Forum Stats

  • 3,851,532 Users
  • 2,263,994 Discussions
  • 7,904,770 Comments

Discussions

BI Publisher Authentication without single sign-on

Nick Walsh
Nick Walsh Member Posts: 67 Bronze Badge
edited Jul 8, 2019 1:45PM in Forms

Hi,

We want to replace our Oracle Reports with BI Publisher Reports and call them from Forms. I've read the tutorials and example code and it seems that without SSO the user needs to be re-authenticated when calling the BI Report. We don't have single sign-on, so is there a way of passing the currently logged-in credentials without having to get the user to enter them again every time they want to run a report?

Thanks,

Nick.

Answers

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,384 Employee
    edited Jul 8, 2019 8:01AM

    The credential used for Forms and Reports are database credentials.  This is why Forms could silently call Reports and have it run a job.  BI-Publisher does not use/expect db credentials for accessing its services.  So, unless you create BI user credentials that match the Forms/Reports db user credentials there would be no way to accomplish what you are describing without SSO.  However, because the BI credentials are passed from Forms via a PL/SQL call the application developer can store and retrieve BI credentials from a custom db table/record.  In other words, if you stored the BI credentials in a properly crafted table (be sure to carefully protect the passwords), then the app developer could map the Forms user to the BI user and retrieve the information when needed.


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

    Nick Walsh
  • Nick Walsh
    Nick Walsh Member Posts: 67 Bronze Badge
    edited Jul 8, 2019 8:11AM

    Thanks for the quick response Michael.

    We are looking into using LDAP authentication for BI Publisher (although this isn't set in stone yet). Are you aware of any method of retrieving the LDAP credentials programmatically and passing them to BIP (I'm guessing not as it doesn't sound all that secure)?

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,384 Employee
    edited Jul 8, 2019 8:39AM

    Not being an expert with BI, I can't say too much about how accessing the user interface might differ from calls to its services.  However, it would seem that there are only two options to provide seamless access:

    1.  Shared SSO (i.e. the same SSO/OAM used by both Forms and BIP)

    2.  Developer identified credentials.  Meaning the application is able to obtain the needed credentials on-demand.

    Forms is integrated with BIP through its SOAP Services  Specifically scheduleService methods. It is this service that Forms will be expecting to access.

    https://docs.oracle.com/middleware/12213/bip/BIPDV/scheduleservice.htm


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

    Nick Walsh
  • geotsi
    geotsi Member Posts: 11
    edited Jul 8, 2019 1:45PM

    If you are only interesting in using BIP for replacing Reports why do you need extra authentication?  You can store credentials  of weblogic (administrator or any other user) in you application (obviously in a protected way) and then use them to run (schedule) bi reports. If you want to use ldap credentials I think the easiest way is with pl/sql and dbms_ldap