1 / 18

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006. The Key to Single Sign-On. Objectives. Upon completion of this presentation, you will: Understand how Windows NT Authentication works in Business Objects XIr2 Use Single Sign-on in Business Objects XIr2

coby-bolton
Download Presentation

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Objects XIr2Windows NT Authentication Single Sign-on 18 August 2006

  2. The Key to Single Sign-On

  3. Objectives Upon completion of this presentation, you will: • Understand how Windows NT Authentication works in Business Objects XIr2 • Use Single Sign-on in Business Objects XIr2 • Be able to use Windows NT Authentication in your Business Objects XIr2installation

  4. Prerequisites • Business Objects XIr2 • Business Objects XIr2 License Key • Administrator NT Id for Business Objects Server • Windows 2003 Server Operating System • IIS 6

  5. What is Single Sign-On? Single Sign-on<security> (SSO) Any user authentication system permitting users to access multiple data sources through a single point of entry. Part of an integrated access management framework. Authentication(Greek: αυθεντικός = real or genuine, from 'authentes' = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program.

  6. Why you should use Single Sign-On • No problems within Business Objects with disabled accounts from too many logon attempts • Authentication managed for all applications in the same tool • Users do not need to remember multiple passwords • Password change policy is set company wide and applies to all applications • When a user leaves the company, their access to all applications is removed at the same time • When a user joins the company, their access to all appropriate applications can be quickly set up • Single Sign-On security can be passed through to the database to provide complete end-to-end single sign-on

  7. Why you should NOT use Single Sign-On • If a user forgets their password or is locked out, they cannot access any applications • It is difficult to log on as another user. For most companies, this is not a problem since it is prohibited • Limited to applications and technologies that use Single Sign-On. • Single Sign-On can be difficult to set-up in some applications. • Some LDAP based applications may still require the user to logon with their ID and password • The authentication server becomes a major single point of failure • Only one Authentication type will work for Single Sign-On • Windows NT, Windows AD, LDAP • Pick one for all users

  8. How to enable Single Sign-On Multi-step process • Modify web.config file on server • Enable IIS authentication • Change Central Management Server service to logon as a user with authority to read security groups • Enable Single Sign-On in Central Management Console • Disable the Guest Account • Test Single Sign-On in InfoView

  9. Step 1 – enable Single Sign-on in web.config {Drive}:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\Web Content\Enterprise115\InfoView\Web.config XML FILE <WebDesktopSettings> section • Add or modify the following lines - Authentication types are (secEnterprise, secLDAP, secWindowsNT, secWinAD) <add key="authenticationDefault" value="secWindowsNT" /> <add key="ssoEnabled" value="true" /> <system.web> section • Add or modify the following lines <identity impersonate="true" /> <authentication mode="Windows" />

  10. Step 2 – enable IIS Windows Authentication Internet Information Services (IIS) Manager Find the Business Objects website in IIS Go to Enterprise115 – Infoview under it and view Properties Directory Security tab • Edit the Authentication and Access control • Ensure the only box checked is the Integrated Windows Authentication box • Click OK on the Authentication Method window • Click OK on the Infoview Properties window • Close the Internet Information Services (IIS) Manager

  11. Step 3 – Central Management Server Central Management Server Service – Set service to be able to access your NT Security groups or Active Directory Administrative Tools – Services Central Management Server • Select Properties • Select Log On tab • Enter an Account and Password that can access your NT Security groups or Active Directory • Restart your Business Objects server and ensure that all services start correctly

  12. Step 4 – enable Single Sign-on in CMC Central Management Console Authentication Section Windows NT tab • Check the NT Authentication is Enabled box • Check the Single Sign On is enabled box • Fill in the Default NT Domain with the domain for your network • Select Assign each added NT alias to an account with the same name • Select New aliases will be added and new users will be created • Select New users are created as named or concurrent - {whatever your license type is} • Enter your NT Groups (or Active Directory Groups) in the format [Server name]\[group name] or [NT Domain]\[group name]. Click Add • Click Update

  13. Step 5 – disable the Guest Account Central Management Console Disable the Guest account to prevent Business Objects log-on for users logged into the domain who do not have their user-id in a mapped NT or Active Directory security group Users Section Guest Account • Properties Tab • Select the Account is disabled box • Click Update

  14. Step 6 – test Single Sign-On Log into your domain • Ensure your User Id is in a mapped Active Directory or NT security group • Go to your InfoView URL • You should automatically bypass the InfoView logon screen and go directly into InfoView • If you log out of InfoView, you should see the logon screen • You should be able to log in again without entering anything in the User Name and Password fields, if Authentication is set to Windows NT, just click the Log On button. • Single Sign-On may not work in the Central Management Server or desktop tools. You can select Windows NT authentication and enter your Windows NT User Id and Password to log in.

  15. What if I don’t have IIS? If you do not use IIS • You can use Netegrity SiteMinder to provide single Sign-on for LDAP and Active Directory authentication. • You can use Authentication built into the Java version of Business Objects using Kerberos. There is a guide available on the Business Objects support website to help you with this called AD Authentication on Java App servers. • You can set the Java version of Business Objects to use LDAP or Active Directory and use a Windows IIS front end to create a login token and then redirect to the JSP version of Business Objects with the Login Token specified. • Custom Code is needed • http://{servername}:8080/businessobjects/enterprise115/desktoplaunch/InfoView/logon/logon.do?token=CRYSTAL01.NOMACO.COM@55112JklitWNk3A9wh6Fk55110J2vYnaBe1eBIrwD6

  16. Summary Having completed this presentation, you have: • Learned how Windows NT Authentication works in Business Objects XIr2 • Learned how to use Single Sign-on in Business Objects XIr2 • Learned how to use Windows NT Authentication in your Business Objects XIr2 installation • For additional Business Objects XIr2 Authentication help please refer to the Business Objects Administrators Guide.

  17. Questions? Please contact: Steve Rademacher Consultant Business Solutions 1751 W. Diehl Road Suite 160 Naperville, IL 60563 Office: (630) 305-4630 x407 Cell: (630) 247-3896 Steve.Rademacher@bus-solutions.com

  18. Thank You for Attending!! Thanks for your participation in the presentation: Business Objects XIr2 Windows NT Authentication Single Sign-on

More Related