dinsdag 9 april 2013

Configuring OBIEE to use OAM

Challenge

Configuring OBIEE to use OAM as an SSO-solution.

Context

OBIEE 11.1.1.6.0 running on WLS 10.3.5
OAM 11.1.2 running on WLS 10.3.6.0
Both solutions are running on different machines or at lease different images of a virtualization solution.

Solution

After setting up a common ldap provider, like explained in my previous blog, you are ready to connect OBIEE with your OAM environment.
Here are the steps we performed:

Configuring the HTTP_Server to redirect the url's

We are going to make use of the Oracle HTTP_Server to redirect the users to the OAM for authentication and authorization.
  • Installing an HTTP_Server with WebGate.  See this blog for more info.
  • Adapt the /u01/app/oam/product/webtier/instances/instance1/config/OHS/ohs1/mod_wl_ohs.conf to
    # NOTE : This is a template to configure mod_weblogic. 
    
    LoadModule weblogic_module   "${ORACLE_HOME}/ohs/modules/mod_wl_ohs.so"
    
    #  This empty block is needed to save mod_wl related configuration from EM  to this file when changes are made at the Base Virtual Host Level
    <IfModule weblogic_module>
          WebLogicHost oamhost.contribute.be
          WebLogicPort 7001
          Debug ON
          WLLogFile /tmp/weblogic.log
    #      MatchExpression *.jsp
    </IfModule>
    
    # <Location /weblogic>
    #      SetHandler weblogic-handler
    #      PathTrim /weblogic
    #      ErrorPage  http:/WEBLOGIC_HOME:WEBLOGIC_PORT/
    #  </Location>
    
     <Location /analytics>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
     <Location /mapviewer>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
     <Location /xmlpserver>
        SetHandler weblogic-handler
        WebLogicHost obieehost.contribute.be
        WebLogicPort 9704
     </Location>
    
  • Restart the HTTP_Server

Configure the OBIEE components to use SSO:

  • Adding a new identity asserter
    • Go to the WLS console : http://obieehost.contribute.be:7001/console
    • Login and go to Security Realms -> MyRealm -> Providers(tab)
    • Create a new provider with
      • Name: OAMProvider
      • Type: OAMIdentityAsserter
    • Edit the newly created provider and set the control flag to SUFFICIENT and make sure that Active Type is set to "OAM_REMOTE_USER"
    • Reorder the providers to the list : OVDAuthenticator - OAMProvider - DefaultAuthenticator - DefaultIdentityAsserter
    • Restart the entire BI-domain
  • Enabling SSO
    • Go to the EM : http://obieehost.contribute.be:7001/em
    • Go to the Business Intelligence (folder on the left) -> coreapplication -> Security (tab) -> Single Sign-On (tab)
    • Enable SSO and set Oracle Access Manager as SSO Provider

    • Restart all OBIEE components

    While using the url's of the HTTP_Server, you should be authenticated through OAM.

    Good luck.

    3 opmerkingen:

    1. This information really worth saying, i think you are master of the content and thank you so much sharing that valuable information and get new skills after refer that post.
      Weblogic Training in Chennai

      BeantwoordenVerwijderen

    2. Hello, I read your blog occasionally, and I own a similar one, and I was just wondering if you get a lot of spam remarks? If so how do you stop it, any plugin or anything you can advise? I get so much lately it’s driving me insane, so any assistance is very much appreciated.
      AWS Training in Chennai | Best AWS Training in Chennai
      Best Data Science Training in Chennai

      BeantwoordenVerwijderen