If you are looking to customize the way your users login to your BO 4.0 system, a good place to start is the WEB-INF\internal directory in the new BOE webapp structure. It lists the different applications equinox plugin references, and can provide clues into many hidden pathways. If you examine the “BIlaunchpad.properties” file, you will find the reference to the external login methods:
What this spells out, is that essentially, the same paths that worked for 3.x will work for 4.x with minor mods. One technique to create your completely custom logon page, is to collect the user credentials, and the redirect to a procedure that generates en enterprise token, and pass it to the start.do process. The code below is an example of such a process using a simple jsp file. Enjoy your custom login page…
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ page import="com.crystaldecisions.sdk.framework.IEnterpriseSession,
com.crystaldecisions.sdk.framework.CrystalEnterprise,
com.crystaldecisions.sdk.exception.SDKException, com.crystaldecisions.sdk.framework.ISessionMgr,
com.crystaldecisions.sdk.occa.security.ILogonTokenMgr, com.crystaldecisions.sdk.occa.security.IUserInfo,
com.businessobjects.bcm.*" %>
<%
try{
String username = "Administrator";
String password = "YOUR PASSWORD";
String cms = "CMS:PORT";
String authType: = "secEnterprise";
String BOEHost = "BOEHOST:PORT";
String token = "";
IEnterpriseSession enterpriseSession = CrystalEnterprise.getSessionMgr().logon(username, password, cms, authType);
ILogonTokenMgr tokenMgr = enterpriseSession.getLogonTokenMgr();
token = tokenMgr.getDefaultToken();
session.setAttribute("token",token);
response.sendRedirect("http://"+BOEHost+"/BOE/BI/logon/start.do?ivsLogonToken="+token);
}
catch(Exception e){
out.println(new java.util.Date()+": error occured: "+e);
}
%>
Hi Ron,
Thanks for the good post,We are looking to build a new Logon Page for BI Launchpad and the users will login with LDAP authentictaion. can you please help me with a step by step process how to do that. I would really appreciate your help.
Phani, there are several approaches you can take to accomplish that, the one outlined in this post is one of them. In the example below i illustrated using the secEnterprise plugin, you can of course use the secLdap plugin just as easily. Feel free to reach out to me over email with more specific details about your company, your project, and what you are looking to accomplish, and we can look to engage further. Thanks – Ron
Hi Ron,
could you pelase tell me under which directory inside \BOE do i need to save this jsp page if i want to send userid/pwd from external application.
Thanks, Shera
Shera, thanks for your interest in this post. In 4.0 BO moved to a new architecture, based on eclipse plugin architecture. This change has a lot of security, scalability and stability improvements in it, but also means that customizing the webapps is not as simple as it used to be. To extend an existing webapp, you now need to essentially extend the plugin, tightly integrating into the existing webapp. You can no longer just drop a .jsp file in a directory and have that generate a new servlet that integrates into the boe webapp. For this approach, i created a separate custom app (on a different webapp for that matter), and used the redirect with the token to bypass the login and get users inside boe from a custom logon form. You can refer to the enterprise sdk docs for 4.0 for information and example code for creating custom applications. Thanks – Ron
Ron, Thank you for the answer. That explained and helped a lot. I was getting frustrated trying to put it in different directories and still getting missing page error. I will work with the developers from other team to incorporate the BO sdk jars in their app, generate the token and then sent it to Busines objects for login. Thanks again for this very helpful post. I am sure it would have helped ahd will help several others trying to do the same thing. Thanks, Shera.
Glad to hear this was helpful and good luck with your project.
Can you share the coding which is help to me. I am looking to pass the user name and password thru external application.
Ron,
SAP’s recommended approach for this is to utilize the custom.jsp and nocachecustomresources.js files. Along with these files, we utilize the Web Session variables and TrustedAuthentication to do our heavy lifting in getting seamless sign on. In 3.1 we did it similar to your approach and it was awkward. The new features of BI 4.0 clean this up considerably. Note: You need to make sure that you update files in the appropriate places as well, a redeploy will blow away your files if you didn’t update BOE.war.
Regards,
-Mark
Mark, thank you for your comment, this is good info. In the example above, i did not customize any BI 4.0 files, rather created a separate SDK application (on a different server in my case), to generate a token based on a custom login form, and then pass the token to the BO app. Thanks – Ron
Hello Ron,
Your article and your code are very very interesting and thankyou very much for posting them. I am attempting to do something like what you have described in your article but I am not sure if I understand it fully.
We want users to log on to Bobj directly from our home grown portal. SO are you saying I can create a simple jsp file on my portal server and have the id and password pushed to the BOBJ url .
Please note we have only Bobj 4.0 and i do not have SDK, if that makes sense .
All help on this matter is highly appreciated.
Rajani
Thank you Rajani, you can generate the businessobjects token on any web server, as long as it contains the necesary jars to connect to the BO server, pass user credentials and generate a token. So, while the jsp code itself in this example is simple, it relies on all the necessary BO SDK jars to be available to the generated Servlet in the java app path. If you are not very familiar with java, note the import declarations at the top of the file, these require the jsp file has access to the BOE SDK. You can also generate a token using web services on other platforms, say .net or even php (i wrote about this in other posts). Hope this helps. Thanks – Ron
Hello Ron,
Thankyou for your reply.I come from the SAP world and java and webservices are still a little new to me.
Our homegrown portal resides on Websphere and for sure have no BOE SDK on it . Today there exists a hardcoded link on our portal that links to the default URL of Bobj.Users are then forced to enter a logon id and password to log on to Bobj . Windows authentication and LDAP authentication do not work for various reasons. So I am looking at options on how to embedded the id and password into the BOBJ URL (based on their portal id and password).Any detailed steps towards achieving this or even pointing me to the right documentation would be helpful.
Thanks for all your valuable knowledge.
Regards
Rajani
Rajani, there is no way to login to BO by passing a username and password over URL. That is simply not secure enough. You need to capture the user credentials and use the SDK to generate a token that you can pass to BO as an authenticated session. You can use my code example, but you will need to setup the web application properly for this to work.
Hi All,
i think this is not the right place for for it but my question is:
Company requirment is to replace the Inbox with Document tab in BI launchpad home page. is there any way to do this changes
thanks in Adwance
Hi San, in the CMC, you can select a group and set its BI Launchpad Preferences, so you can set for the Everyone group for example the folders to be the default home tab. It’s that easy with BI 4, SP4. In older version you can change user preferences in bulk as well, but may need to do that programmatically.
Hi Ron,
Thank you for all the great info. I work as a BOE consultant but are by no means a java developer. As you said above logging into infoview via a logon token was alot easier before BOE 4.0. I have a requirement with a client to run a Xcelsius Dashboards on a plasma. All the dashboards are hosted in BI Launchpad. Their plasma software will need to access the particular dashboard inside BI Launchpad.
Would I need to follow your advise above, building a seperate Java app to achieve this or is there another method to achieve this requirement.
Thank you Paul. To embed an Xcelsius swf that uses BO connections (QaaWS, LO, BI Services) you need to pass a “special” flash variable to the swf object on initialization called CELogonToken. The CELogonToken must be a valid BusinessObjects session token. Once the Xcelsius generated swf sees that, it uses this session token when it fires the data connections, and all is well. There are many programmatic ways to generate a BO token via different SDKs, in my example i used the java enterprise sdk, but there are web services you can leverage, .net sdk and more. It kind of depends on your integration use case. Thanks – Ron
Hi Ron,
We have a requirement from our client to Customize BI Launch Pad page and for this I have seen above article and understood that
1. Create a Custom java WebApp in other machine by copying the necessary .jar files from BI 4 Installation Directory .
2. Create a sample logon jsp file which will create a BO session and then pass this session token to the ” http://”+BOEHost+”/BOE/BI/logon/start.do?ivsLogonToken=”+token ”
Please correct me if I am wrong above.
Need few clarifications before I start implementing above things .
I have opened BI Launch Pad URL in a IE webbrowser and logged into it , now I have opened the http://”+BOEHost+”/BOE/BI/logon/start.do in an other tab of same IE window and able to get into it since IE have the BO session stored. Now if I see in this tab the home screen of BI Launc Pad gives warning says ” Home Page Modules run only when working in BI Launch Pad ”
So if I do the customization by creating webapp and paasing the logon token to the “http://”+BOEHost+”/BOE/BI/logon/start.do?ivsLogonToken=”+token ” then we will get the same error ” Home Page Modules run only when working in BI Launch Pad ” . Please help me how to avoid this .
Sai, the path you described will not work because you are logging in through the BI logon page, and then trying to “hijack” the session. This was possible in 3.x pretty easily, but with the new equinox architecture redo in 4.x is a bit more complex. An easier approach is what i described in the post. As long as you obtain a valid session token and pass it to the start.do process in the manner described above, you will have no issues.
Hi Ron,
Thanks a ton for your response ,
I have created a sample jsp with the above mentioned sample code and getting the below error.
Your help is highly appreciated .Thanks a lot again
Exception in thread “Thread-8″ java.lang.ExceptionInInitializerError
at com.businessobjects.bcm.BCM.(BCM.java:1144)
at com.crystaldecisions.enterprise.ocaframework.BCMInitializer.run(BCMInitializer.java:29)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.SecurityException: Toolkit not encapsulated by a jar.
at com.rsa.cryptoj.f.ug.d(Unknown Source)
at com.rsa.cryptoj.f.ug.b(Unknown Source)
at com.rsa.cryptoj.f.nd.b(Unknown Source)
at com.rsa.cryptoj.f.nd.c(Unknown Source)
at com.rsa.jsafe.CryptoJ.isFIPS140Compliant(Unknown Source)
at com.businessobjects.bcm.internal.BcmRsaLib.initialize(BcmRsaLib.java:214)
at com.businessobjects.bcm.internal.BcmRsaLib.(BcmRsaLib.java:289)
Sai, looks like a problem with your class path. Make sure you use all the right jar versions, please refer to the SDK documentation for the application setup. Here’s a list of jars you’ll need for authentication and web services access:
aspectjrt.jar
axis.jar
bcm.jar
ceaspect.jar
cecore.jar
celib.jar
cesession.jar
commons-discovery-0.2.jar
commons-logging.jar
corbaidl.jar
cryptojFIPS.jar
ebus405.jar
jaxrpc.jar
logging.jar
saaj.jar
TraceLog.jar
wsdl4j.jar
Anybody share the coding which is help to me. I am looking to pass the user name and password thru external application.
saravanan, thank you, i did post the code in this blog post, not sure what else you are looking for..
Thank you MR. Ron
I have implemented your code and it is working fine .But ,Someone created a report in webi 4.0. It was working well but now when I incorporate your program refreshing these report it gives me “[Internal] SSO token or User password is empty. Please help me .
Still I am waiting for your reply. We have a problem in Webi reports. It is showing “SSO token or user password is empty”. please help me ….
HI SAravanan, sounds like there is some issue with your code. Without engaging and looking at the details, i really can’t help much. Feel free to reach out to me over email, or contract my company Cleartelligence, for professional services help. Thanks – Ron
Hi Ron,
How are you doing …
I have implemented the above mentioned code and able to login successfully.But when I click on Logoff it is executing Logon.jsp by redirecting to below URL .
http://BOEHOST:PORT/BOE/portal/1301161704/InfoView/logon.jsp
Could you please help me how where to find this logon.jsp page in BO and so that I can customize that page aswell.
Hi Sia, look at the properties files as indicated in the post, there should be an attribute that allows you to specify a custom logout page… Thanks – Ron
Hi Ron,
Thank you very much for your informative comments. I am trying to use a custome JSP code. Please confirm if I do need to put my jsp file in a folder in Tomcat6/webapps folder as we usually do? or shall I need to put it somewhere else? Since I am getting error on runing a below mentioned code..
ERROR: java.lang exception
I would really appreciate your insights on this.
With regards,
Chaitanya
Hi Chaitanya, do you have all the jars setup in the WEB-INF directory of your custom webapp you deployed onto Tomcat \webapps directory? Thanks – Ron
Hi Ron,
Thank you very much for your instant reply. I got delayed in posting my comment. I actually managed to run the code in BO 4.0. I can see my Dashboard is being opened properly with some space left at both the sides. Tried removing that space but not completely could achieve it.
Concern is, the application menu in the header part doesn’t work after applying this SDK code.
I am not sure if my code is affecting this. Any insights would really help me out.
Hi Chaitanya, i guess i would need to learn more about what you are doing to assist. By passing a logon token to the BOE Desktoplaunch webapp as described in the post, will simply allow you to bypass the BOE login page. The rest of the app will function normally. It sounds like you may have some specific things you are doing related to dashboards? Dashboards actually require the BOE token to be delivered in slightly different format, via flash variable, and with a slightly different name, you can find other examples in my blog (and over the net) for embedding Xcelsius dashboards. Thanks. – Ron
Hi Ross,
Thank you for your response.
Can you please dig it more? I am using sendRedirect method with opendocument url passing into it.
Below is a code I am using.
Hi Ron,
It worked out. Issue was about the menu which written in Java Script was creating a problem and replacing that menu script file with DHTML worked out with solution perfectly.
One more thing. When I open Webi report panel, it opens with DOCUMENT SUMMARY tab appears by default at left side. Is there anyway I can hide it & open the report in READ ONLY VIEW.?
Sorry if this issue is not related to this blog.
Thanks in advance.
Chaitanya
I might have mistaken in mentioning my code in above post,
Even if I use your above mentioned code, I still receive the same error.
Can you please help?
Hi Ron,
Not sure is it the right place to post this issue or not but I have a requirement where Header has to repeat on every page in all the webi documents instead of manually setting this option each time when ever user creates the report.
Please help me how to do this ?
I am looking for popup message to be displayed when BI launch pad loads.
Any ideas how to go about or in which file i should embed alert function?
Thanks
Hi Ali, BI 4 has alerts built in, so you can leverage that perhaps.
Hi Ron,
Using Admin credentials and the code snippet below, I am able to succesfully logon and create a token but when I try as a “normal” user, I get a message saying my credentials are invalid. I have verified that I can log into Launchpad using the “normal” users credentials. This makes me think that perhaps it’s a security setting somewhere. Any ideas?
CODE SNIPPET:
IEnterpriseSession enterpriseSession = CrystalEnterprise.getSessionMgr().logon(username, password, cms, authType);
ILogonTokenMgr tokenMgr = enterpriseSession.getLogonTokenMgr();
token = tokenMgr.getDefaultToken();
Hi Mandy, what version of BOE are you using? Can you confirm the jar versions are correct for the server version you are using? This sounds like a permission issue, can you add some debug code and confirm the “normal” user you are using generates a token? What do you do with the token? Do you redirect the request to a different URL? Can you paste the actual error message you receive? Thanks – Ron