OBIEE 11.1.1.5 SSO integration with OAM 11gR1 (11.1.1.5)

Similar Messages

• Obiee 11.1.1.5 integration with OAM

  Hi,
  I integrated OBIEE 11.1.1.5 with OID11g (as a part of OAM integration),all OID users are getting reflected into obiee.Im able to login in to the ‘analytics’ but not able to access the reports.Also I'm not able to assign any BI groups to OID users.
  Have anyone faced this kind of a scenario?Can anyone please help me?
  If anyone have done obiee 11.1.1.5 integration with oam 11g,please provide me the document which you followed.
  Thanks in advance,
  Fathima farsatha.
  Edited by: 927873 on Jul 16, 2012 12:11 AM

  Hi,
  Please try to access Analytics Webservices by using 'analytics-ws' instead of only 'analytics' in the URL as below,
  http://<Host Name>:<Port>/analytics-ws/saw.dll?WSDL
  Give a try with below link it may help you..
  http://onlineappsdba.com/index.php/2011/12/05/integrate-obiee-11g-with-oam-11g-for-single-sign-on-in-13-steps/
  http://fusionsecurity.blogspot.com/2012/06/integrating-obiee-11g-into-weblogics.html
  http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/sso.htm#CEGJBAED
  Thanks
  Deva

• Siebel SSO Integration with Novell eDirectory

  I am wondering if anyone on this forum has worked with integrating a SSO solution using Novell eDirectory and Siebel. I have personally worked on SSO integrations with Siebel using Cleartrust and Siteminder and they are all basically the same concept however, I am facing issues trying to get the Novell SSO solution to work with Siebel.
  I am using the standard LDAP Security adapter and I can make a basic connection into Siebel using LDAP. When implementing SSO I am using a "header" value and a custom userspec name that is different then then "Remote_Use" name mentioned in the Siebel SSO documentation. With SSO turned on I am successfully able to authenticate and almost get all the way into the home page of Siebel before the IE browser crashes. The SWSE log files, interestingly enough, show that my userspecsource is equal to header and that my userspec is correct and then I see the SISNAPI connection occurring between the Siebel We Server and the Siebel AOM but then after the IE browser crashes I see the SWSE log which then tries to picks up Siebel's default userspec " Remote_User" value which is not confiugred or turned on anywhere from within the application. I was just wondering if anyone else had faced similar issues when integrating Siebel into Novell eDirectory for SSO. I have also reviewed the configuration on Novell's side and they are protecting the correct object manager and are also using the same exact userspec name as what we have defined within the eapps.cfg of Siebel. We are using Siebel 8.1.1 Any ideas or help would be greatly appreciated as I have not gotten much support from my open SR on this issue.

  I am wondering if anyone on this forum has worked with integrating a SSO solution using Novell eDirectory and Siebel. I have personally worked on SSO integrations with Siebel using Cleartrust and Siteminder and they are all basically the same concept however, I am facing issues trying to get the Novell SSO solution to work with Siebel.
  I am using the standard LDAP Security adapter and I can make a basic connection into Siebel using LDAP. When implementing SSO I am using a "header" value and a custom userspec name that is different then then "Remote_Use" name mentioned in the Siebel SSO documentation. With SSO turned on I am successfully able to authenticate and almost get all the way into the home page of Siebel before the IE browser crashes. The SWSE log files, interestingly enough, show that my userspecsource is equal to header and that my userspec is correct and then I see the SISNAPI connection occurring between the Siebel We Server and the Siebel AOM but then after the IE browser crashes I see the SWSE log which then tries to picks up Siebel's default userspec " Remote_User" value which is not confiugred or turned on anywhere from within the application. I was just wondering if anyone else had faced similar issues when integrating Siebel into Novell eDirectory for SSO. I have also reviewed the configuration on Novell's side and they are protecting the correct object manager and are also using the same exact userspec name as what we have defined within the eapps.cfg of Siebel. We are using Siebel 8.1.1 Any ideas or help would be greatly appreciated as I have not gotten much support from my open SR on this issue.

• OBIEE 11.1.1.3.0 integrated with Oracle EBS R12

  Hi,
  I have Oracle EBS Vision Instance v R12.1 installed on Redhat 5 and wanted to install OBIEE latest version. Can some please point to system architecture diagram as i am conflicted with installation. I do not have complete idea but writing here what i actually know.
  Oracle EBS R12 on Linux
  OBIEE V 11.X on Linux
  Now install prepackeged analystical function on windows machine and using BI tool deploy/use them with Oracle EBS.
  Please point me to a note which describes the components and what does it take to make up and running in conjuction with Oracle.
  Thanks in advance
  Prashant

  Please see these docs.
  Integrating Oracle Business Intelligence Applications with Oracle E-Business Suite [ID 555254.1]
  What documentation do I need to review when installing and configuring a OBI Apps 7.9.6.x environment with EBS? [ID 1221764.1]
  Master Note for OBIEE Integration issues with EBS, Siebel, SSO, Portal Server [ID 1248939.1]
  Oracle SSO E-Business Suite Applications Integration with Oracle Business Intelligence [ID 553423.1]
  Oracle EBS integration with OBIEE [ID 733137.1]
  Document for implementing security OBIEE Apps with EBS and Siebel CRM as sources [ID 756851.1]
  What Application must be chosen for Responsibility within EBS when integrating with OBIEE [ID 1246464.1]
  Also, search Steven Chan's Blog and you should get couple of hits -- http://blogs.oracle.com/stevenChan/
  Thanks,
  Hussein

• OBIEE Security - How to setup SSO-integrated EBS users & mobile access?

  I'm looking for the best approach to solution my company's OBIEE Security requirements, they are:
  1) Create a standard authentication/security process at an enterprise level
  2) Maintain EBS Roles to provide object-level and data-level security in OBIEE
  3) EBS Users must go through the EBS portal to get to OBIEE (ie. single signon integration)
  4) non-EBS users must go through the OBIEE portal
  5) Both EBS and non-EBS users need ability to use the OBIEE iPad mobile application
  So for the EBS users, I've implemented the SSO integration between OBIEE 11.1.1.5.0 and EBS R11 based on the Oracle white paper [ID 1343143.1]. I've also set up an Authorization session init block to read the user's EBS Roles and set up object/data level security.
  For the non-EBS users, I've kept the default identity store (WLS-LDAP) and authentication provider.
  My question is what's the best approach for providing mobile access to the EBS users? Obviously I can't pass an HTML cookie to the iPad for these guys. Assuming these EBS users are in an corporate-LDAP store, I was thinking to setup a dual authentication store that connects to both corporate-ldap(EBS) and the WLS-integrated LDAP(non-EBS).
  Will this work? Does anyone have a better approach they'd like to share?

  Please post the details of the application release, database version and OS.
  We have a customer, who has upgraded to EBS R12 recently. With EBS R12 there comes a responsibility that enables users to directly open embedded BI in EBS. When people do LDAP authentication to EBS, they can directly open the OBIEE inside the EBS. But, when the EBS is SSO (OAM+WNA) integrated, OBIEE SSO in EBS does not work. What is the error?
  It could be related that OAM generated cookies are not recognized by embedded OBIEE.
  Is there a way to do a setup with both OAM SSO enabled to EBS, and EBS-OBIEE SSO is enabled inside EBS ? I do not think there is a single document that covers all the above (I believe you are aware of the individual docs).
  For urgent issue, please always log a SR.
  Thanks,
  Hussein

• IBM websphere 6.1 integration with OAM

  Hi,
  1) Is the "interceptorClassName" Clases Name important? can i name it as other thing rather than what is stated in the documentation?
  example:
  According to the WAS integtraion guide the Interceptor classname is as: com.oblix.tai.was5.WebGate2TrustAssociationInterceptor
  Can i change it to com.oblix.tai.was5.WebGateTrustAssociationInterceptor
  2) Is there anywhere to verify that TAI is loaded properly and how do i test it?
  ================================================================================
  Interceptor classname is under WAS, Secure administration -> applications, and infrastructure -> Trust association -> Interceptors
  Thanks and Regards,
  Grey

  Thanks! i got the figure out. but i encouter something else while integrating with WAS
  im trying to integrate OAM with WAS without reverse proxy and i followed the documentation religiously. in the documentation
  Defining an Oracle Access Manager Policy Domain for WebSphere without Reverse Proxy_
  Without reverse proxy, disabling SSO in WAS is required. I will need to protect the WebSphere Administrative Console SSL URL. Otherwise, I will not be able to access the console after disabling SSO in WAS. I have create the policy domain as the documentation.
  ■ Resource Type: http
  ■ Host Identifier: xxx
  ■ URL Prefix: _/ibm/console; and /admin_
  ■ Description: Used by NetPointWASRegistry TAI component.
  Authorization Rules: Click the Authorization Rules tab, click Add, and then create and save an authorization rule to allow access to WebSphere Administrative
  Console resources. For example:
  a. Click General, then enter and save:
  * Name: Allow Administrator.
  * Description: Allow access to WebSphere Administrative Console resources.
  * Enabled: Yes
  * Allow takes Precedence: Yes
  Without Reverse Proxy: Click Actions, then enter and save the following WebSphere Administrative Console SSL URL for Authentication Success. For example:
  Redirect to: https://hostname:port/ibm/console *<- i found out that once I had this implemented. I will be going in an authentication cycle (keep getting authenticated and redirected back to the same page) because it is part of the resources I had it declare previously to be protected.*
  Is there a work around or is it due to documentation error?

• EBS 12.1.3 integration with ECM 11gR1

  Dear All,
  I followed the oracle document for integrating EBS R12.1.3 with ECM 11gR1.
  http://docs.oracle.com/cd/E17904_01/doc.1111/e17953/c02_ebs_plugin.htm#BABCCAJF
  As per the document, i need to use bold italic formatted text in CUSTOM.pll file using oracle Forms Builder. But i cant insert bold italic text using pl/sql editor.
  Can anyone tell me how to do this?
  What is the use of italic bold text?(as per the above document )
  Thanks in Advance
  Guna

  I wrongly mentioned to change to change the font format. In that document they mention to add the lines.
  Thanks
  Guna

• OSB inbound http webservice integration with OAM

  Hi,
  I have a requirment where I need to protect OSB inbound http webservice with OAM. So that OAM can fetch the user details from webservice SOAP header & authenticate the user against LDAP.
  Can someone tell me if this is a feasible approach. If yes, please share the details as to what configuration changes need to be done at OAM & OSB end.
  If not, is there any alternative approach to secure webservice with OAM.
  This webservice is not called from any web application. External sources dirctly make a call to this webservice through some java client.

  The solution to this issue is to put following line in mod_wl_ohs.conf file
  MatchExpression /imaging WebLogicHost=test-ipm.atfoods.com|WebLogicPort=16000
  The complete element will look like this.
  <IfModule weblogic_module>
  WebLogicHost test-ipm.atfoods.com
  WebLogicPort 7001
  Debug ALL
  WLLogFile e:/logs/weblogic_ohs.log
  MatchExpression /imaging WebLogicHost=test-ipm.domain.com|WebLogicPort=16000
  </IfModule>
  <Location /imaging>
  SetHandler weblogic-handler
  WebLogicHost 192.168.140.74
  WeblogicPort 16000
  Debug ALL
  WLLogFile f:/log/wlipm.log
  </Location>
  Make sure that you use IP for Weblogic host in 2nd element and not the host name.
  Thanks & Regards,
  Vikrant Korde

• Re: OBIEE 10.1.3.4.1 integration with Hyperion shared services 11.1.1.3

  I am working on OBIEE authentication using hyperion shared services. To achieve this I did the following steps,
  1) Registered the shared services in Answers using 'Manage EPM workspace'
  2)Modified config.xml to enable HSSauthenticator
  3)Modified instanceconfig.xml by adding external auth tags
  4)In rpd created a init block using custom authenticator.
  When I login into Answers using a username and password from hyperion shared services, it is saying invalid username/password.
  Log file says ' xxxxxx authentication failed in repository star, Odbc driver returned an error (SQLDriverConnectW)'
  Can some one explain me if I am missing anything here?? Is there anyone who has successfully implemented this before.
  Thanks,
  Sandeep

  Sandeep,
  I am fairly certain that this integration actually works in the other direction.
  That is from the Oracle Hyperion Workspace portal you need to log in and once you are in Workspace from the file menu an option for "Oracle Interactive Dashboards" should be available if all is configured correctly with the integration. That link will open up OBIEE and take the user directly into the dashboards without having to get prompted by the OBIEE login screen.
  If you have the BIC2Go image (Dan Vlamis' team, vlamis.com) for Oracle BI 10g you can see this integration's configuration and see it working correctly.
  I hope that helps

• Urgent Help - OBIEE11.1.1.6 SSO INTEGRATION WITH RSA CLEARTRUST

  Can anyone help me what are the steps that need to be done to integrate OBIEE 11G Single sign on with RSA Clear trust. Any help will be appreciated

  Check this links
  http://docs.oracle.com/cd/E10415_01/doc/bi.1013/b40058.pdf
  see 5 and 8 chapters
  and also
  http://debaatobiee.wordpress.com/tag/rsa-obiee-siebel-analytics/
  Pls mark if helps

• BAM integration with BPM 11gR1

  Hi,
  I am trying to integrate BPM 11gR1 with BAM starting with a simple scenario as am a newbie with BAM.
  The requirement is to generate a report for tracking a BPM process and whenever a new instance of a BPM process is created, the report should be updated and reflect the change.
  I have carried out the following steps:
  1. Updated the BAM Adapter on the SOA server with the BAM server details (IP,port, credentials)
  2. Cleared the "DisableActions" parameter on the EM console for BPM.
  3. Created two Business Indicators for the BPM process whose tracking is to be done. Both these indicators are "Dimensions" with Type String. Used an Assign activity inside the BPMN process to populate the values from the request payload.
  4. Created a new Data Object in BAM Architect (Inside a new folder created within Samples folder) and added two columns to it corresponding to the business indicators.
  5. In the "Project Properties" of the BPM project, enabled the BAM option and provided the path of Data Object as /Samples/NewFolder. And deployed the project.
  6. Created a new BAM report using Active Studio of view type "Updating List" and selected the data object created.
  Now, the expected outcome is that whenever the BPM process is invoked and it's instance is created, the data should be sent to BAM and the report should be updated with the values of these Business indicators.
  But this is not happening and also am not able to track if the data is at all being sent from BPMN process to BAM.
  Not sure if missing out something.
  Any inputs/thoughts would be really helpful,thanks.

  Hi
  You seem to have done all the actions required :
  BAM adapter configuration
  Disable Actions cleared in EM
  BPM process enable for BAM publishing.
  Here are a few things you can investigate.
  Check the configuration again. Ensure BAM adapter and BPM project preference is pointing to the same JNDI name.
  BAM Adapter configuration sometimes require a restart. Please do so , if not already done.
  Check if any data showed up in Component DO ? If yes, the problem might just be with the BI DO. Try to send 2-3 instances
  Is this PS3 (11.1.1.4.0)? If yes, it will automatically create the BI dataobject for you in Samples folder upon deployment so check under Samples folder if a new DO has been created.
  Remember that you need to deploy the process with BAM enabled and BAM server running to get BI data into BAM.
  Lastly, check the logs - check bamserver.log , bam-diagnostics.log and Soa/bpm log to get more information.
  Regards
  Payal

• Integrating Webcenter 11g (Discussions)  with OAM  for SSO

  Hi,
  I need some help in integrating Webcenter 11g with OAM 10g.
  Objective:
  =========
  My customer is using Webcenter 11.1.1.2.0 and they are primarily using Discussions and wiki .I would like to integrate OAM with Webcenter for providing SSO.
  Steps Followed:
  ============
  I have followed the steps mentioned in the section 23.7.1 and 23.7.1.7 in the doc
  http://download.oracle.com/docs/cd/E15523_01/webcenter.1111/e12405/wcadm_security.htm#BGBCEHGE
  and also referred metalink note ID 829122.1
  Scenario after integrating with OAM:
  ===========================
  1.Accessed the dicussions url through OHS proxy http://<ohs_host>:<ohs_proxy>/owc_discussions
  2.Click on Login button
  3.OAM Login page appears
  4.Provide credentials for orcladmin (admin user of OAM OID LDAP)
  5.Discussions default login screen appears ( I dont expect this default login page,as I have already authenticated with OAM)
  6.Provide orcladmin credentials
  7.Login screen is keep on popping and not able to login
  if i set owc_discussions.sso.mode=false,then looping (Step 7) is not occuring and could able to login.
  Am I doing anything wrong here? Or is there a way I can make it work.
  Thanks in Advance.

  Did you setup weblogic as per this doc? - http://download.oracle.com/docs/cd/E17904_01/webcenter.1111/e12405/wcadm_security_sso.htm#WCADM8175

• How to Migrate 10g sso integrate with EBS 11.5.10.2  to 11g OAM(oracle access manager) with R12.1.3

  How to Migrate 10g sso integrated with EBS 11.5.10.2  to 11g OAM(oracle access manager) with R12.1.3
  Os:Linux 64 bit
  database:11.2.0.3 Rac

  Hi,
  You could try working through the EBS -> APEX integration article on the Apex community site (http://www.oracle.com/technetwork/developer-tools/apex/apex-ebs-wp-cabot-consulting-169064.pdf)
  Rod West

• OAM 11g integration with Kerberos on cluster with load-balanced virtualhost

  Hello!
  I need to make a Kerberos integration with OAM.
  I find following notes about OAM 11g: WNA Configuration for HA Clusters [ID 1365888.1] (https://support.oracle.com/epmos/faces/ui/km/SearchDocDisplay.jspx?_afrLoop=223640518878014&type=DOCUMENT&id=1365888.1&displayIndex=1&_afrWindowMode=0&_adf.ctrl-state=14ehvbh4z2_61).
  "In an OAM Clustered environment, the OAM Principal for WNA must be the same on all tiers i.e. the load-balanced virtualhost for the OAM cluster.
  Therefore each OAM managed server will reference the same keytab file, generated for Principal HTTP/<virtualhost.domain>, and the keytab file will be in the same location on all OAM managed servers.
  For example: ${DOMAIN_HOME}/domains/${DOMAIN_NAME}/config/fmwconfig/oam/<keytab filename>.
  After copying the keytab file to the same directory on all OAM managed server machines, complete the configuration of the Kerberos authentication module in OAM Administration Console (/oamconsole).
  The AdminServer will ensure that the oam-config.xml file on all OAM managed server tiers in the cluster is updated with this configuration."
  The question is; When I generate oam.keytab with following command, What is the name of the server that I will must put in the command? Virtualhost (load-balanced), Node1 or Node2?
  ktpass -princ HTTP/<servername>@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
  Thanks in advance and best regards!
  PS: Sorry if my english is not clear.

  David,
  Your Principal name should be the SSO LB URL.(ie :sso.mycomany.com)
  ktpass -princ HTTP/sso.mycomany.com@DOMAIN -pass XXXXXXX mapuser DOMAIN\user -out oam.keytab.
  Also make sure sso.mycomany.com has a reverse DNS configured correctly.
  you can check using dig command
  ping sso.mycomany.com
  What ever the ip-address
  dig -x <IP-ADDRESS>
  Check in the reverse DNS section there should be 1 record.
  ;; ANSWER SECTION:
  1.1.1.1.in-addr.arpa. 3600 IN PTR sso.mycomany.com.
  Let me know if you have more questions.
  Thanks
  Saurabh

• OID Installation Questions pertaining to integration with EBS 11.5.10.2

  Our Environment is E-Business Suite 11.5.10.2 and we want to investigate/view OID/SSO in action. Ultimately, we'll attempt to use Microsoft Active Directory as the source (of truth). I had performed OID/SSO integration with EBS about 3 years ago and remember the "overall" scheme, but Oracle's documentation/downloads page has left me thoroughly confused, hence, I am asking those that have been through the process .... THANKS IN ADVANCE
  (1) Do I need to install the base AS 10g Infrastructure and Metadata Repository via 10.1.2.0.2 installation or can I go directly to installing OID 10.1.4.0.1 ??
  Here is what I believe the steps to be, PLEASE, correct me if I am wrong ...
  (1) Install 10.1.2.0.2 Application Server Infrastructure by selecting "Infrastructure and Metadata Repository"
  (2) Install 10.1.4.0.1 and select to upgrade an existing 10.1.2.0.2 installation. Once 10.1.4.0.1 has upgraded everything, including the database to 10.1.0.5, I assume that I can simply remove 10.1.2.0.2 through the Oracle Installer. Is this correct ??
  (3) Once upgrade to 10.1.4.0.1, I believe that I need to download a Metadata Upgrade Assistant patch, (mrua), and run mrua,sh to upgrade MR to 10.1.4.0.1 which will be apparent by querying app_registry view.
  (4) Upgrade 10.1.4.0.1 to 10.1.4.3
  The documentation is confusing and hard to find for me. Do these steps seem to accomplish the tasks or am I missing something ??
  THANKS IN ADVANCE

  I didn't do the install myself but we went straight to installing 10.1.4 Identity Manangement, although I believe that Infrastructure components which underly it are essentially the same as 10.1.2. As far as I know you can't use 10.1.3 because it lacks those infrastucture components.
  See MOS Doc 233436.1