Tuesday, March 9, 2010

Enable Single Sign on (SSO) for OBIEE Presentation Server (Troubleshooting)

There are whole lot of post out there and also if one follows the document which is very well detailed, things work fine, until .........



1) This command to be run on SSO Server

$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path $ORACLE_HOME \
-site_name bi-dev2.abc.com \
-config_mod_osso TRUE \
-mod_osso_url http://bi-dev2.abc.com \
-update_mode MODIFY \
-remote_midtier \
-config_file $ORACLE_HOME/Apache/Apache/conf/osso/biosso-bi-dev2.conf

2)
RDP (remote desktop login) to bi-dev2

3)
cd c:\product\10.1.3\OracleAS_1\Apache\Apache\conf\osso\

4)
cp biosso-bi-dev2.conf (file from step1 ) to above path (step 3)


5)
cd c:\product\10.1.3\OracleAS_1\Apache\Apache\conf\

6)
make a copy of mod_osso.conf


7)
Modify mod_osso.conf as follows

Add line
OssoConfigFile c:\product\10.1.3\OracleAS_1\Apache\Apache\conf\osso\biosso-bi-dev2.conf


Also add below section under IfModule tag

    Header unset Pragma
    OssoSendCacheHeaders off
    AuthType Basic
    require valid-user


8)

Make a copy of httpd.conf file under c:\product\10.1.3\OracleAS_1\Apache\Apache\conf\

uncomment include “Oracle_HOME/Apache/Apache/conf/mod_osso.conf”


9)
Restart apache server

c:\product\10.1.3\OracleAS_1\opmn/bin/opmnctl restartproc process-type=HTTP_Server


-------All is good till here------------------

10)

Create impersonator user in Administration Utility (password is longliveme)

11) Make a copy of file OracleBIData_HOME\web\config\credentialstore.xml


12) Modify Credentials Store to include new impersonator user
    OracleBIData_HOME\web\config\credentialstore.xml. Run crypto tool to get impersonator user in credential store

cryptotools credstore -add -infile c:\oracleBIdata\web\config\credentialstore.xml

C:\OracleBI\web\bin>cryptotools credstore -add -infile c:\oracleBIdata\web\confi
g\credentialstore.xml
>Credential Alias: impersonation
>Username: Impersonator
>Password: ********* (longliveme)
>Do you want to encrypt the password? y/n (y):
>Passphrase for encryption: ********* (secret)
>Do you want to write the passphrase to the xml? y/n (n): n
>File "c:\oracleBIdata\web\config\credentialstore.xml" exists. Do you want to ov
erwrite it? y/n (y): y





13) Make a copy of file c:\OracleBIData\web\config\instanceconfig.xml ( we will register our user to see the credential store for all SSO user and login as impersonator user)


14) Add following under serverinstance tag

<CredentialStore>
    <CredentialStorage type="file" path="c:\oracleBIdata\web\config\credentialstore.xml" passphrase="secret"/>
</CredentialStore>
   


   

Also in the same file add


<Auth>
    <SSO enabled="true">
        <ParamList>
            <!--IMPERSONATE param is used to get the authenticated user's username and is required -->
            <Param name="IMPERSONATE"
            source="serverVariable"
            nameInSource="REMOTE_USER"/>
        </ParamList>
        <LogoffUrl> https://ssoserver.abc.com:3060/pls/orasso/orasso.wwsso_app_admin.ls_logout?p_done_url=http%3A%2F%2Fbi-dev2.abc.com:80%2Fanalytics%2F</LogoffUrl>
        <LogonUrl> https://ssoserver.abc.com:3060/pls/orasso/orasso.wwsso_app_admin.ls_login</LogonUrl>
    </SSO>
</Auth>
   

When I started doing the above steps and followed the document

I was hitting the following error on start of presentation server

C:\OracleBI\web\bin>sawserver.exe
Type: Information
Severity: 30
Time: Tue Mar 09 11:44:13 2010
File: project/sawserver/sawserver.cpp Line: 386
Properties: ThreadID-1668
Location:
        saw.sawserver
        saw.sawserver.initializesawserver
        saw.sawserver

Oracle BI Presentation Services 10.1.3.4.1 (Build 090414.1900) are starting up.
---------------------------------------
Type: Error
Severity: 20
Time: Tue Mar 09 11:44:13 2010
File: project/sawserver/winmain.cpp Line: 74
Properties: ThreadID-1668
Location:
        saw.sawserver.initializesawserver
        saw.sawserver

Invalid encrypted block.


Here is the solution for this.

In the credentialstore.xml there is already a user like either admin or Scheduleradmin and now we have our user "impersonator"

The passphrase in instanceconfig.xml applies to all the users in credentialstore.

Now if the users that already existed and were encrypted using some other passphrase in the past (default is "password")
then we hit the above error.

Solution is to either change passphrase of your user (impersonator) to "password" while using cryptotools or change all users in there to use your passphrase "secret"

Let me know if you need a demo or example of this or any more clarification , will be glad to help

File Locations above :- instanceconfig.xml and credentialstore.xml both reside in BIDATAHOME/web/config

Thanks
IK
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)

About Me

My photo
Fun and Family loving guy.

Introduction

Hi All,

Welcome to Oracle Enthusiasts Blog. Bit about myself, I am Irfan Khan working in IT since past 15 years always trying something new. Somewhere in my career Oracle Database brushed me in a positive way and I was overwhelmed by the beauty of this product and also the no. of products Oracle Corporation has.

I was indeed a Developer then got opportunity to be a Junior DBA and then career moved to full fledged Senior DBA.

Though I have worked with lots of Oracle Technologies , you will be surprised with the nature of Non-Oracle assignments I have been pulled into.

Followers