Hi,
I am not able to locate correct category to post this. It is rather related to administration. If this is not in correct category, please move
I am learning BusinessObjects security and administration. I have BusinessObjects XI R3 SP5 on Windows Server 2008 R2. Right now our BO XI has Enterprise authentication. We are planning to implement Windows AD authentication with SSO. I have configured my development servers with Windows AD + SSO. I configured with Kerberos authentication protocol.
Windows AD + SSO works fine. When users are authenticated with SSO, no password is transmitted in plaintext, since it is using Kerberos ticket.
This is my issue. If a Windows user has no account in our BO XI and he/she attempts to access the InfoView, it throws a warning "Account Information Not Recognized: Active Directory Authentication failed to log you on. ". But along with this message InfoView also shows login page.
If the user realizes that he/she doesn't have access and close the browser, then there is no issue. If the user is unsure and try his/her credentials out of curiosity, though he/she will not be authenticated, the password is transmitted as plain text. I tested this using Wireshark. This could be problem in my company.
So my goal is to allow users authenticated only by SSO. If there is an authentication issue, only the message should be displayed. We should not present the BO login screen.
Also when I use Chrome or Firefox they simply invoke logonNoSso.jsp page. This displays standard BO login page. If I enter my user name and windows AD password, I am able to see the password in plaintext in the Wireshark packet.
My goal is that BOXI should never be allowed to display its login page, if SSO fails. Can you please direct me on this
I appreciate any help
Thank you
Regards
Ravi