dinsdag 9 april 2013

Configuring OBIEE to use OAM

Challenge

Configuring OBIEE to use OAM as an SSO-solution.

Context

OBIEE 11.1.1.6.0 running on WLS 10.3.5
OAM 11.1.2 running on WLS 10.3.6.0
Both solutions are running on different machines or at lease different images of a virtualization solution.

Solution

After setting up a common ldap provider, like explained in my previous blog, you are ready to connect OBIEE with your OAM environment.
Here are the steps we performed:

Configuring the HTTP_Server to redirect the url's

We are going to make use of the Oracle HTTP_Server to redirect the users to the OAM for authentication and authorization.
  • Installing an HTTP_Server with WebGate.  See this blog for more info.
  • Adapt the /u01/app/oam/product/webtier/instances/instance1/config/OHS/ohs1/mod_wl_ohs.conf to
    # NOTE : This is a template to configure mod_weblogic. 
    
    LoadModule weblogic_module   "${ORACLE_HOME}/ohs/modules/mod_wl_ohs.so"
    
    #  This empty block is needed to save mod_wl related configuration from EM  to this file when changes are made at the Base Virtual Host Level
    <IfModule weblogic_module>
          WebLogicHost oamhost.contribute.be
          WebLogicPort 7001
          Debug ON
          WLLogFile /tmp/weblogic.log
    #      MatchExpression *.jsp
    </IfModule>
    
    # <Location /weblogic>
    #      SetHandler weblogic-handler
    #      PathTrim /weblogic
    #      ErrorPage  http:/WEBLOGIC_HOME:WEBLOGIC_PORT/
    #  </Location>
    
     <Location /analytics>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
     <Location /mapviewer>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
     <Location /xmlpserver>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
  • Restart the HTTP_Server

Configure the OBIEE components to use SSO:

  • Adding a new identity asserter
    • Go to the WLS console : http://obieehost.contribute.be:7001/console
    • Login and go to Security Realms -> MyRealm -> Providers(tab)
    • Create a new provider with
      • Name: OAMProvider
      • Type: OAMIdentityAsserter
    • Edit the newly created provider and set the control flag to SUFFICIENT and make sure that Active Type is set to "OAM_REMOTE_USER"
    • Reorder the providers to the list : OVDAuthenticator - OAMProvider - DefaultAuthenticator - DefaultIdentityAsserter
    • Restart the entire BI-domain
  • Enabling SSO
    • Go to the EM : http://obieehost.contribute.be:7001/em
    • Go to the Business Intelligence (folder on the left) -> coreapplication -> Security (tab) -> Single Sign-On (tab)
    • Enable SSO and set Oracle Access Manager as SSO Provider

    • Restart all OBIEE components

    While using the url's of the HTTP_Server, you should be authenticated through OAM.

    Good luck.

    4 opmerkingen:

    1. attractive piece of information, I had come to know about your blog from my friend arjun, ahmedabad,i have read atleast eleven posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a lot once again, Regards,obiee online training

      BeantwoordenVerwijderen
    2. awful piece of information, I had come to know about your blog from my friend vimal, mumbai,i have read atleast 13 posts of yours by now, and let me tell you, your blog gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a million once again, Regards, obiee training in hyderebad

      BeantwoordenVerwijderen
    3. This information really worth saying, i think you are master of the content and thank you so much sharing that valuable information and get new skills after refer that post.
      Weblogic Training in Chennai

      BeantwoordenVerwijderen
    4. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
      Android Training in Chennai
      Ios Training in Chennai

      BeantwoordenVerwijderen