Shared Services Authentication
Hi,
Would anyone be able to tell me whether they are using ADAM for authentication rather than MSAD in Shared Services. Our company is promoting the use of ADAM over MSAD, however I can't see whether its officially supported by Oracle/Hyperion products.
We're proceeding to test with ADAM, but i'm not sure if we'll encounter any obstacles in the future. Any war stories here?
Help much appreciated,
Graeme Newlands.
Hi,
thank you very much for the quick reply.
So we migrated 200 users (which got a new password from the externalise process) they need to send a password the whish to have?!
Thats not really nice :D
Best Regards
Thomas
Similar Messages
-
Shared Service Authentication Failure with Essbase.
Hi can anyone help. I am using 9.3.1. SS & EAS and an instance of Essbase are already installed and configured i am just adding in an additional essbase server to scale out due to application growth.
I have added in a new essbase server, successfully added the new server into the EAS console. Also Successfully externalised the users.
On selecting OK on the dialogue box to say that the convert to shared service mode was successful the EAS console has chucked out the following error message:-
Analytical Services user [essadmin] Authentication Fails against the Shared Services Server with Error[Failed to authenticate user essadmin against provider Native Directory].
Now as i did not have the orginal essadmin password, i was unable to use this (and this does have a native account in SS). I Did however use essadmin as a username and created a new password, i have not however created this as a native account in SS as i thought the system would get confused with two essadmin accounts and i don;t want to affect the current essbase system that is running. The users would kill me!!!.
Does anyone know how i can correct this issue?
ThanksIt would really help,if someone can reply and give advice on the problem mentioned in the original post.
T
hanks -
Force User to Change Password with Shared Services authentication
Hi Everybody,
is there a way to set a property that user needs to change his password when he connect's the first time to web analysis?
Version is 9.3
Thank you very much in advance.
Best Regards
//noisHi,
thank you very much for the quick reply.
So we migrated 200 users (which got a new password from the externalise process) they need to send a password the whish to have?!
Thats not really nice :D
Best Regards
Thomas -
Hi Guys,
in former Essbase 11 and Essbase 9 Versions it was possible to remove the shared services authentication by modifing the OlapAdmin.properties file.
After an successfull 11.1.2.0 installation I can't find that file anymore.
Does anybody know of another way to bring EAS back to native security mode in version 11.1.2.0?
Thank you very much!
Best Regards
ThomasHi,
It may be stored in the shared services registry.
You can export property, update and then import back in using LCM
Log into HSS, expand application groups > Foundation > Deployment Metadata
Expand Shared Services Registry > Essbase > LWA -eas@... Tick properties
Run the migration and will create a files in
Oracle\Middleware\user_projects\epmsystem1\import_export\admin@Native Directory\EAS\resource\Shared Services Registry\Essbase\LWA - eas....
Have a look in the property files generated see if it is in there.
I have not tried this by the way, Oracle may have changed to force to use shared services mode now, if I get a chance I will look into it further unless somebody else knows the exact location.
Cheers
John
http://john-goodwin.blogspot.com/ -
AD authentication against Shared Services failing randomly
We're seeing random failures in AD authentication against Shared Services both via the Excel Addin and via Maxl scripts.
SQL server (v 10.50.2500), Shared Services and OHS (v 11.1.2.2.303), and Essbase server (v11.1.2.2.104) are installed on the same physical box (16 cores, 192GB RAM) in a single-server configuration. It happens every few days at no fixed time and is resolved either by itself in a few hours, or by stopping and starting EPM services (Hyperion Foundation Services - Managed Server, OPMN service for Essbase, and OPMN service for OHS are stopped by running <Middleware_Home>\user_projects\epmsystem1\bin\stop.bat, and started by running start.bat).
While the AD authentication is down, nobody is able to connect (via the Excel Add-in or Maxl scripts) using their AD accounts and get the following error - "Analytical Services user [AD_user1] Authentication Fails against the Shared Services Server with Error [EPMCSS-00301: Failed to authenticate user. Invalid credentials. Enter valid credentials.]". Native authentication works at all times (even when AD authentication fails).
Although it seems to apply to an older version and to Planning/Workspace, we did look into "Error "EPMCSS-00301: Failed To Authenticate User. Invalid credentials" Intermittently When MSAD User Logs Into Workspace. (Doc ID 1389871.1)". But even after making the suggested changes, the problem persists. Any ideas what might be causing AD authentication to fail randomly like this? Below are some relevant portions of the logs -
From ESSBASE_ODL.log -
[2014-01-10T04:41:06.693-05:00] [ESSBASE0] [ERROR:32] [AGENT-1440] [] [ecid: 1388972435616,0] [tid: 6312] Essbase user [hyperion_admin] Authentication Fails against the Shared Services Server with Error [EPMCSS-00301: Failed to authenticate user. Invalid credentials. Enter valid credentials.]
[2014-01-10T04:41:06.693-05:00] [ESSBASE0] [WARNING:1] [AGENT-1003] [] [ecid: 1388972435616,0] [tid: 6312] Error 1051440 processing request [Login] - disconnecting
From SharedServices_Security_Client.log -
[2014-01-10T04:39:00.490-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required. [2014-01-10T04:39:42.547-05:00] [EPMCSS] [ERROR] [EPMCSS-07047] [oracle.EPMCSS.CSS] [tid: 150] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to get connection from connection pool for user directory AD. Error executing query. adweilcom:389. Verify user directory configuration.
[2014-01-10T04:39:42.547-05:00] [EPMCSS] [ERROR] [EPMCSS-09102] [oracle.EPMCSS.CSS] [tid: 150] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to initialize group cache for MSAD user directory AD. Error connecting to url. ad.weil.com:389. Verify MSAD user directory configuration.
[2014-01-10T04:39:42.547-05:00] [EPMCSS] [ERROR] [EPMCSS-00107] [oracle.EPMCSS.CSS] [tid: 150] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.CSSManager] [SRC_METHOD: pingConfiguredProviders] Failed to refresh group cache. Some of configured user directories not initialized [AD]. Verify user directory configuration.
[2014-01-10T04:39:42.547-05:00] [EPMCSS] [WARNING] [EPMCSS-10029] [oracle.EPMCSS.CSS] [tid: 150] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: run] Exception while building asynchronous group cache for user directory. EPMCSS-00107: Failed to refresh group cache. Some of configured user directories not initialized [AD]. Verify user directory configuration.. Verify Shared Services security user directory configuration.
[2014-01-10T04:40:24.605-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-10T04:40:24.605-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-10T04:41:06.662-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-10T04:41:06.662-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-10T04:41:06.693-05:00] [EPMCSS] [WARNING] [EPMCSS-10033] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateUser] Skipping user directory {0} failed to communicate with server. {1}. No action required.
[2014-01-10T04:41:06.693-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateUser] Failed to authenticate user. Invalid credentials. Enter valid credentials.
From console~Essbase1~EssbaseAgent~AGENT~1.log -
[Fri Jan 10 04:40:22 2014EPMCSS-00301: Failed to authenticate user. Invalid credentials. Enter valid credentials.
at com.hyperion.css.facade.impl.CSSAbstractAuthenticator.authenticateUser(CSSAbstractAuthenticator.java:658)
at com.hyperion.css.facade.impl.CSSAPIAuthenticationImpl.authenticate(CSSAPIAuthenticationImpl.java:69)
at com.hyperion.css.facade.impl.CSSAPIImpl.authenticate(CSSAPIImpl.java:102)
at com.hyperion.css.facade.impl.CSSAPIImpl.login(CSSAPIImpl.java:794)
at com.hyperion.css.facade.CSSAPIFacade.login(CSSAPIFacade.java:776) ]
Local/ESSBASE0///9180/Info(1042059)Server times are in sync. In fact, we see no such issues on the 9.3.1 environments (which are in the same server farm as the 11.1.2.2 environments).
We're using the same MSAD configuration we have in the 9.3.1 environments as follows -
Directory Server: Microsoft
Name: AD Host Name: ad.mycompany.com
Port: 389
SSL Enabled: unchecked
Base DN: DC=ad,DC=mycompany,DC=com
ID Attribute: objectguid (greyed)
Maximum Size: 200
Trusted: checked
Anonymous Bind: unchecked
User DN: ad\hyperion_admin
Append Base DN: unchecked
User RDN: blank
Login Attribute: cn
First name Attribute: givenName
Last name Attribute: sn
Email Attribute: mail
Object Class: person,organizationalPerson,user
Support Groups: checked
Group RDN: OU=groups
Name Attribute: CN
object class: group?member
I also tried disabling AD groups (Support Groups = unchecked), but I still see a random AD authentication failure. Below are logs based on automated retrievals using an AD account at 14:37, 17:37, 20:37 and 21:40 today. The first 2 worked fine, the 3rd failed, the fourth worked fine again. From SharedServices_Security_Client.log -
[2014-01-11T14:37:00.574-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 42] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required.
[2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 43] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory Native Directory. Status message. No action required.
[2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 43] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory AD. Status message. No action required.
[2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20008] [oracle.EPMCSS.CSS] [tid: 44] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.MSADProvider] [SRC_METHOD: createCache] Group support is disabled for MSAD user directory AD returning empty cache map. Status message. No action required.
[2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 44] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory AD and size of group cache is 0. Status message. No action required.
[2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 45] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory Native Directory and size of group cache is 19. Status message. No action required.
[2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20331] [oracle.EPMCSS.CSS] [tid: 43] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Cache building is done for the providers, now started unifying the cache. This is a status messages. No action required.
[2014-01-11T14:37:01.151-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20332] [oracle.EPMCSS.CSS] [tid: 43] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Unify cache done and cache object set to the cache manager. This is a status messages. No action required.
[2014-01-11T17:37:00.752-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 46] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required.
[2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 47] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory Native Directory. Status message. No action required.
[2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 47] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory AD. Status message. No action required.
[2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20008] [oracle.EPMCSS.CSS] [tid: 48] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.MSADProvider] [SRC_METHOD: createCache] Group support is disabled for MSAD user directory AD returning empty cache map. Status message. No action required.
[2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 48] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory AD and size of group cache is 0. Status message. No action required.
[2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 49] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory Native Directory and size of group cache is 19. Status message. No action required.
[2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20331] [oracle.EPMCSS.CSS] [tid: 47] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Cache building is done for the providers, now started unifying the cache. This is a status messages. No action required.
[2014-01-11T17:37:01.361-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20332] [oracle.EPMCSS.CSS] [tid: 47] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Unify cache done and cache object set to the cache manager. This is a status messages. No action required.
[2014-01-11T20:37:00.634-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required.
[2014-01-11T20:37:42.707-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-11T20:37:42.707-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-11T20:38:24.748-05:00] [EPMCSS] [ERROR] [EPMCSS-07047] [oracle.EPMCSS.CSS] [tid: 51] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to get connection from connection pool for user directory AD. Error executing query. adweilcom:389. Verify user directory configuration.
[2014-01-11T20:38:24.748-05:00] [EPMCSS] [ERROR] [EPMCSS-09102] [oracle.EPMCSS.CSS] [tid: 51] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to initialize group cache for MSAD user directory AD. Error connecting to url . ad.weil.com:389. Verify MSAD user directory configuration.
[2014-01-11T20:38:24.748-05:00] [EPMCSS] [ERROR] [EPMCSS-00107] [oracle.EPMCSS.CSS] [tid: 51] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.CSSManager] [SRC_METHOD: pingConfiguredProviders] Failed to refresh group cache. Some of configured user directories not initialized [AD]. Verify user directory configuration.
[2014-01-11T20:38:24.748-05:00] [EPMCSS] [WARNING] [EPMCSS-10029] [oracle.EPMCSS.CSS] [tid: 51] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: run] Exception while building asynchronous group cache for user directory. EPMCSS-00107: Failed to refresh group cache. Some of configured user directories not initialized [AD]. Verify user directory configuration.. Verify Shared Services security user directory configuration..
[2014-01-11T20:39:06.806-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-11T20:39:06.806-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-11T20:39:06.806-05:00] [EPMCSS] [WARNING] [EPMCSS-10033] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateUser] Skipping user directory {0} failed to communicate with server. {1}. No action required.
[2014-01-11T20:39:06.806-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateUser] Failed to authenticate user. Invalid credentials. Enter valid credentials.
[2014-01-11T21:40:41.799-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 52] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required.
[2014-01-11T21:40:41.986-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 53] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory Native Directory. Status message. No action required.
[2014-01-11T21:40:41.986-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 53] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory AD. Status message. No action required.
[2014-01-11T21:40:41.986-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20008] [oracle.EPMCSS.CSS] [tid: 54] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.MSADProvider] [SRC_METHOD: createCache] Group support is disabled for MSAD user directory AD returning empty cache map. Status message. No action required.
[2014-01-11T21:40:41.986-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 54] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory AD and size of group cache is 0. Status message. No action required.
[2014-01-11T21:40:42.002-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 55] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory Native Directory and size of group cache is 19. Status message. No action required.
[2014-01-11T21:40:42.002-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20331] [oracle.EPMCSS.CSS] [tid: 53] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Cache building is done for the providers, now started unifying the cache. This is a status messages. No action required.
[2014-01-11T21:40:42.080-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20332] [oracle.EPMCSS.CSS] [tid: 53] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Unify cache done and cache object set to the cache manager. This is a status messages. No action required. -
Shared Services External Authentication using LDAP in 9.3.1
Hi,
I have installed Hyperion Shared Services with native directory. And now planning to setup external authentication using LDAP. I need some guidance to understanding how the external authentication works.
Questions:
1. Is it possible to setup Shared Services to use both Native and LDAP user directory? What I mean is some users will be able to login using Native directory, and some others will need to login using User Directory (external authentication).
2. For User Directory (say we use LDAP), when the user is added into Shared Services, can they be assigned with Groups created in Native directory? We want to explore to use just the external authentication and define all of the groups within shared services.
If not possible, can we manage the Groups of the User directory using shared services? How is the groups work with external authentication?
Any feedback would be much appreciated.
Thanks,
LianHi,
Yes you can use both Native and external authentication. When you add the external provider the native is left by defaut anyway.
Yes you can add your external users to native groups. You can also provision the groups in the AD if you wish.
Gee -
Hi,
Any idea how to get the authentication in OBIEE through Shared Services to work?
We use Native Directory and MSAD in SS, hence we need to get the authentication through Shared Services.
We were able to run this on EPM 11.1.1.3 through LDAP server of Shared services port 28089, surely not working now.
I've tried both of the following but still no luck:
http://gerdpee.wordpress.com/2011/06/17/oracle-weblogic-and-hyperion-shared-services-11-1-1-3/
http://gerdpee.wordpress.com/2011/06/17/integration-sort-of-of-obiee-11-1-1-5-and-hyperion-shared-services-11-1-1-3/
Please help. Many thanks!!!
Cheers,
SteveHi Steve,
I have not been through this, but hope this helps you though. While we run the System configurator Wizard (EPM 11.1.1.2), we are now having an option to integrate EPM with OBIEE. Have you given it a shot?
I am just thinking, if we could had it configure for us, we could directly access the Subject Areas from OBIEE, just like what Mark had mentioned here : http://www.rittmanmead.com/2009/01/epm-workspace-111-and-obiee-10134-updated/
You could further look into the "SSO using CSS Token" field in the connection pool, too.
Hope this helps and I will let you know, if I have any other information.
Thank you,
Dhar -
Moving from Native to External Authentication - Hyperion Shared Services
Hello Experts/John.
We are planning to move from native directory authentication to external (MSAD) authentication mechanism.
For that we have planned as below...
1) We will configure MSAD with our present Shared services.
2) Export the users using import-export utility from native directory.
Replace the user's name in csv file with their respective AD user name. This will get modified along with the group/roles.
Re-load the modified csv file so that new users will come into effect.
3) Change the authentication preferences.
4) Remove the passwords from the native directory, so that all authentication happens thru AD and basis roles that are stored
in shared services users will able to see respective application with their desired priv.
As I said this the approach we are thinking. Kindly suggest us whether we are on right path or this will cause any problem in production..
We are on using EPM 11.1.1.3 on Win 2003 platform.
Seeking your guidance.
ThanksForget to mention that we are currently working on EPM 11.1.1.3 version on win 2003 environment...
-
Shared Services External Authentication
Hi All,
In Shared Services, under Defined User Directories, When click on Add I am able to see "Relational Database(Oracle, DB2, SQL Server)"; means we can configure Oracle db as (Oracle Apps) as external authantication?
We are using Hyperion system 9.3.1.
Thanks in Advance,User and Group information can be derived from Oracles system schema tables, read more about it at :- http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/html_cas_help/ch04s06.html
Cheers
John
http://john-goodwin.blogspot.com/ -
Error while starting the shared service server
Hi john,
I am getting the following error while starting the shared service server.
*25 Jul 2009 10:26:39 - org.apache.slide.common.Domain - ERROR - Unable to migrate hub groups to css*
So shared service console is not starting.
Please tell me the solution for it.
Thanks
Edited by: user11358816 on Jul 24, 2009 10:06 PM
Edited by: user11358816 on Jul 24, 2009 10:09 PMHi John,
Yes,It was working earlier.
When I have added NTLM authentication for FDM I am getting that error,but instead of that if
I am adding the authentication provider as LDAP(CSS) I am not getting that error.
So finally i have added only one authentication provider and that is LDAP(CSS).
I fallowed ur document for integrating the FDM application with planning application.(http://john-goodwin.blogspot.com/2008/07/planning-v11-drill-back.html )
For the global logon information I have given admin and password , which I have given while adding the LDAP authentication (CSS).
I am getting machine profile missing error when i clicked on the dimension and the target dimension test box contain connection failed.
Can u suggest me where am I wrong?
Thanks
Edited by: user11358816 on Jul 26, 2009 9:42 PM -
Missing roles in Shared Services 9.3.1
We are going through an install of 9.3.1 at a clients site. Planning is working correctly with shared services, but Financial Reporting is throwing this error found in SharedServices_security.log:
2008-05-02 11:53:50,718 [ExecuteThread: '13' for queue: 'weblogic.kernel.Default'] WARN com.hyperion.css.spi.impl.nv.NativeProvider.getHierarchicalRoleTree(Ljava.util.Map;Ljava.lang.String;Lcom.hyperion.css.common.CSSRoleNode;Ljava.lang.String;Lcom.hyperion.css.spi.util.jndi.CSSDirContext;Ljava.util.Locale;Ljava.util.ResourceBundle;)V(Optimized Method) - Exception getting Child Roles in hierarchy due to Illegal or invalid id.dflt passed in. Please check the argument.
When attempting to connect from Financial Reporting Studio or Workspace we get an error stating:
"You are not authorized to use this functionality. Contact your administrator."
We are running WebLogic 8.1 service pack 4 on Windows Enterprise server 2003 sp1.
If anyone has seen or worked through this error, please respond.Got resolution on the error. Look for css-9_3_1.dll in HYPERION_HOME\common\css\9.3.1\bin on the server where Financial Reporting is installed. This dll enables FR to communicate with NTLM. Oracle support stated that "This dll is not included in the PATH by default because nobody uses NTLM anymore." When I asked them why it was not documented despite the fact that NTLM continues to be listed prominently as a supported authentication repository, they had no reply. Watch for this one to bite you!!!
-
Essbase login failed & Cluster not available in Shared Services
Hi,
I have installed & configured the EPM 11.1.2.2 in compact deployment mode i.e. deployed to Embedded weblogic server. Shared Services, Essbase, Planning & Reporting are installed successfully.
I am able to login to Shared Services, Workspace & EAS console with my admin account. But I am unable to login to Essbase from EAS console, MAXL & ESSCMD.
When I am logging with MAXL or EAS console, I am getting login failed error.
Even EssbaseCluster-1 is not available under Application Groups in Shared Services. Only Reporting & Foundation are there.
Please help me what went wrong.
Thanks,
Naveen
Edited by: Naveen Suram on Nov 6, 2012 3:25 AMSharedServices_Security_Client.log
2012-11-06T14:40:41.071+05:30] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20001] [oracle.EPMCSS.CSS] [tid: 10] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.registry.RegistryManager] [SRC_METHOD: RegistryManager] Successfully initialized EPM System Registry access. This is a status messages. No action required.
[2012-11-06T14:40:41.180+05:30] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20002] [oracle.EPMCSS.CSS] [tid: 10] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.EPMSystem] [SRC_METHOD: getInstance] Initializing Shared Services security instance using EPM System Registry. This is a status messages. No action required.
Essbase.log
[Tue Nov 06 14:40:25 2012]Local/ESSBASE0///776/Info(1051283)
Retrieving License Information Please Wait...
[Tue Nov 06 14:40:25 2012]Local/ESSBASE0///776/Info(1051286)
License information retrieved.
[Tue Nov 06 14:40:25 2012]Local/ESSBASE0///776/Info(1311019)
Classpath during JVM initialization: [;C:\Oracle\Middleware\EPMSystem11R1\common\jlib\11.1.2.0\epm_j2se.jar;C:\Oracle\Middleware\EPMSystem11R1\products\Essbase\EssbaseServer\java\essbase.jar;C:\Oracle\Middleware\EPMSystem11R1\products\Essbase\EssbaseServer\java\essbaseRegistry.jar]
[Tue Nov 06 14:40:52 2012]Local/ESSBASE0///776/Info(1051199)
Single Sign-On Initialization Succeeded !
[Tue Nov 06 14:40:52 2012]Local/ESSBASE0///776/Info(1056815)
Essbase 64-bit - Release 11.1.2 (ESB11.1.2.2.100B2166)
[Tue Nov 06 14:40:52 2012]Local/ESSBASE0///776/Info(1051232)
Using English_UnitedStates.Latin1@Binary as the Essbase Locale
[Tue Nov 06 14:40:54 2012]Local/ESSBASE0///776/Info(1056797)
Incremental security backup started by SYSTEM. The file created is [C:\Oracle\Middleware\user_projects\epmsystem1\EssbaseServer\essbaseserver1\bin\ESSBASETS_1352193054.BAK]
[Tue Nov 06 14:40:55 2012]Local/ESSBASE0///776/Info(1051134)
External Authentication Module: [Single Sign-On] enabled
[Tue Nov 06 14:40:55 2012]Local/ESSBASE0///776/Info(1051051)
Essbase Server - started
I am getting the following error in validation report:
Validating Essbase Server connection to NAVEEN
Error: Cannot connect to olap service. Cannot connect to Essbase Server. Error:Essbase Error(1051012): User native://DN=cn=911,ou=People,dc=css,dc=hyperion,dc=com?USER does not exist
Recommended Action: Check Essbase Server is started. -
Intermittent Workspace/Shared Services issue - 11.1.2.1
All
Version 11.1.2.1
Using Shared Services with Native (1) and MSAD (2) ; IDs are members of Native groups which are provisioned to the application
We are experiencing an intermittent problem in Workspace where one day we can login without issue, and the next, we are stuck at “Authenticating User..” for a long time before login finally fails with:
“EPMCSS-00387: Failed to authenticate user xxxxxxx from user directory MSAD. Invalid password. LDAP response read timed out, timeout used: 120000ms..Enter valid credentials.”
More details shows ”URI: http://.....:19000/workspace/login
Code: 1000
Description: An error occurred processing the result from the server”
Alternately, sometimes login will succeed, but will receive the message:
“The startup document does not exist in the repository. Select a new startup document in the General preferences tab”.
We have opened an SR with Oracle but can’t seem to make much progress resolving the issue. Any ideas?Hi,
Did you ever get to the bottom of this? We are on 11.1.2.1 and facing the exact same issue when logging on to HSS or Workspace:
EPMCSS-00387: Failed to authenticate user sebastien.lejarle from user directory EXWC. Invalid password. LDAP response read timed out, timeout used:120000ms.. Enter valid credentials.
We cant figure out what s wrong.
We have applied Oracle's recommended IE 7 and IE8 settings to no avail.
Thanks again.
Seb -
Multiple shared services installs in the same environment?
In IOP 11.1.2 and beyond, shared services handles user authentication, to take advantage of Active Directory.
Can you install EPM shared services on 2 nodes in the same environment (failover in case one goes down)?
Is this possible or recommended?
Thank you.I posted this message also in the Forum: Server & Storage Systems: Administration - General : Installation.
I'll also double-check the install documentation. A quick google of "EPM Shared Services" and some choice keywords revealed a link to this:
http://www.oracle.com/technetwork/middleware/bi-foundation/epm-hss-active-active-clusters-wp-1-132647.pdf
Note that one of the instructions in the active-active-clusters white paper is to install shared services on two nodes, to prevent a single point of failure.
This location http://www.oracle.com/technetwork/middleware/bi-foundation includes EPM DR instructions.
Highly recommended reading.
I apologize to the group for wasting the bandwidth on this question.
Thank you. -
Hi Everybody,
New to this forum and i want to know about upgrading the essbase from 7.1.x to 9.3.x...As i gone through PDF, it is mentioning as upgrading of 9.3.x from earlier versions prior to release 9.2.x cannot be done directly...Here comes with the migration/upgradation topic wherein... Can we go ahead and install essbase 9.3.x on new box and migrate app's / db's from 7.1.x old box?
One more thing is like...if we are using External authentication using LDAP in 7.1.x version for security....will it be mandatory to implement shared services separately in system 9 or continue with native security mode without installing shared services...I have only essbase and no other tools implemented...
Hope u guys understand my queries!...If any body can explain on these two aspects...will be of great help to me...
Thanks for the help in advance!!Hi,
You will have to migrate the Essbase server from 7.1.2 to 9.3.1
The steps you will follow are as below: --
1. Configure Essbase on new environment, 9.3.1 by using the same user as on 7.1.2 [THIS IS AN IMPORTANT STEP, TO MIGRATE SECURITY]
1. Take data exports of all application/databases in old environment
2. Take backups of all Essbase objects, including essbase.sec in old environment. Take security file backup after stopping Essbase 7.1.2
3. Create the applications/databases with same name in new environment 9.3.1
4. Copy the outlines and open outline in EAS in 9.3.1 and save them again.
5. Copy all objects, rules, reports, calc for all applications.
6. Stop essbase, Eas in new environment and copy security file from old environment to new environment Take backup of Essbase.sec on new environment
7. Start Essbase 9.3.1
8. Validate all databases using Esscmd "validate" command
9. Reimport all data and run default calc on all applications.
10. Now, you have the security in new Essbase server, as in old environment
11. Externalize the security in EAS.
Caution: When you migrate to Shared Services, Essbase users and groups are converted to equivalent roles
in Shared Services. Shared Services creates a superuser with the user ID named “admin,” which
is read-only. If Essbase contains a user ID named “admin”, that user ID cannot be migrated to
Shared Services. Before migrating, change the “admin” user ID (for example, from “admin” to
“asadmin”).
It is not compulsory to use shared services with Essbase 9.3.1, if you have Essbase only.
but since it the way to go, you will have to migrate your essbase security to shared services.
Let me know if it helps, by defining the reply as answered, Helpful or correct.
Cheers
RS
Maybe you are looking for
-
Hi I have a problem with my loops. They play ok in the browser, but when I move them to a track they sound like they are muffled or under water. Any ideas what could be going on? Are instrument libraries part of the installation? I can't find any doc
-
HT201365 How do I access my inbox for mail? and close apps I am done using?
I am having trouble getting into my mail inbox and also closing apps I am done using. Today is the 1st day I am using the IOS7 update.
-
Lost all applications after upgrading
Hi, I've just got a 3GS and was trying to sync with itunes to activate the phone Here's what happened: 1. Did a back up with previous phone (3G) with iTunes. 2. Connect new 3GS with iTunes. 3. Sync/restore new 3GS 4. Update phone firmware to version
-
''Duplicate post, continue here - [/questions/770615]'' I am not sure exactly what happened. Logged onto my computer and was greeted by a menu prompting me to download Firefox, as an alternative to Internet Explorer. I had always used Firefox before
-
Pecalculation with Information Broadcasting
hi, I am try to set up this scenario but somewhere i am missing some setting. I need your suggestions. I have one query on multiprovider which includes 8 cubes. The query takes half an hour to display the results. So, what i have done is i have d