Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SSO solution for our BOE and management of group entitlements

We are implementing an SSO solution for our BOE server using a Servlet filters. The first filter in the request chain takes care of logging in a user via a firm standard web page and external authentication service.

We are proposing a design of our BOE-SSO filter is as follows:

doFilter(... ) {


String userId = extractUserid(); // from proprietary security context set up by first filter in the chain

ISessionMgr sm;

try {

sm = CrystalEnterprise.getSessionMgr();

loggedIn = isUserLoggedIn(userId); // Question 1 - What APIs would we use to do determine is a valid BOE user session exists ?

if(!loggedIn) {

// created trusted principal and log in to BOE server

ITrustedPrincipal trustedPrincipal = sm.createTrustedPrincipal(userId, cmsEndpoint);

IEnterpriseSession enterpriseSession = sm.logon(trustedPrincipal);

// Question 2 - Is it possible to set the groups to which the user contained in the EnterpriseSession is assigned, using the SDK APIs. We manage group assignments using an external service, and provided they match the groups used in defining entitlements in the BOE server, we prefer to manage the membership in our external service



catch(...) {





Former Member
Not what you were looking for? View more on this topic or Ask a question