Integrating a single sign-on (SSO) solution enables a user to log on (sign-on) and be authenticated once.
Thereafter, the authenticated user is given access to system components or resources according to the permissions and privileges granted to that user. BI Publisher can be configured to trust incoming HTTP requests authenticated by a SSO solution that is configured for use with Oracle Fusion Middleware and Oracle WebLogic Server. For information about configuring SSO for Oracle Fusion Middleware, see Securing Applications with Oracle Platform Security Services.
When BI Publisher is configured to use SSO authentication, it accepts authenticated users from whatever SSO solution Oracle Fusion Middleware is configured to use. If SSO is not enabled, then BI Publisher challenges each user for authentication credentials. When BI Publisher is configured to use SSO, a user is first redirected to the SSO solution's login page for authentication.
Configuring BI Publisher to work with SSO authentication requires minimally that the following be done:
Oracle Fusion Middleware and Oracle WebLogic Server are configured to accept SSO authentication. Oracle Access Manager is recommended in production environments.
BI Publisher is configured to trust incoming messages.
The HTTP header information required for identity propagation with SSO configurations (namely, user identity and SSO cookie) is specified and configured.
After SSO authorization has been implemented, BI Publisher operates as if the incoming web request is from a user authenticated by the SSO solution. User personalization and access controls such as data-level security are maintained in this environment.
Refer to the table below for SSO authentication configuration tasks and links providing more information.
| Task | Description | For More Information |
|---|---|---|
|
Configure Oracle Access Manager as the SSO authentication provider. |
Configure Oracle Access Manager to protect the BI Publisher URL entry points. |
Configuring SSO in an Oracle Access Manager Environment See Securing Applications with Oracle Platform Security Services |
|
Configure the HTTP proxy. |
Configure the web proxy to forward requests from BI Publisher to the SSO provider. |
See Securing Applications with Oracle Platform Security Services |
|
Configure a new authenticator for Oracle WebLogic Server. |
Configure the Oracle WebLogic Server domain in which BI Publisher is installed to use the new identity store. |
Configuring a New Authenticator for Oracle WebLogic Server See Oracle WebLogic Server Administration Console Online Help |
|
Configure a new identity asserter for Oracle WebLogic Server. |
Configure the Oracle WebLogic Server domain in which BI Publisher is installed to use the SSO provider as an asserter. |
Configuring OAM as a New Identity Asserter for Oracle WebLogic Server See Oracle WebLogic Server Administration Console Online Help |
|
Enable BI Publisher to accept SSO authentication. |
Enable the SSO provider configured to work with BI Publisher. |
Configuring BI Publisher for Oracle Fusion Middleware Security |
Note:
For an example of an Oracle Business Intelligence SSO installation scenario, see Enterprise Deployment Guide for Oracle Business Intelligence.