This post lists steps to integrate Active Directory with OBIEE 12c installation so authentication in to OBIEE Analytics is taken care by AD.
1) Open Weblogic Console http://<server>:9500/console and use Weblogic credentials to sign in
2) Click on Lock & Edit in Change Center on top left
3) Click on Security Realms on left hand side and select myrealm (or the custom realm created) in next screen
4) Click on Providers tab and then stay in Authentication tab
5) Click on New button and in the next page give this new authentication name eg. ADAuthenticator and select type as ActiveDirectoryAuthenticator and click Ok
6) Click then on new authenticator created (ADAuthenticator) and change the Control Flag as SUFFICIENT under Configuration>Common tab and Save
7) Click then on Provider specific and fill in LDAP details which need to be obtained from LDAP admin
8) Then click on Performance tab and update the following properties.
Max Group Hierarchies In Cache: 1000
Group Hierarchy Cache TTL: 600
Max SID To Group Lookups In Cache: 5000
9) Click Save and go back to Providers list and select DefaultAuthenticator and then change the Control Flag to Sufficient similar to step 6
10) Then click on Reorder button in Providers page and then make sure new ADAuthenticator is top in the list followed by DefaultAuthenticator
11) Click on Activate Changes in Change Center in top left and restart all services (Environment > Servers>Control>Force Shutdown and then restart)
12) This is an extra step for OBIEE 12c per the documentation.
Copy bi-sql-group-provider.jar file from DOMAIN_HOME/plugins/security to Oracle_Home/wlserver/server/lib/mbeantypes
After restart login using AD credentials should be successful. Next step is to setup a database table that will hold user/group association to have object/data level security but that is for another day please let me know in comments.
Cheers!
1) Open Weblogic Console http://<server>:9500/console and use Weblogic credentials to sign in
2) Click on Lock & Edit in Change Center on top left
3) Click on Security Realms on left hand side and select myrealm (or the custom realm created) in next screen
4) Click on Providers tab and then stay in Authentication tab
5) Click on New button and in the next page give this new authentication name eg. ADAuthenticator and select type as ActiveDirectoryAuthenticator and click Ok
6) Click then on new authenticator created (ADAuthenticator) and change the Control Flag as SUFFICIENT under Configuration>Common tab and Save
7) Click then on Provider specific and fill in LDAP details which need to be obtained from LDAP admin
8) Then click on Performance tab and update the following properties.
Max Group Hierarchies In Cache: 1000
Group Hierarchy Cache TTL: 600
Max SID To Group Lookups In Cache: 5000
9) Click Save and go back to Providers list and select DefaultAuthenticator and then change the Control Flag to Sufficient similar to step 6
10) Then click on Reorder button in Providers page and then make sure new ADAuthenticator is top in the list followed by DefaultAuthenticator
11) Click on Activate Changes in Change Center in top left and restart all services (Environment > Servers>Control>Force Shutdown and then restart)
12) This is an extra step for OBIEE 12c per the documentation.
Copy bi-sql-group-provider.jar file from DOMAIN_HOME/plugins/security to Oracle_Home/wlserver/server/lib/mbeantypes
After restart login using AD credentials should be successful. Next step is to setup a database table that will hold user/group association to have object/data level security but that is for another day please let me know in comments.
Cheers!
No comments:
Post a Comment