This chapter describes the integration of Oracle Business Intelligence with Oracle Single Sign-On.
When Oracle Business Intelligence is registered with the Oracle Single Sign-On server as a partner application, user authentication is delegated to the Oracle Single Sign-On server. An Oracle HTTP Server module called mod-osso transmits header values such as username of the authenticated user to Oracle BI, specifically, to BI Presentation Services.
In order for mod_osso to redirect the user to the Single Sign-On server, the Oracle BI URL must be protected. You can secure URLs in one of two ways: statically or dynamically. Static directives simply protect the application, ceding control over user interaction to mod_osso.
When a web user tries to access Oracle BI with Oracle SSO enabled, the user is redirected to the Single Sign-On server and is challenged for credentials via a JSP login page. After verifying the credentials in Oracle Internet Directory, the server sets an SSO session cookie and passes an authentication token to Oracle BI.
If the user is already logged in to the Single Sign-On server and then tries to access Oracle BI, the user is redirected to the Single Sign-On server but is not challenged for credentials. The SSO session cookie is used to validate the user identity. The server passes an authentication token to Oracle BI.
BI Presentation Services then utilizes the BI Server Impersonation feature to create a connection to the BI Server on behalf of the authenticated end user. Additional authorizations for the user takes place in the BI repository that determines, for example, the security groups associated to the user. This in turn determines subject area access, presentation catalog access and data visibility that must be applied for the user.
The user request is processed, and BI Presentation Services then serves the content.
The following steps enable Oracle Single Sign-On with Oracle BI:
NOTE: It is assumed that user authentication with Oracle Internet Directory has already been configured for Oracle BI. This is a necessary configuration. Refer to the chapter Integrating Oracle Internet Directory With Oracle Business Intelligence for more information on setting up and using Oracle Internet Directory for BI user authentication.