Integrate BI Publisher with Single Sign-On

Architecture:

It’s the same way to do. Read this article for details

http://vtgdb.blogspot.com/2015/09/integrate-content-repository-wccc-with.html

Here, I determine the difference between them.

Configure OHS

[obiee@ptudvtg142 ohs1]$ pwd /home/obiee/middleware/Oracle_WT1/instances/instance1/config/OHS/ohs1 [obiee@ptudvtg142 ohs1]$ more mod_wl_ohs.conf # NOTE : This is a template to configure mod_weblogic. LoadModule weblogic_module   "${ORACLE_HOME}/ohs/modules/mod_wl_ohs.so" # This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level <fModule weblogic_module> #      WebLogicHost #      WebLogicPort #      Debug ON #      WLLogFile /tmp/weblogic.log #      MatchExpression *.jsp </IfModule> # <Location /weblogic> #      SetHandler weblogic-handler #      PathTrim /weblogic #      ErrorPage  http:/WEBLOGIC_HOME:WEBLOGIC_PORT/ #  </Location> <Location /xmlpserver>       SetHandler weblogic-handler       WebLogicHost 192.168.2.142       WebLogicPort 9704 </Location> <Location /analytics>       SetHandler weblogic-handler       WebLogicHost 192.168.2.142       WebLogicPort 9704 </Location> [obiee@ptudvtg142 ohs1]$

Configure BI Publisher for SSO

Step 1: Login BI Publisher as administrator

Choose Administration à Security Center à Security Configuration 

Step 2: On Authentication area, Tick Use Single Sign-On

Single Sign-on Type: Oracle Access Manager

Single Sign-Off URL: http://192.168.2.149:14102/oam/server/logout

How to get username: HTTP Header

User Name Parameter: OAM_REMOTE_USER

How to get user locale: HTTP Parameter

User Locale Parameter LOCALE_LANGUAGE

Click Apply.

Step 3: Reboot Weblogic Server (AdminServer) and Managed Server (bi_server1)

Test Single Sign-On:

Step 1: Login to BI Publisher via OHS

Step 2: Redirect to OAM login Form

Step 3: Enter username and password and click Login

Step 4: Login Successful

Integrate Content Repository (WCCC) with Single Sign-On

Architecture:

Roadmap to Configuring OAM

Step by Step:

1: Install and configure OAM and OUD.

a. Install and Configure OAM
b. Install and Configure OUD

Detail read it:

http://vtgdb.blogspot.com/2015/08/oracle-unified-directory-11g-r2.html

c. Integrate OAM with OUD:

Read it:

http://www.oracle.com/webfolder/technetwork/tutorials/obe/
fmw/identity_management/mobile_security/omss_oud
/OMSS_Inte_OAM_OUD.html#section3

2: Configure the WebLogic domain for OAM

2a: Configure the OUD authenticator

Step 1: Login to Weblogic Server Console.

Step 2:Click Security Realms

Step 3:Click myrealm

Step 4: On Providers tab, Click New

Step 5: enter value for fields following:

Name: OUD Authenticator

Type: IPlanetAuthenticator

Then Click OK. 

Step 6:Click OUD Authenticator

Step 7: enter value for fields following:

Host: 192.168.2.156

Port: 1389 is default

Principal: Default: cn= Directory Manager

Credential: < Password Root user DN>

Confirm Credential:

User Base DN:< user of Directory Base DN> On my office, ou=people,dc=ptud,dc=com

Group Base DN: On my my office, ou=groups,dc=ptud,dc=com

Tick Use Retrieved User Name as Principal as selected.

Click Save.

You also check on OUD server.

2b: Configure the OAM Identity Asserter

Step 1: Login Weblogic Console on server 192.168.2.156

Step 2: Security Realms à myrealm à Providers. Click New.

Step 3: enter value for fields following:

Name: OAM ID Asserter

Type: OAMIdentityAsserter

Click OK.

Step 4: click OAM ID Asserter

Control Flag: Required

Active Type: Chosen( OAM_REMOTE_USER,OAM_IDENTITY ASSERTER, ObSSOCookie )

Click OK.

2c: Configure the default authenticator and provider order

Step 1: Homeà Security Realms à myrealmàProviders. Click Reorder

Step 2: Order Authentication Providers following:

1.      OAM ID Asserter

2.      OUD Authenticator

3.      Others

Click OK

2d:Add an OAM SSO provider

3: Install and configure OHS

Install and configure OHS on server 192.168.2.156

[wccc@ptud ohs1]$ pwd
/home/wccc/fmw/Oracle_WT1/instances/instance1/config/OHS/ohs1
[wccc@ptud ohs1]$ ls
admin-bin   auditconfig.xml  cgi-bin               component-logs.xml  error    fcgi-bin  httpd.conf       icons      magic  manual      mod_plsql   mod_wl_ohs.conf      proxy-wallet  webgate
admin.conf  backup           component_events.xml  disabled            fastcgi  htdocs    httpd.conf.ORIG  keystores  man    mime.types  moduleconf  mod_wl_ohs.conf.bak  ssl.conf      webgate.conf
[wccc@ptud ohs1]$ vi mod_wl_ohs.conf
# NOTE : This is a template to configure mod_weblogic.

LoadModule weblogic_module   "${ORACLE_HOME}/ohs/modules/mod_wl_ohs.so"

# This empty block is needed to save mod_wl related configuration from EM to this file when changes are made at the Base Virtual Host Level
<IfModule weblogic_module>
#      WebLogicHost < WEBLOGIC_HOST>
#      WebLogicPort < WEBLOGIC_PORT>
#      Debug ON
#      WLLogFile /tmp/weblogic.log
#      MatchExpression *.jsp
</IfModule>

# < Location /weblogic>
#      SetHandler weblogic-handler
#      PathTrim /weblogic
#      ErrorPage  http:/WEBLOGIC_HOME:WEBLOGIC_PORT/
#  < /Location>

<Location /cs>

      SetHandler weblogic-handler

      WebLogicHost 192.168.2.142

      WebLogicPort 16200

</Location>

[wccc@ptud ohs1]$

4: Additional Configurations

5: Install and configure WebGate:

Deploying WebGate to OHS see more

http://vtgdb.blogspot.com/2015/09/deploying-oracle-http-server-webgate.html

Registering WebGate to OAM see more

http://vtgdb.blogspot.com/2015/09/registering-oracle-http-server-webgate.html

6: Testing SSO

Step 1: Access http://192.168.2.142:7777/cs via web browser

Step 2: Redirect OAM login

Step 3: enter username and password and click login.

Step 4: Login successful.

Registering Oracle HTTP Server WebGate with Oracle Access manager

Step 1: Setup the RREG utility 

[omss@ptudvtg149 ~]$ cd fmw/ [omss@ptudvtg149 fmw]$ ls coherence_3.7  domain-registry.xml  logs  modules  ocm.rsp  oracle_bip  oracle_common  Oracle_IDM1  registry.dat  registry.xml  user_projects  utils  wlserver_10.3 [omss@ptudvtg149 fmw]$ mkdir oam-rreg [omss@ptudvtg149 fmw]$ cd oam-rreg/ [omss@ptudvtg149 oam-rreg]$ cp /home/omss/fmw/Oracle_IDM1/oam/server/rreg/client/RREG.tar . [omss@ptudvtg149 oam-rreg]$ ls RREG.tar [omss@ptudvtg149 oam-rreg]$ tar -xvf RREG.tar rreg/ rreg/logs/ rreg/bin/ rreg/bin/oamreg.bat rreg/bin/oamreg.sh rreg/input/ rreg/input/OAMRequest.xml rreg/input/OAMRequest_short.xml rreg/input/OAM11GRequest.xml rreg/input/OpenSSOUpdateAgentRequest.xml rreg/input/CreatePolicyRequest.xml rreg/input/OAM11GRequest_short.xml rreg/input/OSSORequest.xml rreg/input/OpenSSORequest_short.xml rreg/input/OSSOUpdateAgentRequest.xml rreg/input/OAM11GUpdateAgentRequest.xml rreg/input/OpenSSORequest.xml rreg/input/UpdatePolicyRequest.xml rreg/input/OAMUpdateAgentRequest.xml rreg/lib/ rreg/lib/utilities.jar rreg/lib/RequestResponse.jar rreg/lib/rreg.jar rreg/lib/commons-logging-1.1.1.jar rreg/lib/osdt_cert.jar rreg/lib/identitystore.jar rreg/lib/oraclepki.jar rreg/lib/commons-codec-1.3.jar rreg/lib/commons-httpclient-3.1.jar rreg/lib/jps-common.jar rreg/lib/nap-api.jar rreg/lib/osdt_core.jar rreg/lib/ojmisc.jar rreg/lib/osdt_xmlsec.jar rreg/lib/jps-internal.jar rreg/lib/jps-ee.jar rreg/lib/jps-unsupported-api.jar rreg/lib/jps-api.jar rreg/config/ rreg/config/RequestResponseXMLSchema.xsd rreg/templates/ rreg/templates/opensso/ rreg/templates/opensso/webagents/ rreg/templates/opensso/webagents/OpenSSOAgentConfiguration.template rreg/templates/opensso/webagents/OpenSSOAgentBootstrap.template rreg/templates/opensso/webagents/AMAgent.template rreg/templates/opensso/j2eeagents/ rreg/templates/opensso/j2eeagents/OpenSSOAgentConfiguration.template rreg/templates/opensso/j2eeagents/AMAgent.template rreg/templates/opensso/j2eeagents/OpenSSOAgentBootstrap.template rreg/tester/ rreg/tester/nap-api.jar rreg/tester/oamtest.jar rreg/truststore/ rreg/truststore/rregcerts.jks rreg/output/ [omss@ptudvtg149 oam-rreg]$ ls rreg  RREG.tar

Step 2: Use the existing Request template file to create the configuration file 

Deploying the Oracle HTTP Server WebGate Instance

1.      Go to the WebGate_Home/webgate/ohs/tools/deployWebGate directory by running the following command:

cd WebGate_Home/webgate/ohs/tools/deployWebGate

[access@ptud ~]$ cd fmw/Oracle_WebGate/webgate/ohs/tools/deployWebGate/

2.      Run the following command to copy the required bits of agent from the WebGate_Home directory to the WebGate_Instance location:

./deployWebGateInstance.sh -w WebGate_Instance_Directory -oh WebGate_Oracle_Home

In this command:

o    WebGate_Oracle_Home is the directory in which you have installed Oracle HTTP Server WebGate and created it as the Oracle home for WebGate.

Example:

MW_HOME/Oracle_OAMWebGate1

o    WebGate_Instance_Directory is the location of WebGate Instance Home, which is same as the Instance Home of Oracle HTTP Server.

Example:

MW_HOME/Oracle_WT1/instances/instance1/config/OHS/ohs1

Note:

An Instance Home for Oracle HTTP Server is created after you configure Oracle HTTP Server. This configuration is performed after installing Oracle HTTP Server 11.1.1.2.0 or patching to Oracle HTTP Server 11.1.1.5.0.

[access@ptud deployWebGate]$ ./deployWebGateInstance.sh -w /home/access/fmw/Oracle_WT1/instances/instance1/config/OHS/ohs1 -oh /home/access/fmw/Oracle_WebGate/ Copying files from WebGate Oracle Home to WebGate Instancedir

3.      Run the following command to ensure that the LD_LIBRARY_PATH variable contains Oracle_Home_for_Oracle_HTTP_Server/lib:

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:Oracle_Home_for_Oracle_HTTP_Server/lib

[access@ptud deployWebGate]$ export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/access/fmw/Oracle_WT1/lib

4.      From your present working directory, move up one directory level:

WebGate_Home/webgate/ohs/tools/setup/InstallTools

[access@ptud deployWebGate]$ cd /home/access/fmw/Oracle_WebGate/webgate/ohs/tools/setup/InstallTools/ [access@ptud InstallTools]$ ls apache_webgate.template  EditHttpConf

5.      On the command line, run the following command to copy the apache_WebGate.template from the WebGate_Home directory to the WebGate Instance location (re-named toWebGate.conf) and update the httpd.conf file to add one line to include the name of WebGate.conf:

./EditHttpConf -w WebGate_Instance_Directory [-oh WebGate_Oracle_Home] [-o output_file]

Note:

The -oh WebGate_Oracle_Home and -o output_file parameters are optional.

In this command:

o    WebGate_Oracle_Home is the directory where you have installed Oracle HTTP Server WebGate for Oracle Access Manager and created as the Oracle Home for WebGate.

Example:

MW_HOME/Oracle_OAMWebGate1

o    WebGate_Instance_Directory is the location of WebGate Instance Home, which is same as the Instance Home of Oracle HTTP Server.

Example:

MW_HOME/Oracle_WT1/instances/instance1/config/OHS/ohs1

o    output_file is the name of the temporary output file used by the tool.

Example:

Edithttpconf.log

[access@ptud InstallTools]$ ./EditHttpConf -w /home/access/fmw/Oracle_WT1/instances/instance1/config/OHS/ohs1 -oh /home/access/fmw/Oracle_WebGate/ The web server configuration file was successfully updated /home/access/fmw/Oracle_WT1/instances/instance1/config/OHS/ohs1/httpd.conf has been backed up as /home/access/fmw/Oracle_WT1/instances/instance1/config/OHS/ohs1/httpd.conf.ORIG

Create users in WCCC for integrating with P6 EPPM

Step 1: Login Web Console in WCCC server

Step 2: Domain Structure --> Security Realms

Step 3: Select myrealm

Step 4: Settings for myrealm --> Users and Groups --> Groups. Click New

Step 5: Create a New Group. enter Name P6_Role Click OK

Step 6: Settings for myrealm --> Users and Groups -->Users. Click New

Step 7: Click OK

Step 8: Select user thonh15 ( example user)

Step 9: Groups Tab, move P6_Role from left Available session to Chosen. Click Save

Connecting the Content Repository to P6 R15.1

About Connecting the Content Repository:

Oracle Document:

http://docs.oracle.com/cd/E61144_01/English/Install_and_Config/Admin_PDF_Library/connecting_the_content_repository_to_p6.pdf

Architecture:

On this model, Documents functionality is a important Core Enterprise Functionality. Having a content repository integrated with P6 can turn cluttered, unstructured content into organized assets by making it easier to catalog, access, search, and reuse documentation.

This guide will tell you how to:

• Configure Oracle Webcenter Content Core Capabilities (WCCC) when you install it. 
• Set your content repository settings in the Primavera P6 Administrator to connect your content repository to P6. 

About Content Repository Authentication Modes:

P6 EPPM offers two content repository authentication modes. You can configure authentication
for either single user authentication or multiple user authentication. In single user authentication
mode, all P6 EPPM users access the repository using a single administrator user login that is set
during repository configuration. In multiple user authentication mode, each P6 EPPM user is
authenticated based on their individual login.

Single User authentication mode is useful when you want users to have full access to the content
repository through P6 EPPM without having to maintain an equivalent list of users for both P6
EPPM and the repository. This allows a repository administrator to maintain one set of credentials
for the repository without having to share those credentials with all users. Single user
authentication is also useful for quickly setting up test repositories that testers can access with
ease.

Multiple User authentication mode is the default mode. Multiple user authentication mode
provides increased security by restricting content repository access on an individual user basis.
Because it uses native auditing fields it also allows a clear audit of who has created and modified
files.

On this guide, I choose Multiple User authentication mode.

Configuring the Content Repository for P6:

Configuring WCCC to work with P6

1.(required) Establish a Trusted Connection to the P6 EPPM database by adding the P6 EPPM machine name or IP address as a trusted server in the WCCC server's configuration file.

[wccc@PTUD-VM01-2 ~]$ cd fmw/user_projects/domains/wccc_domain/ucm/cs/config/ [wccc@PTUD-VM01-2 config]$ vi config.cfg  #Server System Properties IDC_Name=PTUDVM0128000 IdcProductName=idccs InstanceMenuLabel=PTUDVM0128000 InstanceDescription=Instance PTUDVM0128000 SocketHostAddressSecurityFilter=127.0.0.1|0:0:0:0:0:0:0:1|192.168.2.156|192.168.2.133 #Database Variables SystemDatabase:DataSource=CSDS SystemDatabase:UseDataSource=true #Internet Variables HttpServerAddress=192.168.2.133:8000 MailServer=mail SysAdminAddress=sysadmin@example.com HttpRelativeWebRoot=/cs/ UseSSL=No #General Option Variables IsAutoNumber=Yes AutoNumberPrefix=PTUDVM0128000 #Additional Variables SearchIndexerEngineName=OracleTextSearch IntradocServerPort=4444 WebServer=javaAppServer FileEncoding=UTF8

Note:

192.168.2.133: IP of P6 EPPM database server

192.168.2.156: IP of WCCC server.

Reboot the WCCC server. 

2. Enable Framework folders. The Framework folder interface is not enabled by default. To enable it, see http://vtgdb.blogspot.com/2015/09/enable-framework-folders-for-wccc.html

3. (required) Create a P6 EPPM Security Group in WCCC and grant the appropriate rights( read, write, delete) for P6 EPPM users.

Details see 

http://vtgdb.blogspot.com/2015/09/create-p6-eppm-security-grouprolde-in.html

4.(required) Create an P6 EPPM documents home folder on the WCCC server by adding unique path to the root folder.

Details see

http://vtgdb.blogspot.com/2015/09/create-p6-eppm-documents-home-folder-on.html

5. Create users in WCCC for integrating with P6 EPPM
http://vtgdb.blogspot.com/2015/09/create-users-in-wccc-for-integrating.html

6. Create a Document Type for P6 EPPM documents in WCCC.

You can skip this step because you use Document Type name "Document" in WCCC for P6.

7. (required) Configuration Manager applet:
detail see http://vtgdb.blogspot.com/2015/09/create-metadata-text-fields-in-wccc-for.html

8. (required) Configure the appropriate settings for the Primavera P6 Administrator.
see blog http://vtgdb.blogspot.com/2015/09/configuring-wccc-in-p6-eppm-r151.html

9. Restart the WCCC server.

Configuring the Oracle Database Content Repository