Maintaining Security with Oracle BI Discoverer 13-13 more information, see Section 2.5.1, How to install a security certificate on a Discoverer Plus client machine .

13.7 Configuring End-to-End Secure Sockets Layer for Discoverer

If you have Oracle HTTP Server and Oracle Web Cache front-ending the Oracle WebLogic Server that hosts Oracle BI Discoverer, then to enable end-to-end Secure Sockets Layer SSL you must perform these steps: 1. Enable SSL for OracleAS Single Sign-On. For more information, see Enabling SSL for the Single Sign-on Server . 2. Enable SSL for the Oracle Web Cache end points. To enable inbound and outbound SSL for Web Cache, follow the procedures described in the section Enabling SSL for Oracle Web Cache Endpoints in Oracle Fusion Middleware Administrators Guide. 3. Enable SSL for the Oracle HTTP Server virtual hosts. To enable inbound and outbound SSL for Oracle HTTP Server virtual hosts, follow the procedures described in the section Enabling SSL for Oracle HTTP Server Virtual Hosts in Oracle Fusion Middleware Administrators Guide. 4. If OracleAS Single Sign-On is enabled, modify the virtual host configuration. For more information, see Modifying the Virtual Host Configuration . 5. Re-register the partner applications with the SSO server as described in the section Re-registering mod_osso . 6. Enable the WebLogic Plug-in parameter. For more information, see Enabling WebLogic Plug-In . Enabling SSL for the Single Sign-on Server To manually configure SSL, refer to the information on enabling SSL in the Oracle Application Server Single Sign-On Administrators Guide. If you are going to configure OracleAS Single Sign-On behind a reverse proxy server, you should refer to the information on deploying OracleAS Single Sign-On with a proxy server, in the Oracle Application Server Single Sign-On Administrators Guide at: http:download.oracle.comdocscdB28196_ 01idmanage.1014b15988toc.htm Modifying the Virtual Host Configuration If you are using SSL connections, then add the ServerName entry in the ssl.conf file of the Oracle HTTP Server virtual host and specify the Oracle Web Cache listening port as follows: 1. Open the Oracle HTTP Server home page in the Oracle Enterprise Manager 11g Fusion Middleware Control, select Administration, and then Advanced Configuration . Note: As the OracleAS Single Sign-On middle-tier partner application is still non-SSL, you must re-register it as non-SSL. Therefore, the re-registration of mod_osso needs to specify the non-SSL URL of the OracleAS Single Sign-On middle tier for the mod_ osso_url parameter to ssoreg. Refer to the information on registering mod_osso in the Oracle Application Server Single Sign-On Administrators Guide. 13-14 Oracle Fusion Middleware Configuration Guide for Oracle Business Intelligence Discoverer

2. Select the ssl.conf file, add the ServerName entry for the virtual host and specify

the Oracle Web Cache SSL listening port as shown in the following example: VirtualHost :OHS_listening_port UseCanonicalName On ServerName https:www.abc.com:8094 IfModule ossl_module SSLEngine on SSLVerifyClient None SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SH A,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_C BC_SHA SSLCRLCheck Off SSLWallet wallet_location Ensure that wallet_location specifies the full path of the custom wallet as shown in the following example: SSLWallet ORACLE_INSTANCEconfigOHSohs1keystoresdefault Re-registering mod_osso If you have enabled Oracle Single Sign-On authentication that is, if you have registered mod_osso, follow these steps to re-register mod_osso: 1. On the OracleAS Single Sign-On host, set the environment variables ORACLE_ HOME and ORACLE_SID. 2. On the OracleAS Single Sign-On host, run the ssoreg script, using the -remote_ midtier option. The script is located at: UNIX ORACLE_HOMEssobinssoreg.sh WindowsORACLE_HOME\sso\bin\ssoreg.bat For example, on LINUX: ORACLE_HOMEssobinssoreg.sh -site_name www.abc.com -config_mod_osso TRUE -mod_osso_url https:www.abc.com:8094 -update_mode MODIFY -remote_midtier -config_file ORACLE_INSTANCEconfigOHSohs1osso.conf -admin_info cn=orcladmin 3. Copy the osso.conf file to the Oracle HTTP Server instance where you have configured the virtual host for the web cache ssl port ORACLE_ INSTANCE configOHSohs1osso.conf. 4. Restart the Oracle HTTP Server using the following commands: ORACLE_HOME binopmnctl stopall ORACLE_HOME binopmnctl startall Enabling WebLogic Plug-In For SSL-enabled Discoverer, you must enable the WebLogic Plug-In Enabled option for the Oracle WebLogic Server Administration Server and the Managed Server WLS_DISCO. For more information about configuring the WebLogic Plug-In Enabled option through the Oracle WebLogic Server Administration Console, see the Maintaining Security with Oracle BI Discoverer 13-15 section Servers: Configuration: General in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help at: http:download.oracle.comdocscdE14571_ 01apirefs.1111e13952coreindex.html .

13.8 Using Discoverer with Oracle Identity Management Infrastructure