Tag Archives: sso

Few Oracle’s support treasures

Normally, I like to browse through Oracle’s support in search of hidden gems and to get new ideas. This is how I smile when I find solution in the knowledge base for my problem:

I’m also almost used to new flash interface and it doesn’t irk me anymore.

It’s amazing how they deal with all kinds of issues and requests. I’ve found few things I’d like to share today:

How To Concatenate or Merge Amount and Currency Columns?

Your report displays transactions amount and currency in two separate columns. The requirement is to display the amount and currency as one column. For example:
100USD 100EUR etc….

Currently you have a numeric (double) column – Amount, and a second column – currency (alpha code format, such as:USD,EUR,….) in the report. The currency column is placed on the right side of the
amount column, as below:

date | merchant | amount | currency

The currency might be different for each transaction

Currently this cannot not be achieved because when casting the amount to char, in order to concat it with the currency, the 1000s separator is lost (15,321 becomes 15321).  Also when casting the amount to char, the sum agg is no longer available.  Formatting the amount as currency is also not possible because the amount is
of different currencies.
There is an Enhancement Request Bug 8680024 logged to address this matter.

Multiselect Prompt Displays ‘No Choices Available’ When Used With A Presentation Variable

You have configured a dashboard prompt with two columns, where the value selected by the user in the first prompt column is stored in a presentation variable, and the values in the second prompt column depend on
the value in this presentation variable.

When both column prompts are defined as type ‘drop down’ all works fine. The second column correctly displays in the drop down the values. However when the second column prompt control is defined as ‘multi select’, no data is displayed in the prompt. The prompt displays ‘No Choices Available’.

The multi-select prompt column should correctly display values in the prompt as it does when it is defined as a drop down.

This is bug 7571682

There are three possible work-arounds:
1. Click the ‘Go’ button will bring back data
2. Enter a value in the match box and it returns data
3. Use the vanilla constrain option for the dashboard prompts, so you can have column 2 constrained by column 1

Integrating BI Office with OBIEE that has SSO

It is possible to integrate BI Office with OBIEE that has SSO?

BI Office is similar to BI Publisher in integrating with OBIEE that has SSO.

Which is documented in the Oracle® Business Intelligence Enterprise Edition Deployment Guide and “Additional Configuration When SSO is Enabled for Oracle BI and BI Publisher” section.

Basically you need to deploy a second saw bridge (analytics.ear) that dedicates for web service calls and bypasses the SSO:
* Locate analytics.ear in the directory OracleBI_HOME/web, deploy and name the new Plug-in analyticsSOAP.  See the Oracle Business Intelligence Infrastructure Installation and Configuration
Guide for more information on Deploying an Ear file on your Web Application Server.
* Locate the Office Server config file (bioffice.xml), update the SawBaseURL property to point the new analyticsSOAP deployed above.
Config file bioffice.xml can be found in the directory OAS_HOME\j2ee\home\applications\bioffice\bioffice\WEB-INF
And the SawBaseURL property should look like this:
http://[host]:[port]/analyticsSOAP/saw.dll
The BI Office add-in would require the user to enter their SSO credentials to login from within Excel or PowerPoint.

Without these steps, and when attempting to login to Excel plugin to OBI\SSO environment, the error message “Unknown error” is likely to occur.

Few recent Knowledge-based updates

I’ve found the following items to be very interesting as I’m very much interested in running OBIEE in a cloud.
Question someone asked on OS:
Q:How to cluster OBIEE that is installed on two virtual machines?
And their response was:
A:It is not currently possible to use Virtual machine names for OBIEE within a Cluster. The following Enhancement Request exists:
BUG#7576055
VIRTUAL MACHINE NAME FOR CLUSTERED OBI SERVER

This one is interesting, because it’s not just applicable to headers, but to some other elements that may contain HTML:
Q:Is it possible to add HTML code into a Column Header in OBIEE?

A:In order to render HTML in OBIEE (i.e. Answers, Dashboards, etc) please ensure you have set the following parameter “HardenXSS” to FALSE in the instanceconfig.xml file.

Example:


[ServerInstance]
[HardenXSS]false[/HardenXSS]
[/ServerInstance]

Last one is related to using external methods to get in to OBIEE.

Goal
1) Customer has a JSP and java application running on web sphere application server which uses OAM for single-sign-on.
2) In the same JSP application they have embeded a report which gets the data from OBIEE webservices. The actual report is deployed on OBIEE presentation server and uses OAM for authentication. When the user logs in to java application and clicks on the page which invokes a report from OBIEE customer doesn’t want to prompt for authentication again.
3) Customer does not see any OBIEE login webservices which takes as input parameter the authentication token or cookie generated in JSP application.
A:
There is currently no mechanism within the OBI Web Services to use Single Sign-on (SSO).

There are some methods that may assist further with customer requirement (i.e. impersonate() Method and impersonateex() Method). These methods should allow the users to logon and impersonate another user when customer only have the Administrators Login and Password.

However, these methods are not SSO as customer would still need to provide a username and password for the SOAP client (i.e. Administrator/Administrator) from within their J2EE application.

In order to overcome the fact the OBI Web Services does not use SSO, customer may want to install a new Presentation Server. The dedicated Presentation Server can then have the SSO disabled and can be used solely for the WEB Services application and nothing else.

I wonder what are security implications of such arrangement.

Have a good day!

How do you enable SSO for an embedded OBIEE Report in Hyperion Workspace 9.3.1?

OBI EE and Hyperion Workspace / Smartspace integration was only introduced in EPM 11.1.1 and OBI EE 10.1.3.4.

To be able to have a seemless integration (No OBI EE Login Screen) when navigating from Hyperion Workspace 9.3.1 to OBI EE 10.1.3.4 you have the following options which might meet your implementation requirement: –

1) Use the ‘&NQUser=uuu&NQPassword=ppp’ URL arguments.

These are detailed in the section ‘Incorporating Oracle Business Intelligence Results into External Portals or Applications Using the Go URL’ of the Presentation Server Guide.

2) Enable OBI EE to use SSO. We support any SSO Vendor (SiteMinder, ClearTrust, Oracle SSO, Java SSO, etc…) which supports either HTTP Headers, Server Variables or Cookies.

Please see Chapters 8 and 10 of the Deployment Guide for more information on this area of functionality.

Neither of these options have been designed specifically for Workspace, but they should give you a generic option to implement a solution where no login is required when navigating to OBI EE from Workspace.

3) Just create a custom Init Block and custom session variable. Make the session variable to be initialized with the password. The query for the password initialization would be

SELECT ‘:PASSWORD’ FROM DUAL

Now, go to answers and create a report which would generate the Smartcut link. To this link pass the username (through the USER system session variable) and the password (through the custom session variable above). This will enable seamless login.

4) Enable BI EE to use the Table Authentication method, where usernames and passwords are stored in a database table. Passwords would be stored in encrypted form using obfuscation packages provided with the database.

Then create a report which would generate the Smartcut link. To this link pass the username (through the USER system session variable) and the password (through EVALUATE and a reverse obfuscation package function which would return the password in clearcase) in the report.
Then just use this report in the dashboard for providing the link. This will provide a seamless login.

5) I believe Workspace supports Impersonation. Technical Support have not tested this but it should work if the impersonation is possible. Using the same report approach above pass the Administrator username and password in the URL (these would be static) and also pass the actual BI EE username as the impersonation user in the URL. Provider services and Essbase JAPI support impersonation. We assume Workspace should support that as well. But of course, if its not supported then this would not work. Please liaise with Hyperion Technical Support or a Consultancy Department like Expert Services to look into this option further.

The above options are only supplied as possible workarounds, but Technical Support highly recommends that you upgrade to Hyperion Workspace 11.1.1 so you can leverage the built-in integration functionality.