Scribd Logo
Upload

Welcome to Scribd!

  • 117 views

    Configuring BIApps 11.1.1.10.1 ExternalLDAP Authentication

    Uploaded by

    Asad Hussain
    Configure BIApps

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd

    Configuring BIApps 11.1.1.10.1 ExternalLDAP Authentication

    Uploaded by

    Asad Hussain
    117 views3 pages
    Configure BIApps

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Configure BIApps

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    117 views3 pages

    Configuring BIApps 11.1.1.10.1 ExternalLDAP Authentication

    Uploaded by

    Asad Hussain
    Configure BIApps

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    of 3

    Steps to Configure BI Applications

    11g with External Authentication


    Oracle Business Intelligence uses the Oracle WebLogic Server LDAP directory for
    authentication by default. The BI Applications 11g installation on the BI EE platform
    requires the use of the embedded Weblogic LDAP. Once BI Applications has been
    installed and set up following the BI Applications 11g Installation Guide it can be
    configured to use an external LDAP for authentication.

    Configuring BI Applications 11g to use an external LDAP


    for authentication
    Pre-requisite: BI Applications 11g has been installed into the BI Domain where the
    default Weblogic embedded LDAP is used for authentication.
    NOTE: The BI Applications installation will fail if an external LDAP system is being
    used. If you have configured the BI system for use with an external LDAP (for
    example, Oracle Internet Directory) you must re-configure to use the default
    Weblogic embedded LDAP before you perform the BI Applications installation.
    The steps to configure the BI system including BI Applications to use an external
    authenticator are provided below:
    1. Configure the Business Intelligence system to use an external LDAP for

    authentication
    By default, the BI system uses the Weblogic Server embedded LDAP. To
    configure BI to use an external authenticator, see the Oracle Fusion
    Middleware Security Guide for Oracle Business Intelligence Enterprise Edition
    11g > Chapter 3 Using Alternative Authentication Providers.
    2. Create the BI Applications Administrator and BIAppsSystemUser users in the

    external LDAP system


    In the external LDAP, create the BI Applications Administrator user. This user
    will be granted the BI Applications Administrator Duty and will be added to
    the ODI Repository with Supervisor privileges during script execution in step 4
    below. This user will have full access to BI Applications Configuration Manager
    and to ODI Console and the ODI Repository.
    In the external LDAP, create a user with name BIAppsSystemUser. This user
    credentials will be used by the ODI Java EE Agent deployed in Weblogic to
    1

    connect to the ODI Repository This user will also be created in the ODI
    repository with SUPERVISOR privileges during script execution in step 4
    below.
    3. Update the oracle.biapps.system credential map to include the

    BIAppsSystemUser user
    Update the oracle.biapps.system credential map to include the
    BIAppsSystemUser user as follows:
    Run wlst.sh from MW_HOME/oracle_common/common/bin folder:
    connect('<ADMIN_USER_NAME>', '<ADMIN_PASSWORD>', 't3://<host>:<port>')
    updateCred(map='oracle.biapps.system', key='system', user='BIAppsSystemUser',
    password='<Password_forBIAppsSystemUser>', desc="Credential")

    where: <Password_forBIAppsSystemUser> is the password entered for the BIAppsSystemUser in


    step 2 above.
    4. Run switch_odiToExternalAuth.py script

    This script will associate the BI Applications Administrator Duty to the BI


    Applications Administrator user and will add the BI Applications Administrator
    and BIAppsSystemUser users to the ODI repository with Supervisor privileges.
    ODI will be configured to use the external LDAP for authentication.
    Run the following command from MW_HOME/oracle_common/common/bin folder:
    ./wlst.sh <ORACLE_HOME>/bifoundation/install/switch_odiToExternalAuth.py
    --ADMIN_USER_NAME <ADMIN_USER> --DOMAIN_HOSTNAME <DOMAIN_HOST>
    --DOMAIN_PORT <DOMAIN_PORT> --DOMAIN_HOME_PATH <FULL_DOMAIN_PATH>
    --ODI_HOME_PATH <FULL_ODI_HOME_PATH> --ODI_DB_CONN_STRING
    jdbc:oracle:thin:@<ODI_DB_CONN_STRING> --ODI_DB_SCHEMA_USER
    <ODI_SCHEMA_USER> --ODI_CONSOLE_USER_NAME <ODI_CONSOLE_USER>
    --OID_USER <OID_USER> --LDAP_URL <LDAP_URL> --USERBASE_PREFIX
    <USERBASE_PREFIX_IN_OID> --GROUPBASE_PREFIX <GROUPBASE_PREFIX_IN_OID>
    Where the ODI_CONSOLE_USER is the BI Applications Administrator User.
    Restart the ODI Managed Server using Weblogic Administration Console.

    5. Configure ODI Studio Security files


    The ODI Repository is configured for external authentication against your external LDAP server.
    ODI Studio must be configured to use the appropriate security files for authentication. The
    security files have to be regenerated for login to ODI Studio to be successful.

    a. Run the following command from BI_ORACLE_HOME/common/bin folder in order to


    generate the ODI client security artifacts. Note: Do not run wlst from any other location.

    ./wlst.sh
    <MW_HOME>/Oracle_BI1/bifoundation/install/createJPSArtifactsODI.py
    external --ADMIN_USER_NAME <Administrator> --DOMAIN_HOSTNAME
    <Hostname> --DOMAIN_PORT <Domain Port, e.g. 7001>
    --DOMAIN_HOME_PATH <Domain Home Path, e.g. MW
    Home>/user_projects/domains/bifoundation_domain> --OID_USER
    cn=orcladmin --LDAP_URL <ldap://host:port> --USERBASE_PREFIX <User
    base where users will be searched, e.g.,
    cn=users,dc=us,dc=oracle,dc=com> --GROUPBASE_PREFIX <user group,
    e.g., cn=groups,dc=us,dc=oracle,dc=com>
    Where:
    the external parameter is used to configure to the external LDAP system.
    --ADMIN_USER_NAME : Weblogic Administrator user Name
    --DOMAIN_HOSTNAME : BI Domain host name
    --DOMAIN_PORT: BI Domain port
    --DOMAIN_HOME_PATH : BI Domain home path
    --OID_USER: OID user, e.g. cn=orcladmin
    --LDAP_URL: external ldap url; format: ldap://host:port
    --USERBASE_PREFIX : user base prefix; where users will be searched; e.g.
    cn=users,dc=us,dc=oracle,dc=com
    --GROUPBASE_PREFIX : user group prefix; e.g. cn=groups,dc=us,dc=oracle,dc=com
    Example: ./wlst.sh /scratch/mw6826/Oracle_BI1/bifoundation/install/createJPSArtifactsODI.py
    external --ADMIN_USER_NAME Administrator --DOMAIN_HOSTNAME slc01apw.us.oracle.com
    --DOMAIN_PORT 7001 --DOMAIN_HOME_PATH
    /scratch/mw6826/user_projects/domains/bifoundation_domain --OID_USER cn=orcladmin
    --LDAP_URL ldap://scl14405.us.oracle.com:3060 --USERBASE_PREFIX
    cn=users,dc=us,dc=oracle,dc=com --GROUPBASE_PREFIX
    cn=groups,dc=us,dc=oracle,dc=com
    b. Copy the jps-config-jse.xml file and cwallet.sso files from DOMAIN_HOME_PATH/odiclient-config/external to ODI_Home/oracledi/client/odi/bin on all machines where ODI
    Studio clients have been installed.
    c. Open the ODI_Home/oracledi/client/odi/bin/odi.conf file for editing:

    Edit the line starting with AddVMOption -Doracle.security.jps.config to


    point to the jps-config-jse.xml file and location:
    AddVMOption -Doracle.security.jps.config=./jps-config-jse.xml
    (where jps-config-jse.xml and cwallet.sso have been copied to the
    ODI_Home/oracledi/client/odi/bin directory)

    You might also like