You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Current »
Prerequisites (components that we are going to configure):
1. Oracle BI Publisher (xmlpserver.ear) modification
Locate xmlpserver.ear in BI installation (/bipublisher/Oracle_BI1/bifoundation/jee).
Add jars to xmlpserver.ear\xmlpserver.war\WEB-INF\lib\:
cas-client-core-3.2.1.jarcas-client-obiee.jar (your jar with SecondCasHttpServletRequestWrapperFilter.class)
package org.jasig.cas.client.obiee.filter;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public final class SecondCasHttpServletRequestWrapperFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// nothing to do
}
@Override
public void destroy() {
// nothing to do
}
@Override
public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
filterChain.doFilter(new CasSSOUsernameParameterHttpServletRequestWrapper((HttpServletRequest) servletRequest), servletResponse);
}
final class CasSSOUsernameParameterHttpServletRequestWrapper extends HttpServletRequestWrapper {
CasSSOUsernameParameterHttpServletRequestWrapper(final HttpServletRequest request) {
super(request);
}
@Override
public String getParameter(String name) {
if ("cas_assertion_username".equals(name)) {
Principal principal = getUserPrincipal();
if (principal != null) {
return principal.getName();
}
}
return super.getParameter(name);
}
}
}
Edit xmlpserver.ear\xmlpserver.war\WEB-INF\web.xml:
...
<!-- CAS filters -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>http://[cas-host]:6060/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://[bi-host]:7001</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://[cas-host]:6060/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://[bi-host]:7001</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<filter-class>org.jasig.cas.client.obiee.filter.SecondCasHttpServletRequestWrapperFilter</filter-class>
</filter>
<!-- CAS filters END -->
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>oracle.xdo.servlet.security.SecurityFilter</filter-class>
<init-param>
<param-name>saw.cookie.id</param-name>
<param-value>ORA_BIPS_NQID</param-value>
</init-param>
</filter>
...
...
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/scheduler</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>*.xdo</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>*.xdm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/xdo/cache/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/xdo/tmp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/xml/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/io/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/scheduler</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>*.xdo</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>*.xdm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/xdo/cache/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/xdo/tmp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/xml/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/io/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/scheduler</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>*.xdo</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>*.xdm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/xdo/cache/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/xdo/tmp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/xml/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/io/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/scheduler</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>*.xdo</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>*.xdm</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/xdo/cache/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/xdo/tmp/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/xml/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
<url-pattern>/io/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
...
2. BI Publisher configuration
Don't forget to enable Local Super User.
3. Oracle Enterprise Manager configuration
Enable SSO and configure role memberships to have authenticated-role principal (users loged-in using CAS will only have this role).
4. Oracle WebLogic Server configuration
5. Restart Oracle WebLogic Server
Start, stop scripts - /bipublisher/user_projects/domains/bifoundation_domain/bin/
- shutdown: if shutdown script doesn't work, you can shutdown through WLS GUI
- start:
"nohup ./startWebLogic.sh &>/dev/null" - to run in background.