OBIEE 11g: The 'All Users' Filter in the Web Logic Server (WLS) Security Provider is not Applied in Enterprise Manager (EM) and All Users in the User Base DN can login to OBIEE
Last updated on DECEMBER 04, 2015
Applies to:Business Intelligence Server Enterprise Edition - Version 188.8.131.52.0 to 184.108.40.206.151020 [Release 11g]
Information in this document applies to any platform.
Users are to be authenticated (and authorized) via an Active Directory LDAP.
An Authentication Provider is created via the WebLogic Server (WLS) Console; for example, see a few of the provider specific configurations as below:-
User Base DN: DC=myUserBaseDN,DC=net
All Users Filter: (|(memberOf=CN=OBI Users,OU=myOrgUnit,DC=myUserBaseDN,DC=net))
And the Identity Store is configured via the Fusion Middleware Control (EM) to enable virtualization for the support of multiple authentication providers (identity stores); for example:-
WebLogic Domain > bifoundation_domain > Right-click bifoundation_domain : Select Security - Security Provider > Click Identity Store Provider : Configure
Add a Property in the Custom Properties area:
When viewing the users in the WLS Console, the list of MSAD users contains only those users that satisfy the All Users Filter (see above).
When viewing the users in EM (for example, to add members to an Application Role), the list of MSAD users contains all those users under the User Base DN.
Similarly, any MSAD user under the User Base DN can login successfully to OBIEE, even those that do not satisfy the All Users Filter.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms