Discussions
Categories
Groups
Community Home
Categories
INTERNAL ENABLEMENT
POPULAR
THRUST SERVICES & TOOLS
CLOUD EDITIONS
Quick Links
MY LINKS
HELPFUL TIPS
Back to website
Home
Intelligence (Analytics)
iServer using Kerberos/AD for Authentication
Carvajal
I have installed <strong class='bbc'>iServer Express</strong> on a <strong class='bbc'>Linux </strong>Machine (kernel 2.6.18-164) using <strong class='bbc'>CentOS </strong>release 5.4 (Final). The Linux machine uses <strong class='bbc'>Kerberos 5</strong> to authenticate against <strong class='bbc'>Active Directory</strong> Domain Controllers running on Windows 2008 SP2. Our <strong class='bbc'>SQL servers</strong> are using integrated authentication, in other words, SQL Users are authenticated against the same AD used by Kerberos.<br />
<br />
We don't want to create or import lists of users, we want to delegate this functionality to Active Directory.<br />
<br />
We would like to have integrated privileges plus single sign-on, so usernames & roles are not stored in iServer Express, and the login to iServer Express is handled by Kerberos and Active Directory. <br />
<br />
Does anybody have done something similar before?<br />
<br />
Thanks,<br />
<br />
Rodrigo
Find more posts tagged with
Comments
averma
Hi Rodrigo,
iServer provides a flexible security mechanism that allows you to externalize the authorization and authentication aspects. The specific iServer technologies that address this is called RSSE (Report Server Security Extension) and IPSE (IPortal Security Extension).
RSSE provides SOAP based API's that supports running the security layer as a web service. In your case this web service would have the smarts to interact with AD. iServer comes with some sample RSSE implementation for integration with LDAP. Here is a link to a short wiki article that describes RSSE:
http://www.birt-exchange.org/org/wiki/index.php?title=Report_Server_Security_Extention
Chapter 11 of the following product documentation has more information on this topic:
http://www.birt-exchange.com/be/documentation/Manuals10SP1/using-iserver-integration-tech.pdf
Finally you can extend IPSE to implement your own custom security class for single sign-on. Chapter 8 of the following product documentation has more information on this:
http://www.birt-exchange.com/be/documentation/Manuals10SP1/creating-custom-deployment-kit-apps.pdf
Ashwini
johnw
This is a very common request for iServer. The integration point your looking for is called RSSE. What you would build is an RSSE for ActiveDirectory/LDAP, and point the iServer Express instance to the location of that RSSE.
There is an LDAP example that should come with your integration tech.
Carvajal
<blockquote class='ipsBlockquote' data-author="'averma'" data-cid="67713" data-time="1282684153" data-date="24 August 2010 - 02:09 PM"><p>
The specific iServer technologies that address this is called RSSE (Report Server Security Extension) and IPSE (IPortal Security Extension). <br /></p></blockquote>
<br />
Hi Averma,<br />
<br />
Thank you for your pointers to RSSE and IPSE. I know it will involve some programming and configuration changes in a few systems. I was not expecting an "off the shelf" solution, but probably something easier to implement.<br />
<br />
Thanks!
