cancel
Showing results for 
Search instead for 
Did you mean: 

BOXI4.1 (14.1.1.1036) - Trusted Authentication via webservice

former_member197488
Participant
0 Kudos

Hello all...

I just tested trusted authentication with already mentioned version, and as a result I receive the error message:

{

     "error_code": "FWM 02045",

     "message": "There was an error reading the shared secret from trusted principal configuration file. (FWM 02045)"

}

For my tests I use the Chrome Plugin "Advanced Rest Client" and a piece of Java code.

Both tests ran with the settings:

GET-Request

URL: http://servername:6405/biprws/logon/trusted

Header:

     Accept: application/json

     X-SAP-TRUSTED-USER: validUsername

And both return a "401 Unauthorized"

My Java code looks like that:

@Test   

public void testTrusted() {

     URL requestUrl = new URL("http://servername:6405/biprws/logon/trusted");

     HttpURLConnection connection = null;

     try {

          connection = (HttpURLConnection) requestUrl.openConnection();

          connection.setRequestMethod("GET");

          connection.setRequestProperty("Accept", "application/json");

          connection.setRequestProperty("X-SAP-TRUSTED-USER", "validUser");

          InputStream responseStream = null;

          responseStream = (InputStream) connection.getContent();

          ...

     } catch (Exception e) {

          LOG.error(e.getMessage(), e);

     }

}

I attached screenshots from the settings for Enterprise Authentication and WebApplicationContainerServer if someone wants to check my settings.

Any hints or even a confirmation appreciated.

Jan

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Jan,

Make a command line entry using

-Dbobj.trustedauth.home= and the folder SharedSecrets placed

Restart the WACS server and again try to execute the url in REST client.

I was getting the same exception as placing the file in <BusinessOjects Install Directory>/SAP BusinessObjects/ SAP BusinessObjects Enterprise XI 4.0/win64_x64, I though it would pick up the file from there.

After specifying the above path in the command line properties of WACS it has started working.

Hope it helps.

Thanks,

Prithvi

Former Member
0 Kudos

Hi Jan,

Furthur more testing, I figured out that the command line paramter of WACS contain the below configuration

"-Dbobj.trustedauth.home=C:/Program

Files (x86)/SAP BusinessObjects/SAP BusinessObjects Enterprise XI

4.0/java/pjs/container/bin"

The above paramter should contain the location of the TrustedPrincipal.conf file, as it is stated to a different directory, it is looking for the configuration file in that directory and not able to find it.

Update it to the current directory and it starts working.

Thanks,

Prithvi

former_member197488
Participant
0 Kudos

Hi Prithvi,

as a follow up question - maybe you have experience with that.

Do you know if the option to provide the shared secret for trusted authentication also via RESTful call, or is it now always necessary to have the file in place?

Thanks in Advance.

Jan

michael_jennings
Participant
0 Kudos

Dear Jan ,

     could you post your entire code about login via RESTFull using shared secret. Because I'm

     trying to implement a connection via Restfull using shared secret but I have no success to

     do that....

Best Regards,

MJ

former_member197488
Participant
0 Kudos

Hi Michael,

the above code is the entire code required to do a trusted logon.

Only thing that was missing in my setup was the path to the configuration file.

Place the TrustedPrincipal.conf in the folder that was mentioned by Prithviraj or append the mentioned parameter with a correct path to the commandline of your wacs server.

Hope that helps

Jan

michael_jennings
Participant
0 Kudos

Thank

Former Member

I am trying to work thru what/how the trusted auth works and am missing something in the life cycle.  I read all of the examples as the process is to create a java app on the BO Box that creates the session based on the user provided.  I don't understand how this works when the secret is on the same box that generated it, how do you know to trust who is passing the user?

The way I am wanting this to work is to pass the secret via http proxy with the user and get a session for a user that I already have authenticated.  Is that life cycle in the scope of support of trusted auth?

Answers (1)

Answers (1)

former_member197488
Participant
0 Kudos

Hi Prithvi,

thank you so much for pointing that out.

Helped me a lot!

Jan