How To Configure Oracle BI Mobile With Required Forms-based SSO Login When Using Active Directory Federation Services (ADFS) 2.0 | 3.0 SAML- Windows Native Authentication (WNA)
(Doc ID 2104609.1)
Last updated on OCTOBER 01, 2020
Applies to:Exalytics In-Memory Machine X5-4 - Version All Versions and later
Business Intelligence Suite Enterprise Edition - Version 184.108.40.206.151020 and later
Information in this document applies to any platform.
This document applies to ADFS 2.0. It does not apply to ADFS 3.0 or higher. For ADFS 3.0 and higher, review the ADFS documentation and or work with Microsoft Support to achieve a similar configuration to detect the type of client device using the User-Agent in the header and redirect that specific client to forms-based login which is required by BI Mobile app.
This note covers the required setup when using BI Mobile Single Sign On “SSO” with ADFS 2.0 “Active Directory Federation Services” in mixed mode:
- Form based authentication when login in with BI Mobile
- Other authentication types when login in with the desktop browser to Oracle Business Intelligence (such as WNA “Windows Native Authentication”/ Kerberos)
Note: Oracle BI Mobile requires form-based SSO Login. See: BIEE BI Mobile Apps Supported Security Configurations (Doc ID 1996632.1)
Oracle Business Intelligence supports SSO using ADFS, relying on SAML. This is applicable to on premise deployments (Oracle Business Intelligence), as well as Cloud services (Business Intelligence Cloud Service “BICS”).
When ADFS Service Provider Initiated authentication is using Windows Native Authentication (WNA), BI Mobile cannot authenticate, since the mobile device itself does not always have WNA support. However, it is possible to change ADFS configuration and ADFS login page, to switch between, form based authentication and WNA by detecting the type of client device using User-Agent header presented in the login requests from clients.
When Oracle Business Intelligence or BICS is configured to use SSO with ADFS, a user is first redirected to the configured SSO ADFS login page for authentication. For more details about configuring Oracle Business Intelligence or BICS with SSO see the following document.
Oracle Business Intelligence:
Business Intelligence Cloud Service:
Configure ADFS 2.0 as Identity Provider with Oracle Cloud Service as Service Provider
Configure ADFS 3.0 as Identity Provider with Oracle Cloud Service as Service Provider
By changing the ADFS login page to present a different authentication mechanism based on User-Agent header value, it is possible to login to BI Mobile using Form based authentication, and to login to BI using desktop browsers with WNA.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document