13-10 Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer Note : If you deploy Discoverer Plus over HTTPS, end users must use an HTTPS URL. If they use an HTTP URL, Discoverer does not start for more information about troubleshooting HTTPS problems, see Section E.8, Discoverer Plus reports RMI error . 13.6.3.2 How to display Communications Protocols on the Discoverer Plus Configuration page in Fusion Middleware Control You use the Discoverer Plus Configuration page in Fusion Middleware Control to specify a Discoverer Plus communication protocol. For example, if you want to encrypt Discoverer Plus data, you might want to configure Discoverer Plus to use the HTTPS communication protocol. To display the Discoverer Plus communication protocols in Fusion Middleware Control: 1. Display the Fusion Middleware Control Discoverer Home page for more information, see Section 4.1.3, How to display the Fusion Middleware Control Discoverer Home page and Discoverer component Home pages .

2. Select Discoverer Plus in the Components area to display the Fusion Middleware

Control Discoverer Plus Home page. Maintaining Security with Oracle BI Discoverer 13-11

3. Click Configure to display the Discoverer Plus Configuration page.

13.6.3.3 How to set up Discoverer Plus to use the Default communication protocol

To set up Discoverer Plus to use the Default communication protocol:

1. Display Fusion Middleware Control and navigate to the Discoverer Plus

Communication Protocols area in the Discoverer Plus Configuration page for more information, see Section 13.6.3.2, How to display Communications Protocols on the Discoverer Plus Configuration page in Fusion Middleware Control .

2. Select the Default option from the Communication Protocols options.

3. Click Apply to save the details.

4. Give Discoverer Plus users the URL of the Discoverer servlet:

For example, http:host.domain:80discovererplus The Discoverer Plus applet attempts to use JRMP. If JRMP is not available, the Discoverer Plus applet uses HTTP or HTTPS depending on the URL to communicate with the Discoverer servlet. 13-12 Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer Note: This option works regardless of whether the applet is running inside or outside a firewall. However, it is slower outside the firewall because JRMP is tried first. For more information about the other options on this page, refer to Section 13.6.3.1, About specifying a Discoverer Plus communication protocol .

13.6.3.4 How to set up Discoverer Plus to use the Tunneling communication protocol

You use the Tunneling option when you want to run Discoverer Plus over HTTP. To set up Discoverer Plus to use the Tunneling communication protocol: 1. Display Fusion Middleware Control and navigate to the Discoverer Plus Communication Protocols area in the Discoverer Plus Configuration page for more information, see Section 13.6.3.2, How to display Communications Protocols on the Discoverer Plus Configuration page in Fusion Middleware Control .

2. Choose the Tunneling option from the Communication Protocols options.

3. Click Apply to save the details. 4. optional If you are using a firewall, open the appropriate port in the firewall to accept HTTP or HTTPS traffic as appropriate. 5. Give Discoverer Plus users the URL of the Discoverer servlet: For example, http:host.domain:80discovererplus The Discoverer Plus applet uses the same protocol to communicate with the Discoverer servlet as was originally used to download the applet itself that is, either HTTP or HTTPS. This option works regardless of whether a firewall is being used.

13.6.3.5 How to set up Discoverer Plus to use the Secure Tunneling communication protocol

You use the Secure Tunneling option when you want to run Discoverer Plus over HTTPS. To set up Discoverer Plus to use the Secure Tunneling communication protocol: 1. Display Fusion Middleware Control and navigate to the Oracle BI Discoverer Plus Communication Protocols area in the Discoverer Plus Configuration page for more information, see Section 13.6.3.2, How to display Communications Protocols on the Discoverer Plus Configuration page in Fusion Middleware Control .

2. Choose the Secure Tunneling option from the Communication Protocols options.

3. Click Apply to save the details. 4. optional If you are using a firewall, open the appropriate port in the firewall to accept HTTP or HTTPS traffic as appropriate. 5. Give Discoverer Plus users the URL of the Discoverer servlet: For example, https:host.domain:4443discovererplus The Discoverer Plus applet uses the HTTPS protocol to communicate with the Discoverer servlet. When a Discoverer end user starts Discoverer Plus for the first time on a client machine, they are prompted to confirm that they want to accept a default security certificate. Before selecting the Yes option on the Security Alert dialog, the Discoverer end user must install a Discoverer Plus security certificate on the client machine for Maintaining Security with Oracle BI Discoverer 13-13 more information, see Section 2.5.1, How to install a security certificate on a Discoverer Plus client machine .

13.7 Configuring End-to-End Secure Sockets Layer for Discoverer

If you have Oracle HTTP Server and Oracle Web Cache front-ending the Oracle WebLogic Server that hosts Oracle BI Discoverer, then to enable end-to-end Secure Sockets Layer SSL you must perform these steps: 1. Enable SSL for OracleAS Single Sign-On. For more information, see Enabling SSL for the Single Sign-on Server . 2. Enable SSL for the Oracle Web Cache end points. To enable inbound and outbound SSL for Web Cache, follow the procedures described in the section Enabling SSL for Oracle Web Cache Endpoints in Oracle Fusion Middleware Administrators Guide. 3. Enable SSL for the Oracle HTTP Server virtual hosts. To enable inbound and outbound SSL for Oracle HTTP Server virtual hosts, follow the procedures described in the section Enabling SSL for Oracle HTTP Server Virtual Hosts in Oracle Fusion Middleware Administrators Guide. 4. If OracleAS Single Sign-On is enabled, modify the virtual host configuration. For more information, see Modifying the Virtual Host Configuration . 5. Re-register the partner applications with the SSO server as described in the section Re-registering mod_osso . 6. Enable the WebLogic Plug-in parameter. For more information, see Enabling WebLogic Plug-In . Enabling SSL for the Single Sign-on Server To manually configure SSL, refer to the information on enabling SSL in the Oracle Application Server Single Sign-On Administrators Guide. If you are going to configure OracleAS Single Sign-On behind a reverse proxy server, you should refer to the information on deploying OracleAS Single Sign-On with a proxy server, in the Oracle Application Server Single Sign-On Administrators Guide at: http:download.oracle.comdocscdB28196_ 01idmanage.1014b15988toc.htm Modifying the Virtual Host Configuration If you are using SSL connections, then add the ServerName entry in the ssl.conf file of the Oracle HTTP Server virtual host and specify the Oracle Web Cache listening port as follows: 1. Open the Oracle HTTP Server home page in the Oracle Enterprise Manager 11g Fusion Middleware Control, select Administration, and then Advanced Configuration . Note: As the OracleAS Single Sign-On middle-tier partner application is still non-SSL, you must re-register it as non-SSL. Therefore, the re-registration of mod_osso needs to specify the non-SSL URL of the OracleAS Single Sign-On middle tier for the mod_ osso_url parameter to ssoreg. Refer to the information on registering mod_osso in the Oracle Application Server Single Sign-On Administrators Guide.