Professional Documents
Culture Documents
Oracle Business Intelligence 11g SOA Integra3on: Antony Heljula Technical Architect
Oracle Business Intelligence 11g SOA Integra3on: Antony Heljula Technical Architect
Oracle Business Intelligence 11g SOA Integra3on: Antony Heljula Technical Architect
Agenda
q
q
q
q
q
q
q
q
q
q
q
q
Peak Indicators Limited
Typical
CThe
ustomer
Answer!
Ques3ons
How
do
we
ini)ate
it?
Where
do
we
ini)ate
it?
What
is
the
technology?
Can
Oracle
BI
do
this?
OBIEE
11g
Ac3on
Framework
Ac3on
Framework
q
Ac#on
Framework
is
an
exci#ng
new
feature
of
OBIEE
11g
that
provides
the
facility
to
invoke
a
wide
variety
of
ac#ons
or
processes
directly
within
the
UI
This
is
a
major
enhancement,
since
OBIEE
10g
is
great
for
analysis
but
has
limited
capability
for
performing
ac#ons
once
your
analysis
is
complete
Analyses
Dashboard
pages
Agents
(iBots
in
10g)
Balanced
Scorecard
objec#ves
and
ini#a#ves
KPIs
Crea3ng
Ac3ons
q
If
you
only
want
to
use
an
Ac#on
once,
you
can
dene
it
directly
within
an
analysis,
dashboard
page,
agent,
scorecard
objec#ve,
scorecard
ini#a#ve,
or
KPI.
These
inline
ac#ons
are
not
re-usable
Ac3ons
Types
of
Ac3on
q
Note:
When
integrated
with
Siebel
CRM
it
is
also
possible
to
Navigate
to
Siebel
CRM
Examples
Navigate
to
BI
Content
q
10
Examples
Condi3ons
q
e.g. View Sales Order Details only appears if there are <500 Orders
11
Examples
Conrma3on
q
12
Examples
On
Dashboards
q
Dashboard Pages can consist of Ac#on Links and Ac#on Link Menus
13
Examples
On
Dashboards:
Ac3on
Links
q
14
Examples
On
Dashboards:
Ac3on
Link
Menus
q
15
Examples
On
KPIs
q
The KPI Status can be used to determine which Ac#on Links appear
16
Examples
On
Balanced
Scorecards
q
The
Objec#ve
or
KPI
Status
can
be
used
to
determine
which
Ac#on
Links
appear
17
Examples
Delivers
Agents
q
You can ini#ate mul#ple Ac#ons once a Delivers Agent has completed:
The
Ac#ons
can
be
ini#ated
for
every
row
returned
by
the
Agent!
You
can
map
the
columns
returned
by
the
Agent
to
each
of
the
Ac#ons
parameters
18
q Further Examples
19
20
The
Ac#on
will
be
called
Adjust
Sales
Forecast
will
invoke
a
web
service
to
modify
a
Sales
Reps
forecast
target:
21
In
order
to
invoke
a
web
service,
you
typically
need
the
URL
for
its
Web
Service
Descrip#on
Language
(WSDL)
The owner of the site hos#ng the web service should be able to provide you with his
The
WSDL
returns
an
XML
le
providing
details
on
all
the
web
services
that
are
available,
such
as
the
opera#ons
available
and
the
parameters
that
need
to
be
passed
hcp://obiee11g:7001/Adjust_Sales_Forecast-Adjust_Sales_Forecast-context-root/
Adjust_Sales_ForecastPort?WSDL
NOTE:
22
23
The following URL can be generated to get direc#ons using Google Maps:
hcp://maps.google.co.uk/maps?&saddr={p1}&daddr={p2}
Your
loca#on
La#tude
of
customer
Longitude
of
customer
24
[bi_server1] \bi_server1\tmp\_WL_user\analy#cs_11.1.1\xxxxx\war\res\b_mozilla\ac#ons
NOTE:
the
[bi_server1]
path
is
the
following
loca#on:
[Middleware
Home]\user_projects\domains\bifounda#on_domain\servers\bi_server1
25
For each Ac#on you actually provide two separate Javascript func#ons!
USERSCRIPT.getdirections = function(params)
{
var googleURL = "http://maps.google.co.uk/maps?&saddr="
+ params.your_loc
+ "&daddr="
Your
refer
to
input
+ params.dest_lat
parameters
in
the
format:
+ ","
array.parameter
+ params.dest_long;
window.open(googleURL,"GetDirections");
};
26
It has the following format (in this case we are dening 3 input parameters):
USERSCRIPT.getdirections.publish =
{
parameters:[
new USERSCRIPT.parameter("your_loc" , "Your Location"
,""),
new USERSCRIPT.parameter("dest_lat" , "Latitude Destination" ,""),
new USERSCRIPT.parameter("dest_long", "Longitude Destination",""),
]
};
27
q What is SOA?
28
If
you
read
any
IT
paper
or
look
at
OTN,
you
will
be
hit
with
many
success
stories
about
SOA:
29
What
is
SOA?
q
Despite
all
the
success
stories,
there
s#ll
remains
a
lot
of
confusion
about
what
exactly
SOA
is
30
What
is
SOA?
q
31
What
is
SOA?
q
However,
the
key
factor
is
that
they
all
integrate
via
a
common
set
of
standards
how
each
building
block
is
implemented
at
the
back
end
is
irrelevant
CRM
Intranet
/
Internet
Order Processing
Consumer
HR
Business
Intelligence
Peak Indicators Limited
32
What
is
SOA?
q
CRM
h]p
h]p
Intranet
/
Internet
h]p
-
Create
Account
-
Create
Service
Request
Order Processing
-
Create
Order
-
Bill
Customer
h]p
Consumer
HR
Business
Intelligence
Peak Indicators Limited
-
New
Employee
-
Holiday
Request
What
is
SOA?
Ac3on
Framework
Ac3ons
q
q
Have
you
no#ced
that
all
Ac#ons
available
with
Ac#on
Framework
are
based
on
HTTP?
Ac#on
Framework
puts
OBIEE
11g
at
the
heart
of
a
SOA
implementa#on
34
35
Web
services
are
programs
that
can
be
access
remotely
using
XML-based
languages
What
each
program
can
do
is
described
in
a
standard
XML
format
called
Web
Services
Descrip#on
Language
(WSDL)
The
consumer
does
not
need
to
know
how
the
program
is
implemented
and
is
only
interested
in
what
the
program
can
do
(as
dened
in
the
WSDL)
Intranet
/
Internet
Consumer
36
q
q
Intranet
/
Internet
XML
Response
Consumer
37
Ques3on
q Ques3on:
q Answer:
Products
such
as
Oracle
JDeveloper
build
and
deploy
web
services
for
you!
38
Demonstra3on
Building
a
Web
Service
q
We
shall
now
demonstrate
how
to
build
a
PL/SQL
web
service
using
Oracle
JDeveloper
In
our
example,
the
PL/SQL
package
will
be
used
to
update
a
Sales
Forecast
amount
for
a
Sales
Rep
39
Demonstra3on
Building
a
Web
Service
q
The
aim
will
be
to
execute
the
PL/SQL
web
service
within
OBIEE
using
an
Ac#on
Link!
40
41
hcp://download.oracle.com/docs/cd/E14571_01/bi.1111/e16364/toc.htm
42
There are a variety of OBIEE session based web services are available:
HtmlViewService
iBotService
MetadataService
Replica#onService
ReportEdi#ngService
SAWSessionService
SecurityService
WebCatalogService
XMLViewService
They
are
referred
to
as
session
based
because
you
have
to
establish
a
session
with
OBIEE
rst
before
you
can
use
them
(you
need
to
pass
in
a
valid
Session
Id)
The
Web
Service
Deni#on
Language
(WSDL)
format
for
Oracle
BI
web
services
can
be
obtained
using
the
following
example
URL:
hcp://localhost:9704/analy#cs/saw.dll?WSDL
43
44
This
means
you
have
to
programma#cally
call
the
web
services
one
a{er
the
other
Log
in
/
Authen#cate
(SAWSessionService)
Obtain
results
in
XML
format
(XMLViewService)
Log
o
(SAWSessionService)
These
session
based
web
services
are
therefore
not
too
compa#ble
with
Ac#on
Framework
on
their
own
45
This
is
where
Oracle
BPEL
and
SOA
Suite
come
into
play....we
will
discuss
more
about
this
later.
46
OBIEE
Web
Services
for
SOA
are
quite
dierent
to
the
Session
Based
web
services.
There
are
three
ac#ons
available:
Execute
Agent
Execute
Condi#on
Execute
Analysis
For
example:
if
your
Analysis
has
3
Is
Prompted
lters
then
you
can
pass
values
in
for
these
at
run-#me
47
Instead
of
being
provided
with
a
WSDL
URL,
you
are
in
fact
provided
with
a
WSIL
(Web
Service
Inspec#on
Language)
URL:
hcp://localhost:9704/biservices/inspec#on?wsil
This
allows
OBIEE
to
dynamically
build
up
the
set
of
web
services
available
based
upon
the
objects
in
the
BI
Presenta#on
Catalogue.
If
you
open
up
the
WSIL
URL
in
a
browser,
you
can
see
that
you
are
able
to
browse
through
the
catalogue
structure
and
youll
nd
a
web
service
for
each
Analysis,
Condi#on
and
Agent!
48
Consider this example where we have an Agent called Sales History Agent
49
50
There are two parameters to congure, you can leave them Op#onal:
Session
Country
Session
Language
51
52
Firstly,
you
have
to
congure
the
FMW
creden#al
store
with
the
username/password
that
will
be
used
to
browse
the
web
services
available
This
account
will
always
be
used
for
browsing
the
web
services,
so
users
can
only
execute
Ac#ons
on
objects
stored
in
Shared
folders
53
54
Key:
Username:
Password:
wsil.browsing
weblogic
welcome1
}
for
example
}
55
[Middleware Home]\user_projects\domains\bifounda#on_domain\cong\fmwcong\biinstances\coreapplica#on
56
57
58
BI
Presenta#on
Services
Weblogic
managed
server
bi_server1
59
Test!
You
should
now
be
able
to
create
an
Ac#on
and
see
that
the
web
services
are
automa#cally
available
for
you
to
choose
and
execute:
60
Without
further
congura#on,
all
the
Web
Services
for
SOA
will
be
invoked
as
the
same
wsil.browsing
account
Everyone
has
the
same
visibility
of
the
common
Shared
Folders
area
Everyone
has
the
same
visibility
of
the
users
own
My
Folders
area
Common
data
visibility
for
all
users
61
q Oracle BPEL
62
Oracle
BPEL
q
63
Oracle
BPEL
q
BPEL
is
designed
to
sit
in
the
middle
of
your
enterprise,
coordina#ng
and
sequencing
the
interac#ons
between
various
external
services
(known
as
partner
links)
to
form
single
workows
that
deliver
end-to-end
business
processes
You
can
integrate
mul#ple
technology
adapters
and
services
within
each
workow,
such
as
human
tasks,
transforma#ons,
no#ca#ons,
and
business
rules
64
Oracle
BPEL
Integra3ng
with
OBIEE
65
Oracle
BPEL
Integra3ng
with
OBIEE
q
66
Oracle
BPEL
Advantages
of
BPEL
Fast/simple development
Fast/simple deployment
Easy to support / de-bug (debugging someone elses custom java code is not easy!)
Dening
XSD
schemas
using
a
GUI
tool
dont
need
knowledge
of
XML
schema
language
Peak Indicators Limited
67
Oracle
BPEL
Synchronous
vs
Asynchronous
q
A
Synchronous
BPEL
Workow
is
typically
used
for
short-running
processes
where
results
can
be
returned
almost
immediately
back
to
the
invoking
client
(the
client
will
wait
un#l
the
results
have
been
returned)
Asynchronous
BPEL
Workows
are
very
useful
for
environments
in
which
a
process,
such
as
one
that
involves
manual
interven#on,
can
take
a
long
#me
to
process
a
client
request.
The
invoking
client
does
not
wait
for
a
response,
instead
the
workow
will
use
a
callback
to
return
the
results,
if
any,
to
the
client
at
a
later
date/#me
Asynchronous
services
provide
a
more
reliable
fault-tolerant
and
scalable
architecture
than
synchronous
services
(storing
the
process
in
a
database
preserves
the
process
and
prevents
any
loss
of
state
or
reliability
if
a
system
shuts
down
or
a
network
problem
occurs.
This
feature
increases
both
BPEL
process
reliability
and
scalability.
You
can
also
use
it
to
support
clustering
and
failover)
68
Oracle
BPEL
Invoking
Client
q
q
q
69
Oracle
BPEL
Invoking
a
Partner
Link
(e.g.
Web
Service)
q
Within a BPEL workow, you typically use 3 objects to invoke an external service:
A
Partner
Link
An
Invoke
ac#vity
An
Assign
Ac#vity
70
Oracle
BPEL
Error
Handling
q
71
Oracle
BPEL
Loops
q
While
Repeat
Un#l
For
Each
For example:
72
Oracle
BPEL
Deployment
q
73
Oracle
BPEL
Enterprise
Manager
q
Once
deployed,
you
use
Enterprise
Manager
to
monitor
and
test
your
BPEL
process:
74
Oracle
BPEL
Tes3ng
q
You
can
test
your
BPEL
process
from
Enterprise
Manager
(by
ini#a#ng
the
web
service
for
the
BPEL
process):
75
Oracle
BPEL
Support/Monitoring
q
You
can
track,
monitor
and
diagnose
issues
directly
within
Enterprise
Manager:
76
77
78
79
OWSM
is
the
Oracle
Fusion
Middleware
component
responsible
for
the
centralised
management
and
security
of
web
services
across
your
enterprise
OWSM
also
manages
OBIEE
web
services
80
Policies
are
security
rules.
For
example,
you
could
lock
down
a
web
service
so
that
all
messaging
must
come
from
a
trusted
source
and
the
user
needs
to
supply
both
a
username
and
password
(or
some
form
of
SSO
token)
When
you
have
web
services
doced
everywhere,
OWSM
can
serve
as
a
gateway
so
that
all
your
web
services
can
be
discoverable
in
a
single
loca#on
Centralised monitoring
81
Oracle
Fusion
Middleware
11g
currently
only
supports
the
use
of
JAX-WS
services
Therefore,
if
you
have
JAX-RPC
web
services
then
you
have
to
manage
them
within
WebLogic
Console
82
OWSM
func#ons
can
be
access
via
the
main
menu
for
your
WebLogic
domain
83
You
can
use
the
Registered
Services
congura#on
screen
to
register
all
your
web
services,
so
that
they
can
be
referenced
in
a
single
place
84
85
86
If
youre
not
careful,
by
default
your
custom
web
services
will
have
no
security
so
anyone
can
invoke
them
from
anywhere!
You
can
secure
web
services
within
OWSM
or
within
WebLogic.
You
secure
a
web
service
by
assigning
one
or
more
WS
Policies
In
the
example
below,
the
ExecuteAgent
web
service
has
a
security
policy
which
enforces
authen#ca#on
using
a
username
and
password
(Token):
87
There are two types of policy that can be acached to web services:
NOTE:
88
OWSM
and
WebLogic
come
with
many
predened
policies!
The
one
to
use
largely
depends
on
the
customers
needs:
As
a
general
rule
though
you
can
simply
consider
the
policies
men#oned
on
the
previous
slides
89
By
default,
all
the
OBIEE
Web
Services
for
SOA
are
congured
with
a
policy
that
requires
a
valid
Username
/
Password
creden#als
to
be
passed
through:
In
the
case
of
OBIEE
11g,
the
creden#als
passed
are
stored
in
the
Creden#al
Store
administered
within
Enterprise
Manager
(WebLogic
Domain
>
Security
>
Creden#als):
90
Conden3ality:
There
is
no
use
of
public/private
keys
so
the
messages
are
not
encrypted
(usernames/
passwords
are
not
even
encrypted)
Integrity:
The
messages
are
not
digitally
signed,
so
you
cannot
guarantee
the
authen#city
of
the
messages
NOTE:
a
private
key
is
actually
used
to
digitally
sign
messages
91
You
can
use
the
Creden#al
Store
for
this
purpose,
but
it
means
you
are
always
passing
over
the
same
creden#als
no
macer
which
user
is
invoking
the
service
92
Instead
of
requiring
a
password,
the
client
passes
over
a
cer#cate
which
is
then
veried
by
the
server
(the
server
has
a
key
store
containing
all
the
valid
cer#cates)
The
benet
is
that
the
username
of
the
invoking
user
is
propagated,
so
this
policy
supports
the
need
for
a
service
to
run
as
dierent
users.
The
downside
is
that
the
server
has
to
trust
that
the
user
is
valid.
This
method
is
commonly
used
by
partners
who
need
to
integrate
across
the
web
and
can
trust
each
other
NOTE: The propagated user must have an entry in the recipients LDAP store
93
Instead
of
requiring
a
password,
an
X.509
cer#cate
is
passed
over
to
the
server
to
verify
that
the
user
has
been
authen#cated
and
can
be
trusted
(X.509
is
commonly
used
in
SSO
applica#ons)
The
username
of
the
invoking
user
is
propagated,
so
this
policy
supports
the
need
for
a
service
to
run
as
dierent
users.
X.509
is
a
stronger
and
more
secure
form
of
SSO
compared
to
SAML.
Each
user
has
a
cer#cate
which
is
#ed
to
an
individual
entry
in
the
companys
LDAP
store
94
95
[Middleware Home]\user_projects\domains\[domain]\cong\fmwcong
96
You
need
to
generate
a
key
store
when
whenever
you
have
policies
that
involve
message
protec#on.
Separate key stores should be created on both client and server machines
When
the
web
service
is
invoked,
the
public
keys
are
exchanged
between
client
and
server
The
client
will
then
encrypt
messages
using
the
servers
public
key
and
vice
versa
Only
the
receiver
who
has
the
corresponding
private
key
can
decrypt
the
message
To
ensure
authen#city,
the
both
sides
will
also
add
a
digital
signature
to
their
messages:
97
The
servers
key
store
will
need
to
contain
the
cer#cates
from
all
the
trusted
client
machines
The
key
store
on
each
client
machine
will
need
to
contain
the
servers
cer#cate
So
you
have
to
perform
the
following
process
on
all
client
and
server
machines
Generate
a
new
key
store
containing
a
private/public
key
pair
and
a
cer#cate
Export
your
cer#cate
Send
your
cer#cate
(securely!)
to
the
other
server
Import
your
cer#cate
into
the
other
servers
key
store
98
99
You
can
list
the
contents
of
your
key
store
by
using
the
following
command:
NOTES:
100
If
you
need
to
send
your
cer#cate
to
the
server
(e.g.
SAML)
then
you
should
export
your
cer#cate
using
the
following
command:
NOTES:
101
To
import
your
client
cer#cate
into
another
servers
key
store
you
can
use
the
following
command:
NOTES:
102
Once
you
have
imported
your
cer#cate
you
can
do
a
keystore
list
command
to
list
the
contents
of
your
key
store,
which
should
contain
your
own
key
entry
and
cer#cate
as
well
as
your
trusted
cer#cates:
Cer#cate
from
trusted
source
103
q Conguring OWSM
104
Conguring
OWSM
Security
Provider
Congura3on
q
Whenever
you
generate
a
new
key
store
you
will
need
to
congure
FMW
Control
with
the
alias
and
passwords
that
you
used
(youll
have
to
do
this
on
all
servers)
105
Conguring
OWSM
Security
Provider
Congura3on
q
Enter
the
alias
(typically
orakey)
and
then
the
Signature
and
Crypt
key
store
passwords
(e.g.
welcome1)
that
were
specied
wen
genera#ng
the
key
store:
106
q Conguring
Ac3onFrameworkCong.xml
107
Conguring
Ac3onFrameworkCong.xml
q
Whenever
you
want
OBIEE
to
invoke
secured
web
services,
you
have
to
congure
OBIEE
as
follows:
[Middleware_Home]\user_projects\domains\[Domain]\cong\fmwcong
\biinstances\coreapplica#on
108
Conguring
Ac3onFrameworkCong.xml
<aliases>
q
First of all, you can specify a list of Aliases within the <aliases> sec#on
To
facilitate
deployment
and
release
processes,
these
Aliases
mean
you
dont
have
to
hard
code
server
names/IP
addresses
in
your
system.
Instead
you
can
refer
to
server
aliases,
which
OBIEE
will
translate
at
run-#me
into
youre
their
actual
server
names:
<aliases>
<location-alias>
<alias>obiee11g</alias>
<actual>obiee11g-prod</actual>
</location-alias>
<location-alias>
<alias>soasuite</alias>
<actual>soasuite-prod</actual>
</location-alias>
</aliases>
109
Conguring
Ac3onFrameworkCong.xml
<accounts>
q
For
any
username/password
policies,
you
will
need
to
list
a
number
of
account
creden#als
in
the
<accounts>
sec#on:
<accounts>
<account>
<name>wsil.browsing</name>
<description>Account for BI WS for SOA</description>
<adminonly>false</adminonly>
<credentialkey>wsil.browsing</credentialkey>
<credentialmap>oracle.bi.enterprise</credentialmap>
</account>
</accounts>
qNOTES:
The
<name>
element
will
be
used
as
a
reference
elsewhere
in
the
le
The
<creden#alkey>
and
<creden#almap>
elements
must
refer
to
a
creden#al
key
in
the
110
Conguring
Ac3onFrameworkCong.xml
<policies>
q
You
should
list
all
the
dierent
types
of
policies
that
are
in
use
within
the
<policies>
sec#on
<policies>
<policy>
<name>SAMLPolicy</name>
<policyfile>ActionsSAMLPolicy.xml</policyfile>
</policy>
<policy>
<name>wss_username_token_policy</name>
<policyfile>wss_username_token_policy.xml</policyfile>
</policy>
<policy>
<name>wss_username_token_message_protection_policy</name>
<policyfile>wss_username_token_message_protection_policy.xml</policyfile>
</policy>
</policies>
qNOTES:
The
<name>
element
will
be
used
as
a
reference
elsewhere
in
the
le
Each
policy
will
have
its
own
.xml
le
separately
created,
the
name
of
the
le
should
be
within
111
Conguring
Ac3onFrameworkCong.xml
Create
Policy
Files
q
IMPORTANT NOTE:
112
Conguring
Ac3onFrameworkCong.xml
<registries>
:
Example
1
q
The
<registries>
sec#on
should
list
all
the
web
services
that
you
wish
the
OBIEE
end
users
to
use:
113
Conguring
Ac3onFrameworkCong.xml
<registries>
:
Example
2
q
114
Conguring
Ac3onFrameworkCong.xml
<registries>
:
Example
3
q
<registries>
<registry>
<id>WS4SOA</id>
<name>OBIEE Web Services for SOA (SAML)</name>
<content-type>webservices</content-type>
<provider-class>oracle.bi.action.registry.wsil.WSILRegistry</provider-class>
<description></description>
<location>
<path>http://localhost:9704/biservices/inspection?wsil</path>
</location>
<service-access>
<policy>SAMLPolicy</policy>
<propagateIdentity>true</propagateIdentity>
</service-access>
</registry>
</registries>
Peak Indicators Limited
115
q Ques3ons?