Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 214 Oracle Analytics News
- 42 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 78 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
How to disable LightWeight SSO in OBIEE 12.2.1.4
Dear GURUS,
I am facing a little weird problem while trying to disable light weight SSO from OBIEE.
Details are as below:
OBIEE: 12.2.1.4 (Upgraded from 12.2.1.3)
Servers: Windows Server 2012 R2
Old OBIEE Home: OBIEE12C
New OBIEE Home: OBIEE12_2_1_4
Environment Type: Horizontally Scaled out
Command executed from new OBIEE Home on Primary Node: "wls:/offline> disableBISingleSignOn('D:\OBIEE/user_projects/domains/bi')"
Light Weight SSO is disabled on the Primary URL, however, the secondary URL is still giving me LightWeight SSO login page only.
I tried executing the same command on Secondary node as well, but no luck.
In short, I would like to understand the below 2 points:
1. What needs to be done to disable Lightweight SSO on both nodes (Primary URL and Secondary URL)?
2. What needs to be done to disable this SSO on DV/VA as well?
This is required as we are trying to enable Kerberos SSO for our OBIEE systems.
Do let me know if any other details required.
Thanks in Advance,
Regards,
SonPat
Answers
-
Did you follow these instructions?
It looks like you’ve got 2 OBIEE homes. The upgrade should be an in place upgrade where you’ll be upgrading your existing binaries to 12.2.1.4.
0 -
Hello Joel,
I did take a reference of this document for Section "Upgrading Scaled-Out Systems from a Previous 12c Release" and a few other documents, MOS.
The upgrade is a successful. However, my issue is to disable default SSO for OBIEE.
Also, it's not like I have 2 OBIEE Homes... The domain home is in the older OBIEE Home and all other details are in the new OBIEE Home.
Also, Oracle_Home variable is set to the new OBIEE Home only.
0 -
I’m a bit confused. You mentioned in your original post the following:
OBIEE: 12.2.1.4 (Upgraded from 12.2.1.3)
Servers: Windows Server 2012 R2
Old OBIEE Home: OBIEE12C
New OBIEE Home: OBIEE12_2_1_4
It clearly looks like 2 different directories to me. As I said, the 12.2.1.4 upgrade is done in place so should have been done in what you call the “Old OBIEE Home”.
0 -
+1 to Joel because NONE of the two homes you mention fits this at all:
SonPat99 wrote:"wls:/offline> disableBISingleSignOn('D:\OBIEE/user_projects/domains/bi')"OBIEE != OBIEE12C
OBIEE != OBIEE12_2_1_4
0 -
@SonPat99 Did you just give up on this? Even if only your paths were wrong it would be nice to say so in here to clear things up.
0 -
Hello Christian,
Apologies as I got a little busy with some official work and did not got enough time to check this.
The OBIEE Homes were just a reference and not actual values, whereas in the command, I have used the actual value.
Apologies for the confusion.
Also, just to clear the things a little more, I can see the legacy Login page for OBIEE, but I am still seeing the Lightweight SSO login page for VA/DV.
I think, since in OBIEE 12.2.1.4, both OBIEE and VA have been separated, there is some other way to disable SSO in VA/DV when using OBIEE 12.2.1.4.
Any suggestions.
0 -
1. As you found, disabling LWSSO is a domain procedure (i.e. - you are passing the domain home, regardless of whether it is embedded under the OLD Oracle Home binary path or outside the Oracle Home(recommended f)); therefore, it applies to all nodes (perhaps, you needed to restart the bi_server2 managed server to pick up the domain change).
2. Disabling LWSSO only applies to /analytics.
-- Disable = /analytics uses the native authentication screen and you will have two separate logins (i.e. - you authenticate to /analytics, then you open DV, you will need to autthenticate again).
++ Enable = same, newer style login for both /analytics and /dv
I hope that adds some clarity for you.
0 -
Thank you Steve, so do you mean that I cannot disable LWSSO in DV or VA?
If that is the case, how should I proceed to enable Kerberos SSO (because as per my understanding, I will have to disable LWSSO in order for Kerberos SSO to work).
Please suggest.
0 -
Are you following our blog documents?
If not, what document are you following telling you to disable LWSSO for DV?
https://blogs.oracle.com/cealteam/obiee-12c%3a-configuring-kerberos-sso-for-obiee-12c
0 -
Hello Steve,
Yes, I am following the same blog document.
In order to complete Kerberos SSO, LWSSO has to be disabled.
I've read it somewhere as I don't remember the exact post/URL.
Also, I tried for Kerberos SSO when LWSSO was enabled for OBIEE and nothing worked (as I was still getting the LWSSO Login page).
When I disabled LWSSO, it started working (I was getting the OBIEE Home Page directly, instead of any OBIEE LWSSO/login page).
The document created might work with OBIEE 12c releases prior to 12.2.1.4 as OBIEE and DV were integrated, however, I'm not sure for this latest version.
Please suggest.
0
