• Home
• About
• Clients
• Consulting
• Training
• Support
• Articles
• Events
• Blog

Comments

1. Raymond Says:
   

   January 14th, 2008 at 12:48 pm

   Hi Mark,

   I read this article last week and was at first excited when I read the title but was once again disappointed when your documentation ended at the same point that all the Oracle documentation ends.

   I need to get SSO working at a client and I understand that the OBI Presentation Service uses the Impersonator user to log-in to the OBI Server. This is where all documentation ends. I would like to know how the OBI Server knows who the logged-in user is, this would be handy to be able to assign Groups to the user. I assume the user name is passed in a parameter and is extracted and placed in some variable in the OBIEE Server.
   I am also interested to know how the Presentation Services will know who the logged-in user is, as the Presentation Service uses the OBIEE Server user management structure to identify users. Would it be possible that you explain how it all works once the user logs into a SSO OBIEE, what the OBIEE Server and Presentation Service all do/recognize as far as user names are concerned.

   I also find it difficult to understand that to be able to assign a Presentation Service Group to a user, the user must first have logged-in once so that the user becomes visible in the Presentation Service layer. Do you know if user management in the Presentation Service can be managed in a different manner?

   Regards
   Raymond

2. Bastiaan Vellinger Says:
   

   January 22nd, 2008 at 12:19 pm

   Hi Mark,

   I read your article and have just one question. Did you try to make a connection to an Windows AD?

   When I am using authentication against Windows AD only one assigned group is working for the user. The groups are entered into the tag ‘departmentnumber’ and sepparted by a semicolumn (;), just as in OID.

   Do you have any suggestions for me?

   Regards
   Bastiaan

3. Mark Rittman Says:
   

   January 29th, 2008 at 3:06 pm

   @Raymond – good question(s) – one to tackle at a later date I’m afraid but something as you say that’s an interesting (and important) area. I’ll make a note of it and try and tackle at a later date. You might also want to contact Joel Crisp (joel.crisp@oracle.com) who’s responsible for this (IdM and OBIEE) within the product team, he co-wrote the article with me.

   @Bastiaan – again, good question. Unfortunately I don’t have access to AD so can’t really test here, but again a good blog post for the future.

4. Pete Scott Says:
   

   January 29th, 2008 at 5:46 pm

   @Bastiaan I have not managed to get more than the user from AD – in the pas I have grabbed the user name from the active directory server and then a database look-up to the get the group memberships – a lot of the AD admins I have seem hostile to storing application specific detail in their AD.

   There is a nice write up from my colleague Borkur on AD
   http://www.be-ice.eu/2007/05/21/

5. Vinod Says:
   

   February 6th, 2008 at 11:28 pm

   Hi Raymond
   the OBIEE is server uses the :USER variable to store the login id of the user logged in.
   Hope this helps.

   Vinod

6. Raymond de Vries Says:
   

   February 8th, 2008 at 12:22 pm

   Thanks Vinod,

   I eventually got the answers from an Oracle Engineer (Joel Crisp). As you stated correctly, the OBIEE analytic server recognises the IMPERSONATE parameter and then automatically sets the USER variable with the logging in users name that is found as value in the IMPERSONATE parameter. I was also able to find out that to set any variable in the OBIEE analytic server e.g. GROUP variable, all you need to do is create a parameter in the instanceconfig.xml file (on the presentation server) that has the same name as the variable you want to fill in the OBIEE analytic server e.g.

   It’s all so logical but when you first need to use this functionality and its not documented any ware, it then doesn’t seam so logical. Hopefully this will help others.

   Raymond