I posted same question to support and posting to the public forums too to see if someone else has experienced similar.

We are trying to expose BOE (Version 4 SP6) Documents/Reports inside an internal/custom Web application. Users are already authenticated to our Web application, so we try to do a SSO integration, where they don't have to login again to see the reports, but have our application trusted by BOE server and login users to BOE automatically.

We think the Trusted Authentication method would work for this so we configured the CMS server as such and generated a TrustePrincipal.conf file. We built a simple Spring Boot Java app that is using the BOE Java SDK and takes an environment variable with the folder where the TrustedPrincipal.conf is located

-Dbobj.trustedauth.home=C:/proj/resources

The Java app calls this method to authenticate:

trustedPrincipal = sessionMgr.createTrustedPrincipal(“johns”, "ourCmsServer:6400" );

The method returns this error:

Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)

We looked in the log files generated by the server for this operation and see these messages in a sequence:

• BCM error: Could not finish CCL decryption
• failed UTF8 -> UCS2 conversion
• CEnterprise::AcceptLogin: SCrypt: failed to decrypt client's request for trusted authentication.
• Invalid password for user johns

We are not sure how to troubleshoot this further. Can’t tell if our Java app is reading the TrustedPrincipal.conf file correctly and if the secret it contains is sent to the server. We tried to use an overload of the “createTrustedPrincipal” that takes the secret in the .conf file as the third argument, but that did not work either, the results were the same. We need help to troubleshoot this and make the trusted authentication work. Thank you