Xcelisius Dashboards outside of Infoview with the help of CELogonToken

November 18, 2010 by: David Lai

Not all corporations want their employees to access dashboards through Infoview as some may want to access dashboards through a 3rd party website or portal such as Sharepoint. On top of that, users generally don’t want a login pop-up to appear whenever dashboard data is first refreshed.

So we’ll need some sort of hidden login mechanism that bypasses the pop-up and allows data to be refreshed on the dashboard.

Thanks to Ryan Goodman for de-mystifying the CELogonToken @ http://ryangoodman.net/blog/index.php/2008/01/21/xcelsius_single_sign_on_with_celogontoke
and thanks to William Sees for posting his code in the SDN network @ http://forums.sdn.sap.com/thread.jspa?threadID=1544768&tstart=30

In this article we will go step by step through the solution on how to retrieve a Business Objects Logon token and insert it into the CELogonToken Flash variable.

First let’s talk about the CELogonToken and what it does

What is the CELogonToken and what happens during dashboard run time?

The CELogonToken is a Flash Variable that is passed into the Xcelsius Dashboard whenever an Xcelsius Dashboard is opened up from Infoview. The token is populated with a session token that BOE creates when a person is logged into Infoview and any Xcelsius Dashboard using Query as a Web Service or Live Office connections will automatically use the CELogonToken to perform authentication. With each transaction to Business Objects, the token is passed back to Business Objects for authentication. If the CELogonToken does not exist (ie: if we opened the dashboard swf outside of Infoview), the login pop-up asking for authentication will show up when the data is trying to refresh.

How does Xcelsius consume the CELogonToken?
If you look at the <OBJECT> tag in the code below, you will see that the CELogonToken Flash Variable is populated with a Business Objects session token.  From there authentication can take place transparently when the Query as a Web Service or Live Office connection is executed from the dashboard.

<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" WIDTH="100%" HEIGHT="100%" VIEWASTEXT>
<PARAM VALUE="../../../../opendoc/documentDownload?iDocID=10000&sKind=Flash">
<PARAM VALUE=high>
<PARAM VALUE=#FFFFFF>
<PARAM VALUE="CELogonToken=servername.domain%4066270JJ45M1Ox2XibIf2B66268JUPcDiNQd2vGZEBe&CEWebServiceURL=http%3A%2F%2Fservername %3Aportnumber%2Fdswsbobje%2Fservices%2Fsession">
<EMBED src="../../../../opendoc/documentDownload?iDocID=10000&sKind=Flash" flashVars="CELogonToken=servername.domain%4066270JJ45M1Ox2XibIf2B66268JUPcDiNQd2vGZEBe&CEWebServiceURL=http%3A%2F%2Fservername%3Aportnumber8443%2Fdswsbobje%2Fservices%2Fsession" quality=high bgcolor=#FFFFFF WIDTH="100%" HEIGHT="100%" ALIGN="" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer">
</EMBED>
</OBJECT>

Instructions

Now that we have a better understanding of what the CELogonToken does, lets go through the steps on getting the transparent authentication to work.

Step 1:

Make sure your dashboard is complete with a QAAWS or Live Office Connection.

Step 2:

Create a jsp (dashboardTest.jsp) that your tomcat webapp server can access and store that in a directory.  For testing purposes just create the following directory <BO Installation>\Tomcat55\webapps\InfoViewApp\DashboardTest

This will ensure that the jsp can access all the required packages.  You can customize which directory you want to put the jsp but you will need to make sure the BOE sdks are accessible.

Step 3:

Again for testing purposes, export the swf file as Test.swf in <BO Installation>\Tomcat55\webapps\InfoViewApp\DashboardTest

Step 4:

Insert the code snippet at the end of the article into the dashboardTest.jsp file.  Note that everything I have highlighted in blue you will need to change according to your specific settings.

Step 5:

Open up the URL in your browser http://server:port/InfoViewApp/DashboardTest/dashboardTest.jsp and verify that the data connection refreshes without the login pop-up coming up.

Explanation of jsp Code

The first part of the code imports the required libraries from the Business Objects SDK to retrieve the logon token.

<%@ page import="com.crystaldecisions.sdk.exception.SDKException,
com.crystaldecisions.sdk.framework.*,
com.crystaldecisions.sdk.occa.infostore.*,
com.crystaldecisions.sdk.occa.security.*,
java.net.*,
com.crystaldecisions.Enterprise.*,
com.crystaldecisions.sdk.plugin.admin.*,
com.businessobjects.webutil.Encoder"
%>
<%@ page import="java.sql.*"%>

The second part of the code sets the server, username and password. We can use a hard coded username/password if for example we want one universal Dashboard user that has view access to a set of dashboards which would make maintenance easier. If you are interested in single sign on you will have to write some extra code to grab the appropriate username and password. Finally you can create a method that returns the username/password in an external class if you don’t want to hardcode the username/password. The code bolded in the try block retrieves the Business Objects logon token.

//-------------------------------------------------------------------Create BO Session and redirect to Infoview
IEnterpriseSession enterpriseSession;
/* * Set Enterprise Logon credentials. */
final String BO_CMS_NAME = "server";
final String BO_AUTH_TYPE = "secEnterprise";
final String BO_USERNAME = "username";
final String BO_PASSWORD = "password";

ILogonTokenMgr logonTokenMgr;
String defaultToken = "";
final String INFOVIEW_URL = "http://server:port/InfoViewApp/logon/start.do";
/*
* Log onto Enterprise
*/
boolean loggedIn = true;
try {
enterpriseSession = CrystalEnterprise.getSessionMgr().logon(BO_USERNAME,BO_PASSWORD, BO_CMS_NAME,
BO_AUTH_TYPE);

logonTokenMgr = enterpriseSession.getLogonTokenMgr();
defaultToken = logonTokenMgr.createWCAToken("", 20, 1);
}

The third part of the code does a check to see if the token generated above was valid and generates the appropriate output which will call the dashboard with the appropriate CELogonToken variable.

//-------------------------------------------------------------------If login successful
if(loggedIn) {
String Flashvars="&CELogonToken=" + Encoder.encodeURL(defaultToken);
Flashvars += "&CEWebServiceURL=" + Encoder.encodeURL("http://server:port/dswsbobje/services/session");
String output = "";
output = output + "<OBJECT classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 codebase='http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0' id='myMovieName' style='width: 355px; height: 237px'> \r\r";
output = output + "<PARAM VALUE='Test.swf'> \r\r"; //( \r = carriage return to make output more legible )
output = output + "<PARAM VALUE=high> \r\r";
output = output + "<PARAM value=\"" + Flashvars + "\">\r\r";
output = output + "<EMBED src='Test.swf' flashvars=\" " + Flashvars + "\" quality=high bgcolor=#FFFFFF WIDTH='1000' HEIGHT='600' NAME='myMovieName' ALIGN=\"\" TYPE='application/x-shockwave-flash' PLUGINSPAGE='http://www.macromedia.com/go/getflashplayer'></EMBED></OBJECT>\r\r";
out.println(output);
}
//-------------------------------------------------------------------If login failed
else {
out.println("Login to Business Objects Failed.");
}

Full JSP Code (Sections highlighted need to be changed)

<%@ page import="com.crystaldecisions.sdk.exception.SDKException,
com.crystaldecisions.sdk.framework.*,
com.crystaldecisions.sdk.occa.infostore.*,
com.crystaldecisions.sdk.occa.security.*,
java.net.*,
com.crystaldecisions.Enterprise.*,
com.crystaldecisions.sdk.plugin.admin.*,
com.businessobjects.webutil.Encoder"
%>
<%@ page import="java.sql.*"%>
<%
//-------------------------------------------------------------------Create BO Session and redirect to Infoview
IEnterpriseSession enterpriseSession;
/* * Set Enterprise Logon credentials. */
final String BO_CMS_NAME = "server";
final String BO_AUTH_TYPE = "secEnterprise";
final String BO_USERNAME = "username";
final String BO_PASSWORD = "password";
ILogonTokenMgr logonTokenMgr;
String defaultToken = "";
final String INFOVIEW_URL = "http://server:port/InfoViewApp/logon/start.do";
/*
* Log onto Enterprise
*/
boolean loggedIn = true;
try {
enterpriseSession = CrystalEnterprise.getSessionMgr().logon(BO_USERNAME,BO_PASSWORD, BO_CMS_NAME,
BO_AUTH_TYPE);
logonTokenMgr = enterpriseSession.getLogonTokenMgr();
defaultToken = logonTokenMgr.createWCAToken("", 20, 1);
}
catch (Exception error)
{
loggedIn = false;
}
//-------------------------------------------------------------------If login successful
if(loggedIn) {
String Flashvars="&CELogonToken=" + Encoder.encodeURL(defaultToken);
Flashvars += "&CEWebServiceURL=" + Encoder.encodeURL("http://server:port/dswsbobje/services/session");
String output = "";
output = output + "<OBJECT classid='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 codebase='http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0' id='myMovieName' style='width: 355px; height: 237px'> \r\r";
output = output + "<PARAM VALUE='Test.swf'> \r\r"; //( \r = carriage return to make output more legible )
output = output + "<PARAM VALUE=high> \r\r";
output = output + "<PARAM value=\"" + Flashvars + "\">\r\r";
output = output + "<EMBED src='Test.swf' flashvars=\" " + Flashvars + "\" quality=high bgcolor=#FFFFFF WIDTH='1000' HEIGHT='600' NAME='myMovieName' ALIGN=\"\" TYPE='application/x-shockwave-flash' PLUGINSPAGE='http://www.macromedia.com/go/getflashplayer'></EMBED></OBJECT>\r\r";
out.println(output);
}
//-------------------------------------------------------------------If login failed
else {
out.println("Login to Business Objects Failed.");
}
%>

Comments

29 Responses to “Xcelisius Dashboards outside of Infoview with the help of CELogonToken”
  1. Chris says:

    David,
    Thanks this solution is extremely helpful.
    I had one question concerning security.
    Is there security risk in having the password in the JSP
    I tested and it is not including the password in the rendered HTML, but I wanted to make sure it is exposed in other ways?

    • David Lai says:

      Hi Chris,
      The JSP is server side code so the login/password gets processed before it renders the html.
      If you do not want developers having knowledge of the system login/password, you can always create a servlet wrapper or web service logs in and retreives the token for you.

  2. Nikhil says:

    Hi David,

    Your article says

    ” Finally you can create a method that returns the username/password in an external class if you don’t want to hardcode the username/password. ”

    Can you give code for the class to get userid/password dynamically and how to use it in the jsp to open other documents?

    Thanks

    • David Lai says:

      Sorry I don’t have code for that but it’s really easy to do. Just create a wrapper class that calls a method that grabs the userid/password dynamically, then you can call it from your jsp.

  3. Velington says:

    Hi David,
    I have used SAP NW connectivity with Xcelsius and the final requirement is to display the Dashboard through BOE Custom Portal. Is there an easier way of stopping the login name from coming up when the Dashboard loads through Infoview Portal?

    Regards,
    Velington

  4. Lucky says:

    Hi David,

    First of all thanks a lot for the code 🙂 It works like a charm!
    But we are facing a small issue with the Session timeout i.e. whenever you access the JSP code through a web browser it makes a session in BOBJ which can be seen in CMC > Sessions.

    The issue is that the session times out in <20 min 🙁
    We have increased the timeout limit to all possible web.xml files in Tomcat folder but still it is timing out.

    Any help would be really appreciated!

    -Lucky

    • David Lai says:

      Hi Lucky,
      I haven’t had any strict requirements yet for session timeouts, so most of my clients just bite the bullet on that.

      Hmm perhaps you can try setting the timeout setting when you initially build your session in the jsp?

      I’ll definitely take a look at the timeout stuff though once I get more time and get back to you on a more concrete answer 🙂

      Regards
      David

  5. Lucky says:

    David,

    Thanks indeed for the reply 🙂

    Well, with some more research we were able to find out the session timeout issue which was due to the CMS timeout which is 10min by default.
    After changing the CMS timeout in Windows Registry on the server the session sustains for specified time period which is 4 hours in our case 🙂

    But now there is a another issue 🙁 The session does not time out but when we try to refresh the Xcelsius Dashboard after 1 hour it comes up with a pop “soapenv:Server.generalException: Not a valid logon token. (FWB 00003)” which probably says something about the Token Validity time out

    I am still working to rectify the Token timeout issue. Please do let us know if you find something interesting for us 🙂

    Cheers,
    Lucky

  6. eyanina says:

    Hi David, I was trying to use your code on BI 4.0 platform but it throws errors for example in line 6 where it calls com.crystaldecisions.Enterprise.*, and line 13 (IEnterpriseSession enterpriseSession)

    What should be changed in the code to make it work in BusinessObjects 4.0?

  7. Paul says:

    Hi David

    Thanks for providing your solution. I am struggling to find where in BI 4.0 I should place the DashboarTest folder. Please assist with BI 4.0 path. Thanks.

  8. Paul says:

    Hi David

    I posted a question on 7 Sptember regarding the placement of the DashboardTest folder in BI 4.0. I am still struggling with this and would also like to ask if the code that you provided can be used exactly as is for BI 4.0 or are there changes needed? You assistance would be greatly appreciated.

    • David Lai says:

      Hi Paul,
      Sorry for the delay.
      Unfortunately you’ll need to put the dashboard files in a directory outside of BI4. This is due to the fact that SAP has totally locked down their code and directories in BI4.
      IE: You can’t change any of the login files, add any extra jsps, etc.

      The only one that you can change is custom.jsp

      Anyhow creating a dashboardtest folder outside of BI4 shouldn’t be too difficult. Keep in mind that you can still access the BOBJ SDK even outside BI4. At the end of the day the most important part is opening the session and then inserting it into the CELOGONTOKEN.

      Hope that helps
      David

  9. Silbene says:

    Hello,

    I’m Brazilian, sorry by my English.

    I made your example, but gave two errors about library “Business Objects SDK”:

    “An error occurred at line: 14 in the generated java file
    Only a type can be imported. com.crystaldecisions.exception.SDKException resolves to a package

    An error occurred at line: 21 in the generated java file
    Only a type can be imported. com.businessobjects.webutil.Encoder resolves to a package.”

    What are the files (*.jar) these classes?

    Regards,

    Silbene Silva.

    • David Lai says:

      Hi Silbene,
      Try importing the classes as follows

      < %@ page import="com.crystaldecisions.sdk.exception.SDKException" %>
      < %@ page import="com.crystaldecisions.sdk.framework.*" %>
      < %@ page import="com.crystaldecisions.sdk.occa.infostore.*" %>
      < %@ page import="com.crystaldecisions.sdk.occa.security.*"%>
      < %@ page import="java.net.*"%>
      < %@ page import="com.crystaldecisions.enterprise.*"%>
      < %@ page import="com.crystaldecisions.sdk.plugin.admin.*"%>
      < %@ page import="java.sql.*"%>
      < %@ page import="com.businessobjects.webutil.Encoder" %>

      Hope that helps

      Thanks
      David

  10. Rafael says:

    Hello David and everyone!!!
    Please I need your help, I try follow the code but I have error when I call the jsp.
    The error is (spanish):

    Ha tenido lugar un error en la línea: 36 en el archivo jsp: /Pesca.jsp
    Encoder cannot be resolved
    33: }
    34: //——————If login successful
    35: if(loggedIn) {
    36: String Flashvars=”&CELogonToken=” + Encoder.encodeURL(defaultToken);
    37: Flashvars += “&CEWebServiceURL=” + Encoder.encodeURL (“http://192.68.0.157:8080/dswsbobje/services/session”);
    38: String output = “”;
    39: output = output + ” \r\r”;

    Ha tenido lugar un error en la línea: 37 en el archivo jsp: /Pesca.jsp
    Encoder cannot be resolved
    34: //——————If login successful
    35: if(loggedIn) {
    36: String Flashvars=”&CELogonToken=” + Encoder.encodeURL(defaultToken);
    37: Flashvars += “&CEWebServiceURL=” + Encoder.encodeURL (“http://192.68.0.157:8080/dswsbobje/services/session”);
    38: String output = “”;
    39: output = output + ” \r\r”;
    40: output = output + ” \r\r”; //( \r = carriage return to make output more legible )

    Stacktrace:
    org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:92)
    org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330)
    org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:439)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:334)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:312)
    org.apache.jasper.compiler.Compiler.compile(Compiler.java:299)
    org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:589)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:317)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

    I have BO 4, the jsp and swf is in the folder: \\…\SAP BusinessObjects\Tomcat6\webapps\ROOT

    Any Idea? Thanks

    • David Lai says:

      Make sure you’re import tag is correct. If you look at one of my previous replies, you will see a version of the import tag that you can use.

      Thanks
      David

  11. Alain says:

    Hi.

    We use the celogontoken to open a dashboard from another dashboard without the need of a new identifaication. That works great but now … with the new SP5 and the portability for Mobile and HTML5, this method doesn’t work anymore.
    We have the same problem when passing variables from a dashboard to another with flash variables …

    What’s the best practice to do those kinf of operation ?

    Alain.

  12. Bradley says:

    Hi David!

    thanks for the great post.

    i have been struggling to find info about how to pass the BO user details to a text box in Excelsius (Dashboard Designer).

    ultimately i would like the User, example User A once logged in to have “Welcome User A” in a label display.

    This label in turn is used by a webservice to take with the username when writing back comments to the DB, (which is working succesfully).

    Is there anyway to do this? i have tried using Serializedsession and BOuser, all not no avail.
    now i turn to the experts.

    Best,
    Bradley

  13. Ram says:

    Hi David,

    Where can i place the CELogonToken JSP code in BI 4.0. I’m unable to see the path mentioned above. Does it needs to a specific folder ?

    Any help is really appreciated.

    Thanks
    Ram

    • David Lai says:

      Hi Ram,
      That path was just an example while using the same BO tomcat server.

      You can put that jsp code anywhere you want. The important thing is being able to call the BO-SDK with your jsp code.

      Hope that helps.
      David

  14. Dan says:

    Is there anyway to pass a variable (parameter value) to the flash variable with this solution?

    • David Lai says:

      You can read about flash variables here
      [http://ryangoodman.net/blog/index.php/2007/09/26/flash_variables_in_xcelsius]

  15. Danny says:

    Hi David,

    is there any chance you can update this for BO4 ? I appear to be far too inept too get it to work via coversion of the above script, i’m wondering if there are any additional sneaky gotchas with the new version.

  16. Saurabh says:

    David,

    I tried above .jsp file. Placed it in “D:\Program Files (x86)\SAP BusinessObjects\Tomcat6\webapps\BOE” folder.

    Now,i am not able to access it now.

    Can you please tell me how can i access this jsp file.

    Launchpad Link– http://Server:8080/BOE/BI

    Thanks,
    Saurabh

  17. Pari says:

    Hi,

    I have the same problem as Saurabh. Any ideas?

    Thanks

    Pari

  18. Zuko says:

    Hi,

    How do you disable the login authentication screen on Dashboard Bo4.1,like when I take a snapshot of swf or pdf when I open that pdf I don’t want to see that BO login asking me for BO credentials

Leave a Reply


+ 4 = eight