Prerequisite for this configuration:-
- SAP BusinessObjects Platform Configured for SAP authentication.
- Support for SSO is from SAP BusinessObjects 4.0 SP08 or SAP BusinessObjects 4.1 SP02 onwards.
- Basic Authentication URL, Which takes in SAP Authentication details and generates the MYSAPSSO2 Cookie for SSO.
- Support from SUP 2.2.4 onwards.
Configuring Mobile Server for SSO Via SAP Logon tickets MYSAPSSO2 Cookie based:-
Below are the settings that need to be done for making the Mobile Server Look for MYSAPSSO2 Cookie in client request
MobileBIService Configuration:-
sso.properties file in MobileBIService config folder
====================================================
# You can configure mobile server to connect multiple CMS, specify default CMS id here
default.cms.identifier=<id>
# You can specify IP Address/Qualified Name/Alias for your CMS here
<id>.aliases=FQN of Mobile Server, IP address
# You can specify the sap system details here
<id>.sap.sid=SAP system SID
<id>.sap.client=SAP system client ID
# [You can specify name of Cookie here, if its other than default (siteminder default is SMSESSION, sap logon ticket default is MYSAPSSO2)
<id>.cookie.name=MYSAPSSO2
# You can specify the Authentication type here. secLDAP, secWinAD, secEnterprise, secSAPR3
<id>.authentication.type=secSAPR3
# Specify the default authentication scheme here. USERPASS, BASIC, BOETOKEN, COOKIE, TRUST
<id>.authentication.scheme=MYSAPSSO2
Authscheme.properties file in the MobileBIService config folder:-
=================================================
# default User/Password log-on implementation
USERPASS=com.businessobjects.mobilebi.server.logon.impl.UserPass
# allows you to configure WCAToken, Default Token or any other BOE Token
BOETOKEN=com.businessobjects.mobilebi.server.logon.impl.Token
# allows you to configure SAP SSO2 Cookie
MYSAPSSO2=com.businessobjects.mobilebi.server.logon.impl.MySapSSO2
Configuring SUP for Mobile SSO Via SAP Logon tickets MYSAPSSO2 Cookie based:-
- Login to SCC
Steps to create Security Configuration:
- Security -> New -> Enter name (here for Ex., MobiSec)
Note:- Do make a note of this name as it will used in future steps and at the client.
- Select the created Security Configuration from tab on left hand side
- Go to Authentication Tab -> New ->Authentication Provider -> Select HttpAuthenticationLoginModule
- Specify your BASIC authentication URL for Validation SAP UserName and Password
Note:- URL -> Basic Auth URL with SAP authentication should issue ticket with MYSAPSSO2 Cookie
Example:-http://10.10.10.10:8080/MobileBIService/MessageHandlerServlet?message=GetVersion
- Specify SSO Cookie Name -> MYSAPSSO2
- Click to save the configuration.
- Delete existing Provider Type(NoSecLoginModule)
- General Tab -> Validate and Apply
Note:-This step has to pass before going ahead with any other configuration
Steps to create an Application and Application Template:
- Applications -> New
- Enter Application Id and name (Id = MobiApp). Make a note of the Id as it would be used by the client.
- Select the Security configuration (here MobiSec).
- On Next -> Proxy Tab -> Give value to Application Push Point -> http://<Mobile BI Server>/MobileBIService/MessageHandlerServlet
Example:- http://10.10.10.10:8080/MobileBIService/MessageHandlerServlet
- Creating proxy pool for Mobile Server
Configuring the Mobile Configuration Server for importing SSO connection
MobiServer Configuration:-
Server.properties file
Example Connection:-
SSOSUPSAP.DisplayName:SSO_SUP_SAP
SSOSUPSAP.BOBJ_MOBILE_CONNECTION_TYPE_STRING=SUP
SSOSUPSAP.BOBJ_MOBILE_SUP_APP_ID= MobiApp(your Mobile Application ID)
SSOSUPSAP.BOBJ_MOBILE_SUP_SECURITY_CONFIG_NAME= your Security configuration Name
SSOSUPSAP.BOBJ_MOBILE_SUP_SERVER=SUP server IP or FQN
SSOSUPSAP.BOBJ_MOBILE_SUP_PORT=5001(your SUP Message Server port)
SSOSUPSAP.BOBJ_MOBILE_SUP_FARM_ID=0(your SUP FARM ID)
SSOSUPSAP.BOBJ_MOBILE_SSO_ENABLED=true
SSOSUPSAP.BOBJ_MOBILE_SSO_TYPE=SSO2COOKIE
Import the connection and Connect from SAP BusinessObjects Mobile.
- SAP Managed Tags:
