25 Understanding BI Publisher in Oracle Identity Manager

Oracle Business Intelligence (BI) Publisher is Oracle's primary reporting tool for authoring, managing, and delivering all highly formatted documents in Oracle Identity Manager. BI Publisher is shipped by default with Oracle Identity Manager 11g Release 2 (11.1.2.3.0).This chapter describes how to create Oracle Identity Manager reports using embedded BI Publisher, deploy the report, and run it. It contains the following topics:

25.1 Overview

Oracle BI Publisher is an Oracle's enterprise reporting solution and provides a single reporting environment to author, manage, and deliver all of your reports and business documents. Utilizing a set of familiar desktop tools, such as Microsoft Word, Microsoft Excel, or Adobe Acrobat, you can create and maintain report layouts based on data from diverse sources, including Oracle Identity Management products.

See Also:

Oracle Fusion Middleware Developer's Guide for Oracle Business Intelligence Enterprise Edition to learn more about Oracle BI Publisher functionality.

BI Publisher binaries are installed by default with Oracle Identity Manager in the same Middleware Home directory. Configuration of BI Publisher is accomplished automatically while configuring Oracle Identity Manager.

Oracle BI Publisher provides the following capabilities as part of default installation in Oracle Identity Manager:

  • Installs the BI Publisher schema into the Oracle Identity Manager repository database.

  • Integrates BI Publisher into the same WebLogic server domain as Oracle Identity Manager. This process configures the primary BI Publisher server named as bi_server1.

  • Provides highly formatted and professional quality reports with headers/footers.

  • Supports PDF, Micorsoft Word, and HTML formats.

  • Enables you to develop your own custom reports against the Oracle Identity Manager repository.

  • Enables you to use BI Publisher's scheduling capabilities and delivery mechanisms, such as e-mail.

25.2 Benefits of Embedded BI Publisher

As an administrator, configuring embedded BI Publisher have the following benefits:

  • In earlier releases of Oracle Identity Manager, BI Publisher is to be downloaded, which is bundled with the Oracle Business Intelligence Enterprise Edition (OBIEE) Suite. Embedded BI Publisher is lightweight and smaller in size than the full BISHIPHOME.

  • Embedded BI Publisher can be installed at runtime during Oracle Identity Manager installation, and can be configured within the same WebLogic domain on which Oracle Identity Manager is deployed.

  • The BI Publisher reports access is granted to the Oracle Identity Manager user administrator by default via the Oracle Identity Manager role BIReportAdministrator. User members of this role can get the access of BI Publisher and Oracle Identity Manager reports.

  • By default, Oracle Identity Manager administrative users have access to the BI Publisher and Oracle Identity Manager reports. By logging in to Oracle Identity Manager, administrator can grant the BIReportAdministrator role to other Oracle Identity Manager users, as required.

25.3 Verifying the Integration of BI Publisher with Oracle Identity Manager

To verify the integration of BI Publisher with Oracle Identity Manager in fresh configuration mode:

  1. Login to BI Publisher by using your Oracle Identity Manager system administrator credentials by navigating to the following URL:

    http://HOST_NAME:PORT/xmlpserver

    The default port for BI Publisher server is 9704.

    Note:

    Make sure that BI Publisher server is running when accessing the BI Publisher URL.
  2. Click Catalog. The Oracle Identity Manager directory with reports is displayed under the Shared Folders directory.

    You can now use the full capabilities of BI Publisher, such as PDF report generation and e-mail delivery.

Note:

  • In addition to Oracle Identity Manager System administrator credentials, you can also access BI Publisher by using the WebLogic credentials and BISystemUser credentials.

  • By default, BISystemUser password is same as that of Oracle Identity Manager system administrator password.

25.4 Granting BI Publisher Access to Other Oracle Identity Manager Users

The BI Publisher reports access is granted to the Oracle Identity Manager user administrator by default via the Oracle Identity Manager role BIReportAdministrator.

All Oracle Identity Manager users that are members of this BIReportAdministrator role have access to the reports catalog and administrator tabs of BI Publisher.

By default, only Oracle Identity Manager System administrators has the rights to login to BI Publisher and access Oracle Manager Identity reports.

Note:

When BI Publisher is installed, an OPSS application role for it is created. This OPSS application role is combined with the permissions on the BI Publisher catalog to achieve the BI Publisher-specific security rules. For detailed information about OPSS, see Oracle Fusion Middleware Application Security Guide.

25.5 Creating and Deploying BI Publisher Reports

For comprehensive information on using BI Publisher to create and deploy reports, see the BI Publisher documentation library at the following URL:

http://www.oracle.com/technetwork/middleware/bi-publisher/documentation/index.html

25.6 Configuring SSL-Enabled Email Server

To configure SSL-enabled email server for BI Publisher:

  1. Import the target system certificate into the JDK (or JRE) used by Oracle Identity Manager. For example:

    keytool -import -keystore MY_CACERTS -file CERT_FILE_NAME -storepass PASSWORD
    

    In this command:

    • MY_CACERTS is the full path and name of the certificate store. The default is cacerts.

    • CERT_FILE_NAME is the full path and name of the certificate file.

    • PASSWORD is the password of the keystore.

    For example:

    keytool -import -keystore /home/OIM/java/jdk/lib/security/cacerts -file /home/target.cert -storepass kspassword
    
  2. Import the target system certificate into the Oracle WebLogic Server keystore, as shown:

    keytool -import -keystore WEBLOGIC_HOME/server/lib/DemoTrust.jks -file CERT_FILE_NAME -storepass PASSWORD
    

    Here, CERT_FILE_NAME is the full path and name of the certificate file, and PASSWORD is the password of the keystore.

    For example:

    keytool -import -keystore WEBLOGIC_HOME/server/lib/DemoTrust.jks -file /home/target.cert -storepass DemoTrustKeyStorePassPhrase
    
  3. (Optional) To run SOA in non-SSL mode, remove DemoTrust store references from the SOA environment. To do so:

    1. Modify the MSERVER_HOME to remove the DemoTrust references.

    2. Remove the following references from setDomainEnv.sh:

      -Djavax.net.ssl.trustStore=$WEBLOGIC_HOME/server/lib/DemoTrust.jks from EXTRA_JAVA_PROPERTIES
      
    3. Restart the Administration server and the Managed servers.

25.7 Configuring SSO in Access Manager Enabled Environment (Optional)

For an Oracle Identity Manager environment that is integrated with Oracle Access Manager (OAM), which uses the default LDAP sources for authentication, Oracle Identity Manager Administrator does not have the required privilege to access Oracle BI Publisher. A specific BI Publisher role must be granted to the administrator user in the LDAP repository. To do so:

  1. Login to Oracle Enterprise Manager by using WebLogic administrator user credentials.

  2. Expand Weblogic Domain. Right-click DOMAIN_NAME, and select Security, Application Roles.

  3. From the Application Stripe list, select obi. Click the search icon adjacent to the Role Name field. The BISystem role is displayed.

  4. To assign the Oracle Identity Manager administrator user to the BISystem role, select the row and click Edit. The Edit Application Role: BISystem page is displayed.

  5. Click Add. The Add Principal dialog box is displayed. From the Type list, select User. Enter the user login as OracleSystemUser in the Principal Name field. Click the search icon adjacent to the Display Name field.

  6. Select the searched principals name. Click Ok. The OracleSystemUser user is added as member.

  7. Click OK.

  8. Login to BI Publisher and access Oracle Identity Manager reports.

25.8 Patching Embedded BI Publisher Binaries

Embedded BI Publisher does not have Oracle Universal Installer (OUI). It is installable, and an external OUI can be used to install it. Use the OUI install directory that is created when your product is installed. Use the -oui_loc option to point to an OUI directory to apply the Opatch for embedded BI Publisher binaries.

Use the following command as an example to apply Opatch on embedded BI Publisher binaries:

opatch apply PATCH_LOCATION