Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

How to hide Credentials when LWSSO is disable

Received Response
51
Views
7
Comments
Rai Qaiser Hussain
Rai Qaiser Hussain Rank 5 - Community Champion

Hi All

LWSSO is disabled and we don't want to enable; We are using Oracle forms 11g and opening our dashboards with webutil.client (dashboard URL) function. Our client raised objection that we should not display credentials on address bar as shown in Fig.1.

Is there any solution, Can we hide credentials?

Fig.1,  Username and password is visible at Address bar

nQPassword.jpg

Tagged:

Answers

  • Implement a proper SSO, credentials will not need to be sent to OBIEE.

    If you take the shortcut of using nqUser and nqPassword in the URL you accept by default to have the information available in the URL and exposed in various logs etc. as it isn't protected in any possible way.

  • Christian Berg-0racle
    Christian Berg-0racle Rank 10 - Analytics Guru

    +1 to Gianni. Using the username/password in the URL means you have chosen a solution which is unsecure by default.

    In order to supply info on the LDAP approach you'd have to provide more info on your environment.

  • Rai Qaiser Hussain
    Rai Qaiser Hussain Rank 5 - Community Champion

    If we enable SSO then end user has to re-authenticate the BI login page for dashboard when open from oracle application by using webutil.client_host which is not acceptable to our end users.

    Currently our end user is able to open his/her dashboard from our inhouse developed application menu and there is no re-authentication but credentials are visible at address bar.

  • Rai Qaiser Hussain
    Rai Qaiser Hussain Rank 5 - Community Champion

    Hi @Christian Berg

    Our organization is a cancer hospital, we have developed our inhouse application (6000+ front end objects) in oracle 11g forms and reports and database oracle 12c, application is called as "HMIS" (Hospital Management Information System). There are almost 200+ management end users at one location and there 10 locations right now who will use the dashboards for their routine job.

    recently We started development in OBIEE and developed many dashboards (Financial, Clinical, Diagnostic and administrative) based on presentation layer of RPD for the management, management is happy to use these dashboards especially without re-authentication but our Quality Assurance department raised objection that credentials should not be visible --- I admit their concern is genuine.

    If you need more information for LDAP approach suggestion please write.

  • Christian Berg-0racle
    Christian Berg-0racle Rank 10 - Analytics Guru
    Rai Qaiser Hussain wrote:If we enable SSO then end user has to re-authenticate the BI login page for dashboard when open from oracle application by using webutil.client_host which is not acceptable to our end users.

    The point of an "SSO" is to have a "Single Sign On". Gianni said "proper SSO" which was an abbreviated way of saying

    "Lightwweight SSO is not a full SSO and only covers the /analytics and /dv deployments inside an OBIEE implementation. Lightweight SSO is not an SSO for integration with other applications"

  • Christian Berg-0racle
    Christian Berg-0racle Rank 10 - Analytics Guru
    Rai Qaiser Hussain wrote:If you need more information for LDAP approach suggestion please write.

    The key information was "Oracle Forms 11g". That means you need to SSO-enable both Oracle Forms and OBIEE.

    Forms: https://docs.oracle.com/cd/E48391_01/doc.11120/e24477/sso.htm#FSDEP267

    The main question obviously being: Is there an SSO which can cover both OBIEE and something as old as Forms 11g

  • Rai Qaiser Hussain
    Rai Qaiser Hussain Rank 5 - Community Champion

    Thanks, This document is lengthy, needs some time to understand and implementation, I shall update soon