Forum Stats

  • 3,769,279 Users
  • 2,252,942 Discussions
  • 7,874,976 Comments

Discussions

How to hide Credentials when LWSSO is disable

Rai Qaiser Hussain
Rai Qaiser Hussain Member Posts: 102 Red Ribbon

Hi All

LWSSO is disabled and we don't want to enable; We are using Oracle forms 11g and opening our dashboards with webutil.client (dashboard URL) function. Our client raised objection that we should not display credentials on address bar as shown in Fig.1.

Is there any solution, Can we hide credentials?

Fig.1,  Username and password is visible at Address bar

nQPassword.jpg

Tagged:
Christian Berg-0racleRai Qaiser Hussain

Answers

  • Gianni Ceresa
    Gianni Ceresa Managing Director | Oracle ACE Director Member Posts: 6,349 Gold Crown
    edited Feb 16, 2019 1:36PM

    Implement a proper SSO, credentials will not need to be sent to OBIEE.

    If you take the shortcut of using nqUser and nqPassword in the URL you accept by default to have the information available in the URL and exposed in various logs etc. as it isn't protected in any possible way.

    Christian Berg-0racleRai Qaiser Hussain
  • Christian Berg-0racle
    Christian Berg-0racle Everything Analytics And Data Member Posts: 9,461 Gold Crown
    edited Feb 16, 2019 5:15PM

    +1 to Gianni. Using the username/password in the URL means you have chosen a solution which is unsecure by default.

    In order to supply info on the LDAP approach you'd have to provide more info on your environment.

    Rai Qaiser Hussain
  • Rai Qaiser Hussain
    Rai Qaiser Hussain Member Posts: 102 Red Ribbon
    edited Feb 16, 2019 8:38PM

    If we enable SSO then end user has to re-authenticate the BI login page for dashboard when open from oracle application by using webutil.client_host which is not acceptable to our end users.

    Currently our end user is able to open his/her dashboard from our inhouse developed application menu and there is no re-authentication but credentials are visible at address bar.

  • Rai Qaiser Hussain
    Rai Qaiser Hussain Member Posts: 102 Red Ribbon
    edited Feb 16, 2019 8:59PM

    Hi @Christian Berg

    Our organization is a cancer hospital, we have developed our inhouse application (6000+ front end objects) in oracle 11g forms and reports and database oracle 12c, application is called as "HMIS" (Hospital Management Information System). There are almost 200+ management end users at one location and there 10 locations right now who will use the dashboards for their routine job.

    recently We started development in OBIEE and developed many dashboards (Financial, Clinical, Diagnostic and administrative) based on presentation layer of RPD for the management, management is happy to use these dashboards especially without re-authentication but our Quality Assurance department raised objection that credentials should not be visible --- I admit their concern is genuine.

    If you need more information for LDAP approach suggestion please write.

  • Christian Berg-0racle
    Christian Berg-0racle Everything Analytics And Data Member Posts: 9,461 Gold Crown
    edited Feb 17, 2019 8:08AM
    Rai Qaiser Hussain wrote:If we enable SSO then end user has to re-authenticate the BI login page for dashboard when open from oracle application by using webutil.client_host which is not acceptable to our end users.

    The point of an "SSO" is to have a "Single Sign On". Gianni said "proper SSO" which was an abbreviated way of saying

    "Lightwweight SSO is not a full SSO and only covers the /analytics and /dv deployments inside an OBIEE implementation. Lightweight SSO is not an SSO for integration with other applications"

  • Christian Berg-0racle
    Christian Berg-0racle Everything Analytics And Data Member Posts: 9,461 Gold Crown
    edited Feb 17, 2019 8:13AM
    Rai Qaiser Hussain wrote:If you need more information for LDAP approach suggestion please write.

    The key information was "Oracle Forms 11g". That means you need to SSO-enable both Oracle Forms and OBIEE.

    Forms: https://docs.oracle.com/cd/E48391_01/doc.11120/e24477/sso.htm#FSDEP267

    The main question obviously being: Is there an SSO which can cover both OBIEE and something as old as Forms 11g

  • Rai Qaiser Hussain
    Rai Qaiser Hussain Member Posts: 102 Red Ribbon
    edited Feb 17, 2019 10:48AM

    Thanks, This document is lengthy, needs some time to understand and implementation, I shall update soon