Skip to Content

3rd-party authentication for BusinessObjects 4.2

Hello, All,

We have a Web application that is capable of authenticating users using Active Directory.

The application contains links to the BusinessObjects Webi reports (BusinessObjects and the bundled Tomcat are running on a different server). The aim is to avoid entering credentials for BusinessObjects when the Web Application user clicks on the URL to open a BO report.

I read articles about the Trusted Authentication but it seem it is about something else .

What would be the correct way to implement the scenario I've described?

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Posted on Oct 07, 2019 at 10:39 AM

    Since you are using AD the normal approach is to setup AD SSO on BI https://apps.support.sap.com/sap/support/knowledge/preview/en/2629070, when the users come in direct or are redirected from your application they will get challenged by AD again (rather than passing the value from your app to ours).

    If you were interested in passing the username from your application to BI then you would want to do that via trusted authentication (this is typically done when AD SSO is not possible such as users that are not logged into a trusted domain are accessing BI).

    -Tim

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Oct 07, 2019 at 11:37 AM

    Thanks, Tim,

    I've just managed to configure SSO for Chrome and Firefox.

    The Trusted Authentication method seems to be vulnarable as the user name can be injected by an appropriate person. Is it correct?

    Add a comment
    10|10000 characters needed characters exceeded

    • We always recommend securing trusted authentication with SSL possibly even IP restriction. The "security" would depend on how our customers secure it. loosely implemented it would be susceptible. It's been said when using trusted authentication that we "trust" that customer authentication is doing the correct thing. In otherwords if the customer authentication is capable of sending incorrect username then you would have a security problem... SAML and ADFS should be much better but even the AD SSO and HTTP header canm be secured properly via SSL.

      -Tim

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.