BusinessObjects Enterprise Administrator's Guide

Enabling Trusted Authentication

Users prefer to log on to the system once, without needing to provide passwords several times during a session. Trusted Authentication provides a single sign-on solution for integrating your BusinessObjects Enterprise authentication solution with third-party authentication solutions. Applications that have established trust with the Central Management Server can use Trusted Authentication to allow users to log on without providing their passwords.

To enable Trusted Authentication, you must configure both the server and the client.

To configure the server to use Trusted Authentication

1. Log on to the Central Management Console with administrative rights.
2. Go to the Authentication management area of the CMC.
3. Click the Enterprise tab.
4. Enable Trusted Authentication.
5. Create a shared secret for your users.

Note:    The shared secret is used by the client and the CMS to create a trusted authentication password. This password is used to establish trust.

6. Enter a timeout value for your trusted authentication requests.

Note:    The timeout value determines how long the CMS waits for the IEnterpriseSession.logon() call from the client application.

To configure the client to use Trusted Authentication

1. Create a valid configuration file on the client machine.

The following conditions apply for the configuration file:

• The name of the file must be TrustedPrincipal.conf.
• The file must be located at businessobjects_root/win32_x86/plugins/auth/secEnterprise.
• The file must contain SharedSecret=secretPassword, where secretPassword is the trusted authentication password.
2. Use the session manager to create a trusted principal and log on to the CMS:

ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();

ITrustedPrincipal trustedPrincipal = sessionMgr.createTrustedPrincipal("userName", "cmsName");

IEnterpriseSession enterpriseSession = sessionMgr.logon(trustedPrincipal);