1. Managing Security for Oracle Analytics Server
  2. Enable SSO Authentication
  3. Enable Oracle Analytics Server to Use SSO Authentication

Enable Oracle Analytics Server to Use SSO Authentication

After you configure Oracle Analytics Server to use the SSO solution, you must enable SSO authentication for Oracle Analytics Server.

After you enable SSO, the default Oracle Analytics Server login page is not available.

Topics:

Enable and Disable SSO Authentication Using WLST Commands

Use WLST commands to enable or disable SSO authentication for Oracle Analytics Server.

SSO is enabled by default. If you leave it enabled, then Oracle Analytics Server uses SSO across the stack regardless of whether you use an external SSO for the initial login. And your configuration will use WLS Asserters for SSO.

If you disable SSO, then your configuration won't use WLS Asserters for Oracle Analytics Server or data visualization, and you'll be prompted a second time for login credentials when navigating from Oracle Analytics Server to data visualization.

  • You must have file system and WebLogic Administrator permissions.
  • You must perform the enable or disable SSO authentication as an offline activity.
  • Validation is limited to URL format. Connectivity and WebLogic configuration isn't validated.
  • Changing the URL for log off requires that you disable, and then re-enable with new URL.
  • A logon URL is not required.

Pre-requisites:

  • Configure WebLogic security providers.

Use the table to learn the arguments appropriate for each command.

Command Arguments Return Description

enableBISingleSignOn

DOMAIN_HOME, <logoff-url>

None

Enable SSO and configure logoff URL.

disableBISingleSignOn

DOMAIN_HOME

None

Disable SSO.
  1. Stop the BI system.
  2. Enter a SSO management command from the table using the WLST command line.
  3. Start WLST using ./wlst.sh command.
  4. Optional: Run the command help(‘BILifecycle’) to display help about enableBISingleSignOn and disableBISingleSignOn commands and their arguments.
  5. Run the enableBISingleSignOn or disableBISingleSignOn command using the arguments appropriate for each command.

    For example: enableBISingleSignOn('C:/.../user_projects/domains/bi','/bi-security-login/logout?redirect=/va') or disableBISingleSignOn('C:/oracle/Middleware/Oracle_Home/user_projects/domains/bi')

    The SSO configuration for Oracle Analytics Server is updated.

  6. Restart the Oracle Analytics Server component processes to consume the changes.

Enable SSO Authentication Using Fusion Middleware Control

How you enable SSO authentication for Oracle Analytics Server using the Security tab in Fusion Middleware Control.

  1. Log in to Fusion Middleware Control.
  2. Go to the Security page and display the Single Sign On tab.

    Click the Help for this page Help menu option to access the page-level help for its elements.

  3. Click Lock and Edit.
  4. Select Enable SSO.

    When selected, this checkbox enables SSO to be the method of authentication into Oracle Analytics Server. The appropriate form of SSO is determined by the configuration settings made for the chosen SSO provider.

  5. If required, enter the logoff URL for the configured SSO provider.

    The logoff URL (specified by the SSO provider) must be outside the domain and port that the SSO provider protects, because the system does not log users out.

  6. Click Apply, then Activate Changes.
  7. Restart the Oracle Analytics Server components using Fusion Middleware Control.