Download - External Table Authentication-obiee11g
-
7/27/2019 External Table Authentication-obiee11g
1/14
OBIEE 11g6: Authentication first with LDAP then with
External Database Table
Here I am going to demonstrate where on set of users present in the LDAP server as well as
another set of users and passwords present in an External Oracle Database Table (hereSECURITYTABLE) can login into the http://localhost:9704/analytics, the Oracle Analytics.
1. Create the oracle database table for external authentication as shown below:CREATE TABLE SECURITYTABLE
( ID NUMBER,GRP VARCHAR2(20),
PWD VARCHAR2(20),
SALESREP VARCHAR2(20),
USERNAME VARCHAR2(20)) ;Insert into SECURITYTABLE
(ID,GRP,PWD,SALESREP,USERNAME) values (1,SalesAdmin,'az,'ALAN
ZIFF,'AZIFF);Insert into SECURITYTABLE(ID,GRP,PWD,SALESREP,USERNAME) values (2,SalesAdmin,'at,'ANDREW
TAYLOR,'ATAYLOR);
Insert into SECURITYTABLE(ID,GRP,PWD,SALESREP,USERNAME) values (3,SalesRep,'aj,'ANN
JOHNSON,'AJOHNSON);
Insert into SECURITYTABLE(ID,GRP,PWD,SALESREP,USERNAME) values (4,SalesRep,'bj,'ANNEWILLIAMS,'AWILLIAMS);
Insert into SECURITYTABLE
(ID,GRP,PWD,SALESREP,USERNAME) values (5,SalesRep,'bn,'BETTYNEWER,'BNEWER);
Insert into SECURITYTABLE
(ID,GRP,PWD,SALESREP,USERNAME) values (6,SalesRep,'cd,'CHRISDREW,'CDREW);
Insert into SECURITYTABLE
(ID,GRP,PWD,SALESREP,USERNAME) values (7,SalesRep,'cm,'CHRIS
MUIR,'CMUIR);Insert into SECURITYTABLE
(ID,GRP,PWD,SALESREP,USERNAME) values (8,SalesRep,'da,'DALE
AREND,'DAREND);
Insert into SECURITYTABLE(ID,GRP,PWD,SALESREP,USERNAME) values (9,SalesRep,'df,'DALE
FAIRWEATHER,'DFAIRWEATHER);
Insert into SECURITYTABLE
-
7/27/2019 External Table Authentication-obiee11g
2/14
-
7/27/2019 External Table Authentication-obiee11g
3/14
9. Enter BISAMPLE in the Confirm Password window and click the OK button.
-
7/27/2019 External Table Authentication-obiee11g
4/14
10.Right Click the SECURITY connection pool in the Physical layer pane and selectImport Metadata
11.Select the ORCL entry and enter the BISAMPLE for both the User Name: and
Password: fields, then click the Next button.
-
7/27/2019 External Table Authentication-obiee11g
5/14
12.Click Next button with below checkboxes select as show in screenshot.
13.Select the SECURITYTABLE and click on the single > button to update the
Repository View: as shown below, then click Finish button.
-
7/27/2019 External Table Authentication-obiee11g
6/14
14.Now you should be able to see SECURITYTABLE in the Physical layer pane asshown below:
15.Right Click on the SECURITYTABLE and select View Data.16.On the Select Connection Pool you want to use for database ORCL window, select
SECURITY then click on Select button.
-
7/27/2019 External Table Authentication-obiee11g
7/14
17.You should now able to view the data table show below:18.Click on the Close button.
19.On the Administration Tool Menu select Manage -> Variables20.In the Variable Manager window, right click on the right pane and select New
Initialization Block
21.On the Session Variable Initialization Block window click the Edit Data Source
button.
22.In the Session Variable Initialization Block Data Source window select Database forthe Data Source Type: field
23.Select the Default initialization string button and enter the below SQL:SELECT GRP, SALESREP, USERNAME, 2 FROM SECURITYTABLE WHERE USERNAME =
':USER' AND PWD = ':PASSWORD'
-
7/27/2019 External Table Authentication-obiee11g
8/14
24.Click the Browse button and in the Select Connection Pool window selectSECURITY the click the Select button as show below:
25.Then click OK button to close the Session Variable Initialization Block Data Source
window.
26.In the Variable Target section click on the Edit Data Target27.In the Session Variable Initialization Block Variable Target window click on New
button.
28.In the Session Variable window enter GROUP for Name: field and click on theOK button
-
7/27/2019 External Table Authentication-obiee11g
9/14
29.Click Yes on the Warning pop-up window.
30.Similarly create all 4 Session Variables: GROUP, DISPLAYNAME, USER and
LOGLEVEL as show below.
31.Click on the OK button to close the window.
-
7/27/2019 External Table Authentication-obiee11g
10/14
32.Finally on the Session Variable Initialization Block window enter Security for theName: field.
33.Make sure Required for authentication check box is NOT Selected.34.Verify entries as in below screenshot and Click OK button.
35.On the Variable Manager select Action -> Close.36.On the Administration Tool window menu select Save.37.Select Yes to the Do youwish to check global consistency? and make sure no
Warnings or Errors are shown.
38.Now go to the URL: http://locahost:7001/emand login with the admin user weblogic .39.Goto Administration on the top menu and under Security section select Manage
Catalog Groups
-
7/27/2019 External Table Authentication-obiee11g
11/14
40.Click the + icon with Create a new catalog group tooltip.
41.On the Add Group window enter SalesAdmin for the Catalog Group Name * and
click on the OK button.
42.Create another catalog group with the same procedure above: SalesRep.
43.Now goto the URL: http://localhost:7001/em to deploy the latest SampleAppLite.rpd thatwe modified above.
44.Goto the Farm_bifoundation_domain -> Business Intelligence -> coreapplicationon the left pane.
45.On the right pane select Deployment -> Repository tabs.46.The click on the Lock and Edit Configuration link above the Deployment tab.47.Click the Close button once the pop-up window appears.
-
7/27/2019 External Table Authentication-obiee11g
12/14
48.Select the Browse button and goto the location of the SampleAppLite.rpd file andclick on Open.
49.Enter the Repository Password and Confirm Password entries as Admin123.50.Then click the Apply button on the top right.51.Then click on the Activate Changes link.52.
Click Close button one Activate Changes Completed Successfully show up.53.Then click on the Restart to apply recent changes link.
54.After the Overview screen show up click on the blue Restart button.55.Click the Yes button when Are you sure you want to restart all BI components?
shows up56.Click on the Close button one the Restarted Successfully shows up. 57.Now we are ready to test the LDAP and External Table authentication.58.Goto the URL:http://localhost:9704/analyticsand login as adminstrator user weblogic59.Select New -> Analysis -> Sample Sales in the Home section.60.Select two columns from the Subject Areas section as show below: i.e Per Name
Year and Revenue columns.
61.Click on the Save Analysis icon and browse to Shared Folders -> 11g Shared (if
not there you can create one
62.Enter Revenue Sales for the Name Field and click the OK button.63.Now goto the Catalog tab and select More -> Permissions for the Revenue Sales
.
64.On the Permission window select the BI Consumer Role and click the X icon todelete that permission.
65.Click on the + icon to add a new permission.66.On the Add Application Roles, Catalog Groups and Users window select Catalog
Groups for the List field and click the Search button.
67.Select the SalesRep on the left side and click the blue > icon to move it to SelectedMembers on the right side as show below:
http://localhost:9704/analyticshttp://localhost:9704/analyticshttp://localhost:9704/analyticshttp://localhost:9704/analytics -
7/27/2019 External Table Authentication-obiee11g
13/14
68.Click the OK button.
69.Verify the below entries are as shown below and click OK button on the Permission
window.70.Now Sign Out as the weblogic user and login giving User ID and Password as
AJOHNSON and aj respectively.
71.Click the Catalog tab browse to Shared Folders -> 11g Shared folder.72.On the Right click Open on the Revenue Sales.
73.You able to see this since AJOHNSON user is under the SalesRep Group.74.Now try a user under the SalesAdmin Group and see if you can open the same
Revenue Sales
-
7/27/2019 External Table Authentication-obiee11g
14/14
75.Now Sign Out as AJOHNSON and login as ATAYLOR and password as at.76.Click the Catalog tab browse to Shared Folders -> 11g Shared folder.77.Here since your not in the BI Administrator Role or SalesRep group, the Revenue
Sales report itself is invisible to you.
Note:In order to override the LDAP authentication and use only External Database Table
authentication, check the below check box in one of the previous steps.
Summary:You would have observed we were able to login with both the administrator user weblogicwhom is a part of the LDAP system and AJOHNSON whom exists in the external
SECURITYTABLE oracle database table.
Playing around with the authentication section on the weblogics console you can configure a
variety of authentication combinations.