cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

3rd-party authentication for BusinessObjects 4.2

former_member346764
Discoverer

on ‎10-07-2019 11:04 AM

0 Kudos

Hello, All,

We have a Web application that is capable of authenticating users using Active Directory.

The application contains links to the BusinessObjects Webi reports (BusinessObjects and the bundled Tomcat are running on a different server). The aim is to avoid entering credentials for BusinessObjects when the Web Application user clicks on the URL to open a BO report.

I read articles about the Trusted Authentication but it seem it is about something else .

What would be the correct way to implement the scenario I've described?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member346764
Discoverer
‎10-07-2019 12:37 PM
0 Kudos

Thanks, Tim,

I've just managed to configure SSO for Chrome and Firefox.

The Trusted Authentication method seems to be vulnarable as the user name can be injected by an appropriate person. Is it correct?

Show replies
Show replies
BasicTek
Advisor
Advisor
‎10-17-2019 12:18 PM
0 Kudos

We always recommend securing trusted authentication with SSL possibly even IP restriction. The "security" would depend on how our customers secure it. loosely implemented it would be susceptible. It's been said when using trusted authentication that we "trust" that customer authentication is doing the correct thing. In otherwords if the customer authentication is capable of sending incorrect username then you would have a security problem... SAML and ADFS should be much better but even the AD SSO and HTTP header canm be secured properly via SSL.

-Tim

BasicTek
Advisor
Advisor
‎10-07-2019 11:39 AM
0 Kudos

Since you are using AD the normal approach is to setup AD SSO on BI https://apps.support.sap.com/sap/support/knowledge/preview/en/2629070, when the users come in direct or are redirected from your application they will get challenged by AD again (rather than passing the value from your app to ours).

If you were interested in passing the username from your application to BI then you would want to do that via trusted authentication (this is typically done when AD SSO is not possible such as users that are not logged into a trusted domain are accessing BI).

-Tim

Show replies
Show replies
Ask a Question