1 Reply Latest reply: Jun 12, 2013 12:08 AM by Dilliraj RSS

    Integration OBIEE with custom SSO which does not write custom header

    Prosaria-Oracle
      I have following query from a customer on OBIEE 11g (11.1.1.5):

      Customer is using a custom SSO that unlike Oracle Access Manager doesn't work with a reverse proxy, so there isn't any custom header with the logged username.
      A custom token is passed on the HttpRequest by the custom SSO and there is a custom api to validate it.

      Reading the documentation in:
      - Oracle® Fusion MiddlewareSecurity Guide for Oracle Business Intelligence Enterprise Edition
      - Oracle® WebLogic Server Developing Security Providers for WebLogic Server
      we developed a WebLogic AuthenticationProvider and a JAAS Login Module that authenticate the user using the SSO token as password. When the user (user1 in the example) is accessing to the obiee analytics url like:
      http://192.168.56.102:7001/analytics/saw.dll?bieehome&startPage=1&NQUser=user1&NQPassword=token
      the user is authenticated on OBIEE and has the right OBIEE roles that we coded in our Login Module. This solutions is accepted by the customer as SSO implementation.

      Are there any other best practices to integrate OBIEE with a custom SSO that doesn't write any custom header ?