Previous Topic: CA Fix to Permit Backslashes in BusinessObjects User NamesNext Topic: Configure Integration with BusinessObjects

Reports Integration GuideDeploymentSet up Trusted Authentication

Set up Trusted Authentication

Trusted authentication allows users to log on to a system once, without needing to provide passwords several times during a session. In the case of CA Data Protection and BusinessObjects Enterprise, it means that users do not need to log on separately to BusinessObjects when they run a BusinessObjects report or launch InfoView from the iConsole.

To finish setting up trusted authentication between the iConsole and BusinessObjects Enterprise, you need to supply the BusinessObjects server and clients with the shared secret. This shared secret is the same one that you supplied when you installed BOE Integration on your iConsole front-end web servers.

Note: Trusted authentication between CA Data Protection and BusinessObjects Enterprise only works if each iConsole reviewer has their own, unique BusinessObjects user account. For details, see Map CA Data Protection Reviewers to BusinessObject Accounts.

To configure the BusinessObjects server to use Trusted Authentication

  1. Log on to the Central Management Console (CMC) with administrative rights.
  2. Go to the Management, Authentication area of the CMC.
  3. Click the Enterprise tab.
  4. Scroll down until you see Trusted Authentication.
  5. Click 'Trusted Authentication is enabled'.
  6. Enter a string in the Shared Secret field.

    This must be the same Shared Secret string that you supplied when you installed the BOE Integration feature.

    Note: The shared secret is used by the BusinessObjects CMS and its clients to establish trust. These clients are the InfoView web portal and OpenDoc client-side server processes.

  7. Specify how many days the shared secret is valid for in the Shared Secret Validity Period field.
  8. Specify a timeout value (in milliseconds) for your trusted authentication requests.

    Note: The timeout value is the maximum amount of time, in milliseconds, that the clocks on the iConsole and BusinessObjects server can differ. If you enter 0, the amount of time the two clock times can differ is unlimited. We do not recommend setting this value to 0 because this may increase your vulnerability to replay attacks.

  9. Click Update.
  10. Now configure the BusinessObjects clients.

To configure the BusinessObjects clients to use Trusted Authentication

Note: The 'CMS' in these instructions is the BusinessObjects Central Management Server, which manages the entire BusinessObjects Enterprise system. Do not confuse this BusinessObjects CMS with the CA Data Protection Central Management Server.

You can use the following procedure for both the InfoView and OpenDocument web applications.

  1. Locate the 'BusinessObjects Enterprise 12.0' subfolder. The default locations are:
    32-bit Operating Systems

    C:\Program Files\CA\SC\CommonReporting3\BusinessObjects Enterprise 12.0

    64-bit Operating Systems

    C:\Program Files (x86)\CA\SC\CommonReporting3\BusinessObjects Enterprise 12.0

    If you have specified a non-default installation folder for BusinessObjects Enterprise, the subfolder is relative to that location. For example, if your installation folder is F:\BOXI, the subfolder is:

    F:\BOXI\CA\SC\CommonReporting3\BusinessObjects Enterprise 12.0

  2. Open the configuration file from the deployed location on your web application server. The file name and default locations are:
    Java InfoView on Windows

    The file is web.xml. The default location is:

    C:\Program Files\CA\SC\CommonReporting3\BusinessObjects Enterprise 12.0\warfiles\WebApps\InfoViewApp\WEB-INF

    OpenDocument

    The file is web.xml. The default location is:

    C:\Program Files\CA\SC\CommonReporting3\BusinessObjects Enterprise 12.0\warfiles\WebApps\OpenDocument\WEB-INF

    Note: The following steps use InfoView as the chosen web application. Repeat steps 3 through 7 for each of the web.xml files.

  3. Specify the BusinessObjects CMS server name and port number by editing the following lines in web.xml: 
    <context-param>
  <param-name>cms.default</param-name>
  <param-value>My_BOXI_CMS:6400</param-value>
</context-param>
  4. Enable single sign-on by editing web.xml as shown below: 
    <context-param>
  <param-name>sso.enabled</param-name>
  <param-value>true</param-value>
</context-param>
  5. Disable SiteMinder by editing web.xml as shown below: 
    <context-param>
  <param-name>siteminder.enabled</param-name>
  <param-value>false</param-value>
</context-param>
  6. Specify the user retrieval method by editing web.xml as shown below: 
    <context-param>
  <param-name>trusted.auth.user.retrieval</param-name>
  <param-value>REMOTE_USER</param-value>
</context-param>

    Note: There are various mechanisms that populate the user name. Configure or set up your web application server so that your user names are exposed before you use this user retrieval name methods. For further information, see:

    http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpServletRequest.html

  7. Specify the shared secret retrieval method. For integration with the iConsole, you must retrieve the shared secret from a configuration file:
    1. Go to the platform-specific directory of Business Objects. For Windows, this directory is: 
      C:\Program Files\CA\SC\CommonReporting3\BusinessObjects Enterprise 12.0\win32_x86
    2. If a file called TrustedPrincipal.conf does not already exist in this directory, create the file.
    3. Enter the following line in TrustedPrincipal.conf: 
      SharedSecret=<secret>

      Where <secret> is the shared secret string that you want to use.

    4. Save and close this file.
  8. Restart your web application server:
    1. Stop the Server Intelligence Agent.

      Find the agent in the BusinessObjects Enterprise Central Configuration Manager.

    2. Restart IIS or Tomcat
    3. Restart the Server Intelligence Agent.

Note: For full details, please see the 'Configuring Third-Party Authentication' chapter in the SAP BusinessObjects Enterprise Administrator's Guide. BusinessObjects Enterprise guides are available for download from the SAP Help Portal.