Making an Authentication Less Open Document URL for BOBJ Document.

Recently, I was working on a client's request where in I was supposed to redirect to BOBJ report on click of a button and the user should not provide authentication details again.

After going through the SAP documentation for a while, I came through SAP's RESTful web services API. As always APIs for the win, Web services API provides a lot of features including authentication as well.

I know there are a lot of blogs on this topic but most of the blogs don't provide all the information at one place so I thought of writing this blog and combining all the information that I found in bits and pieces which might make some developers life easy :)

Different ways of Authenticating User

Web services API provide below listed ways in which a user can be authenticated:

1. Passing username & password (To generate logonToken)

2. Passing a serialized session or token from a different application already authenticated with Platform

3. Active Directory Single Sign-On

4. Trusted Authentication

In this blog I am gonna focus on Using username & password.

Logon Tokens:

Logon Tokens can be used in Open Document by inserting the token parameter into the open Document URL. This token allows users access to files secured in the BI platform without being prompted for credentials.

How to create a Logon Token using web services API ?

1. Make a request to get template for for providing username and password.

1.1 In order to get the template in which the username and password needs to be provided, make a request to http://<baseURL>/logon/long using the GET method.

1.2 Add Accept attribute to the request header, and set its value to application/xml.

1.3 You will get a response as shown in the below picture:

1. Now let's use the template that we got in response of GET method.

2.1 Make a request to the same URL that we used to get the the template using POST method.

2.2 Add the Accept and Content-Type attribute to the request header and set both of the values to application/json.

2.3 Fill out the XML template with the username, password and authentication type, and add it to request body of the new request.

In the XML template, auth represents the authentication type, secEnterprise for Enterprise authentication, secWinAD for Windows AD, secLDAP for LDAP and secSAPR3 for SAP.

1. Once we make a request using POST method using the details mentioned in point 2, we will get a logonToken token in response.

2. The logonToken that we receive needs to be URL encoded. You can use any URL Encoder to encode the logonToken.

3. Once we have encoded the logonToken, we can append the token in the open document URL using the flag token.

Example: http://<serverName>:<portNo>/BOE/OpenDocument/opendoc/openDocument.jsp?sIDType=CUID&token=logonToken

Reference:
https://help.sap.com/docs/SAP_BUSINESSOBJECTS_BUSINESS_INTELLIGENCE_PLATFORM/db6a17c0d1214fd6971de66ea0122378/45aaa0726e041014910aba7db0e91070.html

In conclusion, I hope this blog post has provided valuable insight into accessing Open Document URLs without prompting user for authentication.

Also, if you enjoyed this content and would like to stay updated on future posts, feel free to connect with me on LinkedIn or X or check out my Github profile. I'll be sharing more tips and tricks on Django and other technologies, so don't miss out!

If you find my content valuable and would like to support me, you can also buy me a coffee. Your support helps me continue creating helpful and insightful content. Thank you!