Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO on SAP BI Mobile Server - Custom with Trusted Authentication

ashutosh_rastogi
Active Contributor
‎05-29-2014 3:00 PM

Read me

SAP BI Mobile Server Single Sign On Support


This is a specific case where mobile server does not support what you want. This option allows you to write your own java class which implements the method "public String getUser(HttpServletRequest request)". At run-time, when configured for custom scenario, mobile server will call this method of given class and provide it with HTTP Servlet Request. In this method you can write your custom code to parse the request and return the user id back. Mobile server will take this user id and log you on to BOE using trusted connection.


[Sample class attached]


The class can be packaged and deployed as follows

  • You need to place the class in respective package inside <WebAppsROOT>\webapps\MobileBIService\WEB-INF\classes
  • If you have any dependent libraries you should copy them to <WebAppsROOT>\webapps\MobileBIService\WEB-INF\lib. Just ensure that your libraries are not already present in this folder.
  • You must note that, when you upgrade mobile server. You need to backup the class and respective libraries that you had copied and apply the changes again to make SSO work.


Now, lets see how to configure mobile server for this scenario


Prerequisites

  • Your environment should ensure the authentication of user
  • After authentication is done, your custom class is responsible for parsing the request and provide user Id
  • SAP Business Objects BI platform configured for trusted authentication


First step

is to enable the Authentication Scheme

  • Copy the authscheme.properties from default folder in to custom folder (<WebAppsROOT>\webapps\MobileBIService\WEB-INF\config)
  • Then modify the authscheme.properties file in custom folder
  • Un-comment line 'TRUST_CUSTOM=com.businessobjects.mobilebi.server.logon.impl.TrustedCustom'
  • Save and close the file


Second Step

is to define the default SSO configuration

  • Copy the sso.properties from default folder in to custom folder (<WebAppsROOT>\webapps\MobileBIService\WEB-INF\config)
  • Then modify the sso.properties file in custom folder
  • Choose your default CMS identifier
    • "default.cms.identifier=abc"
  • Now define your authentication scheme (the one that you have enabled in first step)
    • abc.authentication.scheme=TRUST_CUSTOM
  • CMS can be provided as an Alias, IP or cluster name
    • Alias
      • abc.aliases=boe.xyz.corp:6400
    • IP
      • abc.aliases=10.10.10.10:6400
    • Cluster name
  • Now configure all the properties using this identifier as below
    • abc.authentication.type=secEnterprise
    • abc.product.locale=en_GB
    • abc.preferred.viewing.locale=en_GB
    • abc.trusted.auth.sharedsecret=<copy the shared secret here>
    • abc.authentication.type=secEnterprise
  • You need to additionally configure the header name that you shall be using to provide the user ID
    • abc.trusted.auth.user.param=<fully qualified name of your custom class>
    • abc.trusted.auth.user.retrieval=CUSTOM
  • Save the sso.properties file.

Third Step

is to now deploy the MobileBIService again after changes mentioned above. Once done, you can validate if your SSO has been setup correctly by executing following URL from browser

http://<server>:<port>/MobileBIService/MessageHandlerServlet?message=CredentialsMessage&requestSrc=ipad&data=<logon logonViaSSO="true"/>

Note: While executing the URL in browser, you should be sending the request with the authentication data that you expect your custom class to parse.


10 Comments
Labels in this area
Popular Blog Posts