RSA Security Server Xlr2 User Manual
Solution Summary
To achieve Single-Sign-On (SSO) with BusinessObjects Enterprise XIr2 InfoView, a web server proxy to
the InfoView application server host must be configured. An RSA ClearTrust agent is installed on this
web server and it is configured to protect BusinessObjects Enterprise resources. Pre-existing RSA
ClearTrust (LDAP) groups can be imported into InfoView. These groups and their individual users can
then be managed and maintained via the ClearTrust Entitlements Manager and servers. Each user is
given a BusinessObjects Enterprise alias and an LDAP alias, each of which correspond to the RSA
ClearTrust username. BusinessObjects Enterprise is then configured to trust RSA ClearTrust-
authenticated users.
The ClearTrust Administrator creates BusinessObjects Enterprise users, groups, resources, and
entitlements. When a user first requests a protected resource, the RSA ClearTrust web server agent
prompts the user for authentication credentials. The agent communicates with the RSA ClearTrust
servers to establish authentication and determine if the user is authorized to access the requested
resource. Following successful authentication and authorization, the user is forwarded to a script within
the BusinessObjects Enterprise web application. This script retrieves the identity of the user by parsing
an HTTP header variable and creates a personalized BusinessObjects Enterprise session.
Figure 1 illustrates a high-level view of this deployment.
the InfoView application server host must be configured. An RSA ClearTrust agent is installed on this
web server and it is configured to protect BusinessObjects Enterprise resources. Pre-existing RSA
ClearTrust (LDAP) groups can be imported into InfoView. These groups and their individual users can
then be managed and maintained via the ClearTrust Entitlements Manager and servers. Each user is
given a BusinessObjects Enterprise alias and an LDAP alias, each of which correspond to the RSA
ClearTrust username. BusinessObjects Enterprise is then configured to trust RSA ClearTrust-
authenticated users.
The ClearTrust Administrator creates BusinessObjects Enterprise users, groups, resources, and
entitlements. When a user first requests a protected resource, the RSA ClearTrust web server agent
prompts the user for authentication credentials. The agent communicates with the RSA ClearTrust
servers to establish authentication and determine if the user is authorized to access the requested
resource. Following successful authentication and authorization, the user is forwarded to a script within
the BusinessObjects Enterprise web application. This script retrieves the identity of the user by parsing
an HTTP header variable and creates a personalized BusinessObjects Enterprise session.
Figure 1 illustrates a high-level view of this deployment.
ClearTrust
Servers
Web Server
and ClearTrust
Agent
Application Server\
BusinessObjects
Enterprise
LDAP Server
proxy
authentication &
authorization
Request
protected
resources
resources
shared users
and groups
Figure 1: Integration deployment diagram
Partner Integration Overview
Use UserID for SSO
Yes
Use UserID for Personalization
Yes
Recognize Authentication Type
Yes
API-level Authorization Support (RuntimeAPI)
No
User Management (AdminAPI)
Via Shared User Repository (LDAP)
Page: 2