Skip to Content
author's profile photo Former Member
Former Member

SSO implemention in distributed environment / BO SDK

Hi All,

I am working on Single Sign On (SSO) implementation.

I have Jboss Application Server which my web application resides

and Business objects is resides on other Server

SSO is implemented in the Business Objects Server.

I can open the CMC from Internet Explorer without login on machine

I tried some steps from the Tim's Document

(http://www.sdn.sap.com/irj/boc/index?rid=/library/uuid/d0f6ac3c-b3ac-2b10-1b95-c9bd46194977):

1)Added bscLogin.conf and krb5.ini in Window folder

2)kinit.exe with my user id it works

3) Added in Java_OPTS in the JBoss Server :

-Djava.security.auth.login.config=C:WINDOWSscLogin.conf

-Djava.security.krb5.conf=C:WINDOWSkrb5.ini

-Dcrystal.enterprise.trace.configuration=verbose

-Dsun.security.krb5.debug=true

-Djcsi.kerberos.debug=true

Issues:

1)SDK login :

ISessionMgr mySesionMgr = CrystalEnterprise.getSessionMgr();

IEnterpriseSession eSession = mySesionMgr.logon("user", "pass", "ServerName", "secWinAD");

this doesn't work.

2)I checked this url which doesn't help very much.

http://www.sdn.sap.com/irj/boc/index?rid=/library/uuid/208ecaaa-7964-2b10-f2a8-94446a63c67f

Do i have to implement any other configuration in my Jboss Server..?

What should be the BO SDK logon

Can any body help me out.

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Best Answer
    Posted on May 05, 2011 at 03:54 PM

    Your code should look something like:

    <%@ page import="org.ietf.jgss.GSSCredential"%>
    <%@ page import="org.ietf.jgss.GSSManager"%>
    <%@ page import="com.businessobjects.sdk.credential.CredExtractor"%>
    
    <%
    
      IEnterpriseSession ceSession = null;
      String logonToken = null;
    
    
      //For Windows AD authentication the logon would be:
      GSSCredential creds = null;
      GSSManager manager = null;
            
      CredExtractor credExtractor = new CredExtractor(request);
      creds = credExtractor.GetCredential();
      manager = credExtractor.GetManager();
            
      ceSession = CrystalEnterprise.getSessionMgr().logon(creds, manager, "TCBOESP3.LMAUTH03.NET", "secWinAD");
    
    %>
    

    Your web.xml should be setup similar to this:

    
    
      <filter>
            <filter-name>authFilter</filter-name>
            <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>
    
            <init-param>
                <param-name>idm.realm</param-name>
                <param-value>LMAUTH03.NET</param-value>
            </init-param>
    
            <init-param>
                <param-name>idm.princ</param-name>
                <param-value>boadmin.test</param-value>
            </init-param>
    
            <init-param>
                <param-name>idm.allowUnsecured</param-name>
                <param-value>true</param-value>
            </init-param>
    
            <init-param>
                <param-name>idm.allowNTLM</param-name>
                <param-value>false</param-value>
            </init-param>
    
            <init-param>
                <param-name>idm.logger.name</param-name>
                <param-value>simple</param-value>
                <description>
                    The unique name for this logger.
                </description>
            </init-param>
    
            <init-param>
                <param-name>idm.logger.props</param-name>
                <param-value>error-log.properties</param-value>
                <description>
                    Configures logging from the specified file.
                </description>
            </init-param>
    
            <init-param>
                <param-name>error.page</param-name>
                <param-value>../logonNoSso.jsp</param-value>
                <description>
                    The URL of the page to show if an error occurs during authentication.
                </description>
            </init-param>
        </filter>
    
    
    <filter-mapping>
            	<filter-name>authFilter</filter-name>
    	<!-- <url-pattern>/sample/*</url-pattern> -->
    	<url-pattern>/logon/logonService.do</url-pattern>
    </filter-mapping>
    

    In the code we leverage some classes that InfoView uses to pull the Kerberos/Vintela info. The only other piece that is required is to leverage the authFilter of InfoView. The authFilter needs to be setup in the application context via the web.xml. As well the URL pattern of the authFilter needs to be set so that when the jsp page that is doing the logon is being run, that the filter is triggered. The filter config and mapping can be pulled from the web.xml in /InfoViewApp/WEB-INF/web.xml

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.