| Oracle® Health Sciences Cohort Explorer Secure Installation and Configuration Guide Release 1.0 E24988-02 |
|
|
PDF · Mobi · ePub |
| Oracle® Health Sciences Cohort Explorer Secure Installation and Configuration Guide Release 1.0 E24988-02 |
|
|
PDF · Mobi · ePub |
This appendix includes the following topics:
"Install the Oracle Health Sciences Clinical Development Center 3.1 SP1 Client"
"Configuring Your Single Sign-On (SSO) ID with Oracle Business Intelligence Enterprise Edition"
Complete the following pre-installation tasks before you install Oracle Identity Management (OID):
Install Oracle 11gR2 RDBMS.
Create a Database (for example, DB001) using the following parameters:
character set=AL32UTF8
processes = 500
OPEN_CURSOR=600
Set the SYS and SYSTEM password set to Password
Note:
Any database name or password provided in this document is merely an example. Provide your own names and passwords.Download and install Oracle WebLogic Server version 10.3.4.0.
Download and install Oracle Identity Management 11g (OID) version 11.1.1.2.0.
Download and install the Oracle Fusion Middleware Family for Identity Management 11g (OID) version 11.1.1.5.0 patch.
Select the Install Software only option when installing OID.
Click Next and complete the installation.
Note:
When installing OID (LDAP server), we assume you have:Installed all software on the same machine. If you use different computers, replace localhost references.
Used MS Windows as your operating system. The steps to install OID on Unix and Linux are different.
Perform the following steps:
After installing all the prerequisite software, navigate to the following directory and execute the Config.bat file to configure OID:
c:\Oracle\Middleware\Oracle_IDM1\Bin
The following settings were used for the purpose of testing:
Table A-1 Settings Used to Configure OID
| Settings | Parameter | Value |
|---|---|---|
|
WebLogic Settings |
Create Domain Password Domain Name Web Logic Server directory |
weblogic weblogic1 IDMDomain c:\Oracle\Middleware\wlserver_10_3 |
|
OID Settings |
Oracle Instance Name Oracle Identity Federation Component (OIF) Auto Port Configuration LDAP V3 name Space Virtual Directory Admin Admin Password |
asinst_1 Deselect Select c=oracle, dc=com cn=orclAdmin Password123 |
|
Specify Schema Database |
Connect String User Password |
localhost: 1521:db001 sys Password123 |
|
OID Configuration |
ODS Schema Password ODSSM Schema Password |
Password123 Password123 |
|
Create Oracle Internet Directory |
Realm Admin Password |
dc=oracle, dc=com cn=orclAdmin Password123 |
You only need perform the following steps to authenticate LDAP with the CDC application.
This section contains the following topics:
You can create or modify a user and its attributes by using either command line tools or Oracle Internet Directory's self service console, (http://host:port/odsm for 11g and http://host:port/oiddas for 10g).
For more information about the Oracle Internet Directory, refer the Oracle® Fusion Middleware Administrator's Guide located at http://download.oracle.com/docs/cd/E14571_01/oid.1111/e10029/toc.htm.
Before creating an LDAP user, execute the following bind command on command prompt to authenticate to a directory server:
ldapbind -h <OID_host> -p <non_SSLport> -D cn=<OID_superuser> -w <OID_superuser_password>
where:
h specifies the host name of the directory server
p specifies the port number of the directory server
D specifies the bind DN, the user authenticating to the directory.
cn specifies the admin username provided during installation
w specifies the bind password in simple authentication
ldapadd -h <OID_host> -p <nonSSLport> -D cn=<OID_superuser> -w <OID_superuser_password> -f orcl.ldif
where:
p specifies the port number of the directory server
D specifies the bind DN, the user authenticating to the directory
cn specifies the bind username provided during installation
w specifies the bind password in simple authentication
f specifies the LDAP Data Interchange Files containing attributes of a user.
A sample orcl.ldif file has the following content:
dn: cn=cdctest,cn=users,dc=oracle,dc=com
objectclass: inetorgperson
objectclass: orcluserv2
objectclass: orcluser
givenname: cdctest
sn: cdctest
orcltimezone: Asia/Mumbai
mail: username@domain.com
uid: cdctest
userpassword: <<Password for the user>>
orclactivestartdate: 20080310000000z
orclisenabled: ENABLED
Refer the Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory for details.
An LDAP user can view the user information using the OID self-service console. A user can add, modify, or delete user attributes using this console or the command line tool.
Figure A-1 depicts the Self-Service Console used to create an LDAP user.
Figure A-1 Creating an LDAP User Using Self-Service Console
Install the CDC client using the instructions below. This section contains the following topics:
Ensure that no previous installation of the CDC-SCE 3.1 SP1 client exists.
Ensure relevant software prescribed in the Oracle Health Sciences CDC Prerequisites Guideline document are installed.
Ensure that the CDC-SCE 3.1 SP1 Database Server Installation Qualification Protocol is executed successfully.
Install the Oracle Client version 11.2.0.1.0 (32 bit).
Install the JRE 1.6 (32 bit) and set its path in the environment variables of your local machine.
Obtain a copy of the approved SCESetupRCPPlugin.exe file for the installation of the Oracle Health Sciences CDC application.
Copy the SCESetupRCPPlugin.exe file to a temporary directory on the client machine.
Double-click on the SCESetupRCPPlugin.exe file. The CDC Setup: Installation Folder window opens.
You may specify a destination folder. The default destination folder is C:\Program Files\Oracle Health Sciences\CDC.
Click Install. A CDC Setup confirmation message, Install for All Users? is displayed.
Click Yes. The CDC Setup dialog box closes when installation is complete.
Click Close. The CDCSetup: Completed window closes.
Double-click on the CDC shortcut on the desktop or navigate to Start, then Programs, then Oracle Health Sciences, then CDC, then select CDC Client. The Oracle Health Sciences CDC Login window opens.
Click Edit. The Login Preferences dialog opens.
Enter the following values:
Server — Host name
Port—Port name
Database—Database name
Click OK. The Login Preferences dialog closes.
Use Control+Shift to return to the Oracle Health Sciences CDC Login window.
Enter sceadmin in the User and Password fields in the Oracle Health Sciences CDC Login window.
Click OK. The Please select the root folder for SCE Source Control window opens.
Select the working folder and click OK. You are logged in successfully to the Oracle Health Sciences CDC Client application.
Close the Oracle Health Sciences CDC Client window to exit the application.
Launch the Oracle Health Sciences Security Manager application from Start, then select Programs, then Oracle Health Sciences, then CDC, then select Security Manager. The Login to CDC Security Manager window opens.
Click Edit DB. The Edit Database preference dialog opens.
Edit the Database URL string from jdbc:oracle:thin:@localhost:1521:ORCL to jdbc:oracle:thin:@<Database server name >:<Database Port>:<Database name>, entering the same values for Server, Port and Database parameters as provided earlier in Step 8.
Click OK.
Login to the Oracle Health Sciences CDC Security Manager as sceadmin.
Close the window to exit the CDC Security Manager.
Launch the Oracle Health Sciences CDC application from Start, then select Programs, then Oracle Health Sciences, then CDC, then select the CDC Client. Else, click on the desktop CDC shortcut.
Login to Oracle Health Sciences CDC with the created user name and password.
This section includes the following tasks:
To configure your SSO ID, you need:
Oracle 11gR2 RDBMS.
Weblogic server 10.3.4.0.
Oracle Identity Management version 11.1.1.5.0
Refer "Installing the Prerequisite Software" for details.
Follow the instructions below to configure your database. Relevant information is also available at http://download.oracle.com/docs/cd/E11882_01/network.112/e10744/getstrtd.htm#CBHDDECG.
Start NetCA using the netca command.
On Windows, you can also start NetCA from the Start menu—Select Start, then All Programs, then OracleHomeName, Configuration and Migration Tools, Net Configuration Assistant.
On Unix, you can start NetCA using the following command—$ORACLE_HOME/bin/netca.
The Oracle Net Configuration Assistant's Welcome screen is displayed.
Select Directory Usage Configuration and click Next. The Directory Type screen is displayed.
Select Oracle Internet Directory as the Directory Type and click Next. The Directory Location screen is displayed.
Enter details of your directory location.
Hostname: The Oracle Internet Directory server hostname.
Port: The LDAP non-SSL and SSL port numbers. Replace these port numbers with 3060 and 3131 respectively.
SSL Port: The SSL port number.
Click Next. The Select Oracle Context screen is displayed.
Select the default Oracle Context to use. You must select this if there are multiple identity management realms on the directory server.
Click Next. The Directory Usage Configuration: Done screen is displayed.
Confirm that the directory usage configuration is successfully completed. Click Next.
Click Finish.
NetCA creates an ldap.ora file in the $ORACLE_HOME/network/admin directory. This is the $ORACLE_HOME\network\admin directory in Windows. The ldap.ora file stores the connection information details about the directory.
Use the Database Configuration Assistant (DBCA) tool to register the database with the Oracle Internet Directory.
Start DBCA using the DBCA command.
On Windows, you can also start DBCA from the Start menu:
Click Start, then All Programs, then Oracle - OracleHomeName, Configuration and Migration Tools, and finally Database Configuration Assistant.
On Unix, you can start DBCA using the following command: $ORACLE_HOME/bin/dbca.
The Welcome screen is displayed.
Click Next. The Database Configuration Assistant:Operations screen is displayed.
Select Configure Database Options. Click Next.The Database screen appears.
Select the database name that to configure. If you are not using operating system authentication, you might also be asked to enter SYS user credentials.
Click Next. The Management Options screen is displayed.
Select Keep the database configured with Database Control if you want to continue using Database Control to manage the database. You can also choose to use Grid Control to manage the database.
Click Next. The Security Settings screen is displayed.
Select Keep the enhanced 11g default security settings and click Next. The Network Configuration screen is displayed.
Select Yes, register the database to register the database with the directory:
Enter the distinguished name (DN) of a user who is authorized to register databases in Oracle Internet Directory.
Enter the password for the directory user.
Enter a wallet password to protect the wallet. The wallet password that you specify is different from the database password.
Re-enter the password in the Confirm Password field. Click Next.
Note:
The database uses a randomly generated password to log in to the directory. This database password is stored in an Oracle wallet that you can also use to store certificates for SSL connections.The Database Components screen is displayed.
Click Next. The Connection Mode screen is displayed.
Select Dedicated Server Mode or Shared Server Mode.
Click Finish. The Confirmation dialog box appears.
Click OK.
Note:
The default wallet is created in the $ORACLE_BASE/admin/database_sid/wallet directory. Verify that automatic login for the wallet is enabled by checking for the cwallet.sso file in the wallet directory. If the file is not present, open the wallet using Oracle Wallet Manager, and use the option to enable automatic login.Note:
During the Net configuration you might get an Anonymous Bind error. If so, change the attribute value of
orclAnonymousBindsFlag = 1.
Use the following command and file:
Command: ldapmodify -D cn=orcladmin -q -p portNum -h hostname -f ldif File. For example, ldapmodify -D cn=orcladmin -q -p port Num -h localhost -f modfile.ldif
Create a file (modfile.ldif) using admin to OID server that contains:
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
Changetype: modify
replace: orclAnonymousBindsFlag
OrclAnonymousBindsFlag: 1
Follow this procedure to create CDC user credentials on the LDAP server.
Create a CDC user using the security manager and assign the protocol_admin role. While creating a CDC user, select the Use Database Authentication option.
Refer to section "Create an LDAP User" for details.
Create a user on the LDAP server with the same name as the CDC user. Refer to section "Create an LDAP User" for details.
Create the Oracle Internet Directory (OID) user and its attributes by using either command line tools or OID's self service console (http://host:port/odsm for 11g and http://host:port/oiddas for 10g).
Download the Oracle® Fusion Middleware Administrator's Guide for Oracle Internet Directory at http://download.oracle.com/docs/cd/E14571_01/oid.1111/e10029/toc.htm.
Refer to section "Create an LDAP User" for details. We recommend that you create an OID user using command line tools.
Login to the database as System manager.
Edit the CDC user to be able to identify it globally. The identification needs to include the “distinguished name” of the user. Execute the following command:
Alter user cdctest identified globally as 'cn=cdctest,cn=users,dc=oracle,dc=com';
where; the USER_NAME is replaced with the correct user account and DISTINGUISH_NAME is replaced with the LDAP information.
After completing all the configuration, you can log in to the CDC client as well as the database application using LDAP password authentication.
This section includes the following topics:
"Run the Repository Creation Utility (RCU) to Create Oracle Business Intelligence Database Schemas"
"Install Oracle Business Intelligence Enterprise Edition (OBIEE) 11g"
Complete the following tasks:
Install Oracle 11g RDBMS.
Create Database DB003, with AL32UTF8, processes = 500 and OPEN_CURSOR=600
Obtain RCU. It is available either on its own installation CD-ROM in the bin directory, or in a .zip file on Oracle Technology Network (OTN): http://www.oracle.com/technology/software/products/middleware/htdocs/111110_fmw.html
After creating a user, configure the database to use the LDAP directory.
For more information, refer to Chapter 2, "Getting Started with Enterprise User Security ", of the Oracle® Database Enterprise User Security Administrator's Guide 11gRelease 2 (11.2). The guide is available for download at:
http://download.oracle.com/docs/cd/E11882_01/network.112/e10744/getstrtd.htm#CBHDDECG
Perform steps mentioned in Sections 2.1 and 2.2 to configure and register your database.
Tip:
When you perform Netconfiguration, you may get the Anonymous Bind error. Change the attribute value of orclAnonymousBindsFlag to 1. Use the following command:ldapmodify -D cn=orcladmin -q -p portNum -h hostname –f ldif File
A sample .ldif file has the following content:
dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry
Changetype: modify
replace: orclAnonymousBindsFlag
OrclAnonymousBindsFlag: 1
You can run RCU locally from the CD-ROM or your RCU_HOME, or remotely. If you are not allowed to install components in the database server, you can run RCU directly from the CD.
To create the Oracle Business Intelligence schemas using RCU:
Do either of the following:
If you downloaded and extracted the RCU .zip file, access the bin directory in the RCU_HOME.
If you have the RCU CD-ROM, insert the CD-ROM into your computer and access the bin directory.
Start RCU. In Unix:/rcu. In Windows: rcu.bat. The Welcome screen opens.
Click Next. The Create Repository screen opens.
In the Create Repository screen, select Create and then click Next. The Database Connection Details screen opens.
In the Database Connection Details screen, select the type of database on your system. You must create the Oracle Business Intelligence schemas on this database. Enter the necessary credentials for RCU to be able to connect to your database.
Figure A-2 Repository Creation Utility-Database Connection Details
Click Next. The Checking Prerequisites screen opens. After checking is complete with no errors, click OK to close the screen and proceed to the Select Components screen
In the Select Components screen, near the top of the screen, select Create a new Prefix. The default prefix is DEV. Enter another prefix if you prefer.
Oracle Business Intelligence 11g Installer automatically creates schema names in the format prefix_schemaname. For example, if you enter the prefix BI, Oracle Business Intelligence 11g Installer creates a schema named BI_BIPLATFORM.
Important:
Make a note of these schema names and the prefix values from this screen. You need them to configure your products later in the installation process.Click the plus sign (+) next to the Business Intelligence component group. Select Business Intelligence Platform (a check mark appears next to it). This action automatically selects the Metadata Services (MDS) schema (under the AS Common Schemas group), which is also required by Oracle Business Intelligence.
If you have another MDS schema installed to use with Oracle Business Intelligence, deselect the Metadata Services (MDS) check box and ignore the warning message that appears in the Messages box.
Do not click the Oracle AS Repository Components check box because this configures RCU to install many other schemas that are not required by Oracle Business Intelligence.
Click Next. The Checking Prerequisites screen opens. After the checking is complete with no errors, click OK to close the screen and proceed to the Schema Passwords screen.
In the Schema Passwords screen, select Use same password for all schemas. Enter and confirm a password for the schemas.
Click Next to proceed to the Map Tablespaces screen. In the Map Tablespaces screen, confirm the schema names.Click Next to create the tablespaces for the schemas.
After the tablespaces are created with no errors, click OK to close the screen and proceed to the Summary screen.
In the Summary screen, click Create. The Create screen opens and RCU creates the schemas. After the schemas are created with no errors, the Completion Summary screen opens.
In the Completion Summary screen, click Close.
Follow the instructions below to install OBIEE 11g.
Download the latest OBIEE 11g (11.1.1.5.0) from:
Extract the downloaded copy into two different folders.
Download and use OBIEE installation instructions from:
https://debaatobiee.wordpress.com/tag/obiee-11g-install-guide/
or
http://download.oracle.com/docs/cd/E12839_01/install.1111/e12002/oid.htm#CIHHFIGC
The following is a sample of OBIEE settings:
Administrator details
Username: weblogic
Password: weblogic1
Confirm Password: weblogic1
BIPLATFORM Schema
Enter the following details and click Next.
MDS Schema:
Enter the following details and click Next to complete the installation.
During the installation, you may be asked to enter the Disk path before you can proceed with the installation.
To configure OBIEE with OID:
Use the following link to download configuration instructions.
http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10543/privileges.htm
Use the Enterprise Manager Link to access the Oracle Weblogic Server (WLS) Administration Console. The User Name is weblogic, password is weblogic1.
Figure A-5 Enterprise Manager Link to Oracle WLS Console
In the Oracle WebLogic Server Administration Console, click Lock & Edit in the Change Center.
Select Security Realms from the left pane and click myrealm.
Select the Providers tab, then select the Authentication subtab.
Click New to launch the Create a New Authentication Provider page.
Enter values in the Create a New Authentication Provider page:
Click the new Authenticator Provider in the Name column to display the Settings for <Authentication Provider Name> page.
Select the Configuration\Common tab, and use the Control Flag drop-down list to select SUFFICIENT. Click Save.
Select the Provider Specific tab. Specify details for the Connection, Users, Static and Dynamic Groups, and General Area under the Provider Specific tab.
Click Save.
At the main Settings for myrealm page, select the Providers tab, then select the Authentication subtab.
Click Reorder to open the Reorder Authentication Providers page.
Select the name of the Oracle Internet Directory authentication provider (for example, MyOIDDirectory) and use the arrow buttons to move it into the first position in the list. Click OK.
Click DefaultAuthenticator in the Name column to view the Settings for DefaultAuthenticator page.
Select the Configuration\Common tab, and use the Control Flag drop- down list to select SUFFICIENT, then click Save.
To configure the User Name attribute:
In Oracle Enterprise Manager - Fusion Middleware Control, navigate to \Weblogic domain\bifoundation_domain in the navigation pane.
Right-click bifoundation_domain and select Security, then select Security Provider Configuration to view the Security Provider Configuration page.
In the Identity Store Provider area, click Configure to display the Identity Store Configuration page.
In the Custom Properties area, use the Add option to add the following two Custom Properties:
User.login.attr and username.attr
Click OK to save changes.
Restart the Admin Server.
You must add the OID user to the BISystem/BIAdministrators Application Role.
In the Fusion Middleware Control target navigation pane, go to the Oracle WebLogic Server domain in which Oracle Business Intelligence is installed. For example, bifoundation_domain.
Go to the Application Roles page in Fusion Middleware Control.
In the Select Application Stripe to Search list, select OBI from the list. Click the search arrow to the right of the Role Name field.
Select BIAdministrators Application Role and click Edit. You can also choose to edit other OBIEE-specific roles displayed in the list.
In the Edit Application Role page, click Add Group/Add User.
In the Add User dialog, search for the trusted user created in Oracle Internet Directory. Use the shuttle controls to move the trusted user name (BIAdministrators) from the Available Users list to the Selected Users list.
Click OK. The trusted user (BIAdministrators) contained in Oracle Internet Directory is now a member of the BISystem Application Role.
Add the trusted user's credentials to the oracle.bi.system credential map.
From the Fusion Middleware Control target navigation pane, expand the form, then expand WebLogic Domain, and select bifoundation_domain.
From the WebLogic Domain menu, select Security, then Credentials.
Open the oracle.bi.system credential map, select System User and click Edit.
In the Edit Key dialog, enter BISystemUser (or name you selected) in the User Name field. In the Password field, enter the trusted user's password that is contained in Oracle Internet Directory.
Click OK.
In WebLogic Console, click myrealm to view the Settings for <Realm> page, select the Roles and Policies tab, and add the new System user to the Global Admin Role.
Start the Managed Servers. The new trusted user from Oracle Internet Directory is configured for Oracle Business Intelligence.
Note:
If you have created a trusted OID Group, then in the Add Group option, select the corresponding group and include it in an Application Role. This ensures that OID users under the same group automatically get included in the Application Role.)
|
 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
