Step 4: Configure Directory Services and Web Infrastructure

1. Update Oracle Internet Directory (OID)

To enable Single Sign-On (SSO) authentication, configure Oracle Internet Directory (OID) by importing users and groups.

1.1 Connect to Oracle Directory Services Manager (ODSM)

  • Open the ODSM console: http://test.public.myvcn.oraclevcn.com:7011/odsm

  • Log in with the Oracle Directory Administrator credentials: Username: cn=orcladmin

1.2 Import a Test User

  • Create a user using the following user.ldif data:

    dn: cn=User01,cn=Users,dc=us,dc=oracle,dc=com
    givenname: User01
    sn: User01
    mail: [email protected]
    uid: User01
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    objectclass: orclUser
    objectclass: orclUserV2
    cn: User01
    orclisenabled: enabled

1.3 Import Test Groups

  • Import groups using the following groups.ldif data:

    dn: cn=OIDBIConsumers,cn=Groups,dc=us,dc=oracle,dc=com
    objectclass: groupOfUniqueNames
    uniquemember: cn=orcladmin
    
    dn: cn=OIDBIContentAuthors,cn=Groups,dc=us,dc=oracle,dc=com
    objectclass: groupOfUniqueNames
    uniquemember: cn=orcladmin
    
    dn: cn=OIDBIServiceAdministrator,cn=Groups,dc=us,dc=oracle,dc=com
    objectclass: groupOfUniqueNames
    uniquemember: cn=orcladmin
    uniquemember: cn=User01

Verify that the imported users and groups are correctly visible in OID.

2. Configure Oracle HTTP Server (OHS) with WebGate

Prepare WebGate to protect OBIEE resources and redirect authentication requests.

2.1 Update the mod_wl_ohs.conf File

  • Access the OHS server and go to: $OHS_HOME/user_projects/domains/ohs/config/fmwconfig/components/OHS/instances/ohs1

  • Open mod_wl_ohs.conf and replace its contents with the following:

    LoadModule weblogic_module "${PRODUCT_HOME}/modules/mod_wl_ohs.so"
    
    <IfModule weblogic_module>
      WLTempDir /tmp
    
      <Location /analytics>
        SetHandler weblogic-handler
        WebLogicCluster test:9502
      </Location>
    
      <Location /va>
        SetHandler weblogic-handler
        WebLogicCluster test:9502
      </Location>
    
      <Location /xmlpserver>
        SetHandler weblogic-handler
        WebLogicCluster test:9502
      </Location>
    
      WebLogicHost test
      WebLogicPort 9502
      DynamicServerList On
    </IfModule>
    

2.2 Verify Resource Paths

  • Ensure that additional OBIEE paths (/analytics, /va, /xmlpserver) are properly defined.

3. Deploy WebGate Configuration Files

Install the WebGate configuration generated during OAM agent registration.

3.1 Copy Configuration Files

  • ObAccessClient.xml From: $OAM_HOME/idm/oam/server/rreg/output/TEST_BI_OAM/ObAccessClient.xml To: webgate/config/ObAccessClient.xml

  • cwallet.sso From: $OAM_HOME/idm/oam/server/rreg/output/TEST_BI_OAM/wallet/cwallet.sso To: webgate/config/wallet/cwallet.sso

3.2 Verify Permissions

  • Ensure that the OHS server process has read access to both files.

4. Restart the Oracle HTTP Server (OHS)

Apply the changes by restarting the OHS server.

4.1 Restart the Service

  • Run the following command:

    $OHS_HOME/bin/opmnctl restartproc ias-component=ohs1

4.2 Verify WebGate Activation

  • After restart, accessing any protected OBIEE URL (e.g., /analytics) should redirect users to Oracle Access Manager (OAM) for authentication.

Notes:

  • In this guide, we are using the example address http://test.public.myvcn.oraclevcn.com. Replace it with your actual environment URL if different.

  • Backup the original mod_wl_ohs.conf before making changes.

  • Verify that server ports (e.g., 9502) correspond to your environment settings.

Last updated

Was this helpful?