Bookshelf Home | Contents | Index | PDF     

Oracle® Business Intelligence Enterprise Edition Deployment Guide > Enabling Oracle Single Sign-On for Oracle Business Intelligence > Configuring BI Presentation Services to Use the Impersonator User >

Adding Impersonator User Credentials to Oracle BI Presentation Services Credential Store

For BI Presentation Services to be able to utilize the user created above for impersonation of the authenticated end user, it must be able to identify the impersonator user and obtain the impersonator user credentials. The impersonator user credentials must be added to the BI Presentation Services Credential Store. To obtain the impersonator user credentials, BI Presentation Services will search the credential store for a username-password credential with an alias of impersonation.

In the instructions provided below, it is assumed that the credential store being used by BI Presentation Services is the credential store XML file called credentialstore.xml. Other supported storage facilities for the credential store may be used to store the credentials. For more information on the BI Presentation Services Credential Store and the supported storage types, see Oracle BI Presentation Services Credential Store.

Use this procedure to add the impersonator user credentials to the BI Presentation Services Credential Store with an alias of impersonation. The impersonator user credentials are added to the BI Presentation Services proprietary credential store named credentialstore.xml. This file is in the following locations:

  • Windows: OracleBIData_HOME\web\config
  • Linux or UNIX: OracleBIData_HOME/web/config

NOTE:  You must perform this procedure for all instances of BI Presentation Services in your deployment. As an alternate, you can copy the credential store to which the impersonator credentials have been added to all BI Presentation Services machines.

To add impersonator user credentials to Oracle BI Presentation Services credential store

  1. Open a command prompt window or command shell on the machine where BI Presentation Services has been installed.
  2. Navigate to the directory OracleBI_HOME\web\bin or OracleBI_HOME/web/bin.
  3. Execute the CryptoTools utility to add the impersonator user credentials to the BI Presentation Services Credential Store:

    cryptotools credstore -add -infile OracleBIData_HOME/web/config/credentialstore.xml

    For more information on the CryptoTool utility, its syntax and supported sub-commands, refer to Using the CryptoTools Utility.

  4. Supply values for the prompted parameters, as shown in Table 13.
    Table 13. Adding Impersonator user credentials to credentialstore.xml using CryptoTools
    Parameter or Prompt
    Value or Input
    Description

    Credential Alias

    impersonation

    You must specify the value impersonation to identify the user as the impersonator user

    Username

    <name of the user>

    Name of the user created in topic Creating the Oracle BI Server Impersonator User. For example, Impersonator.

    Password

    <password of the user>

    Password of the user created in topic Creating the Oracle BI Server Impersonator User. For example, secret.

    Do you want to encrypt the password?

    y

    Provide a passphrase. For example, another_secret.

    Passphrase for encryption

    <passphrase>

     

    Do you want to write the passphrase to the xml?

    n

    For enhanced security, specify "n". The passphrase will not be written to the credential store and must be provided in the instanceconfig.XML file.

For example:

cryptotools credstore -add -infile <OracleBIData>/web/config/credentialstore.xml

>Credential Alias: impersonation
>Username: Impersonator
>Password: secret
>Do you want to encrypt the password? y/n (y):
>Passphrase for encryption: another_secret
>Do you want to write the passphrase to the xml? y/n (n):
>File "OracleBIData_HOME/web/config/credentialstore.xml" exists. Do you want to overwrite it? y/n (y):

The CryptoTools utility updates the credentialstore.xml file. This file is located in the OracleBIData\web\config directory on Windows and OracleBIData/web/config on Linux and UNIX.

After executing the CryptoTools utility with inputs as specified above, the credentialstore.xml file contains entries similar to the following:

<sawcs:credential type="usernamePassword" alias="impersonation">
   <sawcs:username>Impersonator</sawcs:username>
   <sawcs:password>
      <xenc:EncryptedData>
      <xenc:EncryptionMethod Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#pbes2">
         <pkcs-5:PBES2-params Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#pbkdf2">
         <pkcs-5:KeyDerivationFunc>
            <pkcs-5:Parameters>
            <pkcs-5:IterationCount>1024</pkcs-5:IterationCount>
            </pkcs-5:Parameters>
         </pkcs-5:KeyDerivationFunc>
         <pkcs-5:EncryptionScheme Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
         </pkcs-5:PBES2-params>
      </xenc:EncryptionMethod>
      <xenc:CipherData>
         <xenc:CipherValue>jeThdk8ZklnTlyKIat8Dkw</xenc:CipherValue>
      </xenc:CipherData>
      </xenc:EncryptedData>
   </sawcs:password>
</sawcs:credential>

  
Oracle® Business Intelligence Enterprise Edition Deployment Guide Copyright © 2006, Oracle. All rights reserved.