Configuring BI Publisher to use OVD as authenticator

This post will show the steps to configure OVD as authenticator for BI Publisher i.e users accounts coming from OVD can login to BI Publisher.

Below steps need to be followed to accomplish the same:

Open the BI Domain console and navigate to Realms-> myrealm->Providers. Below page is displayed(OVD Authenticator will not be listed there as we need to configure the same):

Now click on New to configure OVD Authenticator:

Provide a name for Authenticator and Type as OracleVirtualDirectoryAuthenticator  as displayed in the screenshot above. Click OK to save.

Once the Authenticator is created, we need to provide configuration parameters for the same as below:

Under Configuration->Common, select Control Flag as SUFFICIENT.

Now click on Configuration->Provider Specific to provide the other configuration parameters as below:

Provide the below details and click SAVE to save the configuration:

Host, Port, Principal, Credential, Confirm Credential, check SSL Enabled, User Base DN, User Object Class, Group Base DN, Dynamic Group Name Attribute

RESTART THE ENTIRE BI-DOMAIN.

Once the system is restarted, navigate to Security Realms->myrealm->Users and Groups and search if BISystemUser appear in the list as shown below:

Now navigate to Roles and Policies->Realm Roles->Global Roles->Roles->Admin and click on View Roles Conditions:

Click on Add Conditions, select User from drop-down, click Next. Now enter BISystemUser in User Argument Name and click Add to add it to the conditions list and then click Finish and then click Save on below page to save the changes.

Now the similar thing needs to be done for JMS Module. Navigate to Services->Messaging->JMS Modules

Click on BipJMSResource. Navigate to Security Tab and add the condition for BISystemUser there as below:

Now, open EM console and do the following changes there:

Navigate to Weblogic Domain->bifoundation_domain and select it. From drop-down select Security->Application Roles. In the field Application Stripe, select obi and then click the search image, click the BISystem application role and click Edit Link. Once the user is successfully added, it will appear in the list as below:

Now select Security->Security Provider Configuration from drop-down. Now expand the Identity Store Provider and click on Configure Button and the add the following properties[user.login.attr = cn, PROPERTY_ATTRIBUTE_MAPPING = GUID=sn, username.attr = cn, virtualize = true] and click OK to save the configuration:

Now Restart the entire BI-environment and check the logs of bi_server1 for any possible errors related to Identity Store, else we are good to go.

Now take a user from OVD and try to authenticate into BI Publisher, user should be able to authenticate.