Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
ashutosh_rastogi
Active Contributor

Read me

SAP BI Mobile Server Single Sign On Support


Prerequisites

  • SAP Business Objects BI platform configured for trusted authentication
  • Customer should already have valid X509 certificate for the end users
  • SSL Setup i.e. Web server should be setup to challenge incoming request for X509 certificate
  • The required server certificates installed on the BI platform key store and Mobile Server key store


First step

is to enable the Authentication Scheme

  • Copy the authscheme.properties from default folder in to custom folder (<WebAppsROOT>\webapps\MobileBIService\WEB-INF\config)
  • Then modify the authscheme.properties file in custom folder
  • Un-comment line 'TRUST_X509=com.businessobjects.mobilebi.server.logon.impl.TrustedAuthX509'
  • Save and close the file


Second Step

is to define the default SSO configuration

  • Copy the sso.properties from default folder in to custom folder (<WebAppsROOT>\webapps\MobileBIService\WEB-INF\config)
  • Then modify the sso.properties file in custom folder
  • Choose your default CMS identifier
    • "default.cms.identifier=abc"
  • Now define your authentication scheme (the one that you have enabled in first step)
    • abc.authentication.scheme=TRUST_X509
  • CMS can be provided as an Alias, IP or cluster name
    • Alias
      • abc.aliases=boe.xyz.corp:6400
    • IP
      • abc.aliases=10.10.10.10:6400
    • Cluster name
      • abc.aliases=@xyz
  • Now configure all the properties using this identifier as below
    • abc.authentication.type=secEnterprise
    • abc.product.locale=en_GB
    • abc.preferred.viewing.locale=en_GB
    • abc.trusted.auth.sharedsecret=<copy the shared secret here>

    • abc.trusted.auth.user.retrieval=X509

    • abc.authentication.type=secEnterprise

  • Save the sso.properties file.

Note: Mobile server picks up 'CN' name as user name from the X509 certificate.

Third Step

is to now deploy the MobileBIService again after changes mentioned above. Once done, you can validate if your SSO has been setup correctly by executing following URL from browser

http://<server>:<port>/MobileBIService/MessageHandlerServlet?message=CredentialsMessage&requestSrc=ipad&data=<logon logonViaSSO="true"/>

Note: While executing the URL in browser, you should be sending a valid X509 certificate with it. Also, note that the CN name in the X509 certificate should be same as the user Id for the end user in Business Objects Enterprise.



Disclaimer and Liability Notice

This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade. SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document and anyone using these methods does so at his/her own risk. SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or code sample, including any liability resulting from incompatibility between the content within this document and the materials and services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this document

22 Comments