SSL protocol is widely used to support securing the all the communication between Business Objects platform servers and clients. Lumira being the choice for self-service for most of BI customers, there is an increasing need from the customers to support the secured communication between Lumira desktop/LS4BIP and an already SSL deployed BI Platform system.
Business Objects servers can be configured with SSL for various client interactions, but Lumira communicates to Business Objects Server via WACS and CORBA for various requirements.
Starting from Lumira 1.31.4 version, we now support the following communication channels of Business Objects SSL:
1. CORBA SSL configured within BIP for secured internal server communications.
2. A WACS(Web application container server) configured for HTTPS.
3. Both the above separately or together.
You need to have 1.31.4 (patch4) on your desktop and also on your BI platform Lumira server for BIP add-on.
Here is how the overall solution works:
1. CORBA SSL configured within BIP for secured internal server communications:
All the necessary JAR files have been bundled into Lumira desktop installation (1.31.4 or above).
User needs to import the certificates gereneated in the BI Platform for CORBA SSL and store in the desktop.
Typically these certificates/files are required: cacert.der, servercert.der, server.key and passphrase.txt. Refer to BI Platform administrators guide for more information on certificates.
Provide a corresponding entry in the SAPLUmira.ini available here: C:\Program Files\SAP Lumira\Desktop\SAPLumira.ini
Example: keep the certificates and passphrase files in one location and provide the same location as below:
Once the above entries are made, your desktop is now ready to communicate with BI platform configured with CORBA SSL. You may also need to keep the certificates of the data sources such as HANA imported (if HANA is protected with SSL) on your Desktop system for some of the below workflows:
Basically all workflows involving the interations with BI Platform are also supported here, with few main workflows listed as below:
1. Desktop can now acquire data from managed connections that are available on BI platform configured with CORBA ssl.
2. Desktop can now acquire data from Unx using the Query panel extensions that are available on BI platform configured with CORBA ssl.
3. All the refresh and edit workflows of the above acquired data sources now happens via secured way provided you have imported the certificates issued by these data sources.
4. LS4BIP workflows on HTTPS deployed application server such as Tomcat.
2. A WACS configured for HTTPS:
The certificates issued by the WACS needs to be imported to Lumira’s JRE.
Refer to the blog on how to do the same: https://blogs.sap.com/2015/06/03/configuring-lumira-desktop-to-bip-with-https-enabled/
Once this is done and successful following workflows can be performed:
1. From the Desktop, Logon to BOE to list the lumira documents available in BOE using HTTPS WACS.
2. SAVE lumira documents to BI Platform over HTTPS WACS.
IMPORTANT NOTE: BI Platform 4.2 SP04 comes with security enhancements to support latest security protocols. To support this Lumira Desktop needs to be enhanced to ensure secured connectivity with BI Platform 4.2 SP04. The support for this does not exist today with Lumira desktop 1.31.4 and this will be included in future release.
With the above now being possible in 1.31.4, lumira’s support with Businss Objects BI Platform is further strengthened, also well aligned with the security requirements of various customers.