Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 214 Oracle Analytics News
- 42 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 78 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBIEE 12c with SSO using Apereo CAS
Hi Team,
I try to configure SSO to OBIEE 12c using Apereo CAS.
I add to web.xml in analytics.war/analytics.ear filters which after open OBIEE url redirect to CAS server, which authenticate users and redirect to OBIEE with token.
Unfortunely, after redirect there is opening login page. I try with enabled and disabled SSO option in EM.
This methode work on OBIEE 11g and on another web app which was deployed on Weblogic server 12c.
Thanks,
Sebastian
Answers
-
Hey Sebastian,
Please try disabling the INTERNAL SSO.
Try searching the command "disableBISingleSignOn" and apply it .
This should work.
0 -
Hey SonPat99,
I've tried it already.
If LightWeight SSO function is enabled then after authentication by CAS I'm redirected to bi-security-login page.
If LightWeight SSO is disabled it redirected to old login page (similary like on OBIEE 11g).
In browser console there is route like this:
https://cas/cas/login?TARGET=http://obiee:9502/analytics/default.jsp
http://obiee:9502/analytics/default.jsp
http://obiee:9502/analytics/saw.dll?bieehome&startPage=1 zzz
In URL there's http://obiee:9502/analytics/saw.dll?bieehome&startPage=1, but I see form with user and password fields.
The expiration date in the request header, for cookies ORA_BIPS_NQID and ORA_BIPS_ATGKEY is set to 1970-01-01T00:00:00.
I think it causes my problem, but I don't know how I can solve it.
0 -
Did you updated the instanceconfig.xml with SSO related entries as well?
0 -
I added the following entry in the instanceconfig.xml:
<Authentication>
...
<SchemaExtensions>
<Schema name="CustomSSO" logonURL="https://cas/cas/login" logoffURL="https://cas/cas/logout"/>
</SchemaExtensions>
...
</Authentication>
Should I add something more?
0 -
I guess, it should be something like the below:
<EnabledSchemas>UidPwd,Impersonate,UidPwd-soap,Impersonate-soap,SSO</EnabledSchemas>
<SchemaExtensions>
<Schema logoffURL="<YOUR LOG OFF URL>" logonURL="<YOUR LOG ON URL>" name="SSO"/>
</SchemaExtensions>
Something like this should be your entry...
Also, setDomainenv.cmd should also be modified.
0 -
Thanks, it is exacly what I needed.
I added SSO to <EnabledSchemas>UidPwd,Impersonate,UidPwd-soap,Impersonate-soap,SSO</EnabledSchemas> and it works.
0