Custom logon page for (SAP BI) BusinessObjects 4.x

If you are looking to customize the way your users login to your BO 4.0 system, a good place to start is the WEB-INF\internal directory in the new BOE webapp structure. It lists the different applications equinox plugin references, and can provide clues into many hidden pathways. If you examine the “BIlaunchpad.properties” file, you will find the reference to the external login methods:

What this spells out, is that essentially, the same paths that worked for 3.x will work for 4.x with minor mods. One technique to create your completely custom logon page, is to collect the user credentials, and the redirect to a procedure that generates en enterprise token, and pass it to the start.do process. The code below is an example of such a process using a simple jsp file. Enjoy your custom login page…

<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
    <%@ page import="com.crystaldecisions.sdk.framework.IEnterpriseSession,
com.crystaldecisions.sdk.framework.CrystalEnterprise,
com.crystaldecisions.sdk.exception.SDKException, com.crystaldecisions.sdk.framework.ISessionMgr,
com.crystaldecisions.sdk.occa.security.ILogonTokenMgr, com.crystaldecisions.sdk.occa.security.IUserInfo,
com.businessobjects.bcm.*" %>
<%
try{
    String username = "Administrator";
    String password = "YOUR PASSWORD";
    String cms = "CMS:PORT";
    String authType = "secEnterprise";
    String BOEHost = "BOEHOST:PORT";
    String token = "";
      IEnterpriseSession enterpriseSession = CrystalEnterprise.getSessionMgr().logon(username, password, cms, authType);
      ILogonTokenMgr tokenMgr = enterpriseSession.getLogonTokenMgr();
      token = tokenMgr.getDefaultToken();
      session.setAttribute("token",token);
      response.sendRedirect("http://"+BOEHost+"/BOE/BI/logon/start.do?ivsLogonToken="+token);
      }
      catch(Exception e){
      out.println(new java.util.Date()+": error occured: "+e);
      }
%>
This entry was posted in BusinessObjects 4.0 and tagged . Bookmark the permalink.

63 Responses to Custom logon page for (SAP BI) BusinessObjects 4.x

  1. Phani says:

    Hi Ron,
    Thanks for the good post,We are looking to build a new Logon Page for BI Launchpad and the users will login with LDAP authentictaion. can you please help me with a step by step process how to do that. I would really appreciate your help.

    • Ron Keler says:

      Phani, there are several approaches you can take to accomplish that, the one outlined in this post is one of them. In the example below i illustrated using the secEnterprise plugin, you can of course use the secLdap plugin just as easily. Feel free to reach out to me over email with more specific details about your company, your project, and what you are looking to accomplish, and we can look to engage further. Thanks – Ron

  2. Shera says:

    Hi Ron,

    could you pelase tell me under which directory inside \BOE do i need to save this jsp page if i want to send userid/pwd from external application.
    Thanks, Shera

    • Ron Keler says:

      Shera, thanks for your interest in this post. In 4.0 BO moved to a new architecture, based on eclipse plugin architecture. This change has a lot of security, scalability and stability improvements in it, but also means that customizing the webapps is not as simple as it used to be. To extend an existing webapp, you now need to essentially extend the plugin, tightly integrating into the existing webapp. You can no longer just drop a .jsp file in a directory and have that generate a new servlet that integrates into the boe webapp. For this approach, i created a separate custom app (on a different webapp for that matter), and used the redirect with the token to bypass the login and get users inside boe from a custom logon form. You can refer to the enterprise sdk docs for 4.0 for information and example code for creating custom applications. Thanks – Ron

  3. Shera says:

    Ron, Thank you for the answer. That explained and helped a lot. I was getting frustrated trying to put it in different directories and still getting missing page error. I will work with the developers from other team to incorporate the BO sdk jars in their app, generate the token and then sent it to Busines objects for login. Thanks again for this very helpful post. I am sure it would have helped ahd will help several others trying to do the same thing. Thanks, Shera.

  4. Mark says:

    Ron,

    SAP’s recommended approach for this is to utilize the custom.jsp and nocachecustomresources.js files. Along with these files, we utilize the Web Session variables and TrustedAuthentication to do our heavy lifting in getting seamless sign on. In 3.1 we did it similar to your approach and it was awkward. The new features of BI 4.0 clean this up considerably. Note: You need to make sure that you update files in the appropriate places as well, a redeploy will blow away your files if you didn’t update BOE.war.

    Regards,

    -Mark

    • Ron Keler says:

      Mark, thank you for your comment, this is good info. In the example above, i did not customize any BI 4.0 files, rather created a separate SDK application (on a different server in my case), to generate a token based on a custom login form, and then pass the token to the BO app. Thanks – Ron

  5. Rajani Menon says:

    Hello Ron,

    Your article and your code are very very interesting and thankyou very much for posting them. I am attempting to do something like what you have described in your article but I am not sure if I understand it fully.

    We want users to log on to Bobj directly from our home grown portal. SO are you saying I can create a simple jsp file on my portal server and have the id and password pushed to the BOBJ url .

    Please note we have only Bobj 4.0 and i do not have SDK, if that makes sense .

    All help on this matter is highly appreciated.

    Rajani

    • Ron Keler says:

      Thank you Rajani, you can generate the businessobjects token on any web server, as long as it contains the necesary jars to connect to the BO server, pass user credentials and generate a token. So, while the jsp code itself in this example is simple, it relies on all the necessary BO SDK jars to be available to the generated Servlet in the java app path. If you are not very familiar with java, note the import declarations at the top of the file, these require the jsp file has access to the BOE SDK. You can also generate a token using web services on other platforms, say .net or even php (i wrote about this in other posts). Hope this helps. Thanks – Ron

  6. Rajani Menon says:

    Hello Ron,

    Thankyou for your reply.I come from the SAP world and java and webservices are still a little new to me.
    Our homegrown portal resides on Websphere and for sure have no BOE SDK on it . Today there exists a hardcoded link on our portal that links to the default URL of Bobj.Users are then forced to enter a logon id and password to log on to Bobj . Windows authentication and LDAP authentication do not work for various reasons. So I am looking at options on how to embedded the id and password into the BOBJ URL (based on their portal id and password).Any detailed steps towards achieving this or even pointing me to the right documentation would be helpful.

    Thanks for all your valuable knowledge.

    Regards
    Rajani

    • Ron Keler says:

      Rajani, there is no way to login to BO by passing a username and password over URL. That is simply not secure enough. You need to capture the user credentials and use the SDK to generate a token that you can pass to BO as an authenticated session. You can use my code example, but you will need to setup the web application properly for this to work.

  7. san says:

    Hi All,
    i think this is not the right place for for it but my question is:
    Company requirment is to replace the Inbox with Document tab in BI launchpad home page. is there any way to do this changes

    thanks in Adwance

    • Ron Keler says:

      Hi San, in the CMC, you can select a group and set its BI Launchpad Preferences, so you can set for the Everyone group for example the folders to be the default home tab. It’s that easy with BI 4, SP4. In older version you can change user preferences in bulk as well, but may need to do that programmatically.

  8. Hi Ron,

    Thank you for all the great info. I work as a BOE consultant but are by no means a java developer. As you said above logging into infoview via a logon token was alot easier before BOE 4.0. I have a requirement with a client to run a Xcelsius Dashboards on a plasma. All the dashboards are hosted in BI Launchpad. Their plasma software will need to access the particular dashboard inside BI Launchpad.

    Would I need to follow your advise above, building a seperate Java app to achieve this or is there another method to achieve this requirement.

    • Ron Keler says:

      Thank you Paul. To embed an Xcelsius swf that uses BO connections (QaaWS, LO, BI Services) you need to pass a “special” flash variable to the swf object on initialization called CELogonToken. The CELogonToken must be a valid BusinessObjects session token. Once the Xcelsius generated swf sees that, it uses this session token when it fires the data connections, and all is well. There are many programmatic ways to generate a BO token via different SDKs, in my example i used the java enterprise sdk, but there are web services you can leverage, .net sdk and more. It kind of depends on your integration use case. Thanks – Ron

  9. Sai says:

    Hi Ron,

    We have a requirement from our client to Customize BI Launch Pad page and for this I have seen above article and understood that
    1. Create a Custom java WebApp in other machine by copying the necessary .jar files from BI 4 Installation Directory .
    2. Create a sample logon jsp file which will create a BO session and then pass this session token to the ” http://“+BOEHost+”/BOE/BI/logon/start.do?ivsLogonToken=”+token ”

    Please correct me if I am wrong above.

    Need few clarifications before I start implementing above things .

    I have opened BI Launch Pad URL in a IE webbrowser and logged into it , now I have opened the http://“+BOEHost+”/BOE/BI/logon/start.do in an other tab of same IE window and able to get into it since IE have the BO session stored. Now if I see in this tab the home screen of BI Launc Pad gives warning says ” Home Page Modules run only when working in BI Launch Pad ”
    So if I do the customization by creating webapp and paasing the logon token to the “http://”+BOEHost+”/BOE/BI/logon/start.do?ivsLogonToken=”+token ” then we will get the same error ” Home Page Modules run only when working in BI Launch Pad ” . Please help me how to avoid this .

    • Ron Keler says:

      Sai, the path you described will not work because you are logging in through the BI logon page, and then trying to “hijack” the session. This was possible in 3.x pretty easily, but with the new equinox architecture redo in 4.x is a bit more complex. An easier approach is what i described in the post. As long as you obtain a valid session token and pass it to the start.do process in the manner described above, you will have no issues.

  10. Sai says:

    Hi Ron,

    Thanks a ton for your response ,

    I have created a sample jsp with the above mentioned sample code and getting the below error.

    Your help is highly appreciated .Thanks a lot again

    Exception in thread “Thread-8″ java.lang.ExceptionInInitializerError
    at com.businessobjects.bcm.BCM.(BCM.java:1144)
    at com.crystaldecisions.enterprise.ocaframework.BCMInitializer.run(BCMInitializer.java:29)
    at java.lang.Thread.run(Thread.java:619)
    Caused by: java.lang.SecurityException: Toolkit not encapsulated by a jar.
    at com.rsa.cryptoj.f.ug.d(Unknown Source)
    at com.rsa.cryptoj.f.ug.b(Unknown Source)
    at com.rsa.cryptoj.f.nd.b(Unknown Source)
    at com.rsa.cryptoj.f.nd.c(Unknown Source)
    at com.rsa.jsafe.CryptoJ.isFIPS140Compliant(Unknown Source)
    at com.businessobjects.bcm.internal.BcmRsaLib.initialize(BcmRsaLib.java:214)
    at com.businessobjects.bcm.internal.BcmRsaLib.(BcmRsaLib.java:289)

    • Ron Keler says:

      Sai, looks like a problem with your class path. Make sure you use all the right jar versions, please refer to the SDK documentation for the application setup. Here’s a list of jars you’ll need for authentication and web services access:
      aspectjrt.jar
      axis.jar
      bcm.jar
      ceaspect.jar
      cecore.jar
      celib.jar
      cesession.jar
      commons-discovery-0.2.jar
      commons-logging.jar
      corbaidl.jar
      cryptojFIPS.jar
      ebus405.jar
      jaxrpc.jar
      logging.jar
      saaj.jar
      TraceLog.jar
      wsdl4j.jar

  11. saravanan says:

    Anybody share the coding which is help to me. I am looking to pass the user name and password thru external application.

    • Ron Keler says:

      saravanan, thank you, i did post the code in this blog post, not sure what else you are looking for..

    • SAravanan says:

      Thank you MR. Ron
      I have implemented your code and it is working fine .But ,Someone created a report in webi 4.0. It was working well but now when I incorporate your program refreshing these report it gives me “[Internal] SSO token or User password is empty. Please help me .

  12. SAravanan says:

    Still I am waiting for your reply. We have a problem in Webi reports. It is showing “SSO token or user password is empty”. please help me ….

    • Ron Keler says:

      HI SAravanan, sounds like there is some issue with your code. Without engaging and looking at the details, i really can’t help much. Feel free to reach out to me over email, or contract my company Cleartelligence, for professional services help. Thanks – Ron

  13. sia says:

    Hi Ron,

    How are you doing …

    I have implemented the above mentioned code and able to login successfully.But when I click on Logoff it is executing Logon.jsp by redirecting to below URL .
    http://BOEHOST:PORT/BOE/portal/1301161704/InfoView/logon.jsp

    Could you please help me how where to find this logon.jsp page in BO and so that I can customize that page aswell.

  14. Chaitanya says:

    Hi Ron,

    Thank you very much for your informative comments. I am trying to use a custome JSP code. Please confirm if I do need to put my jsp file in a folder in Tomcat6/webapps folder as we usually do? or shall I need to put it somewhere else? Since I am getting error on runing a below mentioned code..

    ERROR: java.lang exception

    I would really appreciate your insights on this.

    With regards,
    Chaitanya

    • Ron Keler says:

      Hi Chaitanya, do you have all the jars setup in the WEB-INF directory of your custom webapp you deployed onto Tomcat \webapps directory? Thanks – Ron

      • Chaitanya says:

        Hi Ron,

        Thank you very much for your instant reply. I got delayed in posting my comment. I actually managed to run the code in BO 4.0. I can see my Dashboard is being opened properly with some space left at both the sides. Tried removing that space but not completely could achieve it.

        Concern is, the application menu in the header part doesn’t work after applying this SDK code.

        I am not sure if my code is affecting this. Any insights would really help me out.

        • Ron Keler says:

          Hi Chaitanya, i guess i would need to learn more about what you are doing to assist. By passing a logon token to the BOE Desktoplaunch webapp as described in the post, will simply allow you to bypass the BOE login page. The rest of the app will function normally. It sounds like you may have some specific things you are doing related to dashboards? Dashboards actually require the BOE token to be delivered in slightly different format, via flash variable, and with a slightly different name, you can find other examples in my blog (and over the net) for embedding Xcelsius dashboards. Thanks. – Ron

          • Chaitanya says:

            Hi Ross,

            Thank you for your response.
            Can you please dig it more? I am using sendRedirect method with opendocument url passing into it.

            Below is a code I am using.

          • Chaitanya says:

            Hi Ron,

            It worked out. Issue was about the menu which written in Java Script was creating a problem and replacing that menu script file with DHTML worked out with solution perfectly.

            One more thing. When I open Webi report panel, it opens with DOCUMENT SUMMARY tab appears by default at left side. Is there anyway I can hide it & open the report in READ ONLY VIEW.?

            Sorry if this issue is not related to this blog.

            Thanks in advance.
            Chaitanya

  15. Chaitanya says:

    I might have mistaken in mentioning my code in above post,

  16. Chaitanya says:

    Even if I use your above mentioned code, I still receive the same error.

    Can you please help?

  17. Sai says:

    Hi Ron,

    Not sure is it the right place to post this issue or not but I have a requirement where Header has to repeat on every page in all the webi documents instead of manually setting this option each time when ever user creates the report.
    Please help me how to do this ?

  18. Ali says:

    I am looking for popup message to be displayed when BI launch pad loads.

    Any ideas how to go about or in which file i should embed alert function?

    Thanks

  19. Mandy says:

    Hi Ron,
    Using Admin credentials and the code snippet below, I am able to succesfully logon and create a token but when I try as a “normal” user, I get a message saying my credentials are invalid. I have verified that I can log into Launchpad using the “normal” users credentials. This makes me think that perhaps it’s a security setting somewhere. Any ideas?

    CODE SNIPPET:
    IEnterpriseSession enterpriseSession = CrystalEnterprise.getSessionMgr().logon(username, password, cms, authType);
          ILogonTokenMgr tokenMgr = enterpriseSession.getLogonTokenMgr();
          token = tokenMgr.getDefaultToken();

    • Ron Keler says:

      Hi Mandy, what version of BOE are you using? Can you confirm the jar versions are correct for the server version you are using? This sounds like a permission issue, can you add some debug code and confirm the “normal” user you are using generates a token? What do you do with the token? Do you redirect the request to a different URL? Can you paste the actual error message you receive? Thanks – Ron

  20. Hari says:

    Hi Ron, this post is really helpful. I am also trying to create a logoff.jsp page, once user logout of Launchpad it should go to logoff page instead of logon. How do I do it.

    Thanks, Hari

  21. Deanna says:

    Hey Ron, thanks for all the good information. My situation is slightly different. My client wants to pass the BOE creds to another web based app. Example: go from dashboard (swf) file to another web app.

    Is this possible?

    thanks!!!

    • Ron Keler says:

      Hi Deanna, you can certainly pass the user id from BOE to another app, but if you are looking for more then that, some sort of programmatic handshake and authentication, then you will need to come up with some “trust” mechanism between the two apps that you can use to authenticate the user coming from the dashboard into the external app.

  22. rajan says:

    Hi Ron,
    I have recently joined as BO admin (BOXIR2)and trying to undertand how the custom JSp login page is setup. The previous documentation is not correct. Could you please share your email id where i could share details or do i post the same here for clarification. Please advise

    Thanks in advance
    Rajan

  23. Ruben says:

    Hi,

    Error in the code posted above (line 13)

    should read “String authType = “secEnterprise”;”

    Thanks

  24. Premchandran Rajendran says:

    Hi Ron,
    We have 1500 Dealers who are being accessed through the dealer portal to log on to the landing page of our application. Inside the application, we have a Business objects URL where in the Internal users can access to Business Objects 4.0 launcpad. External dealers are being authenticated to the Application through extranet domain where in the Internal Users/Business is being accessed to the application through Active Directory.
    Internal Users have access to BO URL link and they are manually entering the user name and password to get into BO Launch pad.
    To enable a single sign on in BO for both Dealers and Internal Users, we need to find out a solution for this.
    Our Approach is said below
    Dealer Portal has the same domain name as like Internal/Corporate user’s domain name. From the Extranet domain, we can pass the cookie information (User name and password) to the application landing page. From the landing page, we will again pass the credentials to Business objects to get authenticated.
    But the question is, how the BO can handle the cookies to get authentication. Do we need to add any configuration in BO or Web App server?
    The environment is IBM -IHS web server BO SP 04 Patch 10.
    Please help me out. if you can share me the script that would be great at my yahoo id prem_kavi2006@yahoo.com
    Thanks,
    Prem

  25. Jon Fortner says:

    Ron,
    All we need to do is add 2 HyperLinks to the Logon Page at the bottom to our Support Email and one to our Self-Help site. Is the custom.jsp the easiest way to do that. Sounds like we’d have to re-write the entire Logon Page to accomplish that. It was so much easier in 3.1.

  26. Kamchada says:

    I have tried to edit custom.jsp to bypass my login page under \tomcat\webapps\BOE\WEB-INF\eclipse\plugins\webpath.InfoView\web.
    After edited ,I stopped tomcat and deleted all files in \tomcat\work\Catalina\localhost and start it again.Something was wrong with my BI when I tried to accesss InfoView via browser, error page 404 Missing Page was showing to me. I don’t know what to do next and I’m a newbie in java developer.

    Please Help
    Kamchada

    • Ron Keler says:

      Kamchada, you should restore the changes you made and ask someone who has more familiarity with J2EE for assistance. Sounds like the webapp did not deploy The 404 error means the page was not found, so it’s possible that after you removed all the “cache” files, ie the compiled jsp’s, suspect the BI Launchpad did not deploy for some reason. You should be able to find some specific errors in your tomcat logs.

  27. Sreekul says:

    A really really fantastic blog Ron. Great work.
    This has resolved a long standing issue that we had faced. Just can’t thank you enough.

    Kudos to you.

    Thanks again,
    Sreekul Nair

  28. Rajesh says:

    Very helpful thread. Thank you Ron!.

    I have a requirement to expose SAP BO as webservice.Is it possible?

    Using SAP BI 4.1 version. User does not want to logon or go to SAP BI launchpad.
    meaning , view the refreshed report in their web portal with the Input Controls/Drill filters functionality.

    is it possible to Integrate?

    Pls help me out.

  29. Rajesh says:

    Very helpful thread. Thank you Ron.

    I have requirement that the user does not want to logon to the BI Launchpad.Veiwing reports in their portal with Input controls/ Drill filter functionality.

    is it possible ?
    PLs help me out.

    • Ron Keler says:

      Hi Rajesh, yes, that is possible and there are several ways. Depending on the specific use case, you can choose from bypassing the login screen and using the BI Launchpad, leverage the openDocument url api to call specific reports, or leverage one of the several SDKs (crystal, webi, etc..) to programmatically embed content in the external application.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>