I have been asked to add to layer secure access to business objects Xi (Web access)
One layer is of course, the Business Objects Enterprise authentication.
The second layer is using a method currently used within the department "Crypto Card" which is a logon using a random number supplied by a key phob.
However, although it works in part
Crypto card login > authenticated > InfoView Login > Authenticate > access to Infoview granted.
There is a hole in the security in that if I save the InfoView Login page URL as a favourite, I can bypass the Crypto card login.
Is the any of the files I can edit in Business Object that will let me redirect the user to the Crypto Card login instead of the Info View login if they have no session created.
Please advise.