Part I: Configuring OC4J Applications (i.e. BI Publisher) to work in Single Sign-On (SSO) Environment on IIS DECEMBER 7TH, 2010. Michal

The full topic of this article is a two part post; today I will explain how to enable the SSO mechanism for the OC4J native applications used in OBI architecture. An example of this would be BI Publisher.
I recently posted an article on how to set up OBIEE on IIS with SSO; this article is a continuation on this topic. OBI and its “analytics” application can be seamlessly deployed on IIS. However, there are some other applications in the OBI stack that don’t have this functionality. To give an example, BI Publisher or MS Office Add-in – by default can only be deployed on an OC4J Web Application server (or be a part of a wider Oracle Application Server architecture).

Business Case:
In the Windows Server dominated environment, OBIEE is likely to be deployed on an IIS application server. It is possible that the SSO solution will be requested by a client to facilitate the access of the tool.
The goal is to achieve a seamless, secure and reliable SSO solution across all the BI applications in the OBIEE stack; achieving this depends on the architecture used. In this case we will use an environment based on an IIS web application server (i.e. Windows Server based infrastructure).
In my last blog article I mentioned how to ‘deploy’ OBI analytics applications; but apart from the basic application, we will need another tool such as BI Publisher which functions with SSO.  We do not simply want users to re-type their credentials anytime they access Publisher reports. Ultimately users should be able to see all applications working seamlessly while passing credentials in the shared SSO infrastructure.
The solution:
In order to implement SSO for OC4J based applications, which need to communicate with IIS, we will build a ‘bridge’ between IIS and OC4J application servers; a tool called Oracle Proxy will allow us to do that.
While researching I found this link (http://download.oracle.com/docs/cd/B25221_05/web.1013/b25211/proxy.htm#i647932) for anyone interested in detailed information.
In principle we will build a plug-in to our IIS system and enable a seamless logging scheme into BI Publisher.
The steps to follow are:
· Install and configure Oracle Proxy
· Modify OBI Presentation Server configuration files (credentialstore.xml, instanceconfig.xml)
· Modify BI Publisher configuration files (xmlp-server-config.xml)
· Adjust security settings
The steps to follow are:
Install and configure Oracle Proxy
Modify OBI Presentation Server configuration files (credentialstore.xml, instanceconfig.xml)
Modify BI Publisher configuration files (xmlp-server-config.xml)
Adjust security settings
Benefits:
Using the above solution we achieve the following:
· Shared SSO mechanism for all OBI applications across an OBI instance
· No need to install additional architecture elements (like OAS)
· Relatively straight-forward implementation steps
Stay tuned! In the next blog article I will explain a deep dive into the integration process with detailed steps.