Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 14 Oracle Analytics Lounge
- 214 Oracle Analytics News
- 42 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 78 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
BISQLGroupProvider configuration issue in SAML SSO
Hi Team,
We have configured SAML SSO for authentication , and BISQLGroupProvider for authorization from external table(where the user can update the group name in the landing page application(which is SSO integrated).
Flow of the process:
1)The user logs into the landing page application(which is SAML SSO integrated in the same weblogic domain).
2) The user selects a group among the list of groups and click on Next button
3) As the user click on the Next button it would navigate to OBIEE analytics4) When we check the Roles for the logged user in the "MyAccount" it has to update with updated role(latest group selected in the landing page appl)
But this is not happening, we were unable to see the updated role/group instantly, it takes 4-5 mins to get the updated role.
Could you please help how can the BISQLGroupProvider should instantly get the updated group from the external table
Is there any property BISQLGROUPProvider for refresh interval configuration
Thanks
Siva
Thanks
Siva
Answers
-
Siva,
I am actually trying to do a similar thing as you, in a new OBIEE 12.2.1.2.0 environment, where I want to do SAML 2.0 for authentication and use the BISQLGroupProvider for external database table authorization. I am struggling to make ours work, and you seem to be further along than me, but I do have some thoughts on your issue:
1) You didn't specify a version in your question which could be why nobody is responding. What is your OBIEE version?
2) If you "Reload files and metadata", does the group show up on the user's my account page even before 4-5 minutes has passed? If so, that is a big clue to help us solve the problem as it would point to a caching issue.
3) Related to item 2, In OBIEE 11g, user/group assignments can be cached. Read up on doc ID1638685.1, which explains the issue and how to change settings in instanceconfig if you're experience a caching type of issue. Not sure if these same settings or issue is even applicable to 12c (or even some later patched 11g versions).
4) In the admin console -> security realms -> myrealm -> providers -> yourBISQLGroupProviderName -> Performance tab. Is the option checked to Enable Group Membership Lookup Hierarchy Caching? if so, this could be your problem.
5) If you add a new group to your database, does it show up immediately in the admin console -> security realms -> myrealm -> users and groups -> groups tab? (In my environment it does)
6) When the user/role assignment is happening in your SSO system/front end, does this get committed to your database immediately or is there some kind of delay?
7) Has it ever worked as you're intending it to work in the past? If so, what has changed?
0 -
Thanks for the understanding our issue, to answer your questions :
1) OBIEE version - 11.1.1.9.0 and SAML 2.0
2) even we do reload metadata files , the group is not getting reflected before 4-5 mins
3)we have tried the tags mentioned in the doc 1638685.1, but it did not resolve the issue
4)Even I have disabled the cache for the BISQLGroupProvider (ie in perfomance tab)
5)Sometimes the groups are reflecting ,sometimes it not showing.
6)Once we committed the database we are navigating to the BI Analytics
7)We are trying it for the first time
Even I believe its a cache issue , as it is getting refreshed after 5 mins, Do you have any idea for SAML SSO , any paramter which disables the service provider cache
0 -
Have you read this: https://blogs.oracle.com/pa/entry/user_s_group_and_application
0