I’ve found the following items to be very interesting as I’m very much interested in running OBIEE in a cloud.
Question someone asked on OS:
Q:How to cluster OBIEE that is installed on two virtual machines?
And their response was:
A:It is not currently possible to use Virtual machine names for OBIEE within a Cluster. The following Enhancement Request exists:
VIRTUAL MACHINE NAME FOR CLUSTERED OBI SERVER
This one is interesting, because it’s not just applicable to headers, but to some other elements that may contain HTML:
Q:Is it possible to add HTML code into a Column Header in OBIEE?
A:In order to render HTML in OBIEE (i.e. Answers, Dashboards, etc) please ensure you have set the following parameter “HardenXSS” to FALSE in the instanceconfig.xml file.
Last one is related to using external methods to get in to OBIEE.
1) Customer has a JSP and java application running on web sphere application server which uses OAM for single-sign-on.
2) In the same JSP application they have embeded a report which gets the data from OBIEE webservices. The actual report is deployed on OBIEE presentation server and uses OAM for authentication. When the user logs in to java application and clicks on the page which invokes a report from OBIEE customer doesn’t want to prompt for authentication again.
3) Customer does not see any OBIEE login webservices which takes as input parameter the authentication token or cookie generated in JSP application.
There is currently no mechanism within the OBI Web Services to use Single Sign-on (SSO).
There are some methods that may assist further with customer requirement (i.e. impersonate() Method and impersonateex() Method). These methods should allow the users to logon and impersonate another user when customer only have the Administrators Login and Password.
However, these methods are not SSO as customer would still need to provide a username and password for the SOAP client (i.e. Administrator/Administrator) from within their J2EE application.
In order to overcome the fact the OBI Web Services does not use SSO, customer may want to install a new Presentation Server. The dedicated Presentation Server can then have the SSO disabled and can be used solely for the WEB Services application and nothing else.
I wonder what are security implications of such arrangement.
Have a good day!