RSA Secured Implementation Guide
For Portal Servers and Web-Based Applications
Last Modified 12/2/05
Partner Information
Product Information
Business Objects
Partner Name
Web Site
InfoView
XIr2 / BusinessObjects Enterprise
Business Objects is an integrated query, reporting and analysis solution for
business professionals that allows you to access the data in your corporate
databases directly from your desktop and present and analyze this
information in a Business Objects document.
Product Name
Version & Platform
Product Description
InfoView is your personal gateway to your corporate information capital.
It allows you to access documents generated from your corporate data
storage, from your office, home, or around the world, using your
intranet, extranet, or the World Wide Web.
Portal Server
Product Category
Page: 1
Download from Www.Somanuals.com. All Manuals Search And Download.
Product Requirements
Partner Product Requirements: <Partner Product (Component)>
Pentium 3 - 700 Mhz
CPU
1GB RAM
Memory
5 GB for BusinessObjects Enterprise and an additional
1.5 GB for Performance Management
CD-ROM
Storage
Optical Drives
Operating System1
Platform
Required Patches
SP4 Advanced Server, SP4 Datacenter Server or SP4
Server
Windows 2000
Datacenter Edition, Enterprise Edition, Standard Edition
Windows Server 2003
or Web Edition2
Integration Modules
File Name
Destination
Download the file and unzip it into a directory on the
BusinessObjects Enterprises host.
1 Business Objects supports and recommends the installation of all MSFT critical patches for the listed
operating systems.
2 Each of these editions is supported with or without SP1.
Page: 3
Download from Www.Somanuals.com. All Manuals Search And Download.
Product Configuration
Before You Begin
This section provides instructions for integrating the partners’ product with RSA ClearTrust. This
document is not intended to suggest optimum installations or configurations. It is assumed that the
reader has both working knowledge of the two products to perform the tasks outlined in this section and
access to the documentation for both in order to install the required software components. All
products/components need to be installed and working prior to this integration. Perform the necessary
tests to confirm that this is true before proceeding.
Installation Prerequisites
Before beginning the RSA ClearTrust – BusinessObjects Enterprise InfoView configuration, make sure
that:
-
-
The RSA ClearTrust servers have been installed.
BusinessObjects Enterprise XIr2 has been installed, including:
ꢀ
ꢀ
The Java-based Administrative console
InfoView
-
-
A web server proxy to the application server that hosts BusinessObjects Enterprise has been
installed and configured.3
An RSA ClearTrust Web Server Agent has been installed and tested on the web server proxy.
Configuring BusinessObjects Enterprise XIr2
You can configure InfoView to use RSA ClearTrust for user authentication and Single-Sign-On (SSO).
There are five basic steps in this configuration process:
3 Web server proxy configuration is outside of the scope of this documentation. Please refer to the
appropriate application server documentation.
Page: 4
Download from Www.Somanuals.com. All Manuals Search And Download.
Configure the LDAP plug-in
1. Launch and log into the BusinessObjects Enterprise Central Management Console (CMC).
2. Select Authentication from the Manage frame and then chose the LDAP tab.
3. Enter the LDAP hostname and port, click the Add button and then click Next.
Page: 5
Download from Www.Somanuals.com. All Manuals Search And Download.
4. Enter the base LDAP distinguished name, and click Next.
5. Enter LDAP log-on credentials and click Next.
Note: The credentials do not need to be those of an LDAP server
administrator. The user only needs read access to the server.
6. Select Basic (no SSO) for LDAP authentication and click Next.
Page: 6
Download from Www.Somanuals.com. All Manuals Search And Download.
7. Select the following radio buttons:
1. Assign each added LDAP alias to an account with the same name
2. No new aliases will be added and new users will not be created
3. New users are created as concurrent users
8. Click Next and Finish.
Build LDAP user accounts
1. Launch and log into the BusinessObjects Enterprise Central Management Console (CMC).
2. Select Authentication from the Manage frame and then chose the LDAP tab.
3. Enter and add all ClearTrust/LDAP groups to be imported.
9. Select the following radio buttons:
1. Assign each added LDAP alias to an account with the same name
2. New aliases will be added and new users will not be created
3. New users are created as named users
10. Click Update.
Page: 7
Download from Www.Somanuals.com. All Manuals Search And Download.
Configure the Trusted Authentication shared secret
1. Launch and log into the CMC.
2. Select Authentication from the Manage frame and then chose the Enterprise tab.
3. Select the Trusted Authentication is enabled checkbox and chose and enter a passkey in the Shared
secret field.
4. Click Update.
Page: 8
Download from Www.Somanuals.com. All Manuals Search And Download.
\plugins\auth\secEnterprise and create a new text file named TrustedPrincipal.conf. Type the following line
at the beginning of this file:
SharedSecret=%SHARED_SECRET%
where %SHARED_SECRET% matches the passkey entered in step 3.
6. Save changes to TrustedPrincipal.conf and close it.
Add an Enterprise alias to each user account
1. Launch and log into the CMC.
2. Select Authentication from the Manage frame and then chose the Enterprise tab.
3. Deselect every checkbox except Trusted Authentication is enabled.
4. Click Update.
5. Return to CMC Home and select Users from the Organize frame.
6. For each user, open the user account, scroll to the end of the page, and click New Alias.
8. Deselect the User must change password at next logon checkbox.
9. Click OK.
4 Replace %BUSINESSOBJECTS_HOME% with BusinessObjects Enterprise’s installation directory. The
default value for this directory is C:\Program Files\Business Objects.
5 Note that this password doesn’t have to match the user’s RSA ClearTrust password. It is the latter
password the user must remember and use to authenticate.
Page: 9
Download from Www.Somanuals.com. All Manuals Search And Download.
Install the SSO and exit scripts
The SSO script – sso.jsp – is contained in the BOXI_CT553.zip file (previously downloaded). This file is
responsible for creating a BusinessObjects Enterprise session for the ClearTrust-authenticated user.
After a successful ClearTrust authentication, the user will be redirected to this JSP. The BusinessObjects
Enterprise web application’s web.xml file must be configured in order for this redirection to take place.
Web Server
User requests an RSA
ClearTrust-protected
BusinessObjects resource.
RSA ClearTrust Web Server Agent
- Authenticate user by communicating
with the RSA ClearTrust Servers.
- Determine that user is authorized to
access requested resource.
Application Server
BusinessObjects Enterprise 11.5
sso.jsp
web.xml
User has access to the
requested resource.
- Creates BO
session
with user
- Configured
to direct valid
users to
redirect
validated by
ClearTrust.
sso.jsp.
Page: 10
Download from Www.Somanuals.com. All Manuals Search And Download.
The exit script – exit.jsp – is also contained in the BOXI_CT553.zip file. This script will be called when a
user clicks the Logoff button on the CMC. It is responsible for destroying the BusinessObjects Enterprise
session and closing the browser window (thus destroying the RSA ClearTrust SSO token).
Note: The sso.jsp and exit.jsp files are provided as examples. The may
be used in a production environment, but they can also be modified to
meet a specific customer’s requirements.
In order to install and configure the scripts:
1. Navigate to %BUSINESSOBJECTS_HOME%\Tomcat\webapps\businessobjects\enterprise115\
desktoplaunch\WEB-INF and open the web.xml file. Find the welcome-file-list tag, and change the value
of the welcome-file to exit.jsp6:
<!-- The welcome file list -->
<welcome-file-list>
<welcome-file>exit.jsp</welcome-file>
</welcome-file-list>
2. Copy the sso.jsp and exit.jsp files to the
%BUSINESSOBJECTS_HOME%\Tomcat\webapps\businessobjects\enterprise115\
desktoplaunch\ directory.
6 The default welcome-file value is default.htm.
Page: 11
Download from Www.Somanuals.com. All Manuals Search And Download.
Certification Checklist Portal Servers and Web-Based Apps
Date Tested11/18/2005
Certification Environment
Product Name
RSA ClearTrust
RSA ClearTrust IIS Agent
BusinessObjects Enterprise
XIr2 InfoView
Version Information
Operating System
Windows 2003 Server Enterprise
Windows 2003 Server Enterprise
Windows 2003 Server Enterprise
5.5.3
6.0
XIr2
Test Case
Result
Product Characteristics for SSO Support
Application/Portal is web-based, and supports access by a standard HTTP-based browser
Application/Portal runs on Web Server Platform supported by RSA ClearTrust
Application/Portal login interface can be modified or replaced
Application/Portal can extract user information from RSA ClearTrust session cookie
Application/Portal can extract user information from HTTP Headers
N/A
Application/Portal can extract authentication type from RSA ClearTrust session cookie
Application/Portal can extract authentication type from HTTP Headers
N/A
N/A
Application/Portal can perform SSO with other RSA ClearTrust-supported Web Server
Login - General
HTTP basic authentication
Forms based
Forms based w/ URI retention
N/A
Login – Basic Authentication
Access Denied for unauthorized user
Successful login for authorized user
Successful recognition of identity/personalization in 3rd Party Product
Successful recognition of identity/personalization after SSO with other RSA ClearTrust-supported
Web Server
Login –Graded Authentication
Access Denied for unauthorized user
Successful login for authorized user
Successful recognition of identity/personalization in 3rd Party Product
Successful recognition of identity/personalization after SSO with other RSA ClearTrust-supported
Web Server
JGS
= Pass
= Fail N/A = Non-Available Function
Page: 12
Download from Www.Somanuals.com. All Manuals Search And Download.
|