I have SSO enabled in my OBIEE 220.127.116.11.2BP1 . Its working fine from IE/Firefox Browser. Before implementing SSO ipad app was running fine. but now its screwed up. Its not getting connected.
Any changes that is required in the App to be done after SSO is enabled?
Windows Native Authentication (WNA), which uses Kerberos credentials obtained when the user logs in to a Windows Domain. This cross-platform authentication is achieved by emulating the negotiate behavior of native Windows-to-Windows authentication services that use the Kerberos protocol. When OBIEE is configured for WNA, a user that has logged into his desktop can simply navigate to a protected resource without another challenge for credentials. This is because a Kerberos session ticket, which includes the user’s credentials, is passed through the browser to the Weblogic server which then validates the credentials against the Key Distribution Center server (Microsoft Active Directory) on the Windows domain server.
Are you using OAM or OID to configure WNA or just custom WNA using Microsoft Active Directory..? I don't know it is possible to authenticate users if they are not logged into their Windows Domain.
Hope this helps. Pls mark if it does.
I am not using OAM or OID. I am just using WNA for authentication of AD. But in weblogic.xml I have also included Basic type of authentication ie if SSO fails it falls back to prompting username & password.
Can you provide details for configuring Ipad app ? I tried using oracle doc for configuring but was not successful.
Is there any other config that requires to be changed in weblogic in order to authenticate user thru ipad app.?
Have you tried using the default authenticator login after setting up WNA for OBIEE .? Because when you are configuring BI for OBIEE to use Single Sign on, you enable Windows native Authentication within EM.
Let me know if you are able to login using fall back method by prompting username & password.
Yes I have enabled WNA in EM. What is default authenticator login?
Safari browser in ipad app does prompt for username & pwd.. But Ipad app is not falling back to Basic Auth. It is not able to add server and connect. I have tried switching SSO ON/OFF in app config.
I meant the default authentication provider or Active directory provider that you have used as your user store. I was referring to on desktop were able to use the fall back authentication .?
Did you already check : OBIEE 11g: Error: "Authentication Error Server Authentication Failed, Please Check Settings and Re-Try" when Log in with Correct Credentials On Mobile Client [ID 1349522.1]
Hope this helps. Pls mark if it does.
Yes SSO is working fine in IE. And for other browsers I havent configured them so they fall back to prompting username & password.
The Oracle Doc you gave refers to matching the GUID values. But I havent change the GUID value in my provider.
Also before enabling my SSO i.e. when only weblogic was configured with AD app was working fine with my AD credentials.
Have you read this note:
IPAD SSO Authentication For Oracle Business Intelligence Mobile [ID 1476488.1]
In particular it states the following:
We support only form based authentication. We do not support any other kind of authentication like Kerberos or token based.
Mobile SSO has been tested ("certified") only with OAM SSO (which is the same than Oracle SSO) but we support all SSO servers that OBIEE supports. If helpful pls mark
Thanks Ahsan for your reply. I am aware of SSO limitation of Ipad. Hence I tried connecting with SSO switch OFF in Ipad. Based on my current SSO settings, if browser fails in SSO it prompts for username & password. But thats not happening in Ipad.
So is there any configuration I am missing somewhere?
Below is what I am using to connect:
Host: xxx.yyy.com (also tried with IP address)
SSL – Off
SSO – Off (also tried setting to ON)
Username: my username
Pass: my password
Save Pw: On
Device Locale: On
Analytics Path: /analytics/saw.dll
Publisher Path: /xmlpserver