Wednesday, October 5, 2011

BI Publisher Integration with Oracle OIM 11g

Oracle BI Publisher is used to build the reports for ’s OIM environment. Primary schemas that are used for gathering data are Dev_IAU (audit DB) and Dev_OIM.  Audit DB data collection steps will be captured in a separate post. Reports are developed using Oracle BI Publisher plugin for MS Word. Oracle OIM software provides several out-of-the-box reports, these reports are built for Oracle BI Publisher 10.1.3 environment. After running an upgrade utility some reports appear to work, but overall the upgraded reports and the underlying XML documents (xdms, xdos) are corrupt. Reports that are mentioned in this post have been re-created using the same underlying data model and associated queries.

Reports Name
User Reports
 User Authentication Summary
User Login, Logout Information
 User Summary
Key elements of a user account profile (first name, last name etc)
 Users Deleted
User detail that is deleted by date
 Users Disabled
User detail that is disabled by date
 Users Unlocked
User detail that is unlocked by date
Password Reports
 Password Expiration Summary
User account password expiration summary
 Password Reset Summary
User account password resets summary
Role and Organization Reports
 Organization Details
Organization name, creation date
 Role Membership History
Role membership information
 Role Membership Profile
Role membership information
 Role Membership
Role membership information
 User Membership History
Users grouped by role information


BI Weblogic Admin Server’s Security Realm Configuration

1.       Take a copy of config.xml in /share/orabi/admin/BIDomain/aserver/bifoundation_domain/config folder

2.       Login using BI weblogic console as weblogic user (or with similar privileges).

3.       Navigate to security realms -> my realm -> Providers tab

4.       Create and order the providers (OAMIdentityAsserter, OVDAuthenticator, DefaultAuthenticator, DefaultIdentityAsserter) as shown in the graphic above. (note: creation of the security providers is out-of-scope for this document).
1.       Login to OIM as xelsysadm user. -> click Administration -> click Create User Icon and create a BISystemUser as shown in the graphic below:
2.       Logout as xelsysadm and login as the user that was just created to reset the first password and answer security challenge questions.
2.       Login to qa-oim1 linux box as orabi, cd to /home/orabi/oracle/middleware/wlserver_10.3/common/bin
3.       Run ‘’ program
4.       Enter the following at the shell prompt - connect ('weblogic', 'iamq$1', 't3://<hostname.domain>:7031')
5.       Run the following commands (replace password below with the most recent password set above):
a.       listCred(map="",key="system.user")
b.      deleteCred(map="",key="system.user")
c.       createCred(map="",key="system.user", user="BISystemUser", password="Welcome_2")

Adding users to BI Consumer Role in Weblogic EM

1.       Login to em at http://<hostname.domain>:7031/em as weblogic user
2.       Navigate to ‘Weblogic Domain’ -> bifoundation_domain
3.       Right mouse click on bifoundation_domain and select security -> Application Roles
4.       Under Search subsection ->  Select application Stripe to Search radio buttong and select obi from the drop-down selection list as shown in the graphic below:

1.       Click Search beside the Role Name and select BIConsumer

1.       Click Add User and search for users for whom you would like give report read access to. For example in the screen above, (another OIM user in the MPR repository) is added to the BIConsumer role.

Creation of Data Sources in BI Weblogic Servers

1.       Login to http://<hostname.domain>:9714/xmlpserver/ as weblogic -> click administration as shown below:

1.       Click jdbc -> data sources -> Add Data source and create a data source call oimReportsDS as shown below

1.       Repeat the same and create OIM JDBC data source

Adding Data Sources to BI Consumer Role

1.       Navigate to Administration -> Security Center -> Roles and Permissions

1.       Click BIConsumer -> Add OIM JDBC and oimReportsDS role from available data sources to Allowed data sources and click Apply.

Uploading of Reports

1.       Login to qa-oim1 and FTP all the reports (xdo and xdm folders) to the following directory (/home/orabi/admin/BIDomain/aserver/bifoundation_domain/config/bipublisher/repository/Reports)

2.       The folder location can be found using steps below:

a.       Login as weblogic in http://<hostname.domain>:9714/xmlpserver/
Click Administration -> Server configuration -> check the ‘Path’ value under Catalog

Adding Permissions for Reports and Relevant Data Models

1.       Login as weblogic into http://<hostname.domain>:9714/xmlpserver/

2.       Click Catalog and select report folders in the left menu

3.       Select each folder and do the following for each:

a.       Select more under each report and click permissions

b.       Click + sign to add BIConsumer roleand select read, wirte, Run Report Online, View report online checkboxes and click ok

c.       Perform the same for relevant data model element and select the options as above.
d.       Login as user with BIConsumer roles and you should be able to access reports.

No comments:

Post a Comment