cancel
Showing results for 
Search instead for 
Did you mean: 

Trusted Authentication not working with USER_PRINCIPAL for 3rd Party application

Former Member
0 Kudos

Hi ,

We have configured Trusted Authentication on BI side and the 3rd party application ( portal ) is configured for SAML.

For SAML to work with BI ( integrate) we need Trusted Authentication working as well. Also, Tomcat has been made a SAML service provider

However, when the portal redirection occurs, its not allowing to SSO to BI once Trusted Auth is enabled.

Below are the settings in the web.xml of BOE that are made

<security-constraint>

    <web-resource-collection>

    <web-resource-name>OnJava Application</web-resource-name>

    <url-pattern>/BOE/BI</url-pattern>

    </web-resource-collection>

    <auth-constraint>

    <role-name>onjavauser</role-name>

    </auth-constraint>

</security-constraint>

<login-config>

    <auth-method>BASIC</auth-method>

    <realm-name>OnJava Application</realm-name>

</login-config>

As per the above setting, its trying to Authenticate the user from the tomcat-users.xml file, rather than SecureAuth.

Also, in the global.properties file, below entries have been made

sso.enabled=true

trusted.auth.user.retrieval=USER_PRINCIPAL

trusted.auth.user.namespace.enabled=     ( this is left blank as we have created an Enterprise account for the same user account in the same naming convention i.e firstname.lastname )


Are there any changes from the portal side that are needed to be added in the above code for Trusted Auth to work with SAML as the Admin guide does not provided the correct code for USER_PRINCIPAL

Individually SAML from SecureAuth and Trusted Auth from BI are working, but the handoff (response) is not happening from the Tomcat over to SecureAuth so as to authenticate the user

Also, is there any additional information that we need, so as to allow this to work.

Accepted Solutions (0)

Answers (1)

Answers (1)

BasicTek
Active Contributor
0 Kudos

OK there is no SAML integration with any version of BI so our product is completely unaware of any SAML configuration. What we can do in BI is turn on the web/app tracing to verify what if anything is being received from your portal-tomcat SAML config (KBA 1613472).

If the logging indicates a null value or value other than a matching username then the problem must be troubleshot outside BI. Google search for tomcat, SAML may be the best route. There are no SAP documented procedures for troubleshooting external products like this. Trusted auth assumes the customer is going to be providing the username and that their own IT will be the support for this.

Who supports your portal? Is it even capable of sending the SAML user to tomcat? If so do they document it? The web config you edited may not be the right way.

Hopefully this may help

https://cwiki.apache.org/confluence/display/CXF20DOC/SAML+Web+SSO

Regards,

Tim