Tuesday, March 13, 2018

OBIEE 12c using database authentication provider - addendum

In older versions of OBIEE, DB based authentication were very popular using Initialization Blocks.
Oracle does not support this sort of authentication lately.
If you insist on Database as Authentication Provider, you can check chapter 3 of BI security Guide, "Configuring a Database as the Authentication Provider". Or the second half of this RittmanMead blog here.


2 things to remember:

1. When running the libovdadapterconfig script at the end, set the dataSourceJNDIName value as the JNDI Name and not the "regular" Name. Next, give the weblogic password, when requested for AdminServer password.



2. In case you made a mistake while running the libovdadapterconfig script, running it again informs you the adapter was already created. The guideline to fixing it is at the bottom of note 2226809.1 at Oracle Support:


Note: If for any reason the adapter would need to be recreated, follow steps detailed in the Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition -> Correcting Database Adapter Errors by Deleting and Recreating the Adapter
Note: If the delete adapter command is run as per the documentation, it gives the impression that the adapter was not deleted by returning this message:

'Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root MBean.' with no further message.

 
For example:

C:\app\Middleware\Oracle_Home_122120\oracle_common\common\bin>wlst.cmd
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> connect ('weblogic','Welcome1','t3://hostname.domain:9500')
Connecting to t3://hostname.domain:9500 with userid weblogic ...
Successfully connected to Admin Server "AdminServer" that belongs to domain "bi".
Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port or Admin port should be used instead.
wls:/bi/serverConfig/> deleteAdapter(adapterName='MySQLGroupProvider')
Location changed to domainRuntime tree. This is a read-only tree
with DomainMBean as the root MBean.
For more help, use help('domainRuntime')
wls:/bi/domainRuntime/> exit()

However, the adapter is effectively deleted and can be confirmed in the Weblogic Administration Console.




In my case the server is localhost: