on 05-05-2011 4:36 PM
Hi All,
I am working on Single Sign On (SSO) implementation.
I have Jboss Application Server which my web application resides
and Business objects is resides on other Server
SSO is implemented in the Business Objects Server.
I can open the CMC from Internet Explorer without login on machine
I tried some steps from the Tim's Document
(http://www.sdn.sap.com/irj/boc/index?rid=/library/uuid/d0f6ac3c-b3ac-2b10-1b95-c9bd46194977):
1)Added bscLogin.conf and krb5.ini in Window folder
2)kinit.exe with my user id it works
3) Added in Java_OPTS in the JBoss Server :
-Djava.security.auth.login.config=C:WINDOWSscLogin.conf
-Djava.security.krb5.conf=C:WINDOWSkrb5.ini
-Dcrystal.enterprise.trace.configuration=verbose
-Dsun.security.krb5.debug=true
-Djcsi.kerberos.debug=true
Issues:
1)SDK login :
ISessionMgr mySesionMgr = CrystalEnterprise.getSessionMgr();
IEnterpriseSession eSession = mySesionMgr.logon("user", "pass", "ServerName", "secWinAD");
this doesn't work.
2)I checked this url which doesn't help very much.
http://www.sdn.sap.com/irj/boc/index?rid=/library/uuid/208ecaaa-7964-2b10-f2a8-94446a63c67f
Do i have to implement any other configuration in my Jboss Server..?
What should be the BO SDK logon
Can any body help me out.
Your code should look something like:
<%@ page import="org.ietf.jgss.GSSCredential"%>
<%@ page import="org.ietf.jgss.GSSManager"%>
<%@ page import="com.businessobjects.sdk.credential.CredExtractor"%>
<%
IEnterpriseSession ceSession = null;
String logonToken = null;
//For Windows AD authentication the logon would be:
GSSCredential creds = null;
GSSManager manager = null;
CredExtractor credExtractor = new CredExtractor(request);
creds = credExtractor.GetCredential();
manager = credExtractor.GetManager();
ceSession = CrystalEnterprise.getSessionMgr().logon(creds, manager, "TCBOESP3.LMAUTH03.NET", "secWinAD");
%>
Your web.xml should be setup similar to this:
<filter>
<filter-name>authFilter</filter-name>
<filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>
<init-param>
<param-name>idm.realm</param-name>
<param-value>LMAUTH03.NET</param-value>
</init-param>
<init-param>
<param-name>idm.princ</param-name>
<param-value>boadmin.test</param-value>
</init-param>
<init-param>
<param-name>idm.allowUnsecured</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>idm.allowNTLM</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>idm.logger.name</param-name>
<param-value>simple</param-value>
<description>
The unique name for this logger.
</description>
</init-param>
<init-param>
<param-name>idm.logger.props</param-name>
<param-value>error-log.properties</param-value>
<description>
Configures logging from the specified file.
</description>
</init-param>
<init-param>
<param-name>error.page</param-name>
<param-value>../logonNoSso.jsp</param-value>
<description>
The URL of the page to show if an error occurs during authentication.
</description>
</init-param>
</filter>
<filter-mapping>
<filter-name>authFilter</filter-name>
<!-- <url-pattern>/sample/*</url-pattern> -->
<url-pattern>/logon/logonService.do</url-pattern>
</filter-mapping>
In the code we leverage some classes that InfoView uses to pull the Kerberos/Vintela info. The only other piece that is required is to leverage the authFilter of InfoView. The authFilter needs to be setup in the application context via the web.xml. As well the URL pattern of the authFilter needs to be set so that when the jsp page that is doing the logon is being run, that the filter is triggered. The filter config and mapping can be pulled from the web.xml in /InfoViewApp/WEB-INF/web.xml
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Adam,
Thanks for your help.
I have changed my Jsp and web.xml as per your response.
I am facing some issue with the Filter authFilter
Question :
<init-param>
<param-name>idm.princ</param-name>
<param-value>boadmin.test</param-value>
</init-param>
boadmin.test should be the SPN user name configured on BO Server
or it can be my any user id in Active direcorty which works with KINIT.exe ...?
Thanks,
Sree
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.