Hello,
I configured Hyperion EPM 11.1.2.4 (Planning,Calculation manager,EAS, ESSBASE,FR,Foundation Service) on SSO configuration, using oracle documentation.
Generally, Everything works fine, but I have some question to clear details.
- At the end I have to set up polices for all deployments (by URL /*)
like this
BUT, this policy allows only authentification only for user, and all other services interact directly between each other...
For example when I try to import Calc Manager rules, I got error acccess /calcmgr/lcm.performAction.do or /HyperionPlanning/servlet/HspLCMServlet for planning LCM.
I try to fix this problem by adding access to RemoteHost and set it as a Hyperion server....
This trick resolve some problems but some authority issues still occures... may be somebody could share experience implementing SSO,,,,
Is it a right way to add allow all policy to all deployments or it is not a good idea???
2. Other question: is it possible to login in hyperion by native user when kerberos sso enabled ???
SSO_username and SSO_password doesn't work with kerberos
3. And problem with hyperion planning by direct link
Infinity loop, in look a the log and there are many rows with the same error
[2016-10-19T18:25:01.583+04:00] [Planning0] [NOTIFICATION] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 11] [userId: <anonymous>] [ecid: 00ibSvR_^N6ECSW_xxWByW0001uC0001TP,0:1] [APP: PLANNING#11.1.2.0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateSecurityAgent] Failed to authenticate user. Invalid credentials. Enter valid credentials.
Best regards,
Dmitry