OBIEE Authentication Using the Oracle E-Business Suite
There are two primary options for sharing authentication solutions with the Oracle E-Business Suite. The Oracle E-Business Suite and OBIEE both can take advantage of Oracle’s Single Sign-On (SSO) solutions. If SSO is used, both OBIEE and the E-Business Suite would be subscribing applications.
The other option is for OBIEE to use the Oracle E-Business Suite for authentication. This solution requires that users first log into the E-Business Suite and from there exercise (click-on) a menu function to bring them into OBIEE without having to type a user name or password.
OBIEE and Oracle E-Business Suite Integration
Configuring OBIEE to use the Oracle E-Business Suite for authentication is straight forward and can be completed in a test environment with only a small amount of effort. It is technically accomplished through the sharing of the E-Business Suite session cookie.
Further documentation on the specific steps to configure OBIEE to use the E-Business Suite for authentication can be found on Metalink as well as in the OBIEE documentation. A high level summary is as follows:
- Using the BI Admin client tool, modify the RPD file to add a connection to the E-Business Suite database.
- Add an initialization block to the RPD file that calls the E-Business Suite API APP_SESSION.validate_icx_session and then call FND_GLOBAL to collect the variables resp_id, resp_appl_id, security_group_id, resp_name, user_id, employee_id and user_name.
- Edit the OBIEE configuration files authenicationschema.xml and instanceconfig.xml
- Create a menu function to launch OBIEE. You must use the SSWA OracleOasis.jsp$mode=OBIEE
- Populate the system profile option ‘FND: Oracle Business Intelligence Suite EE base URL’ with the url for OBIEE. For example: http://theobieeserver.yourcompany.com:9704
- Upload the modified RPD file using Enterprise Manager and bounce all OBIEE services
Technical Summary
Authentication integration between OBIEE and the E-Business Suite is through a combination of a shared session cookie and a dynamic URL. The key to making it work are edits to OBIEE’s instanceconfig.xml configuration file. It is in this file that OBIEE instructed is to look for the E-Business Suite session cookie.
If you have questions, please contact us at info@integrigy.com
-Michael Miller, CISSP-ISSMP
References
- OBIEE Security Examined - Webinar and Presentation: OBIEE Security Examined Webinar
- OBIEE Security Examined - Whitepaper: OBIEE Security Examined