Oracle^® Business Intelligence Enterprise Edition Deployment Guide > Enabling Oracle Single Sign-On for Oracle Business Intelligence >

Configuring BI Presentation Services to Operate in the SSO Environment

Perform the following configuration on all instances of BI Presentation Services in your deployment. Shut down the BI Presentation Services before making any changes.

The instanceconfig.xml file is located in the OracleBIData_HOME\web\config directory on Windows and OracleBIData_HOME/Data/web/config on Linux or UNIX.

To configure BI Presentation Services to Operate in the SSO Environment

1. Open instanceconfig.xml for editing.
2. Locate the <Auth> element.

   If this does not exist, create this element, sub-elements and parameters under the ServerInstance tag as shown in the following example:

   <ServerInstance>
   <!-- other settings ... -->
      <Auth>
            <SSO enabled="true">
               <ParamList>
   
   <!--IMPERSONATE param is used to get the authenticated user's username and is required -->
                  <Param name="IMPERSONATE"
                     source="serverVariable"
                     nameInSource="REMOTE_USER"/>
               </ParamList>
   
   <LogoffUrl> http://<OSSO_HOST:HTTP_PORT>/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=https%3A%2F%2F<BI_HOST:PORT>%2Fanalytics%2F</LogoffUrl>
   
   <LogonUrl> http://<OSSO_HOST:HTTP_PORT>/pls/orasso/orasso.wwsso_app_admin.ls_login</LogonUrl>
            </SSO>
      </Auth>
   <!-- other settings ... -->
   </ServerInstance>

3. Secure the machines that are permitted to communicate with BI Presentation Services directly.

   This can be done by setting the Listener\Firewall node in instanceconfig.xml with the list of HTTP Server or servlet container IP addresses.

   • In addition, the Firewall node must include the IP addresses of all BI Scheduler instances, BI Presentation Services Plug-In (Java Servlet) and BI Javahost instances.
   • If any of these components are co-located with the BI Presentation Services, then address 127.0.0.1 must be added in this list as well.

     NOTE:  This setting does not control end-user browser IP addresses.

4. When using mutually-authenticated SSL, you must specify the Distinguished Names (DNs) of all trusted hosts in the Listener\TrustedPeers node.

   For more information, see Enabling Secure Communication in Oracle Business Intelligence.

   For example:

   <ServerInstance>
      <!-- other settings ... -->
         <Listener>
            <Firewall>
               <Allow address="127.0.0.1"/>
               <Allow address="192.168.1.100"/>
               <Allow address="192.168.1.101"/>
            </Firewall>
            <!-- other settings ... -->
         </Listener>
      <!-- other settings ... -->
   </ServerInstance>

5. Verify that an entry pointing to the BI Presentation Services credential store exists in the instanceconfig.xml file. This credential store contains the credentials for the Impersonator user.

         CredentialStorage type="file" path="<OracleBIData>/web/config/credentialstore.xml" passphrase="another_secret"/>
         <!-- other settings ... -->
         </CredentialStore>

6. Restart BI Presentation Services.