How to bypass the BI Launchpad logon screen

November 9, 2012 by: David Lai

For those of you who need a quick reference on how to bypass the BI Launchpad logon screen, here it is.

There are many reasons why you may want to bypass the BI Launchpad logon screen.

For example, you may want to use trusted authentication, single sign on, or have users go through a special system account.

In this article we will go through a step by step on how to bypass the BI Launchpad logon screen by manually creating token and by trusted authentication.

Manual (Easy way)

This method is useful if we have a special system account that we want everyone to use.

You will notice that all we do is generate a logon token using the appropriate username, password and CMS variables.  Then we append the token onto ivsLogonToken.

Note: The numbers on the url after /BOE/portal represents the timestamp of the last patch or install.  You can put whatever you want under the number section and Business Objects will automatically redirect to the appropriate start.do

Step 1

Go to the SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF\eclipse\plugins\webpath.InfoView directory and edit custom.jsp

Step 2

You can download and copy the contents from the custom.jsp that I’ve provided below to your custom.jsp.

Download here

Then replace name, password, and CMS with the appropriate values

Step 3

Stop tomcat, then delete contents in the SAP BusinessObjects\Tomcat6\work directory.

Then start tomcat again and the work directory will be regenerated with new code.

Trusted Authentication

Trusted Authentication is a component of Enterprise authentication that integrates with third-party single sign-on solutions, including Java Authentication and Authorization Service (JAAS). Applications
that have established trust with the Central Management Server can use Trusted Authentication to allow users to log on without providing their passwords.

This method is really cool because users don’t even have to know their passwords.  Basically with this method you can log into another system and if that system has the appropriate user name, you can pass it to the custom.jsp and then it will log you into BI Launchpad.

In addition, you don’t need to create any java code for the enterprise token setup.

Step 1

In the CMC, go to Authentication, then select Enterprise.  Check Trusted Authentication is enabled, then click on New Shared Secret.  Finally download the shared secret key and keep it somewhere secure.

CMC Trusted Authentication

Step 2

Copy global.properties from <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\BOE\WEB-INF\config\default into <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\BOE\WEB-INF\config\custom.  Then using Notepad or another text editing utility, edit the following properties

sso.enabled=true

trusted.auth.user.retrieval=WEB_SESSION

trusted.auth.user.param=UserName

trusted.auth.shared.secret=MySecret

Note:
UserName is the key variable name that will hold the user in the custom.jsp file found in step 3.
MySecrect is the key variable name that will hold the shared secret text in the custom.jsp file found in step 3.

Step 3

Go to the SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF\eclipse\plugins\webpath.InfoView directory and edit custom.jsp

Step 4

You can download and copy the contents from the custom.jsp that I’ve provided below to your custom.jsp.

Download here

Edit the username variable

Step 5

Stop tomcat, then delete contents in the SAP BusinessObjects\Tomcat6\work directory.

Then start tomcat again and the work directory will be regenerated with new code.

Comments

56 Responses to “How to bypass the BI Launchpad logon screen”
  1. ahmed says:

    i did the same, the second method,
    and then put username = UserName
    and Password = testuser
    but still it says Account Information Not Recognized: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
    Enter your user information and click Log On.
    (If you are unsure of your account information, contact your system administrator.)

    please help me…i’m waiting for your reply

    • David Lai says:

      Hi Ahmed,
      Please make sure your username and password are the correct case.
      Also make sure your authentication is set as enterprise.

      If all those are correct you shouldn’t have any problems.

      Thanks
      David

  2. Cesar says:

    Hello David,

    I don’t want modify the login.jsp. I have create a new jsp than login4.jsp.

    When the user logon in my aplication, My application allocates the corresponding BO user with a password, and calls the login4.jsp.

    This does not work, an error HTTP Status 403 – Error token trusted

    The code in my jsp is the next:

    • David Lai says:

      Hi Cesar,
      You need to modify the custom.jsp then.

      Just do a search on your folders.
      There’s 2 locations where the custom.jsp files are located.

      Hope that helps.
      David

  3. Nizar says:

    Hi David,

    Appriciate your work. very informative article.

    Have one doubt. In the custom jsp code which you provided in second method do we need to change the “MySecret” Attribute value to shared secret key which we generated from our server??

    • David Lai says:

      Hi Nizar,
      You can do that or you can change the line on the properties section to
      trusted.auth.shared.secret=MySecret

      I apologize for the confusion there.
      Thanks for the catch

      David

  4. larry says:

    hi david,

    Very informative article.
    I have a question. I was designing dashboard(sp5 patch9) using query browser and output it to a swf file. But when refreshing the swf’s query connection, there is a signin popup to let me entering the user and the password of bo. Is there any way to bypass it?

  5. THinh says:

    Hi David,
    In reference of this article, is this solution applicable to CMS running on Unix?

    Thanks.

  6. Thinh says:

    Hi David,

    I found this SAP KB below which discussed how to setup SSO when BOE is on Unix. It said the deployment could be complex because AD plugin is not available on Unix/linux platform. In order for it to work, we need 3 types of supported SSO technology from trusted authentication, LDAP to AD, and kerberos SSO

    1636349 – Best Practice: How To setup Active Directory Single Sign On when BOE CMS is on Unix or Linux for BI4

    I was wondering how this SSO approach is different from yours. How do we pass a Windows AD user to BO/Unix for authentication?

  7. BO4.1 says:

    Hello David,

    Nice article and good trick.

    Is this article referrers to BO3.1 or BO 4.1?
    How is it different from SSO ?
    and User id and password used in Step 2 are of named license type or concurrent license?

    Regards,
    Anendu Bothra

  8. Nivedita says:

    Hi David,

    which username and password we have to write in “Username” and “Password” ?

    Thanks,
    Nivedita

  9. Pål says:

    Hi
    I have tried to set up trusted aut on a customer web site and have some questions.
    the BO version is “SAP BusinessObjects BI Platform 4.1 Support Pack 1
    Version: 14.1.1.1036”

    1. What will the link be for the BO users?
    http://:8080/BOE/BI ??????
    2. When i replace the work dir as described in step 5, the BO logon page will not restart.

    Thanks

    Pål

  10. Pål says:

    Hi
    I tried the trusted authentication as described above, but without success. Must the war files be redeployed?
    My system is BO 4.1 SP1

    Thanx

    Pål

  11. Lluís Rull says:

    Hi David,

    Thanks in advance for your answer, did you try this autentication with BO 4.1?

    There’s a new folder named web at the end of the path you point:

    SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF\eclipse\plugins\webpath.InfoView\web\

    where we could find the custom.jsp file.

    Should we consider it when editing custom.jsp

    Thanks again,

    llrull

  12. Keith says:

    Hi,

    Just installed Crystal Reports and Crystal Server to test creating scheduled reports.

    The user guide directs me to the Crystal Server’s BI launch pad, which requests a username and password.

    Any idea how I can log in to setup and test the scheduling report functionality?

    cheers,

    Keith

  13. Rauno says:

    Tried the first aproach on Crystal Server 2013 SP5 and it does not work. Or at least I can’t get it to work. Edited the custom.jsp file just like you said. However when opening a Crystal Report in BOE/BI then it asks login credentials.

    Am I correct that if steps were followed correctly then I should be able to view reports on /BOE/BI without logging in manually?

  14. Sunny says:

    Hi David, I followed the steps 1 to 3 (Easy way). when I go to link BOE/BI then it asks login credentials.

    My link is: http://servername:8080/BOE/BI/custom.jsp .

    How could I see reports page directly. I need to call this link from our CMS application.

    Thank you.

  15. kumar says:

    David Sir,

    I have completed Step 2. Now i want to call the Xcelcius Dashboards and Webi, Crystal Reports from a Web Page which have a hyper link. The Hyper link will be an Open Document Link to these Dashboards, Reports…….. Now how do i integrate Step 2 with my open Document links present inside a Web Page. Can you Please help…I am quite close.

    • David Lai says:

      Hi Kumar,
      Instead of the custom.jsp that belongs to BI Launchpad, you need to edit the jsp that belongs to openDocument

      Hope that helps and please let me know if you get it to work!

      Regards
      David

      • kumar says:

        Hi David,

        Thank you for the response. So should i copy the custom.jsp file contents you provided in the Open Document.jsp file. Do you have any idea where is the open document.jsp file located? Am i allowed to edit the open document.jsp file?

  16. Chris says:

    Hi David,

    I’m trying to show a javascript alert (or window.confrim) dialog before the user is shown Launch Pad. I can’t seem to find the point where I should put my javascript. We are setup to use SSO, so the user never actually sees logon.jsp. Do you know where I could drop some javascript so that the user sees it before they are granted access via SSO to Launch Pad? Any help would be most appreciated.

    • David Lai says:

      Hi Chris,
      You’ll need to edit custom.jsp found in the “SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF\eclipse\plugins\webpath.InfoView” directory and edit custom.jsp

  17. kumar says:

    I tried using the first option. As per the custom.jsp file:

    response.sendRedirect(“http://”+BO_CMS_NAME+”:8080/BOE/portal/1205291547/InfoView/logon/start.do?ivsLogonToken=”+Encoder.encodeURL(defaultToken))

    What should i mention in custom.jsp file for the statement above?

    Should the end users be given a link like
    http://servername:8080/BOE/BI/custom.jsp

    Any help will be appreciated?

  18. Hena says:

    hi,

    For the trusted authentication option, the user name is hard coded? WHere is it coming from? We do not want to let anyone in,,Can we do this using query string? If yes, what changes are needed in this…

  19. Hena says:

    HI,

    How is User’s id being passed to UserName variable? In customlogon.jsp where is test user coming from?

    Regards,
    hena

  20. Madhava says:

    Hi,

    I fallowed trusted authentication approach. But when I load http://severname:port/BOE/BI/custom jsp file in Iframe in another application, it is not redirecting to home page, it still stays on custom.jsp file. After that i tried browsing on IE, i see same result. SSO is not happening. Could you please help?

  21. Ramkumar says:

    Hi David,

    I use SMUSER and send it via HTTP_HEADER also set the SharedSecret via the websession attribute on the Custom.jsp page..

    i get this message ” There was an error reading the shared secret from the trusted principal configuration file. (FWM 02045) ”

    Now how do i make sure, the custom.jsp page is called, when this url http://server:8080/BOE/BI is called?

    Regards,
    RamG

  22. Somesh says:

    Hi David,

    I have recently installed BI 4.1 SP4 and setup Windows AD authentication.
    Now I need to do SSO from an external website to BI Launchpad and bypass the logon screen.

    I appreciate your help on this.

    Thank you.

    Somesh

  23. Sher says:

    Hello David,

    I am following your Trusted Authentication process. When I browse to BOE/BI/custom.jsp from the browser, I am getting the below error:

    org.apache.jasper.JasperException: java.lang.NullPointerException: while trying to invoke the method javax.faces.context.FacesContext.getExternalContext() of a null object returned from javax.faces.context.FacesContext.getCurrentInstance()

    Looks like I am missing something here but not sure what. Can you please provide some insight into this?

    Appreciate your help.

  24. Bala says:

    Hi I’m trying to find out if there is a way to by pass BOE/BI URL when users login to the BOBJ 4.1

    the requirement if user has saved the url as host name/BOE/BI I want them to be redirected to my custom URL.

    I tried this @ the ROOT level tomcat server. but I could only redirect the user landing @ the host name. If the user has a favorite added with BOE/ BI then they go to the BOBJ page not to my custom page.

    Thanks for your help in advance.
    Bala

  25. Narayan says:

    Hi David,

    thanks for the wonderful tutorial about the custom BI launchpad, my project users go through a special system account and we have requirement for 3 or 4 custom URLS .

    can we have multiple custom BI launch pads? if so can you please guide me how to achieve that.

    Thanks in Advance
    Narayan

    • David Lai says:

      Hi Narayan,
      Yes you can have that, however that will make things much more complex as you are managing items that are outside of the box.
      Please keep in mind that this will also become a pain whenever you are doing upgrades, as all your custom code gets wiped out unless you copy your code over

  26. Jay says:

    Do you know if this would work for Information Steward 4.2 SP5 P1 and IPS 4.1 SP6 P0 running on Linux?

    Perhaps there is a custom.jsp or login.jsp specific to Information Steward that must be modified in order to bypass the Logon screen when going to the Information Steward UI or a generated URL for a Data insight score card.

    If anyone has done this successfully, would be great to know how you did it.

    • David Lai says:

      Hi Jay,
      Not sure if you access information steward through jsps, but if you do, you should be able to create a wrapper that creates a session token so that you don’t need to manually log in.

  27. Rupa says:

    Hi David,

    Does this work for LDAP authentication also? or Is there a way to pass the user ID/PWD via OpenDoc link?

    Thanks, Rupa

  28. Priya says:

    Hi David,

    I am new to customization. I am having Logon.jsp for BI 3.1. I need to write a custom.jsp for BI 4.1.
    I don’t have any idea of how to proceed with the same. I have to bypass the logon screen also.

    Could you please help me with the code for BI 4.1.

    Regards,
    Priya.

  29. Ankur says:

    Hi David,

    We are trying to exactly do what you have described in this article. A great article by the way.

    My environment is Linux with Crystal server 2016 and trying to embed into a PHP application. We are stuck on this project, will you be willing to help us?

  30. foampage says:

    Thank you for helping, will definitely use some of this for
    my future project:D

  31. Allen Le says:

    Hi David thank for the very informative article. I am very new to BO BI. I am trying to setup SSO by using HTTP_HEADER and UID to accept headers from a 3rd party CAC authentication. Could you please point me to the right direction on how to implement this? I am hoping I can use one of your two steps. Thank you in advance! Please feel free to email me with any questions.

  32. Daniela says:

    Hello David,

    I’m using the 4.3 and the folder SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF\eclipse\plugins\webpath.InfoView don’t exist anymore.

    Please let me know when you will have a solution.

    Thank you veryy much.
    Daniela

    • David Lai says:

      Hi Daniela,
      I will be writing an update article for BI 4.3 shortly.

      Thanks
      David

      • Jerry O'Brien says:

        Hi David,

        Do you have anything you could share about a 4.3 solution yet? We’re hoping to upgrade to 4.3 & Fiori soon, and we have a dependent application using ivsLogonToken that will break, so we need to move to Trusted Auth.

        Also, we need to pass the user name in from the dependent application, so I assume we could pull that from the URL or a header in custom.jsp. Do you have an example of that?

        Thanks,
        Jerry

  33. Boris Knizhnik says:

    Hi, David,
    I am a bit confused about authentication. I need a Single SignOn approach: Users have their accounts set up as single signon, so when they work with Webi they do not need to explicitly log in. However, we have some our own JSP for which we need to know the SAP userid. We want to place this JSP in opendoc directory and piggyback on single signon. All we need is to get a login name of a user. How can this be achieved?

    Thanks

    Boris

Leave a Reply to kumar


× 5 = forty five