Siebel Reports Guide > Integrating Oracle BI Publisher with Siebel CRM for Siebel Innovation Pack 2017 > Configuring Security and Authentication for Siebel Reports >
Configuring Siebel Reports in a Web Single Sign-On Environment
This task is a step in Configuring Security and Authentication for Siebel Reports. This topic describes the configuration tasks you must perform to configure Siebel CRM and Oracle Business Intelligence Publisher (Oracle BI Publisher) in a Web Single Sign-On (SSO) environment. Oracle BI Publisher is the reporting module for Siebel CRM. Siebel Reports integrates with Oracle BI Publisher to run and administer reports. For information on configuring Siebel CRM and Oracle BI Publisher for Web SSO authentication, see the following topics:
Configuring Siebel CRM for Integration with Oracle BI Publisher with Web Single Sign-On
This topic lists the configuration tasks you must perform for your Siebel application so that it can integrate with Oracle BI Publisher when Web Single Sign-On (SSO) authentication is implemented. To configure Siebel CRM for BI Publisher integration in a Web SSO environment
- For the Security Adapter Profile (LDAP Security Adapter profile) that is used for authentication and Web SSO, specify parameter values as shown in the following table.
|
|
Single Sign On |
True |
Trust Token |
password This is the value of the TrustToken parameter used for SSO in the Application Interface profile. |
- For the server components listed in the following table, specify values for the parameters shown. Specify values for the LDAP security adapter.
|
|
|
Application Object Manager and EAI Object Manager |
Security Adapter Name |
LDAPSecAdpt |
Security Adapter Mode |
LDAP |
Username |
LDAP_USER_ID |
Password |
password The password associated with the LDAP_USER_ID |
XMLP Report Server |
Security Adapter Name |
LDAPSecAdpt |
Security Adapter Mode |
LDAP |
Username |
LDAP_USER_ID |
Password |
password This is the value of the TrustToken parameter used for SSO in the Application Interface profile. |
NOTE: The LDAP_USER_ID values you specify must be an LDAP user who has a Siebel employee record, for example, AnonUserName, in the Application Interface profile.
- In the [/eai_lang] section of the Application Interface profile, remove the following parameters:
|
|
Single Sign On |
False |
Trust Token |
TrustToken_Value |
UserSpec |
HTTP Header Variable |
User SpecSource |
Header |
TIP: Ensure that the redirection to SSO server for the Application Interface profile is not set up on the Siebel Application Interface.
NOTE: The Siteminder ERP Agent for Siebel (also known as Web Agent) and the Siteminder Policy Server is still used to obtain the User Identity in the form of a HTTP header variable called SIEBELUSER and SSO Authentication Ticket.
- Restart the Siebel Server, and the Application Interface.
- When the services are started, verify that the Application Object Manager, EAI Object Manager, and XMLP Report Server components are online.
If any of these services are unavailable, create a service request (SR) on My Oracle Support. Alternatively, you can phone Oracle Global Customer Support directly to create a SR or get a status update on your current SR. Support phone numbers are listed on My Oracle Support.
Configuring Oracle BI Publisher for Integration with Siebel CRM with Web Single Sign-On
This topic describes how to configure Oracle BI Publisher to integrate with Siebel CRM when Web Single Sign-On (SSO) authentication is implemented. To configure Oracle BI Publisher for Siebel CRM integration in a Web SSO environment
- Log into the Oracle BI Publisher Server with administrator credentials.
- Click the Admin tab, then select Security Configuration in the Security Center section.
- Change the value of the Administrator Password parameter for the Siebel Security Model to specify the value of the Trust Token (in clear text) specified for Web SSO in the Application Interface profile.
- Restart the Oracle BI Publisher WebLogic server.
NOTE: After the Administrator Password parameter is set to specify the value of the Trust Token, any Siebel user who wants to log into the Oracle BI Publisher Server must enter the Trust Token value as the password.
Enabling Reports Scheduling with Web Single Sign-On
This topic describes how to enable Siebel Reports scheduling when Web Single Sign-On (SSO) authentication is implemented for Siebel CRM and when the Siebel Security Model is implemented for Siebel Reports. Oracle BI Publisher issues an inbound Web service call (BIPDataService) to retrieve data from the Siebel application when reports are scheduled and executed. During this process, report users are authenticated against the EAI Application Object Manager. You must, therefore, use a non-SSO security adapter for reports scheduling. To enable Siebel Reports scheduling when Web SSO is implemented
- Create a new custom Siebel Server component based on the EAI Object Manager component, and name the new component BIP EAI Object Manager.
For information about creating custom Siebel Server component definitions, see Siebel System Administration Guide.
- Create a new Siebel enterprise profile (named subsystem) by copying the security adapter profile used by the Application Object Manager. Do the following:
- Set the SSO profile parameter for the new security adapter profile you created in Step 2 to False.
- For the BIP EAI Object Manager component you created in Step 1, specify values for the parameters shown in the following tables:
|
Value (LDAP Authentication) |
Security Adapter Name |
LDAPSecAdpt_NoSSO |
Security Adapter Mode |
LDAP |
- Synchronize the new component definitions, then restart the Siebel Server and the Siebel Gateway services.
For information about synchronizing components on a Siebel Enterprise Server, see Siebel System Administration Guide.
- Create a new application as part of the Application Interface profile and do the following:
- Add the following basic information parameters:
Application Name = bipeai
Language =<lang>
Object Manager= EAI Object Manager(ENU)
Configure EAI HTTP Inbound Transport = TRUE
- Add the following enhanced authentication parameters:
Anonymous User Name : <Guest Login>
Anonymous User Password: <Guest Password>
- Create a second application as part of the Application Interface profile and do the following:
- Add the following basic information parameters:
Application Name = eai_anon
Language =<lang>
Object Manager= EAI Object Manager(ENU)
Configure EAI HTTP Inbound Transport = TRUE
Configure Anonymous Pool = TRUE
Anonymous Pool Size = <Pool Size>
- Add the following enhanced authentication parameters:
Anonymous User Name : <Guest Login>
Anonymous User Password: <Guest Password>
- Launch the Siebel Web Client and log into the Siebel application as a Siebel administrator.
- Navigate to the Administration - Web Services screen, then the Inbound Web Services view.
- In the Name field of the Inbound Web Services list, query for BIPDataService.
- In the address URL for the BIPDataService, change the value eai_lang to eai_anon_lang. For example:
http://SiebelWebServerName/eai_anon_lang/start.swe?SWEExtSource=WebService&SWEExtCmd=Execute&WSSOAP=1
- Click the Generate WSDL button to generate a WSDL file, then save the file with the name dataservice.wsdl.
- Copy the dataservice.wsdl file to the Oracle BI Publisher home directory. By default, this is the
<root dir>\user_projects\domains\bifoundation_domain directory on the Oracle BI Publisher server.
- Restart the Oracle BI Publisher WebLogic server.
Enabling Transport Layer Security for Oracle BI Publisher Running on Oracle WebLogic Server
You must enable Transport Layer Security (TLS) for Web applications, such as Oracle BI Publisher, running on Oracle WebLogic server. NOTE: Oracle BI Publisher does not control TLS/SSL. Oracle BI Publisher runs on Oracle WebLogic server and depends on the TLS/SSL environment used by Oracle WebLogic server.
To enable TLS for Oracle BI Publisher running on Oracle WebLogic server
- Log in to the Oracle WebLogic server console.
- Click <Domain>, click Environment, click Servers, and then <Server>.
- Under Configuration and General, select the SSL Listen Port Enabled check box.
- Select the SSL tab, click Advanced, and then select the Use JSSE SSL check box.
Choosing to use Java Secure Socket Extension (JSSE) ensures that Oracle WebLogic v10 and v11 uses the TLS features of Java, instead of any existing SSL implementation.
NOTE: The WebLogic server's internal SSL implementation is not compatible with current TLS implementations in modern browsers.
Oracle WebLogic server v12.2.1.0.0 uses JSSE by default and does not provide the option to switch back to an SSL implementation.
- Restart Oracle WebLogic server for the changes to take effect.
- To force the use of TLS v1.2, do the following:
- Open the setDomainEnv.sh file.
- In the WebLogic Startup parameter, set Dweblogic.security.SSL.protocolVersion to TLSv1.2:
Dweblogic.security.SSL.protocolVersion=TLSv1.2
Once this is done, any clients that do not support TLS v1.2 will be rejected.
|