RSS

Category Archives: Mobile App designer

OBIEE 11.1.1.9.0 is released – Improved UI and features

Oracle has released new OBIEE 11.1.1.9.0 and available for download. Some highlights of the new features in this version are:

  • Improved installer
  • NOT supported on 32-bits Operating Systems.
  • Better Administration Features: New monitoring operations via Mbeans,additional information in Usage Tracking tables, new INSTANCECONFIG.xml and NQSCONFIG.INI settings
  • Improved Aggregate Persistence wizard to generate the aggregates with levels auto-correct and etc.
  • Selection Steps & Hierarchical columns can be override with the initialization blocks with its initialization string written in JSON syntax.
  • New light weighted UI Skin: Skyros, Similar to Oracle BI Cloud Service
  • HTML5 output is supported and can be configured as default output format. So flash limits will not stop your analysis on any devices.
  • More settings to configure the exports: columns formatting, Width, No.of rows etc..
  • Ability to save calculated column to reuse in other analysis
  • Better and simple UI (skin & Style) customization with a centralized master CSS and images in one directory.
  • Improved Scheduler WebService methods gives more flexibility to manage the OBIEE Agents programmatically.

And many more can be found in New Features document: https://docs.oracle.com/middleware/11119/biee/BIEUG/whatsnew.htm#BIEUG13418

References:

Download at: http://www.oracle.com/technetwork/middleware/bi-enterprise-edition/downloads/bi-downloads-2537285.html
New intuitive Documentation Link: https://docs.oracle.com/middleware/11119/bisuite/index.html
System Certification Matrix: http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html

Thanks,
Shiva Molabanti

Advertisements
 

Tags: , ,

SAML – A go-to tool for Enterprise – Cloud Applications Security

What is SAML?

SAML is the XML-based Security Assertion Markup Language being standardized at OASIS. SAML enables Single Sign-On and other security scenarios, and provide details about the authentication, attribute, and authorization information between security domains. SAML has the specific XML-based protocol by which security information can be transported securely across domains from SAML Authorities i.e. Identity Provider and the SAML Consumers i.e. Service Providers.

The SAML 2.0 is the latest ratified OASIS standard.

Terminology

The SAML architecture is surrounded with the following actors:

Identity Provider (IdP): An Identity Provider (IdP), also known as Identity Assertion Provider, is responsible for issuing identification information for all providers looking to interact / service with the system in any possible way, this is achieved via an authentication module which verifies a security token as an alternative to explicitly authenticating a user within a security realm.

An example of this could be, where an external website allows users to log in with Facebook credentials, Facebook is acting as an identity provider. Facebook verifies that the user is an authorized user and returns information to the external site such as username and email address (specific details might vary). Similarly, if a site allows login with Google or Twitter, Google and Twitter are acting as the identity provider.

Service Provider (SP): A Service Provider (SP), also known as consumer of SAML assertions. Basically, A Service Provider means your application/resource who wants to be SSO with SAML federated services.

An example of this could be OBIEE, Salesforce.com, Tableau and NetSuite etc…

How does SAML Work?

At its core, SAML is a series of XML-based messages that detail whether a person has authenticated, and frequently information about that person. SAML is primarily used for SSO between organizations and websites that are “external” to the organization. However, it can be used just as well for internal SSO applications.

The three main components of the SAML specification are:

  1. Assertions – The two most commonly usedSAML assertions:
    • Authentication assertions are those in which the user has proven his identity.
    • Attribute assertions contain specific information about the user, such as an email and phone number.
  2. Protocol – This defines the way that SAML asks for and gets assertions, for example, using SOAP over HTTP.
  3. Binding – This details exactly how SAML message exchanges are mapped into SOAP exchanges.

The assertions are exchanged among sites and services using the protocol and binding, and those assertions are what authenticates users among sites.

Why is SAML Used? And how it is related to Cloud?

The Users authenticate to the enterprise, but resources are increasingly moving to the cloud. How do we allow users to securely access resources spread across multiple providers without spreading user credentials too?

Cloud_Security_Funny

The simple answer is, Of course, SSO. There are many ways to achieve single sign-on, and as organizations use an increasing number of cloud applications, support for various methods of single sign-on became too expensive and time consuming.  SAML 2.0, the newest version currently in use, borrows protocols and intellectual property from a number of the most secure frameworks to standardize SSO across all enterprise cloud applications.

It enables web-based authentication and authorization scenarios including cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. Which means we can configure all applications in an organization including Cloud and On-Premise apps with SAML to allow users to login seamlessly without punching login credentials multiple times.

A schematic diagram of SAML SSO for Cloud and Enterprise Applications:

SAML_CLoud_Enterprise_APP

What are the benefits of SAML?

SAML provides the following benefits with supporting multiple protocols can provide an enterprise-wide, architecturally sound Internet SSO solution.

  • Platform neutrality: SAML abstracts the security framework away from platform architectures and particular vendor implementations. Making security more independent of application logic is an important tenet of Service-Oriented Architecture.
  • Secured: Web applications with no passwords are virtually impossible to hack, as the user must authenticate against an enterprise-class IdM first, which can include strong authentication mechanisms. And also User passwords never cross the firewall, since user authentication occurs inside of the firewall and multiple Web application passwords are no longer required.
  • Built-in Gateway: “SP-initiated” SAML SSO provides access to Web apps for users outside of the firewall. If an outside user requests access to a Web application, the SP can automatically redirect the user to an authentication portal located at the Identity Provider. After authenticating, the user is granted access to the application, while their login and password remains locked safely inside the firewall.
  • Loose coupling of directories: SAML does not require user information to be maintained and synchronized between directories.
  • Improved online experience for end users: SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. In addition, identity federation (linking of multiple identities) with SAML allows for a better-customized user experience at each service while promoting privacy.
  • Reduced administrative costs for service providers: Using SAML to “reuse” a single act of authentication (such as logging in with a username and password) multiple times across multiple services can reduce the cost of maintaining account information. Centralized federation provides a single point of Web application access, control and auditing, which has security, risk and compliance benefits.
  • Risk transference: SAML can act to push responsibility for proper management of identities to the identity provider, which is more often compatible with its business model than that of a service provider

SAML usecase:

SAML developed three “use cases” to drive its requirements:

  • Single sign-on (SSO)
  • Authorization service
  • Back office transaction

The following process explains how a user logs into a hosted Service Provider application/resource through a partner-operated, SAML-based SSO service:

SAML_SSO_Sequence_Diagram

  1. A user first accesses a resource hosted by a web server (the Service Provider) that has SAML content protection enabled.
  2. The SP resource/application generates a SAML authentication request. The SAML request is encoded and embedded into the URL for the partner’s SSO service. The RelayState parameter containing the encoded URL of the SP application that the user is trying to reach is also embedded in the SSO URL. This RelayState parameter is meant to be an opaque identifier that is passed back without any modification or inspection.
  3. The SP application sends a redirect to the user’s browser. The redirect URL includes the encoded SAML authentication request that should be submitted to the Partner’s (IdP) SSO service.
  4. The Partner (IdP) decodes the SAML request and extracts the URL for both SP Application’s ACS (Assertion Consumer Service) and the user’s destination URL (RelayState parameter). The partner then authenticates the user. Partners could authenticate users by either asking for valid login credentials or by checking for valid session cookies.
  5. The partner generates a SAML response that contains the authenticated user’s username. In accordance with the SAML 2.0 specification, this response is digitally signed with the partner’s public and private DSA/RSA keys.
  6. The partner encodes the SAML response and the RelayState parameter and returns that information to the user’s browser. The partner provides a mechanism so that the browser can forward that information to SP Application’s ACS. For example, the partner could embed the SAML response and destination URL in a form and provide a button that the user can click to submit the form to SP resource.
  7. The SP Application’s ACS verifies the SAML response using the partner’s public key. If the response is successfully verified, ACS redirects the user to the destination URL.
  8. The user has been redirected to the destination URL and is logged in to SP Applications/resources.

Conclusion

SAML is the oldest federation protocol, has the widest adoption. It has have proven the viability of organizational federated identity. SAML is the paradigm of good SSO breeding. It has emerged as the go-to SSO protocol for business-to-business (B2B) applications and is an important tool in the enterprise security stack.

Thanks,
Shiva Molabanti

 

Tags: , , , , , , ,

A very helpful OBIEE Cache Purge/Seed utility – download it for free here!!!

We all know how to purge OBI Server Cache to see the reports with the most up-to date data from recent ETL. The most common job we do for this is “Cache Purge”. There are several ways to Purge OBI Server Cache: for e.g.: with ibots/Agents bursting, Dynamic repository variables or with our own nqcmd command. Either that, or it means we can script the process and run it periodically. However, to execute these commands in any automated process, you have to depend on another app/skillset and you need to be compromised at security to access OBIEE Server. Because some of the OBIEE command line statements can’t be executed external to the Server. To do this either you need be compromised at OS security level or you need to setup the sshpass (password-less login). But many organizations will not support this in ther Production environments due to various reasons of password sharing or bypassing limitations. And this has been a must have attempt in 90% of OBIEE implementations that we have seen till now (At least in my case).

So to address this issue, I am very excited to tell you guys that I have developed a simple handy tool. This is completely free for you for the benefit of OBIEE Community…. Using this, you can simply Purge or seed the OBIEE Server Cache remotely. Yes, you don’t need to login to OBIEE server or Application. You can simply do that from your own system. Only thing that you need is that you should be able to ping the OBIEE hostname/ipaddress on BI Server port (e.g: 9703). That’s it, you are done.

Instructions to Install:

  1. Pre requisite: Make sure you have Jdk 1.6+ installed in your system.
  2. I have created two versions of BICachePurge v1.0 utility for both Windows and LINUX/UNIX Operating Systems.
  3. You can just download the version of your choice for free from here

  4. Unzip the downloaded file into a directory of your choice.
  5. Now, navigate to the BICachePurge_v1.0 folder.
  6. In the BICachePurge_v1.0 root folder, Open the BIS_Param (BIS_Params.bat for WINDOWS and BIS_Params.sh for Linux/Unix) in a text editor.
  7. And now, edit the following variables to reflect the OBIEE server where you would like to purge the cache.
    1. BI_SERVER
    2. BIS_PORT
    3. BI_USER
    4. BI_PASWD
    5. OBI_QUERY

    Note: All the variables are mandatory and so make sure to setup all of them. And if you have any spaces in the values, then add that in quotes (). For eg. call SAPurgeAllCache() and DON’T FORGET TO SAVE.

    Sample BIS_Params.bat file configuration:


  8. Now you all set. To purge cache from your terminal:
    1. On windows: open a DOS command prompt and navigate to <install drive>/BICachePurge_V1.0 and execute Purge_Cache.bat command.
    2. On Linux/Unix: on command line, Go to <install drive>\BICachePurge_V1.0 and execute ./Purge_Cache.sh command.

    Sample output of Purge_Cache.bat command:


OK, Now how it helps to automate the Cache Purge/Seed process?

Hmm, you can use this code in different ways.

  1. You can purge the OBIEE Server cache from your own system without logging into OBIEE online RPD or Presentation Services.
  2. You can use this in crone job on server to do this on regular interval of time if you wish to.
  3. You can execute this from your own ETL servers (for e.g.: from DAC server to execute it as POST Task).
  4. And in many ways wherever you want to run without depending on OBIEE Server…

Enjoy guys!!!.. And feel free to give your feedback and do let me know if you have any issues in installing this.

Thanks,
Shiva Molabanti

 

Tags: , , , , , ,

New OBIEE Sample Application V406

Oracle has released a new OBIEE 11G Sample Application V406. it has everything you think of in OBIEE.. like HTML5, Java and ADF visulations and what not…?

Its available to download as a preconfigured VM image.. download a copy at http://www.oracle.com/technetwork/middleware/bi-foundation/obiee-samples-167534.html

Sample_App_V406_1

What is the fresh meat at a glance?

Sample_App_V406_2

 

Thanks,
Shiva

 

 

 

Tags: , , , , , ,

OBI Mobile App for Android devices available now

Whew.. The wait is over…Oracle released OBIEE Mobile app for Android devices. We can download it on Google Play @ https://play.google.com/store/apps/details?id=com.oracle.obi&hl=en.. Now no limits.. Take your data with you wherever you go.. enjoy.

Some screenshots:

OBIMobileapp_Android1

OBIMobileapp_Android2

OBIMobileapp_Android3

 

Thanks,
Shiva

 

Tags: , , , , , ,

OBI Mobile App Designer Installation

The Oracle BI Mobile App Designer complements BI Mobile HD and is packaged with BI Foundation Suite and the BI Mobile option to OBIEE at no additional cost.

Follow the below steps to install Oracle BI Mobile App Designer:

Prerequisites:

  • OBIEE 11.1.1.7.1 [If your version of Oracle BI EE is not 11.1.1.7.1, download Patch 16556157: OBIEE BUNDLE PATCH 11.1.1.7.1 from My Oracle Support].
  • To support Oracle BI Mobile App Designer with Oracle BI Web Catalog, Apply OBIEE 11.1.1.7.1 MLR Patch 17004920.
  • Download Oracle BI Mobile App Designer patch 17220944 from My Oracle Support.

Installation Steps:

Stop All OBIEE 11G services (Weblogic Admin Server, Managed Server and OPMN services)
Apply OBIEE 11.1.1.7.1 MLR Patch 17004920 using OPatch utility.
Apply OBI Mobile App designer Patch 17220944 using OPatch utility.
Deploy the OBI Mobile App Designer (MAD) manually using WebLogic configuration assistant as shown in below:
Open Command prompt window and Navigate to <MW_HOME>\Oracle_BI1\common\bin\

Run ‘config.bat’ to start the WebLogic configuration assistant tool.

On welcome screen, select ‘Extend an existing WebLogic domain ‘ and click Next.

Choose the domain to extend, for example: bifoundation_domain

Choose Extend my domain using an existing extension template and Set the Template Location to: <MW_HOME>/Oracle_BI1/common/templates/applications/oracle.bimad_template_11.1.1.jar

On Configuration summary, review the deployment details and click “Extend” button.

Upon successful configuration, you see the following screen. Click “Done” to close this window.

Great. This concludes the OBI MAD application deployment in our OBIEE 11G application. Now we need to update the Security Configurations for OBI MAD. This is mandatory step to use OBI MAD in OBIEE 11G presentation services.

Update Security Configuration for Oracle BI Mobile App Designer:

This is a Python script to update the OBIEE 11G domain (bifoundation_domain) system JAZN file (system-jazn-data.xml) with the security grants required for BI Mobile App Designer. This step is required only the first time you apply the patch.

Navigate to <MW_HOME>\Oracle_BI1\bifoundation\install and run the command: <MW_HOME>\Oracle_BI1\common\bin\wlst.cmd addMADCodeGrants.py t3://<hostname>:7001 <weblogic_Admin_Username>

For example: D:\MW\Oracle_BI1\common\bin\wlst.cmd addMADCodeGrants.py t3://shivapc:7001 weblogic

After successful execution, Start All OBIEE 11G services (Weblogic Admin, Managed servers and OPMN)

Once the services are started, Login OBIEE 11G analytics (http://hostname:9704/analytics)

Right after, you logged into OBIEE 11G, click the ‘New’ Menu. In this you will see a new application category called “Mobile Application” and you see the “Mobile App” module. Click on that to start design and developing the reports.

In next blog, I’ll explain how to develop the reports using this OBI MAD.

Thanks,
Shiva Molabanti

 

Tags: , , , , , , ,

OBI Mobile App designer – A direct app for Any Platform, Any Device, Any Screen Size

Oracle introduced another great application called “Oracle BI Mobile App Designer (MAD)” in Release 11.1.1.7.1 of Oracle Business Intelligence Enterprise Edition (Oracle BI EE). The Oracle BI Mobile App Designer (MAD) is a new design tool for business users easily to create stunning and interactive analytical applications for use on any major mobile device. With Oracle BI Mobile, businesses have been able to deploy full interactive dashboards with zero additional development using Oracle BI Mobile HD on iOS devices only, and now can create purpose-built mobile analytic applications for any smartphones and tablets with drag-and-drop simplicity using Oracle BI Mobile App Designer. BI Mobile App Designer complements BI Mobile HD and is packaged with BI Foundation Suite and the BI Mobile option to OBIEE.

OBI MAD Highlights:

  • Mobile-first Business Apps – BI Mobile App Designer is the ideal solution for users that want targeted, business-specific mobile apps that are easy and fast to build, require no programming expertise, and can be delivered to users across all the major mobile platforms and devices. Apps are built with support for touch and gestural interactions built in.
  • Intuitive App Design Interface – BI Mobile App Designer has a simple drag-and-drop interface that allows business users to select their data visualizations—including tables, charts, navigation panels, repeating grids, images, text narrative, etc.—and then drop these elements onto a palette to create mobile apps within minutes. Third-party plug-ins like Google Maps, Sunburst visualizer, etc., can be incorporated and used in a similar manner. A preview function allows users to preview their apps within a computer’s browser, or on a mobile device by scanning a QR code – without requiring any installation or configuration.
  • Portable Device, Platform, Screen-size Design – BI Mobile App Designer is certified to support iOS, Android, and Windows Mobile smartphones and tablets. Since it supports HTML5, most mobile browsers can run BI Mobile App Designer apps; it requires no plug-in, no installation, and no download from a third-party app store.
  • Enterprise Integration – Oracle BI Mobile App Designer is a part of and fully integrated with the Oracle BI Foundation. Users can create mobile apps with enterprise data from the BI Semantic layer (RPD), with data from BI Publisher data models, or even Excel data files, with seamless support for and the benefits of role-based data-level security that the Oracle BI Foundation suite provides

A sample Mobile app designer screen:

The result in iPad:

How to get this?

  • BI Mobile App Designer is available now as a patch to Oracle Business Intelligence Suite Enterprise Edition, version 11.1.1.7.1. [patch number 17220944 at support.oracle.com]
  • BI Mobile App Designer is licensed at no extra charge with Oracle BI Foundation Suite and Oracle BI Mobile.

I’ll keep you guys posted about my experiences with OBI MAD. Stay tuned…

 

Thanks,
Shiva

 

Tags: , , , ,