Categories
- All Categories
- 124 Oracle Analytics News
- 22 Oracle Analytics Videos
- 14.4K Oracle Analytics Forums
- 5.5K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 47 Oracle Analytics Trainings
- 7 Oracle Analytics Data Visualizations Challenge
- 4 Oracle Analytics Career
- 8 Oracle Analytics Industry
- Find Partners
- For Partners
DVD 12.2.3 - unable to connect to OBIEE subject area
Summary
DVD 12.2.3 - unable to connect to OBIEE subject area
Content
Hi, I'm trying to connect the new DVD version 12.2.3 to an OBIEE subject area (OBIEE version 12.2.1.2), using a URL that looks like this:
This is the URL (obviously with "ourserver" replaced with the real server name) we always use to access OBIEE 12c, and it works fine. However, I'm getting constant errors back trying to set up this connection. "Failed to save the connection. Invalid connect string / url to external source.". Couple of potential problems - first, is using https instead of http an issue? If so - this needs resolved, guessing no one has their corporate reporting tool on an unsecured URL any more. And second, when we hit the URL directly from a browser, it forwards us to a page where we can enter our multi-factor authentication. I'm guessing this isn't being interpreted correctly through DVD, and causing the error.
Any suggestions on a way to get this working? We've been waiting forever for this feature, frustrating that we are unable to connect.
Thanks,
Scott
Answers
-
You need two things:
1) your server needs to be using a certificate that is signed by a well-known CA so that DV Desktop trusts it - same as how a browser trusts well-known CAs.
2) your SSO needs to have left the analytics-ws endpoint unprotected so that a SOAP connection can be made through that channel using Uid/Pwd for authentication. i.e. under the covers it's just like making a BIEE Web Service call to analytics-ws
2b) your user needs to be able to authenticate against OBIEE i.e. the authentication chain in the OBIEE Weblogic needs to be able to validate the Uid/Password in order to authenticate the user.
0 -
I don't like your chances of getting this version working with multi-factor authentication even if you get https working. HTTP here so can't test HTTPS.
0 -
Thanks Adam, I'll see what we can do - thanks for the direction, I appreciate the help!
Scott
0 -
Hi Adam,
Any chance of getting DVD to recognize self-signed certificates? We run several servers in our lower environments (ie. not PROD) and all of them use self-signed certs. Little chance of us getting that changed as it is managed centrally through another IT organization.
-ron
0 -
Hi Adam, I'm still confused by this and am not sure I see how it's going to work (note, I'm an OBIEE guy, not a weblogic / SSO / web application guy).
When we log in to OBIEE, we use a URL that looks like this:
Our SSO sends us to another webpage, where we then have to click the "Send a push to my phone" button, that causes the server to send a message to a "Duo" application on our phone, where we "confirm" the login. After all this is done, the server redirects our browser back to the original https://ourserver/analytics website and passes in the credentials using httpHeader info.
I just don't get how this is supposed to work in DVD - it never shows a login web page, so there's no way for us to use the DUO 2 factor authentication and click a "send a push to my phone" button. I think (???) I'm hosed - because there's nothing in OBIEE that knows about a username / password, it relies on our SSO to confirm that prior to getting to OBIEE (which I believe is the point of SSO).
Sorry for the newbie question....unfortunately I'm just a simple OBIEE administrator - all this weblogic / SSO stuff is outside of what I understand.
Thx,
Scott
0 -
Thank you Adam for pointing us in the right direction. Appreciate the help!
Scott
0 -
Behind the scenes we take your https://ourserver/analytics and we turn it into https://ourserver/analytics-ws
So we change the end-point to analytics-ws
If you look in OBIEE you will see there is an analytics-ws end-point exposed for SOAP traffic only. This is designed for the OBIEE SOAP-based web services. It should not be protected by SSO. The SOAP-based OBIEE web services do not use regular WS-Security. Instead they use an OBIEE session - i.e. you call the logon web service first unless you have an active session token already, then you send the session token when calling the web service that returns the data.
You can look in the OBIEE Integrators guide for more details on these web services.
You can look in the OBIEE Enterprise Deployment Guide for some info on what url end points should (and should not) be protected by your SSO:
0
