Oracle Access Manager integration with BI Publisher

I would like to cover OAM integration with BI Publisher (xmlpserver) in this post. A day before, I wrote a post on OAM integration with BI Dashboards and same steps hold good here but with few ad-dons.

Following sections mentioned in BI Dashboards integration are same for this integration:

1. Environment details

2. Pre-requisites

3. Architecture

There are few modifications in Integration Details section compared to Dashboards integration.

Integration Details:

Integration will be explained with the steps executed from both OAM and OBIEE front.

OAM Front:

Create the OBIEE user and groups in OAM user repository.

1. Create a policy domain for OBIEE.

2. Add the resource /xmlpserver to be protected.

3. Create Authorization Rule to allow the users and add authorization actions to return the username in header variable say SSO_UID and corresponding user groups.

4. Specify the Form based authentication (which is used in our case) and assign the Authorization Rule.

5. Install the WebGate on the proxy server and configure the reverse proxy for Dashboards URL as shown below.

ProxyPass /xmlpserver/ http://bi_host:port/xmlpserver/

ProxyPassReverse /xmlpserver/ http://bi_host:port/xmlpserver/

6. Restart the proxy web server.

7. Create another policy domain to unprotect few BI URLs.

Add the following URLs in the Resources tab to be unprotected.

/xmlpserver/services/
/xmlpserver/report_service/
/xmlpserver/ReportTemplateService.xls/
/xmlpserver/Guest/

Create an Authorization Rule to allow all users.
In the Default Rules tab, specify the name as Anonymous Scheme and select Anonymous Authentication scheme from the drop down.
In the Authorization tab, all the Authorization Rule created in the above steps.
Enable the policy domain

8. Access the URL http://proxy_host:port/xmlperver/services and test whether anonymous authentication scheme is working or not. You can also test the other URLs.
OBIEE Front:

All the steps described in Dashboards and OAM integration holds good here in addition to few steps which is given below.

Copy the file ssodefaults.xml from the location manual/XMLP/Admin/Security/ to the existing BI Publisher repository.
Login to BI Admin console and goto the tab Security Configuration.
Enter the Single Sign-On parameters as shown below.
Specify the User Name Parameter as the UID header variable that is specified in Authorization Rule of Policy domain.
Restart the application services.

Test the integration:

Access the BI Publisher URL as http://proxy_host:port/xmlpserver/
You will see Form Login page (configured form authentication in my case) and enter the login details.
ObSSOCookie gets created by OAM after successful authentication & authorization and you will see the requested application.

Points to remember:

Access the xmlpserver URL ending with / as shown below.

http://proxy_host:port/xmlpserver/

You will end up with 404 Not found error (control stops at OAM Action URL) if you don’t specify ‘/’ character in the end of the URL.

Helpful Notes:

Oracle Documentation

About the Author Mahendra

I am engulfed in Oracle Identity & Access Management domain. I have expertise on providing the optimized solutions for user provisioning, web access management, Single Sign-On and federation capabilities etc., I am also well versed with complex integrations within Identity Management and other product domains. I have expertise on building demos and implementation experience on products Oracle Access Manager, Oracle Adaptive Access Manager, Oracle Entitlement Server, Oracle Virtual Directory, Oracle Internet Directory etc., Look @ my blog: http://talkidentity.blogspot.com

Leave a Comment:

5 comments

anan says March 24, 2011

which version of OAM, BIP did you use in this integration?

Do you know whether BIP 10.1.3.4.1 is certified with OAM11g?

Thanks and Regards,
Anan

Mahendra says March 25, 2011

Anan,

The OAM is 10g. BIP is 10.1.3.4.1.

Please check the OAM 11g integration guide if there is any integration topic discussed.

-M

aman1983 says February 14, 2013

How to upgrade from IAM 11gR1 to IAM 11gR2 (OIM, OAM etc)?

Arulmani says March 5, 2014

Dear Mahendra,

Your Post is great and it gave me more information in configuring the OAM with OBIEE XMLPSERVER.

Currently I am configuring OBIEE with OAM 11g i have configured XMLPSERVER via Webgate.
But when ever I access with credentials from OID its says authentication failed.

Please advice do we need to configure OID AS default authenticator to configure OBIEE with OAM for Single sign on.

Thank you!!!

Mahendra says March 5, 2014

Arul,

Thanks. It has been long time since I did this integration. From the top of my head, I remember that some OID authentication configuration was present in OBIEE end. Also, please check if you are getting userid in the header variable for OBIEE server to accept.

Thanks
mahendra.

Add Your Reply