My Oracle Support Banner

Configuring Oracle Business Intelligence Enterprise Edition 11g to work with SiteMinder SSO (Doc ID 1287479.1)

Last updated on JULY 02, 2019

Applies to:

Business Intelligence Server Enterprise Edition - Version 11.1.1.3.0 [1905] and later
Business Intelligence Suite Enterprise Edition - Version 11.1.1.3.0 [1905] and later
Information in this document applies to any platform.
***Checked for relevance on 09-Oct-2012***

Purpose

This paper examines how to configure Oracle Business Intelligence Enterprise Edition (Oracle BI EE) 11.1.1.3.0 to use SiteMinder version 6 as a Single Sign-on mechanism (SSO).

There are two possible approaches for configuring SiteMinder with Oracle BI EE 11g.
One approach involves using a SiteMinder Asserter (Application Agent) provided by Computer Associates as a plugin to WebLogic combined with a supported Authenticator such as an Active Directory Authenticator. This approach is not described in this document and has not been certified by Oracle at this point. However, customers have successfully configured this approach and it does not have the same limitations as the approach described in this document.

Under certain circumstances, the approach using an Asserter in WebLogic will not be possible. In this case, the approach described in this document should be followed. For example, if group membership for users is defined in a database table it is not possible in BI 11.1.1.3.0 to use an authenticator and asserter approach for authentication.

The approach described in this document is based on an HTTP header provided by SiteMinder that contains the UserID of an authenticated user. This HTTP header is then used by Oracle BI EE to logon. The scenario documented assumes that a user population exists in an LDAP directory and that the BI Server will retrieve group membership information for these users via a single SQL statement executed by an Initialization Block.

Scope

This document describes the steps required to integrate Oracle BI Enterprise Edition with SiteMinder SSO in order to use SiteMinder to provide single-sign on and secure access to the Oracle BI /analytics URL.

This document is aimed at Oracle BI professionals familiar with both SiteMinder and Oracle BI Enterprise Edition 11g. In particular, you should have familiarity with SiteMinder Policy Server and Web Agent as well as HTTP server functionality and experience of maintaining metadata in the Oracle BI Administration Tool.

Setup is required in both Oracle BI and SiteMinder to perform this integration. This document assumes that a supported HTTP server has been configured with the appropriate WebLogic plugin in front of the WebLogic server hosting the web components of Oracle BI. An example of the WebLogic plugin configuration is given for an Apache HTTP server, links to the documentation for configuring the IIS plugin are provided.

You should be aware that there are some limitations of this approach. The known limitations are as follows:

• Access to RTD is not possible using this approach.

• Access to BIP via Oracle BI has known issues using this approach which are not planned to be addressed for Oracle BI 11.1.1.3.0.

• This document does not address any additional configuration that might be required to configure BI Publisher for SiteMinder SSO.

• Invoking Actions that are configured to propagate user identity to targets has not been certified.

• Using Essbase as a data source including propagating the user identity of the BI User to Essbase via a CSS Token is not certified with this approach.

• BISearch is not certified with this approach due to limitations around Secure Enterprise Search support for SiteMinder

• Editing a view in Excel under BIOffice does not work as BIOffice requires an IP address to access analytics whereas SiteMinder must be configured to protect analytics via a fully qualified hostname

This approach has been tested against the following release versions:

• Oracle BI EE 11.1.1.3.0
• SiteMinder 6.0

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.