In this page we are going to see an usual activity which we perform when the client users are facing an issue to login into the Hyperion Applications.
We are going to see how to setup an MSAD Configuration in HSS
Shared Services-
MSAD Configuration
Screen 1:
Screen 2:
Shared Services-
MSAD Configuration
You can configure MSAD so that Shared Services can perform
a static host name lookup or DNS lookup to identify MSAD. Static host name
lookup does not support MSAD failover without updating the MSAD configuration
in Shared Services.
Using the DNS lookup ensures high availability of MSAD in
scenarios where MSAD is configured on multiple domain controllers to ensure
high availability. When configured to perform a DNS lookup, Shared Services
queries the DNS server to identify registered domain controllers, and connects
to the domain controller with the greatest weight. If the domain controller to
which Shared Services is connected fails, Shared Services dynamically switches
to the next available domain controller with the greatest weight.
Global Catalogue
A global catalog is a domain controller that stores a copy
of all MSAD objects in a forest. It stores a complete copy of all objects in
the directory for its host domain and a partial copy of all objects for all
other domains in the forest, which are used in typical user search operations.
Note: Also refer
to Microsoft Docs for how to configure a Global Catalogue
Methods to configure
your MSAD user directories while using a “Global Catalogue”.
·
Configure the global catalog server as the
external user directory (recommended)
·
Configure each MSAD domain as a separate
external user directory
Note: Configuring
the global catalog instead of individual MSAD domains allows EPM System products
to access local and universal groups within the forest.
Individual
Parameters to be entered in the above screens is explained below.
Steps in
configuration of MSAD to a HSS :-
1) Host Name
Name of the user directory server. Use the fully qualified
domain name if the user directory is to be used to support SSO from Site Minder
2) DNS Lookup or
Hostname options
Note:
DNS Lookup - Do not select this option if you are
configuring a global catalog.
Hostname - Use this option to enable static host name
lookup
3) Port
The port number where the user directory
is running.
Note: If you are configuring an MSAD global catalog,
specify the port used by the
Global catalog server (default is 3268)
4) SSL Enabled
The check box that enables Secure Socket Layer (SSL)
communication with this user
directory. The user directory must be configured for secure
communication.
5) Base DN
The distinguished name (DN) of the node where the search
for users and groups should begin. You can also use the Fetch DNs button to
list available base DNs and then select the appropriate base DN from the list.
Note: If you are configuring a global catalog, specify the
base DN of the forest.
6) ID Attribute
A unique user
attribute. The recommended value of this attribute is automatically set
For MSAD (ObjectGUID). You may change the default value if
necessary.
7) Maximum Size
Maximum number of results that a search can return. If this
value is greater than that
supported by the user directory settings, the user
directory value overrides this value.
For MSAD, set this value to 0 to retrieve all users and
groups that meet the search
Criteria.
8) Trusted
The check box to indicate that this provider is a trusted
SSO source. SSO tokens from
trusted sources do not contain the user's password.
9) Anonymous Bind
The check box to indicate that Shared Services can bind
anonymously to the user
Directory
Note: Oracle
recommends that you do not use anonymous bind.
10) User DN
The distinguished name of the user that Shared Services
should use to bind with the
User directory. This distinguished name must have read
privileges within the Base DN.
Special characters are not allowed in the User DN value.
Example: cn=admin,dc=example,dc=com
11)Append Base DN
The check box for appending the base DN to the User DN. If
you are using Directory
Manager account as the User DN, do not append Base DN.
12)Password
User DN password
13) CLICKNEXT
The User Configuration screen opens. Shared Services uses
the properties set in this screen to
create a user URL that is used to determine the node where
search for users begins. Using this
URL speeds up the search.
Caution
User URL should not point to an alias. EPM System security
requires that the user URL points to an actual user and not its alias.
Oracle recommends that you use the Auto Configure area of
the screen to retrieve the required information.
Test:
------
1) Edit
the Configured MSAD from Shared Services à Administration à
Configure User Directories.
2) Click
on Test to test the MAD Connection
3) Query
for any existing user from the configured MSAD to check if the interface of HSS
to MAD is available.
No comments:
Post a Comment