Java Infoview XI R2 Single sign-on

system · December 8, 2005, 2:15am

Hi…

has anybody cracked single sign-on to Java Infoview using Windows AD in XI R2 ?

I’m told that Windows AD is now a supported authentication method for Java in R2. However , the tricky bit will be getting single sign-on to work.

It has been mentioned that a Kerberos utility written by MIT might be involved.

Does anybody have any insights into this ?

Cheers

richmona (BOB member since 2003-04-15)

system · December 8, 2005, 5:03am

In the Java environment, single-signon works out-of-the-box for LDAP only. For ADS, you have to write some custom codes, I believe.

I have not heard of this Kerberos utility. You need to verify with BOBJ to make sure it is supported by them.

substring (BOB member since 2004-01-16)

system · January 6, 2006, 8:28pm

Hi, Has anyone tried to implement the custom code for using SSO in a Java environment?

aaddiitt (BOB member since 2005-03-17)

system · January 17, 2006, 8:19pm

Can SOMEONE please confirm this? We have R2 on LDAP configured just fine for account extraction. Authentication against LDAP works fine out of the box. There doesn’t seem to be a way to do SSO WITHOUT SiteMinder (Apache HTTP tp Apache Tomcat, btw).

a.

angelsd1 (BOB member since 2005-10-21)

system · January 17, 2006, 8:23pm

follow the steps on this article and you will be fine…

https://bobj-board.org/t/44055

aaddiitt (BOB member since 2005-03-17)

system · January 17, 2006, 9:44pm

Thanks, but we are using that. The article is about a VBScript to capture an IIS - AD “token” that is passed to the JSP side (Tomcat). What is needed is the Apache Web server plug-in that is mentioned further up the thread. Do you have that?

a

angelsd1 (BOB member since 2005-10-21)

system · January 17, 2006, 9:52pm

i think you have misunderstood a lil bit here. that vbcode is the plug-in that is used here. the plug-in works under iis to authenticate and then passes the token to the java pages which run under apache (web server) “and” tomcat (application server). i don’t think there is any plug-in necessary for the application server to enable sso. it works for me.

aaddiitt (BOB member since 2005-03-17)

system · March 26, 2006, 7:37pm

Hi All,

Is it possible to use IIS and Tomcat and use Siteminder for single sign on, I mean use isapi_redirector to redirect requests from IIS to Tomcat and use Siteminder with IIS for single sign on with AD.

Thanks and Regards,

Forum_Member101 (BOB member since 2005-05-18)

system · March 27, 2006, 7:45pm

Hi All,

I am in process of preparing a Demo for XI R2. Please provide some views about the following architecture.

Windows 2003 Server
Tomcat 5.0.27 as the App server
IIS 6.0 as webserver.
isapi_redirect2 as the redirector to direct requests from IIS to Tomcat.

I have manually deployed BO XI R2 on Tomcat 5.0.27 and then configured IIS as the webserver. Next steps are to configure BO to use AD and then configure siteminder with IIS for single sign on, but I am not sure if siteminder would work in this scenario of redirecting requests from IIS to Tomcat. Please provide some views and ideas about this architecture.

Thanks in advance.

Regards,

Forum_Member101 (BOB member since 2005-05-18)

system · March 28, 2006, 8:31am

Hi,

We’re going to test the AD single sign-on in couple of weeks by following the “Configuring Active Directory Authentication using Java Application Servers”
documentation.

Has anyone tried AD SSO on Java based on the above technical paper?

laukkoski (BOB member since 2002-09-02)

system · April 1, 2006, 8:40pm

I have followed the steps and even AD logon is not working for me in Tomcat and we have a ticket raised with BO working on it. I am not sure if Single sign on to database will work on Tomcat.

Thanks & Regards
dinesh

dinesh2005 (BOB member since 2005-09-12)

system · April 11, 2006, 5:07am

I have configure SSO successfully, follow the steps on this article and you will be fine…

fxylhy (BOB member since 2006-04-10)

system · April 11, 2006, 3:00pm

fxylhy,

Please share some more information about Single Sign On. Did you use siteminder for SSO?

Regards,

Forum_Member101 (BOB member since 2005-05-18)

system · April 12, 2006, 1:52am

Ravi,

OK, no problem. i don’t use siteminder for SSO.

Create a new account in AD, see attachment page 2.
2.configuring the central management server, see attached page3.
3.Configuring BOE XI r2, see attachment page 4.
4.Configuring the JAVA SDK, see attachment page 4.
5.Configuring Tomcat or other application server, page 7.

note:
configuring krb5.ini you must note that server names are all uppercase and in FQDN format. Also, the value for default_domain must match exactly what is entered in the CMC as Default Domain.

BR
Mark
boe_xi_r2_AD_authentication_on_Java_App_Servers.pdf (219.0 KB)

fxylhy (BOB member since 2006-04-10)

system · April 12, 2006, 2:08am

Okay… I really am missing it.

That document talks about enabling Windows AD authentication with Java.
No problem there.

Is there some sort of miscommunication about what SSO is ??
Having the logon screen appear and not having to put your credentials in before clicking the logon button is not SSO

At what point in that configuration have you enabled Single sign-on.

It can only be enabled using Siteminder

richmona (BOB member since 2003-04-15)