Configuring Windows Native Authentication (Single Sign On) Posted by BI Person on October 12, 2010 Configuring Windows Native

Authentication (Single Sign On): Single sign-on (SSO) is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. To implement SSO, following steps need to be followed

Modify instanceConfig.xml file : Along with this a user with name IMPERSONATE needs to be created in the repository. Impersonator User Credentials needs to be added to Oracle BI Presentation Services Credential Store To Add impersonator user credentials to Oracle BI Presentation Services Credential Store. Configure Oracle BI Presentation Services to identify the Credential Store and decryption passphrase.

Refer to BIEE Deployment Guide Chapter 11 Enabling Oracle Single Sign-On for Oracle Business Intelligence for detail introductions.

To configure Oracle BI Presentation Services to operate in an SSO environment Open instanceconfig.xml file for editing The instanceconfig.xml is located at D:/Oracle/OracleBIData/web/config)

Note: It is advisable to take backup of instanceconfig.xml file before making changes.

Locate the <Auth> element. If this does not exist, create this element, sub-elements and parameters as shown below:

<Auth> <SSO enabled=true> <ParamList> <!IMPERSONATE param is used to get the authenticated users username and is required > <Param name=IMPERSONATE source=serverVariable nameInSource=REMOTE_USER stripWindowsDomain=true/> </ParamList> </SSO>

 Create User Impersonator and mark it Member of Administrator Group

Save the RPD. Now run the cryptotools utility that would basically store the username and password of the impersonator into an XML file called credentialstore.xml. Take a back up of the credentialstore.xml before executing the cryptotool utility. Run the tool: cryptotools credstore -add -infile D:/oracle/OracleBIData/web/config/credentialstore.xml

The entry will appear in credentialstore.xml file Configure Oracle BI Presentation Services to Identify the Credential Store and Decryption Passphrase <CredentialStore> <CredentialStorage type=file path=D:/oracle/OracleBIData/web/config/credentialstore.xml/> </CredentialStore> If you are using the Oracle BI Reporting and Publishing feature and have deployed BI Publisher, then you must enable SSO for BI Publisher. To enable SSO:

1) On the same machine where BI Presentation Services Plug-in has been deployed, deploy another Presentation Services Plug-in using the file analytics.ear. Locate analytics.ear in the directory OracleBI_HOME/web/. 2) Name the new Plug-in analyticsSOAP. Make the same modifications to the web.XML file for this analyticsSOAP servlet that were made to the web.XML file for the default analytics servlet. Now restart IIS and obi servers, the Oracle BI application opens without prompting for the login.