This blog describes:-
- BI Platform REST Webservices (biprws) in BOE 4.2 SP05
- SSO Configuration in REST Service for AD users using kerberos
- Configuration of biprws.properties on Web Server
From
BOE 4.2 SP05 onwards,
biprws supports deployment on:
- WACS (Web Application Container Server) and
- Apache Tomcat
where
<host> – the name of the web server for BI platform.
<port> – the port number for the platform.
Version1 of biprws is introduced in 4.2SP03.
Supported Servers : WACS, Tomcat (4.2 SP05+)
BIP RWS APIs URI v1 :
http://<host>:<port>/biprws/v1/
Data Formats : XML and JSON
Vintela SSO configuration for biprws on Tomcat:
Prerequisites:
Section 1 - Planning your Service Account Configuration
- Roles of the Service Account
- Role 1 – Query Active Directory
- Role 2 – Run the SIA/CMS and allow manual AD logins.
- Role 3 – Allows Single Sign On
Section 2 - Creating and preparing the service account
- Creating the Service Account
- Create Service Principal Names for the Service Account
- Background Information
- Setspn Commands
- To View all created SPN’s
- Delegation for the Service Account
Section 3 - Configure the AD Plugin Page in the CMC and map in AD groups
Section 4 — Steps to start the SIA/CMS under the service account
- Verify that the service account and AD logins are working
Section 5 –Configuring Manual AD authentication to Java Application Servers
- Create the bscLogin.conf file
- Create the krb5.ini file
- Verify java to successfully receive a kerberos ticket
SAP KBA:
https://launchpad.support.sap.com/#/notes/1631734
biprws on Tomcat:
Section 1: Copy the biprws.properties file to custom config
- Copy the file <INSTALLDIR>\tomcat\webapps\biprws.properties to <INSTALLDIR>\tomcat\webapps \biprws\WEB-INF\config\custom\biprws.properties
- Open biprws.properties file for editing.
Section 2: Enable kerberos SSO auth in biprws
- To enable Kerberos SSO for Windows Active Directory (secWinAD) authentication, set sso.enabled to true.
- Specify the following mandatory options:
- idm.allowUnsecured parameter must be set to true if SSL is not in use with the Java application server. For more information about Tomcat SSL, see the Knowledge Base Article ID:1484802
Section 3: Restart Tomcat.
Section 4: Test AD SSO REST API from client machine
Section 5: Set Auth Negotiate Delegated whitelist
- SSO works in IE by default. If SSO is not working in Chrome or Mozilla please add the URL to whitelist as below.
SAP KBA:
https://launchpad.support.sap.com/#/notes/1646920
https://launchpad.support.sap.com/#/notes/2613391
Learn More:
https://blogs.sap.com/2017/12/15/bi-platform-rest-sdk-rws-in-boe-4.2/
https://blogs.sap.com/2017/05/10/query-the-businessobjects-repository-using-bi-platform-rest-sdk-rws...
https://blogs.sap.com/2017/04/16/bi-platform-rest-sdk-version1/
https://blogs.sap.com/2017/04/21/session-management-in-bi-platform-rest-sdk-rws/
https://help.sap.com/viewer/product/SAP_BUSINESSOBJECTS_BUSINESS_INTELLIGENCE_PLATFORM/