Oracle Communities

Oracle Analytics and AI

Child Item

Reverse Hybrid access for OAS

Recently our bank has merged with some other bank let say "ABC" and now we have requirement to configure Reverse Hybrid Access provides "ABC Bank" employees access to our web applications from their ABC working station or desktops, without access right to Our legal entity systems.

can someone suggest how to provide access to new bank users via SAML Idp based SSO for OAS,

any other solutions are available?

Thanks

Find more posts tagged with

Accepted answers

Sumanth V -Oracle

Please let me know the type of IDP whether it's AD, OID etc.. so that I can share the steps or review the below product document which has detailed steps for all the supported authentication providers.

https://docs.oracle.com/en/middleware/bi/analytics-server/security-oas/configue-oracle-analytics-server-use-alternative-authentication-providers.html#GUID-76624BF5-CCEF-4F74-8264-A30499937BE3

Sumanth V -Oracle

@User_NMOCH - The initial steps to prepare the Docker image need to be performed on a node that has internet/network access to Yum repositories capable of installing the open-source components. Once the Docker image has been prepared you may move it to a node (which will be the host for the SSO docker) that does not have internet/network access to install these components.

Only for configuration internet is needed and the same can be done on a different server and moved to your server which is not connected to internet.

KhaderBelgoud-Oracle

@User_NMOCH

It is possible to setup SAML SSO in OAS without using Docker.

You can follow the instructions given in the document (Doc ID 2902159.1)

⇒ Configuring Oracle Analytics Server for SAML 2.0 Single Sign-On (SSO) Using Mellon Authentication Module of Apache HTTP Server (Doc ID 2902159.1)

All comments

Sumanth V -Oracle

@User_NMOCH - The details of the other bank users who need access will be in an IDP only. You need to configure that IDP with the existing OAS environment, similar to how it has been done for the current bank users. This will handle the SSO Authentication part.

For authorization, you can assign users and groups to the respective application roles or create new application roles based on the access level needed for the other bank users.

User_NMOCH

Thanks for the update Sumanth,

Can I ask you to provide the step configure IDP authentication for OAS,?

For authorization we have DBGroups configured and roles can be added at DBLevel.

Thanks

Sumanth V -Oracle

https://docs.oracle.com/en/middleware/bi/analytics-server/security-oas/configue-oracle-analytics-server-use-alternative-authentication-providers.html#GUID-76624BF5-CCEF-4F74-8264-A30499937BE3

User_NMOCH

we have use Azure AD as IDP

I have already created onboarded our application on AD, and received certificate and xml file,

Thanks in advance

Sumanth V -Oracle

@User_NMOCH - Please refer the below documentation which has details for both SAML and Kerberos SSO config with OAS.

SAML 2.0 and Kerberos Single Sign-On Configuration for Oracle Analytics Server (Doc ID 2761678.1)

User_NMOCH

I have gone through this document before, we have restriction in our organization, cant enable to internet on the servers, I think this required internet access for docker package,

Looking for some solution without docker and apache, is there any option to redirect the url to IDP within the weblogic?

Thanks

Sumanth V -Oracle

Only for configuration internet is needed and the same can be done on a different server and moved to your server which is not connected to internet.

User_NMOCH

Hi, I have managed to configure the docker and Apache http server

when i upload the certificate and click next in SAML2 SSO Docker Control Unit it giving below error

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

User_NMOCH

KhaderBelgoud-Oracle

@User_NMOCH

It is possible to setup SAML SSO in OAS without using Docker.

You can follow the instructions given in the document (Doc ID 2902159.1)

⇒ Configuring Oracle Analytics Server for SAML 2.0 Single Sign-On (SSO) Using Mellon Authentication Module of Apache HTTP Server (Doc ID 2902159.1)