Categories
- All Categories
- Oracle Analytics Learning Hub
- 19 Oracle Analytics Sharing Center
- 18 Oracle Analytics Lounge
- 232 Oracle Analytics News
- 44 Oracle Analytics Videos
- 15.9K Oracle Analytics Forums
- 6.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 86 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Authentication support for SecurityService and CatalogService
Organization Name
DAZ Systems, Inc.
Description
BI Publisher SOAP Services like SecurityService and CatalogService doesnt support any industry standard authentication mechanisms. These services may have been created initially for non cloud use cases but with the advent of cloud and heavy utilization of BI Publisher and its services in the SaaS implementations, these need a major revamp wrt security. Right now, these services access username and password in plain text as part of the SOAP Message Body which is a very risky and will be the first glitch on the list of data security audit.
Please redesign the services to support atleast Basic Authentication mechanism asap.
Use Case and Business Need
We call operations like login of SecurityService to establish the session with BIP and thereafter call inSession operations of ReportService. On the similar lines, we have cases where we had to create/update datamodel on BIP using the CatalogService. These services are pretty useful but the security design flaws are defaming its good purpose.
More details
If we use these services in OIC and enable trace, the credentials are open for everyone. Rather if there is a support for Basic Authentication, the credentials get hidden from the rest of the implementation.
Original Idea Number: 543d22b263