adding jasig CAS authentication for OBIEE (Oracle Business Inteligence)11g

4
votes

I'm trying to add CAS as an authentication provider for OBIEE 11g.

up until now I've added the cas-client-core-3.2.1.jar jar to $MW_HOME/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/lib/ and configure $MW_HOME/wlserver_10.3/server/lib/consoleapp/webapp/WEB-INF/web.xml with the the flowing elements:

<filter>
  <filter-name>CAS Authentication Filter</filter-name>
  <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
  <init-param>
    <param-name>casServerLoginUrl</param-name>
    <param-value>http://192.168.0.117:8000/cas/login</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>https://192.168.0.170</param-value>
  </init-param>
</filter>

<filter>
  <filter-name>CAS Validation Filter</filter-name>
  <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class>
  <init-param>
    <param-name>casServerUrlPrefix</param-name>
    <param-value>http://192.168.0.117:8000/cas</param-value>
  </init-param>
  <init-param>
    <param-name>serverName</param-name>
    <param-value>https://192.168.0.170</param-value>
  </init-param>
</filter>

<filter>
  <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
  <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>

<filter>
  <filter-name>CAS Assertion Thread Local Filter</filter-name>
  <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
</filter>

<filter-mapping>
    <filter-name>CAS Authentication Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
    <filter-name>CAS Validation Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
    <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

this only applies to the WL console and not OBIEE application. I'm redirected to the cas login however afterwords i'm still required to enter a console password, and the effective user will be the one from CAS.

any idea how to deploy CAS for the OBIEE application?

Thanks, Shay

1
authenticationweb.xmlcasobieejasig
just to be clear: you want it to work for weblogic console, for the OBIEE application or both?eis
weblogic console is not a must, my main concern is CASifying OBIEEShay

1 Answers

2
votes

OK solved it, had to unpack the analytics.ear file and from in it unpack the analytics.war add the cas core jar to WEB-INF/lib and add the XML from above to WEB-INF/web.xml repack analytics.war, repack analytics.ear restart weblogic.

in the EM->coreapplication->security enable SSO select generic SSO and set the login and logout urls

Note: we had an initialization block,that would fail if the user/password wouldn't authenticate, that had to be altered.