You can update the OAM authorization policies and set the URL resources for your analyticsRes to ignored.

Did you add the hostname.fqdn mapping to your static IP in /etc/hosts? Does a nslookup resolve the hostname and/or IP address correctly?

All you need to do is use keytool to import the certificates, eg: keytool -importcert -trustcacerts -file <signed cert.cer> -alias trustcert -keystore <keystore file such as cacerts> -storepass <storepass> You should be able to get the AD team to give you the certificates, otherwise, just use openssl to retrieve them.

You should need to tick the Secure tick box to enable LDAPS and match the port that is used by AD for LDAPS. You will also need to import the CA and intermediate CA certificates from AD into your truststore.

You have to proof that you actually own the domain for which you are requesting a certificate before the CA will give you one. A hostname alone is not valid since you must have a valid domain. Otherwise hackers could just get certificates for any servers they want.

Why don't you sign them yourself since it is not a production system? Use openssl for that. Just google openssl and there are plenty of tutorials about how to sign SSL certificates.

You need to extend the domain using one of the templates that contains BIP. You cannot just deploy the ear file as BIP includes a lot of other dependencies as well. Use the weblogic config.sh script to load the weblogic configurator.

The name of the actual server on which weblogic runs on does not matter. What matters is the hostname that your client will see. The certificate will need to match that, otherwise, your client, ie browser will reject the certificate.

As Christian already confirmed, it is possible, but is not such an easy task as you will need to ensure that you change all the ports so both instances don't conflict and accidentally try to use the same ports as there are quite a few. I recommend to follow his advise and create virtual machines to run OBIEE in instead of…

Use the one under Location 1 which is specific to OBIEE. The one under Location 2 is a generic/common one which is included in all Oracle products. The one under Location 1 will call the one under Location 2 but add/include additional OBIEE specific environment variables and libraries.

Just configure two Authentication providers as REQUIRED. You will then need to authenticate successfully to both in order to login. That's really it. If you want to get fancier, you can write your own custom Authentication provider for example to ask for an OTP, or buy some fancy product that allows you to use a hardware…

How are you starting your weblogic servers? node manager or startManagedServer script?

There isn't. It's a bug in OBIEE

The web.xml is part of the JEE war package. It is temporarily extracted to your weblogic server's domain tmp directory. The proper way to update it is to update the war file that contains it and redeploying the war file. And if the war file is contained inside an ear file, then the ear file needs to be redeployed. Judging…

From what I understood, you used a firefox plugin to sniff the traffic. If that was the case, then since firefox is your browser it naturally has all the data in plain text since it can decrypt it. You need to use a packet analyzer outside of your browser to sniff the traffic between your machine on which the browser runs…

Make sure your node manager is running on that server, otherwise, your admin server will not be able to contact it to start it. Alternatively, you can start that instance locally if you have command line access to that server and run the startManagedWebLogic.{sh|cmd} script with bi_server1 as the first argument.

In this case, it is secure, but it will depend on how secure you want/need it. Your traffic between browser and F5 is https. That's all external entities that snoop your network traffic will see, ie encrypted http (https). If someone is able to snoop your internal traffic (they must have gained access somehow or are…

Please describe your architecture in more detail. From your current description, it appears that your SSL accelerator at your load balancer is doing SSL offloading so connection to your load balancer is https but anything behind it is http. I presume you are using wireshark to sniff the traffic between the load balancer…

If the user logs into OBIEE directly, can he/she see all the dashboards and reports?

Looks like whoever build the OBIEE web app forgot to add something like this into their web.xml: <context-param><br/> <param-name>com.sun.faces.expressionFactory</param-name><br/> <param-value>com.sun.el.ExpressionFactoryImpl</param-value><br/></context-param> You can just setup a filter and ignore those errors, they are…