วันเสาร์ที่ 3 ตุลาคม พ.ศ. 2552

How To Enable Single Sign On (SSO) For Discoverer 10g (10.1.2.x)

 
  Doc ID: 300229.1 Type: HOWTO
  Modified Date : 08-APR-2009 Status: PUBLISHED

In this Document
  Goal
  Solution
  References

Applies to:

Oracle Discoverer - Version: 10.1.2.1 to 10.1.2.3
Information in this document applies to any platform.

Goal

"Checked for relevance on "01-Oct-2007"

This document describes how To Enable Single Sign On (SSO) For Discoverer 10.1.2 due to a documentation bug in the Discoverer Configuration Guide.

Oracle® Business Intelligence Discoverer Configuration Guide 10g Release 2 (10.1.2.1) B13918-03
14.7.2.2 How to enable and disable Single Sign-On for Discoverer

Solution

  1. Back up the file <ORACLE_BI_HOME>/Apache/Apache/conf/mod_osso.conf

  2. Edit the file <ORACLE_BI_HOME>/Apache/Apache/conf/mod_osso.conf (preferably via Application Server Control)

  3. Look for the following line:


    # # Insert Protected Resources: .................


    Add the following after this line:

    <Location /discoverer/plus*>
    require valid-user
    AuthType Basic
    Header unset Pragma {optional}
    OssoSendCacheHeaders off {optional}
    </Location>

    <Location /discoverer/viewer>
    require valid-user
    AuthType Basic
    Header unset Pragma {optional}
    OssoSendCacheHeaders off {optional}
    </Location>


    <Location /discoverer/app>
    require valid-user
    AuthType Basic
    Header unset Pragma {optional}
    OssoSendCacheHeaders off {optional}
    </Location>
    Note: Ensure that there is an asterisk ( * ) after the /discoverer/plus URL (this is for Discoverer Plus ONLY). The (*) character is omitted in the documentation. The omission of the asterisk ( * ) for Discoerer Plus can lead to the following error when the Discoverer Plus link is invoked:

    Oracle SSO Failure - Unable to process request
    Either the requested URL was not specified in terms of a fully-qualified host name or OHS single sign-on is incorrectly configured.
    Please notify your administrator.

    Do not add the asterisk (*) for the /discoverer/viewer or /discoverer/app URL's.

    Optional parameters, such as 'Header unset Pragma' and 'OssoSendCacheHeaders off' may need to be included for certain situations such as when using a Reverse Proxy and exporting via Microsoft Internet Explorer (MS IE) 6.0. Please see the Discoverer Configuration Guide Troubleshooting Section D.1.1



  4. Additionally, verify or set the parameter: OssoIPCheck (in mod_ossof.conf) to 'off'' to avoid 'HTTP Error 403 - Forbidden' errors and 'Page Not Found' errors when navigating away from Portal (i.e.- Discoverer portlet 'analyze' link) and back.

    For example: OssoIPCheck off


  5. Restart OPMN either via Application Server Control or command line (opmnctl stopall, opmnctl startall)




 


Note: This documentation error has been logged as an internal Bug 3051635 - CHANGE REQUIRED INSIDE DOC FOR NEW MOD_OSSO.CONF ENTRY TO ENABLE PLUS WITH SSO. It will be corrected in the next documentation release.

References

Note 429156.1 - Can Customers Use 11i + Discoverer + SSO + Windows Native Authentication (WNA) ?
เขียนโดย ที่
ป้ายกำกับ: , ,

0 ความคิดเห็น:

แสดงความคิดเห็น

สมัครสมาชิก: ส่งความคิดเห็น (Atom)