Oracle Business Intelligence 11g Overview of Action Framework

Antony Heljula Technical Architect

Peak Indicators Limited

Agenda

Action Framework Overview

Types of Action Navigate to BI Dashboard Conditions Action Links Invoke a Web Page (Run a Google Search) Invoke a Browser Script (Get Google Directions)

Further AF Examples

OBIEE Web Services Securing Web Services

Peak Indicators Limited

Action Framework

Action Framework is an exciting new feature of OBIEE 11g that provides the facility to invoke a wide variety of actions or processes directly within the UI This is a major enhancement, since OBIEE 10g is great for analysis but has limited capability for performing actions once your analysis is complete OBIEE 11g Action Framework enables you to:
Navigate to related Oracle BI content Invoke operations, functions, or processes in external systems

Actions can be initiated from:

Analyses Dashboard pages Agents (iBots in 10g) Balanced Scorecard objectives and initiatives KPIs
3

Peak Indicators Limited

Creating Actions

Actions can be created as re-usable objects:

Or you can create inline actions:

If you only want to use an Action once, you can define it directly within an analysis, dashboard page, agent, scorecard objective, scorecard initiative, or KPI. These inline actions are not re-usable
4

Peak Indicators Limited

Actions Types of Action

There are various things an Action can do!

Note: When integrated with Siebel CRM it is also possible to Navigate to Siebel CRM (Appears by default with 11.1.1.5)

Peak Indicators Limited

Examples Navigate to BI Content

This supersedes navigation in OBIEE 10g:

Peak Indicators Limited

Examples Conditions

It is possible to configure Action Links to appear conditionally

e.g. View Sales Order Details only appears if there are <500 Orders

Vision Nordics has >500 orders so it is only possible to navigate to a summary analysis

Vision UK and Ireland has <500 orders so it is possible to navigate to a detail analysis

Peak Indicators Limited

Examples Confirmation

You can also configure Action Links to request confirmation before invoking the action:

Peak Indicators Limited

Examples On Dashboards

Dashboard Pages can consist of Action Links and Action Link Menus

Peak Indicators Limited

Examples On Dashboards: Action Links

An Action Link dashboard object will show an individual Action

NOTE: The Action Link can be displayed conditionally

Peak Indicators Limited

10

Examples On Dashboards: Action Link Menus

An Action Link Menu dashboard object allows you to display a menu of multiple Action Links:

Peak Indicators Limited

11

Examples On KPIs

KPIs can be configured with multiple Action Links

The KPI Status can be used to determine which Action Links appear

Peak Indicators Limited

12

Examples On Balanced Scorecards

Balanced Scorecards can also be configured with multiple Action Links

The Objective or KPI Status can be used to determine which Action Links appear

Peak Indicators Limited

13

Examples Delivers Agents

You can initiate multiple Actions once a Delivers Agent has completed:

The Actions can be initiated for every row returned by the Agent!
You can map the columns returned by the Agent to each of the Actions parameters

Peak Indicators Limited

14

Further Examples

Peak Indicators Limited

15

Example 1 : Navigate to a Web Page

In this example, we will demonstrate how to initiate an Action to navigate to a web page and run a Google search for a customer!

Peak Indicators Limited

16

Example 1 : Navigate to a Web Page Notes

The first thing to do is build a sample URL that achieves what you need For example, the following URL will run a Google search on Oracle Corporation:

http://www.google.co.uk/search?q=Oracle Corporation

Peak Indicators Limited

17

Example 2 : Invoke a Web Service

In this example, we will demonstrate to how to create an Action that will invoke a web service directly from a Dashboard

The Action will be called Adjust Sales Forecast will invoke a web service to modify a Sales Reps forecast target:

Peak Indicators Limited

18

Example 2 : Invoke a Web Service Notes

In order to invoke a web service, you typically need the URL for its Web Service Description Language (WSDL)

The owner of the site hosting the web service should be able to provide you with his

The WSDL returns an XML file providing details on all the web services that are available, such as the operations available and the parameters that need to be passed For example, our web service has the following WSDL:

http://obiee11g:7001/Adjust_Sales_Forecast-Adjust_Sales_Forecast-contextroot/Adjust_Sales_ForecastPort?WSDL

NOTE:
It is possible for the OBIEE administrator to set up a Registry containing a list of available web services, this means you dont need to provide the WSDL URL Setting up of this Registry will be discussed during a later topic

Peak Indicators Limited

19

Example 3 : Invoke a Browser Script

In this example, a Get Directions Action will be used to invoke a piece of browser script (Javascript) that will open Google Maps and show you the directions between your chosen location and the customer!

Peak Indicators Limited

20

Example 3 : Invoke a Browser Script Notes

The following URL can be generated to get directions using Google Maps:

http://maps.google.co.uk/maps?&saddr={p1}&daddr={p2}

Parameters p1 and p2 can be anything such as a postcode or a set of Lang/Long co-ordinates (in the format Lat,Long)
In our example, we will pass 3 parameters to our javascript function:

Your location Latitude of customer Longitude of customer

The javascript function will concatenate the Lat/Long coordinates together and pass them to Google Maps as a single parameter

Peak Indicators Limited

21

Example 3 : Invoke a Browser Script Notes

There is a UserScript.js file provided on the OBIEE server in which you must place your custom Javascript functions

UserScript.js is located in the following location on the OBIEE server:

[bi_server1] \bi_server1\tmp\_WL_user\analytics_11.1.1\xxxxx\war\res\b_mozilla\actions

NOTE: the [bi_server1] path is the following location:

[Middleware Home]\user_projects\domains\bifoundation_domain\servers\bi_server1

Peak Indicators Limited

22

Example 3 : Invoke a Browser Script Notes

There is a special syntax for the UserScript.js file

For each Action you actually provide two separate Javascript functions!

The 1st function contains the actual code:

The function accepts a single array of input parameters

Function name must be prefixed with USERSCRIPT.

USERSCRIPT.getdirections = function(params) { var googleURL = "http://maps.google.co.uk/maps?&saddr=" + params.your_loc + "&daddr=" Your refer to input + params.dest_lat parameters in the format: + "," array.parameter + params.dest_long; window.open(googleURL,"GetDirections");
};

Peak Indicators Limited

23

Example 3 : Invoke a Browser Script Notes

The 2nd function is used to define your input parameters

OBIEE uses this to automatically know which parameters are required

It has the following format (in this case we are defining 3 input parameters):

The function has the same name as before, but has the postfix .publish

Each parameter has 3 elements: 1) Variable name 2) Description 3) Default Value

USERSCRIPT.getdirections.publish = { parameters:[ new USERSCRIPT.parameter("your_loc" , "Your Location" ,""), new USERSCRIPT.parameter("dest_lat" , "Latitude Destination" ,""), new USERSCRIPT.parameter("dest_long", "Longitude Destination",""), ] };

Peak Indicators Limited

24

OBI EE Web Services

Peak Indicators Limited

25

OBIEE Web Services

OBIEE 11g comes equipped with a wide range of web services There are two different types:

Session based web services Web services for SOA

(new with OBIEE 11g)

Refer to the OBIEE 11g Integrators Guide for detailed information:

http://download.oracle.com/docs/cd/E14571_01/bi.1111/e16364/toc.htm

Peak Indicators Limited

26

Session Based OBIEE Web Services

There are a variety of OBIEE session based web services are available:

HtmlViewService iBotService MetadataService ReplicationService ReportEditingService SAWSessionService SecurityService WebCatalogService XMLViewService

- obtain HTML to render BI dashboards/reports - initiate iBots - Retrieve info on Subject Areas, Tables, Columns - Replication between Presentation Catalogues - Add filter and other conditions to BI requests - Login, Logoff, Impersonate authentication functions - Identify BI EE accounts and privileges - Browsing and Managing the Presentation Catalogue - Retrieve Oracle BI query results in XML format

Each of these web services contain one or more methods They are referred to as session based because you have to establish a session with OBIEE first before you can use them (you need to pass in a valid Session Id) The Web Service Definition Language (WSDL) format for Oracle BI web services can be obtained using the following example URL:

http://localhost:9704/analytics/saw.dll?WSDL
27

Peak Indicators Limited

Session Based OBIEE Web Services XML Results

When returning results in XML format, the structure is as follows:

It is also possible to specify a parameter to return the meta-data for each column of data returned e.g. name, data format, length etc
28

Peak Indicators Limited

Session Based OBIEE Web Services Encapsulating into Workflows

To satisfy a particular requirement, normally a number of BI EE web services will have to be called in sequence e.g.
Log in / Authenticate Obtain results in XML format Log off

(SAWSessionService) (XMLViewService) (SAWSessionService)

This means you have to programmatically call the web services one after the other

You log in to obtain the Session Id You call the next web service and pass the Session Id in as a parameter You call the next web service

These session based web services are therefore not too compatible with Action Framework on their own

Action Framework initiates individual Actions with no connection between them

29

Peak Indicators Limited

Session Based OBIEE Web Services Encapsulating into Workflows

It could be advisable therefore to encapsulate the sequence into a BPEL workflow:

BPEL workflow will orchestrate the initiation of the BI EE web services

The BPEL workflow will itself then be presented as a web service

Action Framework can then initiate this single Action

This is where Oracle BPEL and SOA Suite come into play....we will discuss more about this later.

Peak Indicators Limited

30

OBIEE Web Services for SOA

OBIEE Web Services for SOA are quite different to the Session Based web services. There are three actions available:
Execute Agent Execute Condition Execute Analysis

You dont need to pass in a valid Session Id to use them

They are still secured using a username/password in the credential store

Prompted filters and presentation variables included in the business intelligence objects are supported

For example: if your Analysis has 3 Is Prompted filters then you can pass values in for these at run-time

Only XML results are returned

31

Peak Indicators Limited

OBIEE Web Services for SOA WSIL..not WSDL

Instead of being provided with a WSDL URL, you are in fact provided with a WSIL (Web Service Inspection Language) URL:

http://localhost:9704/biservices/inspection?wsil

This allows OBIEE to dynamically build up the set of web services available based upon the objects in the BI Presentation Catalogue. If you open up the WSIL URL in a browser, you can see that you are able to browse through the catalogue structure and youll find a web service for each Analysis, Condition and Agent!

Peak Indicators Limited

32

OBIEE Web Services for SOA Example

Consider this example where we have an Agent called Sales History Agent We want to use Action Framework to invoke it

Peak Indicators Limited

33

OBIEE Web Services for SOA Create Action : Invoke a Web Service

Create a new Action of type Invoke a Web Service You can then browse through the catalog and invoke the web service associated with your Agent!

The path to our Agent is: /shared/Agents/Sales History Agent Here is the web service associated with the Agent

Peak Indicators Limited

34

OBIEE Web Services for SOA Configure Parameters

There are two parameters to configure, you can leave them Optional:
Session Country Session Language

Peak Indicators Limited

35

OBIEE Web Services for SOA Execute the Action!

Execute the Action and see the Alerts! link appear:

Peak Indicators Limited

36

OBIEE Web Services for SOA Configuration

There is some configuration required in order to use OBIEE Web Services for SOA

Firstly, you have to configure the FMW credential store with the username/password that will be used to browse the web services available

This account will always be used for browsing the web services, so users can only execute Actions on objects stored in Shared folders

Secondly we will configure the ActionFrameworkConfig.xml file with details such as:
The WSIL URL to use for browsing the web services The authentication policy to determine what credentials etc are required to invoke the web services

Peak Indicators Limited

37

OBIEE Web Services for SOA Configuration : Step 1

Open up Enterprise Manager and navigate to:

WebLogic Domain > bifoundation_domain

Then choose the menu option Security > Credentails

Peak Indicators Limited

38

OBIEE Web Services for SOA Configuration : Step 2

Within the oracle.bi.enterprise map, create a new credential key:

Key: Username: Password:

wsil.browsing weblogic welcome1

} for example }

Peak Indicators Limited

39

OBIEE Web Services for SOA Configuration : Step 3

Create a new file called wss_username_token_policy.xml and paste in the following contents:
<?xml version="1.0" encoding="UTF-8"?> <oracle-webservice-clients> <webservice-client> <port-info> <policy-references> <policy-reference uri="oracle/log_policy" category="management"/> <policy-reference uri="oracle/wss_username_token_client_policy" category="security"/> </policy-references> </port-info> </webservice-client> </oracle-webservice-clients>

Save the file in the following location:

[Middleware Home]\user_projects\domains\bifoundation_domain\config\fmwconfig\biinstances\coreapplication

Peak Indicators Limited

40

OBIEE Web Services for SOA Configuration : Step 4

Within the same folder, open up the ActionFrameworkConfig.xml file for editing

Configure the <Registries> tags to contain the following registry:

You should ensure the ?WSIL path is correct

<registries> <registry> <id>WS4SOA</id> <name>OBIEE Web Services for SOA</name> <content-type>webservices</content-type> <provider-class>oracle.bi.action.registry.wsil.WSILRegistry</provider-class> <description></description> <location> <path>http://localhost:9704/biservices/inspection?wsil</path> </location> <service-access> <account>wsil.browsing</account> <policy>wss_username_token_policy</policy> <propagateIdentity>false</propagateIdentity> </service-access> </registry> </registries>

Peak Indicators Limited

41

OBIEE Web Services for SOA Configuration : Step 5

Then configure the <Accounts> and <Policies> tags to contain the following configuration

You should not need to edit anything

<accounts> <account> <name>wsil.browsing</name> <description>Account for BI WS for SOA</description> <adminonly>false</adminonly> <credentialkey>wsil.browsing</credentialkey> <credentialmap>oracle.bi.enterprise</credentialmap> </account> </accounts> <policies> <policy> <name>wss_username_token_policy</name> <policyfile>wss_username_token_policy.xml</policyfile> </policy> </policies>

Peak Indicators Limited

42

OBIEE Web Services for SOA Configuration : Step 6

Save the ActionFrameworkConfig.xml file Restart the following processes:

BI Presentation Services Weblogic managed server bi_server1

Peak Indicators Limited

43

OBIEE Web Services for SOA Configuration : Step 7

Test! You should now be able to create an Action and see that the web services are automatically available for you to choose and execute:

Peak Indicators Limited

44

OBIEE Web Services for SOA Important Note!

Without further configuration, all the Web Services for SOA will be invoked as the same wsil.browsing account
Everyone has the same visibility of the common Shared Folders area Everyone has the same visibility of the users own My Folders area Common data visibility for all users

However, with further configuration it is possible to secure the web services to run as the user who is invoking the web service rather than the common wsil.browsing account We will be dealing with securing web services in a later topic.

Peak Indicators Limited

45

Securing Web Services

Peak Indicators Limited

46

Securing Web Services

The securing of web services is obviously a very important topic

If youre not careful, by default your custom web services will have no security so anyone can invoke them from anywhere!

You can secure web services within OWSM or within WebLogic. You secure a web service by assigning one or more WS Policies

In the example below, the ExecuteAgent web service has a security policy which enforces authentication using a username and password (Token):

Peak Indicators Limited

47

Securing Web Services Policies

There are two types of policy that can be attached to web services:

Oracle Web Services Manager (WSM) Policy

Policy provided by the OWSM You can only attach OWSM security policies to JAX-WS Web services You manage OWSM policies from with Oracle Enterprise Manager Fusion Middleware Control

WebLogic Web Service Policy

Policy provided by WebLogic Server A subset of WebLogic Web service policies interoperate with Oracle WSM policies You manage WebLogic Web service policies from the WebLogic Admin Console

NOTE:

It is recommended that you use OWSM policies over WebLogic policies whenever possible. You cannot mix your use of Oracle WSM and WebLogic Web service policies on the same web service
48

Peak Indicators Limited

Securing Web Services Predefined Policies

OWSM and WebLogic come with many predefined policies! The one to use largely depends on the customers needs:

As a general rule though you can simply consider the policies mentioned on the next slides
49

Peak Indicators Limited

Securing Web Services Username / Password (Token)

By default, all the OBIEE Web Services for SOA are configured with a policy that requires a valid Username / Password credentials to be passed through:

The credentials are checked against whatever Identity Provider(s) is configured in WebLogic (by default, it will be its own embedded LDAP store)

In the case of OBIEE 11g, the credentials passed are stored in the Credential Store administered within Enterprise Manager (WebLogic Domain > Security > Credentials):

Peak Indicators Limited

50

Securing Web Services Username / Password (Token)

Although the policy wss_username_token_service_policy secures authentication, it does not cover all security aspects:

Confidentiality:

There is no use of public/private keys so the messages are not encrypted (usernames/passwords are not even encrypted)

Integrity:

The messages are not digitally signed, so you cannot guarantee the authenticity of the messages

NOTE: a private key is actually used to digitally sign messages

Peak Indicators Limited

51

Securing Web Services Username / Password (Token) with Message Protection

OWSM provides another policy wss_username_token_with message_protection_service_policy:

This security policy is much more secure:

Username/password credentials must be supplied XML Messages are encrypted using public/private key XML Messages are digitally signed using the private key

The downside is that you always have to supply a password!

You can use the Credential Store for this purpose, but it means you are always passing over the same credentials no matter which user is invoking the service

Peak Indicators Limited

52

Securing Web Services SAML Token with Message Protection

OWSM provides alternative policy wss11_saml_token_with message_protection_service_policy:

Instead of requiring a password, the client passes over a certificate which is then verified by the server (the server has a key store containing all the valid certificates) This security policy is also very secure:

Only clients with a trusted certificate are allowed XML Messages are encrypted using public/private key XML Messages are digitally signed using the private key

The benefit is that the username of the invoking user is propagated, so this policy supports the need for a service to run as different users. The downside is that the server has to trust that the user is valid. This method is commonly used by partners who need to integrate across the web and can trust each other NOTE: The propagated user must have an entry in the recipients LDAP store
53

Peak Indicators Limited

Securing Web Services X509 Token with Message Protection

OWSM provides alternative policy wss11_saml_token_with message_protection_service_policy:

Instead of requiring a password, an X.509 certificate is passed over to the server to verify that the user has been authenticated and can be trusted (X.509 is commonly used in SSO applications) This security policy is also very secure:

Only clients with a valid X.509 certificate allowed XML Messages are encrypted using public/private key XML Messages are digitally signed using the private key

The username of the invoking user is propagated, so this policy supports the need for a service to run as different users. X.509 is a stronger and more secure form of SSO compared to SAML. Each user has a certificate which is tied to an individual entry in the companys LDAP store
54

Peak Indicators Limited

Helping Your Business Intelligence Journey

Peak Indicators Limited