SSO Integration with J2EE application deployed on 11g WebLogic Server(Part 2)

In the previous post, we went through the structure of the integration and the procedure of installing oracle web tier. Now we are going to review the configuration of SSO Integration with J2EE application.


       I assume you have deployed your J2EE applicaiton onto webLogic server and it could be reached by the link:

       (Suppose your J2EE application is deployed on to Admin Server, by default the port number is 7001.)


       Note: Port number would be vary if you deploy J2EE application on to managed server. For more information about this, you should check the following posts:

        Deploy application to Managed Server on 11g WebLogic Server (Part 1)

        Deploy application to Managed Server on 11g WebLogic Server (Part 2)


     The following solution is basically a summary from oracle document: (If you would like a more detailed explanation of what and why)

     For how to install oracle web tier, check previous post:

     SSO Integration with J2EE application deployed on 11g WebLogic Server(Part 1)


        J2EE Application Code Change

          The idea is to enable the fuctionality of enabling OID users login into your J2EE application directly.

        Set up mod_osso

          Find the mod_wl_ohs.conf. This file should reside under the following directory:


          The following code snippet comes from mod_wl_ohs.conf file.


          Modify the line marked in red. Uncomment the line starting with “MatchExpression…” to below 


Restart ohs1 after editing:

cd /Oracle_WT1/opmn/bin

opmnctl stopall

opmnctl startall

       Registering Oracle HTTP Server mod_osso with OSSO Server 10.1.4      

The mod_osso module is an Oracle HTTP Server module that provides authentication to OracleAS applications. This module resides on the Oracle HTTP Server that enables applications protected by OracleAS Single Sign-On to accept HTTP headers in lieu of a user name and password once the user has logged into the OracleAS Single Sign-On server. The values for these headers are stored in a mod_osso cookie. The mod_osso module enables single sign-on for Oracle HTTP Server by examining incoming requests and determining whether the requested resource is protected. If it is, then it retrieves the Oracle HTTP Server cookie. Under certain circumstances, you must register Oracle HTTP Server mod_osso using the 10.1.4 Oracle Identity Manager single sign-on registration tool .

To register mod_osso:

   Go to the following 10.1.4 Oracle Identity Manager directory path: (This could be your OSSO server)


  Run ssoreg with the following parameters and values for your environment:

             ./ -oracle_home_path $ORACLE_HOME -config_mod_osso TRUE -site_name <host_name>:7777 -remote_midtier -config_file $ORACLE_HOME/osso.conf -mod_osso_url http://<host_name>:7777

      (Note: the osso.conf would be generated under specified directory: $ORACLE_HOME/osso.conf)

  Ftp osso.conf file from the directory above to the application server where web tier is installed.

              Put osso.conf under directory: (Note: create directory osso if it does not exist)


 Copy mod_osso.conf from disabled directory to the moduleconf directory for editing.

              From directory:


             To directory:


      The orignial mod_osso.conf file should look like :


      Modify the red line and add the corresponding code into this file. It should look like :


Note: Httpd.conf for Oracle http server 11g is not in need for further modification, for it has already included the following:


Restart ohs1 after editing:

cd /Oracle_WT1/opmn/bin

opmnctl stopall

opmnctl startall

         To be Continued with:

                SSO Integration with J2EE application deployed on 11g WebLogic Server(Part 3)


SSO Integration with J2EE application deployed on 11g WebLogic Server(Part 1)

Previously, we talked about how to deploy our J2EE web application on to oracle 11g weblogic server. With the upcoming need of SSO integration, our goal becomes to enable SSO functionality on weblogic server and secure our application access by going through portal page and then getting user authentication through LDAP server with the OID repository.

I have successfully implemented the solution on SSO integration within Oracle 10g Applicaiton Server(OAS). The idea is quite simliar since we are still using 10g portal page. However, oracle 11g enterprise edition has replaced the OAS with weblogic server which introduces quite a few changes for the SSO integration on weblogic server. I would break into a few posts on elaborating this idea. If you are not familar with SSO(Single Sign On) with oracle 10g OAS, please refer to the following link to get a basic understanding of what and why: (The following link shows a basic work-though of 10g SSO. Our new approach would inherit a lot of similar ideas from the old approach.It would be easier to understand this current post if you have the history knowledge)

Now I assume if you have already knew a few concepts of mod_osso, OID registration,httpd.conf file. Then let us firstly start with reviewing application architecture with the SSO integration. 

The architure of the whole process looks like below.


Now our application is deployed on weblogic server. So right now besides the installation of Business Intelligence SUITE, we also need to install Oracle Web Tier.


  •       Oracle Buisiness intelligence 11g is installed
  •       OR Oracle Web Logic Server is installed

Note: If you have only installed oracle web logic server, be sure to enable JRF manually as below. Oracle Web Tier installation requires Oracle WSM Policy Manager and JRF(Java Required Files) and they do not display by default in the Oracle Fusion  Middleware Configuration Wizard. You must enable the display of these products. To accomplish this, pass the following JVM property to the script:


To pass this property to the script, set the CONFIG_JVM_ARGS environment variable to -DTemplateCatalog.enable.selectable.all=true. The script takes this property when you start the Oracle Fusion Middleware Configuration Wizard using./ .

cd /wlserver_10.3/common/bin

 ./ -DTemplateCatalog.enable.selectable.all=true


Download oracle web tier package and unzip the file. You should find Disk1 within the unziped file folder. Go under Disk1 and run ./runInstaller

Click and Next and then skip the software updates and then continue to check the prerequisite(Keep the default options)

Oracle web tier would be installed under fushion middleware home. So you should make sure you enter the correct FM home.

Uncheck the box to proceed.

It is not neccessary to install web cache if you don’t need to do performance tuning. That is optional.

Enter your domain settings as below:

It will dynamically load the instance home and you just proceed.

Skip the below step if you didn’t install web cache.

Choose Auto Port Configuration.

Check if everything looks right and then install the software.

Wait until it gets successfully finished.

Once web tier has been installed. You could check the status on em to see if it keeps up and running.

 To be continued to :

SSO Integration with J2EE application deployed on 11g WebLogic Server(Part 2)

Change Context Root for xmlpserver on 11g BI Publisher

I have been researching on how to change the context root for xmlpserver on 11g BI Publisher. Since our application could not use xmlpserver as the context root extension, I would love to come up an approach with the deployment of the same application but with a new context root. This topic is an open question. I have worked out one solution explained in the current article. But I still have not figured out the best approach for the question. Let me know if anyone has any idea for the questions I asked in the article.

As far as I have touched this topic, I tried changing the context root on the fly by modifying the xmlpserver deployment configuration as below:

Login to Application console, and click on the Deployments. You should be able see a list of deployments on the weblogic server. Find the one with name bipublisher, expand the deployment, there is a web application named xmlpserver. Click on that, it will navigate to the settings page of xmlpserver showed in the picture below: (Click on Configuration Tab and navigate to the bottom)


This Context Root is editable and was previously set to be xmlpserver. So I changed it to newContextRoot and save the configuration. However the settings didn’t get picked up during the server restart and it was not working.

I would expect to access http://domain-name:9704/newContextRoot  instead of http://domain-name:9704/xmlpserver

  Anyone knows why this straightforward approach is not functioning as expected?

My working approach:

Here is what I do for the rest of the steps. I will firstly undeploy the current bipublisher application in enterprise manager and then duplicate a copy of existing xmlpserver.ear with the new name btmreport.ear. Later I modified a few files in btmreport.ear and deploy btmreport.ear with the same name bipublisher under the same target. (This involves a few tricks I found out during the trials and errors. I would explain them in the corresponding steps)

 Step 1. Undeploy the current bipublisher application.

 Access enterprise manger as below. By default you could access the link: http://Domain-Name:7001/em

Now on the navigation panel find bipublisher and click on Undeploy as below.

Continue the undeployment.

If you run into the same error with me as below, it means the configuration of bifoundation has been locked and you need to go to applicaiton console to release the configuration.

How to release the configuration? Simple! Go to application console. By default you access the link: http://Domain-Name:7001/console

Once login, you should be able to see that there are changes that need to be taken actions in order to unlock the configure on bifoundation domain. I have been trying out other deployments on console. So I just wanted to undo the changes to release the configuration.

After this change,  I could proceed on undeploying the application back to enterprise manager.

Now we would need to duplicate a copy from xmlpserver.ear with the name btmreport.ear. And modify two files within the ear file.

xmlpserver.ear location: <BI_middleware_home>/Oracle_BI1/bifoundation/jee/xmlpserver.ear

Now duplicate another ear under the same location: <BI_middleware_home>/Oracle_BI1/bifoundation/jee/btmreport.ear

There are two files to be modified in btmreport.ear:

   (MODIFY 1)btmreport.ear\META-INF\application.xml

 Change From Change To
<display-name>xmlpserver</display-name>  <display-name>btmreport</display-name> 
<context-root>xmlpserver</context-root> <context-root>btmreport</context-root>

  (MODIFY 2)btmreport.ear\xmlpserver.war\WEB-INF\weblogic.xml

 Change From Change To
<cookie-path>/xmlpserver</cookie-path> <cookie-path>/btmreport</cookie-path>
<context-root>xmlpserver</context-root> <context-root>btmreport</context-root>

The reason for changes of these two files could be related to the oracle document : Read More on Web Applications from Oracle Doc

Step 2 Deploy the application under the same name bipublisher. Go to enterprise manager and deploy the application as below:

Input the location of the btmreport.ear. (This could be found in the previous step)

Deploy the application under the same target bi_cluster -> bi_server1

 Now we come to the deployment page.

The trick here is to put the name as bipublisher. That is why we have to undeploy bipublisher application firstly. Since it will not allow the same application name being created twice. And the consequence of not using bipulisher as the application deployment name is that you would not be able to have a complete xmlpserver login page(It showed as a blank blue page). I would assume in the BIP software, it is hardcoded somewhere to use bipulisher as the name.

Wait until the deployment finishes successfully, and then validate the new context root(In our case, it should be btmreport)

In order to validate the link, we could go back to application console and take a look at the new deployment details:

Go under the configuration of the deployment btmreport and go to testing to view all the links:

(By default the xmlpserver port should be 9704. In my envrionment, I set it to 9500)

Anyone knows how to keep xmlpserver undeployed but deploy a new btmreport application under bipublisher?

[OBIEE Solution]Deployment of OBIEE 11G BI Publisher reports

Before we start discussing about the method on deploying OBIEE 11G BIP reports. Let us firstly look back to the 10g deployment of BIP reports. For example, we have two servers A and B. And we are trying to deploy the “BIPreports” under the xmlpserver repository on Server A to Server B.

Usually on 10g BIP, the default location of xmlpserver respository looks like below:


So basically for a full deployment of the example we mentioned above. We could simply copy the BIPreports folder from the above location on Server A to Server B and then restart the BIP service. After that you could be able to see the BIPreports is deployed on to the new server and you could start view/edit the reports by login to xmlpserver.

However on OBIEE 11g, BI Publisher reports are integrated into the BI answers catalog, which means if you want to see the actual catalog you have to go through BI Answers. It still maintain an xmlpserver repository with the location:


We might think of using the same methodology to deploy the OBIEE 11g BI Publisher reports by just copying the reports to the above location. And upgrade the BIP catalog to BI Answers catalog.This would work if you upgrade the 10g reports to 11g reports and then deploy them to the folder above.

What you need to do next is to go to login to analytics.On the upper right corner, click Administration link:

Then on the next page, click Manage BI Publisher on the panel.

    Click Server Configuration on the Administration Page.


    On the next page click the button Upload to BI Presentation Catalog. And then click Apply.


   In this case you would be able to see the new folder and the reports underneath it once you login to analytics. Refer to previous blog on how to migrate 10g BIP reports to 11g   

   But this method didn’t solve the original question that if we want to get the reports from an 11g server and deploy them to another 11g server.We need to know after we upload the xmlpserver repository to BI Presentation Catalog. What happened?

    Well, it reformats the BIP repository to an BI Presentation Catalog folder entry. Say the folder BIPreports would be reformatted to folder BIPreports/ and BIPreports.atr. The reports under the original folder are also reformatted. The most obvious detection is by adding a atr file for each report and folder and sometime renaming some of the reports.The location of the BI Answers catalog is :


   The problem is that you cound not simply copy the uploaded BIP reports folder to the same location on to another server. The presenation service would not recognize the folder as what 10g xmlpserver would do. And also once you have modified the uploaded reports from presentation service, the changes go directly to the catalog not the xmlpserver repository. And there is no way to reverse the BI Answers publisher reports back to the xmlpserver publisher reports having the changes we just made.

   In order to solve the problem, there are two ways available both with the help of presentation service. On OBIEE 11G, oracle tends to put more heavy usage on the frontend operation instead of backend manipulation.Good or bad? You tell me.

   Method 1.

   If you want to deploy a whole folder of BIP reports from OBIEE 11g Server A to B, simply login to analytics on Server A.

   Click Catalog:


   On the left panel, expand shared folders and choose the perticular report folder that you want to deploy to Server B. For example, I would do Sample2. Click on the folder and then click Archive


   Now depends on if you want to remain the permissions and timestamps. Check the boxes and click ok.


  Click Save. Then this archived file contains all the reports under Sample2 and is ready to be deployed to Server B.


  Login to analytics of Server B. And go to catalog as the step above.Choose the folder where you would like to deploy the reports. In this case, I would choose shared folder. And then click unarchive.

  At the pop-up window. Choose the Sample2.catalog and then input the neccessary parameters.Click OK

 Now Sample2 is showed under the shared folder and all reports are under it.

  Method 2.

  The second methodology for deployment of BIP reports is that you could simply download and upload a single report. This is useful when you are not deploying too many reports.

  Instead of login to analyitcs, this time you need to login to xmlpserver on Server A at:


  Step 1.Click Catalog on the right corner to traverse down to the reports.


Step 2. Navigate to the report you want to move to another server. Click on More->Download

You have to download the data model correspondingly as well like below:

Now the files that we have just downloaded are looking like this:

    Balance Letter.xdoz

    Balance Letter Datamodel.xdmz

Step 3. Go to the Server B and upload the files. Login to the following link:  


Go to catalog and navigate to the folder you would like to upload to.

At the left corner, click upload

Upload the two files we just downloaded to Server B and remember to associate the template with the data model.

[OBIEE Issue] Template upgrade for 10g BIP reports to 11g

The sample xml file generated by 10g data model is a little bit different from what 11g has offered. Let us look at the difference below:

So in the templates of 10g if you have used tables. It might have something similar like this, if you look at the table properties through BI Publisher plugin.

The trick is that you have to change the ROW to G_1 in order that the 10g template would correctly show the data format for 11g dataset.

[OBIEE Issue]11g BIP Error Code:InvocationTargetException

After I upgraded my 10g BIP reports to 11g, I was thinking of linking to the reports from the 11g BIF like what I did with old 10g OBIEE BIP. Let us review what we did in 10g firstly.

So basically when we we login to 10g xmlpserver and access the report, on the uppper right corner there shows up a link: Lind to the report

Four options are exposed for your referrence purposes. Suppose you click on No header option. You would get a link to this report like below:


Here note that _xmode=2 means you are using the no header option. So you could assume that if _xmode=3 would mean that you are chosing No Parameters option and so on.(See the table below) .

Parameter Value Refer To
_xmode 0 Current Page
_xmode 2 No header
_xmode 3 No Parameters
_xmode 4

Document Only

And also _xf refers to the format that how you are going to present the report. There are a few options as well in the following table.By default we are using html if we want to refer to the report through a browser. 

Now you get the link and you paste it into your browser, it would redirect you to the original report without header being showed up.

I tried to do the same thing with BIP 11g, and I figured out that it inheritantly had the same feature to get the link to the report like below.

I then generated the link through the second option: No header. It gave me the link like below:


The link above is reformed a little bit from the 10g version and now I will paste it into the browser and see what happens.

It shows up the report.  But the header is still there.

Then I started trying other options except mode 2, for example, No Parameters. I got the following error.


This is a bug for the release Oracle Business Intelligence Product Version (Build 110427.0752 64-bit)

    Oracle just released a patch for 11g BIP to fix a bunch of bugs including the one we found:



     For details check out this link:

     Download the patch file from:

        Apply it according to the readme.txt included in the package. The bug would be solved! Good luck!


What really interested me is when you try to generate the same report from BI Answers 11g. It gave the link which looked different from the BIP version.


And if you apply this link to the browser, even though you keep changing _xmode from 0 to 4, it didn’t make much difference.Anyone has any idea for this issue?

[OBIEE Issue]Upgrade BI Publisher reports from 10G to 11G

I have to highly recommend the following blog article that talks about the upgrade of 10g BI Publisher reports to 11g.

Blog link:

Kan explains the process in detailed steps and I followed his steps to perform the upgrade. The upgrade was successful as he showed in the last picture of publisher reports upgrade section. I have seen my old 10g publisher reports folder showing up. But when I went under my report folders, I tried to open my reports xdo file, it gave me an error below:

ShockedThe report cannot be rended because of an error,please contact the administrator.

It looked like my report xdo file is not associated with the correct data model file.So then I tried to edit my vat_report report and I saw that after automatic upgrade, my vat_report report was set with the default data model : vat_report.xdm which doesn’t exsit on my data model list. In the presentation layer, the actual data model is called vat_report. Match the correct model by clicking  button.

Click View Report to check if you still have the error above and click save to enable the change.

Good luck!

AlienNote: There are file structure changes for BI Publisher upgrade. The original .xdo now is split into two components – .xdm and .xdo as illustrated:(The following picture is borrowed from my other favorite blog:

[OBIEE Issue] OBIEE 11g Deinstall Q&A

In order to get rid of the failed installation of the my last OBIEE 11G installation with the simple install. I performed the following tasks:( The reason that I did not use the uninstall wizard is there existed failure during my last installation and prevented the uninstall wizard from working correctly. I will cover the regular uninstall procedure after this.)

After that, I tired to install obiee 11g from the installation wizard again and when it came to the RCU configuration page.I encountered the following error:

INST-08020: One or more entries are found in HSS_COMPONENT table.
— A new schema must be used in order to install successfully.

Reason: When you conducted the simple install, you also had to point to the BIPLATFORM and MDS schemas. These schema tables get populated with the first installation attempt and succeeded. If you want to reinstall the software to enterprise install. You have to drop the BIPLATFORM and MDS Schemas created by the RCU install. Those schemas can only contain one OBI installation at a time unless you changed the prefix (ie: DEV_,QA_,PROD_,etc.) of the schemas if you had the RCU a second time against that same database.

Solutions: If you want to use the same database, then drop the schema firstly using the wizard and then manually delete the corresponding tablespaces. (ie: DEV_BIPLATFORM.dbf, DEV_MDS.dbf,etc)

Appendix: The regular uninstall procedure (Condition: Last install should be successfully completed)

1. Run the deinstall script and select the Deinstall instances managed by a WebLogic domain option.
* open terminal, go to /Oracle_BI1/oui/bin
* run deinstallation script:

$ ./ -deinstall

1. Welcome
* next
2. Select Deinstallation Type
* select Deinstall ASInstances…
3. Specify Weblogic Domain Detail
* domain host:
* domain port: 7001
* username: weblogic
* password: weblogic1
4. Select Managed Instance
* select instance1, all become checked.
5. Deinstallation Summary
* save deinstallation configuration to: (You could save this information for debugging purpose)
* Deinstall
6. Deinstallation Progress
* no errors
7. Deinstallation Complete
* Success, click finish

* verify success of script by going to the instances folder and making sure it doesn’t contain the instances that were deleted

2. Stop all Oracle Business Intelligence processes and servers, including all OPMN-controlled components and JEE components.
* Go to http://:7001/em then click core application under the business intelligence folder. Stop the components.
* Components already stopped
3. Drop the Metadata Services (MDS) and Business Intelligence Platform (BIPLATFORM) schemas using RCU.
* on my desktop load the rcu: C:\ofm_rcu_win_11.\rcuHome\BIN\rcu.bat
note: make sure all components are stopped otherwise errors will occur. opmnctl stopall
1. Welcome
2. Drop Repository
3. Database Connection Details
* database type: oracle database
* host name:
* port: 1521
* service name:
* username: sys
* password: *******
* role: sysdba
4. Select Components
* select DEV (note: it might be a different name according to your installation)from the drop down menu
* four check marks automatically on:
1. AS Common Schemas
2. Metadata Services
3. Oracle Business Intelligence
4. Business Intelligence Platform
* ok, ok
5. Summary
* drop
6. Completion Summary
* sucess, close
4. Run the deinstall script and select the Deinstall Oracle Home option.

$ cd /Oracle_BI1/oui/bin
$ ./ -deinstall

1. Welcome
* next
2. Select Deinstallation Type
* select Deinstall Oracle Home…
3. Deinstall Oracle Home
* save response file to:(save to somewhere for further use, it is optional)
* deinstall
4. Deinstallation Progress
* yes, delete directory after deinstall
5. Deinstallation Complete
* finish

5. Deinstall the Oracle Common home manually or by running the deinstall script that it contains.

* If you installed Oracle Business Intelligence using the Simple or Enterprise Install type,
you can fulfill this requirement by specifying the JDK directory that was created by
Oracle Business Intelligence 11g Installer in the Middleware home.

$ cd /oracle_common/oui/bin
$ ./ -deinstall -jreLoc /usr/java

1. Welcome
2. Deinstall Oracle Home
* save response file: (save to somewhere for further use, it is optional)
* deinstall
3. Deinstallation Progress
* yes to delete the directory after deinstall
4. Deinstallation Complete
* finish

6. Use the Oracle WebLogic Server uninstaller to uninstall WebLogic Server.

$ cd /wlserver_10.3/uninstall
run the shell script : /utils/uninstall/

7. Remove the Middleware home (if necessary). If you have done enterprise install, then remove the foundation domain home as well.

* Delete all remainding files/directories

8 End of the instruction.

[OBIEE Issue] How to remotely connect to online RPD

Step 1. Set up your system DSN. Go to “Start” at the left corner of your windows system and click to expand the panel. And then click “Control Panel” on the right.

Step 2. Click “Administrative Tools“, and then click “Data Sources (ODBC)” .

Step 3. Click “System DSN” and then click “Add” to add a new one.

Step 4. Choose “Oracle BI Server” as the driver.Note: Once you install the 10g OBIEE package which by default would include the driver installation.Step 5. Fill in the Server name (this one would show up when you use admin tool to remotely connect to the online rpd) and IP address where your remote rpd locates on. Then click “Next“.Step 6. On this page, type the Login ID as your rpd Admin login id. By default it should be “Administrator“. And the Password should be remote rpd login password. I would check the last box marked in red to make a trial connection to the remote rpd and make sure this connection is valid. Then click “Next“.

Step 7. If you could see this page  with the remote subject areas showing up , in this case (Sample 1 and Sample 2 are the two subject areas on my remote rpd). Then this DSN is valid. Then click “Finish“.Step 8. Go to your admin tool and then click the blue folder button for opening online rpd. Then on the pop-up window, it lists all the DSNs available. Choose the one you just created and type the rpd password. Then you could be able to login to your remote rpd.

[OBIEE Issue] SSO server version v3.0 is not supported


I made an upgrade on SSO Server 1  from 10.1.2.x to 10.1.4.x ,while for SSO Server 2, I kept the older version. Here is the version number comparison that you could easily found out from the setupinfo.txt under the software installation folder.

and then I tried to register the same partner application server with the same syntax I used to write on SSO Server 2 like below:

It actually gave me no complaint on the SSO Server 1.However, when I transfered the osso.conf file to my partner application server and put it under the same directory I used to. After restarting the HTTP Server, I got the following error: SSO server version v3.0 is not supported.


This is caused by a version mismatch in the SSO conf file I generated from my SSO Server 1. The SSO version was as you could see above and I was using the generated conf file for my partner application of a version like below:

.     By default, using the same syntax for registering the partner application server on Server 1 would create an osso.conf file of a version 3 which is a higher version that is not compatible with our partner server. In order to solve the problem, we have to explicitly tell the SSO Server to generate a lower version file by giving an extra parameter specifying this need. So the new syntax would look like:

After restarting the HTTP Server, it worked perfectly with the new file! Good luck!