Enabling Oracle Business Intelligence to Use SSO Authentication

After you configure Oracle Business Intelligence to use the SSO solution, you must enable SSO authentication for Oracle Business Intelligence.

After you enable SSO, the default Oracle Business Intelligence login page is not available.

• Enabling and Disabling SSO Authentication Using WLST Commands

• Enabling SSO Authentication Using Fusion Middleware Control

Enabling and Disabling SSO Authentication Using WLST Commands

How you use WLST commands to enable or disable SSO authentication for Oracle Business Intelligence.

Assumptions:

• You must have file system and WebLogic Administrator permissions.
• This is an offline activity.
• Validation is limited to URL format, no connectivity or WebLogic configuration is validated.
• Changing the logoff-URL requires re-enablement (disable, then enable with new URL).
• Logon URL is not required.

Pre-requisites:

• Configure WebLogic security providers (see Configuring WebLogic Security Providers in Administering Security for Oracle WebLogic Server 12c (12.2.1)).

To enable or disable SSO authentication using WLST commands:

1. Stop the BI system.

   For example on UNIX use:

   ./stop.sh

2. Enter a SSO management command from the table using the WLST command line.

   For more information, see Using the WebLogic Scripting Tool (WLST) in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

   Command	Arguments	Return	Description
   enableBISingleSignOn	DOMAIN_HOME<logoff-url>	None	Enable SSO and configure logoff URL.
   disableBISingleSignOn	DOMAIN_HOME	None	Disable SSO.

3. The SSO configuration for Oracle Business Intelligence is updated. Restart the Oracle Business Intelligence component processes to consume the changes.

   For example on UNIX use:

   ./start.sh

   For more information, see Starting Oracle Business Intelligence Component Processes in System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.

Enabling SSO Authentication Using Fusion Middleware Control

How you enable SSO authentication for Oracle Business Intelligence using the Security tab in Fusion Middleware Control.

To enable SSO authentication in Fusion Middleware Control:

1. Log in to Fusion Middleware Control.

   For information, see Using Oracle Fusion Middleware Control.

2. Go to the Security page and display the Single Sign On tab.

   Click the Help for this page Help menu option to access the page-level help for its elements.

3. Click Lock and Edit.
4. Select Enable SSO.

   When selected, this checkbox enables SSO to be the method of authentication into Oracle Business Intelligence. The appropriate form of SSO is determined by the configuration settings made for the chosen SSO provider.

5. Select the configured SSO provider from the list.

   The SSO Provider list becomes active when you select the Enable SSO checkbox.

   If you select “Custom” from the SSO Provider list, then the system will not overwrite the changes you make to the <Authentication> section of the instanceconfig.xml file. Instead, you can manually edit this section of the instanceconfig.xml file.

6. If required, enter logon and logoff URLs for the configured SSO provider.

   The logoff URL (specified by the SSO provider) must be outside the domain and port that the SSO provider protects, because the system does not log users out.

7. Click Apply, then Activate Changes.
8. Restart the Oracle Business Intelligence components using Fusion Middleware Control.

   For more information, see Starting and Stopping the Oracle Business Intelligence Componentsin System Administrator's Guide for Oracle Business Intelligence Enterprise Edition.