Specialized IT Services focused on Data Management | Speak with Us 877-634-9222
Art of BI: Proxy Act As Cannot Cross Identity Providers
The proxy act as capability of Oracle BI is still well and alive in 11g.
I came across this error recently when configuring this functionality, “Actual user’s GUID is not empty but Acting as user’s GUID is empty.”
The GUIDs have a lot to do with the way the proxy user is able to log into Presentation Services as the target user. Refreshing GUIDs can also play a role in affect the correct configuration with Proxy As.
This error however, is due to the fact that the implementation was using two different Identity Providers which apparently breaks the functionality of the Proxy As feature.
For example, I want to log into OBI Dashboards as the ‘weblogic‘ user which is housed under the default Identity Provider of the WLS LDAP system. I want to set up my proxy as table so that the ‘weblogic’ user can proxy as a target user that resides in an MS Active Directory LDAP Identity Provider that I’ve configured in WLS or that I am using via the backwards compatible 10g security method stemming from the RPD (I tested this using only the latter method). So, I’d set up my proxy table to show the combination of weblogic user to MSAD user with full privileges. The outcome of this is that when I log in with the ‘weblogic’ user, I am able to see my MSAD user in the Act As dropdown list. That is accurate because that is just a database retrieve. However, if I select the MSAD user from the list to act as that user, I will be sent to the login screen of Presentation Services and the proxy as login will fail. The error message above will be logged and can then be seed from the Diagnostics tab within the Fusion Control console.
So, ultimately you can only proxy Act As with a users stemming from the same Identity Provider.
In my opinion that is how is should work anyway. Just know that the limitation exists.
Let me know if you’ve figured out a work around or if I missed something.
Contact Us
Christian is an innovator in analytics and data warehousing design, best practices, and delivery. With more than fifteenyears of decision support and data warehousing with key experiences at Office Depot HQ, Sierra-Cedar, and Capgemini, he oversees the Oracle Analytics Practice which includes the technical development and delivery of Oracle BI collaboration software, data warehouse solutions, Oracle BI/EPM projects, and packaged analytics solutions at Datavail.
I’ve tried for hours to figure this out (was using an RPD user trying to act as an LDAP user) and finally came across this post.
Many thanks.
Logically I suppose it makes sense, but when you have (as in my case) the Presentation Services Administrator (or WLS Admin) not in your company’s LDAP, it’s a pain to have this limitation. I used the Administrator as my default user to create/manage reports and dashboards, with proxy functionality to test them.
I suppose I’ll have to figure out a work-around. If I do, I’ll try to remember to post it here.