SSO - Discoverer and VPD

Similar Messages

• Discoverer and VPD

  Hi!
  Please, someone can help me to use Discoverer Desktop in a database with VPD. I need to set a context variable before Discoverer 9.0.4 Desktop start to work. I have tried to use a logon trigger, but the session variable "module" (to catch the program name) is not set in logon time (actually the variable is set, but with the name of the application in system file, e.g. dis51usr.exe.). Now I'm trying to use the eul_trigger$post_login function, but it seems that Discoverer create many sessions at initialization. I set the context variable in eul_trigger$post_login function but after the initialization the context variable is not set.

  Hi,
  You should be able to set up the context using either a logon trigger or a eul_trigger$post_login function. The module column in the v$session view for the current session will indicate whether the session is a Discoverer session. This is not 100% reliable as you could easily write a program that set the module to look like Discoverer.
  Discoverer Desktop actually creates 2 sessions for each user; one session to query the EUL and another to run the reports. You should set the context for both of these sessions.
  Hope that helps,
  Rod West

• Integrating SSO users and Discoverer users

  Hi,
  I want to integrate SSO user with discoverer users. The discoverer users are database users. Is there any way by which I can authenticate discoverer user via single sign on. And if SSO user changes his password or a new SSO user is added, then the changes are reflected in discoverer users.
  Regards.

  I am having this problem too.
  In fact I would prefeer to have only one shared database user for all SSO users, and use only VPD and database roles for access control. But discoverer uses the database user for controling access to the workbooks. So any user can delete all the workbooks that other users saved when sharing the database account.
  Discoverer plus could have a option to use the SSO user instead of the database user, like it does when using a Applications mode EUL.

• Portals, Disco and VPD

  If I set up a 10g Portals, Disco environment with SSO, how can VPD be used? I've seen it referred to a few times on this forum, and I'm wondering if it creates some identifier for a database user logging in to Portals or Disco, and therefore a folder or view could limit on this identifier?
  Any thoughts on this?
  Thx.
  Russ

  Hi Steve
  I was always told that using a VPD with public connections and Portal / Viewer is a very dangerous thing to do if web cache is in use. Of course if we turn webcache off and make sure that the VPD uses the CLIENT_IDENTIFIER then all queries will run every time they are called and be constrained via VPD.
  One of the great advantages of having web cache is that it will remember the data from the last time the query was run or from when the portlet was refreshed. But if you are using a VPD, neither Discoverer Viewer nor Portal (Plus does not use web cache anyway) has any idea of what the database is up to and thus the data will be retrieved from the cache - which will certainly break the security because the new user will see the data from the previous execution. Thus, pulling data via a public connection with SSO in use must be restricted to only that data which cannot change.
  On page 802 of my Discoverer 10g Handbook, I quote:
  It is vitally important that you not attempt to use Web Cache with sensitive data. This is because Web Cache has no mechanism to protect its content. When a request is made to Web Cache for a page that is cacheable (as defined by the caching rules) but has not yet been cached, then Web Cache makes a request on behalf of the user to the Oracle HTTP Server (Apache). OHS has the mod_osso add-on module, whose job it is to guarantee that a user must be authorized to view a page.
  The first time such a request is received, the Single Sign-On connection screen will appear and the user will need to provide his or her SSO user name and password. But, because the page is cacheable, Web Cache will keep a copy of it in memory. Then, any subsequent request from any user will deliver the user the page without authentication. This is why Oracle explains that you must cache only Discoverer Viewer content delivered through a Discoverer Public connection. The long and the short of this is that you should not cache pages in Web Cache unless it is okay for everyone to see them.
  In other words - do not use a VPD when Web Cache is in use.
  I hope this helps
  Regards
  Michael

• What is SSO , SSL, and other terms?

  Hi,
  I always hear the terms SSO, SSL and some other terms, but I am not aware of the exact meaning of them.
  Can anyone focus some light on this ?
  Thanks!
  Yogini

  Hi Yogini,
  if you are referring SSO( Single sign on ) and SSL ( security socket layer) for Discoverer, check out the link below.
  http://download.oracle.com/docs/html/B13918_03/security2.htm#BABGEIEC
  Here topics on 14.6 Using Discoverer with OracleAS Framework Security
  14.7 Using Discoverer with Oracle Identity Management Infrastructure

• How to catch SSO userid and store it in deployment database?

  Hi,
  Environment: OID,Portal,forms,reports 9.0.2.3
  How do I do if I have a SSO user, lets say DAVE, and he has a resource pointing to a Deployment database un/pw@ORAC? When he has made his SSO login and choose a form I want store his real userid in the database ORAC. For example in v$session and in a history table. I want to be able to trace a blocking session back to the real user.

  Hi i
  from the form i set the default value of the field form_user_name PORTAL.WWCTX_API.GET_USER and the default fomat type to expression return varchar
  Now
  =======
  the authenticated user id appears in the field form_user_name and is inserted properly in the oirder table
  Question
  ========
  i want every authenticated user can query only his orders which means when he prss the query button , he will get his orders only
  How can i force the where clause of the query to have
  form_user_name = PORTAL.WWCTX_API.GET_USER
  Regards
  Mohamed Hammed

• How to Skip SSO Username and passowrd.

  i just installed Oracle Application Server .2.0.2 on Windows 2003.
  Before i can view report i have to give SSO Username and password i want to skip this step and report can be executed directly from my Forms.
  i have already commented the SSO lines from my formsweb.cfg file. as shown below
  #ssoDynamicResourceCreate=true
  # Single Sign-On parameter: URL to redirect to if ssoDynamicResourceCreate=false
  #ssoErrorUrl=
  # Single Sign-On parameter: Cancel URL for the dynamic resource creation DAS page.
  #ssoCancelUrl=
  # Single Sign-On parameter: indicates whether the url is protected in which
  # case mod_osso will be given control for authentication or continue in
  # the FormsServlet if not. It is false by default. Set it to true in an
  # application-specific section to enable Single Sign-On for that application.
  #ssoMode=false
  Thanx in advance

  I assume you are not using Oracle's Portal or otherwise already using OID as an SSO server.
  There are two big steps you'll need to do this
  Enable and configure SSO for Forms
  http://www.oracle.com/technology/sample_code/products/forms/viewlets/10g/frmsso/frmsso_viewlet_swf.html
  Enable WNA for OAS : Read Metalink doc 345025.1. It is not a simple process.
  WNA will log into the SSO server via Kerberos. When the Forms connection fires off, it is from the Forms server, so Kerberos is not an option. Instead the Forms server will use a Resource Access Descriptor (RAD) to retrieve username/password/sid logon information from the OID server stored in the OID SSO account that your authenticated into via WNA
  If you are already using Portal & have users sign, then WNA is not needed & just go with the SSO for Forms.

• Differance between Discoverer and BI Discoverer

  hi guyz ,am new to ebs and discoverer,one question always bother me what is differance in discoverer and BI Discoverer,according to my understanding discoverer is separate tool where we develop report then link it to BI and BI Discoverer is EBS builtin tool.if am right so what both r oracle product ,if it's also true why we need both ,why not single is enough.thanx

  Hi,
  There is no difference. Discoverer is shipped with eBS but it is the same tool (though an older version) as the standalone Discoverer. eBS is also shipped with an predefined EUL and some reports which are integrated into some of the eBS menus. You can write your own reports and create your EUL and add the reports to the menus.
  There are 4 Discoverer tools. Discoverer Plus, a web based report writing tool. Discoverer Viewer a web based report viewing tool. Discoverer Desktop, a windows based report writing tool and Discoverer Administrator used for managing the EUL.
  You need all these tools to use Discoverer with eBS and they should be downloaded separately from eBS to ensure you have the latest versions.
  Rod West

• Oracle 10g discoverer and report services installation issue

  Hi
  Could some one help me in finding the solution for the problem while installing oracle 10g discoverer and report services installation ..
  at configuration assistants the opmn configuration failed..
  could some one suggest the possible solution for this problem.
  thanks

  at configuration assistants the opmn configuration failed..additional clues may exist within log file.
  Edited by: sb92075 on Aug 29, 2010 7:19 PM

• How to access to SSO username and password from JPDK

  Hello
  Does anybody know how to access, from Java PDK, to SSO username
  and password of user, currently connected to portal.
  Thank's,
  Tomaz Podbersic

  The portal user's password is one way hash algorithm (MD5) that
  cannot be reversed.
  What you'll have to do is setup a "External Application" and
  save an alternate username/password profile in that area. It
  requires the user to first enter that data (but only 1 time) the
  first time into that application.
  ===========================================
  <HELP NOTE>
  If anyone knows of an API to populate those tables when seeding
  or creating the user names to also seed or create the "external
  applications" user /pass this would be helpful.
  ============================================
  JSP java code:
  ====================
  PortletRenderRequest portletRequest = (PortletRenderRequest)
  request.getAttribute (HttpProvider.PORTLET_RENDER_REQUEST);
  ProviderUser myUser=(ProviderUser) portletRequest.getUser();
  =====================
  From this object instance you can get the user's name, and other
  Portal session info. NOT password.
  The External Application username & password is a bit more
  tricky to get.
  see:
  SQL Login Problems

• OracleAS 10g (9.0.4.0.2) Load Balancing  Forms, Discoverer and reports

  I am having some problems trying to load balance with Oracle Forms, Discoverer and reports Oracle Application Server Release 10g (9.0.4.0.2) and I was wondering if you could help. Has any one ever got this to work consistently? We are an ERP product written mostly in forms (904) and are trying to implement are largest customer there performance issue so we need the load balancing to work. Will also accept other recommendation as cost effective as solutions.
  Site 1:
  A: SERVER –
  •     Host as1.xyzco.local
  •     Version 10.1.2.0.2
  •     Installation Type Identity Management and Metadata Repository
  •     Oracle Home E:\oracle\inf_1012
  •     Farm as1db.xyzco.net
  o     HTTP_Server
  o     Internet Directory
  o     OC4J_SECURITY
  o     Single Sign-On:orasso
  o     Management
  B SERVER –
  •     Host as2. xyzco.local
  •     Version 9.0.4.0.2
  •     Installation Type Business Intelligence and Forms
  •     Oracle Home E:\oracle\mid_904
  •     Farm as2db. xyzco.net
  o     Discoverer
  o     Forms
  o     home
  o     HTTP_Server
  o     OC4J_BI_Forms
  o     Reports Server
  o     Web Cache
  o     Management
  C SERVER –
  •     Host as3. xyzco.local
  •     Version 9.0.4.0.2
  •     Installation Type Business Intelligence and Forms – Discoverer and Reports
  •     Oracle Home E:\oracle\mid_904
  •     Farm as2db. xyzco.net
  o     Discoverer
  o     Forms
  o     home
  o     HTTP_Server
  o     OC4J_BI_Forms
  o     Reports Server
  o     Web Cache
  o     Management
  All servers Are:
  •     Windows 2003 Standard Server with current service packs
  •     Xeon Dual Processor with 4GB ram
  •     Raid 0 drives 2 for OS and 2 for Oracle
  Daniel Brody
  ([email protected])

  I have more then half decent results with webcache as load balancer, but it still is a round robin (as mentioned before). This means that a session will not be transfered from one application server to the other once the session has been created.
  So far I did not discover any benefits of a hardware loadbalancer over webcache, because (here it is again:) you are not able to transfer open sessions from one application server to the next. This has to do with the Oracle Forms architecture. In fact it is still client-server, only with the application server functioning as extra server ;)

• Apps 11i, Discoverer, and Security

  Just an FYI for those out who are having problems picking up Apps Security when trying to implement Oracle Discoverer on top of Apps 11i. We have struggled over the past six weeks to have Discoverer pick up Apps Security and have finally found a combination that works. If anyone else is having a similar problem and would like the details of our configuration, please e-mail me at [email protected]

  Hi,
  If you have an issue with Discoverer and security, your best option is to post a question in the Discoverer forum (Discoverer
  Rod West

• Portal integration with OFA,OSA, Discoverer and Express

  Dear All,
  Is it possible to integrate OFA,OSA, Discoverer and Express into portlet or is there any other mechanism to fulfill those requirements?
  null

  David,
  All the tools you mention can be integrated into Oracle9iAS Portal as portlets usind the Portal Development Kit. Check out the Oracle Portal Development Kit (PDK) forum for more information on how to do this.
  The Discoverer team is working on some Discoverer portlets that should be available with Oracle9iAS Release 2 due later this year. I am not sure about OFA, OSA and Express.
  Rich

• How to install 10g discoverer and integrate it with R12

  Hi,
  We want to install 10g Discoverer.
  As we can't install discoverer alone, i have downloaded IAS 10g.
  Which option i need to select to install Discoverer?
  Thanks,

  Hi,
  I was able to install Discoverer 10g successfully.
  Changed the profile options of Discoverer and tried to access it from R12.
  But getting below error.
  A connection error has occurred.
  - OracleBI Discoverer was unable to complete the connection initialization.
  - Attempt 1. CORBA protocol : 0 of 1 processes started. Hint: An administrator can further diagnose connection problems by running the "checkdiscoverer" script under <ORACLE_HOME>/discoverer/util.
  The checkdiscoverer script output is like this. Please check.
  ========================
  Initializing ORB...
  ORB initialized successfully.
  Checking for Discoverer "ServicesStatus"...
  "ServicesStatus" is running.
  Checking the adminstrator set soft limit on no. of sessions ...
  Current value of soft limit = 50 sessions.
  Hint: Administrators can increase the soft limit on Discoverer sessions by modif ying
  "//ias-component[id='Discoverer']/process-type[id='SessionServer']/process-set/@ maxprocs" attribute in the file /a01/distest/OraHome_1/opmn/conf/opmn.xml
  Checking for Discoverer Preferences component...
  Found Discoverer Preferences component.
  Binding to Discoverer Server...
  0 of 1 processes started.
  Error: Failed to bind to Discoverer Server.
  Hint: Try increasing the timeout by changing the timeout value in opmn.xml.
  Checking that the machine has only one network card...
  Yes.
  ===========================
  Thanks,

• What are the DIFFERENCES between Discoverer and BI Publisher?

  Hi,
  I was asked by my manager to look into BI Publisher and give a report. Went through and the first thing that came to my mind was Oracle Discoverer.
  I don’t see any difference between the 2. Both are end user reporting tools, , with basically the same functions and options, or AM I MISSING something here???
  Surprisingly, both Discoverer and BIP are part of Oracle BI EE. So why have 2 products that basically does the same thing in BI EE??
  I would appreciate if anybody can enlighten me.
  Thanks & Regards,
  CS

  Hi
  Well not really. Discoverer is an end user reporting tool, providing the ability to generate high end reports, typically with a chart and drillable table. BIP is targeted at the other end of the spectrum, where Oracle Reports sits. It has some disco like capabilities but its strengths lie in generating documents e.g. invoices, POs , letters, listing reports, etc. It can also generate electronic formats, EFT, EDI, XML, etc.
  In its standalone flavor, it comes as a server component, managing users, report security, scheduling, real time reports, etc.
  So, it overlaps a little with Disco, it overlaps far more with Oracle Reports. It the strategic operational reporting solution going forward, its bundled with BIEE. BIEE being the Oracle BI product going forward. I dont think you'll find Disco shipping with BIEE.
  Tim