My Oracle Support Banner

How to Configure SAML 2.0 SSO on OBIEE 12c using ADFS In A Cluster Environment (Doc ID 2258128.1)

Last updated on JUNE 01, 2021

Applies to:

Business Intelligence Suite Enterprise Edition - Version 12.2.1.1.0 to 12.2.1.4.0 [Release 12c to 12g]
Information in this document applies to any platform.

Purpose

To Provide End to End steps to be performed to implement Security Assertion Markup Language (SAML) 2.0 Web Single Sign On (SSO) for OBIEE 12c using Active Directory Federation Services (ADFS) as Identity Provider (IdP)

This is a Service Provider (SP) Initiated SSO which means the user directly access the Analytics SP URL that gets re-directed to ADFS for Authentication.

 

Scope

The main purpose of the document is to provide complete end to end steps involved in configuring SAML 2.0 SSO for OBIEE 12c using ADFS, Any issues while implementing these steps are not necessarily handled by OBIEE product support Group. Based the issue the appropriate support team to be involved like Microsoft AD, ADFS, OHS, F5 LB, WebLogic or OBIEE.
  1. Before following the steps in this document , Ensure that the OBIEE environment is in working status.
  2. Check the user logins to Analytics from Default LDAP and External LDAP users (if any).
  3. Please take complete domain backup before attempting to implement SAML.
  4. This document is informational and intended for Administrators and Advanced Users.
  5. This document covers very basic and typical SAML 2.0 implementation steps for OBIEE 12c.
  6. This document does not cover all the implementation scenarios.
  7. This document is intended as a "cookbooK" enhancement to the documentation to fill in any gaps, missing or ambiguous information and to tie multiple documentation together in one location. It is not meant to replace the official documentation.
  8. The server names , locations and passwords used in this document are for example, should not be copy and paste.
  9. This document does not cover OBIEE Installation and SSL Configuration for OBIEE.
  10. This document assumes the Windows 2012 Server already has Active Directory configured with proper Domain.
For Oracle Analytics Server (OAS), please use the approach documented in:
SAML 2.0 and Kerberos Single Sign-On Configuration for Oracle Analytics Server (Doc ID 2761678.1)

 

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 Please read the Scope section before start implementing the steps.
 1. Prerequisites 
 1.1 ADFS Prerequisites
 1.2. OBIEE 12c Prerequisites 
 1.3 OHS 12c Prerequisites
 2. Install ADFS and IIS
 3. Configure SSL for IIS
 4. Configuration of ADFS and generate IdP Metadata
 4.1 Setup a Service Account
 4.2 Configure the Federation Server
 4.3 Generate Federation Metadata
 5. Creation of BI System 
 5.1 Setup RDBMS Security Store
 5.2 Create an empty WebLogic domain
 5.3 Configure RDBMS Store for the newly created domain.
 5.4 Create RDBMS Store in Console.
 5.5 Update domain to add bi managed server
 5.6 Create BI System Components
 5.7 Scale-out the BI Domain
 5.7.1 Setup SDD
 5.7.2 Clone BI System
 5.7.3 Start Node Manager on node2
 5.8 Start all the services
 5.9 Verify Analytics login from node1 and node2
 6. Setup OHS 12c as a Loadbalancer of node1 and node2
 7. Configure BI Domain as Service Provider
 7.1 Create SAML2.0 Asserter 
 7.2 Configure Federation Services on bi_server1 and bi_server2
 8. Configuring BI as a Partner (SP) with ADFS (IdP) 
 9. Configuring Identity Provider Metadata on the BI Domain
 10. Configure BI Analytics Application for SSO
 10.1 Update analytics.ear to include required security role.
 10.2 Redeploy repackaged analytics.ear
 11. Enable SSO in EM
 12. Setup Authorization
 13. Restart all the Services
 14. Verify the SAML SSO Login
 15. Configuring Logout (Sign Out) URL
 15.1 Obtain and Apply patch for appropriate OBIEE version and Platform
 15.2 Configure Logout End Point at ADFS
 15.3 Configure Logoff URL at OBIEE
 16. Configure Visual Analyzer/ Data Visualization Application for SSO

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.