Windows Native Authentication (WNA), which uses Kerberos credentials obtained when the user logs in to a Windows Domain. This cross-platform authentication is achieved by emulating the negotiate behavior of native Windows-to-Windows authentication services that use the Kerberos protocol. When OBIEE is configured for WNA, a user that has logged into his desktop can simply navigate to a protected resource without another challenge for credentials. This is because a Kerberos session ticket, which includes the user’s credentials, is passed through the browser to the Weblogic server which then validates the credentials against the Key Distribution Center server (Microsoft Active Directory) on the Windows domain server.
Are you using OAM or OID to configure WNA or just custom WNA using Microsoft Active Directory..? I don't know it is possible to authenticate users if they are not logged into their Windows Domain.
I am not using OAM or OID. I am just using WNA for authentication of AD. But in weblogic.xml I have also included Basic type of authentication ie if SSO fails it falls back to prompting username & password.
Can you provide details for configuring Ipad app ? I tried using oracle doc for configuring but was not successful.
Is there any other config that requires to be changed in weblogic in order to authenticate user thru ipad app.?
Have you tried using the default authenticator login after setting up WNA for OBIEE .? Because when you are configuring BI for OBIEE to use Single Sign on, you enable Windows native Authentication within EM.
Let me know if you are able to login using fall back method by prompting username & password.
IPAD SSO Authentication For Oracle Business Intelligence Mobile [ID 1476488.1]
In particular it states the following:
We support only form based authentication. We do not support any other kind of authentication like Kerberos or token based.
Mobile SSO has been tested ("certified") only with OAM SSO (which is the same than Oracle SSO) but we support all SSO servers that OBIEE supports.
Thanks Ahsan for your reply. I am aware of SSO limitation of Ipad. Hence I tried connecting with SSO switch OFF in Ipad. Based on my current SSO settings, if browser fails in SSO it prompts for username & password. But thats not happening in Ipad.
So is there any configuration I am missing somewhere?
Below is what I am using to connect:
Host: xxx.yyy.com (also tried with IP address)
SSL – Off
SSO – Off (also tried setting to ON)
Username: my username
Pass: my password
Save Pw: On
Device Locale: On
Analytics Path: /analytics/saw.dll
Publisher Path: /xmlpserver