Configuring EPM System SSO

You must set security options in Shared Services to force EPM System to use the custom login class to authenticate users. The following procedure explains only the steps that you must take to enable the use of the custom login class. See “Setting Security Options” in the Oracle Hyperion Enterprise Performance Management System User and Role Security Guide.

EPM System provides com.hyperion.css.sso.agent.X509CertificateSecurityAgentImpl to extract the user identity (DN) from x509 certificates.

If you must derive user identity from a certificate attribute other than DN, you must develop and implement a custom login class. See Implementing a Custom Login Class.

  To enable the use of custom login class:

  1. Launch Shared Services Console.

  2. Select Administration, and then Configure User Directories.

  3. Select Security Options.

  4. In Security Options, set global parameters.

    1. Select Enable SSO.

    2. In SSO Provider or Agent, select Other

    3. In SSO Mechanism, select Custom Login Class.

    4. In the field next to SSO Mechanism, enter com.hyperion.css.sso.agent.X509CertificateSecurityAgentImpl.

      If you created a custom login class, you must enter the fully qualified name of the custom class.

  5. Click Save.

  6. Restart Shared Services and other EPM System products.