of the resources I had it declare previously to be protected.*
  Is there a work around or is it due to documentation error?

• OBIEE Installation doc's and integration with EBS 12.0.6.

  HI,
  I had installed OAS 10g with OSS and OID and integration with EBS R12.0.6.
  Now I want to install OBIEE(On Linux) and wants to iuntegrate with SSO.
  Please provide me the Master Doc for this and anyother private doc also if any.
  thx

  Hi,
  Check this might be helpful... http://gerardnico.com/wiki/dat/obiee/linux_installation
  http://onlineappsdba.com/index.php/2007/10/29/biee-installation-on-linux-business-intelligence-enterprise-edition/
  To integrate with EBS check these.....http://it.toolbox.com/blogs/eye-on-obi/oracle-bi-applications-obiee-security-integration-with-oracle-ebusiness-suite-17246
  http://obibb.wordpress.com/2010/07/30/integrating-oracle-ebs-and-oracle-bi-ee-part-i/
  Thanks,
  Srikanth

• OSB inbound http webservice integration with OAM

  Hi,
  I have a requirment where I need to protect OSB inbound http webservice with OAM. So that OAM can fetch the user details from webservice SOAP header & authenticate the user against LDAP.
  Can someone tell me if this is a feasible approach. If yes, please share the details as to what configuration changes need to be done at OAM & OSB end.
  If not, is there any alternative approach to secure webservice with OAM.
  This webservice is not called from any web application. External sources dirctly make a call to this webservice through some java client.

  The solution to this issue is to put following line in mod_wl_ohs.conf file
  MatchExpression /imaging WebLogicHost=test-ipm.atfoods.com|WebLogicPort=16000
  The complete element will look like this.
  <IfModule weblogic_module>
  WebLogicHost test-ipm.atfoods.com
  WebLogicPort 7001
  Debug ALL
  WLLogFile e:/logs/weblogic_ohs.log
  MatchExpression /imaging WebLogicHost=test-ipm.domain.com|WebLogicPort=16000
  </IfModule>
  <Location /imaging>
  SetHandler weblogic-handler
  WebLogicHost 192.168.140.74
  WeblogicPort 16000
  Debug ALL
  WLLogFile f:/log/wlipm.log
  </Location>
  Make sure that you use IP for Weblogic host in 2nd element and not the host name.
  Thanks & Regards,
  Vikrant Korde

• OBIEE 11.1.1.5  Integration with HFM 11.1.1.3

  Hi,
  We are in the process of integrating OBIEE 11.1.1.5 with HFM 11.1.1.3. We have client installed and we require Hyperion Application Builder(HAB) which is compatible with BEA web logic server 10.3.5. If possible Please share the link.
  we found HAB(7.2.0) which is compatible with BEA weblogic server 8.1, but it is not compatible with weblogic server 10.3.5.
  Please help if someone find related information ASAP.
  Thanks.

  Hi,
  Any suggestions please.
  Regards,

• OBIEE 11.1.1.6 SSO with OAM 11.1.1.5: OID 11.1.1.6 attribute problem

  Hi Everyone!
  I have configured a OAM(webgate)+OID+OBIEE+OHS system.
  The OBIEE is protected via OHS(weblogic module) and webgate. It is working very well.
  The OAM authenticates from OID(default user identity store).
  The *"User Search Base"* is same ( *"cn=Users,dc=mydomain,dc=com"* ) in identity store and in OBIEE's OID authentication provider too.
  The SSO is enabled in OBIEE and the providers are:
  OID (Provider that performs LDAP authentication     1.0) SUFFICIENT
  OAM Provider (Oracle Access Manager Identity Asserter     1.0) REQUIRED
  DefaultAuthenticator     (WebLogic Authentication Provider     1.0) SUFFICIENT
  DefaultIdentityAsserter
  IF the *"User Name Attribute"* is *"cn"* in OAM's user identity store and the OBIEE's OID provider's *"user name attribute"* is *"cn"* (default) too, everything is working fine.
  But I have to use *"orclSAMAccountName"* instead of *"cn"* (OAM and OID provider). And in this case I have the problem.
  In the OBIEE's OID provider are:
  All Users Filter: (&(orclSAMAccountName=*)(objectclass=person))
  User From Name Filter: (&(orclSAMAccountName=%u)(objectclass=person))
  User Name Attribute: orclSAMAccountName
  I made a test user:
  cn=test
  sn=test_sn
  orclsamaccountname=test_sama
  uid=test_uid
  krbprincipalname=test_krb
  I can authenticate with test_sama in OAM, but OBIEE say: *"You are not logged in here: Oracle BI Server."*
  The bi log shows that:
  +Default (self-tuning)'> <BISystemUser> <> <00093dFuR^HFW7PMye7i6G00052S000Tt7> <1345642607333> <BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User test javax.security.auth.login.LoginException: [Security:090300]Identity Assertion Failed: User test does not exist+
  +oracle.security.jps.internal.api.jaas.AssertionException: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User test javax.security.auth.login.LoginException: [Security:090300]Identity Assertion Failed: User test does not exist+
  Why does search OBIEE the *"cn"* and why does not use the *"orclsamaccountname"* ?
  Any idea???
  Regards, Jani

  Hello Jani,
  This is a known issue in OBIEE 11.1.1.6.0 , Please refer to : OBIEE 11.1.1.6 Agent failed with Error Codes: IHVF6OM7:OPR4ONWY:U9IM8TAC [nQSError: 13039] The impersonator does not exist in the BI Security Service [ID 1446877.1]
  We have configured OBIEE 11.1.1.6 on Linux and using Single Sign On (SSO) with Windows Native Authentication (WNA).
  Configured AD Authenticator, selected sAMAccountName instead of CN for User Attribute. Enabled SSO in EM. When trying to access OBIEE Presentation services we have encountered the error below.
  "You are not logged in here: Oracle BI Server."
  When checking the biserver1 log file found : [Security:090300]Identity Assertion Failed: User OracleSystemUser does not exist
  After applying the patch 13553428 on top of OBIEE 11.1.1.6.0 we have successfully logged into OBIEE Presentation services.
  This works fine with OBIEE 11.1.1.5.0 and 11.1.1.6.1
  Fixed in OBIEE 11.1.1.6.1. Apply Patch 13742915.
  If you want to stay in OBIEE 11.1.1.6.0. Apply Patch 13553428.
  Let me know if this solves the Asserter issue.
  Pls mark if helpful or answered.
  Thanks,
  -SVS

• OBIEE 11.1.1.5 integration with Iphone

  Hi All,
  Can any one please let me know how to connect the OBIEE 11.1.1.5 to the iphone.
  Steps i did:
  1) VPN to the network from the iPhone
  2) I did gave the host name,port number, analytics path and for the user name and password i tried the domain login credentials and the OBIEE login credentials
  seems none of it is working
  Error: Server Authentication failed: could not connect to the sever.[-1004]
  Please let me know if i am missing anything.
  Thanks in advance
  Regards,

  Hi,
  Kindly refer below link
  http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10544/bimobile.htm
  iBot Phone Delivery
  Thanks
  Deva

• OAM 11g integration with Kerberos on cluster with load-balanced virtualhost

  Hello!
  I need to make a Kerberos integration with OAM.
  I find following notes about OAM 11g: WNA Configuration for HA Clusters [ID 1365888.1] (https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx?_afrLoop=223640518878014&type=DOCUMENT&id=1365888.1&displayIndex=1&_afrWindowMode=0&_adf.ctrl-state=14ehvbh4z2_61).
  "In an OAM Clustered environment, the OAM Principal for WNA must be the same on all tiers i.e. the load-balanced virtualhost for the OAM cluster.
  Therefore each OAM managed server will reference the same keytab file, generated for Principal HTTP/<virtualhost.domain>, and the keytab file will be in the same location on all OAM managed servers.
  For example: ${DOMAIN_HOME}/domains/${DOMAIN_NAME}/config/fmwconfig/oam/<keytab filename>.
  After copying the keytab file to the same directory on all OAM managed server machines, complete the configuration of the Kerberos authentication module in OAM Administration Console (/oamconsole).
  The AdminServer will ensure that the oam-config.xml file on all OAM managed server tiers in the cluster is updated with this configuration."
  The question is; When I generate oam.keytab with following command, What is the name of the server that I will must put in the command? Virtualhost (load-balanced), Node1 or Node2?
  ktpass -princ HTTP/<servername>@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
  Thanks in advance and best regards!
  PS: Sorry if my english is not clear.

  David,
  Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
  ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
  Also make sure sso.mycomany.com has a reverse DNS configured correctly.
  you can check using dig command
  ping sso.mycomany.com
  What ever the ip-address
  dig -x <IP-ADDRESS>
  Check in the reverse DNS section there should be 1 record.
  ;; ANSWER SECTION:
  1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
  Let me know if you have more questions.
  Thanks
  Saurabh

• Integrating Webcenter 11g (Discussions)  with OAM  for SSO

  Hi,
  I need some help in integrating Webcenter 11g with OAM 10g.
  Objective:
  =========
  My customer is using Webcenter 11.1.1.2.0 and they are primarily using Discussions and wiki .I would like to integrate OAM with Webcenter for providing SSO.
  Steps Followed:
  ============
  I have followed the steps mentioned in the section 23.7.1 and 23.7.1.7 in the doc
  http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBCEHGE
  and also referred metalink note ID 829122.1
  Scenario after integrating with OAM:
  ===========================
  1.Accessed the dicussions url through OHS proxy http://<ohs_host>:<ohs_proxy>/owc_discussions
  2.Click on Login button
  3.OAM Login page appears
  4.Provide credentials for orcladmin (admin user of OAM OID LDAP)
  5.Discussions default login screen appears ( I dont expect this default login page,as I have already authenticated with OAM)
  6.Provide orcladmin credentials
  7.Login screen is keep on popping and not able to login
  if i set owc_discussions.sso.mode=false,then looping (Step 7) is not occuring and could able to login.
  Am I doing anything wrong here? Or is there a way I can make it work.
  Thanks in Advance.

  Did you setup weblogic as per this doc? - http://download.oracle.com/docs/cd/E17904_01/webcenter.1111/e12405/wcadm_security_sso.htm#WCADM8175

• OBIEE Integration with Oracle Access Manager (OAM)

  Hi All,
  I am new to OBIEE and not familiar with Security part. We have one request from the client to have OBIEE Integration with Oracle Access Manager (OAM) through eternal identity management tool (OID/other LDAP).
  I tried google and found some information, but non of them has Step-by-Step process.
  Does anyone has document or know good portal which gives step by step information on how to Integrate OBIEE with OAM using external identity management tool?
  Appreciate if you share the information.

  Hi,
  You can use this note/doc attached in the note to configure:
  Oracle Access Manager (OAM) and Oracle Business Intelligence (OBI) Integration [ID 1217103.1]
  Regards,
  Jay

• OBIEE 10g integration with mapviewer

  hello all,
  i am trying integrate mapviewer map in obiee dashboard. and i am able to show maps which do not use bi answers data for any kind of interaction (i.e,no "nsdp" section in the map file). this works fine. if i am using any dashboard prompt to filter the map ( for example if want to see a particular county from a statewide map using dashboard prompt as filter) it is giving error as below:
  *[MVThemeBasedFOIControl.foiLoaded] MAPVIEWER-05523: Cannot process response from MapViewer server. (MAPVIEWER-06009: Error processing an FOI request.*
  Root cause:FOIServlet:Missing IN or OUT parameter at index:: 1)
  there are two databases with same set of data. one is poc which was created by some one else. so we had to setup new schema to properly define all the data.
  so problem occurs when using new schema as datasource. all the html datasource configurations are properly defined on mapviewer for new data.
  followed these steps in setting up new schema:
  ->initially did not run any scripts nor created mvdemo , started clean and loaded the required tables using map builder from GIS shape files with geometry projected to world_mercator(54004). on the contrary POC schema two geometry columns in each table where one is actual coordinate system from GIS file and then it is projected to world_mercator system and loaded into second column using sql. all the geometry indexes looked similar.
  ->created all the mapping metadata exactly same as the POC. where all the themes uses world_mercator geometry.
  both schemas are on same database. i have no idea of what causing the error when i use dashboard prompts. i am not sure if there are additional steps to be followed in creating database or if something else is missing some where. i have no prior experience with mapviewer and oracle spatial. this is kind of learning curve for me.
  please let me know any suggestions or solutions .
  regards,
  mallik
  Edited by: 863261 on Jun 2, 2011 12:33 PM
  Edited by: 863261 on Jun 8, 2011 5:49 AM

  Hello,
  Is your environment similar to this in http://obiee-bip.blogspot.com/2010/10/obiee-integration-with-oracle-access.html or something different like diid you have create groups in OAM .?
  Also assuming your repository groups and presentation catalog groups are already setup. In the different authorization init block you have created enable the ‘Required for Authentication’ check box.
  NOTE: According to Oracle Access Manager (OAM) and Oracle Business Intelligence (OBI) Integration [ID 1217103.1]
  Creation of group should be done by loging as Administrator user to rpd and webcat. This should be done on different machine that does not have OAM integration. With OAM integration only OAM user can log into presentation services and they don’t have Administrator user privileges.
  Hope this helps. Pls mark if it does.
  Thanks,
  SVS

• OAM (10.1.4.3) Integration with WebLogic App Server (10.3.0 or below)

  Hi All,
  Can I use OAM 10.1.4.3 (Authentication Provider & Identity Asserter) to implement SSO with weblogic App Server 10.3.0 or below?
  OAM 10.1.4.3 Authentication Provider & Identity Asserter is the recommended way to configure SSO with Web Logic App server 10.3.1 ( Oracle Middleware 11g).
  And
  OAM 10.1.4.2 uses WebLogic SSPI to configure SSO between OAM 10g and WebLogic App Server 10.3.0 or below.

  Hi,
  This is how the integration goes with different versions of WLS and OAM.
  There is oamAuthnProvider.jar available with OAM 10.1.4.3 downloads. So it provides the assertion functionality.
  Can I use OAM 10.1.4.3 (Authentication Provider & Identity Asserter) to implement SSO with weblogic App Server 10.3.0 or below?
  Mahendra: Yes
  OAM 10.1.4.3 Authentication Provider & Identity Asserter is the recommended way to configure SSO with Web Logic App server 10.3.1 ( Oracle Middleware 11g).
  Mahendra: Yes, this is the recommended and easy approach.
  OAM 10.1.4.2 uses WebLogic SSPI to configure SSO between OAM 10g and WebLogic App Server 10.3.0 or below.
  Mahendra: Yes, older version of OAM uses SSPI connector installation.
  HTH.
  Mahendra.

• OAM 11g is supporting direct integration with E Business Suite ??

  Hi All,
  I have to integrate the OAM 11g with the E-Business suite, can i directly integrate the OAM 11g with E-Buz without going through the Oracle Single Sign On server ?
  Please any one help me regarding this one.
  Thanks & Regards,
  Vaasu

  Duplicate thread (please post only once).
  Integrating E-Business suite with OAM 11g
  Re: Integrating E-Business suite with OAM 11g

• OAM 11g is supporting direct integration with E Business ??

  Hi All,
  Is OAM 11g supporting Direct integration with E Business suite instead of going through the OSSO ??
  Please give me some pointers how to do the OAM 11g and E Business suite integration.
  Thanks & Regards,
  Vaasu.

  Duplicate thread (please post only once).
  Integrating E-Business suite with OAM 11g
  Re: Integrating E-Business suite with OAM 11g