Oracle Analytics and AI

Raveendra Boyapati

Hi,

We recently upgraded OBIEE from 11.1.1.7.150120 (Build 150113.1200 64-bit) to Oracle Business Intelligence Product Version 12.2.1.3.0 (Build BIPS-20170820114118 64-bit).

Post upgrade Siteminder SSO using httpheader is not working.

Please find the attached document for steps we followed to implement it our 11g and 12c environments.

Could you please help if there are any additional steps to be followed in 12c Environment.

-----------------------------------------------------------------------------------------------------------------------

Steps (also in attached document with screenshots)

We implemented SSO using httpheader info as below in OBIEE 11g

Changes in instanceconfig.xml

Added CustomSSO  in EnabledSchemas section.

Changes in  authenticationschemas.xml

Added the below text  to the file authenticationschemas.xml

<SchemaKeyVariable source="httpHeader" nameInSource="SM_USER" forceValue="CustomSSO"/>

Add the below text  to the file

<AuthenticationSchema name="CustomSSO" displayName="Custom SSO Schema" userID="IMPERSONATE" proxyUserID="NQ_SESSION.RUNAS" options="noLogoffUI noLogonUI">

<RequestVariable source="credStoreUser" type="auth" nameInSource="oracle.bi.system/system.user" biVariableName="UID"/>

<RequestVariable source="credStorePwd" type="auth" nameInSource="oracle.bi.system/system.user" biVariableName="PWD" options="secure"/>

<RequestVariable source="httpHeader" type="auth" nameInSource="SM_USER" biVariableName="IMPERSONATE" options="required" />

</AuthenticationSchema>

   Changes in em:

Lock & Edit Configuration

Clicked the Checkbox to Enable SSO .

Change the SSO Provider to Custom

Restarted the services

We are trying to implement the same SSO using httpheader in our new OBIEE 12c environment .

Changes done:

Added the below tags to authenticationschemas.xml in location

home\bi\bifoundation\web\display

as we have in our old 11g environment.

<SchemaKeyVariable source="httpHeader" nameInSource="SM_USER" forceValue="CustomSSO"/>

<AuthenticationSchema name="CustomSSO" displayName="Custom SSO Schema" userID="IMPERSONATE" proxyUserID="NQ_SESSION.RUNAS" options="noLogoffUI noLogonUI">

<RequestVariable source="credStoreUser" type="auth" nameInSource="oracle.bi.system/system.user" biVariableName="UID"/>

<RequestVariable source="credStorePwd" type="auth" nameInSource="oracle.bi.system/system.user" biVariableName="PWD" options="secure"/>

<RequestVariable source="httpHeader" type="auth" nameInSource="SM_USER" biVariableName="IMPERSONATE" options="required" />

</AuthenticationSchema>

Changes done to InstanceConfig.xml at location

\Apps\OBIEE\user_projects\domains\bi\config\fmwconfig\biconfig\OBIPS

<Authentication>

<EnabledSchemas>UidPwd,Impersonate,UidPwd-soap,Impersonate-soap,CustomSSO</EnabledSchemas>

<SchemaExtensions>

<Schema name="CustomSSO" logonURL="http://c-qa.company.com/analytics" logoffURL=" http://c-qa.company.com/analytics/saw.dll?logoff"/>

</SchemaExtensions>

</Authentication>

After restarting , we are unable to logon to Analytics.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks,

Raveendra

mac2

I'm not familiar with your specific SSO approach (Siteminder), but I do have SAML2.0 SSO working in our 12c environment. I have a few suggestions for you to explore:

1) Oracle Support specifically instructed me *not* to tick the "Enable SSO" box in EM, even though we are clearly doing SSO. I am not sure if this was unique to our situation or not, but you could see if unchecking it makes any difference for you.

2) FYI, our <Authentication> tag in instanceconfig looks like this:

<Authentication>    <EnabledSchemas>UidPwd,Impersonate,UidPwd-soap,Impersonate-soap,SSO</EnabledSchemas>    <SchemaExtensions>        <Schema logoffURL="xxxxxxxx" logonURL="xxxxxxxxx" name="SSO" />    </SchemaExtensions></Authentication>

3) I'd suggest you turn on debugging and see what's happening in your bi_server1 log files upon login failure. That could definitely get you on the right path to solving the problem. To do this, go into the console -> Environment -> Servers -> bi_server1 -> Debug. From there, Lock and Edit first and then enable debugging on weblogic -> security. Restart everything, reproduce the issue, and then go check your bi_server1.log and see what's happening.

4) What's the web traffic doing (F12 in Chrome, Preserve Log, and pay attention to what's happening)

EDIT: Oops, I thought our <Authentication> tag had different syntax than yours, but yours looks okay to me.