In BI 4.3, you can successfully schedule your BI reports to Microsoft drives (SharePoint / OneDrive / Teams) once a proper handshaking is performed b/w BOBJ and AZURE.
There are two ways in which a handshaking can be established.
Option 1: Authenticating via Manual login and Generating OAuth Token in BILP via Authorization Server Configuration
- Workflow
- Browser redirects to IDP, to ask for Authorization.
- Authorization is performed with the IDP.
- Authorization code is sent from the oAuth server to the redirect URL (biprws callback URL)
- biprws forwards the authorization code to the STS (Security Token Service) which gets the refresh token from the Authorization server using the Authorization code via HTTPS.
- The STS passes the token to the CMS (Central Management Server) for storage in the CMS DB
- Following are the steps to be performed.
- Create an application in azure and register BOBJ application under it, as mentioned in this SAP NOTE https://me.sap.com/notes/3304928 .
- Under CMC, create an Authorization Server Configuration and map the details with Azure.
- Login to the BILP and generate the token under settings - Authorizatoin Tokens
- With this step, a handshaking b/w BOBJ and Azure is completed and the token is permanentaly stored and is associated with the enterprise user. Whenever BOBJ wants to communicate with Azure, it would use the stored token to authenticate.
Option 2: Authenticating via OpenID Connect (SSO Logon to BILP / OpenDocument)
- Workflow
- Browser accesses BILP
- Request sent through to BI Platform (via biprws, to STS and CMS) to get the Authorization Server details (the one configured for OpenID in CMC -> Authentication -> Enterprise).
- Authorization server details sent back to browser
- Browser connects to authorization server
- The logon is performed to the Authorization server
- After successful logon with the Authorization server, the browser redirects back to biprws with the Authorization code
- biprws involves STS (+CMS) to get the OpenID token via HTTPS
- User information is retrieved from the OpenID token
- A trusted logon is done by the CMS using the information retrieved from the OpenID token
- Refresh token is stored for future use
- The browser is redirected to /BOE/*/WebSSO and is logged in
- Following are the steps to be performed.
- Following check box needs to be enabled
- To enable SSO, few configuration changes needs to be done on the tomcat/BI Platform side
- With these step, a handshaking b/w BOBJ and Azure is completed during the user login process into BILP
Once the Authentication is established by either of the above option, user would be able to successfully schedule their BI reports to Microsoft drives (SharePoint / OneDrive / Teams)
- Following options would be available