SSO Implementation Considerations

When implementing a SSO solution with Oracle Analytics Server you should consider the following:

• When accepting trusted information from the HTTP server or servlet container, you must secure the machines that communicate directly with Presentation Services. In the instanceconfig.xml file, specify the list of HTTP Server or servlet container IP addresses in the Listener\Firewall node. The Firewall node must include the IP addresses of all Oracle BI Scheduler instances, Presentation Services instances, and Oracle Analytics Server JavaHost instances.

• If any of these components are co-located with Presentation Services, you must add the 127.0.0.1 address in Firewall node. Setting the list of HTTP Server or servlet container IP addresses does not control end-user browser IP addresses. When using mutually-authenticated SSL, you must specify the Distinguished Names (DNs) of all trusted hosts in the Listener\TrustedPeers node.

• When SSO is configured, the SSO's session timeout overrides Oracle Analytics Server's OAS ClientSessionExpireMinutes setting in instanceconfig.xml.