Home > Fusion Middleware, Oracle Access Manager, Oracle Bussiness Intelligence > How to Run OAM 11g Audit Reports in BI Publisher 11g

How to Run OAM 11g Audit Reports in BI Publisher 11g

A common requirement for enterprises that implement the Oracle Identity Management 11g solution is to have the ability to report all authentication and authorization operations in their applications.  Assuming that the the applications have already been secured by Oracle Access Manager 11g, and that a Bussiness Intelligence 11g solution is in place, there are several configurations that need to be made in order to have reports on authentication operations, failed authentications etc from OAM.

At the time this post was written, OAM reports are only available for BI 10g (10.1.3.4) and so the OAM reports need to be upgraded to 11g using the BI Upgrade Assistant in order to be used in a 11g BI environment.

This post will go through all the steps required to upgrade and set up these reports. Although the post discusses the OAM reports, the same steps apply for the Identity Manager 11g reports as well.

Here is a list of the main steps to be followed:

1. Find the reports in the Identity and Access Management installation.
2. Copy the reports to a source location on the BI machine.
3. Run the Upgrade Assistant to upgrade the reports in 11g format.
4. Configure the BI Publisher repository accordingly.
5. Modify the reports to make sure that the Data Model is correct and add a template to each report.
6. Add the neccessary data sources to BI Publisher.
7. Enable Audit in Oracle Access Manager and make sure all the operations are indeed audited.
8. Run a OAM report in BI Publisher.

1. Find the OAM (and OIM) reports in the IAM 11g installation.

The Identity and Access Manager 11 installation comes with predefined reports for both the Identity Manager and Access Manager. The reports are included in a zip archive in the installation directory.

OAM reports are in the following location:

$ORACLE_HOME/oam/server/reports/oam_audit_reports_11_1_1_3_0.zip
for example:
/u01/app/oracle/fmw/1035/Oracle_IAM1/oam/server/reports

OIM reports:

$ORACLE_HOME/server/reports/oim_product_reports_11_1_1_5_0.zip
for example:
/u01/app/oracle/fmw/1035/Oracle_IAM1/server/reports/oim_product_reports_11_1_1_5_0.zip

2. Copy the reports to a location on the BI machine.

Before running the Upgrade Assistant on the OAM reports, copy the above archive to a source directory on the BI machine. Unzip the archive in that location.

3. Run the Upgrade Assistant to upgrade the OAM reports in 11g format

On the BI machine, start the Upgrade Assistant by executing
$ORACLE_HOME/bin/ua
(for example: /u01/app/oracle/fmw/Oracle_BI1/bin/ua)

Choose the “Upgrade Oracle BI Publisher Repository” option and click “Next”.

Choose the “Upgrade 10g BI Publisher Repository Directory” and enter the source directory where the reports have been copied and unzipped.

For “Enter the destination BI Publisher Repository Directory” fill in the destination directory.

Enter the connection details to the BI domain Weblogic Administration server

Click the “Upgrade” button once the examination process has completed successfully


A status of the upgrade process and a summary are displayed in the next screens.

4. Configure the BI Publisher repository accordingly.

The upgraded reports must now be uploaded to the BI Catalog. In order to do this, login to the BI Publisher application (http://bi_host:9704/xmlpserver) and access “Administration”, then “Server Configuration” unde the “System Management” section

In the Catalog section, fill in the destination directory where the upgrade reports are and then click “Upload to BI Presentation Catalog”
The reports should now be visible in the BI Publisher Catalog screen.

5. Modify the reports to make sure that the Data Model is correct and add a template to each report.

After the reports are migrated, you might run into an error when trying to run them:

To fix the error, simply re-associate the correct Data Model to the report. Click ‘Edit’ on the report, then click the magnifying glass to choose the appropriate Data Model, then save the report.

You should be able to run the report. If there is still an error, make sure that a template is chosen for the report, otherwise you can choose one from the ‘Properties’ link. If all is well but there is no data source, ignore it at this time as the data source will be created in the following step.

6. Add the neccessary data sources to BI Publisher.

In order for the report to access the actual data, a OAM datasource needs to be defined in BI Publisher, connecting to the OAM audit tables in the database, usually under the <PREFIX>_IAU schema. If you haven’t selected this schema at OAM installation time, you can add it by running the RCU again.

To create the Data Source, go to the Administration page of the BI Publisher, click on “JDBC Connections” under the Data Sources section and fill in the database connection details.

7. Enable Audit in Oracle Access Manager and make sure all the operations are indeed audited.

To enable auditing for OAM, access the Enterprise Manager of the IAM domain, right click the Weblogic domain and open the “Audit Policy” screen. Marking the Oracle Access Manager will select all operations for auditing.

Although auditing is now enabled, there are still some filters in OAM which actually limit auditing. To check this, access the OAM console and go to “System Configuration” -> “Common Settings” -> “Audit Configuration”. Make sure that the “Filter Preset” is set to “All” and that there are no users listed below since the audit applies only to those users in the list.

Click “Apply” to confirm the setting.

8. Run the OAM reports in BI Publisher.

Advertisements
Tags: ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: