Need help!
Does anybody have links, docs or samples codes about trusted authentication for boxi 3?
We have a website that should jump from portal to the InfoView (in a separate browser window with the current user from portal).
I have some informations about trusted authentication for boxi r2 but not for boxi 3, so we need help.
Thx,
ruanpf
ruanpf (BOB member since 2007-05-14)
I’m also having an issue setting up Trusted Auth in XI 3.0 - I’ve had no problems getting it to work in XI R2. The documentation (Admin Guide) says that TrustedPrincipal.conf needs to go to :\Program Files\Files\Business Objects
BusinessObjects Enterprise
12.0\win32_x86\plugins\auth\secEnterprise. However, this folder no longer exists. I’ve tried creating the folder and putting the file there. I’ve also tried putting the file in just win32_x86.
It doesn’t work either way.
-Dell
hilfy 
(BOB member since 2007-04-16)
I have tried tried…, now it works fast, some new informations for you:
where MySecret is the password you entered in step 2
Create a user called TrustedAuth in the CMC with password, and add the new user to the Administrators group.
Deploy a JSP page with your code to your java application server:
C:\Program Files\Business Objects\Tomcat5\webapps\InfoViewApp
Very important in your code, InfoViewURL should like this:
String InfoViewURL = “http://cmsname:port/InfoViewApp/logon/start.do”
and
response.sendRedirect(InfoViewURL + “?ivsLogonToken=” + logonToken
For me: it works fine but not 100%, the user in InfoView is “TrustAuth”, but not the user from Portal.
ruanpf (BOB member since 2007-05-14)
We actually have it working now with regular user ID’s. Knowing where to put the TrustedPrincipal.conf was the issue. We also had to write some code that would take the login token from our portal, extract the user ID, and then use that to create the session.
There is problem, though. XI 3.0 WILL NOT run inside a iframe. The trusted authentication works fine, but once the InfoView home page comes up none of the links work. Since all of our portal apps must run inside a portal iframe, this is a show-stopper for us.
-Dell
hilfy (BOB member since 2007-04-16)
hi,
may i ask what is the difference between trusted authentication and SSO?
we were unable to setup SSO…(BO Enginner actually webex into our server to setup)
jeffreyl (BOB member since 2008-08-08)
BOXI Docs!!! 
ruanpf (BOB member since 2007-05-14)
SSO connects to an internal LDAP data source, such as Active Directory, to authenticate a user. For Trusted Authentication, you develop a method of authenticating the user outside of Business Objects and then basically tell BO, “Hey, I’ve got a user whom I’ve authenticated and I trust, so log them in to BO.”
-Dell
hilfy (BOB member since 2007-04-16)
Hi Hilfy,
I’m installing XI 3.0 on my test server. Could you please tell me where do I copy the trustedprincipal.conf file ?
Thanks,
vsengmany (BOB member since 2008-01-15)
:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86
-Dell
hilfy (BOB member since 2007-04-16)
I need some help. I am trying to get trusted auth to work on xI r3, with no success. I have followed the documentation and some of the forums to the T, but I must of overlooked something minimal.
I did the following:
<?xml version="1.0"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>Business Objects InfoView</display-name>
<description>
Business Objects InfoView application
</description>
<!-- ==================== -->
<!-- Customizable options -->
<!-- ==================== -->
<!-- You can specify the default CMS machine name here -->
<!-- Put your CMS name inside <param-value> </param-value> -->
<!-- eg. <context-param> -->
<!-- <param-name>cms.default</param-name> -->
<!-- <param-value>CrystalMS</param-value> -->
<!-- eg. </context-param> -->
<context-param>
<param-name>cms.default</param-name>
<param-value>TSSCITW0021:6400</param-value>
</context-param>
<!-- Choose whether to let the user change the CMS name -->
<!-- If it isn't shown the default System from above will be used -->
<context-param>
<param-name>cms.visible</param-name>
<param-value>false</param-value>
</context-param>
<!-- You can specify the default Authentication types here -->
<!-- secEnterprise, secLDAP, secWinAD, secSAPR3 -->
<context-param>
<param-name>authentication.default</param-name>
<param-value>secEnterprise</param-value>
</context-param>
<!-- Choose whether to let the user change the authentication type -->
<!-- If it isn't shown the default authentication type from above will be used -->
<context-param>
<param-name>authentication.visible</param-name>
<param-value>false</param-value>
</context-param>
<!-- The default home page -->
<context-param>
<param-name>homepage.default</param-name>
<param-value>/jsp/listing/home.jsp</param-value>
</context-param>
<!-- If the locale preference is disabled (only english languages will be used/allowed) -->
<context-param>
<param-name>disable.locale.preference</param-name>
<param-value>false</param-value>
</context-param>
<!-- Set to false to disable Siteminder single sign on. -->
<context-param>
<param-name>siteminder.enabled</param-name>
<param-value>true</param-value>
</context-param>
<!-- You can specify the siteminder Authentication type here -->
<!-- secLDAP, secWinAD -->
<context-param>
<param-name>siteminder.authentication</param-name>
<param-value>secLDAP</param-value>
</context-param>
<!-- Set to true to enable Vintela single sign on. -->
<context-param>
<param-name>vintela.enabled</param-name>
<param-value>false</param-value>
</context-param>
<!-- Set to true to enable other single sign on. -->
<context-param>
<param-name>sso.enabled</param-name>
<param-value>false</param-value>
</context-param>
<!-- Set to false to disable logon with token. -->
<context-param>
<param-name>logontoken.enabled</param-name>
<param-value>true</param-value>
</context-param>
<!-- For turning persistent cookies on/off for the logon page. Defaults to true if this is not present -->
<context-param>
<param-name>persistentcookies.enabled</param-name>
<param-value>true</param-value>
</context-param>
<!--
Trusted authentication: set how to retrieve userID
set to "REMOTE_USER" for HttpServletRequest.getRemoteUser()
set to "HTTP_HEADER" for HTTP header
set to "QUERY_STRING" for URL query string
set to "COOKIE" for cookie
set to "WEB_SESSION" for web session
set to "USER_PRINCIPAL" for user principal
set to "VINTELA" for Vintela integration
reset to empty to disable trusted authentication
-->
<context-param>
<param-name>trusted.auth.user.retrieval</param-name>
<param-value>QUERY_STRING</param-value>
</context-param>
<!--
Trusted authentication: set Header/URL parameter/Cookie/Session variable name to retrieve username
No need to set for REMOTE_USER or USER_PRINCIPAL.
-->
<context-param>
<param-name>trusted.auth.user.param</param-name>
<param-value>ivsLogonToken</param-value>
</context-param>
<!--
Trusted authentication: session variable name to retrieve the shared secret;
Leave empty if shared secret is not passed from web session
-->
<context-param>
<param-name>trusted.auth.shared.secret</param-name>
<param-value></param-value>
</context-param>
<!--
Configurable logon service
These 2 configurations allow one to customize the location of the logon service
config.logon.service.context: the service context path. e.g. /InfoViewApp
config.logon.service.url: the service url without context path. e.g. /logon/logon.do
-->
<context-param>
<param-name>config.logon.service.context</param-name>
<param-value></param-value>
</context-param>
<context-param>
<param-name>config.logon.service.url</param-name>
<param-value></param-value>
</context-param>
<!--
Configurable timeout service
These 2 configurations allow one to customize the location of the timeout service
config.timeout.service.context: the service context path. e.g. /InfoViewApp
config.timeout.service.url: the service url without context path. e.g. /logon/logon.do
-->
<context-param>
<param-name>config.timeout.service.context</param-name>
<param-value></param-value>
</context-param>
<context-param>
<param-name>config.timeout.service.url</param-name>
<param-value></param-value>
</context-param>
<!--
cms.clusters: comma separated list of cluster names
Each cluster in the above list requires its own parameter:
param-name = cms.clusters.<clustername> (without the @)
param-value = comma separated list of cms servers
note: Each param-name must match case with the corresponding value in cms.clusters.
note2: No port needs to be given for a server. If none is given, then the default port 6400 is assumed.
Alternatively, these parameters may be put in a file called "clusters.properties" which should
be placed in the WEB-INF/classes directory. The parameters in this file should be stored
in the normal .properties format, i.e. one "<name>=<value> pair per line. If this file exists,
the settings in web.xml will be ignored entirely.
-->
<!-- EXAMPLE:
<context-param>
<param-name>cms.clusters</param-name>
<param-value>@samplecluster, @samplecluster2, @samplecluster3</param-value>
</context-param>
<context-param>
<param-name>cms.clusters.samplecluster</param-name>
<param-value>cmsone:6400, cmstwo</param-value>
</context-param>
<context-param>
<param-name>cms.clusters.samplecluster2</param-name>
<param-value>cms3, cms4, cms5</param-value>
</context-param>
<context-param>
<param-name>cms.clusters.samplecluster3</param-name>
<param-value>aps05</param-value>
</context-param>
-->
<!-- Sample equivalent clusters.properties file:
cms.clusters=@samplecluster, @samplecluster2, @samplecluster3
cms.clusters.samplecluster=cmsone:6400, cmstwo
cms.clusters.samplecluster2=cms3, cms4, cms5
cms.clusters.samplecluster3=aps05
-->
<!-- proxy.contextpaths: comma separated list of proxies -->
<!-- EXAMPLE:
<context-param>
<param-name>proxy.contextpaths</param-name>
<param-value>/Infoview</param-value>
</context-param>
OR
<context-param>
<param-name>proxy.contextpaths</param-name>
<param-value>/Marketing,/Sales/infoview,/HR</param-value>
</context-param>
-->
<context-param>
<param-name>proxy.contextpaths</param-name>
<param-value></param-value>
</context-param>
<!-- Default window properties when viewing a document in a new window. -->
<!-- Does not override the window properties defined in the plugin files. -->
<context-param>
<param-name>window.properties.default</param-name>
<param-value>fullscreen=yes,location=no,scrollbars=yes,menubars=no,toolbars=no,resizable=yes</param-value>
</context-param>
<!-- location to pick up help files -->
<context-param>
<param-name>customized.help.location</param-name>
<param-value></param-value>
</context-param>
<!-- Shared Destination From Field -->
<!-- Enables or Disables the From field when scheduling a object to a destination.
When the value is set to false the From field will not be rendered and the system
will first attempt to get the email value from the report default, if report default
is not available it will attempt to get the value from the email address on user
profile of the logged on user and lastly if the user profile email address in not
available it will use the job server default. -->
<context-param>
<param-name>SMTPFrom</param-name>
<param-value>true</param-value>
</context-param>
<!-- application name -->
<context-param>
<param-name>app.name</param-name>
<param-value>InfoView</param-value>
</context-param>
<context-param>
<param-name>app.name.greeting</param-name>
<param-value>BusinessObjects</param-value>
</context-param>
<context-param>
<param-name>app.supportmygroups</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>app.supportlocreports</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>app.ondemandlink</param-name>
<param-value>http://information.ondemand.com/istore/</param-value>
</context-param>
<context-param>
<param-name>app.ondemand.toolbar.button.enabled</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<param-name>app.ondemand.textlink.enabled</param-name>
<param-value>true</param-value>
</context-param>
<!-- threshold at which the tree list control will not display all the nodes -->
<!-- instead, a too many children message will be printed -->
<context-param>
<param-name>max.tree.children.threshold</param-name>
<param-value>200</param-value>
</context-param>
<!-- URLs -->
<context-param>
<param-name>url.exit</param-name>
<param-value></param-value>
</context-param>
<context-param>
<param-name>url.error</param-name>
<param-value>/jsp/common/error.jsp</param-value>
</context-param>
<!-- Content : ALL schema and non-schema (global) file resources. -->
<!-- Resolution: Resource path resolves to <schemaPath>/<resourcePathAndFileName>. -->
<!-- Prefixes : - Values prefixed with the value given by schema.prefix are resolved to the current schema -->
<!-- - Values prefixed with the value given by schema.global.prefix are resolved as non-schema (global) items -->
<!-- - NONE indicates no prefix -->
<!-- - If these 2 prefixes are the same (including both NONE) you essentially have NO global items. -->
<!-- - If neither prefix is matched, item is "schema". -->
<!-- - The prefix is not part of the file spec. -->
<!-- Note : Only the default schema is now in use. -->
<!-- ==================== -->
<!-- Schemas -->
<!-- ==================== -->
<context-param>
<param-name>schema.global.prefix</param-name>
<param-value>NONE</param-value>
</context-param>
<context-param>
<param-name>schema.prefix</param-name>
<param-value>*</param-value>
</context-param>
<!-- context-relative paths -->
<context-param>
<param-name>schema.global</param-name>
<param-value>/res/general</param-value>
</context-param>
<context-param>
<param-name>schema.default</param-name>
<param-value>/res/schema.blue</param-value>
</context-param>
<!-- ==================== -->
<!-- File resources -->
<!-- ==================== -->
<context-param>
<param-name>img.obj.default</param-name>
<param-value>ce_generic_object.gif</param-value>
</context-param>
<context-param>
<param-name>img.list.heading.separator</param-name>
<param-value>separator_grey_title_bar.gif</param-value>
</context-param>
<context-param>
<param-name>img.list.plus</param-name>
<param-value>collapse.gif</param-value>
</context-param>
<context-param>
<param-name>img.list.minus</param-name>
<param-value>expand.gif</param-value>
</context-param>
<context-param>
<param-name>img.banner.logo</param-name>
<param-value>*banner_logo.gif</param-value>
</context-param>
<context-param>
<param-name>img.banner.left</param-name>
<param-value>*banner_fill_left.gif</param-value>
</context-param>
<context-param>
<param-name>img.banner.center</param-name>
<param-value>*banner_fill_center.gif</param-value>
</context-param>
<context-param>
<param-name>img.banner.right</param-name>
<param-value>*banner_fill_right.gif</param-value>
</context-param>
<!-- Sorting Arrows -->
<context-param>
<param-name>img.sort.arrowdown</param-name>
<param-value>sort_desc.gif</param-value>
</context-param>
<context-param>
<param-name>img.sort.arrowup</param-name>
<param-value>sort_asc.gif</param-value>
</context-param>
<!-- Panel gradient & buttons -->
<context-param>
<param-name>img.panel.titlebar</param-name>
<param-value>*panel_title_bar_fill.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.footerbar</param-name>
<param-value>*panel_footer_bar_fill.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.new.window</param-name>
<param-value>*new_window.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.new.window.hover</param-name>
<param-value>*new_window_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.arrowdown</param-name>
<param-value>*arrow_down.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.arrowdown.hover</param-name>
<param-value>*arrow_down_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.arrowleft</param-name>
<param-value>*arrow_left.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.arrowleft.hover</param-name>
<param-value>*arrow_left_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.arrowright</param-name>
<param-value>*arrow_right.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.arrowright.hover</param-name>
<param-value>*arrow_right_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.arrowup</param-name>
<param-value>*arrow_up.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.arrowup.hover</param-name>
<param-value>*arrow_up_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.close</param-name>
<param-value>*close_panel.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.close.hover</param-name>
<param-value>*close_panel_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.maximize</param-name>
<param-value>*maximize.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.maximize.hover</param-name>
<param-value>*maximize_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.minimize</param-name>
<param-value>*minimize.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.minimize.hover</param-name>
<param-value>*minimize_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.restore</param-name>
<param-value>*restore_down.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.restore.hover</param-name>
<param-value>*restore_down_hover.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.tearoff</param-name>
<param-value>*tear_off.gif</param-value>
</context-param>
<context-param>
<param-name>img.panel.tearoff.hover</param-name>
<param-value>*tear_off_hover.gif</param-value>
</context-param>
<!-- Toolbar (22x22) images -->
<context-param>
<param-name>img.toolbar.calendar</param-name>
<param-value>toolbar/calendar.gif</param-value>
</context-param>
<context-param>
<param-name>img.toolbar.home</param-name>
<param-value>toolbar/home.gif</param-value>
</context-param>
<context-param>
<param-name>img.toolbar.refresh</param-name>
<param-value>toolbar/refresh.gif</param-value>
</context-param>
<!-- Error (32x32) image -->
<context-param>
<param-name>img.error</param-name>
<param-value>infoview_error.gif</param-value>
</context-param>
<!-- InfoView homepage icons -->
<context-param>
<param-name>img.home.myinfoview</param-name>
<param-value>MyInfoView.gif</param-value>
</context-param>
<context-param>
<param-name>img.home.favefolder</param-name>
<param-value>favfolder.gif</param-value>
</context-param>
<context-param>
<param-name>img.home.folder</param-name>
<param-value>folder.gif</param-value>
</context-param>
<context-param>
<param-name>img.home.help</param-name>
<param-value>help.gif</param-value>
</context-param>
<context-param>
<param-name>img.home.inbox</param-name>
<param-value>inbox.gif</param-value>
</context-param>
<context-param>
<param-name>img.home.preferences</param-name>
<param-value>preferences_infoview.gif</param-value>
</context-param>
<context-param>
<param-name>img.home.ondemand</param-name>
<param-value>ondemand.gif</param-value>
</context-param>
<!-- JSTL Configuration -->
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>com.businessobjects.infoview.ApplicationResources</param-value>
</context-param>
<!-- Clustering:
true - SessionCleanupListener will expire an Enterprise Session.
false - SessionCleanupListener will logoff an Enterprise Session.
-->
<context-param>
<param-name>distributable</param-name>
<param-value>true</param-value>
</context-param>
<!-- Uncomment the following context-param if you are using multi-byte characters with WebLogic
and you are not using CrystalUTF8InputActionServlet as the action servlet. Please note
that for this to work your application will need to send data to and receive data from the
client browser in UTF8. -->
<!--
<context-param>
<param-name>weblogic.httpd.inputCharset./*</param-name>
<param-value>utf-8</param-value>
</context-param>
-->
<context-param>
<param-name>path.rightFrame</param-name>
<param-value>1</param-value>
</context-param>
<filter>
<filter-name>EncodingFilter</filter-name>
<filter-class>com.businessobjects.webutil.encoding.EncodingFilter</filter-class>
</filter>
<!-- This filter may be required on NetWeaver to fix character encoding issues. This should be used if NetWeaver does not
set the charset to utf-8 for html responses. -->
<!--
<filter>
<filter-name>ResponseEncodingFilter</filter-name>
<filter-class>com.businessobjects.webutil.encoding.ResponseUTF8EncodingFilter</filter-class>
<init-param>
<param-name>enabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>excludeUrl1</param-name>
<param-value>/common/appService.do</param-value>
</init-param>
</filter>
-->
<filter>
<filter-name>ApplicationServiceCacheControlFilter</filter-name>
<filter-class>com.businessobjects.webutil.caching.ApplicationServiceCacheControlFilter</filter-class>
</filter>
<filter>
<filter-name>CacheControlFilter</filter-name>
<filter-class>com.businessobjects.webutil.caching.CacheControlFilter</filter-class>
</filter>
<!-- Special filter to disable HttpServletResponse.setLocale(), making it a no-op. This is necessary to preserve
charset encoding of response on web application servers that override previously charset encoding when
HttpServletResponse.setLocale() is called. -->
<!--
<filter>
<filter-name>SetEncodingFilter</filter-name>
<filter-class>com.crystaldecisions.webapp.util.filter.ResponseEncodingFilter</filter-class>
</filter >
-->
<!-- For Vintela SSO the following filter needs to be uncommented.
There is also a filter mapping which needs to be uncommented.
Set idm.realm to the Active Directory realm where the server is in
and idm.princ to the service principal name.
-->
<!--
<filter>
<filter-name>authFilter</filter-name>
<filter-class>com.businessobjects.sdk.credential.WrappedResponseAuthFilter</filter-class>
<init-param>
<param-name>idm.realm</param-name>
<param-value>YOUR_REALM</param-value>
</init-param>
<init-param>
<param-name>idm.princ</param-name>
<param-value>YOUR_PRINCIPAL</param-value>
</init-param>
<init-param>
<param-name>idm.allowUnsecured</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>idm.allowNTLM</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>idm.logger.name</param-name>
<param-value>simple</param-value>
<description>
The unique name for this logger.
</description>
</init-param>
<init-param>
<param-name>idm.logger.props</param-name>
<param-value>error-log.properties</param-value>
<description>
Configures logging from the specified file.
</description>
</init-param>
<init-param>
<param-name>error.page</param-name>
<param-value>/jsp/logon/vintelaError.jsp</param-value>
<description>
The URL of the page to show if an error occurs during authentication.
</description>
</init-param>
</filter>
-->
<filter-mapping>
<filter-name>EncodingFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>EncodingFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<!--
<filter-mapping>
<filter-name>ResponseEncodingFilter</filter-name>
<url-pattern>*.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ResponseEncodingFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ResponseEncodingFilter</filter-name>
<url-pattern>*.object</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ResponseEncodingFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
-->
<filter-mapping>
<filter-name>ApplicationServiceCacheControlFilter</filter-name>
<url-pattern>/common/appService.do</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheControlFilter</filter-name>
<url-pattern>*.gif</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheControlFilter</filter-name>
<url-pattern>*.css</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheControlFilter</filter-name>
<url-pattern>*.js</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheControlFilter</filter-name>
<url-pattern>*.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CacheControlFilter</filter-name>
<url-pattern>/ure/ure/cache/images/*</url-pattern>
</filter-mapping>
<!-- For Vintela SSO the following filter mapping needs to be uncommented.
There is also a filter which needs to be uncommented.
-->
<!--
<filter-mapping>
<filter-name>authFilter</filter-name>
<url-pattern>/logon/logonService.do</url-pattern>
</filter-mapping>
-->
<!-- Filter mapping for the special filter to disable HttpServletResponse.setLocale(), making it a no-op. This is necessary to preserve
charset encoding of response on web application servers that override previously charset encoding when
HttpServletResponse.setLocale() is called.
-->
<!--
<filter-mapping>
<filter-name>SetEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<!-- Container Listener configurations -->
<!-- In Tomcat 5.0.27, if you are experiencing problem that the license count on your CMS doesn't drop even
after the application server has been idled for a long time and all the http sessions should have
expired, comment in the following lines.
-->
<listener>
<listener-class>com.businessobjects.sdk.ceutils.SessionCleanupListener</listener-class>
</listener>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<!-- End container listener configurations -->
<!-- Servlet Mappings -->
<!-- Action Servlet Configuration -->
<servlet>
<servlet-name>action</servlet-name>
<!-- CrystalUTF8InputActionServlet is needed to enable multi-byte characters input with
Tomcat. Note that for this to work your application will need to send data and
receive data from the client browser in UTF8. Because CrystalUTF8InputActionServlet
uses Java Servlet 2.3 calls, to enable Java Servlet 2.2 support please change the
action servlet class to org.apache.struts.action.ActionServlet. Please note that
this will disable multi-byte character input support. -->
<servlet-class>com.crystaldecisions.webapp.struts.framework.CrystalUTF8InputActionServlet</servlet-class>
<!--
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
-->
<init-param>
<param-name>application</param-name>
<param-value>com.businessobjects.infoview.ApplicationResources</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>content</param-name>
<param-value>text/html;charset=utf-8</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>nocache</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<!-- The Servlet for the Application Service. This is separate because we have a special filter
for the Application Service that inserts the caching headers for the skinning/branding services,
and the "action" servlet sets the cache value to "no-cache" for all the requests it processes. -->
<servlet>
<servlet-name>AppServiceServlet</servlet-name>
<!-- CrystalUTF8InputActionServlet is needed to enable multi-byte characters input with
Tomcat. Note that for this to work your application will need to send data and
receive data from the client browser in UTF8. Because CrystalUTF8InputActionServlet
uses Java Servlet 2.3 calls, to enable Java Servlet 2.2 support please change the
action servlet class to org.apache.struts.action.ActionServlet. Please note that
this will disable multi-byte character input support. -->
<servlet-class>com.crystaldecisions.webapp.struts.framework.CrystalUTF8InputActionServlet</servlet-class>
<!--
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
-->
<init-param>
<param-name>application</param-name>
<param-value>com.businessobjects.infoview.ApplicationResources</param-value>
</init-param>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>content</param-name>
<param-value>text/html;charset=utf-8</param-value>
</init-param>
<init-param>
<param-name>detail</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>validate</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<!-- Faces Servlet -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<!-- map .do extension to dispatcher servlet -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!-- map .object extension to dispatcher servlet -->
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.object</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AppServiceServlet</servlet-name>
<url-pattern>/common/appService.do</url-pattern>
</servlet-mapping>
<!-- Define the default session timeout for your application,
in minutes. From a servlet or JSP page, you can modify
the timeout for a particular session dynamically by using
HttpSession.getMaxInactiveInterval(). -->
<session-config>
<session-timeout>20</session-timeout> <!-- 20 minutes for session objects -->
</session-config>
<!-- The welcome file list -->
<welcome-file-list>
<welcome-file>default.htm</welcome-file>
</welcome-file-list>
<error-page>
<error-code>404</error-code>
<location>/httperror_404.htm</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/httperror_500.jsp</location>
</error-page>
<!-- JSTL -->
<taglib>
<taglib-uri>/WEB-INF/c.tld</taglib-uri>
<taglib-location>/WEB-INF/c.tld</taglib-location>
</taglib>
<taglib>
<taglib-uri>/WEB-INF/fmt.tld</taglib-uri>
<taglib-location>/WEB-INF/fmt.tld</taglib-location>
</taglib>
<!-- Struts Tag Library Descriptors -->
<taglib>
<taglib-uri>/WEB-INF/struts-html.tld</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>
</taglib>
</web-app>
For the trusted.auth.user.retrieval context-param I have tried QUERY_STRING, HTTP_HEADER, and USER_PRINCIPAL. All seem to fail
4. Here is my custom login.jsp
<%@ page contentType="text/html; charset=UTF-8" %>
<%@ page import = "com.crystaldecisions.sdk.occa.infostore.*,
com.crystaldecisions.sdk.occa.infostore.CeSecurityID.Limit,
com.crystaldecisions.sdk.plugin.desktop.common.*,
com.crystaldecisions.sdk.framework.*,
com.crystaldecisions.sdk.framework.ISessionMgr,
com.crystaldecisions.sdk.framework.CrystalEnterprise,
com.crystaldecisions.sdk.framework.IEnterpriseSession.*,
com.crystaldecisions.sdk.occa.security.*,
com.crystaldecisions.sdk.properties.*,
com.crystaldecisions.sdk.exception.SDKException,
com.crystaldecisions.sdk.framework.ITrustedPrincipal,
com.crystaldecisions.ePortfolio.framework.common.CEClientConstants,
com.crystaldecisions.ePortfolio.framework.common.UserSettings,
com.crystaldecisions.sdk.framework.ISessionMgr,
com.crystaldecisions.webapp.CEConstants,
com.crystaldecisions.sdk.occa.infostore.IInfoStore,
java.util.Locale" %>
<%@ page import="com.crystaldecisions.sdk.occa.managedreports.*" %>
<%@ page import="com.crystaldecisions.sdk.occa.security.ILogonTokenMgr" %>
<%@ page import="javax.servlet.http.Cookie" %>
<html>
<body>
<%
try{
out.println("here1");
ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
out.println("sessionMRG" + sessionMgr);
out.println("here2");
ITrustedPrincipal trustedPrincipal = sessionMgr.createTrustedPrincipal("rod", "tssccitw0021.svr.xxxxxxx.net:6400", "rod");
out.println("here3");
IEnterpriseSession enterpriseSession = sessionMgr.logon("rod", "koala","tssccitw0021.svr.xxxxx.net:6400", "secEnterprise");
out.println("here4");
//IEnterpriseSession enterpriseSession = sessionMgr.logon(trustedPrincipal);
String logonToken = enterpriseSession.getLogonTokenMgr().getDefaultToken();
out.println(logon);
out.println("</br>");
IUserInfo authenticated = enterpriseSession.getUserInfo();
out.println(authenticated.getAuthenMethod());
out.println("</br>");
out.println(authenticated.getUserName());
string infoViewURL = "http://tssccitw0021.svr.xxxxx.net:8080InfoViewApp/logon/start.do";
response.sendRedirect (infoViewURL + + "?ivsLogonToken=" + logonToken );
out.println("here5");
}catch(Exception ex){
out.println(ex.getMessage().toString());
}
%>
</body>
</html>Does anyone see any mistakes that I am doing?
Thanks! 
doogie003 (BOB member since 2008-09-29)
Is there anybody out there? 
doogie003 (BOB member since 2008-09-29)
I’m trying to get Trusted Auth for 3.0 also.
I currently have the following working:
XI 3.0
AD auth with Kerberos
SSO with Vintela
F5 load balancer
My problem is that I have a proxy server, for trying to use HTTPS for users coming from external network, but it’s on a different AD domain. I’m getting an error message about HTTP: Status 401. This request requires HTTP authentication ().
For my production XIR2 environment, we’re using IIS and Tomcat, via a Jakarta redirector, with NT auth and Trusted Auth.
Now for 3.0 we’re using AD auth via Kerberos and Vintela SSO.
My question is…do I need to have IIS redirecting for using Trusted Auth? Or can this be used with just BO tomcat server?
ccermak (BOB member since 2007-11-13)
We have it working both ways in our test environment - I haven’t deployed to our staging or production environments yet, so I haven’t tried it through the firewall from our DMZ.
-Dell
hilfy (BOB member since 2007-04-16)
Save the TrustedPrincipal.conf file in one of the following locations:
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86
The directory specified in the bobj.trustedauth.home Java system property, which can be set at runtime:
System.setProperty(“bobj.trustedauth.home”, “C:\myNewDir”)
swcheon 
(BOB member since 2007-11-13)
Hi,
I have similar issue. I never done trusted authentication before. pretty much new. environment dotnet (Microsoft)
Below is the configuration.
OS: windows 2003 server. / IIS6
BOXI Server components: On App Server (Appserver1)
Webtiercomponents : on WebServer (Webserver1)
I want to pass the username and password from the intranet application either through HTTP Headers or cookie to skip the infoview logins.
I read the admin documentation and from forums.
Created “authkey” all lowercase in CMS and check the “Trusted Authentication” check box.
Created the file TrustedPrincipal.conf , I am not sure where I have to put the TrustedPrincipal.conf file?.On the Webserver \win32_x86 or Appserver \win32_x86 or on both locations?.
Along with that, I am not sure which parameter I have to modify in web.conf file which is in InfoViewApp directory under Webserver.
Could someone please provide the sample code and/or steps by putting some default values like below.
Shared Secret key : authkey
new bouser with admin rights : trustuser
this is very urgent.
forumpt (BOB member since 2008-10-02)