Peak Indicators - Oracle BI EE Installation

Page 1 www.peakindicators.com [email protected]

Peak Indicators Limited 92 Malthouse Lane

Ashover Derbyshire S45 0BU England

+44 7811 453781

Oracle BI Enterprise Edition

With Single-Sign-On

Installation and Configuration Guide

Antony Heljula

Technical Architect

27th

May 2009

Helping Your Business Intelligence Journey


TABLE OF CONTENTS

About The Installation ...................................................................................................................................... 4

Pre-Requisites .................................................................................................................................................. 5

Create OS User Account ............................................................................................................................... 5

Install Oracle Database Client ........................................................................................................................... 6

Install Oracle Application Server ....................................................................................................................... 7

Install Oracle Identity Management ................................................................................................................ 12

Running The Installer.................................................................................................................................. 12

Configure Shell Script ................................................................................................................................. 18

Start up Oracle Identity Management ......................................................................................................... 18

Install Oracle BI Enterprise Edition (CLIENT) .................................................................................................... 19

Install Java Development Kit (JDK) .............................................................................................................. 19

Download and Extract Oracle BI EE Software (for Windows) ....................................................................... 19


Install Oracle BI Enterprise Edition (SERVER) ................................................................................................... 22

Create Installation Folders for Oracle BI EE ................................................................................................. 22

Create BIEE Schema on Data-Warehouse .................................................................................................... 22

Install Java Development Kit (JDK) .............................................................................................................. 23

Download and Extract Oracle BI EE Software (for Linux).............................................................................. 23

Configure Operating System Limits ............................................................................................................. 23

Run UnixChk.sh Script ................................................................................................................................ 24


Configure Shell Scripts ................................................................................................................................ 27

Configure BI Delivers Scheduler .................................................................................................................. 28

Create “BI Delivers Scheduler” and “Usage Tracking” tables ....................................................................... 29

Enable Usage Tracking ................................................................................................................................ 30

Configure Credential Store ......................................................................................................................... 31

Configure BI Repository (RPD) .................................................................................................................... 32

Configure Presentation Catalogue .............................................................................................................. 32


Start Up Oracle AS and BI EE Processes ....................................................................................................... 33

Configure BI Publisher ................................................................................................................................ 34

Configure Security For Oracle OID and Oracle SSO (OPTIONAL) ....................................................................... 35

Configure BI Repository (RPD) For LDAP Authentication .............................................................................. 35

Enable Authorization With Oracle Internet Directory .................................................................................. 37

Register Oracle BI EE As A Partner Application ............................................................................................ 40

Configure HTTP Server................................................................................................................................ 41

Create Impersonator User In BI Repository ................................................................................................. 43

Configure Credential Store for Impersonator User ...................................................................................... 43

Configure Presentation Services ................................................................................................................. 44

Configure BI Publisher for /analyticsSOAP................................................................................................... 45

Deploy /analyticsSOAP and Re-start BI Publisher ........................................................................................ 46

Restart HTTP and Presentation Services...................................................................................................... 49

Configure Security For Active Directory (OPTIONAL) ....................................................................................... 50

Enable Authentication With Active Directory .............................................................................................. 50

Enable Authorization With Active Directory ................................................................................................ 53


ABOUT THE INSTALLATION

This document details the installation of Oracle BI Enterprise Edition 10.1.3.4 configured for Single-Sign-On

with the Oracle Identity Management suite.

The following server build is required:

• Red-Hat Linux 4

• 32-bit

It is assumed that a Data-Warehouse (DW) database is already available and populated in advance of this

installation procedure.

Before the actual Oracle BI Enterprise Edition install begins, this document will first guide you through the

process of installing an Oracle Application Server that will host the Oracle BI EE web components (shown

below as “Analytics”, “BI Publisher” and “BI Office”). These Oracle BI EE web components will be deployed

automatically to the Oracle Application Server as part of the Oracle BI Enterprise Edition install process.

Oracle Database Client software will also be required so that the BI Server can source data from the Data-

Warehouse via SQL*Net.

There is an optional section in this guide detailing how to configure Oracle BI EE to “authenticate” and

“authorize” using Oracle Single-Sign-On (OSSO) and Oracle Internet Directory (OID). The installer for the

Oracle Identity Management (OIM) suite will actually install all the necessary OIM components shown on the

left-hand side in the diagram below (including an Oracle Application Server and Oracle Internet Directory (OID)

database repository). OIM can be installed on a different server is necessary.

Another optional section exists for configuring Oracle BI EE to “authenticate” and “authorize” against Active

Directory. This section however does not cater for Single-Sign-On.


PRE-REQUISITES

CREATE OS USER ACCOUNT

In order to perform the installation, create a new account on the Linux server called, for example, “orabiee”.

Configure this new user account to be a member of the “dba” group.


INSTALL ORACLE DATABASE CLIENT

Install the Oracle Database Client version 10.2 on the Linux server.

Example install location: /vol1/oracle/product/10.2

NOTE: The above folder will from now on be referred to as [ORA HOME]

You only need to choose the “Runtime” installation type.

After the install is complete, configure the tnsnames.ora file with the connection to the Data-Warehouse.


INSTALL ORACLE APPLICATION SERVER

Install Oracle Application Server 10.1.3.x on the Linux server. The software can be downloaded from Oracle

Technology Network:

http://download.oracle.com/otn/linux/ias/101310/soa_linux_x86_101310_disk1.cpio

NOTE: This is the “Oracle SOA Suite” application download

Copy the downloaded file to the Linux machine and extract the contents using the following command:

cpio -idvm < soa_linux_x86_101310_disk1.cpio

Start the installation process by running the “runInstaller” utility.

./runInstaller

When the installation window appears, you should specify the following parameters:

Installation Directory : /vol1/oracle/product/ias (as an example)

NOTE: This folder will from now on be referred to as [IAS HOME]

Installation Type : Advanced Install

Click “Next” and then click “Yes” to accept the subsequent warning.

Choose the “J2EE Server and Web Server” installation option:


Confirm all OS checks are passed:

On the next screen, choose the option for “Automatic Port Configuration”:


On the “Administration Settings” screen, set the following parameters:

Instance Name : iAS (as an example)

AS Administrator Password : [OC4J password]

Enable the option “Configure this as an Administration OC4J instance”

OC4J Instance Name : home (this value must be set to “home”)

Ignore “Cluster Topology” options, just click “Next”:


Now start the install process:

During the install you will need to run a “root.sh” script as the root user:


The Configuration Assistant will then run…..

The installation will then complete:

URL for Application Server Control : http://[server]:7777/em


INSTALL ORACLE IDENTITY MANAGEMENT

RUNNING THE INSTALLER

The Oracle Identity Management 10.1.4.0.1 software can be downloaded from Oracle Technology Network

(you will need to download both these files):

http://download.oracle.com/otn/linux/ias/101401/as_linux_x86_oim_oif_101401_disk1.cpio

http://download.oracle.com/otn/linux/ias/101401/as_linux_x86_oim_oif_101401_disk2.cpio

Copy the downloaded files to the Linux machine and extract the contents using the following command:

cpio -idvm < as_linux_x86_oim_oif_101401_disk1.cpio

cpio -idvm < as_linux_x86_oim_oif_101401_disk2.cpio

Start the installation process by running the “runInstaller” utility.

./runInstaller

When the installation window appears, you should specify the following parameters:

Name : oim (as an example)

Path : /vol1/oracle/product/oim (as an example)

NOTE: This folder will from now on be referred to as [OIM HOME]


Choose to install the product “Oracle Application Server Infrastructure 10g”:

Then choose the installation type “Identity Management and Metadata Repository (4.01 GB)”:

Confirm all OS checks are passed:


Confirm that you have root privileges on the Linux machine:

Accept the default configuration options:

Choose “automatic” port configuration:


Accept the default “suggested namespace” setting:

Specify the following Database Configuration Options for the “Oracle Internet Directory” (OID) database

repository:

Global Database Name : oid.localdomain (example)

SID : oid (example)

Database File Location : [OIM HOME]/oradata

For the database passwords, use the same password for all accounts and specify an appropriate password:


Next, enter the instance name and ias_admin (administrator) password for the Oracle Identity Management

suite:

Instance Name : oim (example)

Ias_admin Password : [password]

Confirm Password : [password]

Click “Install” to finally start the installation process:


If you see the following error during installation then just click “Continue” to ignore it:

During the install process you will asked to log on as the “root” user and run a script called “root.sh”:

Finally, a number of “configuration assistants” will run, these must all complete successfully (they may take

some time to run):


CONFIGURE SHELL SCRIPT

Log on to the Linux machine as the “orabiee” user.

In the “orabiee” home directory, create a new script called “startoid.sh”:

# set OIM Client Environment Variables

export ORACLE_HOME=[OIM HOME]

export TNS_ADMIN=$ORACLE_HOME/network/admin

export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib

# Start up Oracle Internet Directory database repository and listener

$ORACLE_HOME/bin/dbstart

$ORACLE_HOME/bin/lsnrctl start

# Start OIM Application Server

$ORACLE_HOME/opmn/bin/opmnctl start

START UP ORACLE IDENTITY MANAGEMENT


Open up a Terminal window and execute the following command:

. startoid.sh


INSTALL ORACLE BI ENTERPRISE EDITION (CLIENT)

INSTALL JAVA DEVELOPMENT KIT (JDK)

Download the latest “Java SE Development Kit” (JDK) for Windows from the following web-site:

http://java.sun.com/javase/downloads/index.jsp

The file you need to download will be something like this:

Downloaded file to your Windows workstation, execute it and then follow the instructions to complete the

install.

DOWNLOAD AND EXTRACT ORACLE BI EE SOFTWARE (FOR WINDOWS)

You can download the Oracle BI EE software for Windows from the following location on Oracle Technology

Network:

http://download.oracle.com/otn/nt/ias/101341/biee_windows_x86_101341.zip

Once downloaded, extract the zip file.


Start the installation process by executing the following file within the extracted software folder:

.....\Windows\Server\Oracle Business Intelligence\setup.exe

Click “Next” when you arrive at the first screen showing an “important” message:


Specify the following parameters:

Installation Location : C:\Oracle\OracleBI

Data Location : C:\Oracle\OracleBIData

Installation Type : Basic

On the next screen, choose the setup type “Oracle Business Intelligence Client Tools”:

Then locate the path of your JDK:

Choose “English” as the chosen language:


Now you can start the install process:


INSTALL ORACLE BI ENTERPRISE EDITION (SERVER)

CREATE INSTALLATION FOLDERS FOR ORACLE BI EE

Create a new “base” directory on the Linux server for the Oracle BI EE install. For example:

mkdir /vol1/oracle/product/biee

NOTE: The above folder path will from now on be referred to as [BI HOME]

Then create two sub-folders for the “OracleBI” and “OracleBIData” locations that need to be specified during

the installation process:

mkdir [BI HOME]/OracleBI

mkdir [BI HOME]/OracleBIData

Set the appropriate ownership permissions for the “orabiee” user account:

chown orabiee:dba [BI HOME]/biee

chown orabiee:dba [BI HOME]/OracleBI

chown orabiee:dba [BI HOME]/OracleBIData

CREATE BIEE SCHEMA ON DATA-WAREHOUSE

On the Data-Warehouse, create a new “BIEE” schema for storing the following database objects:

Oracle BI Delivers “Scheduler” tables

Oracle BI “Usage Tracking” tables

Oracle BI Publisher “Scheduler” tables

You can do this by logging on via SQL*Plus as a SYSTEM user and running the following commands:

create user biee identified by [password] default tablespace [tablespace] quota unlimited on

[tablespace];

grant create session, create table, create procedure, create sequence, create view, create trigger to

biee;


INSTALL JAVA DEVELOPMENT KIT (JDK)

Download the latest “Java SE Development Kit” (JDK) for Linux software from the following web-site:

http://java.sun.com/javase/downloads/index.jsp

The file you need to download will have a “-rpm.bin” suffix and be something like this:

Copy the downloaded file to the Linux server and make sure its permissions will allow it to be executed. For

example:

chmod +x jdk-6u13-linux-i586-rpm.bin

Install the JDK by executing the file as the root user from the shell command line.

./jdk-6u13-linux-i586-rpm.bin

Make sure the Linux machine is defaulted to use this new Java location:

ln -sf /usr/java/latest/bin/java /usr/bin/java

DOWNLOAD AND EXTRACT ORACLE BI EE SOFTWARE (FOR LINUX)

You can download the Oracle BI EE software from the following location on Oracle Technology Network:

http://download.oracle.com/otn/linux/ias/101341/biee_linux_x86_redhat_101341.zip

Once downloaded, extract the contents of the zip file and upload the resultant “.tar” file to the Linux machine.

You can extract the “.tar” file using the following Linux system command:

tar –xvf biee_linux_x86_redhat_101341_lof1.tar

CONFIGURE OPERATING SYSTEM LIMITS

As the root user, configure certain OS limits by modifying the file /etc/security/limits.conf and adding the

following lines:

orabiee soft nofile 10240

orabiee hard nofile 10240

orabiee soft mproc 2047

orabiee hard mproc 16384


RUN UNIXCHK.SH SCRIPT

As the “orabiee” user on the Linux machine, change directory to the software install location for Oracle BI EE.

For example:

cd /home/orabiee/RH_Linux/Server/Oracle_Business_Intelligence

Then run the UnixChk.sh script to check for all pre-requisites prior to installation (you need to specify the

Oracle BI “base” location as a parameter):

./UnixChk.sh [BI HOME]

If successful, you should see the following output:


As the “orabiee” user, change directory to the Oracle BI EE installation software folder. For example:

cd /home/orabiee/RH_Linux/Server/Oracle_Business_Intelligence

Then run the following commands to start the installer:

export DISPLAY=[ip address]:0.0

./setup.sh

Click “Next” to ignore the opening message:



Installation Location : [BI HOME]/OracleBI

Data Location : [BI HOME]/OracleBIData

Installation Type : Advanced

On the next screen, choose the “Complete” setup type:

You will then need to specify the details for the Oracle Application Server instance.

Oracle Application Server Location : [IAS HOME]

Administrator Username : oc4jadmin

Administrator Password : [OC4J password]


Choose “English” as the chosen language:

Now you can start the install process:

Simply exit the installer when the process has completed:


CONFIGURE SHELL SCRIPTS


Open up the “.bash_profile” script for editing. Add the following lines (checking the paths in red are correct):

# set Oracle DB Client Environment Variables

export ORACLE_HOME=[ORA HOME]

export TNS_ADMIN=$ORACLE_HOME/network/admin

export LD_LIBRARY_PATH=[IAS HOME]/lib:$ORACLE_HOME/lib:/lib:/usr/lib

# Configure PATH to include binaries for Oracle DB Client, Oracle BI EE and Oracle AS

PATH=$PATH:$ORACLE_HOME/bin:$HOME/bin:[IAS HOME]/opmn/bin:.

export PATH

# Run the provided script for setting up other the Oracle BI EE environment variables

. [BI HOME]/OracleBI/setup/sa-init.sh

In the “orabiee” home directory, create a new script called “startbiee.sh”:

# Start Oracle Application Server for BI EE

[IAS HOME]/opmn/bin/opmnctl start

# Start Oracle BI Server

run-sa.sh start

# Start Oracle BI Presentation Services

run-saw.sh start

# Start Oracle BI Scheduler

run-sch.sh start


CONFIGURE BI DELIVERS SCHEDULER

Open up a new session as the “orabiee” user on the Linux machine (open a new session to make sure all the

environment variables get set correctly).

Configure the BI Delivers scheduler by running the following command:

schconfig

Then configure the scheduler by specify the following menu options and parameters:

1 – Configure Scheduler

1 – Database

3 – Data Source Name : TNS Connect string to Data Warehouse e.g. biee421dev

4 – User Name : biee

5 – Password : [biee password]

0 – Quit

“Y” to save changes

2 – General

11 – Administrator Password : Administrator

0 – Quit


0 - Quit

2 – Configure Mail

1 – General

2 – Sender Address : [email protected]

3 – SMTP Server : your.smtp.mail.server

0 – Quit


0 - Quit

0 - Quit


CREATE “BI DELIVERS SCHEDULER” AND “USAGE TRACKING” TABLES

As the “orabiee” user on the Linux machine, change directory to the BI EE “Schema” location:

cd [BI HOME]/OracleBI/server/Schema

The create the Scheduler and Usage Tracking tables on the Data-Warehouse “biee” schema using SQL*Plus:

sqlplus biee/[password]@[dw]

@SAJOBS.Oracle.sql

@SAACCT.Oracle.sql

exit

There are two “Time” dimension tables that also need to be imported into the “biee” schema (used for Usage

Tracking reporting):

S_ETL_DAY

S_ETL_TIME_DAY

To do this, uncompress the “usage.zip” file thas provided along with this installation guide. Import the

resultant “usage.dmp” file into the “biee” schema:

Imp biee/[bieepw]@[dw] file=usage.dmp full=y


ENABLE USAGE TRACKING

A dedicated “Connection Pool” should exist in the Physical Layer of the BI Repository (RPD) that allows write

access to the “Usage Tracking” table (S_NQ_ACCT) on the BIEE schema:

Open up the following configuration file for editing:

[BI HOME]/OracleBI/server/Config/NQSConfig.ini

Modify the following parameters:

[ USAGE_TRACKING ]

ENABLE = YES;

DIRECT_INSERT = YES;

PHYSICAL_TABLE_NAME = "Oracle BI EE"."BIEE"."S_NQ_ACCT";

CONNECTION_POOL = "Oracle BI EE"."Oracle BI EE Writer Connection Pool";

Save the file and exit.

NOTE:

The text in red reflects the BI Repository configuration shown in the above diagram. You should configure

these parameters to be in line with your own custom BI Repository file.


CONFIGURE CREDENTIAL STORE

The “Credential Store” is used to hold certain user credentials so that it is possible for external applications to

integrate with Oracle BI EE. We need to configure this Credential Store for the BI Delivers and BI Publisher.

Log on as “orabiee” to the Linux machine and run the following 2 commands (checking the Path and

Administrator password in red are correct):

cryptotools credstore –add –encr –username Administ rator –password Administrator –

alias admin –passphrase password –writePassphrase Y –batch –InFile [BI HOME]/OracleBIData/web/config/credentialstore.xml

cryptotools credstore –add –encr –username Administ rator –password Administrator –

alias bipublisheradmin –passphrase password –writeP assphrase Y –batch –InFile [BI HOME]/OracleBIData/web/config/credentialstore.xml


CONFIGURE BI REPOSITORY (RPD)

Copy your custom BI Repository (RPD) file to the following location on the Linux machine:

[BI HOME]/OracleBI/server/Repository


[BI HOME]/OracleBI/server/Config/NQSconfig.ini

Configure the following parameter within the config file so that it corresponds to your custom BI Repository

(RPD) file name:

[ REPOSITORY ]

Star = samplesales.rpd, DEFAULT;

CONFIGURE PRESENTATION CATALOGUE

Copy your custom BI Presentation Catalogue folder structure to the following location on the Linux machine:

[BI HOME]/OracleBIData/web/catalog


[BI HOME]/OracleBIData/web/config/instanceconfig.xml

Configure the following parameter within the config file so that it corresponds to your custom BI Presentation

Catalogue path:

<CatalogPath[BI HOME]/OracleBIData/web/catalog/samplesales</CatalogPath>


START UP ORACLE AS AND BI EE PROCESSES

As the “orabiee” user on the Linx machine, initiate the following command to start up the Oracle Application

Server and BI EE processes:

. $HOME/startbiee.sh

Wait a few moments.....then try logging on to the BI Dashboards:

http://[host]:7777/analytics

Use the following credentials to log in:

Username : Administrator

Password : Administrator


CONFIGURE BI PUBLISHER

Log on to the BI Dashboards:

http://[host]:7777/analytics (Administrator / Administrator)

At the top-right, choose the menu option: “More Products �BI Publisher”

BI Publisher will now open up.

Click on the “Admin” tab and choose “Scheduler Configuration”.


Connection String : jdbc:oracle:thin:@devsrv02:1521:bidev421 (example host:port:sid)

Username : biee

Password : [biee password]

Click “Test Connection”:

Click “Install Schema”:


CONFIGURE SECURITY FOR ORACLE OID AND ORACLE SSO (OPTIONAL)

CONFIGURE BI REPOSITORY (RPD) FOR LDAP AUTHENTICATION

The Development team should have configured the BI Repository (RPD) file for LDAP Authentication.

You should however configure the RPD file to authenticate against the appropriate LDAP server (in our case,

this will be Oracle Internet Directory).

Open up the BI Administration tool via the “Start” menu:

Start �Oracle Business Intelligence � Administration

Click on the icon to open up your BI Repository in “on-line” mode (NOTE: If you don’t see a connection

listed for your BI Server then you need to create one via Administrative Tools � ODBC Data Sources):

Once you have connected to your BI Repository, choose the following menu option:

Manage � Security

Click on “LDAP Servers”, you should see a list of possible LDAP Servers on the right-hand side:


Double-click on the LDAP Server to edit its properties. Modify the following parameters:

Host Name : Host for your Oracle Identity Management suite

Port : Port for Oracle Internet Directory (typically 389)

Base DN : The Base location for the “User” location within OID

Use the “Test Connection” button to confirm OID connectivity can successfully be established.

Click “OK” to accept the changes.

Save the RPD by choosing the menu option “File � Save” (choose “Yes” if prompted to check in changes

and/or to check global consistency)


ENABLE AUTHORIZATION WITH ORACLE INTERNET DIRECTORY

Oracle BI EE cannot actually integrate directly with LDAP / Oracle Internet Directory to automatically obtain

the “groups” associated to a user.

We will actually create a database PL/SQL Function that utilises the DBMS_LDAP package to perform the OID

lookup process.

A new “Initialization Block” within the BI Repository will then be created to call this PL/SQL Function and assign

the results to the “GROUP” session variable.

There are two steps to this task:

1) Create GETLDAPGROUPS PL/SQL Function

Open up the supplied “OID_Authorization.sql” file for editing.

At the top, modify the top 4 parameters to suit your implementation:

l_ldap_host : [LDAP hostname]

l_ldap_port : [LDAP port]

l_ldap_base : [The DN location within OID where the GROUPS are stored]

For example:

-- Adjust as necessary.

l_ldap_host VARCHAR2(256) := 'peakdin1.localdomain';

l_ldap_port VARCHAR2(256) := '13060';

l_ldap_base VARCHAR2(256) := ' cn=Groups,dc=localdomain,dc=com';

Save the file.

Log on to the Data-Warehouse as the “biee” user and then execute the “AD_Authorization.sql” file to create

the PL/SQL Function:

sqlplus biee/[biee pw]@[dw]

@OID_Authorization.sql


2) Create “Authorization” Initialization Block

Open up the BI Repository and choose the menu option “Manage � Variables”.

On the left-hand side of the Variable Manager window, click on “Session � Initialization Blocks”:

Then on the right-hand side, right-mouse click and choose “New Initialization Block”:

A new window should appear for the new Initialization Block. Specify the following parameters:

Name : Authorization

Click on the “Edit Data Source” button and configure as follows:

Data Source Type : Database

Default Init String : SELECT GETLDAPGROUPS(LOWER(':USER')) FROM DUAL

Connection Pool : [Any connection pool with access to the BI EE schema]


Click on “OK” to go back to the main Initialization Block edit window and click on the “Edit Data Target” button.

Specify “Row-wise initialization” (BUT DO NOT ENABLE THE “Use Caching” OPTION):

Click on “OK”, then click the “Edit Execution Precedence” button.

Click “Add” and the choose the “Authentication” Initialization Block:

Click on “OK” and then “OK” again to exit the Initialization Block edit window.

Save the Repository (<CTRL> + S).


REGISTER ORACLE BI EE AS A PARTNER APPLICATION

Oracle BI EE needs to be registered as a “Partner Application” on the SSO Server.

The command-line has the following syntax:

ssoreg.sh -oracle_home_path [Oracle SSO Home]

-site_name [HTTP Server : Port]

-config_mod_osso TRUE

-mod_osso_url [http://HTTP Server : Port]

-config_file [Location of generated .conf file]

Open up a Terminal session on the Linux machine hosting the Oracle Identity Management suite. Enter the

following commands:

cd [OIM HOME]/sso/bin

./ssoreg.sh -oracle_home_path [OIM HOME] -site_name [BI HOST]:[BI PORT] -config_mod_osso

TRUE -mod_osso_url http://[BI HOST]:[BI PORT] -config_file [OIM

HOME]/Apache/Apache/conf/osso/biosso.conf

NOTES:

[BI HOST] is the Linux machine hosting Oracle BI EE

[BI PORT] is the HTTP port on which Oracle BI EE is running (typically 7777)

After approximately 30 seconds you should see the following success message:

SSO registration tool finished successfully

The process will generate a configuration file called “biosso.conf”, this file will be needed later on in the SSO

configuration process.


CONFIGURE HTTP SERVER

1) Copy “biosso” File

The “biosso.conf” file generated in the previous section needs to be copied from the OIM “HTTP Server” over

to BI EE’s “HTTP Server” (hosted on the Oracle Application Server instance “IAS”).

From location : [OIM HOME]/Apache/Apache/conf/osso/biosso.conf

To location : [IAS HOME]/Apache/Apache/conf/osso/biosso.conf

If both OIM and IAS are hosted on the same machine, then you can use the following copy command to

achieve this:

cp [OIM HOME]/Apache/Apache/conf/osso/biosso.conf [IAS HOME]/Apache/Apache/conf/osso/biosso.conf

2) Modify “mod_osso.conf” File

Open up the following file for editing:

[IAS HOME]/Apache/Apache/conf/mod_osso.conf

Within the <IfModule mod_osso.c> section, add the following text to register the new “biosso.conf” file:

OssoConfigFile [IAS HOME]/Apache/Apache/conf/osso/biosso.conf

Then add the following text to protect the URLs for /analytics and /analyticsSOAP:

<Location /analytics>

Header unset Pragma

OssoSendCacheHeaders off

AuthType Basic

require valid-user

</Location>

<Location /analyticsSOAP>

require valid-user

AuthType Basic

Allow from All

Satisfy any

</Location>


Your “mod_osso.conf” file should look like something like this:

3) Edit “httpd.conf” File


[IAS HOME]/Apache/Apache/conf/httpd.conf

Locate the line for “mod_osso.conf” and un-comment it by removing the “#” at the beginning of the line

Save the file.


CREATE IMPERSONATOR USER IN BI REPOSITORY

Make sure an “Impersonator” user exists in the BI Repository, you can do this by opening up the BI Repository

and going to the “Manange � Security” menu option.

If the user does not exist then create it, specifying the following configuration:

User Name : Impersonator

Password : [password]

Confirm Password : [password]

Group Membership : Administrators

CONFIGURE CREDENTIAL STORE FOR IMPERSONATOR USER

The “Credential Store” is used to hold certain user credentials so that it is possible for external applications to

integrate with Oracle BI EE. During the BI EE installation you configured this Credential Store for BI Delivers

and BI Publisher, now we must also configure the Credential Store for “Impersonation” which is required for

SSO to function properly.

Log on as “orabiee” to the Linux machine and run the following command (checking the Path and

Impersonator password in red are correct):

cryptotools credstore –add –encr –username Imperson ator –password Impersonator –alias impersonation –passphrase password –writePassphrase Y –batch –InFile [BI

HOME]/OracleBIData/web/config/credentialstore.xml


CONFIGURE PRESENTATION SERVICES

You will now configure Presentation Services to do the following:

• Enable SSO

• Perform Impersonation using the “Impersonator” user

• Log on and Log off using the URLs provided by the SSO Server (rather than the standard Oracle BI

login / logoff screens)


[BI HOME]/web/config/instanceconfig.xml

Add the following tags to the .xml file (the text highlighted in red is the text you need to change):

<CredentialStore>

<CredentialStorage type="file" path="[BI HOME]/OracleBIData/web/config/credentialstore.xml"

passphrase="password"/>

</CredentialStore>

<Auth>

<SSO enabled="true">

<ParamList>

<Param name="IMPERSONATE" source="serverVariable" nameInSource="REMOTE_USER"/>

</ParamList>

<LogoffUrl>http://[OIM HOST]:[OIM

PORT]/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=http%3A%2F%2F[BI HOST]:[BI

PORT]%2Fanalytics%2F</LogoffUrl>

<LogonUrl>http:// ://[OIM HOST]:[OIM PORT]/pls/orasso/orasso.wwsso_app_admin.ls_login</LogonUrl>

</SSO>

</Auth>

NOTES:

[OIM HOST] is the Linux machine hosting Oracle Identity Management

[OIM PORT] is the HTTP port on which Oracle Identity Management is running (typically 7779)

[BI HOST] is the Linux machine hosting Oracle BI EE

[BI PORT] is the HTTP port on which Oracle BI EE is running (typically 7777)


CONFIGURE BI PUBLISHER FOR /ANALYTICSSOAP

Log on to the BI Dashboards:

http://[host]:7777/analytics (Administrator / Administrator)

At the top-right, choose the menu option: “More Products �BI Publisher”

BI Publisher will now open up.

Go to “Admin” tab and choose the link for “Oracle BI Presentation Services”

Set the following parameters on the page:

Administrator Password : Administrator (example)

URL Suffix : analyticsSOAP/saw.dll

Click “Apply”


DEPLOY /ANALYTICSSOAP AND RE-START BI PUBLISHER

The “analyticsSOAP” component is a copy of the “analytics” deployment and is needed for Single-Sign-On

between BI EE and BI Publisher to function seamlessly (the “/analyticsSOAP” URL will be protected slightly

differently on the web server).

Log on to the Oracle Application Server Control: http://[server]:7777/em

Log in with oc4jadmin / oc4jadmin:

Click on “home” link

Click on “Applications” link

Click on “Deploy” button

Click on “Archive is already present on the server” and enter the location:

[BI HOME]/OracleBI/web/analytics.ear


Click “Next” and specify the following parameters:

Application Name : analyticsSOAP

Context Root : analyticsSOAP

Click “Next”

Click “Deploy”


Click “Return”, you should now see the list of Applications installed within “home”:

Check the box beside “xmlpserver” and click “Restart”

and “Yes” to confirm


RESTART HTTP AND PRESENTATION SERVICES

As the “orabiee” user on the Linux machine, initiate the following commands to restart the BI EE “HTTP Server”

and BI Presentation Services:

[IAS HOME]/opmn/bin/opmnctl restartproc process-type=HTTP_Server

run-saw.sh stop

[wait a minute or two….]

run-saw.sh start


CONFIGURE SECURITY FOR ACTIVE DIRECTORY (OPTIONAL)

ENABLE AUTHENTICATION WITH ACTIVE DIRECTORY





Name : Authentication

Required for Authentication :


Click on the “Edit Data Source” button.

Set the “Data Source Type” to “LDAP”:

Click on the “New” button to specify a new LDAP server, enter the following parameters on the “General” tab:

Name : [LDAP Server Name]

Host Name : [Host Name of the LDAP Server]

Port : [LDAP Port]

Base DN : [Distinguished Name in the LDAP directory containing the list of Users]

Bind DN : [DN for a user name with which to connect to the LDAP directory]

Bind Password : [Password for Bind DN user]

Confirm pw : [Password for Bind DN user]

Then click on the “Advanced” tab and enter the following parameters:

ADSI :

Go back to the “General” tab, click on the “Test connection” button and make sure connectivity has been

established successfully.

Click “OK” and then “OK” again to go back to the main Initialization Block edit window.


Now click the “Edit Data Target” button, and specify the following new Variables as targets (by clicking on the

“New” button for each one):

Variable LDAP variable

USER sAMAccountName

DISPLAYNAME cn

DN distinguishedName

Click “OK” to go back to the main Initialization Block edit window:

Test for successful configuration by clicking the “Test” button and specifying “Use Bind Parameters”:

You should see each of the three above variables have been populated.


Save the BI Repository (<CTRL> + S).


ENABLE AUTHORIZATION WITH ACTIVE DIRECTORY

Oracle BI EE cannot actually integrate directly with LDAP / Active Directory to automatically obtain the

“groups” associated to a user.

We will actually create a database PL/SQL Function that utilises the DBMS_LDAP package to perform the

Active Directory lookup process.

A new “Initialization Block” within the BI Repository will then be created to call this PL/SQL Function and assign

the results to the “GROUP” session variable.

There are two steps to this task:

3) Create GETLDAPGROUPS PL/SQL Function

Open up the supplied “AD_Authorization.sql” file for editing.

At the top, modify the top 4 parameters to suit your implementation:

l_ldap_host : [LDAP hostname]

l_ldap_port : [LDAP port]

l_ldap_user : [Username with which to connect up to the LDAP Server]

l_ldap_passwd : [Password for the lookup username]

For example:

-- Adjust as necessary.

l_ldap_host VARCHAR2(256) := 'your.ldap.server.com';

l_ldap_port VARCHAR2(256) := '389';

l_ldap_user VARCHAR2(256) := 'MEDIA\Lookup User';

l_ldap_passwd VARCHAR2(256) := 'xyz123';

Save the file.

Log on to the Data-Warehouse as the “biee” user and then execute the “AD_Authorization.sql” file to create

the PL/SQL Function:

sqlplus biee/[biee pw]@[dw]

@AD_Authorization.sql

NOTE:

The PL/SQL Function contains a hard-coded username and password. If you wish to hide this then you can

“wrap” the PL/SQL Function so that the contents are encrypted. Please refer to the Oracle Database

documentation on how to do this.


4) Create “Authorization” Initialization Block





Name : Authorization

Click on the “Edit Data Source” button and configure as follows:

Data Source Type : Database

Default Init String : select GETLDAPGROUPS('VALUEOF(NQ_SESSION.DN)') from dual

Connection Pool : [Any connection pool with access to the BI EE schema]


Click on “OK” to go back to the main Initialization Block edit window and click on the “Edit Data Target” button.

Define a single target Variable called “GROUP”:

Click on “OK”, then click the “Edit Execution Precedence” button.

Click “Add” and the choose the “Authentication” Initialization Block:


Save the Repository (<CTRL> + S).

INSTALL COMPLETE

You can now test by logging on to http://[BI HOST]:[BI PORT]/analytics

Documents

Peak Indicators - Oracle BI EE Installation