Oracle® Business Intelligence Enterprise Edition Deployment Guide >

Oracle Business Intelligence Authentication Mechanisms


This chapter summarizes the authentication methods supported by Oracle Business Intelligence. The Oracle Business Intelligence server supports the methods of authentication shown in Table 11.

Table 11. Oracle BI Server Authentication Methods
Method
Description

Database authentication

The Oracle Business Intelligence repository is preconfigured for database authentication.

This may be changed using the Server Administration Tool. See the Oracle Business Intelligence Server Administration Tool Online Help.

LDAP (Lightweight Directory Access Protocol) server authentication

Oracle Business Intelligence Server supports LDAP in both Secure Socket Layer (SSL) and regular (non-SSL) modes. An LDAP server treats Oracle Business Intelligence Server as a regular LDAP client. Oracle Business Intelligence Server supports authentication against multiple LDAP servers.

 

A DSI (Active Directory Service Interfaces) authentication

Oracle Business Intelligence Server supports ADSI in both Secure Socket Layer (SSL) and regular (non-SSL) modes. An Active Directory Server treats Oracle Business Intelligence Server as a regular LDAP client.

Oracle Business Intelligence Server supports authentication against multiple Active Directory servers.

NOTE:  Oracle Business Intelligence Server is still a LDAP client when it runs against ADSI.

Authentication on LDAP and ADSI servers uses Oracle Business Intelligence Server session variables. Some session variables, such as PASSWORD, are populated automatically. They receive their values when a user begins a session by logging on. Instead of storing user names and passwords in an Oracle Business Intelligence Server repository, the Oracle Business Intelligence Server passes the user's user name and password to an LDAP server for authentication.

Some session variables, such as GROUP, need to be manually created in the Oracle BI repository. Initialization blocks specify the attributes to be retrieved in session variables. Certain session variables, called system session variables, have special uses. For more information about session variables, the USER system variable, and the Variable Manager, see the appropriate topics in Oracle Business Intelligence Server Administration Guide or Oracle Business Intelligence Server Administration Tool Online Help.

The following key restrictions apply to LDAP and ADSI authentication:

  • Importing of user information into the repository is supported on regular LDAP servers, but not supported on ADSI servers.
  • Groups are defined in the repository. However, if lists of users are stored on LDAP servers, the group membership information must be obtained from a database table.
  • When a User exists in both the repository and in an external source (such as LDAP servers), the local repository User definition takes precedence. This restriction allows the Oracle Business Intelligence Server Administrator to override users that exist in an external security system.
Oracle® Business Intelligence Enterprise Edition Deployment Guide Copyright © 2006, Oracle. All rights reserved.