Skip to Content
avatar image
Former Member

Open Document using logon token

I generated a logon token which is something like below using RESTful API code :


Using this i am trying to access a document on the BI server, like



However it still asks for credentials.

Without giving the credentials, is it possible to access a document using the logontoken

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Apr 27, 2017 at 05:08 PM


    logonToken = invocation.getResponseHeader('X-SAP-LogonToken');
    logonToken = logonToken.substring(1,logonToken.length-1);
    logonToken = encodeURIComponent(logonToken);


    The invocation.getResponseHeader(X-SAP-LogonToken') call returns the logon token enclosed in double quotes. The token must be URI encoded before passing to openDocument, however the enclosing double quotes must not be URI encoded.

    The above call might return a value such as:


    If this string (including the quotes) is URIencoded, you'll get:

    The "%22"s on each end are from the double quotes, and will cause openDocument to not recognize the token. So, the double quotes need to be removed before encoding.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 02, 2017 at 09:22 AM

    Hi Deepak,

    Your code looks correct.

    However, I am seeing a decodeURI function has been called in your code.

    This function is used for decode the URI.

    Suppose, I have the following piece of code:

    var uri = "my test.asp?name=ståle&car=saab";
    var enc = encodeURI(uri);
    var dec = decodeURI(enc);

    Then response would be like below:

    Encoded URI: my%20test.asp?name=st%C3%A5le&car=saab
    Decoded URI: my test.asp?name=ståle&car=saab

    In your piece of code, try replacing the decodeURI with encodeURI & give it a try. Joe also mentioned that you have to encode the URI. Also you have to apply a fiddler trace to capture the URI/URL generated through code & use directly in browser to check weather the URI/URL generated through RESTful web services correct or not.

    Is this issue is browser specific? Have you tried executing the same workflow using any other browser. Internet Explorer have the character limitation of URL/URI. Keep track how long your URL/URI is generated.

    Hope this will give you some pointers to troubleshoot the issue.



    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      These were the missing steps:

      logonToken = invocation.getResponseHeader('X-SAP-LogonToken');

      //remove double codes from Token

      logonToken = logonToken.replace(/(^")|("$)/g, '');

      //encode Token

      logonToken = encodeURIComponent(logonToken);

      Then return this LogonToken

  • avatar image
    Former Member
    Apr 28, 2017 at 10:54 AM

    <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>

    <%@page import="com.crystaldecisions.enterprise.ocaframework.idl.OCCA.OCCAs.SessionManager"%>

    <%@ page import="com.crystaldecisions.sdk.framework.ISessionMgr" %>

    <%@ page import="com.crystaldecisions.sdk.framework.IEnterpriseSession" %>

    <%@ page import="com.crystaldecisions.sdk.framework.CrystalEnterprise" %>

    <%@ page import="" %>

    <%@ page import="com.crystaldecisions.sdk.exception.SDKException" %>

    <%@ page import="" %>">



    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

    <title>Insert title here</title>

    <script type="text/javascript">

    function generateToken()


    var invocation = new XMLHttpRequest();

    var url = 'http://Server:6405/biprws/logon/long';

    var body = '"> Admin

    <attr name="password" type="string">Abcd1234</attr> <attr name="auth" type="string" possibilities="secEnterprise">secEnterprise</attr> </attrs>';

    var logonToken;'POST', url, false);

    invocation.setRequestHeader('X-PINGARUNER', 'pingpong');

    invocation.setRequestHeader('Content-Type', 'application/xml');

    invocation.setRequestHeader('Accept', 'application/xml');

    invocation.send(body); logonToken = decodeURI(invocation.getResponseHeader('X-SAP-LogonToken'));


    return logonToken;






    function apply()


    var tokenVal = generateToken();

    window.location = ("http://Server:8080/BOE/OpenDocument/opendoc/openDocument.jsp?sIDType=CUID&iDocID=ATacD4.rsaEcdE1LsL_OpLKR5fU&token="+tokenVal);






    This is my entire code, even after this I am prompted for User name and password, Am i doing anything wrong here.

    Add comment
    10|10000 characters needed characters exceeded