Categories
- All Categories
- Oracle Analytics Learning Hub
- 19 Oracle Analytics Sharing Center
- 17 Oracle Analytics Lounge
- 233 Oracle Analytics News
- 45 Oracle Analytics Videos
- 15.9K Oracle Analytics Forums
- 6.2K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 87 Oracle Analytics Trainings
- 15 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Oracle Analytics Server on-prem Mobile Identity questions/requirements
Hello,
Please excuse if this has been addressed previously but I have not had much success searching for my questions detailed below. We have an on-prem OAS 2024 (7.6) system that has been operational for quite some time that was migrated previously from OBIEE 10g, 11g, 12c, & OAS 6.4 over the past 12 years using Microsoft Active directory as the Authentication Provider. There so many blogs using the Mobile OAS configured with Oracle IAM or IDCS but no clear guidance with alternative authentication providers. Does the OAS Mobile App require us to use Oracle IAM or IDCS? Can't we use MS AD as the authentication provider? Is there any technical documentation outlining AD as the provider for Mobile OAS? I cannot find anything in the OAS Admin Guide or the Installation & Configuration guide.
The blogs that I have studied referring to configuring the OAS Mobile App with the Oracle IAM gateway or IDCS infers that the gateway needs to be installed on a host with a public network subnet & using the WLS-plug-in & that host's authentication provider created as a security provider in the security realm on the OAS WLS console. Can that configuration use the AD provider alternatively? The blogs show SSO as a requirement for the WLS plug-in for URL redirection. Is that why the public network subnet is a Mobile OAS a requirement or can Mobile OAS be used all internally with existing internal AD security provider in conjunction with a corporate VPN and mobile device.
Sorry for all the questions but I have been tasked to get Mobile OAS implemented as rapidly as possible with our existing OAS system.
Thanks!
Eric
Answers
-
Hi,
The official Oracle answer is that you need to setup SSO with the few supported providers to use the Mobile app with OAS. You can see it was repeated in this previously asked question:
That seem to be the only supported architecture.
If you don't mind testing, you could just try having your OAS with SSL on port 443. Either changing the ports in WebLogic, or configuring a proxy in front of your OAS. The SSO architecture does require that, because the SSO is handled by a proxy in front of OAS itself.
In a quick test I did a long time ago, just having a proxy in front of OAS exposing it on port 443 on a HTTPS connection was enough to use the mobile app (I only opened 2 objects and didn't look more than 5 minutes).
The authentication provider shouldn't matter (I believe I tested just with the default one).
Again: this is not supported, not sure it does fully work, it's something you can test if you feel like doing it. The official supported answer is the whole SSO architecture.
0 -
Hi Gianni,
I did see your other post. I do have my OAS server enabled for SSL with the listening port set to 9503 with SSO configured via EM/FMW. I can actually log into the URL: (https://FQhostname:9503/analytics) on a secured mobile browser using our corporate mobile VPN and can use 99% of our dashboard reports. (cannot scroll on pdfs created from BI Publisher).
When I try the same the URL in the OAS Mobile app, I get a hard "Connection Failed" when I try to use that app's Test Connection button. When pressing the saved connection button, I get the "Unexpected Error Something went wrong, please try again later OK" message.
When you say port 443, are you implying to create a publicly facing website on a host with a public network subnet & using the WLS-plug-in to redirect to that URL in some proxy initialization file that contains the values for the WLS Host & WLS Port from the URL?
Thanks!
Eric
0 -
In my test, if I do remember correctly, I found that the mobile app does ignore the port you enter with the url for OAS. It will always use the default port for HTTPS connection, 443.
All the SSO configurations with OAS requires you to use a web server in front (Apache Http server usually) acting as proxy and exposing OAS with SSL and on port 443.
All you need is doing the same.
I don't like the idea of changing the config in WebLogic to move HTTPS to port 443 just to use the mobile app, therefore for my test I did configure a web server acting as proxy in front of OAS: nginx listening on port 443 with a SSL certificate and proxying to OAS on port 9502 without SSL (it was a test environment, I didn't bother enabling SSL on OAS because it wasn't needed).It doesn't need to be public, it can be on the same server as your OAS, all you need is to be able to connect to it, it must have SSL enabled and expose port 443. Then it does proxy request to OAS on whatever port you have (with our without SSL).
But keep in mind this isn't officially supported by Oracle, therefore you need to evaluate if you are willing to test this kind of architecture and if it does work well.
0 -
HI Giana,
I'll give that a try. I've never configured a web service in Linux before, but it looks like all I need to do to simulate what you did on your test is to Install & Configure httpd web service package and then Configure Apache similar to what was done in the link below. Best practice is to secure the web service but that can be done later if this works as this is a test server.
Looks like I will also have to open up 443 that is not in the link:
sudo firewall-cmd --permanent --add-service=https
Thanks!
Eric
0 -
Oracle only supports the mobile app on OAS with IDCS/IAM gateway, as documented in the blogs, but you could federate other providers with your IDCS.
Here are the two resources:
https://blogs.oracle.com/analytics/post/oas-mp-sso-idcs-apache-openidc
https://blogs.oracle.com/analytics/post/oa-mob-app-for-oas-with-ag-sso0
