RSA Security Xlr2 User Manual

RSA Secured Implementation Guide

For Portal Servers and Web-Based Applications

Last Modified 12/2/05

Partner Information

Product Information

Partner Name Web Site www.businessobjects.com Product Name Version & Platform Product Description

Product Category

Business Objects

InfoView XIr2 / BusinessObjects Enterprise Business Objects is an integrated query, reporting and analysis solution for

business professionals that allows you to access the data in your corporate databases directly from your desktop and present and analyze this information in a Business Objects document.

InfoView is your personal gateway to your corporate information capital. It allows you to access documents generated from your corporate data storage, from your office, home, or around the world, using your intranet, extranet, or the World Wide Web.

Portal Server

Page: 1

Solution Summary

To achieve Single-Sign-On (SSO) with BusinessObjects Enterprise XIr2 InfoView, a web server proxy to the InfoView application server host must be configured. An RSA ClearTrust agent is installed on this web server and it is configured to protect BusinessObjects Enterprise resources. Pre-existing RSA ClearTrust (LDAP) groups can be imported into InfoView. These groups and their individual users can then be managed and maintained via the ClearTrust Entitlements Manager and servers. Each user is given a BusinessObjects Enterprise alias and an LDAP alias, each of which correspond to the RSA ClearTrust username. BusinessObjects Enterprise is then configured to trust RSA ClearTrustauthenticated users.

The ClearTrust Administrator creates BusinessObjects Enterprise users, groups, resources, and entitlements. When a user first requests a protected resource, the RSA ClearTrust web server agent prompts the user for authentication credentials. The agent communicates with the RSA ClearTrust servers to establish authentication and determine if the user is authorized to access the requested resource. Following successful authentication and authorization, the user is forwarded to a script within the BusinessObjects Enterprise web application. This script retrieves the identity of the user by parsing an HTTP header variable and creates a personalized BusinessObjects Enterprise session.

Figure 1 illustrates a high-level view of this deployment.

authentication &

Request protected resources

authorization

ClearTrust

Servers

shared users

and groups

Web Server

and ClearTrust

Agent

Figure 1: Integration deployment diagram

proxy

pplication Server

BusinessObjects

Enterprise

LDAP Server

Partner Integration Overview

Use UserID for SSO Use UserID for Personalization Recognize Authentication Type API-level Authorization Support (RuntimeAPI) User Management (AdminAPI)

Yes Yes Yes No Via Shared User Repository (LDAP)

Page: 2

Product Requirements

Partner Product Requirements: <Partner Product (Component)>

CPU Memory

Storage Optical Drives

Operating System

Platform Required Patches

Windows 2000 Windows Server 2003

Integration Modules

File Name Destination

ftp://ftp.rsasecurity.com/pub/partner_engine ering/ClearTrust/BusinessObjects/BOXI_CT5 53_SSO.zip

Pentium 3 - 700 Mhz 1GB RAM 5 GB for BusinessObjects Enterprise and an additional

1.5 GB for Performance Management CD-ROM

SP4 Advanced Server, SP4 Datacenter Server or SP4 Server Datacenter Edition, Enterprise Edition, Standard Edition or Web Edition

Download the file and unzip it into a directory on the BusinessObjects Enterprises host.

Business Objects supports and recommends the installation of all MSFT critical patches for the listed

operating systems.

Each of these editions is supported with or without SP1.

Page: 3

Product Configuration

Before You Begin

This section provides instructions for integrating the partners’ product with RSA ClearTrust. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of the two products to perform the tasks outlined in this section and access to the documentation for both in order to install the required software components. All products/components need to be installed and working prior to this integration. Perform the necessary tests to confirm that this is true before proceeding.

Installation Prerequisites

Before beginning the RSA ClearTrust – BusinessObjects Enterprise InfoView configuration, make sure that:

- The RSA ClearTrust servers have been installed.

- BusinessObjects Enterprise XIr2 has been installed, including:

 The Java-based Administrative console  InfoView

- A web server proxy to the application server that hosts BusinessObjects Enterprise has been installed and configured.

- An RSA ClearTrust Web Server Agent has been installed and tested on the web server proxy.

Configuring BusinessObjects Enterprise XIr2

You can configure InfoView to use RSA ClearTrust for user authentication and Single-Sign-On (SSO). There are five basic steps in this configuration process:

Configure the LDAP plug-in

Build LDAP user accounts

Configure the Trusted Authentication shared secret

Add an Enterprise alias to each user account

Install the SSO and exit scripts

Web server proxy configuration is outside of the scope of this documentation. Please refer to the

appropriate application server documentation.

Page: 4

+ 8 hidden pages