SAP Business objects Enterprise XI 3.0 JAAS SSO Enablement Extensions Deployment Guide

JAAS SSO Enablement Extensions
Deployment Guide for IBM
WebSphere Server 6.0

BusinessObjects Enterprise XI 3.0

Copyright

© 2008 Business Objects. All rights reserved. Business Objects owns the following
U.S. patents, which may cover products that are offered and licensed by Business
Objects: 5,295,243; 5,339,390; 5,555,403; 5,590,250; 5,619,632; 5,632,009;
5,857,205; 5,880,742; 5,883,635; 6,085,202; 6,108,698; 6,247,008; 6,289,352;
6,300,957; 6,377,259; 6,490,593; 6,578,027; 6,581,068; 6,628,312; 6,654,761;
6,768,986; 6,772,409; 6,831,668; 6,882,998; 6,892,189; 6,901,555; 7,089,238;
7,107,266; 7,139,766; 7,178,099; 7,181,435; 7,181,440; 7,194,465; 7,222,130;
7,299,419; 7,320,122 and 7,356,779. Business Objects and the Business Objects
logo, BusinessObjects, Business Objects Crystal Vision, Business Process On
Demand, BusinessQuery, Cartesis, Crystal Analysis, Crystal Applications, Crystal
Decisions, Crystal Enterprise, Crystal Insider, Crystal Reports, Crystal Vision,
Desktop Intelligence, Inxight, the Inxight Logo, LinguistX, Star Tree, Table Lens,
ThingFinder, Timewall, Let There Be Light, Metify, NSite, Rapid Marts, RapidMarts,
the Spectrum Design, Web Intelligence, Workmail and Xcelsius are trademarks or
registered trademarks in the United States and/or other countries of Business
Objects and/or affiliated companies. Business Objects is an SAP company. SAP
is the trademark or registered trademark of SAP AG in Germany and in several
other countries. All other names mentioned herein may be trademarks of their
respective owners.

Third-party
Contributors

Business Objects products in this release may contain redistributions of software
licensed from third-party contributors. Some of these individual components may
also be available under alternative licenses. A partial listing of third-party
contributors that have requested or permitted acknowledgments, as well as required
notices, can be found at: http://www.businessobjects.com/thirdparty

2008-06-02

Contents

About this guide 5Chapter 1

Who should read this guide? ......................................................................6

Business Objects information resources ....................................................6

Chapter 2

Index 19

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere
Server 7

Installation overview ...................................................................................8

System Requirements.................................................................................8

Deploying the JAAS SSO Enablement Extensions ....................................9

To update the web.xml file......................................................................9

To install the JAR files Tip....................................................................10

To add the JAR files to the class library...............................................11

To configure the LoginModule..............................................................12

To change the classloading policy for the BusinessObjects

EnterprisePortal Integration Kit............................................................13

Get More Help 15Appendix A

JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0 3

Contents

4 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0

About this guide

1

About this guide

1

Who should read this guide?

This guide provides information on installing and configuring the
BusinessObjects Enterprise XI 3.0 Portal Integration Kit - JAAS SSO
Enablement Extensions.

Who should read this guide?

This guide is intended for administrators who are responsible for installing
the BusinessObjects XI 3.0 Portal Integration Kit - JAAS SSO Enablement
Extensions. Familiarity with your portal server is beneficial, as is a working
knowledge of Crystal Reports and BusinessObjects Enterprise.

Business Objects information resources

For more information and assistance, see Get More Help on page 15. This
appendix describes the Business Objects documentation, customer support,
training, and consulting services, with links to online resources.

6 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere Server

2

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere Server

2

Installation overview

Installation overview

The BusinessObjects Enterprise XI 3.0 Portal Integration Kit - JAAS SSO
Enablement Extensions let you leverage single sign-on (SSO) on your Web
Server. The JAAS SSO Enablement Extensions let you automatically
authenticate and sign-on users to the BusinessObjects Enterprise system,
giving them an appropriate amount of access to the reports and objects on
the BusinessObjects Enterprise system, including their Inbox and Favorites
folder and their own personalized reports, without requiring them to enter
their credentials again.

For more information on how JAAS authentication works, see the following:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/AcnOnly.html

Note: You must install the BusinessObjects Enterprise XI 3.0 Portal

Integration Kit - JAAS SSO Enablement Extensions on the same machine
as your portal server, and you must be logged on with sufficient privileges
to perform this operation.

System Requirements

Before you can deploy the BusinessObjects Enterprise XI 3.0 Portal
Integration Kit - JAAS SSO Enablement Extensions, the BusinessObjects
Enterprise XI 3.0 Portal Integration Kit must be installed and configured
correctly. For more information about the Portal Integration Kit, see the
BusinessObjects Enterprise XI 3.0 Portal Integration Kit Installation Guide.

For a list of system requirements, consult the Products Availability

Report (PAR) document which is located on our support site: http://sup

port.businessobjects.com/documentation/default.asp. For additional important

information that may apply to your deployment, it is also strongly
recommended that you consult the Release Notes and other Product

Documentation located on our support site: http://support.businessob

jects.com/documentation/default.asp.

8 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere Server

Deploying the JAAS SSO Enablement Extensions

Deploying the JAAS SSO Enablement
Extensions

Before following these steps, make sure the BusinessObjects Enterprise XI

3.0 Portal Integration Kit and the portal application have been set up properly
on your portal server as described in the BusinessObjects Enterprise XI 3.0

Portal Integration Kit Installation Guide

To deploy the BusinessObjects Enterprise XI 3.0 Portal Integration Kit - JAAS
SSO Enablement Extensions, you must do the following:

• Update the web.xml file.

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere
Server Deploying the JAAS SSO Enablement Extensions

• Install the JAR files.

• Add the JAR files to the class library.

• Configure the LoginModule.

2

• Change the classloading policy for the BusinessObjects Enterprise Portal

Integration Kit.

Note: Before following these steps, you must enable security on the

WebSphere Portal Server. See your WebSphere documentation for more
details.

To update the web.xml file

1. Extract web.xml from the BusinessObjectsPortlets.war file (for

example, jar xf BusinessObjectsPortlets.war) and change the
values for the following parameters:

BusinessObjects Automatic
SignOn

JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0 9

ValueParameter Name

false

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere Server

2

Deploying the JAAS SSO Enablement Extensions

ValueParameter Name

BusinessObjects External Auto­matic Sign-On

<context-param>

<param-name>BusinessObjects Central Management Serv

er</param-name>

<param-value>MyCMS</param-value>
</context-param>
<context-param>

<param-name>BusinessObjects Automatic SignOn</param-name>

<param-value>false</param-value>
</context-param>
<context-param>

<param-name>BusinessObjects External Automatic Sign­On</param-name>

<param-value>true</param-value>
</context-param>
<context-param>

<param-name>BusinessObjects Authentication Mode</param-

name>

<!-- secEnterprise, secWinAD, secWindowsNT, or secLDAP

-->

<param-value>secEnterprise</param-value>
</context-param>

true

2. Add the edited web.xml to the BusinessObjectsPortlets.war file (for

example, jar uvf BusinessObjectsPortlets.war

.\WEB-INF\web.xml).

3. Start the Application Server and open the Application Server Admin

Console. Log on with a username that has Administrator privileges.

4. On the "Administration" page, click Portlet Management > Web Modules.

5. Search for the BusinessObjects portlet module and Click Refresh. Refresh

using the updated BusinessObjectsPortlets.war file.

To install the JAR files Tip

1. You may want to make a backup copy of the existing sso.jar file before

taking the next step. To replace the existing sso.jar with the new

sso_jaas.jar file, rename sso_jaas.jar to ssol.jar and copy the new

10 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere Server

Deploying the JAAS SSO Enablement Extensions

sso.jar file to the following folder: Portlet_Application_Directo

ry\WEBINF\lib

For example:

C:\Program Files\IBM\WebSphere\PortalServer\in
stalledApps\Web_Applica
tion_PA_1075wnd9.ear\PA_1075wnd9.war\WEB-INF\lib

Note: Each time that you refresh the BusinessObjects Portlets.war

file it will overwrite the new sso.jar file that you just copied and you will
need to repeat this step again. Alternatively, you could update the sso.jar
into the BusinessObjectsPortlets.war first.

2. Copy the file BOLoginModule.jar to the server. For example, you might

choose to place it in the following directory: Portlet_Application_Di

rectory\WEB-INF\lib

For example:

C:\Program Files\IBM\WebSphere\PortalServer\in
stalledApps\Web_Applica
tion_PA_1075wnd9.ear\PA_1075wnd9.war\WEB-INF\lib

2

To add the JAR files to the class library

1. Start the Application Server and open the Application Server Admin

Console. Log on with a username that has Administrator privileges.

2. Click Environment > Shared Libraries.

3. Add the shared libraries of BOIXPIK with the correct classpath. (for exam

ple, C:\Program Files\IBM\WebSphere\PortalServer\in

stalledApps\Web_Applica
tion_PA_1075wnd9.ear\PA_1075wnd9.war\WEB-INF\lib)

4. Ensure that the following BusinessObjects Enterprise Portal Integration

Kit files have been added to the server: BOLoginModule.jar, cecore.jar,

celib.jar, ceplugins_core.jar, cesession.jar, ebus405.jar, Cor
baIDL.jar, log4j.jar and logging.jar. If they have not been added,

add them now.

5. Click Servers > Application Servers.

6. Select WebSphere_Portal > Java and Process Management >

ClassLoader > name of classloader > Libraries. For example, the

value of name of classloader might be something like this:
Classloader_1100894730125.

JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0 11

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere Server

2

Deploying the JAAS SSO Enablement Extensions

7. Add your newly created class libraries (for example, "BOIXPIK").

To configure the LoginModule

1. Start the Application Server and open the Application Server Admin

Console. Log on with a username that has Administrator privileges.

2. Click Security > Global security > JAAS Configuration > Application

Logins.

3. Click on the Portal_LTPA > JAAS login modules.

Note: This Portal_LTPA login configuration should have been

automatically setup when security was enabled.

4. Click JAAS Login Modules > New .

5. Type com.businessobjects.security.jaas.BOLoginModule for the Module

Classname. Set the Authentication Strategy to OPTIONAL. You do not
need to update the Proxy Classname. Click Apply.

6. Click Custom Properties for the newly added LoginModule.

7. Set the properties for the BusinessObjects LoginModule

For example, your settings might look like this:

DefaultCMS: MyCMS
DefaultUserName: wpsadmin
DefaultPassword: wpsadmin
DefaultAuthentication: secEnterprise
SessionTimeout: 120
LogLevel: 6
LogFile: c:\jaas.log

Example:

Note: The property values are case sensitive.

Tip: To turn off logging, set Log Level to 0. To get the highest level of logging,

set Log Level to 7.

12 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere Server

Deploying the JAAS SSO Enablement Extensions

To change the classloading policy for the BusinessObjects EnterprisePortal Integration Kit

Note: There are several ways to do this. If the classloading policies have

remained unchanged from the defaults, you can do the following:

1. Start the Application Server and open the Application Server Admin

Console. Log on with a username that has Administrator privileges.

2. Click Applications > Enterprise Applications .

3. Select the BusinessObjects Enterprise Portal Integration Kit application.

(for example, Web_Application_PA_*)

4. Change Class loader mode to Parent First.

5. Select Web Modules.

6. Click on the module name.

7. Select Parent First for the Class loader Mode.

8. Restart the IBM WebSphere portal server. Use the following URL format

to access the portal: http://[portal-server-IP]:[port]/wps/portal.

For example, http://localhost:9081/wps/portal.

2

You have successfully deployed the BusinessObjects Enterprise XI 3.0 Portal
Integration Kit - JAAS SSO Enablement Extensions on your web portal server.
From now on, you will be able to leverage the WebSphere security API to
authenticate BusinessObjects Enterprise users.

JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0 13

Installing the JAAS SSO Enablement Extensions on an IBM WebSphere Server

Deploying the JAAS SSO Enablement Extensions

2

14 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0

Get More Help

A

A

Get More Help

Online documentation library

Business Objects offers a full documentation set covering all products and
their deployment. The online documentation library has the most up-to-date
version of the Business Objects product documentation. You can browse
the library contents, do full-text searches, read guides on line, and download
PDF versions. The library is updated regularly with new content as it becomes
available.

http://support.businessobjects.com/documentation/product_guides/

Additional developer resources

http://devlibrary.businessobjects.com

Online customer support

The Business Objects Customer Support web site contains information about
Customer Support programs and services. It also has links to a wide range
of technical information including knowledgebase articles, downloads, and
support forums.

http://www.businessobjects.com/support/

Looking for the best deployment solution for your company?

Business Objects consultants can accompany you from the initial analysis
stage to the delivery of your deployment project. Expertise is available in
relational and multidimensional databases, in connectivities, database design
tools, customized embedding technology, and more.

For more information, contact your local sales office, or contact us at:

http://www.businessobjects.com/services/consulting/

Looking for training options?

From traditional classroom learning to targeted e-learning seminars, we can
offer a training package to suit your learning needs and preferred learning
style. Find more information on the Business Objects Education web site:

http://www.businessobjects.com/services/training

16 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0

Get More Help

Send us your feedback

Do you have a suggestion on how we can improve our documentation? Is
there something you particularly like or have found useful? Drop us a line,
and we will do our best to ensure that your suggestion is included in the next
release of our documentation:

mailto:documentation@businessobjects.com

Note: If your issue concerns a Business Objects product and not the

documentation, please contact our Customer Support experts. For information
about Customer Support visit: http://www.businessobjects.com/support/.

Business Objects product information

For information about the full range of Business Objects products, visit:

http://www.businessobjects.com.

A

JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0 17

A

Get More Help

18 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0

Index

A

about 6

C

classloading policy, change 13
configuring, authentication provider 12

I

installing

JAR files 10

installing (continued)

overview 8
procedure 8
system requirements 8

U

update, web.xml 9

W

web.xml, update 9

JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0 19

Index

20 JAAS SSO Enablement Extensions Deployment Guide for IBM WebSphere Server 6.0