RSA Security Xlr2 manual Solution Summary, Partner Integration Overview

Solution Summary

To achieve Single-Sign-On (SSO) with BusinessObjects Enterprise XIr2 InfoView, a web server proxy to the InfoView application server host must be configured. An RSA ClearTrust agent is installed on this web server and it is configured to protect BusinessObjects Enterprise resources. Pre-existing RSA ClearTrust (LDAP) groups can be imported into InfoView. These groups and their individual users can then be managed and maintained via the ClearTrust Entitlements Manager and servers. Each user is given a BusinessObjects Enterprise alias and an LDAP alias, each of which correspond to the RSA ClearTrust username. BusinessObjects Enterprise is then configured to trust RSA ClearTrust- authenticated users.

The ClearTrust Administrator creates BusinessObjects Enterprise users, groups, resources, and entitlements. When a user first requests a protected resource, the RSA ClearTrust web server agent prompts the user for authentication credentials. The agent communicates with the RSA ClearTrust servers to establish authentication and determine if the user is authorized to access the requested resource. Following successful authentication and authorization, the user is forwarded to a script within the BusinessObjects Enterprise web application. This script retrieves the identity of the user by parsing an HTTP header variable and creates a personalized BusinessObjects Enterprise session.

Figure 1 illustrates a high-level view of this deployment.

Partner Integration Overview

Page: 2