How to bypass the Central Management Console (CMC) logon screen

November 4, 2012 by: David Lai

I’ve seen many posts in forums asking how to bypass the CMC (Central Management Console) logon screen ie: (how to logon infoview bypass the logon screen) , and unfortunately there has not been one solution posted.   Recently with the help of Jeremy Ma from SAP Support, I’ve discovered the solution for BI4 that I would like to share.

There are several situations on when you may want to bypass the CMC logon screen.  For example, if you are already using trusted authentication for BI Launchpad, you may also want to use that for the CMC.  In addition, if you want to create a link to CMC from BI Launchpad and not have to log in again, you may want to use the CMC bypass method.

As many of you know, it is quite easy to bypass the logon screen for BI Launchpad.  All you need to do is create an enterprise logon token, and append it to the Infoview URL via the ivsLogonToken parameter.  Instructions for this can be found on my next post.

Unfortunately, the same method can not be done for CMC.  But wait a second, if you log into CMC and take a look at your cookies, you will see a cookie called CMCPLATFORMSVC_COOKIE_TOKEN.  Basically the cookie is our key on getting in 🙂

Cookie for CMC Token

I’ve outlined step by step instructions below on how to bypass the CMC login screen.

Step 1:

Copy the CmcApp.properties file from the ../config/default directory to the ../config/custom directory as shown in the screenshot

Copy CMC Properties file

Step 2:

Edit the CmcApp.properties file in the custom directory.  Set logontoken.enabled=true

Edit cmc.properties file

Step 3:

Choose a custom.jsp file to modify in SAP BusinessObjects/Tomcat6/webapps/

In SAP Business Objects BI4 we are locked down majorly.  It may be a good thing or bad thing depending on certain situations, but there are only 2 jsp files that you can insert customized java code in.

If you do a simple search in the SAP BusinessObjects/Tomcat6/webapps/ directory, you can find custom.jsp in the InfoView or OpenDocument directory.
(Note to SAP: If you are rebranding your tools, you should rebrand your directories too!)

custom jsps available to edit

Unfortunately the CMC directory does not contain a custom.jsp, so we will have to modify either the InfoView or OpenDocument custom.jsp.  (It’s kind of a hack but we don’t have much of a choice here).  If all of the custom.jsp files are in use already, you can simply send in a parameter depending on where you call the custom.jsp from that flags it as belonging to CMC or InfoView for example.  Then in the code you can code the logic depending on whether it logs into CMC or InfoView.

Step 4:

Download the attached custom.jsp code file and modify the areas that pertain to your environment

custom.jsp

Step 5:

Stop Tomcat and delete all contents in the SAP BusinessObjects/Tomcat6/work directory.  It’s like doing a clean build

Delete work directory

Step 6:

Restart Tomcat so that the contents in the work directory will be regenerated

Step 7:

Test to see that you are able to bypass the CMC logon page by going to the appropriate custom.jsp

 

For those who are curious on how I coded the custom.jsp, please read below on an explanation on how each snippet of code works.

*Import appropriate classes from the SDK

<%@ page import=”com.crystaldecisions.sdk.exception.SDKException” %>
<%@ page import=”com.crystaldecisions.sdk.framework.*” %>
<%@ page import=”com.crystaldecisions.sdk.occa.infostore.*” %>
<%@ page import=”com.crystaldecisions.sdk.occa.security.*”%>
<%@ page import=”java.net.*”%>
<%@ page import=”com.crystaldecisions.enterprise.*”%>
<%@ page import=”com.crystaldecisions.sdk.plugin.admin.*”%>
<%@ page import=”java.sql.*”%>
<%@ page import=”com.businessobjects.webutil.Encoder” %>

<%@ page language=”java” contentType=”text/html; charset=ISO-8859-1″
pageEncoding=”ISO-8859-1″%>

*Create appropriate session variables and generate a BOBJ Enterprise Token

<%
//BO Session and redirect to Infoview
IEnterpriseSession enterpriseSession;

/* * Set Enterprise Logon credentials. */
final String BO_CMS_NAME = “bi4fp3”;
final String BO_AUTH_TYPE = “secEnterprise”;
final String BO_USERNAME = “testuser”;
final String BO_PASSWORD = “”;
ILogonTokenMgr logonTokenMgr;
String defaultToken = “”;

/*
* Log onto Enterprise
*/
boolean loggedIn = true;
try {
//Create session token
enterpriseSession = CrystalEnterprise.getSessionMgr().logon(BO_USERNAME,BO_PASSWORD, BO_CMS_NAME,BO_AUTH_TYPE);
logonTokenMgr = enterpriseSession.getLogonTokenMgr();
defaultToken = logonTokenMgr.createWCAToken(“”, 20, 1);

*Inject the token created into the CMC Token cookie and then redirect to the CMC page

//Inject the token into the CMC Token cookie and then enter the CMC page
Cookie ckCMC = new Cookie(“CMCPLATFORMSVC_COOKIE_TOKEN”, defaultToken);
ckCMC.setPath(“/”);

response.addCookie(ckCMC);
response.sendRedirect(“/BOE/CMC”);

}
catch (Exception error)
{
loggedIn = false;
out.println(error);
}
%>

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01 Transitional//EN” “http://www.w3.org/TR/html4/loose.dtd”>
<html>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=ISO-8859-1″>
<title>Insert title here</title>
</head>
<body>

</body>
</html>

I hope that you find this useful as I was pretty excited when finding out that it was possible to bypass the CMC logon page 🙂

Again, here’s the custom.jsp download link for your reference
custom.jsp

Comments

8 Responses to “How to bypass the Central Management Console (CMC) logon screen”
  1. larry says:

    hi david,

    It is really a good blog. I have a question. whether i need to replace the custom.jsp with your file or I need to insert your code into the older custom.jsp?

  2. Raphael says:

    Hi David

    Thanks for your blog post. We have a slightly different setup. We use AD SSO and need to login into CMC “somehow” using AD. Do you have a code snippet ready of how we could use the existing AD-SSO mechanism of BI Launchpad and based on this create the cookie and redirect to CMC?

    Best regards
    Raphael

  3. BYarnell says:

    We currently use the custom.jsp inside the webpath.InfoView/web directory to bypass the BI launchpad logon page. Is adding your code to that custom.jsp all that is required or do we have to place another custom.jsp in some other directory (such as webpath.CmcApp/web)? Currently when we logon to CMC it does not seem to hitting the custom.jsp files.
    Thanks,
    Bill

  4. Arun Chanda says:

    This is interesting topic, but i am confused. After downloading the custom.jsp file and editing it as per our needs. Where should you place the modified file. Replace the exisiting custom.jsp file in webpath.infoview folder or do wee need to place it another location. Please clarify. Appreciate your help.

  5. Виктор says:

    You install the Central Console by importing the DPM management pack on the Operations Manager server, and then installing Central Console.

Leave a Reply


+ three = 6