CASifying Oracle BI Publisher Enterprise Edition 11g
Owned by Edvinas S.
Note
This method is NOT the best one and has some downsides/limitations (user attributes are not accessible), but it works!
Proper CASification would be configuring WebLogic Server to use CAS as a SAML Identity Provider.
Prerequisites (components that we are going to configure):
- Oracle BI Publisher EE
- Oracle WebLogic Server
Oracle Enterprise Manager
1. Oracle BI Publisher (xmlpserver.ear) modification
Locate xmlpserver.ear in BI installation (/bipublisher/Oracle_BI1/bifoundation/jee).
Add jars to xmlpserver.ear\xmlpserver.war\WEB-INF\lib\:
cas-client-core-3.2.1.jarcas-client-obiee.jar(your jar with SecondCasHttpServletRequestWrapperFilter.class)SecondCasHttpServletRequestWrapperFilter.java Expand sourcepackage org.jasig.cas.client.obiee.filter; import java.io.IOException; import java.security.Principal; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; public final class SecondCasHttpServletRequestWrapperFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { // nothing to do } @Override public void destroy() { // nothing to do } @Override public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { filterChain.doFilter(new CasSSOUsernameParameterHttpServletRequestWrapper((HttpServletRequest) servletRequest), servletResponse); } final class CasSSOUsernameParameterHttpServletRequestWrapper extends HttpServletRequestWrapper { CasSSOUsernameParameterHttpServletRequestWrapper(final HttpServletRequest request) { super(request); } @Override public String getParameter(String name) { if ("cas_assertion_username".equals(name)) { Principal principal = getUserPrincipal(); if (principal != null) { return principal.getName(); } } return super.getParameter(name); } } }
Edit xmlpserver.ear\xmlpserver.war\WEB-INF\web.xml:
web.xml Expand source
...
<!-- CAS filters -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://[cas-host]:6060/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://[bi-host]:7001</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://[cas-host]:6060/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://[bi-host]:7001</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.obiee.filter.SecondCasHttpServletRequestWrapperFilter</filter-class>
</filter>
<!-- CAS filters END -->
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>oracle.xdo.servlet.security.SecurityFilter</filter-class>
<init-param>
<param-name>saw.cookie.id</param-name>
<param-value>ORA_BIPS_NQID</param-value>
</init-param>
</filter>
...
web.xml second part Expand source
...
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/scheduler</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>*.xdo</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>*.xdm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/xdo/cache/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/xdo/tmp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/xml/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/io/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/scheduler</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>*.xdo</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>*.xdm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/xdo/cache/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/xdo/tmp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/xml/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/io/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/scheduler</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>*.xdo</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>*.xdm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/xdo/cache/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/xdo/tmp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/xml/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/io/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/scheduler</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>*.xdo</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>*.xdm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/xdo/cache/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/xdo/tmp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/xml/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/io/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
...
2. BI Publisher configuration
Don't forget to enable Local Super User.
3. Oracle Enterprise Manager configuration
Enable SSO and configure role memberships to have authenticated-role principal (users loged-in using CAS will only have this role).
4. Oracle WebLogic Server configuration
5. Restart Oracle WebLogic Server
Start, stop scripts - /bipublisher/user_projects/domains/bifoundation_domain/bin/
- shutdown: if shutdown script doesn't work, you can shutdown through WLS GUI
- start:
"nohup ./startWebLogic.sh &>/dev/null" - to run in background.