Use this section to find further information about how to configure SSO in an Oracle Access Manager environment.
For information about how to configure Oracle Access Manager as the SSO authentication provider for Oracle Fusion Middleware with Oracle WebLogic Server, see Configuring Single Sign-On in Oracle Fusion Middleware in Securing Applications with Oracle Platform Security Services. For more information about managing Oracle Access Manager, see Oracle Fusion Middleware Administrator's Guide for Oracle Access Manager.
For information about how to configure Oracle BI Publisher to use Oracle Access Manager as the SSO authentication provider, see Configuring BI Publisher to Use Oracle Access Manager (OAM) Single Sign-On in Administrator's Guide for Oracle Business Intelligence Publisher.
After the Oracle Fusion Middleware environment is configured, in general the following must be done to configure Oracle Business Intelligence:
Configure the SSO provider to protect the Oracle Business Intelligence URL entry points.
Configure the web server to forward requests from Presentation Services to the SSO provider.
Configure the new identity store as the main authentication source for the Oracle WebLogic Server domain in which Oracle Business Intelligence has been installed. For more information, see Configuring a New Authenticator for Oracle WebLogic Server.
Configure the Oracle WebLogic Server domain in which Oracle Business Intelligence is installed to use an Oracle Access Manager asserter. For more information, see Configuring Oracle Access Manager as a New Identity Asserter for Oracle WebLogic Server.
After configuration of the SSO environment is complete, enable SSO authentication for Oracle Business Intelligence. For more information, see Enabling SSO Authentication Using Fusion Middleware Control.
After installingOracle Business Intelligence, theOracle WebLogic Server embedded LDAP server is the default authentication source (identity store). To use a new identity store (for example, OID), as the main authentication source, you must configure the Oracle WebLogic Server domain (where Oracle Business Intelligence is installed).
For more information about configuring authentication providers in Oracle WebLogic Server, see Administering Security for Oracle WebLogic Server 12c (12.2.1).
To configure a new authenticator in Oracle WebLogic Server:
Log in to Oracle WebLogic Server Administration Console and click Lock & Edit in the Change Center.
For more information, see Using Oracle WebLogic Server Administration Console.
The default Security Realm is named myrealm.
Complete the fields as follows:
Section Name | Field Name | Description |
---|---|---|
Connection |
Host |
The LDAP host name. For example, <localhost>. |
Connection |
Port |
The LDAP host listening port number. For example, 6050. |
Connection |
Principal |
The distinguished name (DN) of the user that connects to the LDAP server. For example, cn=orcladmin. |
Connection |
Credential |
The password for the LDAP administrative user entered as the Principal. |
Users |
User Base DN |
The base distinguished name (DN) of the LDAP server tree that contains users. For example, use the same value as in Oracle Access Manager. |
Users |
All Users Filter |
The LDAP search filter. For example, (&(uid=*) (objectclass=person)). The asterisk (*) filters for all users. Click More Info... for details. |
Users |
User From Name Filter |
The LDAP search filter. Click More Info... for details. |
Users |
User Name Attribute |
The attribute that you want to use to authenticate (for example, cn, uid, or mail). Set as the default attribute for user name in the directory server. For example, uid. Note: The value that you specify here must match the User Name Attribute that you are using in the authentication provider, as described in the next task Configuring User Name Attributes. |
Groups |
Group Base DN |
The base distinguished name (DN) of the LDAP server tree that contains groups (same as User Base DN). |
General |
GUID attribute |
The attribute used to define object GUIDs in LDAP. orclguid Note: You should not change this default value, in most cases the default value here is sufficient. |
For more information about configuring authentication providers in Oracle WebLogic Server, see Administering Security for Oracle WebLogic Server 12c (12.2.1).
For more information, see Setting the JAAS Control Flag Option.
The Oracle WebLogic Server domain in which Oracle Business Intelligence is installed must be configured to use an Oracle Access Manager asserter.
For more information about creating a new asserter inOracle WebLogic Server, see Oracle WebLogic Server Administration Console Online Help.
To configure Oracle Access Manager as the new asserter forOracle WebLogic Server:
For more information, see Using Oracle WebLogic Server Administration Console.
Select Providers.
Complete the fields as follows:
You can verify that Oracle Internet Directory is the new identity store (default authenticator) by logging back into Oracle WebLogic Server and verifying the users and groups stored in the LDAP server appear in the console.
For more information, see Enabling Oracle Business Intelligence to Use SSO Authentication.