Hi Expert ,
I’m working with BOXI3.1. I want to use Single Sign On with trusted authentication in Health Exchange portal. We only want to bypass the login page to implement SSO using TIM/TAM based Web Seal junction (deployed on Websphere Application Server). The user logs into a HE Portal application and then access the BO URL from there. This request for BO, passes through this web seal junction before reaching the BO server.
The user used in the sap portal is also defined and active in sap BO.
In order to activate SSO in BO, I have configured trusted authentication in BO. Please find the setup below:
1) Log on to the Central Management Console with administrative rights.
2) Go to the Authentication management area of the CMC.
3) Double Click on the Enterprise link.
4) Scroll down until you see Trusted Authentication.
5) Click Trusted Authentication is enabled.
6) Enter a string in the Shared Secret field.
7) Click Update.
8) Create a file called TrustedPrincipal.conf in C:\Business Objects 3.1\BusinessObjects Enterprise 12.0\win32_x86 (replace this location with your BO install location)
9) Enter the following in this file
SharedSecret=<string entered in shared secret filed in CMC- Enterprise authentication> ,i.e SharedSecret=1234 where 1234 is the string entered in CMC
10) Created the Global.properties file in the location ‘D:\Tomcat7\webapps\Infoviewapp\WEB-INF\global.properties’
sso.enabled=true
trusted.auth.shared.secret=
trusted.auth.user.param=
trusted.auth.user.retrieval=WEB_SESSION
11) Modifying Infoview Web.xml for trusted authentication
Open the web.xml in D:\Tomcat7\webapps\InfoViewApp\WEB-INF
Find this string in the file:
<param-name>cms.default</param-name>
· Enter the CMS name and port number in the cms.default <param-value> field. Use the format
servername:portnumber
· Find this string in the file:
<param-name>sso.enabled</param-name>
· Change the <param-value> for sso.enabled from false to true.
<param-value>true</param-value>
· Find this string in the file:
<param-name>siteminder.enabled</param-name>
· Change the <param-value> for siteminder.enabled from true to false.
<param-value>false</param-value>
· Find this string in the file:
<param-name>trusted.auth.user.retrieval</param-name>
· Specify the <param-value> as follows,
<param-value>WEB_SESSION</param-value>
· Find this string in the file:
<param-name>trusted.auth.user.param</param-name>
· Specify the <param-value> as follows,
<param-value>user</param-value>
· Save and close the file
· Find this string in the file:
<param-name>trusted.auth.shared.secret</param-name>
· Specify the <param-value> as follows,
<param-value>secret</param-value>
· Save and close the file
12) Modified Server.xml for trusted authentication
Open the server.xml in D:\Tomcat7\conf\ and added the following script
<!-- SRP-SSO WebSeal Integration configuration -starts -->
<Valve className="com.ibm.tivoli.integration.am.catalina.valves.AMTomcatValve"
debugTrace="true" userHeader="iv-user"
groupsHeader="iv-groups" addRoles="Everyone"
ivServerName="default-webseald-CAMDV1LWSL01.caxix.acs-inc.com"/>
<!-- SRP-SSO WebSeal Integration configuration -Ends -->
13) we added a custom JSP file in the Tomcat root folder where the infoview login page located. The custom JSP is just to bypass the login page. Please find the code below
<%
//URL for redirection to InfoView Portal
//String strInfoViewURL = "../Infoview/PlatformServices/service/app/logon.object";
String strInfoViewURL="/listing/main.do";
//URL for redirection to Custom BOE Portal
String strCustomPortalURL = "/listing/main.do";
String userName = request.getHeader("iv-user");
String sharedSecret = "passw0rd";
request.getSession().setAttribute("user", userName) ;
request.getSession().setAttribute("secret", sharedSecret) ;
RequestDispatcher dispatcher = request.getRequestDispatcher(strInfoViewURL);
dispatcher.forward(request, response);
%>
14) Restart Tomcat
Now when we tried accessing the BO link from HE portal, we are receiving the following error:
- Logon denied: Your session is not valid or has expired.
Please find the attachment for the Error Screen shot
Please also let me know if you need any other information or files
Thank you,
Tarun