OBIEE 10G - Authentication
The legacy authentication methods supported by BI Server are:
- External LDAP-based directory server
- External initialization block authentication
A user can be defined:
- in the repository
- or in an external source (such as ldap, external table, …)
Associating USER with an LDAP initialization block determines that USER is authenticated by LDAP. Whenever a user logs into OBIEE, the user name and password are passed to the LDAP server for authentication. After the user is authenticated successfully, other session variables for the user might also be populated from information returned by the LDAP server.
To configure LDAP authentication, you perform the following tasks:
- Create an LDAP initialization block.
- Associate this initialization block with an LDAP server.
- Define a system variable called USER.
- Associate the USER system variable with the LDAP initialization block.
If OBIEE get a positive response from the LDAP server, you are authenticated.
At this step, you don't belong to any group and if the permissions are not restrictive, you can see all data (as in the SH repository).
See this article: OBIEE 10G - How to configure BI Server against the LDAP of ADSI ? This article talk about ldap authentication without ssl. If you need to use SSL, it's here: OBIEE 10G - LDAP over SSL with Global Security Kit (GSKit).
Importing of user information into the repository is supported on regular LDAP servers, but not supported on ADSI servers.
Order of Authentication
If the user does not type a logon name, then OS authentication is triggered, unless OS authentication is explicitly turned off in the NQSConfig.INI file.
Additionally, OS authentication is not used for Oracle BI Presentation Services users. (For more information, refer to OBIEE Deployment Guide)
The Oracle BI Server populates session variables using the initialization blocks in the desired order that are specified by the dependency rules defined in the initialization blocks.
If the server finds the session variable USER, it performs authentication against an LDAP server or an external database table, depending on the configuration of the initialization block with which the USER variable is associated.
Oracle BI Server internal authentication (or, optionally, database authentication) occurs only after these other possibilities have been considered.