OBIEE - Authentication

About

Authentication in an OBIEE context.

A user is authenticated if the USER system variable is set. Then an init block can authenticate a user.

The goal of the authentication configuration is to get a confirmation of the identity of a user based on the credentials provided.

In OBIEE, the credentials provided are hold in this two variables:

The authentication process is managed by the BI Server.

The legacy authentication methods supported by BI Server are:

  • External LDAP-based directory server
  • External initialization block authentication
  • Table-based

A user can be defined:

  • in the repository
  • or in an external source (such as ldap, external table, …)
When a User exists in both the repository and in an external source (such as LDAP servers), the local repository User definition takes precedence. This rules allows the OBIEE Server Administrator to override users that exist in an external security system.

Articles Related

Order of Authentication

If the user does not type a logon name, then OS authentication is triggered, unless OS authentication is explicitly turned off in the NQSConfig.INI file.

Additionally, OS authentication is not used for Oracle BI Presentation Services users. (For more information, refer to OBIEE Deployment Guide)

The Oracle BI Server populates session variables using the initialization blocks in the desired order that are specified by the dependency rules defined in the initialization blocks.

If the server finds the session variable USER, it performs authentication against an LDAP server or an external database table, depending on the configuration of the initialization block with which the USER variable is associated.

Oracle BI Server internal authentication (or, optionally, database authentication) occurs only after these other possibilities have been considered.

Login/Authentication Process between Oracle BI Server and Oracle BI Presentation Services

The Oracle BI Server and Oracle BI Presentation Services client support industry-standard security for login and password encryption.

When an end user enters a login and password in the Web browser, the Oracle BI Server uses the Hyper Text Transport Protocol Secure (HTTPS) standard to send the information to a secure port on the Oracle BI Presentation Services.

From the Oracle BI Presentation Services, the information is passed through ODBC to the Oracle BI Server, using Triple DES (Data Encryption Standard). This provides a high level of security (168 bit), preventing unauthorized users from accessing data or Oracle BI metadata.

Support

Unable to Sign In

Unable to Sign In An invalid User Name or Password was entered
Unable To Sign In. An Error Occurred During Authentication

See: OBIEE 11g: Error: "Unable to Sign In" when Authentication Fails

Documentation / Reference

  • Bookmark "OBIEE - Authentication" at del.icio.us
  • Bookmark "OBIEE - Authentication" at Digg
  • Bookmark "OBIEE - Authentication" at Ask
  • Bookmark "OBIEE - Authentication" at Google
  • Bookmark "OBIEE - Authentication" at StumbleUpon
  • Bookmark "OBIEE - Authentication" at Technorati
  • Bookmark "OBIEE - Authentication" at Live Bookmarks
  • Bookmark "OBIEE - Authentication" at Yahoo! Myweb
  • Bookmark "OBIEE - Authentication" at Facebook
  • Bookmark "OBIEE - Authentication" at Yahoo! Bookmarks
  • Bookmark "OBIEE - Authentication" at Twitter
  • Bookmark "OBIEE - Authentication" at myAOL
 
dat/obiee/authentication.txt · Last modified: 2014/02/17 10:18 by gerardnico