Oracle Access Manager integration with BI Publisher
I would like to cover OAM integration with BI Publisher (xmlpserver) in this post. A day before, I wrote a post on OAM integration with BI Dashboards and same steps hold good here but with few ad-dons.
Following sections mentioned in BI Dashboards integration are same for this integration:
1. Environment details
2. Pre-requisites
3. Architecture
There are few modifications in Integration Details section compared to Dashboards integration.
Integration Details:
Integration will be explained with the steps executed from both OAM and OBIEE front.
OAM Front:
Create the OBIEE user and groups in OAM user repository.
1. Create a policy domain for OBIEE.
2. Add the resource /xmlpserver to be protected.
3. Create Authorization Rule to allow the users and add authorization actions to return the username in header variable say SSO_UID and corresponding user groups.
4. Specify the Form based authentication (which is used in our case) and assign the Authorization Rule.
5. Install the WebGate on the proxy server and configure the reverse proxy for Dashboards URL as shown below.
ProxyPass /xmlpserver/ http://bi_host:port/xmlpserver/
ProxyPassReverse /xmlpserver/ http://bi_host:port/xmlpserver/
6. Restart the proxy web server.
7. Create another policy domain to unprotect few BI URLs.
- Add the following URLs in the Resources tab to be unprotected.
/xmlpserver/services/
/xmlpserver/report_service/
/xmlpserver/ReportTemplateService.xls/
/xmlpserver/Guest/
- Create an Authorization Rule to allow all users.
- In the Default Rules tab, specify the name as Anonymous Scheme and select Anonymous Authentication scheme from the drop down.
- In the Authorization tab, all the Authorization Rule created in the above steps.
- Enable the policy domain
8. Access the URL http://proxy_host:port/xmlperver/services and test whether anonymous authentication scheme is working or not. You can also test the other URLs.
OBIEE Front:
All the steps described in Dashboards and OAM integration holds good here in addition to few steps which is given below.
- Copy the file ssodefaults.xml from the location manual/XMLP/Admin/Security/ to the existing BI Publisher repository.
- Login to BI Admin console and goto the tab Security Configuration.
- Enter the Single Sign-On parameters as shown below.
- Specify the User Name Parameter as the UID header variable that is specified in Authorization Rule of Policy domain.
- Restart the application services.
Test the integration:
- Access the BI Publisher URL as http://proxy_host:port/xmlpserver/
- You will see Form Login page (configured form authentication in my case) and enter the login details.
- ObSSOCookie gets created by OAM after successful authentication & authorization and you will see the requested application.
Points to remember:
Access the xmlpserver URL ending with / as shown below.
http://proxy_host:port/xmlpserver/
You will end up with 404 Not found error (control stops at OAM Action URL) if you don’t specify ‘/’ character in the end of the URL.
Helpful Notes:
About the Author Mahendra
I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com