External Table Authentication-obiee11g

7/27/2019 External Table Authentication-obiee11g

1/14

OBIEE 11g6: Authentication first with LDAP then with

External Database Table

Here I am going to demonstrate where on set of users present in the LDAP server as well as

another set of users and passwords present in an External Oracle Database Table (hereSECURITYTABLE) can login into the http://localhost:9704/analytics, the Oracle Analytics.

1. Create the oracle database table for external authentication as shown below:CREATE TABLE SECURITYTABLE

( ID NUMBER,GRP VARCHAR2(20),

PWD VARCHAR2(20),

SALESREP VARCHAR2(20),

USERNAME VARCHAR2(20)) ;Insert into SECURITYTABLE

(ID,GRP,PWD,SALESREP,USERNAME) values (1,SalesAdmin,'az,'ALAN

ZIFF,'AZIFF);Insert into SECURITYTABLE(ID,GRP,PWD,SALESREP,USERNAME) values (2,SalesAdmin,'at,'ANDREW

TAYLOR,'ATAYLOR);

Insert into SECURITYTABLE(ID,GRP,PWD,SALESREP,USERNAME) values (3,SalesRep,'aj,'ANN

JOHNSON,'AJOHNSON);

Insert into SECURITYTABLE(ID,GRP,PWD,SALESREP,USERNAME) values (4,SalesRep,'bj,'ANNEWILLIAMS,'AWILLIAMS);

Insert into SECURITYTABLE

(ID,GRP,PWD,SALESREP,USERNAME) values (5,SalesRep,'bn,'BETTYNEWER,'BNEWER);


(ID,GRP,PWD,SALESREP,USERNAME) values (6,SalesRep,'cd,'CHRISDREW,'CDREW);


(ID,GRP,PWD,SALESREP,USERNAME) values (7,SalesRep,'cm,'CHRIS

MUIR,'CMUIR);Insert into SECURITYTABLE

(ID,GRP,PWD,SALESREP,USERNAME) values (8,SalesRep,'da,'DALE

AREND,'DAREND);

Insert into SECURITYTABLE(ID,GRP,PWD,SALESREP,USERNAME) values (9,SalesRep,'df,'DALE

FAIRWEATHER,'DFAIRWEATHER);



2/14


3/14

9. Enter BISAMPLE in the Confirm Password window and click the OK button.


4/14

10.Right Click the SECURITY connection pool in the Physical layer pane and selectImport Metadata

11.Select the ORCL entry and enter the BISAMPLE for both the User Name: and

Password: fields, then click the Next button.


5/14

12.Click Next button with below checkboxes select as show in screenshot.

13.Select the SECURITYTABLE and click on the single > button to update the

Repository View: as shown below, then click Finish button.


6/14

14.Now you should be able to see SECURITYTABLE in the Physical layer pane asshown below:

15.Right Click on the SECURITYTABLE and select View Data.16.On the Select Connection Pool you want to use for database ORCL window, select

SECURITY then click on Select button.


7/14

17.You should now able to view the data table show below:18.Click on the Close button.

19.On the Administration Tool Menu select Manage -> Variables20.In the Variable Manager window, right click on the right pane and select New

Initialization Block

21.On the Session Variable Initialization Block window click the Edit Data Source

button.

22.In the Session Variable Initialization Block Data Source window select Database forthe Data Source Type: field

23.Select the Default initialization string button and enter the below SQL:SELECT GRP, SALESREP, USERNAME, 2 FROM SECURITYTABLE WHERE USERNAME =

':USER' AND PWD = ':PASSWORD'


8/14

24.Click the Browse button and in the Select Connection Pool window selectSECURITY the click the Select button as show below:

25.Then click OK button to close the Session Variable Initialization Block Data Source

window.

26.In the Variable Target section click on the Edit Data Target27.In the Session Variable Initialization Block Variable Target window click on New

button.

28.In the Session Variable window enter GROUP for Name: field and click on theOK button


9/14

29.Click Yes on the Warning pop-up window.

30.Similarly create all 4 Session Variables: GROUP, DISPLAYNAME, USER and

LOGLEVEL as show below.

31.Click on the OK button to close the window.


10/14

32.Finally on the Session Variable Initialization Block window enter Security for theName: field.

33.Make sure Required for authentication check box is NOT Selected.34.Verify entries as in below screenshot and Click OK button.

35.On the Variable Manager select Action -> Close.36.On the Administration Tool window menu select Save.37.Select Yes to the Do youwish to check global consistency? and make sure no

Warnings or Errors are shown.

38.Now go to the URL: http://locahost:7001/emand login with the admin user weblogic .39.Goto Administration on the top menu and under Security section select Manage

Catalog Groups


11/14

40.Click the + icon with Create a new catalog group tooltip.

41.On the Add Group window enter SalesAdmin for the Catalog Group Name * and

click on the OK button.

42.Create another catalog group with the same procedure above: SalesRep.

43.Now goto the URL: http://localhost:7001/em to deploy the latest SampleAppLite.rpd thatwe modified above.

44.Goto the Farm_bifoundation_domain -> Business Intelligence -> coreapplicationon the left pane.

45.On the right pane select Deployment -> Repository tabs.46.The click on the Lock and Edit Configuration link above the Deployment tab.47.Click the Close button once the pop-up window appears.


12/14

48.Select the Browse button and goto the location of the SampleAppLite.rpd file andclick on Open.

49.Enter the Repository Password and Confirm Password entries as Admin123.50.Then click the Apply button on the top right.51.Then click on the Activate Changes link.52.

Click Close button one Activate Changes Completed Successfully show up.53.Then click on the Restart to apply recent changes link.

54.After the Overview screen show up click on the blue Restart button.55.Click the Yes button when Are you sure you want to restart all BI components?

shows up56.Click on the Close button one the Restarted Successfully shows up. 57.Now we are ready to test the LDAP and External Table authentication.58.Goto the URL:http://localhost:9704/analyticsand login as adminstrator user weblogic59.Select New -> Analysis -> Sample Sales in the Home section.60.Select two columns from the Subject Areas section as show below: i.e Per Name

Year and Revenue columns.

61.Click on the Save Analysis icon and browse to Shared Folders -> 11g Shared (if

not there you can create one

62.Enter Revenue Sales for the Name Field and click the OK button.63.Now goto the Catalog tab and select More -> Permissions for the Revenue Sales

.

64.On the Permission window select the BI Consumer Role and click the X icon todelete that permission.

65.Click on the + icon to add a new permission.66.On the Add Application Roles, Catalog Groups and Users window select Catalog

Groups for the List field and click the Search button.

67.Select the SalesRep on the left side and click the blue > icon to move it to SelectedMembers on the right side as show below:
http://localhost:9704/analyticshttp://localhost:9704/analyticshttp://localhost:9704/analyticshttp://localhost:9704/analytics


13/14

68.Click the OK button.

69.Verify the below entries are as shown below and click OK button on the Permission

window.70.Now Sign Out as the weblogic user and login giving User ID and Password as

AJOHNSON and aj respectively.

71.Click the Catalog tab browse to Shared Folders -> 11g Shared folder.72.On the Right click Open on the Revenue Sales.

73.You able to see this since AJOHNSON user is under the SalesRep Group.74.Now try a user under the SalesAdmin Group and see if you can open the same

Revenue Sales


14/14

75.Now Sign Out as AJOHNSON and login as ATAYLOR and password as at.76.Click the Catalog tab browse to Shared Folders -> 11g Shared folder.77.Here since your not in the BI Administrator Role or SalesRep group, the Revenue

Sales report itself is invisible to you.

Note:In order to override the LDAP authentication and use only External Database Table

authentication, check the below check box in one of the previous steps.

Summary:You would have observed we were able to login with both the administrator user weblogicwhom is a part of the LDAP system and AJOHNSON whom exists in the external

SECURITYTABLE oracle database table.

Playing around with the authentication section on the weblogics console you can configure a

variety of authentication combinations.

Date post:	02-Apr-2018
Category:	Documents
Upload:	naresh-ch
View:	234 times
Download:	0 times

External Table Authentication-obiee11g

Documents