Skip Headers
Oracle® Fusion Middleware Integrator's Guide for Oracle Business Intelligence Enterprise Edition
11g Release 1 (11.1.1)

Part Number E16364-06
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

10 Integrating with Oracle E-Business Suite Security

This chapter describes setting up Oracle Business Intelligence to use Oracle E-Business Suite security to authenticate actions users who navigate to Oracle E-Business Suite. Describes creating a database object and connection pool for the database, setting up authentication, and embedding a link in Oracle E-Business Suite that opens Oracle Business Intelligence dashboards.

This chapter includes the following sections:

10.1 Creating a Database Object and Connection Pool for the Oracle E-Business Suite Database

To enable integration with Oracle E-Business Suite, you must create a database object and connection pool for the Oracle E-Business Suite database in the Oracle BI repository.

To create a database object and connection pool for the Oracle E-Business Suite database:

  1. In the Administration Tool, open the repository that you want to integrate with Oracle E-Business Suite.

  2. Right-click in the Physical layer and select New Database.

  3. Enter a name for the new database (for example, Oracle E-Business Suite 12).

  4. For Database, select the appropriate Oracle Database type for your Oracle E-Business Suite database (for example, Oracle 10g R2 or Oracle 11g).

  5. Click OK.

  6. Right-click the new database object you just created and select New Object, then select Connection Pool.

  7. Enter a name for the connection pool (for example, Oracle E-Business Suite 12).

    You must provide a unique name for this connection pool. Because of this requirement, do not name the object 'Connection Pool.'

  8. For Call interface, select OCI 10g/11g.

  9. For Data source name, enter the TNS name of the Oracle E-Business Suite database.

  10. For User name and Password, enter the user name and password of the Oracle E-Business Suite super user.

  11. Select the Connection Scripts tab.

  12. Click New for Execute on connect.

  13. Enter the following physical SQL, and then click OK:

    call APP_SESSION.validate_icx_session('valueof(NQ_SESSION.ICX_SESSION_COOKIE)')
    

    Check that this script is enabled.

  14. Click OK in the "Connection Pool dialog."

  15. Save the repository.

10.2 Setting Up Authentication

This section explains how to set up shared authentication between Oracle Business Intelligence and Oracle E-Business Suite.

Note:

If you set up shared authentication using the EBS ICX authentication cookie as described in this section, you cannot use single sign-on to seamlessly navigate from Oracle Business Intelligence to Oracle BI Publisher.

This section contains the following topics:

10.2.1 Setting Up Session Variables for Authentication

To set up proper authentication for your integrated environment, you must set up several session variables and an initialization block in the Oracle BI repository.

To set up session variables for authentication in the Administration Tool:

  1. In the Administration Tool, open the repository that you want to integrate with Oracle E-Business Suite.

  2. Select Manage, then select Variables.

  3. From the Action menu, select New, then Session, then Initialization Block.

  4. Enter a name for the initialization block (for example, Oracle E-Business SSO).

  5. Click Edit Data Source.

  6. For Default initialization string, enter the following:

    SELECT
      FND_GLOBAL.RESP_ID,
      FND_GLOBAL.RESP_APPL_ID,
      FND_GLOBAL.SECURITY_GROUP_ID,
      FND_GLOBAL.RESP_NAME,
      FND_GLOBAL.USER_ID,
      FND_GLOBAL.EMPLOYEE_ID,
      FND_GLOBAL.USER_NAME
    FROM DUAL
    
  7. For Connection Pool, click Browse, select the connection pool you created for the Oracle E-Business Suite database (for example, Oracle E-Business Suite 12), and click Select.

    Figure 10-1 shows the "Session Variable Initialization Block Data Source dialog," with example values for Default initialization string and Connection Pool.

    Figure 10-1 Session Variable Initialization Block Data Source Dialog

    Description of Figure 10-1 follows
    Description of "Figure 10-1 Session Variable Initialization Block Data Source Dialog"

  8. Click OK.

  9. Click Edit Data Target.

  10. Create the following session variables:

    EBS_RESP_ID
    EBS_RESP_APPL_ID
    EBS_SEC_GROUP_ID
    EBS_RESP_NAME
    EBS_USER_ID
    EBS_EMPLOYEE_ID
    USER
    

    To do this, click New, enter the variable name, and then click OK. Click Yes when you receive a warning about the special purpose of the USER variable.

    Optionally, you can select Security Sensitive before clicking OK for each variable. See Oracle Fusion Middleware System Administrator's Guide for Oracle Business Intelligence Enterprise Edition for more information about this option.

    You must ensure that the variables are listed in the given order. If necessary, select a variable and click Up or Down to reorder the list.

    Figure 10-2 shows the "Session Variable Initialization Block Variable Target dialog," with the required variables displayed in the required order.

    Figure 10-2 Session Variable Initialization Block Variable Target Dialog

    Description of Figure 10-2 follows
    Description of "Figure 10-2 Session Variable Initialization Block Variable Target Dialog"

  11. Click OK in the "Session Variable Initialization Block Variable Target dialog".

  12. In the "Session Variable Initialization Block dialog," clear Required for authentication.

  13. Click OK.

  14. Save the repository.

10.2.2 Updating authenticationschemas.xml

You must update the authenticationschemas.xml file to add the name of the EBS ICX authentication cookie.

To update authenticationschemas.xml:

  1. Open the file authenticationschemas.xml for editing. You can find this file at:

    ORACLE_HOME/bifoundation/web/display
    
  2. Find the following element:

    <AuthenticationSchema name="EBS-ICX">
    
  3. Locate the sub-element RequestVariable source="cookie" and change the value of the nameInSource attribute from ICX_SESSION to the name of the EBS ICX authentication cookie prefix. For example:

    <RequestVariable source="cookie" type="auth" nameInSource="VIS" biVariableName=
    "NQ_SESSION.ICX_SESSION_COOKIE" />
    

    Do not update the RequestVariable source="url" sub-element.

    Note:

    Ask your Oracle E-Business Suite administrator for the name of the EBS ICX authentication cookie if you do not know it. Alternatively, follow these steps to find the cookie name:

    1. Log in to Oracle E-Business Suite.

    2. Enter the following text in the address bar of your browser:

      javascript:document.writeln(document.cookie);
      
    3. The cookie is displayed. For example:

      ORA_BIPS_LBINFO=1262d6a5f9a; ORA_MOS_LOCALE=en%7CUS; ORA_UCM_
      INFO=3~00027147766664614052270216870092~LastName~FirstName~Firstname.LastName@mycompany.com~USA~en~~~~~1; ORA_UCM_VER=
      %2FMP%2F8kgic%2Cr_ wjmp%3Emp_ajc%2CamkMP%2F8iega*p%5Duhkn%3Ckn
      %5D_ha*_kiMP%2F8%2F26%2C65%2C7%2C22MP%2F8-04*43*5*00; ORA_UCM_
      SRVC=3*OTN~1~0~//~null~*OPN~1~0~//~SE1%3ASE1%3ASE1%3ASE1%3ASE1%
      3ASE1%3ASE1%3ASE1%3A~*EMP~1~0~/34/~null~*GMO~1~0~//~null; ORA_
      TAHITI_PREFS=-0--------------; VIS=ZcEJeoLNVqcHGiGYvCpzTx3N:S;
      ADMINCONSOLESESSION=0yQmLP2D67vJKgtXLxsNl534QTWlThYkyvXfR0fjFK0
      LPsD3Hh83!1322564050
      

      The value you need to provide in authenticationschemas.xml is the prefix of the EBS ICX authentication cookie. In the previous example, the EBS ICX authentication cookie is VIS=ZcEJeoLNVqcHGiGYvCpzTx3N:S;, and the prefix is VIS.

  4. In the same entry (RequestVariable source="cookie"), ensure that the value of the biVariableName attribute is the same as the value you entered as part of the connection script when you created the connection pool for the Oracle E-Business Suite database. See Step 13 of Section 10.1, "Creating a Database Object and Connection Pool for the Oracle E-Business Suite Database" for more information.

  5. Find the following element:

    <SchemaKeyVariable source="cookie">
    
  6. Change the value of the nameInSource attribute from ICX_SESSION to the name of the EBS ICX authentication cookie prefix (often VIS). For example:

    <SchemaKeyVariable source="cookie" nameInSource="VIS" forceValue="EBS-ICX"/>
    
  7. Save and close the file.

10.2.3 Updating instanceconfig.xml

You must update the instanceconfig.xml file to add EBS ICX as one of the enabled schemas, and set it as the default. You must update the instanceconfig.xml file to configure login and logout information.

To update instanceconfig.xml:

  1. Configure Oracle Business Intelligence to use an SSO provider of "Custom," as described in "Enabling SSO Authentication Using Fusion Middleware Control" in Oracle Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition.

  2. Open the file instanceconfig.xml for editing. You can find this file at:

    ORACLE_INSTANCE/config/OracleBIPresentationServicesComponent/coreapplication_obipsn
    
  3. Locate the Authentication element.

  4. Include EBS ICX in the list of enabled schemas. For example:

    <EnabledSchemas>UidPwd,Impersonate,UidPwd-soap,Impersonate-soap,EBS-ICX</EnabledSchemas>
    

    Ignore the comment in instanceconfig.xml that says this setting is centrally managed. EBS ICX must be manually added to the EnabledSchemas element.

  5. Save and close the file.

  6. Restart Oracle Business Intelligence.

10.3 Embedding Links to Oracle Business Intelligence in Oracle E-Business Suite

To embed a link in Oracle E-Business Suite that opens Oracle Business Intelligence dashboards, you need to create a form function and then assign menus and responsibilities.

Before you begin, log in to Oracle E-Business Suite as the system administrator (for example, sysadmin). Then, select the System Administrator responsibility from the responsibility navigator pane on the left. The available menus appear on the right.

Follow the steps in this section to create the following objects, in sequence:

This section contains the following topics:

10.3.1 Domain Prerequisites

If the URL entry points to your Oracle E-Business Suite instance and your Oracle Business Intelligence instance are configured using different internet domains, you must use an appropriate mechanism to create a single logical domain for the two URLs. This step is required to configure a link between Oracle E-Business Suite and Oracle Business Intelligence that is capable of passing the Oracle E-Business Suite session information to Oracle Business Intelligence.

For example, if Oracle E-Business Suite is available on

http://ebshost.ebsdomain.com:8001

and Oracle Business Intelligence is available on

http://bihost.bidomain.com:9704

an appropriate mechanism needs to be put in place so that a browser can access both URLs using the same domain.

One way to achieve this is to install a supported HTTP server such as Oracle HTTP Server. In the example above, the HTTP server against Oracle Business Intelligence could be configured so that a request for

http://bihost.ebsdomain.com:9704

maps to

http://bihost.bidomain.com:9704

In this way a client browser can link to

http://bihost.ebsdomain.com:9704

and under the covers, the http server will point to the real location.

For information about configuring and securing Oracle HTTP Server, see Oracle Fusion Middleware Administrator's Guide for Oracle HTTP Server.

10.3.2 Creating a Form Function

This section explains how to create a form function in Oracle E-Business Suite.

To create a form function:

  1. From the Application menu, select Function. The "Form Functions dialog" is displayed.

    Figure 10-3 shows the "Form Functions dialog."

    Figure 10-3 Form Functions Dialog

    Description of Figure 10-3 follows
    Description of "Figure 10-3 Form Functions Dialog"

  2. Enter the name of the function in the Function field (for example, OBIEE).

  3. Enter the user function name (for example, OBIEE).

  4. Enter a description (for example, Link to Oracle BI).

  5. Save your changes using the Save button on the toolbar.

  6. Select the Properties tab.

  7. For Type, enter SSWA jsp function.

  8. Select the Web HTML tab.

  9. For HTML Call, enter one of the following options:

    • To link to Answers, enter:

      OracleOasis.jsp?mode=OBIEE&function=Answers

    • To link to Dashboards, enter:

      OracleOasis.jsp?mode=OBIEE&function=Dashboard

  10. Save your changes using the Save button on the toolbar, and then close the "Form Functions dialog."

10.3.3 Creating a Menu That Invokes the Form Function

This section explains how to create a menu that invokes the form function in Oracle E-Business Suite. Note that menus are compiled whenever they are updated.

To create a menu that invokes the form function:

  1. From the Application menu, select Menu. The "Menus dialog" is displayed.

    Tip: If you are already in Forms, you can select Menu from the Top Ten list.

    Figure 10-4 shows the "Menus dialog."

  2. Enter the name of the menu in the Menu field (for example, OBIEE).

  3. Enter a User Menu Name (for example, OBIEE).

  4. For Menu Type, enter Standard.

  5. For Function, enter the name of the function you created in Section 10.3.2, "Creating a Form Function."

  6. Save your changes using the Save button on the toolbar, and then close the "Menus dialog."

Note that if a menu has only one function, then that function is selected by default for the user. If this is the case, intermediate steps like displaying the function may be skipped.

10.3.4 Assigning the Menu to a Responsibility

The menu that you created in Section 10.3.3, "Creating a Menu That Invokes the Form Function" must be associated with a responsibility. You can reuse an existing responsibility, or create a responsibility, as shown in the following procedure.

To assign the menu to a new responsibility:

  1. Select Responsibilities from the Top Ten List.

    Figure 10-5 shows the "Responsibilities dialog."

    Figure 10-5 Responsibilities Dialog

    Description of Figure 10-5 follows
    Description of "Figure 10-5 Responsibilities Dialog"

  2. Enter a name for the responsibility (for example, OBIEE).

  3. For Application, enter the application for which you created the menu.

  4. For Responsibility Key, define any unique value. To ensure that this value is unique, the Responsibility Key is not translated.

  5. For Available From, select Oracle Self Service Web Applications.

  6. For Data Group, enter Standard for Name and re-enter the application name for Application.

  7. For Menu, enter the name of the menu you created in Section 10.3.3, "Creating a Menu That Invokes the Form Function."

  8. Save your changes using the Save button on the toolbar, and then close the "Responsibilities dialog."

10.3.5 Assigning the Responsibility to a User

You must assign the responsibility that is associated with the menu to a user. You can create a user, or assign the responsibility to an existing user, as shown in the following procedure.

To assign the responsibility to an existing user:

  1. Select Users from the Top Ten List.

    Figure 10-6 shows the "Users dialog."

  2. For the user you want to edit, enter the responsibility details in the Direct Responsibilities tab. Enter the responsibility name, application, security group (Standard), and effective dates.

  3. Save your changes using the Save button on the toolbar, and then close the "Users dialog."

10.3.6 Setting Up a Profile

You need to enter the URL of the Oracle BI Server as part of a profile. You can set a profile for a responsibility, a user, or a site. The following procedure shows how to set profile options for a responsibility.

To set profile options for a responsibility:

  1. From the Application menu, select Profile.

    Figure 10-7 shows the "Find System Profile Values dialog."

    Figure 10-7 Find System Profile Values Dialog

    Description of Figure 10-7 follows
    Description of "Figure 10-7 Find System Profile Values Dialog"

  2. Select Responsibility, and then enter the name of the responsibility to which you assigned the menu in Section 10.3.4, "Assigning the Menu to a Responsibility."

  3. Enter %Business Intelligence% in the Profile field.

  4. Click Find.

  5. On the resulting screen, under Responsibility, enter the Oracle Business Intelligence URL. For example:

    http://my_server.domain.com:port/analytics
    

    You should use a fully-qualified host name.domain name rather than an IP address or just a host name. The Oracle Business Intelligence domain needs to be the same as the Oracle E-Business Suite domain. This is required so that the EBS ICX cookie is visible to Oracle Business Intelligence from the user's browser. For more information, see "Domain Prerequisites".

    For port, enter the web server port where Oracle Business Intelligence is running (for example, 9704).

  6. Save your changes using the Save button on the toolbar.