Oracle^® Business Intelligence Enterprise Edition Deployment Guide > Implementing Single Sign-On Products With Oracle Business Intelligence >

Important Considerations For Implementing SSO for Oracle Business Intelligence

When implementing SSO for Oracle Business Intelligence, consider the following:

• When the authentication source is a Microsoft Windows domain, and there is a need to strip out the domain portion from the username, then a special attribute may be specified to do this task.
• When accepting such trusted information from the HTTP server or servlet container, it is essential to secure the machines that are permitted to communicate with Oracle BI Presentation Services directly. This can be done by setting the Listener\Firewall node in instanceconfig.xml with the list of HTTP Server or servlet container IP addresses. In addition, the Firewall node must include the IP addresses of all BI Scheduler instances, BI Presentation Services Plug-in instances (ISAPI Plug-in or Java Servlet) and BI Javahost instances. If any of these components are co-located with Oracle BI Presentation Services, then address 127.0.0.1 must be added in this list as well. Note that this setting does not control end-user browser IP addresses.
• When using mutually-authenticated SSL, you must specify the Distinguished Names (DNs) of all trusted hosts in the Listener\TrustedPeers node.
• For information, refer to Enabling Secure Communication in Oracle Business Intelligence.
• Configure optional Logoff/Logon URLs.

  In environments where Single Sign-On (SSO) is enabled, you can configure log out and log on links to appear on Oracle BI Presentation Services screens. To do so, you add the elements shown in the following table as children of the SSO element in the instanceconfig.xml file.

  Element	Description
  LogoffUrl	Turns on the log off link on Oracle BI Presentation Services screens and specifies the URL to navigate to when a user clicks the link.
  LogonUrl	Turns on the log on link on the screen that appears when a user is not logged in to Oracle BI Presentation Services and specifies the URL to navigate to when a user clicks the link.

For example:

<SSO>
    <LogoffUrl>http://hostname:port/the_url_to_logoff_sso</LogoffUrl>
    <LogonUrl>http://hostname:port/the_url_to_logon_sso</LogonUrl>
</SSO>

The logoff and logon URLs can also contain expressions. For example, @{user.id} can be inserted to the logoff URL. Oracle BI Presentation Services will replace it with the ID of the user. For more information on web variables and the expressions that may be used, refer to the Oracle Business Intelligence Server Administration Guide.