BI SQL Provider - weblogic.xml and web.xml file creation

920799 · May 27, 2017 7:35AM

HI All,

I am currently working on configuring BI Sql provider in Weblogic console

Kerberos SSO- windows 2012 + OBIEE 11.1.1.7 + AD users (no groups) + External table for groups (BI SQL provider)

I have configured AD and BI SQL Provider and able to see users and groups in Weblogic console.

Keytab looks fine as this creates a new ticket in cache file.

I am stuck at a part where i have to modify weblogic.xml and web.xml, not sure what exactly i have to modify and update with.

Thank you all in advance

920799 · May 28, 2017 1:17PM

Found below document which is helpful

OBIEE 12c: End to End Steps for Enabling SAML 2.0 SSO on OBIEE 12c using ADFS - Single Node (Doc ID 2248571.1)

Syedsalmancs110 · May 29, 2017 3:14AM

Hello There,

You could refer to more accurate document mentioned below which is specific to OBIEE 11g-Kerberos SSO configuration.

OBIEE 11g: Configuring Authentication and SSO with Active Directory and Windows Native Authentication (Doc ID 1274953.1)

Please Note: While making changes in weblogic.xml you have to define "<principal-name>" tag with AD Groups which would be responsible for Authorization, please see below content from above mentioned document.

"The principal name element(s) should refer to the Active Directory groups (not Application Roles) you wish to allow access to the application. NB all BI users will need to be members of at least one of the these groups."

But since you are not planning to work with AD Groups, I am not sure how exactly would your Authorization part will work for Kerberos configured OBIEE environment as it is mentioned that it is mandatory for user to be part of at least one AD group defined in "<principal-name>" tag.

Thanks

920799 · May 29, 2017 5:31AM

Thanks for the reply,

though this document (Doc ID 2248571.1) talks about SAML configuration, i got clear idea that how to modify/update weblogic.xml and web.xml, explained very clearly in this doc.

We have raised an SR with Oracle support.

Syedsalmancs110 · May 29, 2017 6:02AM

Hello There,

Document (Doc ID 1274953.1) is the document for OBIEE11g-Kerberos SSO configuration.

Please also note that I have tested this in OBIEE 12c but not sure if it works in 11g as well or not.

If "<principal-name>" tag is defined as users then all the authenticated user of OBIEE would be able to access analytics application.

Your weblogic.xml document would look something as below:

<?xml version = '1.0' encoding = 'windows-1252'?>

<weblogic-web-app xmlns:xsi="<a class="jive-link-external-small" href="http://www.w3.org/2001/XMLSchema-instance" rel="nofollow">http://www.w3.org/2001/XMLSchema-instance</a>"

 xsi:schemaLocation="<a class="jive-link-external-small" href="http://www.bea.com/ns/weblogic/weblogic-web-app" rel="nofollow">http://www.bea.com/ns/weblogic/weblogic-web-app</a> <a class="jive-link-external-small" href="http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd" rel="nofollow">http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd</a>"

 xmlns="<a class="jive-link-external-small" href="http://www.bea.com/ns/weblogic/weblogic-web-app" rel="nofollow">http://www.bea.com/ns/weblogic/weblogic-web-app</a>">

 <context-root>analytics</context-root>

 <security-role-assignment>

 <role-name>SSORole</role-name>

 <principal-name>users</principal-name>

 </security-role-assignment>

</weblogic-web-app>

If your question is answered here then please close the thread marking the correct/helpful answer.

Thanks,

MFA for Oracle Community

Oracle Business Intelligence Applications

Categories

BI SQL Provider - weblogic.xml and web.xml file creation

Answers