I’m starting to play around with the Trusted Authentification functionality in the CMC.
I managed to set it up.
Now I am using the REST API to refresh reports on behalf of other users ( /login/trusted).
In order to make it work, I followed https://launchpad.support.sap.com/#/notes/0002437493 and copied the Trusted conf in “C:/Program Files (x86)/SAP BusinessObjects/SAP BusinessObjects Enterprise XI 4.0/java/pjs/container/bin”
But by enabling this, I am afraid of the security fallouts :
Now , if I understand correctly, anyone who can access the API can now log on as any other user (not just my program).
How can I make it secure and prevent anyone else from using /login/trusted ?
guigui42 (BOB member since 2014-06-12)