Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

How to disable LightWeight SSO in OBIEE 12.2.1.4

Received Response
377
Views
12
Comments
SonPat99
SonPat99 Rank 6 - Analytics Lead
edited Aug 13, 2024 5:41PM in Oracle Analytics Cloud and Server

Dear GURUS,

I am facing a little weird problem while trying to disable light weight SSO from OBIEE.

Details are as below:

OBIEE: 12.2.1.4 (Upgraded from 12.2.1.3)

Servers: Windows Server 2012 R2

Old OBIEE Home: OBIEE12C

New OBIEE Home: OBIEE12_2_1_4

Environment Type: Horizontally Scaled out

Command executed from new OBIEE Home on Primary Node: "wls:/offline> disableBISingleSignOn('D:\OBIEE/user_projects/domains/bi')"

Light Weight SSO is disabled on the Primary URL, however, the secondary URL is still giving me LightWeight SSO login page only.

I tried executing the same command on Secondary node as well, but no luck.

In short, I would like to understand the below 2 points:

1. What needs to be done to disable Lightweight SSO on both nodes (Primary URL and Secondary URL)?

2. What needs to be done to disable this SSO on DV/VA as well?

This is required as we are trying to enable Kerberos SSO for our OBIEE systems.

Do let me know if any other details required.

Thanks in Advance,

Regards,

SonPat

«1

Answers

  • Joel
    Joel Rank 8 - Analytics Strategist

    Did you follow these instructions?

    https://docs.oracle.com/middleware/bi12214/lcm/OBIUP/GUID-93B3A0DC-7546-4ABB-946E-593B3AAE444D.htm#OBIUP-GUID-93B3A0DC-7…

    It looks like you’ve got 2 OBIEE homes. The upgrade should be an in place upgrade where you’ll be upgrading your existing binaries to 12.2.1.4.

  • SonPat99
    SonPat99 Rank 6 - Analytics Lead

    Hello Joel,

    I did take a reference of this document for Section "Upgrading Scaled-Out Systems from a Previous 12c Release" and a few other documents, MOS.

    The upgrade is a successful. However, my issue is to disable default SSO for OBIEE.

    Also, it's not like I have 2 OBIEE Homes... The domain home is in the older OBIEE Home and all other details are in the new OBIEE Home.

    Also, Oracle_Home variable is set to the new OBIEE Home only.

  • Joel
    Joel Rank 8 - Analytics Strategist

    I’m a bit confused. You mentioned in your original post the following:

    OBIEE: 12.2.1.4 (Upgraded from 12.2.1.3)

    Servers: Windows Server 2012 R2

    Old OBIEE Home: OBIEE12C

    New OBIEE Home: OBIEE12_2_1_4

    It clearly looks like 2 different directories to me. As I said, the 12.2.1.4 upgrade is done in place so should have been done in what you call the “Old OBIEE Home”.

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    +1 to Joel because NONE of the two homes you mention fits this at all:

    SonPat99 wrote:"wls:/offline> disableBISingleSignOn('D:\OBIEE/user_projects/domains/bi')"

    OBIEE != OBIEE12C

    OBIEE != OBIEE12_2_1_4

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    @SonPat99 Did you just give up on this? Even if only your paths were wrong it would be nice to say so in here to clear things up.

  • SonPat99
    SonPat99 Rank 6 - Analytics Lead

    Hello Christian,

    Apologies as I got a little busy with some official work and did not got enough time to check this.

    The OBIEE Homes were just a reference and not actual values, whereas in the command, I have used the actual value.

    Apologies for the confusion.

    Also, just to clear the things a little more, I can see the legacy Login page for OBIEE, but I am still seeing the Lightweight SSO login page for VA/DV.

    I think, since in OBIEE 12.2.1.4, both OBIEE and VA have been separated, there is some other way to disable SSO in VA/DV when using OBIEE 12.2.1.4.

    Any suggestions.

  • SteveF-Oracle
    SteveF-Oracle Mod

    1. As you found, disabling LWSSO is a domain procedure (i.e. - you are passing the domain home, regardless of whether it is embedded under the OLD Oracle Home binary path or outside the Oracle Home(recommended f)); therefore, it applies to all nodes (perhaps, you needed to restart the bi_server2 managed server to pick up the domain change).

    2. Disabling LWSSO only applies to /analytics.

    --  Disable = /analytics uses the native authentication screen and you will have two separate logins (i.e. - you authenticate to /analytics, then you open DV, you will need to autthenticate again).

    ++ Enable = same, newer style login for both /analytics and /dv

    I hope that adds some clarity for you.

  • SonPat99
    SonPat99 Rank 6 - Analytics Lead

    Thank you Steve, so do you mean that I cannot disable LWSSO in DV or VA?

    If that is the case, how should I proceed to enable Kerberos SSO (because as per my understanding, I will have to disable LWSSO in order for Kerberos SSO to work).

    Please suggest.

  • SteveF-Oracle
    SteveF-Oracle Mod

    Are you following our blog documents?

    If not, what document are you following telling you to disable LWSSO for DV?

    https://blogs.oracle.com/cealteam/obiee-12c%3a-configuring-kerberos-sso-for-obiee-12c

  • SonPat99
    SonPat99 Rank 6 - Analytics Lead

    Hello Steve,

    Yes, I am following the same blog document.

    In order to complete Kerberos SSO, LWSSO has to be disabled.

    I've read it somewhere as I don't remember the exact post/URL.

    Also, I tried for Kerberos SSO when LWSSO was enabled for OBIEE and nothing worked (as I was still getting the LWSSO Login page).

    When I disabled LWSSO, it started working (I was getting the OBIEE Home Page directly, instead of any OBIEE LWSSO/login page).

    The document created might work with OBIEE 12c releases prior to 12.2.1.4 as OBIEE and DV were integrated, however, I'm not sure for this latest version.

    Please suggest.