This discussion is archived
1 2 Previous Next 15 Replies Latest reply: Aug 20, 2013 8:42 AM by hyperipwn RSS

OBIEE 11g IPAD SSO

962905 Newbie
Currently Being Moderated
Hello ,

I have SSO enabled in my OBIEE 11.1.1.6.2BP1 . Its working fine from IE/Firefox Browser. Before implementing SSO ipad app was running fine. but now its screwed up. Its not getting connected.

Any changes that is required in the App to be done after SSO is enabled?

Thanks
  • 1. Re: OBIEE 11g IPAD SSO
    962905 Newbie
    Currently Being Moderated
    Any ideas?
  • 2. Re: OBIEE 11g IPAD SSO
    Turbokat Pro
    Currently Being Moderated
    Hello,

    What type of SSO have you enabled on OBIEE .?? Are you using just LDAP like Active Directory or OID .?

    Let us know.

    -SVS
  • 3. Re: OBIEE 11g IPAD SSO
    962905 Newbie
    Currently Being Moderated
    Active Directory with WNA
  • 4. Re: OBIEE 11g IPAD SSO
    Turbokat Pro
    Currently Being Moderated
    Hello,

    Windows Native Authentication (WNA), which uses Kerberos credentials obtained when the user logs in to a Windows Domain. This cross-platform authentication is achieved by emulating the negotiate behavior of native Windows-to-Windows authentication services that use the Kerberos protocol. When OBIEE is configured for WNA, a user that has logged into his desktop can simply navigate to a protected resource without another challenge for credentials. This is because a Kerberos session ticket, which includes the user’s credentials, is passed through the browser to the Weblogic server which then validates the credentials against the Key Distribution Center server (Microsoft Active Directory) on the Windows domain server.

    Are you using OAM or OID to configure WNA or just custom WNA using Microsoft Active Directory..? I don't know it is possible to authenticate users if they are not logged into their Windows Domain.

    Hope this helps. Pls mark if it does.

    Thanks,
    SVS
  • 5. Re: OBIEE 11g IPAD SSO
    962905 Newbie
    Currently Being Moderated
    I am not using OAM or OID. I am just using WNA for authentication of AD. But in weblogic.xml I have also included Basic type of authentication ie if SSO fails it falls back to prompting username & password.
    Can you provide details for configuring Ipad app ? I tried using oracle doc for configuring but was not successful.

    Is there any other config that requires to be changed in weblogic in order to authenticate user thru ipad app.?

    Thanks
  • 6. Re: OBIEE 11g IPAD SSO
    Turbokat Pro
    Currently Being Moderated
    Hello,

    Have you tried using the default authenticator login after setting up WNA for OBIEE .? Because when you are configuring BI for OBIEE to use Single Sign on, you enable Windows native Authentication within EM.

    Let me know if you are able to login using fall back method by prompting username & password.

    Thanks,
    SVS
  • 7. Re: OBIEE 11g IPAD SSO
    962905 Newbie
    Currently Being Moderated
    Yes I have enabled WNA in EM. What is default authenticator login?

    Safari browser in ipad app does prompt for username & pwd.. But Ipad app is not falling back to Basic Auth. It is not able to add server and connect. I have tried switching SSO ON/OFF in app config.
  • 8. Re: OBIEE 11g IPAD SSO
    Turbokat Pro
    Currently Being Moderated
    I meant the default authentication provider or Active directory provider that you have used as your user store. I was referring to on desktop were able to use the fall back authentication .?

    Did you already check : OBIEE 11g: Error: "Authentication Error Server Authentication Failed, Please Check Settings and Re-Try" when Log in with Correct Credentials On Mobile Client [ID 1349522.1]

    Hope this helps. Pls mark if it does.

    Thanks,
    SVS
  • 9. Re: OBIEE 11g IPAD SSO
    962905 Newbie
    Currently Being Moderated
    Yes SSO is working fine in IE. And for other browsers I havent configured them so they fall back to prompting username & password.

    The Oracle Doc you gave refers to matching the GUID values. But I havent change the GUID value in my provider.

    Also before enabling my SSO i.e. when only weblogic was configured with AD app was working fine with my AD credentials.
  • 10. Re: OBIEE 11g IPAD SSO
    962905 Newbie
    Currently Being Moderated
    ??
  • 11. Re: OBIEE 11g IPAD SSO
    Ahsan Shah Expert
    Currently Being Moderated
    Have you read this note:

    IPAD SSO Authentication For Oracle Business Intelligence Mobile [ID 1476488.1]

    In particular it states the following:

    We support only form based authentication. We do not support any other kind of authentication like Kerberos or token based.
    Mobile SSO has been tested ("certified") only with OAM SSO (which is the same than Oracle SSO) but we support all SSO servers that OBIEE supports.


    If helpful pls mark
  • 12. Re: OBIEE 11g IPAD SSO
    962905 Newbie
    Currently Being Moderated
    Thanks Ahsan for your reply. I am aware of SSO limitation of Ipad. Hence I tried connecting with SSO switch OFF in Ipad. Based on my current SSO settings, if browser fails in SSO it prompts for username & password. But thats not happening in Ipad.

    So is there any configuration I am missing somewhere?

    Below is what I am using to connect:

    Host: xxx.yyy.com (also tried with IP address)
    Port: 9704
    SSL – Off
    SSO – Off (also tried setting to ON)
    Username: my username
    Pass: my password
    Save Pw: On
    Device Locale: On
    Analytics Path: /analytics/saw.dll
    Publisher Path: /xmlpserver
  • 13. Re: OBIEE 11g IPAD SSO
    962905 Newbie
    Currently Being Moderated
    Any other ideas/config for ipad app to run ?
  • 14. Re: OBIEE 11g IPAD SSO
    871233 Newbie
    Currently Being Moderated
    Were you able to resolve we are getting into the same issue. Any suggestions wud be helpful

    Thanks bala
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points