About Me

Anjum Ara I am a technology enthusiast, an ardent reader. My latest interest is virtualization. In my free time, I love understanding child nutrition, child holistic development. I bake, read, paint, and do whatever it takes to improve myself every day.

Monday, December 14, 2015

SSL Enabled Active Directory Configuration

Configuring SSL enabled Active Directory(AD) is almost similar except that the certificates need to be imported before configuring the environment. In this blog you will quicly learn basic things that need to be done before configuring SSL enabled AD.  Here I am using MSAD for demonstration and Hyperion 11.1.2.4 enviornment.

Pre-requisites
  • Signed certificates for the Active Directory
  • Active Directory Server details
  • AD(default 636)  port open from Foundation Server and Essbase Server to AD server.

Preparation
  1.  Download the Active Directory server certificates provided by usually MSAD admin 
  2.   Login to the Weblogic Server
  3. Go to /weblogic/Oracle/Middleware/jdk160_35/jre/lib/security
  4. Take a backup of cacerts file
  5. Download the certificates provided by MSAD admins for the MSAD server and place it /weblogic/Oracle/Middleware/jdk160_35/bin  
  6.  Run below commands
keytool -import -alias ldapca -keystore /weblogic/Oracle/Middleware/jdk160_35/jre/lib/security/cacerts -trustcacerts -file Cert-CA.cer 


 keytool -import -alias  ldapserver -keystore /weblogic/Oracle/Middleware/jdk160_35/jre/li/security/cacerts -trustcacerts -file Cert-Server.cer  

       7. Copy the cacerts file from here which contains all the certificates to rest of the servers in the environment ex Essbase server , EPMA Server , Planning server.
      8. Restart the Foundation Service.


Configuration
 


1. Launch Workspace and then Navigate to Shared Services
2. Go to Administration > Configure User Directories
3. Choose MSAD (whichever suits your AD type or choose other)
4. Enter details for the AD as shown below


Click Next
5. Enter the login details, this page decides what the user logon name would be
Login Attribute:  SAMAccount  (Read more details about it here SAM-Account-Name )
This is the default login id .
In our case we needed email address as the login id hence created a Login Attribute called userprincipalname and configured that to be the login attribute for Hyperion.




6. Uncheck the Support Groups



7. Click OK, Apply

8. Re-order the directories , keep Native Directory on first priority and MSAD on second
9. Restart all the services to apply the changes



NOTE:
If you forget to import the certificates before integration MSAD. You are likely to get below error.

EPMCSS-05139: Failed to retrieve base DNs.Error communicating to server.IPaddress:636;socket closed.Invalid host,port value.




 
Share: