Categories
- All Categories
- Oracle Analytics Learning Hub
- 31 Oracle Analytics Sharing Center
- 21 Oracle Analytics Lounge
- 252 Oracle Analytics News
- 45 Oracle Analytics Videos
- 16.1K Oracle Analytics Forums
- 6.3K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 93 Oracle Analytics Trainings
- 16 Oracle Analytics and AI Challenge
- Find Partners
- For Partners
Custom SSO with /analytics redirects to standard login page
We have custom SSO enabled for OAS 2025 and it works with BI publisher using the /xmlpserver URL, however if we like to use the analytics page as well, but the SSO does not work for /analytics URL… it brings up the standard Oracle login page. I checked and our SSO cookies are getting set in the browser properly, and as I mentioned, this SSO config works perfectly with BI publisher /xmlpserver URL, it logs in automatically without showing the Oracle login page. Is there a setting somewhere to enable it for the analytics page?
Answers
-
Hi JStansfield,
Please document the community for potential responses what "custom SSO" you implemented and the steps you followed.
Please provide any official documentation or MyOracle Support notes you followed.0 -
We have http cookies set up in xlmpserver > administration > security config and sso enabled there. I followed the documentation in this document.
Configure Custom SSO Environments
We set up a custom authenticator for the bi server (which as far as i know the analytics and other applications such as EM, etc are in the main bi_server too) in the weblogic console. The sso queries that are in there pull the username/pw and match the cookies. The login works for BI publisher. We have a link in our application that points to the xmlpserver URL, and you when click that it opens up bi publisher and the user is logged in. If i change that URL to /analytics it doesn't log you in.. it shows the oracle login page. If i inspect the page, i see the cookies are set properly for username/pw (like they do for BI publisher too). Are there any other settings i can change? Does the analytics page support sso too, or is SSO only usable in the BI publisher, since there are settings for SSO in the administration page when you log into BI?
I do not have much experience with Oracle analytics.. i am a dba that inherited this application and server, so sorry in advance for my lack of expertise here…
1 -
As per my understanding, SSO for OAS must be configured for Oracle Analytics Server / Presentation Services. This configuration is separate from BI Publisher’s SSO setup.
Configuring Oracle Analytics Server to work with SSO authentication requires minimally that the following be done:
- Oracle Fusion Middleware and Oracle WebLogic Server are configured to accept SSO authentication. Oracle Access Manager is recommended in production environments.
- Oracle Analytics Server Presentation Services is configured to trust incoming messages.
- The HTTP header information required for identity propagation with SSO configurations, the user identity and SSO cookie, is specified and configured.
Please refer
Hope it helps!
0 -
Hi JStansfield @User_A81NX ,
Along the lines of what RVohra mentioned (but really nothing to do with Presentation Server, that is old deprecated legacy information), the documentation section that you referenced ( Configure Custom SSO Environments ) spells it out.a basic implementation of a Weblogic Asserter recognizes a particular HTTP header or cookie (the token) that contains the authenticated user's UserID. The Weblogic Asserter retrieves the UserID from the token and passes it to the chain of Weblogic Authenticators. After this point, the authentication is the same as regular SSO.
So basically you need two parts, 1 - A certified asserter to accept the authenticated UserID (cookie, token, etc.) + 2- A certified authenticator for authorization in the application.
It is not the same as Publisher which can be a standalone java app, but you can configure SSO for OAS where all the endpoints use the same.If you are able to, using OAM Identity Asserter is the easiest way to and it supports any of these Headers
+OAM_REMOTE_USER
+ iv-user
+SM_USER
Let me give you a list of some of the MOS knowledge base articles, so you can skim through and get an idea of what is required. There are different methods to achieve the end result.
Primary from documentation:- SAML 2.0 and Kerberos Single Sign-On Configuration for Oracle Analytics Server (KB444262)
- ALTERNATIVES:
- Configuring Oracle Analytics Server for Kerberos Single Sign-On (SSO) (KB516491)
- Configuring Oracle Analytics Server for Kerberos Single Sign-On (SSO) using Oracle HTTP Server and GSSAPI Module (KB133894
- Configuring Oracle Analytics Server for SAML 2.0 Single Sign-On (SSO) Using Mellon Authentication Module of Apache HTTP Server (Doc ID KB136211)
- SAML 2.0 Single Sign-On Configuration for Oracle Analytics Server On Windows Platform Without Docker Container (KB242860)
- High Availability Configuration for SAML 2.0 and Kerberos Single Sign-On in Oracle Analytics Server using Docker Container (KB146020)
Oracle Blogs for over a dozen solutions
See: https://blogs.oracle.com/?s=OAS%20SSO%20solutions
Perhaps if you let us know which Asserter you are using and which certified authenticator ( Certification - Identity Servers and Access) you have access to, then we can point you in a more specific direction.1 -
Thanks, SteveF for sharing extensive list of articles, appreciate it.
0
