cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO implemention in distributed environment / BO SDK

Go to solution
Former Member

on ‎05-05-2011 4:36 PM

0 Kudos

Hi All,

I am working on Single Sign On (SSO) implementation.

I have Jboss Application Server which my web application resides

and Business objects is resides on other Server

SSO is implemented in the Business Objects Server.

I can open the CMC from Internet Explorer without login on machine

I tried some steps from the Tim's Document

(http://www.sdn.sap.com/irj/boc/index?rid=/library/uuid/d0f6ac3c-b3ac-2b10-1b95-c9bd46194977):

1)Added bscLogin.conf and krb5.ini in Window folder

2)kinit.exe with my user id it works

3) Added in Java_OPTS in the JBoss Server :

-Djava.security.auth.login.config=C:WINDOWSscLogin.conf

-Djava.security.krb5.conf=C:WINDOWSkrb5.ini

-Dcrystal.enterprise.trace.configuration=verbose

-Dsun.security.krb5.debug=true

-Djcsi.kerberos.debug=true

Issues:

1)SDK login :

ISessionMgr mySesionMgr = CrystalEnterprise.getSessionMgr();

IEnterpriseSession eSession = mySesionMgr.logon("user", "pass", "ServerName", "secWinAD");

this doesn't work.

2)I checked this url which doesn't help very much.

http://www.sdn.sap.com/irj/boc/index?rid=/library/uuid/208ecaaa-7964-2b10-f2a8-94446a63c67f

Do i have to implement any other configuration in my Jboss Server..?

What should be the BO SDK logon

Can any body help me out.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Adam_Stone
Active Contributor
‎05-05-2011 4:54 PM
0 Kudos

Your code should look something like:


<%@ page import="org.ietf.jgss.GSSCredential"%>
<%@ page import="org.ietf.jgss.GSSManager"%>
<%@ page import="com.businessobjects.sdk.credential.CredExtractor"%>

<%

  IEnterpriseSession ceSession = null;
  String logonToken = null;


  //For Windows AD authentication the logon would be:
  GSSCredential creds = null;
  GSSManager manager = null;
        
  CredExtractor credExtractor = new CredExtractor(request);
  creds = credExtractor.GetCredential();
  manager = credExtractor.GetManager();
        
  ceSession = CrystalEnterprise.getSessionMgr().logon(creds, manager, "TCBOESP3.LMAUTH03.NET", "secWinAD");

%>

Your web.xml should be setup similar to this:




  <filter>
        <filter-name>authFilter</filter-name>
        <filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>

        <init-param>
            <param-name>idm.realm</param-name>
            <param-value>LMAUTH03.NET</param-value>
        </init-param>

        <init-param>
            <param-name>idm.princ</param-name>
            <param-value>boadmin.test</param-value>
        </init-param>

        <init-param>
            <param-name>idm.allowUnsecured</param-name>
            <param-value>true</param-value>
        </init-param>

        <init-param>
            <param-name>idm.allowNTLM</param-name>
            <param-value>false</param-value>
        </init-param>

        <init-param>
            <param-name>idm.logger.name</param-name>
            <param-value>simple</param-value>
            <description>
                The unique name for this logger.
            </description>
        </init-param>

        <init-param>
            <param-name>idm.logger.props</param-name>
            <param-value>error-log.properties</param-value>
            <description>
                Configures logging from the specified file.
            </description>
        </init-param>

        <init-param>
            <param-name>error.page</param-name>
            <param-value>../logonNoSso.jsp</param-value>
            <description>
                The URL of the page to show if an error occurs during authentication.
            </description>
        </init-param>
    </filter>


<filter-mapping>
        	<filter-name>authFilter</filter-name>
	<!-- <url-pattern>/sample/*</url-pattern> -->
	<url-pattern>/logon/logonService.do</url-pattern>
</filter-mapping>

In the code we leverage some classes that InfoView uses to pull the Kerberos/Vintela info. The only other piece that is required is to leverage the authFilter of InfoView. The authFilter needs to be setup in the application context via the web.xml. As well the URL pattern of the authFilter needs to be set so that when the jsp page that is doing the logon is being run, that the filter is triggered. The filter config and mapping can be pulled from the web.xml in /InfoViewApp/WEB-INF/web.xml

Show replies
Show replies
Former Member
‎05-09-2011 1:51 PM
0 Kudos

Dear Adam,

Thanks for your help.

I have changed my Jsp and web.xml as per your response.

I am facing some issue with the Filter authFilter

Question :

<init-param>

<param-name>idm.princ</param-name>

<param-value>boadmin.test</param-value>

</init-param>

boadmin.test should be the SPN user name configured on BO Server

or it can be my any user id in Active direcorty which works with KINIT.exe ...?

Thanks,

Sree

ted_ueda
Employee
Employee
‎05-09-2011 3:56 PM
0 Kudos

It's the Kerberos service principal.

The best recommendation is to refer to the SAP BusinessObjects Enterprise Admin Guide, and/or use the same settings as you've set for InfoView.

Sincerely,

Ted Ueda

Answers (0)

Ask a Question