Step 2: Configure the Service Provider — Oracle Access Manager (OAM)

Configure the Service Provider — Oracle Access Manager (OAM)

Oracle Access Manager (OAM) will be configured through its web-based management console, referred to as the OAM Console. You can access it via the following URL (example): http://test.public.myvcn.oraclevcn.com:7001/oamconsole

Note: This URL is provided as an example. Use the actual address of your OAM Console depending on your environment.

To log in, use the WebLogic administrator account (default username: weblogic) and the password provided during installation.


1. Enable Federation Services

  • In the OAM Console, go to Configuration > Available Services

  • Click the "Enable Service" button next to Identity Federation

  • Make sure the service status changes to "Enabled"



2. Configure HTTPS settings

  • Navigate to Configuration > Settings > Access Manager

  • Update the required HTTPS parameters according to your environment (refer to the relevant configuration screenshot, if available)


3. Configure Federation Settings and Export Metadata

  • Go to Configuration > Settings > Federation

  • Update the federation parameters as shown in the screenshot

  • Click "Export SAML 2.0 Metadata…" and save the file

This metadata will be imported into Hideez Enterprise Server (HES) during Identity Provider (IdP) configuration.


4. Create Oracle Internet Directory (OID) Identity Store

  • Navigate to Configuration > User Identity Stores

This store will be used to authenticate and authorize users in Oracle Business Intelligence Enterprise Edition (OBIEE).

  • Click "Create" and provide the necessary connection details for Oracle Internet Directory (OID)


5. Create SAML 2.0 Service Provider

  • Go to Federation > Service Provider Management

  • Click "Create" and fill in the required fields

  • Click "Browse" and select the IdP metadata file downloaded from HES

  • Click "Authentication Scheme and Module" to finalize the configuration


6. Create OAM Agent and Application Domain for OBIEE

  • Open an SSH session to the OAM host

  • Navigate to the following directory: $OAM_HOME/idm/oam/server/rreg/input

  • Create a file named bi_sso.xml with the required configuration (provided in the next section)

<OAM11GRegRequest>
    <serverAddress>http://test.public.myvcn.oraclevcn.com:7001</serverAddress>
    <hostIdentifier>TEST_BI_HostId</hostIdentifier>
    <agentName>TEST_BI_OAM</agentName>
    <agentBaseUrl>http://test.public.myvcn.oraclevcn.com:7777</agentBaseUrl>
    <applicationDomain>TEST_BI_OAM</applicationDomain>
	<security>open</security>
	<logOutUrls>
    		<url>/analytics/saw.dll?Logoff</url>
	</logOutUrls>
    <protectedResourcesList>
        		<resource>/aps/SmartView/**</resource>
		<resource>/aps/SmartView/*</resource>
		<resource>/cds/**</resource>
		<resource>/cds/*</resource>
		<resource>/va/**</resource>
		<resource>/va*</resource>
		<resource>/dv/**</resource>
		<resource>/dv*</resource>
		<resource>/mobile/.../*</resource>
		<resource>/mobile/**</resource>
		<resource>/mobile*</resource>
		<resource>/bisearch/**</resource>
		<resource>/bisearch*</resource>
		<resource>/bicomposer/**</resource>
		<resource>/bicomposer*</resource>
		<resource>/mapviewer/mcsadmin/**</resource>
		<resource>/mapviewer/mcsadmin*</resource>
		<resource>/mapviewer/mapadmin/**</resource>
		<resource>/mapviewer/mapadmin*</resource>
		<resource>/mapviewer/console/**</resource>
		<resource>/mapviewer/console*</resource>
		<resource>/mapviewer/**</resource>
		<resource>/mapviewer*</resource>
		<resource>/xmlpserver/**</resource>
		<resource>/xmlpserver*</resource>
		<resource>/bicontent/**</resource>
		<resource>/bicontent*</resource>
		<resource>/analytics/jbips/**</resource>
		<resource>/analytics/jbips*</resource>
		<resource>/analytics/saw.dll/**</resource>
		<resource>/analytics/saw.dll*</resource>
    </protectedResourcesList>
    <publicResourcesList>
        		<resource>/essbase-webservices/**</resource>
		<resource>/essbase-webservices/*</resource>
		<resource>/essbase/agent/**</resource>
		<resource>/essbase/agent/*</resource>
		<resource>/aps/Essbase/**</resource>
		<resource>/aps/Essbase/*</resource>
		<resource>/mapviewer/wmts/**</resource>
		<resource>/mapviewer/wmts/*</resource>
		<resource>/mapviewer/wms/**</resource>
		<resource>/mapviewer/wms/*</resource>
		<resource>/mapviewer/mcserver/**</resource>
		<resource>/mapviewer/mcserver/*</resource>
		<resource>/mapviewer/foi/**</resource>
		<resource>/mapviewer/foi/*</resource>
		<resource>/mapviewer/dataserver/**</resource>
		<resource>/mapviewer/dataserver/*</resource>
		<resource>/aps/JAPI/**</resource>
		<resource>/aps/JAPI/*</resource>
		<resource>/aps/**</resource>
		<resource>/aps/*</resource>
		<resource>/analytics-ws/saw.dll/**</resource>
		<resource>/analytics-ws/saw.dll/*</resource>
		<resource>/analytics/**</resource>
		<resource>/analytics/*</resource>
    </publicResourcesList>
	<excludedResourcesList>
        		<resource>/biservices</resource>
		<resource>/analytics-bi-adf</resource>
		<resource>/xmlpserver/Guest</resource>
		<resource>/xmlpserver/ReportTemplateService.xls</resource>
		<resource>/xmlpserver/report_service</resource>
		<resource>/xmlpserver/services</resource>
		<resource>/analytics/saw.dll/wsdl</resource>
		<resource>/analytics-ws</resource>
		<resource>/ws/.../*</resource>
		<resource>/wsm-pm</resource>
		<resource>/wsm-pm/.../*</resource>
    </excludedResourcesList>
	<protectedAuthnScheme>HidFederationScheme</protectedAuthnScheme>
	<userDefinedParameters>
		<userDefinedParam>
            <name>SSLVerfifyHostname</name>
            <value>false</value>
        </userDefinedParam>
		<userDefinedParam>
            <name>SSLVerifyPeerCert</name>
            <value>false</value>
        </userDefinedParam>
	</userDefinedParameters>
</OAM11GRegRequest>

7. Register Oracle Access Manager (OAM) in Hideez Enterprise Server (HES)

After you export the SAML 2.0 metadata from Oracle Access Manager (OAM), you need to create a corresponding Service Provider (SP) entry in the Hideez Enterprise Server (HES) to establish a trust relationship.

Follow these steps:

  1. Log in to the Hideez Enterprise Server (HES) as an administrator.

  2. Navigate to Settings > Parameters in the left panel.

  3. Click on the SAML widget in the right panel.

  4. Click the "Add Service Provider" button.

  5. Upload the SAML 2.0 metadata file that was previously exported from OAM.

  6. Provide any additional required configuration details if prompted.

  7. Save the new Service Provider configuration.

Last updated

Was this helpful?