Forum Stats

  • 3,769,230 Users
  • 2,252,933 Discussions
  • 7,874,951 Comments

Discussions

OBI SQL Authenticator users and groups are not seen in BI server

Tilen
Tilen Member Posts: 13 Blue Ribbon

Hi,

I have created SQL Athenticator provider in WLS console. I have set descriptor to SUFFICIENT and set it in the first plase of providers. All OK in WLS console. I can see new users and groups.

Later I set in BI EM Identity Store provider two attributes- OPTIMIZE_SEARCH=true and virtaulize=true.

My issue is when I try to add new user groups into BI Application roles I don't see new users or groups. Ony from DefaultAuthenicator. Also users can't login to analytics. What did I miss?

I would appreciate any help.

I have one user tilen2 from DefaultAuthenicator and second user TILEN1 from SQLAuthenicator. This is screenshot from console - Users and Groups:

pastedImage_0.png

But in WLS EM I see only user from DefaultAuthenicator:

pastedImage_1.png

BR,

Tilen

Tagged:

Answers

  • Joel Acha
    Joel Acha Member Posts: 1,370 Gold Trophy
    edited Jun 12, 2020 3:37AM

    Can you see users from both the default authenticator and the SQL authenticator in the user listing?

  • Tilen
    Tilen Member Posts: 13 Blue Ribbon
    edited Jun 12, 2020 3:58AM

    Yes, in the WLS console under Users and groups I can see all users and all groups from both authenticators.

    But I don't see users and group from SQL authenticator in EM where you can add users/groups into aplication roles.

  • Christian Berg-0racle
    Christian Berg-0racle Everything Analytics And Data Member Posts: 9,461 Gold Crown
    edited Jun 12, 2020 4:26AM

    There's a lot of detail information missing from your question, so all we can do is guess.

    1.)

    What is the exact version number you're running? "12c" isn't a valid answer. "12.2.1.4" isn't either. 12.2.1.4.YYMMDD <== This is a version number.

    2.) How EXACTLY did you configrue the SQL Authenticator?

    3.) Including what you put into the adapter config template

    4.) And by extension what's in your adapters.os_xml for that authenticator?

  • Tilen
    Tilen Member Posts: 13 Blue Ribbon
    edited Jun 12, 2020 6:03AM

    OK, I'll try to give you more information:

    Oracle Enterprise Manager Fusion Middleware Control 12c - 12.2.1.3.0

    Oracle BIEE 12.2.1.4.0

    I was working by the https://docs.oracle.com/middleware/1221/biee/BIESC/privileges.htm#BABHAGHH

    I have created new provider:

    pastedImage_1.png

    Both RMLogin (SQLAuthenticator) and DeafultAuthenticator have flag SUFFICIENT.

    pastedImage_2.png

    All select statments are default (except table name) since I have created tables with the same columns as default.

    pastedImage_3.png

    I guess that this part is set OK since I get all the users, groups and membership information from the tables to WLS.

    Later I enabled virtualization in Identity store.

    In my adapters.os_xml is the following part:

       <dataBase id="userGroupAdapter1" version="0" xmlns="http://www.octetstring.com/schemas/Adapters">

          <root>cn=users,dc=rne,dc=eu</root>

          <active>true</active>

          <serverType>directoryType</serverType>

          <routing>

             <critical>true</critical>

             <priority>50</priority>

             <inclusionFilter/>

             <exclusionFilter/>

             <plugin/>

             <retrieve/>

             <store/>

             <visible>Yes</visible>

             <levels>-1</levels>

             <bind>true</bind>

             <bind-adapters/>

             <views/>

             <dnpattern/>

          </routing>

          <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">

             <plugins>

                <plugin>

                   <name>DBGUID</name>

                   <class>oracle.ods.virtualization.engine.chain.plugins.dbguid.DBGuidPlugin</class>

                   <initParams>

                      <param name="guidAttribute" value="orclguid"/>

                   </initParams>

                </plugin>

             </plugins>

             <default>

                <plugin name="DBGUID"/>

             </default>

             <add/>

             <bind/>

             <delete/>

             <get/>

             <modify/>

             <rename/>

          </pluginChains>

          <driver>oracle.jdbc.driver.OracleDriver</driver>

          <url>datasource://DWH</url>

          <user>%USER%</user>

          <password>%PASSWORD%</password>

          <ignoreObjectClassOnModify>false</ignoreObjectClassOnModify>

          <includeInheritedObjectClasses>true</includeInheritedObjectClasses>

          <maxConnections>10</maxConnections>

          <mapping>

             <joins/>

             <objectClass name="person" rdn="cn">

                <attribute ldap="cn" table="V_BI_USERS" field="U_NAME" type=""/>

                <attribute ldap="uid" table="V_BI_USERS" field="U_NAME" type=""/>

                <attribute ldap="usernameattr" table="V_BI_USERS" field="U_NAME" type=""/>

                <attribute ldap="loginid" table="V_BI_USERS" field="U_NAME" type=""/>

                <attribute ldap="description" table="V_BI_USERS" field="U_DESCRIPTION" type=""/>

                <attribute ldap="orclguid" table="V_BI_USERS" field="U_NAME" type=""/>

                <attribute ldap="mail" table="V_BI_USERS" field="U_NAME" type=""/>

             </objectClass>

          </mapping>

          <useCaseInsensitiveSearch>true</useCaseInsensitiveSearch>

          <connectionWaitTimeout>10</connectionWaitTimeout>

          <oracleNetConnectTimeout>0</oracleNetConnectTimeout>

          <validateConnection>false</validateConnection>

       </dataBase>

       <dataBase id="userGroupAdapter2" version="0" xmlns="http://www.octetstring.com/schemas/Adapters">

          <root>cn=users,dc=rne,dc=eu</root>

          <active>true</active>

          <serverType>directoryType</serverType>

          <routing>

             <critical>true</critical>

             <priority>50</priority>

             <inclusionFilter/>

             <exclusionFilter/>

             <plugin/>

             <retrieve/>

             <store/>

             <visible>Yes</visible>

             <levels>-1</levels>

             <bind>true</bind>

             <bind-adapters/>

             <views/>

             <dnpattern/>

          </routing>

          <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">

             <plugins>

                <plugin>

                   <name>VirtualAttribute</name>

                   <class>oracle.ods.virtualization.engine.chain.plugins.virtualattr.VirtualAttributePlugin</class>

                   <initParams>

                      <param name="ReplaceAttribute" value="uniquemember={cn=%uniquemember%,cn=users,dc=rne,dc=eu}"/>

                   </initParams>

                </plugin>

             </plugins>

             <default>

                <plugin name="VirtualAttribute"/>

             </default>

             <add/>

             <bind/>

             <delete/>

             <get/>

             <modify/>

             <rename/>

          </pluginChains>

          <driver>oracle.jdbc.driver.OracleDriver</driver>

          <url>datasource://DWH</url>

          <user>%USER%</user>

          <password>%PASSWORD%</password>

          <ignoreObjectClassOnModify>false</ignoreObjectClassOnModify>

          <includeInheritedObjectClasses>true</includeInheritedObjectClasses>

          <maxConnections>10</maxConnections>

          <mapping>

             <joins/>

             <objectClass name="groupofuniquenames" rdn="cn">

                <attribute ldap="cn" table="V_BI_GROUPMEMBERS" field="G_NAME" type=""/>

                <attribute ldap="description" table="V_BI_GROUPMEMBERS" field="G_NAME" type=""/>

                <attribute ldap="uniquemember" table="V_BI_GROUPMEMBERS" field="G_MEMBER" type=""/>

                <attribute ldap="orclguid" table="V_BI_GROUPMEMBERS" field="G_NAME" type=""/>

             </objectClass>

          </mapping>

          <useCaseInsensitiveSearch>true</useCaseInsensitiveSearch>

          <connectionWaitTimeout>10</connectionWaitTimeout>

          <oracleNetConnectTimeout>0</oracleNetConnectTimeout>

          <validateConnection>false</validateConnection>

       </dataBase>

    I know it is a long process to build all this and hard to show all the datails. At least if I can get some guidelines on which part to focus.

    Thanks,

    Tilen

  • Tilen
    Tilen Member Posts: 13 Blue Ribbon
    edited Jun 12, 2020 6:45AM

    I don't understand why is necessary to create another route to users and group data from BI with adapter if it has all data in admin server.What is the use of them? :/