2 Install Oracle Argus Analytics

2.2.1 Configure ETL Client on ODI

This section lists steps to configure ETL Client on ODI and install ODI Studio and create master and work repository.

Before configuring ODI Settings, you must install ODI Studio and configure an agent (either Standalone Agent, Java EE Agent, or Colocated Agent).

ODI 12c has the following types of installation:

• Enterprise Installation—Enables you to deploy ODI Studio along with the binaries to configure either Java EE Agent, or Colocated Agent.

• Standalone Installation—Enables you to deploy ODI Studio along with the binaries to configure Standalone Agent.

To understand the agent topologies for the best suitable installation, Oracle recommends you to refer ODI Install and Configuration Guide > Planning the Oracle Data Integrator Installation section.

When installing the ODI, note down the SUPERVISOR credentials, and Master and Work Repository credentials.

For more details, refer to the Oracle Data Integrator Install and Configuration Guide for ODI 12.2.1.3:

https://docs.oracle.com/middleware/12213/lcm/ODING/toc.htm#ODING">>https://docs.oracle.com/middleware/12213/lcm/ODING/toc.htm#ODING

2.3.1 Launch the Universal Installer

1. Extract the contents of the media pack into a temporary directory (For example, C:\argus_analytics_temp).

2. Navigate to the \install directory under the extracted temporary folder.

3. Double-click the setup.exe file to launch the Oracle Universal Installer with the Welcome screen.

2.3.2 Complete the Oracle Argus Analytics Installer Process

The installer will take you through a series of prompts. Attend to the Installer's prompts. The following sections describe each Installer screen, and the required action.

1. Choice of New Install / Upgrade from Previous Versions

   Select if Argus Analytics is a fresh installation or an upgrade installation which is supported from Argus Analytics 8.1.1 to 8.2.

   Note:

   The upgrade path installation needs information to be provided on the previous Argus Analytics installation details.

2. Oracle Argus Analytics Home Path

   The Oracle Argus Analytics Home path is the location where all the staged files from the Installer will get copied to the local machine. This is also the location from where the Installer would execute the database scripts.

   Home Name: ANHome1

   Path: C:\argus_analytics

   Click Next.

   Note:

   In case of Installation choice as upgrade path, provide the previously installed AN Home details.

3. Select the Choice of New Install / Upgrade from AN 8.1.1

   For new or upgrade install, corresponding details will be asked. These details are explained in the respective sections below.

4. Argus Safety Database Details

   This screen collects all information about the source Argus Safety database.

   Supply the values for:

   • Argus Safety Database Connect String

   • Argus Safety Schema, Password

   • Argus Safety DBA User: Enter the custom INSTALL(DBA) user name (created in Section 2.2, "Preinstallation Configuration" > Step 5).

   • Argus Safety DBA Password: Password of the INSTALL(DBA) user

   • VPD Schema Name

   • ESM Schema Owner

   • ESM Schema Password

   • Oracle Argus Analytics Source Schema and Password

   • Oracle Argus Analytics Source RPD Schema and Password

   • Oracle Argus Analytics Source Work Schema and Password

   • Oracle Argus Analytics Source Default Tablespace [<AN_DATA_TS>]

   • Oracle Argus Analytics Source Temp Tablespace [<AN_TEMP_TS>]

   Note:

   Oracle Argus Analytics Source schema, Argus Analytics Source RPD schema, and Argus Analytics Source Work schema are the new schemas which would get created by the installer to store the views for all Argus Source tables that are needed for the ETL and reporting process. You must ensure that these are not pre-existing schemas before running the Oracle Argus Analytics Installer.

   If Upgrade Install is chosen, provide the existing details of AN Schemas respectively.

   Example:

   • AS Database Connect String: AS70X_SID

   • AS Schema: ARGUS_APP

   • AS Password: <ARGUS_APP user's password>

   • AS DBA User Name: <INSTALL user name>

   • AS DBA User Name: <INSTALL user's password>

   • VPD Schema: VPD_ADMIN

   • ESM Schema Owner: ESM_OWNER

   • ESM Schema Password: < ESM_OWNER's password>

   Click Next

   • Oracle Argus Analytics Source Schema: AN_SRC

   • Oracle Argus Analytics Source Password: <AN_SRC password>

   • Oracle Argus Analytics Source RPD Schema: AN_SRC_RPD

   • Oracle Argus Analytics Source RPD Password: <AN_SRC_RPD password>

   • Oracle Argus Analytics Source Work Schema: AN_SRC_WRK

   • Oracle Argus Analytics Source Work Password: <AN_SRC_WRK password>

   • Oracle Argus Analytics Source Default Tablespace: <AN_DATA_TS>

   • Oracle Argus Analytics Source Temp Tablespace: <AN_TEMP_TS>

5. Oracle Argus Analytics Data Mart Details

   This screen collects all the information regarding the Oracle Argus Analytics data mart details.

   The following are the details of the data mart:

   • DWH Data Mart DB Connect String

   • DWH Data Mart DBA User name: Enter the customer INSTALL(DBA) User Name (created in Section 2.2, "Preinstallation Configuration" > Step 5).

   • DWH Data Mart DBA User Password: Password of the INSTALL(DBA) user

   • DWH Schema and Password

   • DWH RPD Schema and Password

   • DWH Work Schema and Password

   • DWH Default Tablespace

   • DWH Temporary Tablespace

   Note:

   DW Schema, DWH RPD Schema, and DWH Work Schema are the new schemas that will be created by the installer to store the ETL data. Oracle Argus Analytics RPD schema is the schema which would contain the synonyms of all the data mart tables and is used by OBIEE reports.

   Tablespaces that are going to be specified here should have got created during the pre-installation steps.

   If Upgrade Install is chosen, provide the existing details of AN Schemas respectively.

   If the Argus Safety System is a multi-tenant application, the VPD policy and additional contexts are created during installation with names predefined as:

   • VPD Policy Names:

     <AN_SRC>_src_vpd

     <AN_DWH>_dwh_vp

   • Contexts:

     <AN_SRC>_src_ctx

     <AN_DWH>_dwh_ctx

   • Exadata Context:

     <AN_DWH>_exa_ctx

   Example:

   • DW Database Connect String: ANDWH_SID

   • DW DBA User Name: <INSTALL user name>

   • DW DBA User Password: <INSTALL user's password>

   • Oracle Argus Analytics DW Schema: AN_DWH

   • Oracle Argus Analytics DW Password: <password for AN_DWH schema>

   • Oracle Argus Analytics RPD Schema: AN_DWH_RPD

   • Oracle Argus Analytics RPD Password: <password for AN_DWH_RPD schema>

   • Oracle Argus Analytics Work Schema: AN_DWH_WRK

   • Oracle Argus Analytics Work Password: <password for AN_DWH_WRK schema>

   • DW Default table space: <AN_DATA_TS>

   • DW Temporary tablespace: <AN_TEMP_TS>

   Click Next.

6. Exadata Database

   If the Datawarehouse DB Server is Exadata, select Yes.

7. Summary Screen

   Verify setting => details provided in the summary screen and click Install.

   The installer will stage the required components into the Oracle Argus Analytics home and will create the Data Mart schemas, RPD & WORK schemas. In addition, it will also create contexts and VPD policy if the Argus Safety installation is a multitenant application.

   After the installation has been completed, the install log can be verified from the following path or from your local Oracle Inventory logs folder.

   <Argus Analytics Home>\install\pvadriverscript<timestamp>.log

   This log file must be verified to ensure that the installer has completed successfully.

2.4.1 Connect to ODI Studio

1. Execute the following procedures from:

   1. Oracle Data Integrator Install and Configuration Guide > Configuring Oracle Data Integrator Studio > Starting ODI Studio.

   2. Oracle Data Integrator Install and Configuration Guide > Configuring Oracle Data Integrator Studio > Connecting to the Master Repository.

2. Create a Work Repository Login by following the same steps as in Step 1 b > Connecting to the Master Repository.

   In the Work Repository section, select a work repository from the find list instead on Master Repository Only option. For example, name the repository as AN Work Repository.

Refer to the Oracle Data Integrator Install and Configuration Guide for ODI 12.2.1.3:

https://docs.oracle.com/middleware/12213/lcm/ODING/toc.htm#ODING">>https://docs.oracle.com/middleware/12213/lcm/ODING/toc.htm#ODING

2.4.2 Execute the ODI Smart Import

1. Log in to the work repository in ODI Studio by selecting the AN Work Repository connection.

2. Select the Connect Navigator drop-down list from the top right on the Designer tab and click Import.
   

3. Select Smart Import from the Import Selection menu and click OK. The Smart Import Wizard is displayed.

   
   

4. Select the zip file called an.zip from the <AN_INSTALL_HOME>\odi directory in the File Selection textbox and click next. The files can also be browsed by clicking on the symbol available with the textbox.

   
   

5. ODI imports the file and checks for any issues that can occur while importing ODI objects. If issues are found, then the same will be displayed in import actions window. Click Next if no issues are found.

6. Click Finish.

   This imports all the AN objects in ODI repository and makes them visible in the ODI Studio Console.

2.4.3 Configure the Topology in ODI Studio

1. Open the ODI Studio and connect as AN Work Repository.

2. Navigate to Topology.

3. Select the Physical Architecture tab.

4. Expand the tree structure to expose the following:

   Technologies > Oracle >

5. Edit the node DS_AN_ArgusAnalytics.

6. Edit the following fields in the Definition window:

   • Instance/dblink (Data Server):

     The complete TNS entry of the DWH server should be pasted here in a single line:

     (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = <DWH_DB_SERVER>)(PORT = <DWH_DB_LISTENER_PORT>)) (CONNECT_DATA =(SERVICE_NAME=<DWH_DB_SERVICE_NAME>)))

   • Connection:

     • User: <AN_DWH_WRK> [the DWH work schema user created during installation]

     • Password: <AN_DWH_WRK_PASS> [The password for the DWH Work schema]

7. In the JDBC window, edit the following fields:

   • JDBC URL: jdbc:oracle:thin: <DWH_DB_SERVER>:<DWH_DB_LISTENER_PORT>:<DWH_DB_SID>

     or

     jdbc:oracle:thin: <DWH_DB_SERVER>:<DWH_DB_LISTENER_PORT>/<DWH_DB_SERVICE_NAME>

     Use the jdbc connection string with database SERVICE_NAME in case the database version is 12c.

8. Save the details and click Test Connection to validate it.

9. Expand the tree below DS_AN_ArgusAnalytics to expose the tree node DS_AN_ArgusAnalytics.AN_DWH.

10. Edit the node DS_AN_ArgusAnalytics.AN_DWH.

11. Change the Schema by selecting from the drop-down list for the following fields:

    • Schema (Schema): <AN_DWH>

    • Schema (Work Schema): <AN_DWH_WRK>

12. Save the changes.

13. Similarly, edit the node DS_AN_ARGUS_SAFETY to provide information on the Argus Safety DB Server.

14. Edit the following fields in the Definition window:

    • Instance/dblink (Data Server):

      The complete TNS entry of the DWH server should be pasted here in a single line:

      (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = <AS_DB_SERVER>)(PORT = <AS_DB_LISTENER_PORT>)) (CONNECT_DATA =(SERVICE_NAME=<AS_DB_SERVICE_NAME>)))

    • Connection:

      • User: <AN_SRC_WRK> [the AN Source Work Schema user created during installation]

      • Password: <AN_SRC_WRK_PASS> [The password for the AN Source Work Schema]

15. In the JDBC window, edit the following fields:

    • JDBC URL: jdbc:oracle:thin: <AS_DB_SERVER>:<AS_DB_LISTENER_PORT>:<AS_DB_SID>

      or

      jdbc:oracle:thin: <AS_DB_SERVER>:<AS_DB_LISTENER_PORT>/<AS_DB_SERVICE_NAME>

      Use the jdbc connection string with database SERVICE_NAME in case the database version is 12c.

16. Save the details and click Test Connection to validate it.

17. Expand the tree below DS_AN_ArgusSafety to expose the tree node DS_AN_ArgusSafety.AN_SRC.

18. Edit the node DS_AN_ArgusSafety.AN_SRC.

19. Change the Schema by selecting from the drop-down list for the following fields:

    • Schema (Schema): <AN_SRC>

    • Schema (Work Schema): <AN_SRC_WRK>

20. Save the changes.

2.4.4 Configure the ODI Agent

You need to configure either one of the agents: Java EE Agent, Colocated Agent, or Standalone Agent.

To understand the agent topologies for the best suitable installation, Oracle recommends you to refer the ODI Install and Configuration Guide > Planning the Oracle Data Integrator Installation section.

When installing the ODI, use SUPERVISOR credentials, and Master and Work Repository credentials as created in the Section 2.2.1, "Configure ETL Client on ODI."

For more details, refer to the Oracle Data Integrator Install and Configuration Guide for ODI 12.2.1.3:

https://docs.oracle.com/middleware/12213/lcm/ODING/toc.htm#ODING">>https://docs.oracle.com/middleware/12213/lcm/ODING/toc.htm#ODING

To configure the Standalone ODI Agent:

1. Use the ODI Studio Topology Manager to edit the standalone agent PA_AN definition. And save the information as per the installation done for ODI.

   
   

   Note:

   The Host field contains the Host name where the ODI Agent will be running. In this example, the host is on the same server, and the default port number used is 20910.

   Change the Port Number to any value other than the default to avoid conflicts with other installations (for example, 20920).

2.4.5 Modify ODI Java EE Agent Connection Pool Settings

After configuring the ODI 12c Java EE Agent, follow these steps to increase the size of the connection pool to enable parallel step executions as appropriate for Argus Analytics:1. Open the ODI WLS administration console (ex: http://<ODI server name>:<ODI port number>/Console)

2. Navigate to Services -> Datasources -> odiMasterRepository

3. Go to the tab Configuration -> Connection Pool

4. Change the Maximum Capacity to 50.

5. Repeat these steps for increasing the connection pool size for the datasource odiWorkRepository as well.

Note that without increasing the connection pool size the Argus Analytics ETLs will fail.

2.5.1 Prerequisites

Make sure OBIEE 12c (12.2.1.4) with latest patch set is installed and the Administrator Console and the Enterprise Manager (Fusion Middleware Control) is running by checking the following URLs:

• http://<machinename>.<port>/console

• http://<machinename>.<port>/em

  Note:

  Port 9500 is the default Weblogic port. It may change based upon the system configuration. Check with your Oracle Weblogic administrator for the correct port number if the above port does not work as expected.

2.5.2 Deploy OBIEE Repository and Catalog

2.5.3 Create Users and Groups in OBIEE

To create groups in Fusion Middleware Control:

1. Open the WebLogic Administration Console.

2. Navigate to Security Realms > myrealm > Users and Groups > Groups tab.

3. From the Groups section, and click New.

   The Create a New Group dialog box appears.

4. Create the following groups by entering the Name and Description, and click OK.

   • PVAAdmin

   • PVASafetyGroup

   • PVASafetyConsumersGroup

   
   

To create users in the Fusion Middleware Control:

1. Open the WebLogic Administration Console.

2. Navigate to Security Realms > myrealm > Users and Groups > Users.

3. From the Users section, and click New.

   The Create a New User dialog box appears.

   
   

4. Enter the following fields, and click OK.

   1. Name

   2. Description

   3. Provider

   4. Password

   5. Confirm Password

5. To assign a group to the user, from the Groups tab, select a Group, and click Save.

   
   

2.5.4 Create Roles and Policies with Fusion Middleware Control

To create new application roles:

1. Login to Fusion Middleware Control Enterprise Manager.

2. Go to WebLogic Domain > Security > Application Roles.

   The Application Roles dialog box appears.

3. From the Application Stripe drop-down list, select OBI, and click Search .

   The default role available in clean slate installation appears.

   
   

4. Click Create.

   The Create Application Role dialog box appears.

5. In the Role Name field, enter PVAAdminRole.

   
   

6. From the Members section, click +Add.

   The Add Principal dialog box appears.

7. From the Type drop-down list, select Group, and click Search.

   A list of principals appears.

8. From the list of Searched Principals, select PVAAdmin, and click OK.

   
   

   The Membership for PVAAdminRole appears as below:

   
   

9. To add PVASafetyRole, repeat from Step 4 to Step 8.

   
   

10. To add PVASafetyConsumerRole, repeat from Step 4 to Step 8.

    
    

To create new application policy:

1. Login to Fusion Middleware Control Enterprise Manager.

2. Go to WebLogic Domain > Security > Application Policies.

   The Application Policies screen appears.

3. To create a new application policy, click Create.

   The Create Application Grant dialog box appears.

4. From the Grantee section, click +Add.

   The Add Principal dialog box appears.

5. From the Type drop-down list, select Application Role, and click Search .

6. From the list of Searched Principals, select PVAAdminRole, and click OK.

7. From the Permissions section, click +Add.

   The Add Permission dialog box appears.

   
   

8. Select the Resource Types radio button.

9. From the Resource Type drop-down list, select oracle.bi.publisher.permission, and click Search.

10. From the Search Results, select oracle.bi.publisher.permission (BIP Administer Server), and click Continue.

    The Add Permission dialog box appears.

11. For Permission Actions, select All (_all_), and click Select.

12. Repeat from Step 4 to Step 11, to add the following:

    Policy Name/Principal	Resource Type	Resource Name	Permission Actions
    PVAAdminRole	oracle.bi.catalog	*	manage
    	oracle.bi.repository	oracle.bi.repository	manage
    	oracle.bi.publisher.permission	oracle.bi.publisher.developDataModel	_all_
    	oracle.bi.scheduler.permission	oracle.bi.scheduler.manageJobs	_all_
    	oracle.bi.presentation.catalogmanager.permission	oracle.bi.presentation.catalogmanager.permission	_all_
    	oracle.bi.delivers.job	oracle.bi.delivers.job	manage
    	oracle.bi.server.permission	oracle.bi.server.manageRepositories	_all_
    	oracle.bi.publisher.permission	oracle.bi.publisher.developReport	_all_
    	oracle.bi.publisher.permission	oracle.bi.publisher.administerServer	_all_
    PVASafetyRole	oracle.bi.publisher.permission	oracle.bi.publisher.developReport	_all_
    	oracle.bi.delivers.job	oracle.bi.delivers.job	schedule
    	oracle.bi.publisher.permission	oracle.bi.publisher.developDataModel	_all_
    	oracle.bi.tech.visualanalyzer.permission	oracle.bi.tech.visualanalyzer.generalAccess	*
    PVASafetyConsumerRole	oracle.bi.publisher.permission	oracle.bi.publisher. runReportOnline	_all_
    	oracle.bi.publisher.permission	oracle.bi.publisher.accessReportOutput	_all_
    	ESSMetadataPermission	oracle.bip.ess.JobDefinition.EssBipJob	READ, EXECUTE
    	oracle.bi.publisher.permission	BIP Access Excel Report Analyzer	_all_
    	oracle.bi.publisher.permission	oracle.bi.publisher.accessOnlineReportAnalyzer	_all_
    	oracle.bi.publisher.permission	oracle.bi.publisher.scheduleReport	_all_

    
    

2.5.5 OBIEE Catalog Folder-level Permissions

1. Go to Catalog > Shared Folders > Tasks > Permissions.

   The Permissions dialog box appears.

2. Set the Permissions as follows:

   Accounts	Permissions
   PVA Administrator Role	Full Control
   PVA Safety Author Role	Full Control
   PVA Safety Consumers Role	Open (Read, and Traverse)
   BI Service Administrator (Owner)	Full Control

   
   

   1. Select Apply Permissions to sub-folders.

   2. Select Permissions to items within folder.

   3. Click OK.

3. For each of the following folders, set the account permissions:

   • Shared Folders > Shared Folder > Current > Permissions

   • Shared Folders > Shared Folder > Personal User > Permissions

   • Shared Folders > Shared Folder > Retrospective > Permissions

   Accounts	Permissions
   PVA Administrator Role (Owner)	Full Control
   PVA Safety Author Role	Full Control
   PVA Safety Consumers Role	Custom (Read, Traverse, Run Publisher Report, Schedule Publisher Report, and View Publisher Output)
   BI Service Administrator	Full Control

   
   

   1. Select Apply Permissions to sub-folders.

   2. Select Permissions to items within folder.

   3. Click OK.

2.5.6 OBIEE Default Application Roles

To view and administer privileges of Oracle Business Intelligence components:

1. Login to OBIEE Analytics with WebLogic user credentials.

2. Go to Security > Administration > Manage Privileges.

2.5.7 Change the OBIEE RPD Password

To change the password for OBIEE RPD, execute the following steps:

1. Open the BI Administrator Tool and open <ARGUS_ANALYTICS_HOME>\report\opva.rpd in Offline mode.

2. Select File > Change Password.

3. Enter the password set in Section 2.5.2, "Deploy OBIEE Repository and Catalog", as mentioned in the Note before Step 1.

4. Enter the new password and confirm by entering it again. You must remember this password, and use the same later in the installation process.

2.6.1 Configure the Help links in the Dashboards and Reports

1. Extract the contents of the opva_help.zip file at any location on the OBIEE Server. For example, e.g /scratch/stage/opva_help.

   The opva_help folder contains analyticsRes folder.

2. Log in to Console (Log in to the Weblogic Server).

3. Navigate to Deployments.

4. Click Lock & Edit in the left pane to enable the Install button.

   
   

5. Click Install, and navigate to the location where opva_help.zip was extracted in Step 1.

6. Select analyticsRes, and click Next.

   
   

7. Select Install this deployment as an application (default), and click Next.

   
   

8. Select Deployment targets, choose bi_server1, and click Next.

   
   

9. Under Source accessibility:

   Select I will make the deployment accessible from the following location option, and select the path for analyticsRes as selected in step 6.For example, /scratch/stage/opva_help/analyticsRes

10. Click Finish.

    
    

    The analyticsRes appears under Deployments.

    
    

11. Click Active Changes, and navigate to the Control tab.

12. Select analyticsRes, and click Start.

    
    

13. Start the Application Assistant, and click Yes.

    
    

    The analyticsRes State is activated after starting the application assistant. Logout from the Console.

14. Log in to EM (Enterprise Manager) and restart the BI Components.

    When the BI components have been restarted successfully, log in to Analytics, and check the Brand Name and help links provided in the Dashboards.

2.7.1 Prerequisites

• There must be an OAM 11g installation configured to work with the desired LDAP (for example, OID), as the identity data-store.

• User profiles must exist in the LDAP server as well as in Argus Safety with the same credentials (login information).

• Oracle Webgate 11g must be installed on the same server where the OBIEE server is installed, as mentioned above.

2.7.2 Install SSO on OAM 11g

1. Navigate to the OAM 11g OAM Console URL (http://oam_server:port/oamconsole) and login with the OAM Admin credentials.

2. Select the System Configuration Tab.

3. Select the Access Manager Settings sub menu in the left navigation window of the browser.

4. Double-click the SSO Agents > OAM Agents option to open the OAM Agents sub window.

   
   

5. Click the Create 11g Webgate button and enter the following details:

   • Name: ArgusAnalyticsPolicy

   • Security: Open

   • Host Identifier: <obiee_server>

   • Auto Create Policies: Checked

     Note:

     The <obiee_server> refers to the server where the OBIEE 12c is installed along with Oracle Web Tier and Oracle Webgate.
     
     

6. Click Apply to save and register the 11g Webgate and policies with OAM.

7. On the subsequent page, update the details for the ArgusAnalyticsPolicy created in the above step:

   • Cache Pragma Header: Private

   • Cache Control Header: Private

     
     

8. Click Apply.

9. Navigate to the Policy Configuration tab.

10. Expand and double-click the Shared Components > Resource Type > Host Identifiers > <obiee_server> (For Example, hsdevwv0096.oracle.com) to open the Host Identifiers window and add the following details:

    • <obiee_server>

    • <obiee_server> <port>

    • <obiee_server_ip>

    • <obiee_server_ip> <port>

      Note:

      <obiee_server> refers to the server where the OBIEE 12c is installed along with Oracle Web Tier and Oracle Webgate. The port refers to the Oracle Web Tier Port.

    Example:

    Hostname	Port
    obiee_server.oracle.com
    obiee_server.oracle.com	7777
    <ip address>
    <ip address>	7777

    
    

11. Expand and double-click Application Domains > ArgusAnalyticsPolicy > Authentication Policies > Protected Resource Policy.

12. Ensure that the Authentication Scheme is set as LDAPScheme.

13. Ensure that the following resources are present:

    • /

    • /…/*

      
      

14. Add the following Response variables:

    • Name: OAM_REMOTE_USER

    • Type: Header

    • Value: $user.attr.uid [based on the LDAP schema setup]

    
    

15. Click Apply and save the changes.

16. Expand and double-click Application Domains > ArgusAnalyticsPolicy > Authorization Policies > Protected Resource Policy

17. Ensure that the following resources are present:

    • /

    • /…/*

    
    

18. Add the following Response variables:

    • Name: OAM_REMOTE_USER

    • Type: Header

    • Value: $user.attr.uid [as based on the LDAP schema setup]

    
    

19. Click Apply to save the changes

20. Navigate to the OPVA Web Tier Machine [<obiee_server>], which is the machine where you have installed the OPVA OBIEE Server, and run the installer for Webgate (OFM Webgate 11g for OAM 11g) to complete the installation.

21. Configure the 11g Webgate using the following steps to communicate with the OAM 11g server:

    Note:

    Refer to the following link for advanced details:

    http://docs.oracle.com/cd/E21764_01/install.1111/e12002/webgate.htm

    1. Move to the following directory under your Oracle Home for Webgate:

       On UNIX Operating Systems:

       <Webgate_Home>/webgate/ohs/tools/deployWebGate

       On Windows Operating Systems:

       Webgate_Home>\webgate\ohs\tools\deployWebGate

    2. On the command line, run the following command to copy the required bits of agent from the Webgate_Home directory to the Webgate Instance location:

       On UNIX Operating Systems:

       ./deployWebgateInstance.sh -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home>

       On Windows Operating Systems:

       deployWebgateInstance.bat -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home>

       Where <Webgate_Oracle_Home> is the directory where you have installed Oracle HTTP Server Webgate and created as the Oracle Home for Webgate, as shown in the following example:

       MW_HOME>/Oracle_OAMWebGate1

       The <Webgate_Instance_Directory> is the location of Webgate Instance Home, which is the same as the Instance Home of Oracle HTTP Server, as shown in the following example:

       <MW_HOME>/Oracle_WT1/instances/instance2/config/OHS/ohs1

    3. Run the following command to ensure that the LD_LIBRARY_PATH variable contains <Oracle_Home_for_Oracle_HTTP_Server>/lib:

       On UNIX (depending on the shell):

       export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:<Oracle_Home_for_Oracle_HTTP_Server>/lib

       On Windows:

       Set the <Webgate_Installation_Directory>\webgate\ohs\lib location and the <Oracle_Home_for_Oracle_HTTP_Server>\bin location in the PATH environment variable. Add a semicolon (;) followed by this path at the end of the entry for the PATH environment variable.

    4. From your present working directory, move up one directory level:

       On UNIX Operating Systems, move to:

       <Webgate_Home>/webgate/ohs/tools/setup/InstallTools

       On Windows Operating Systems, move to:

       <Webgate_Home>\webgate\ohs\tools\EditHttpConf

    5. On the command line, run the following command to copy the apache_webgate.template from the Webgate_Home directory to the Webgate Instance location (renamed to webgate.conf) and update the httpd.conf file to add one line to include the name of webgate.conf:

       On UNIX operating systems:

       ./EditHttpConf -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home> -o <output_file>

       On Windows operating systems:

       EditHttpConf.exe -w <Webgate_Instance_Directory> -oh <Webgate_Oracle_Home> -o <output_file>

       Where <Webgate_Oracle_Home> is the directory where you have installed Oracle HTTP Server Webgate for Oracle Access Manager and created as the Oracle Home for Webgate, as shown in the following example:

       <MW_HOME>/Oracle_OAMWebGate1

       The <Webgate_Instance_Directory> is the location of Webgate Instance Home, which is the same as the Instance Home of Oracle HTTP Server, as shown in the following example:

       <MW_HOME>/Oracle_WT1/instances/instance2/config/OHS/ohs1

       The <output_file> is the name of the temporary output file used by the tool, as shown in the following example:

       Edithttpconf.log

    6. Copy Generated Files (Artifacts) to the Webgate Instance Location from the OAM 11g server.

       The 11g Webgate Agent (ArgusAnalyticsPolicy), which was created in the OAM 11g OAM Console earlier, would have also created the following artifacts on the OAM 11g server:

       cwallet.sso

       ObAccessClient.xml

       This is based on the Security Mode that you have configured, which in this case is Open.
       On the OAM 11g server, these files are present at the following location:

       <OAM_FMW_HOME>/user_projects/domains/<OAM_domain>/output/ArgusAnalyticsPolicy

       Copy these files to the <obiee_server> in the following directory:

       <Webgate_Instance_Directory>/webgate/config directory [Example: <MW_HOME>/Oracle_WT1/instances/instance2/config/OHS/ohs1/webgate/config]

    7. Restart the Oracle HTTP Server Instance.

       To stop the Oracle HTTP Server instance, run the following commands on the command line:

       <MW_HOME>/Oracle_WT1/instances/instance2/bin/opmnctl stopall

       To restart the Oracle HTTP Server instance, run the following commands on the command line:

       <MW_HOME>/Oracle_WT1/instances/instance2/bin/opmnctl startall

22. Configure the HTTP Server as a reverse proxy for the WebLogic Server. To execute this, modify the mod_wl_ohs.conf file present at the following location:

    OracleWebTierHome\instances\instance2\config\OHS\ohs1

    The following is a template to configure mod_weblogic:

    LoadModule weblogic_module "${ORACLE_HOME}/ohs/modules/mod_wl_ohs.so"# This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level<IfModule weblogic_module># WebLogicHost <WEBLOGIC_HOST># WebLogicPort <WEBLOGIC_PORT># Debug ON# WLLogFile /tmp/weblogic.log# MatchExpression *.jsp<Location /console> SetHandler weblogic-handler WebLogicHost hsdevwv0096.oracle.com WeblogicPort 7001 WLProxySSL ON WLProxySSLPassThrough ON</Location><Location /em> SetHandler weblogic-handler WebLogicHost hsdevwv0096.oracle.com WeblogicPort 7001 WLProxySSL ON WLProxySSLPassThrough ON</Location><Location /analytics> SetHandler weblogic-handler WebLogicHost hsdevwv0096.oracle.com WeblogicPort 9704 WLProxySSL ON WLProxySSLPassThrough ON</Location><Location /analyticsRes> SetHandler weblogic-handler WebLogicHost hsdevwv0096.oracle.com WeblogicPort 9704 WLProxySSL ON WLProxySSLPassThrough ON</Location><Location /xmlpserver> SetHandler weblogic-handler WebLogicHost hsdevwv0096.oracle.com WeblogicPort 9704 WLProxySSL ON WLProxySSLPassThrough ON</Location></IfModule># <Location /weblogic># SetHandler weblogic-handler# PathTrim /weblogic# ErrorPage http:/WEBLOGIC_HOME:WEBLOGIC_PORT/# </Location>

    Restart the Web Tier Instance in WebLogic EM or as described above.

23. Configure a new Authenticator for Oracle WebLogic Server on the OBIEE Server using the following steps:

    1. Login to the WebLogic Server Administrator Console and navigate to Security Realms > myrealm.

    2. Click the Providers tab.

    3. Click Lock & Edit on the right corner of the webpage, highlighted as Change Center.

    4. Click New to create a new Authentication Provider and add the following details:

       Name: OPVAOIDAuthenticator, or a name of your choice

       Type: OracleInternetDirectoryAuthenticator

    5. After saving the details, click the new Authenticator that you have created and enter the following details:

       In the sub tab change the Control Flag as SUFFICIENT

    6. Click Save.

    7. Click the Provider Specific tab and enter the following required settings using values for your environment:

       • Host: Your LDAP host.

         For example: oid_server.oracle.com

       • Port: Your LDAP host listening port.

         For example: 3060

       • Principal: LDAP administrative user.

         For example: cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com

       • Credential: LDAP administrative user password

       • User Base DN: Same searchbase as in Oracle Access Manager.

         For example: cn=Users,dc=us,dc=oracle,dc=com

       • All Users Filter:

         For example: (&(uid=*) (objectclass=person))

       • User Name Attribute: Set as the default attribute for username in the directory server.

         For example: uid

       • Group Base DN: The group searchbase

         For example: cn=Groups,dc=us,dc=oracle,dc=com

       • Leave the other defaults as is.

       • GUID Attribute: The GUID attribute defined in the OID LDAP Server

         For example: uid

       • Click Save.

24. Configure a new Identity Asserter for WebLogic Server using the following steps:

    1. In the Oracle WebLogic Server Administration Console, select Security Realms from the left pane and click the realm which you want to configure. For example, myrealm. Select Providers.

    2. Click New and enter the following values in the fields:

       Name: OPVAOAMIdentityAsserter, or a name of your choice

       Type: OAMIdentityAsserter

    3. Click OK.

    4. Click on the newly created Asserter and set the Control Flag to REQUIRED.

    5. Ensure that the Active Types that you have selected is OAM_REMOTE_USER.

    6. Click Save.

    7. Navigate to the Provider Specific tab and enter the following details:

       • Transport Security: open

       • Application Domain: ArgusAnalyticsPolicy, as set in the OAM 11g Console

       • Access Gate Name: ArgusAnalyticsPolicy, as specified in the OAM 11g Console

       • Primary Access Server: oam_server.oracle.com:5575, OAM 11g server with port

       • Click Save.

    8. In the Providers tab, perform the following steps to reorder Providers:

       • Click Reorder.

       • On the Reorder Authentication Providers page, select a Provider Name and use the arrows besides the list to order the following providers:

         OPVAOAMIdentityAsserter

         OPVAOIDAuthenticator

         DefaultAuthenticator

         DefaultIdentityAsserter

       • Click OK to save your changes.

    9. In the Providers tab, click Default Authenticator and change the Control Flag to Sufficient.

    10. In the Change Center, click Activate Changes.

    11. Restart Oracle WebLogic Server

25. The BISystemUser present in the default embedded LDAP must be deleted (using Security Realms in the Administration Console Link of the WebLogic Server) and the same/another user must be added in the newly added OID. This user also needs to be added to the BI Application Roles using the following steps:

    1. Navigate to Administration Console > Security Realms > myrealm > Users and Groups > Users and select the checkbox against BISystemUser (from Provider: Default Authenticator)

    2. Click Delete.

    3. Navigate to Security Realms > myrealm > Roles and Policies > Realm Roles.

    4. In the tree structure, expand Global Roles node and select the Roles link.

    5. In the subsequent screen, click the Admin Role link

    6. Click the Add Conditions button.

    7. In the next screen, select the Predicate List as User and click Next.

    8. In the User Argument Name, enter BISystemUser and click ADD.

    9. Click Finish.

    10. In the Role Conditions screen, ensure that the set operator is set to Or.

    11. Save the configuration.

    12. Navigate to the Enterprise Manager of OBIEE or the Fusion Middleware Control page and navigate in the tree structure to the Business Intelligence > coreapplication node.

    13. In the Business Intelligence drop-down menu, select Security > Application Roles.

    14. In the Roles displayed, select BISystem and in the next screen remove the old BISystemUser (from the Default Provider) and add the newly created BISystemUser user in OID.

    15. Add the trusted user's credentials to the oracle.bi.system credential map.

    16. Using Fusion Middleware Control target navigation pane, navigate to farm > WebLogic Domain, and select bifoundation_domain.

        • Using the WebLogic Domain menu, select Security > Credentials.

        • Open the oracle.bi.system credential map, and select system.user.

        • Click Edit.

        • In the Edit Key dialog box, enter BISystemUser (or the name that you have selected) in the User Name field.

        • In the Password field, enter the trusted user's password that is contained in Oracle Internet Directory.

        • Click OK.

    17. Restart the Managed Servers.

26. Enable the SSO Authentication in the Weblogic Server for OBIEE using the following steps:

    1. Login to Fusion Middleware Control (EM) of the WebLogic Server.

    2. Go to the Business Intelligence Overview page.

    3. Go to the Security page.

    4. Click Lock and Edit Configuration.

    5. Check Enable SSO, this makes the SSO provider list active.

    6. Select the configured SSO provider from the list, as Oracle Access Manager.

    7. In The SSO Provider Logoff URL, specify the following URL:

       http://<oam_server>:14100/oam/server/logout

    8. Click Apply.

    9. Click Activate Changes.

    10. Restart the Oracle Business Intelligence components using Fusion Middleware Control.