BI Platform REST SDK (RWS) in BOE 4.2
This blog describes:-
- BI Platform REST Webservices (biprws) BOE 4.2 SP05,
- Configure REST Service for Fiorified BI Launchpad,
- BI Platfrom Web-services on Web Server (Apache Tomcat),
- Configuration of biprws.properties on Web Server,
- Authentication Support and configurations
BI Platform RWS:
BOE 4.2 SP04 BI Platform REST Webservices deployment supports only WACS (Web Application Container Server).
From BOE 4.2 SP05 onwards, biprws deployment supports:
- WACS(Web Application Container Server) and
- Apache Tomcat
| BI Platfrom REST Services URL | http://<host>:<port>/biprws/ |
where
<host> – the name of the web server for BI platform.
<port> – the port number for the platform.
Version1 of biprws is introduced in 4.2SP03.
Supported Servers : WACS, Tomcat (4.2 SP05+)
BIP RWS APIs URI v1 : http://<host>:<port>/biprws/v1/
Data Formats : XML and JSON
Configure REST Service for Fiorified BI Launchpad:
Fiorified BI Launchpad completely depends on REST SDK.
why to set REST URL in CMC?
Answer : The REST SDK URL mentioned in CMC will be used by Fiorified BI Launchpad.
How to set REST URL in CMC?
Answer: Navigate in CMC Applications -> RESTful Webservices -> Right click and select properties and Change the URL.
Web Application deployment on Apache Tomcat:
name : biprws
BI Platform REST services will be deployed as webapp in web server (tomcat) like AdminTools, biodata, BOE, dswsbobje…..
webapp is also available in below path of installed machine: \warfiles\webapps
Configuring BI Platform RESTful Web Services on Web Server:
Admin needs to configure biprws.properties file .
To customize the configuration for RESTful web services, follow the steps below:
- Copy the file: <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps \biprws\WEB-INF\config\default\biprws.properties to <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps \biprws\WEB-INF\config\custom\biprws.properties and then open it for editing.
- Modify the parameters as required and Restart Tomcat Server.
Given below is a table describing the properties shown in the screenshot.
Property
Description
Default Value
Default_Number_Of _Objects_On _One_Page The number of entries that will be listed per page. You can override this setting with the&pageSize=<m> parameter in the RESTful Web Services SDK.
50
Enterprise_Session_ Token_Timeout_In_Minutes The expiry time a logon token will remain valid for. Beyond this time, you need to generate a new logon token.
60
Session_Pool_Size The number of cached sessions that can be stored at any point in time. The session pool caches active RESTful web service sessions so they can be reused when a user sends another request that uses the same logon token in the HTTP request header.
1000
Session_Pool_Timeout_In_Minutes The time in minutes after which the cached sessions will expire.
2
LogLevel Enables logging and sets the level of severity and detail to None (only critical eventslogged), Low (startup, shutdown, start and end request messages), Medium(error, warning and most status messages) or High (Nothing excluded. It is used for debugging only. The CPU usage may increase, thereby impacting performance).
The available menu choices are:
- Unspecified
- None
- Low
- Medium
- High
Unspecified
Retrieving_Method This setting is a menu that sets which query method will be used to retrieve trusted authentication logon tokens when using the RESTful web service API /logon/trusted.
· HTTP_HEADER is used for GET queries with the request header accept=application/xml (or application/json).
· QUERY_STRING is used to add a logon name to the end of a URL query using the RESTful Web Service API, for example /logon/trusted/?user=johndoe.
· COOKIE is used when the login name is retreived from a web browser cookie. The domain, name, value and path must be stored in the cookie.
HTTP_HEADER User_Name_Parameter The label used to identify the trusted user for the purposes of retrieving a logon token.
X-SAP-TRUSTEDUSER Trusted_Auth_Shared_Secret The string value generated by following the steps mentioned in the sectionGenerating a Shared Secret Value
Unspecified
Trusted Authentication for RESTful Web Services on Web Server:
The topic provides instructions to enable trusted authentication for RESTful web services on Tomcat application server.
Follow the steps below to enable trusted authentication:
- Generate a shared secret key. Refer to Generating a Shared Secret Value for more information.
- Save the shared secret key at <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\java\pjs\container\bin in Windows.
- Open the shared secret key in a text editor.
- Copy the shared secret key.
- Copy the file <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\biprws.properties to <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps \biprws\WEB-INF\config\custom\biprws.properties.
- Open the biprws.properties file in a text editor.
- Paste the shared secret key against the value Trusted_Auth_Shared_Secret=.
- Add the Retrieving Method and User Name Parameter. Refer the table above to add the Retrieving Method and User Name Parameter.
- Save the biprws.properties file.
- Restart the web server.
X.509 Authentication for RESTful Web Services on Tomcat:
In public key cryptography, X.509 is a standard that defines the requirements for a secure digital certificate. An X.509 certificate verifies the possession of the public key by a user or a services identity.
You can now enable X.509 authentication for RESTful web services on Tomcat application server by following the steps below:
- Enable SSL on Tomcat. Refer to Configuring SSL on Tomcat for more information.
- Generate a shared secret key. Refer to Generating a Shared Secret Value for more information.
- Open the shared secret key in a text editor.
- Copy the shared secret key.
- Edit the biprws.properties file.
- Go to <INSTALLDIR>/tomcat/webapps/biprws/WEB-INF/config/default.
- Open the biprws.properties file in a text editor.
- Search for Trusted_Auth_Shared_Secret=.
- Paste the shared secret key against the value Trusted_Auth_Shared_Secret=.
- Save the biprws.properties file.
- Restart Tomcat.
Vintela single sign-on for RESTful Web Services:
Some client tools require authentication through RESTful web services. Follow these steps to enable single sign-on (SSO) for web services.
- Copy the file <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\biprws.properties to <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps \biprws\WEB-INF\config\custom\biprws.properties, and then open it for editing.
- To enable Kerberos SSO for Windows Active Directory (secWinAD) authentication, set sso.enabled to true.
Specify the following mandatory options:- idm.realm (the same as the default_realm specified in the Krb5.ini file).
- idm.princ (the same as specified for idm.princ in the global.properties file located at<INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\BOE\WEB-INF\config\custom).
- idm.keytab (the same as specified for idm.keytab in the global.properties file located at <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\BOE\WEB-INF\config\custom).
- idm.allowUnsecured parameter must be set to true if SSL is not in use with the Java application server. For more information about Tomcat SSL, see the Knowledge Base Article ID:1484802
- Use WDeploy to redeploy the WAR file on the web application server. For information on using WDeploy, see the SAP BusinessObjects Business Intelligence Platform Web Application Deployment Guide.
- Restart Tomcat.
- To test your settings, on the client machine, open any browser and launch the URL: http://<WebAppServer>:<portnumber>/biprws/v1/logon/adsso.The REST token must appear as a response to the API.
- More Info: https://launchpad.support.sap.com/#/notes/1646920
Learn More:
https://blogs.sap.com/2017/05/16/fiorified-bi-launchpad-in-boe-4.2/
https://blogs.sap.com/2017/04/16/bi-platform-rest-sdk-version1/
https://blogs.sap.com/2017/04/21/session-management-in-bi-platform-rest-sdk-rws/
https://help.sap.com/viewer/product/SAP_BUSINESSOBJECTS_BUSINESS_INTELLIGENCE_PLATFORM/
What’s New in SAP BOE 4.2 SP05:
https://www.sap.com/documents/2017/12/529564fc-e47c-0010-82c7-eda71af511fa.html#
What's new in SAP BOE 4.2 SP05 Video:
https://www.youtube.com/watch?v=zYRIx4S9gW0&list=PLufF7pZxICBhpoEF3TNcCvwscm5_7zgHP
Hi Bharath, thanks for a great post. We did configure Restful web services in CMC as mentioned and we get response in XML format when we open the browser with restful web services URL http://servername:6405/biprws. However, we can't find any folder "biprws" in both locations
<INSTALL_DIR>:\BOE4\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps
<INSTALL_DIR>BOE4\tomcat\webapps
Hence, we are unable to proceed further with rest of configuration steps. Could you help?
Hi Santhosh,
Please share the BOE product version.
War file is available from BOE 4.2 SP05.
-
Bharath
We are on BOE 4.2 SP03.
Will deploy SP05 on Sandbox, update you. What's the advantage of V1 - http://<host>:<port>/biprws/v1/ ?
https://blogs.sap.com/2017/04/16/bi-platform-rest-sdk-version1/
https://answers.sap.com/questions/402417/sap-bi-42-sp5-fiori-bilaunchpad.html?
Hi there,
have you ever received the error below trying to install the web tier on a web server. We have eliminated any firewall or security issues. We try to authenticate against the CMS, but get the error when we enter administrator name and password
Either the remote CMS cannot be reached, or the logon credentials are incorrect INS00013
regards
James
Hi James,
Check if the CMS machine host is reachable from web tier machine.
If not, then make host entries of the machines and try again.
Thanks
Ashraf
Hello,
I get a 404 Unable to access the current page when following the link to generate a new shared key. I am logged on using my OSS id, and haven’t had this happen before. Anyone else see this and is there something I may be doing wrong?
Found the updated link here:
https://help.sap.com/viewer/2e167338c1b24da9b2a94e68efd79c42/4.2.5/en-US/e5f17b389eea4402844ac5d759acc0ba.html
If that's not working, it can be found in the BI Platform Administrators guide on help.sap.com.
These are the steps as of this posting:
Rick
Right steps. 🙂
For which page you are getting 404 error ?
Any of the links in the main thread for “Generate a shared secret value”. I logon using my OSS id, which I use for everything in the SAP world, and it gives me that 403 error (my bad .. it was a 403 error, not 404 as originally posted).
This link you are getting 403 ?
https://help.sap.com/viewer/2e167338c1b24da9b2a94e68efd79c42/4.2.5/en-US/e5f17b389eea4402844ac5d759acc0ba.html
A couple of comments for configuring Trusted Authentication for the RESTful Web Services on Tomcat in 4.2 SP6 (based on info I received from a ticket I had to open to get this working):
-Dell
Hello,
I m tryig to make a secure connection to Fiori Laucnhpad. But i get restful service error. Does it support ssl on webshere or not? I couldnt find any post about that.
regards,
check CMC-> Applications -> RESTFull Webservices
which URL it is pointing to and check the URL is responding.
In WACS we can enable an error stack trace for REST. How is this done in Tomcat?
Bharath, What port numbers are used by the SDK that open up connections to the CMS server? Thanks
Hello,
we have a problem with RESTful service (fiori logon, live office) since the migration from 4.2 SP5 to SP7.
We think the problem is linked with the configuration of the logger properties of the biprws.properties at 4.2 SP5,
This was : LogLevel=High
But now at SP7 this is :
Log_Level=Medium
Log_Location=
We have tried with Log_Location=E:/LOGS but can't make it work .. (we have checked the permissions, url restful...).
Could you help me ?
Thank you
Hi Bharath,
Please forgive me posting to an old article.
We've just upgraded to BO 4.3 SP2 Patch 3, and we use a split Apache/Tomcat deployment on our web server (Apache version 2.4.52). We now have the RESTful web service configured to use biprws on Tomcat, NOT in the WACS. There are multiple URLs for accessing the web server. When someone logs into the launchpad using one URL (let's call it URL1), then that blocks any other URL (such as URL2 or URL3) from being able to log in, and the error "Logon failed for RESTful Web Services. Contact system administrator."
If we look at the F12 console, then we can see the following:
"Access to XMLHttpRequest at 'http://XXXX/biprws/internal/v1/settings/allsettings?appCuid=Ac7UIwmYafpFuhiiw6FRXLQ&_=1658770162670' from origin 'http://URL2' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'URL1,URL2', but only one is allowed.
As far as I can tell, I can see 2 SAP notes which seem to relate to this:
Does our split deployment mean that we can't use the relative URL path mentioned in SAP note 3048101? Do we need to revert to a unified deployment, and stop using Apache? Or is there a way that we can get round this problem, and still continue to use the split deployment?
If you're getting 404 after setting "use relative URL" , then your apache is not redirecting calls correctly.
PS
Have you done any tests to see if split deployment provides any actual benefits with new fiori BI launchpad ?
Hi Denis,
Many thanks for your very quick reply.
When I select "use relative URL", then we get a 404 not found page. I am assuming that this is because the relative URL is still trying to communicate with port 80 (the Apache port), rather than port 8080 (Tomcat)
We have not compared split vs combined deployment with the new Fiori launchpad. We have used the split deployment for several years, and I carried on using it during the course of this upgrade. as we hadn't been advised otherwise.
Duly noted on point 2. With regard to point 1, is there any documentation which covers this?
check KBA https://launchpad.support.sap.com/#/notes/2699221
Many thanks - reading and following now.
Thank you again Denis - that worked perfectly. Much appreciated.