Configuing SSO for OBIEE 10g

To start with what is SSO following is the technocal definition of SSO :– Single sign-on (SSO)is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. For details please google and you will find lot many details. The above definition has been picked from TechTarget.

How User gets interpreted in SSO environment ::

In an environment where SSO has been implemented, when Oracle BI Presentation Services receives
an incoming web request, it assumes that the user who issued the request has already been
authenticated by the SSO system. Oracle BI Presentation Services uses its own credentials to
establish a connection with the Oracle BI Server on behalf of the end user. User personalization and
access controls such as data-level security are maintained in this environment. Oracle BI
Presentation Services then uses the Oracle BI Server Impersonation feature to create a connection
to the Oracle BI Server on behalf of the authenticated end user.

1. To implement following changes needs to be done in instanceConfig.xml file :











2. Along with this a user with name IMPERSONATE needs to be created in the repository.

3. Impersonator User Credentials needs to be added to Oracle BI Presentation Services Credential Store

The default location of the credentialstore.xml file is OracleBIData_HOME\web\config on Windows and OracleBIData_HOME/web/config on Linux or UNIX.

4. To Add impersonator user credentials to Oracle BI Presentation Services Credential Store.

Navigate to the directory OracleBI_HOME\web\bin on Windows or OracleBI_HOME/web/bin on
Linux or UNIX. This is the location for the CryptoTools utility.

Execute the CryptoTools utility to add the impersonator user credentials to the Oracle BI
Presentation Services Credential Store:
cryptotools credstore -add -infile /web/config/credentialstore.xml

Following is the example for cryptotool utility

cryptotools credstore -add -infile /web/config/credentialstore.xml
>Credential Alias: impersonation
>Username: Impersonator
>Password: secret
>Do you want to encrypt the password? y/n (y):
>Passphrase for encryption: another_secret
>Do you want to write the passphrase to the xml? y/n (n):
>File “/web/config/credentialstore.xml” exists. Do you want to
overwrite it? y/n (y):

Passphrase for encryption : Whatever value you pass for this argument, do remember it as this needs to be used in the instanceConfig.xml

5. configure Oracle BI Presentation Services to identify the Credential Store and decryption passphrase

1 Open the instanceconfig.xml file for editing.
2 Locate the node within this file.
Specify attribute values as shown below. If the node does not exist, create
this element with sub-elements and attributes with attribute values as shown in the following
example.




” passphrase=””/>






6. Configure optional Logoff/Logon URLs.

In environments where Single Sign-On (SSO) is enabled, you can configure log out and log on
links to appear on Oracle BI Presentation Services screens (Login and logout screens). To do so, you add the elements shown in the following table as children of the SSO element in the instanceconfig.xml file.




http://hostname:port/the_url_to_logoff_sso
http://hostname:port/the_url_to_logon_sso