Hyperion & stuff

Stuff about Hyperion and stuff

Monthly Archives: June 2011

OBIEE 10g – Workspace Integration (update)

I finally got the OBIEE – Workspace integration to work on OAS.  Amazing, right?  I still following the same steps from the OBIEE “New Features” doc.  The only differences this time are:

  • Hyperion Workspace, Hyperion Shared Services and OBIEE exist on separate servers.  This is to be our new production environment.
  • When registering EPM Workspace from OBIEE Administration, I copied the reg.properties file from the existing Workspace installation.  So I did “Copy File” instead of “Generate File“.
The last missing piece is the Essbase security pass-through.  Using “:USER” and “:PASSWORD” in the Essbase connection pool in the RPD will not work.  So I had to hardcode these information in the mean time.  The good news (maybe) is there seems to be a patch to address this issue.  Basically, in addition to USER, GROUP and DISPLAYNAME session variables, there will be a new variable called SSO_TOKEN or something.  This new variable can be used in the RPD to enable passthrough.
I’m keeping my fingers crossed on this one since this will save me a great deal of headache.

Oracle WebLogic and Hyperion Shared Services

While looking for a way to integrate HSS, I also explored integrating HSS users with Oracle WebLogic (that came with OBIEE 11g).  Turned out that the integration must be done on the RPD level, but there’s no harm of blogging about it.  Maybe it’ll even be useful someday.  Anyhow, I managed to get BOTH the USERS and GROUPS into WebLogic from HSS.  As in the RPD, the integration needs to be done through the OpenLDAP component.

Here’s how I did it

  1. From the console, http://server:7001/console/, select Security Realms from Home Page.
  2. Select myrealm
  3. Create a new Authentication Provider, specify a Name (anything) and select OpenLDAPAuthenticator as the Type.  Click OK to Save.
  4. Now select the new Authentication Provider.
  5. Select the Provider Specific tab and specify the following
  6. Host: server where HSS is installed.
  7. Port: the default HSS port is 28089 for HSS
  8. Principal: this is the Base DN.  Set it to cn=root,dc=css,dc=hyperion,dc=com
  9. Credential: the default password is security
  10. User Base DN: ou=People,dc=css,dc=hyperion,dc=com
  11. User From Name Filter: (&(cssDisplayNameDefault=%u)(objectclass=cssInetOrgPersonExtend))
  12. User Search Scope: select onelevel
  13. User Name Attribute: cssDisplayNameDefault
  14. User Object Class: cssInetOrgPersonExtend
  15. Group Base DN: ou=Groups,dc=css,dc=hyperion,dc=com
  16. Group From Name Filter: (&(cssDisplayNameDefault=%g)(objectclass=groupOfUniqueNames))
  17. Group Search Scope: select onelevel
  18. Static Group Name Attribute: cssDisplayNameDefault
  19. Static Group Object Class: groupOfUniqueNames
  20. Static Member DN Attribute: uniqueMember
  21. Static Group DNs from Member DN Filter: (&(uniqueMember=%M)(objectclass=groupOfUniqueNames))
  22. Restart everything.  Now go back to myrealm and click Users and Groups.  If done correctly, they should all show up.

Thanks to JExplore (LDAP explorer).  I couldn’t have figured out nothin’ without it.  Peace.

Integration (sort-of) of OBIEE and Hyperion Shared Services

Since we’re doing a major upgrade on the whole Hyperion hardware, I was exploring to upgrade our current OBIEE 10 to 11.  However, I can’t seem to find any docs on how to integrate OBIEE 11g with our Hyperion Shared Services  Apparently only Hyperion 11.1.2.x is supported in this version of OBIEE.  So, I had to find a workaround to get all the HSS users to authenticate with OBIEE.  Since all of our users and groups are native users, it was possible to connect OBIEE directly with HSS OpenLDAP.  I got this solution PARTIALLY working (I’m so happy about it).  I managed to bring in all the HSS users AND authenticate OBIEE with HSS.  The sad thing is there’s a lot more customizations to be done to bring in all the groups.  So, I decided to scrap OBIEE 11 and went back to 10.

Here’s how I did it

  1. From OBIEE Administration, open the RPD, select Manage->Identity from the Menu and add a new LDAP server.
  2. Specify the Name of the server (anything you want).
  3. Specify the Host Name where HSS is installed.
  4. The default port number of HSS is 28089
  5. Base DN is path to tree where users are under.  Base DN is ou=People,dc=css,dc=hyperion,dc=com
  6. Bind DN is how we connect to OpenLDAP.  Bind DN is cn=root,dc=css,dc=hyperion,dc=com
  7. The default Bind password is security
  8. Switch to the General tab and change User Name attribute type to cssDisplayNameDefault.  The Automatically generated text box needs to be unchecked.
  9. Click Test Connection to verify the OpenLDAP connection.
  10. Now create a new initialization variable for the LDAP server.  Select Manage->Variables from menu.
  11. Specify the name of the new Initialization block.
  12. Click Edit Data Source, select LDAP as Data Source Type and select the new LDAP server created above.  Click OK.
  13. Click Edit Data Target and add a new variable called USER.  There will be a warning and stuff, but just continue.
  14. Once created, modify the Mapped Variable to cssDisplayNameDefault.  Click OK to save.
  15. Now we can test the connectivity.  Click Edit Data Source.  Now the Test button should be enabled.  Click it.
  16. Enter any valid HSS user and password.  Click OK.  If everything is good, it should return with Results with Variable = cssDisplayNameDefault and Value = the specified username.  Click Close.
  17. Restart everything and HSS users should authenticate against OBIEE (I hope).