Forum Stats

  • 3,853,799 Users
  • 2,264,275 Discussions
  • 7,905,449 Comments

Discussions

OBI EE Siteminder SSO Integration

Hi,

I am getting the follwoing message.

Not Logged In

You are not currently logged in to the Oracle BI Server.

If you have already logged in, your connection might have timed out, or a communications or server error may have occurred.


I read a couple of posts but I wanted to clarify on a few infrastucture details before really getting into the config part

We have
SSO CA siteminder

OC4J App server

Sun one server web server

I read a few posts about compatability issues with REMOTE_USER. Can some one let me know if there is a way to trace this SSO authentication under OBI?

Thanks
Yuvaraj
«1

Answers

  • Vineeth. K.M
    Vineeth. K.M Member Posts: 241
    hi,

    this problem exists with siteminder when the user_information table, which you use to check the valid users does not contain the user entry with which you are trying to log in.

    Add the user entry and try again.

    let me know in case of issues.
  • Turribeach
    Turribeach Member Posts: 2,019 Silver Trophy
    Yuvaraj, can you explain your SSO confiuration in detail please? By reading your brief description it seems that you are expecting OC4J and Sun One Web App Servers to share the REMOTE_USER variable. I don't think this is possible. How do you expect the two App Servers to share it?
  • Hi,

    I checked the initialization blocks witth the user values. I dont use LDAP directory, I am using Siebel S_USER table to authenticate the user. If this is not what you meant by user information table can you be more decriptive.

    Thanks
    Yuvaraj
  • Hi,
    I have included the Impersonation params according to the J2EE integration sample, having serverVariable and REMOTE_USER. I believe Sun One is just the Webserver , Can you clarify why they will not be able to communicate?

    Thanks

    Yuvaraj
  • Turribeach
    Turribeach Member Posts: 2,019 Silver Trophy
    OK, your second responde makes sense as you were not answering what I asked in the first one. You are missign an important step in your configuration. The OBIEE Deployment Guide clearloy says it on the "Prerequisites for SSO Systems to Integrate With Oracle Business Intelligence" section, J2EE:

    "In this case, the SSO system must be able to integrate with the J2EE environment of choice and set up the framework such that the getRemoteUser method returns the username of the end user."

    What this is telling you is that for the getRemoteUser method to work your J2EE must be integrated in some way. This typically means deploying them in the same Web App server so that the REMOTE_USER is automatically shared. There is no way OC4J can get Sun One's REMOTE_USER value, do you undersntad the problem now?
  • Hi

    What do you suggest as a solution or Workaround. The Analytics WAR
    file is deployed on the Sunone. Does this mean I need to tweak that.

    Thanks
    Yuvaraj Narayanan
  • Turribeach
    Turribeach Member Posts: 2,019 Silver Trophy
    edited Aug 21, 2009 9:44AM
    "tweak that", certainly not. This is not a "tweak", you need to integrate them. The manual is quite clear, you need to "set up the framework such that the getRemoteUser method returns the username of the end user". I can't tell you how to do that, it will depend on your Web App Server and your custom Web App. In general it's possible to get this working by deploying OBIEE along side the Web App that you are trying to integrate, but it depends on the Web App Server and I am not an expert on Sun One or other Web App Servers. You will need to get a J2EE knowledged person involved here.
    Turribeach
  • Hi Turri,

    if I can see the REMOTE_USER on the SAW log do you still think that it is an issue with the Infrastructure(Web/App server)? Or am I missing something with my OBI setup. Please Clarify.

    Thanks
    Yuvaraj
  • Vineeth. K.M
    Vineeth. K.M Member Posts: 241
    hi,

    does the S_USER table hold the entries for your USER ?
    does the log files say that "Invalid Username / Password " or something like that ?
  • does the S_USER table hold the entries for your USER ?
    Yes, It does

    does the log files say that "Invalid Username / Password " or something like that ?

    No I dont get this error. It goes to a Contidiotn Wait. Severity:50 tells its an Authentication issue as per Presentation Server Admin guide. Let me know your thoughts

    -----
    Type: Information
    Severity: 50
    Time: Fri Aug 21 15:43:15 2009
    File: webthreads/posix/conditionwait.cpp Li皜e: 96
    Properties: ThreadID-2
    Location:
    saw.threads.syncobjs.conditionwait.wait
    saw.taskScheduler
    saw.threads

    Leaving condition wait. Condition var: 4297527000. Timeout: 5000
    ---------------------------------------
    Type: Information
    Severity: 50
    Time: Fri Aug 21 15:43:15 2009
    File: webthreads/posix/conditionwait.cpp Line: 88
    Properties: ThreadID-2
    Location:
    saw.threads.syncobjs.conditionwait.wait
    saw.taskScheduler
    saw.threads
    ------
This discussion has been closed.