OBIEE 11 g Integration with IBM Web Sphere
OBIEE 11 g Integration with IBM Web Sphere Authentication Mechanisms www. therapidsgroup. com Business Intelligence Premier Global Provider Feb 14 th, 2014
Agenda Current State Authentication – Oracle Business Intelligence 10 g on IBM Web Sphere Possible Authentication Mechanisms – Oracle Business Intelligence 11 g on IBM Web Sphere ü Possible Types – Pros & Cons ü Feasible Options – Web Sphere Specific Environment © Copyright 2013. The Rapids Group Inc. 2
Current Security Model Oracle Business Intelligence 10 g integrated with Web Application portal calls for multi level authentication ü AD Authentication to access Web Application ü REPORTS. JSP Validation prior to OBIEE Access - Generates Session Key per User ID for OBIEE_OTP - Identifies Access Level: Ad-hoc (or) Canned Reporting - Redirect’s to relevant Server using appropriate URL ü Custom Servlet Filter Validation for HTTP (or) SOAP - Reads URL to identify HTTP (or) SOAP request - Additional checks for Session Key if HTTP ü RPD Authentication against Security Table © Copyright 2013. The Rapids Group Inc. 3
Authentication Types – Possible Options for OBIEE 11 g on IBM Web. Sphere ü LDAP Authentication ü Single Sign On (SSO) Authentication ü External Table Authentication ü Enhanced Custom SSO Web Application & OBIEE © Copyright 2013. The Rapids Group Inc. 4
LDAP Authentication LDAP SSO External Table Custom SSO ü User credential's stored in the LDAP Server ü Supports company’s Single Sign On (SSO) strategy Pros: ü Integrates with existing Organizational LDAP server ü Centralized User maintenance across the Organization Cons: ü Requires User and GroupRole maintenance in LDAP server ü No direct navigation from Web Application, user will have to authenticate again at OBIEE level © Copyright 2013. The Rapids Group Inc. 5
Single Sign On (SSO) Authentication LDAP SSO External Table Custom SSO ü Requires third party tools to integrate (IBM HTTP Server 7, Web. Gate 10 g, Oracle Access Manager (OAM), Oracle Internet Directory (OID) 11 g. ) Pros: ü Oracle certified SSO implementation ü One time login across the applications Cons: ü Requires additional toolssoftware to manage the security for SSO ü OID needs to be integrated with AD to populate the users ü Required to integrate Web Application with SSO © Copyright 2013. The Rapids Group Inc. 6
External Table Authentication LDAP External Table SSO Custom SSO ü Leverage user security information stored in a table ü Should LDAP, Database etc. are not options Pros: ü Easy to setup ü No need for any other server for authentication Cons: ü Control access to external table - plan for encryption © Copyright 2013. The Rapids Group Inc. 7
Custom SSO Authentication LDAP External Table SSO Custom SSO ü Enhance custom SSO security with custom servlet filter ü Enhance custom SSO security without custom servlet filter Pros: ü Authentication into OBIEE only allowed from Web Application but not from any other sources (Like URL’s) ü Administration user can only login to OBIEE directly Cons: ü Required few changes to Web Application files ü No direct login into OBIEE even for Developers. © Copyright 2013. The Rapids Group Inc. 8
Estimated Time Frames Each of the identified options can be implemented in below time frames based on some assumptions ü LDAP Authentication – 2 Weeks + Additional Time for Web Application SSO ü Single Sign On (SSO) Authentication – 3 Weeks ü External Table Authentication – 2 to 3 Weeks ü Enhanced Custom SSO Web Application & OBIEE – 2 to 3 Weeks © Copyright 2013. The Rapids Group Inc. 9
Thank you Questions? Ref for Details: http: //docs. oracle. com/cd/E 28280_01/upgrade. 1111/e 17852/manage_was_bi. htm#BGBBIJIE © Copyright 2013. The Rapids Group Inc. 10
- Slides: 10