Oracle Analytics Cloud and Server Idea Lab

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Authentication support for SecurityService and CatalogService

Needs Votes
21
Views
0
Comments

Organization Name

DAZ Systems, Inc.

Description

BI Publisher SOAP Services like SecurityService and CatalogService doesnt support any industry standard authentication mechanisms. These services may have been created initially for non cloud use cases but with the advent of cloud and heavy utilization of BI Publisher and its services in the SaaS implementations, these need a major revamp wrt security. Right now, these services access username and password in plain text as part of the SOAP Message Body which is a very risky and will be the first glitch on the list of data security audit. 

Please redesign the services to support atleast Basic Authentication mechanism asap.

Use Case and Business Need

We call operations like login of SecurityService to establish the session with BIP and thereafter call inSession operations of ReportService. On the similar lines, we have cases where we had to create/update datamodel on BIP using the CatalogService. These services are pretty useful but the security design flaws are defaming its good purpose.

More details

If we use these services in OIC and enable trace, the credentials are open for everyone. Rather if there is a support for Basic Authentication, the credentials get hidden from the rest of the implementation.

Original Idea Number: 543d22b263

2
2 votes

Needs Votes · Last Updated