Child pages
  • CASifying Oracle BI Publisher Enterprise Edition 11g
Skip to end of metadata
Go to start of metadata

Note

This method is NOT the best one and has some downsides/limitations (user attributes are not accessible), but it works!

Proper CASification would be configuring WebLogic Server to use CAS as a SAML Identity Provider.

 

Prerequisites (components that we are going to configure):

  • Oracle BI Publisher EE
  • Oracle WebLogic Server
  • Oracle Enterprise Manager

1. Oracle BI Publisher (xmlpserver.ear) modification

Locate xmlpserver.ear in BI installation (/bipublisher/Oracle_BI1/bifoundation/jee).

Add jars to xmlpserver.ear\xmlpserver.war\WEB-INF\lib\:

  • cas-client-core-3.2.1.jar
  • cas-client-obiee.jar (your jar with SecondCasHttpServletRequestWrapperFilter.class)
    SecondCasHttpServletRequestWrapperFilter.java
    package org.jasig.cas.client.obiee.filter;
    import java.io.IOException;
    import java.security.Principal;
    import javax.servlet.Filter;
    import javax.servlet.FilterChain;
    import javax.servlet.FilterConfig;
    import javax.servlet.ServletException;
    import javax.servlet.ServletRequest;
    import javax.servlet.ServletResponse;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletRequestWrapper;
    public final class SecondCasHttpServletRequestWrapperFilter implements Filter {
        @Override
        public void init(FilterConfig filterConfig) throws ServletException {
        	// nothing to do
        }
        
        @Override
    	public void destroy() {
            // nothing to do
        }
        @Override
    	public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
            filterChain.doFilter(new CasSSOUsernameParameterHttpServletRequestWrapper((HttpServletRequest) servletRequest), servletResponse);
        }
        final class CasSSOUsernameParameterHttpServletRequestWrapper extends HttpServletRequestWrapper {
            CasSSOUsernameParameterHttpServletRequestWrapper(final HttpServletRequest request) {
                super(request);
            }
            
            @Override
            public String getParameter(String name) {
            	if ("cas_assertion_username".equals(name)) {
            		Principal principal = getUserPrincipal();
            		
            		if (principal != null) {
            			return principal.getName();
    				}
    			}
            	
            	return super.getParameter(name);
            }
        }
    }
     

     


Edit xmlpserver.ear\xmlpserver.war\WEB-INF\web.xml:

web.xml
...
  <!-- CAS filters -->
  <filter>
    <filter-name>CAS Authentication Filter</filter-name>
    <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
      <param-name>casServerLoginUrl</param-name>
      <param-value>http://[cas-host]:6060/cas/login</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>http://[bi-host]:7001</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>CAS Validation Filter</filter-name>
    <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
    <init-param>
      <param-name>casServerUrlPrefix</param-name>
      <param-value>http://[cas-host]:6060/cas</param-value>
    </init-param>
    <init-param>
      <param-name>serverName</param-name>
      <param-value>http://[bi-host]:7001</param-value>
    </init-param>
  </filter>
  <filter>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
  </filter>
  
  <filter>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <filter-class>org.jasig.cas.client.obiee.filter.SecondCasHttpServletRequestWrapperFilter</filter-class>
  </filter>
  <!-- CAS filters END -->
  
  <filter>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>oracle.xdo.servlet.security.SecurityFilter</filter-class>
    <init-param>
      <param-name>saw.cookie.id</param-name>
      <param-value>ORA_BIPS_NQID</param-value>
    </init-param>
  </filter>
...
web.xml second part
...
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/servlet/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/scheduler</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>*.xdo</url-pattern>
  </filter-mapping>
    <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>*.xdm</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/xdo/cache/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/xdo/tmp/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/xml/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/io/*</url-pattern>
  </filter-mapping>
  
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/servlet/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/scheduler</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>*.xdo</url-pattern>
  </filter-mapping>
    <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>*.xdm</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/xdo/cache/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/xdo/tmp/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/xml/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/io/*</url-pattern>
  </filter-mapping>
  
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/servlet/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/scheduler</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>*.xdo</url-pattern>
  </filter-mapping>
    <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>*.xdm</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/xdo/cache/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/xdo/tmp/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/xml/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/io/*</url-pattern>
  </filter-mapping>
  
  <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>/servlet/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>/scheduler</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>*.xdo</url-pattern>
  </filter-mapping>
    <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>*.xdm</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>*.jsp</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>/xdo/cache/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>/xdo/tmp/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>/xml/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
    <filter-name>secondCasHttpServletRequestWrapperFilter</filter-name>
    <url-pattern>/io/*</url-pattern>
  </filter-mapping>
  
  <filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/servlet/*</url-pattern>
  </filter-mapping>
...

2. BI Publisher configuration

Don't forget to enable Local Super User.

3. Oracle Enterprise Manager configuration

  

Enable SSO and configure role memberships to have authenticated-role principal (users loged-in using CAS will only have this role).

4. Oracle WebLogic Server configuration

    

5. Restart Oracle WebLogic Server

Start, stop scripts - /bipublisher/user_projects/domains/bifoundation_domain/bin/

  • shutdown: if shutdown script doesn't work, you can shutdown through WLS GUI 
  • start: "nohup ./startWebLogic.sh &>/dev/null" - to run in background.
  • No labels