My Oracle Support Banner

How To Configure Oracle BI Mobile With Required Forms-based SSO Login When Using Active Directory Federation Services (ADFS) 2.0 | 3.0 SAML- Windows Native Authentication (WNA) (Doc ID 2104609.1)

Last updated on OCTOBER 01, 2020

Applies to:

Exalytics In-Memory Machine X5-4 - Version All Versions and later
Business Intelligence Suite Enterprise Edition - Version 11.1.1.7.151020 and later
Information in this document applies to any platform.
This document applies to ADFS 2.0. It does not apply to ADFS 3.0 or higher. For ADFS 3.0 and higher, review the ADFS documentation and or work with Microsoft Support to achieve a similar configuration to detect the type of client device using the User-Agent in the header and redirect that specific client to forms-based login which is required by BI Mobile app.

Purpose

 This note covers the required setup when using BI Mobile Single Sign On “SSO” with ADFS 2.0 “Active Directory Federation Services” in mixed mode:

Scope

Oracle Business Intelligence supports SSO using ADFS, relying on SAML. This is applicable to on premise deployments (Oracle Business Intelligence), as well as Cloud services (Business Intelligence Cloud Service “BICS”).
When ADFS Service Provider Initiated authentication is using Windows Native Authentication (WNA), BI Mobile cannot authenticate, since the mobile device itself does not always have WNA support. However, it is possible to change ADFS configuration and ADFS login page, to switch between, form based authentication and WNA by detecting the type of client device using User-Agent header presented in the login requests from clients.

When Oracle Business Intelligence or BICS is configured to use SSO with ADFS, a user is first redirected to the configured SSO ADFS login page for authentication. For more details about configuring Oracle Business Intelligence or BICS with SSO see the following document.

Oracle Business Intelligence:
https://docs.oracle.com/cd/E23943_01/bi.1111/e10543/sso.htm#BIESC639

Business Intelligence Cloud Service:
Configure ADFS 2.0 as Identity Provider with Oracle Cloud Service as Service Provider
Configure ADFS 3.0 as Identity Provider with Oracle Cloud Service as Service Provider


By changing the ADFS login page to present a different authentication mechanism based on User-Agent header value, it is possible to login to BI Mobile using Form based authentication, and to login to BI using desktop browsers with WNA.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.