This post shows you how to integrate Oracle® Discoverer 11g with the single sign-on (SSO) solution delivered by Oracle Access Manager (OAM) 11g. It helps anyone who is looking for a one-stop login solution across different applications.
Oracle Discoverer certification matrix
Oracle Discoverer 11.1.1.7.0 is certified with Oracle Access Manager 11.1.2.0.0 on Linux® x86-64 Oracle Linux 5 Update Level 3+.
Oracle E-Business Suite 12.1.1 is certified with Oracle Discoverer 11.1.1.7.0 on Linux x86-64 RedHat® Enterprise Linux 5 Update Level 5+.
The following diagram shows the OAM operational flow:

Configure SSO for Discoverer
If you are planning to configure SSO for both Oracle E-Business Suite (EBS) and Oracle Business Intelligence (BI) Discoverer, you need to configure SSO for the Oracle EBS first. Oracle Access Manager, the preferred solution, forms the basis of Oracle Fusion Middleware 11g.
The following steps are explained in more detail in the following sections:
- Register the Oracle Single Sign-On (OSSO) agent (mod_osso) with OAM 11g.
- Update authentication and authorization policies.
- Copy the generated
osso.conf
file from $DOMAIN_HOME/output/to $ORACLE_INSTANCE/config/ / . - Enable SSO connections.
- Validate the configuration.
Registration
Use the following steps to register an OSSO agent (mod_sso):
-
Log in to the oamconsole and click Setup.
-
Under the Agents section, click the “+” with the dropdown symbol as shown in the following images:
- Click Oracle OSSO Agent, which takes you to the following screen:

-
Enter the following Name and Base URL and select Token Version v1.4:
Name: OSSO_11G_DEVDISCO Base URL: https://<discoverer_server>:8090 (Dev Disco url) </li> <li> Click <b>Apply</b>. </li> <li> Verify the <b>SSO_Agent</b> by going to the Launch Pad, clicking the <b>Agents</b> icon, and searching for SSO agents as shown in the following images: </li>



Update policies
Use the following steps to update authentication and authorization policies:
-
Go to Access Manager > Application Domains > Search for OSSO_DISCO > Authentication Policies > Protected Resource Policy and click Protected Resource Policy as shown in the following images:
- Change the Authentication scheme to EBSAuthScheme and click Apply as shown in the following image:

Copy the osso.conf file
When you register the OSSO agent, the system creates osso.conf
in
$DOMAIN_HOME/output/, as shown in the following image:

Log in to your Discoverer server and check the file information as shown in the following example:
[appdb@<disco_server> ~]$ cd $ORACLE_INSTANCE/config/OHS/ohs1/disabled/
[appdb@<discoverer_server> disabled]$ grep osso.conf mod_osso.conf
#Point to proper osso.conf file.
# OssoConfigFile "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/osso.conf"
[appdb@<discoverer_server> disabled]$
Make a new directory as shown in the following example:
mkdir $ORACLE_INSTANCE/config/OHS/ohs1/osso
cd $ORACLE_INSTANCE/config/OHS/ohs1/osso
Run the following commands on the OAM server to copy osso.conf
from the OAM
server as shown in the following example:
cd $MW_HOME/oam/user_projects/domains/OAMDomain/output/OSSO_11G_DEVDISCO
scp osso.conf appdb@<discoverer_server>.corp.zynga.com: /u01/app/appdb/Disco11g/MW/asinst_1/config/OHS/ohs1/osso/
Configure protected resources and back up mod_osso.conf
as shown in the
following sample:
[appdb@<discoverer_server> moduleconf]$ cp $ORACLE_INSTANCE/config/OHS/ohs1/disabled/mod_osso.conf $ORACLE_INSTANCE/config/OHS/ohs1/moduleconf/
[appdb@<discoverer_server> moduleconf]$ cd $ORACLE_INSTANCE/config/OHS/ohs1/moduleconf/
[appdb@<discoverer_server> moduleconf]$ cp mod_osso.conf mod_osso.conf_Orginal
[appdb@<discoverer_server> moduleconf]$
Edit and save mod_osso.conf
by adding the following lines to the file:
LoadModule osso_module "${ORACLE_HOME}/ohs/modules/mod_osso.so"
<IfModule osso_module>
OssoIpCheck off
OssoIdleTimeout off
OssoHttpOnly off
OssoSecureCookies off
OssoConfigFile
/<$MW_HOME>/asinst_1/config/OHS/ohs1/osso/osso.conf
<Location /discoverer/plus>
require valid-user
AuthType Osso
</Location>
<Location /discoverer/viewer>
require valid-user
AuthType Osso
</Location>
<Location /discoverer/app>
require valid-user
AuthType Osso
</Location>
</IfModule>
Enable SSO connections
Enable SSO connections by editing configuration.xml
to set the connection
parameter from enableAppsSSOConnection="false"
to enableAppsSSOConnection="true"
.
Find configuration.xml
in
/<$MW_HOME>/user_projects/domains/ClassicDomain/config/fmwconfig/servers/WLS_DISCO/applications/discoverer_11.1.1.2.0/configuration
.
Backup the file and check the values as shown in the following example:
[appdb@<discoverer_server> configuration]$ cp configuration.xml configuration.xml_Orginal_BKP
[appdb@<discoverer_server> configuration]$
[appdb@<discoverer_server> configuration]$ grep enableAppsSSOConnection configuration.xml
userDefinedConnections="true" laf="dc_blaf" switchWorksheetBehavior="prompt" defaultLocale="en" disableBrowserCaching="false" enableAppsSSOConnection="true" propagateGUIDtoVPD="false" pageNavigation="true">
[appdb@<discoverer_server> configuration]$
Restart the Oracle HTTP server by running the following commands, which are in
ORACLE_INSTANCE\bin
:
opmnctl stopall
opmnctl startall
Note: The EBS instance must be SSO enabled and configured with same OAM instance.
Validation
Validate the SSO configuration by accessing the following launchers:
Discoverer viewer launcher
Discoverer launcher
Browse to the URL, enter your SSO login, and click Login as shown in the following image:

Fill in the details as shown in the following image:

Click Continue and the system populates your user name automatically as shown in the following images:





Conclusion
This post described how to implement an SSO solution for Discoverer.
Key benefits of implementing SSO in Discoverer are that it helps eliminates the time spent re-entering user credentials and improves productivity for users, increasing conversion rates for product owners. Internal and external users don’t have to go through the hassle of maintaining and remembering yet another set of credentials.
SSO reduces the issues related to password management and brings down the costs associated with setting up several help desk systems for password-reset issues, invalid credentials, and so on.
Learn more about our Rackspace Application Services.
Use the Feedback tab to make any comments or ask questions.