We will be working with “Access Control” to achieve Single Sign On.
1.Configure OAM Identity Asserter for OBIEE
2.Create SSO Agent for OBIEE
3.Configure Webgate on OHS
4.Copy artifacts to OHS
5.Configure SSO for OBIEE components
6.Configure Identity Store for OAM
7.Create Custom Authentication Module
8.Create Custom Authentication Scheme
9.Modify Application Domain to user Custom Authentication
Scheme
1.Configure OAM Identity Asserter for OBIEE
1.Login as weblogic
2.Click on "Lock & Edit"
3.Click on Security Realms
4.Click on "myrealm"
5.Click on Providers
6.Click on "New"
7.Provider Details and Click on Ok
8.Click on "AD-OAM"
9.Set Flag as Required and click on OK
10.Click on Reorder
11.Move AD-OAM to top
12.Click on Active Changes
Note: Restart OBIEE for the changes to get reflected
2.Create SSO Agent for OBIEE
Login to OAM server and run following steps
$ cd $ORACLE_HOME/oam/server/rreg/client
$ tar -xzvpf RREG.tar.gz
$ cd rreg/input
$ cp -pr OAM11GRequest_short.xml OBIEE.xml
Modified Content of OBIEE.xml as following
<?xml version=”1.0″ encoding=”UTF-8″?>
<!–
Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
NAME: OAM11GRequest_short.xml – Template for OAM 11G Agent Registration Request file
(Shorter version – Only mandatory values – Default values will be used for all other fields)
DESCRIPTION: Modify with specific values and pass file as input to the tool.
–>
<OAM11GRegRequest>
<serverAddress>http://oam:7111 </serverAddress>
<hostIdentifier>obiee</hostIdentifier>
<agentName>OBIEE_11G</agentName>
<protectedResourcesList>
<resource>/bicontent</resource>
<resource>/bioffice</resource>
<resource>/biofficeclient</resource>
<resource>/xmlpserver</resource>
<resource>/ui</resource>
<resource>/mapviewer</resource>
<resource>/bicomposer</resource>
<resource>/bisearch</resource>
<resource>/analytic*</resource>
<resource>/analytics/**</resource>
<resource>/analytics/saw.dll/wsdl/**</resource>
<resource>/analytics</resource>
<resource>/analytics/saw.dll/wsdl</resource>
</protectedResourcesList>
<publicResourcesList>
<resource>/bioffice/services/saw</resource>
<resource>/ui/do/logout</resource>
<resource>/xmlpserver/services</resource>
<resource>/xmlpserver/report_service</resource>
<resource>/xmlpserver/ReportTemplateService.xls</resource>
<resource>/xmlpserver/Guest</resource>
<resource>/biservices</resource>
<resource>/ui/images/*</resource>
<resource>/em</resource>
<resource>/em/…/*</resource>
<resource>/console</resource>
<resource>/console/…/*</resource>
<resource>/biacm</resource>
<resource>/biacm/…/*</resource>
<resource>/odiconsole</resource>
<resource>/odiconsole/…/*</resource>
<resource>/bicustom</resource>
<resource>/bicustom/**</resource>
</publicResourcesList>
<excludedResourcesList>
<resource>/rtis</resource>
<resource>/rtis/…/*</resource>
<resource>/schema</resource>
<resource>/schema/…/*</resource>
<resource>/ws</resource>
<resource>/ws/…/*</resource>
<resource>/wsmpm</resource>
<resource>/wsmpm/…/*</resource>
</excludedResourcesList>
</OAM11GRegRequest>
$ cd $ORACLE_HOME/oam/server/rreg/client
$ bin/oamreg.sh inband input/OBIEETST.xml
Note: This will create SSO Agent and all the resources.Artifacts will be created under output folder
3.Configure Webgate on OHS
Wegbate comes preinstalled with OHS 12c, if you are using OHS 11g, then install webgate (11.1.2.3 -or- 12c) on top of OHS 11g (11.1.1.9)
POST WEGATE STEPS
OHS 11g:
1.$ cd ${WEBGATE_HOME}/webgate/ohs/tools/deployWebGate
2.$ ./deployWebGateInstance.sh -w ${ORACLE_INSTANCE}/config/OHS/ohs1/ -oh {WEBGATE_HOME}
3.$ export LD_LIBRARY_PATH=${OHS_HOME}/lib:${LD_LIBRARY_PATH}
4.$ cd ${WEBGATE_HOME}/webgate/ohs/tools/setup/InstallTools/
5.$ ./EditHttpConf -w ${ORACLE_INSTANCE}/config/OHS/ohs1/ -oh {WEBGATE_HOME} -o Edithttpconf.log
OHS 12c:
1$ cd {OHS_HOME}/webgate/ohs/tools/deployWebGate
2./deployWebGateInstance.sh -w ${OHS_DOMAIN_HOME}/config/fmwconfig/components/OHS/ohs1 -o ${OHS_HOME}
3export LD_LIBRARY_PATH=${OHS_HOME}/lib:${LD_LIBRARY_PATH}
4cd ${OHS_HOME}/webgate/ohs/tools/setup/InstallTools/
5./EditHttpConf -w ${OHS_DOMAIN_HOME}/config/fmwconfig/components/OHS/ohs1 -o ${OHS_HOME}
4.Copy artifacts to OHS
Login to OAM Server and move artifacts to
OHS server
$ cd
$ORACLE_HOME/oam/server/rreg/client/rreg/output
$ tar -czvpf OBIEE_11G.tgz OBIEE_11G
SCP “OBIEE_11G.tgz” to OHS Server “/tmp”
Login to OHS
Server and copy artifacts to webgate conf folder
$ cd /tmp/
$ tar -xzvpf
OBIEE_11G.tgz
OHS 11g:
$
cd ${ORACLE_INSTANCE}/conf/OHS/ohs1/webgate/conf
$
cp -pr /tmp/cwallet.sso /tmp/ObAccessClient.xml .
OHS 12c:
$cd${OHS_DOMAIN_HOME}/config/fmwconfig/components/OHS/ohs1/webgate/conf
$
cp -pr /tmp/cwallet.sso /tmp/ObAccessClient.xml .
Note: Bounce OHS component for the changes
to get reflected.
5.Configure SSO for OBIEE components
1.Login As Weblogic
2.Click on bi instance
3.Click on Security
4.Click on Lock & edit'
5. Check "Enable SSO" and provide SSO logout URL
6.Click on Active changes
Note:
1.Incase of OBIEE 11g, need to provide
following
Enable SSO:
The SSO
Provider Logon URL:
http://obiee:7777/analytics
The SSO Provider
Logoff URL: http://oam:14100/oam/server/logout
2.Bounce biinstance for the changes to get
reflected.
6.Configure Identity Store for OAM
1.Login to OAM console as weblogic user
2. Click on "Configuration"
3.Click on "User Identity Stores"
4.Click on Create
5.Provide AD details and click on "Test Connection"and Apply
7.Create Custom Authentication Module
1. Login to OAM console as weblogic user
2.Click on "Application Module" under plugins
3.Click on "create LDAP Authentication Module"
4.Create custom Authentication Module and Click on "Apply"
8.Create Custom Authentication Scheme
1. Login to OAM console as weblogic user
2.Click on "Authentication Schemes" Under access Manager
3.Click on create
4.Provide details and click on Apply
9.Modify Application Domain to user Custom Authentication Scheme
1. Login to OAM console as weblogic user
2.Click on "application domains" under Access Manager
3.Click on Search
4.Select SSO Agent "OBIEE_11G"
5.Click on "Authentication Policies"
6.Select Protected Resource Policy"
7.Modify Authentication Scheme to Custom Authentication Scheme and Apply Changes
Note: Now OBIEE is SSO enabled. Try to access analytics page and you should get Oracle Access Manager Page instead of default analytics page.
No comments
Post a Comment