If you have not configured reports with Oracle Single Sign-on, Oracle report server explicitly requires username and password when report is called using Web.Show_document(). Username and password is required in report calling URL, for example following method calls a reports using Web.Show_Documnet().
Web.Show_Document('http://domainname.com:8090/reports/rwservlet?userid=username/password@db& server=ReportsServer_1&desformat=PDF&destype=cache&report=report.rdf¶mform=yes','_blank');
In above call username and password are visible in URL, causing security problem. Oracle has provieded serveral methods to resolve this problem, one of these solution is to define keymapping in CGICMD.DAT file. In Reports services 11g this file is located at following location
$DOMAIN_HOME/servers/WLS_REPORTS/stage/reports/reports/configuration/cgicmd.dat
In Oracle Reports services 10g this file can be located in reportsconf directory.
To define a key mapping, append follwing line at the end of the file
userlogin: userid=username/password@db %*
Restart reports server/Managed server, now you can call your report using following URL
Web.Show_Document('http://domainname.com:8090/reports/rwservlet?userlogin&server=ReportsServer_1&desformat=PDF&destype=cache&report=report.rdf¶mform=yes','_blank');
You can define key mapping for as many parameter as you need using following syntax,
userlogin: userid=username/password@db server=ReportsServer_1 desformat=PDF destype=cache %*
If reports have been configured with SSO, simply pass ssoconn=config parameter in reports calling URL, here config is the Resource Access Descriptor defined in OID. This parameter will automatically get login information from Oracle Internet Directory.
Reference: http://download.oracle.com/docs/cd/E12839_01/bi.1111/b32121/pbr_run013.htm