Sap boe businessobjects enterprise Single Sign-On, open Bi reports in heterogeneous systems

Background

The company developed its own webbi and asked for a bi report ID to open the corresponding report in SAP Bi without Secondary Logon.

 

Implementation

1. BOE is a token-based authentication method.
2. BOE provides the interface address for directly opening a report: http: // 192.168.0.61: 8080/OpenDocument/opendoc/OpenDocument. jsp

According to official information, the OpenDocument. jsp page requires two required parameters to open the report. One is the idocid (Report ID) and the other is the token (token)
The problem is that you only need to generate a token to implementOpening a report in an external systemAnd can be implementedSingle Sign-on for BOE.

According to some information, an SSO is created separately. the JSP page is placed under D: \ BOE \ Business Objects \ tomcat55 \ webapps \ cmcapp of 61. Note that the cmcapp is the Administrator Logon interface and should not be placed under the user's logon page (infoviewapp ).

SSO. jsp introduction:
Parameter: uid username, PWD password, and rid report ID
Purpose: obtain parameters, authenticate users, generate tokens, pass them to OpenDocument. jsp, and open the report.

SSO. JSP code: <! Doctype HTML public "-// W3C // dtd html 4.01 // en" "http://www.w3.org/TR/html4/strict.dtd"> <% @ page Language = "Java" contenttype = "text/html; charset = UTF-8 "%> <% @ page import =" com. crystaldecisions. SDK. framework. isessionmgr "%> <% @ page import =" com. crystaldecisions. SDK. framework. crystalenterprise "%> <% @ page import =" com. crystaldecisions. SDK. framework. ienterprisesession "%> <% @ page import =" com. crystaldecisi ONS. SDK. occa. security. ilogontokenmgr "%> <% @ page import =" com. crystaldecisions. SDK. occa. infostore. * "%> <% @ page import =" com. crystaldecisions. SDK. properties. * "%> <% @ page import =" com. crystaldecisions. SDK. exception. sdkexception "%> <% @ page import =" javax. servlet. JSP. jspwriter "%> <% Try {string CMS =" boeprod01: 6400 "; string username = request. getparameter ("uid"); string Password = request. getparameter ("pwd "); String reportid = request. getparameter ("RID"); If (username = NULL | Password = NULL | reportid = NULL) {out. println ("parameter error, please check"); return;} string auth = "secenterprise"; string token = ""; isessionmgr sessionmgr = crystalenterprise. getsessionmgr (); ienterprisesession incluisesession = sessionmgr. logon (username, password, CMS, auth); ilogontokenmgr logontokenmgr = isesession. getlogontokenmgr (); token = Logontokenmgr. getdefaulttoken (); // string URLRequest = "http: // 192.168.0.61: 8080/OpenDocument/opendoc/OpenDocument. jsp? Token = "+ token +" & idocid = "+ reportid +" & lssprodnameparam = "+ strparameter +" & swindow = new "; string URLRequest =" http: // 192.168.0.61: 8080/OpenDocument/opendoc/OpenDocument. JSP? Swindow = same & isapplication = true & token = "+ token +" & idocid = "+ reportid; response. sendredirect (URLRequest);} catch (Exception error) {out. println ("identity authentication error, please check! ") ;}%>

To open a report, enter the following in the browser address:
Http: // 192.168.0.61: 8080/cmcapp/SSO. jsp? Uid = testadmin & Pwd = ***** & rid = 6729
You can.

Enter the address directly in the address bar to support all browsers.

However, because the actual report page address is viewdocument. jsp, JavaScript code must be executed on the page. If the external system opens the report throughIFRAMEIf it is enabled, ie will automatically intercept it because the permission settings of IE areJS Code of embedded pages cannot be executed across domains in IFRAME.
Chrome, Firefox, and other browsers do not have this restriction and can be opened in IFRAME normally.

Temporary solution: Add 192.168.0.61 to the trusted site of IE to solve the problem.
To enable it in IFRAME, the most reliable solution is to rewrite OpenDocument. jsp and viewdocument. jsp to bypass Js.
In addition, the simple method is to put webbi and BOE under the same domain name, because IE prohibits IFRAME cross-origin access.