Issue:
A Dashboard (created in SAP Dashboards) has URL Buttons set up with OpenDocument URLs as links.
When this ‘landing page dashboard’ is opened from the BI Launchpad (whether it’s saved as your default/home page or accessed directly from the platform file structure)… it requires additional authentication to follow an OpenDocument URL. Regardless of file type, Webi documents, or other dashboard files.
Not all users experience this issue, but at least ½ do. Need to understand the difference in behavior and the root cause of it to advise fix.
Referencing OpenDocument user session documentation, there are workarounds with tokens and serialized sessions, but what other settings come into play to explain that only half of the users are impacted and prompted when using native functionality from launchpad?
One possible reason for this behavior is that the domain of the BO server as displayed in the address bar of the browser is different from the domain in the openDocument link.
For example, after logging in to BI launch pad, the browser displays the following in the address bar:
http://bi4server.company.com/BOE/BI
but the openDocument link is:
http://bi4server/BOE/OpenDocument/opendoc.....
In this case, the domain is different so the original session isn't recognized. If this is the case, the easiest solution is to remove the protocol and domain values from the URL, so that it begins with:
/BOE/OpenDocument/opendoc.....
Related
When my users view an account, they also want to see data from another system, which is retrieved from a web service on demand (i.e. not stored or cached in CRM). Can Dynamics' web customisation, or other integration features, support this, given XSS restrictions?
The platform is Dynamics Online 2016.
Use HTML WebResource, just like any other html page, use JavaScript to retrieve and display your records.
Customize the account form and embed the created html on to the form.
Along with a HTML web resource, you could also consider the following:
Silverlight web resource (though that is somewhat out of vogue these days).
IFrame another website with your custom content.
Use a ribbon/command bar button to open a website in a popup window which displays the custom content.
Edit:
If you used a HTML web resource I don't think XSS restriction would be a problem. Say for example, you use a HTML web resource, you can then query and present data from the other applications web service. I dont think XSS comes into play here as the HTML web resource is all contained within CRM.
For either an IFrame or HTML web resource you can configure CRM to pass contextual information.
You can provide contextual information by passing parameters to the
URL defined in the control. The page that is displayed in the frame
must be able to process parameters passed to it. All the parameters in
the following table [including record Id] are passed if the IFRAME or web resource is
configured by using the Pass record object-type code and unique
identifier as parameters option.
You can configure XSS restrictions per IFrame.
Use the Restrict cross-frame scripting, where supported option when
you don’t fully trust the content displayed in an IFRAME.
So I think all of these options will work in various configurations.
Is it possible to embed a SAP BO object into a HTML container? For instance, embed a dashboard into my page instead of opening a new tab redirecting to the BO.
If you use OpenDocument, and put that in an iframe in your HTML page, you should be able to embed the BusinessObjects content into your web page, provided the object type is supported by OpenDocument (e.g. WebI, Dashboards, …).
One thing to keep in mind is that the user will still need to authenticate to the BusinessObjects platform. Setting up SSO results in automatic authentication, thus not prompting your end-user. If SSO is not possible, there are ways to authenticate the user without prompting (e.g. setting up trusted authentication, using the SDK to retrieve a logon token in the background, etc).
OpenDocument manuals are available here. Just make sure to select the correct manual corresponding to your version of BusinessObjects, as the features tend to differ between versions.
I'm trying to create a phonegap app which simply holds either img tags or iframes, all of which come from a number of different servers on our network.
The current challenge I'm facing is, when you navigate to, for example, http://my-intranet-domain/image.png in the browser, you are given a login dialog to enter your active directory credentials; when you put this as <img src="http://my-intranet-domain/image.png" /> in the phonegap app (or even Chrome and Safari on a macbook), you simply get 401 Errors (no challenge for credentials).
How can I:
Challenge for usernames and passwords in this situation
and, possibly:
After you get the username and password, remember this so you don't have to ask again (there are a number of different servers these images/iframes may come from, but they're all on our domain -- if you have to authenticate, you should only authenticate once).
The webviews don't present a dialog by default. You may want to look into cordova-plugin-auth-dialog which enables this behavior for Cordova apps. It can persist credentials for the session and on iOS it can persist them forever.
I have a logo at the top of all my reports that I have as an embedded image.
These reports are displayed in an ASP.Net web app via the SSRS web service interface - all pretty standard stuff but the image doesn't render - I just get a broken link.
There are a number of possible solutions for this problem and I've tried a few things including setting UseSessionCookies to false in the ConfigurationInfo table.
What I've noticed is that the image displays fine when I change the anonymous account of the consuming web app from a least privileged service account to my own user account.
I do not understand why this and can't work out what special permissions are needed by my web app's service account to be able to view embedded images in reports.
Can anyone help?
Ok, problem solved. Kind of. The problem isn't limited to embedded images and occurs because I am not using the reporting services viewer.
To summarise:
1) when your web application is making the call to the report server it is fully authorized to do so. A SessionID is generated that is ONLY available to the web application account (i.e. the Service account under which the app runs).
2) the web app outputs the RAW HTML4.0 to the screen.
3) the browser receives the HTML and tries to retrieve the images referenced in the HTML.
4) the browser is running as your user account (e.g. domain\username1)
5) the report server receives a request that looks like:
6) now the SessionID listed in the URL is not associated with domain\username1, so report server claims it does not exist.
When you set the app domain to use the domain\username1 account, then the SessionID happens to be associated with your the account so suddently things 'work'. But the moment real users try the system they complain that the images are missing, since their domain\usernameN does not match the app pool account.
The solutions to this problem are as follows:
1) use the Report Viewer control. This will ensure that the URLs received by the Browser will point back to your web app and your web app identity will be used to retrieve them from the report server.
2) in your web app code, parse the HTML4.0 that you get back from the Render call, fetch and cache all the images, re-write the HTML4.0 links to point to the cached images stored by your web app and then send it to the browser (if this seems complicated... then use the Report Viewer control since it make the scenario work)
3) you can try to use the MHTML output format, this will produce a fully qualified report with images embedded in the since binary stream. The consequence of this is it is harder to embed it within an application page... but not insurmountable
I chose to use a variation on 2) because I don't want to use the report viewer. The logo I'm trying to display is already hosted in the calling web app so I just replace the src attribute of the img tag in the response returned from the SSRS report execution service with the url to this location.
I really don't want to use the report viewer as suggested as the best solution to this issue. Why SSRS has to use session information to return something as simple as a logo that is displayed on all reports is beyond me.... It has taken ages to get to the bottom of this and the solution isn't especially pretty....
Is this an external image? Take a look at this MSDN article that explains the permissions needed for retrieving an image:
When the report is previewed in Report Designer, preview uses the
credentials of the user to display the image. When the report is run
on the report server, the report server uses the unattended execution
account to retrieve the image. If the unattended execution account is
not specified, the image is retrieved using no credentials (anonymous
user account). If either of these accounts have insufficient rights to
access the image, the image will not be displayed in the report.
I would check the permissions on the image in the Report Manager.
Need some help here :P
What im trying to do is simply get some data from an xml page located on a server.
However, the server first requires a username/password combination before i even get to see the xml content. What it does, is present a login form, that requires a user to provide credentials. Once the user hits the login, a js function is run, which logs the user in and then presents XML content to the user without ever redirecting the user to a different page.
So what im trying to ask is, is there a way (and if so, how) can i retrieve the XML of a page that first requires me to provide login details to the server?
Cheers
i'm assuming the XML data on the server is dynamic, otherwise you could simply copy and bundle the data into your own website - obviously.
i'm not sure of the nature of this data, but sometimes data can be accessed thru a website's backdoor, legally. you could try a quick search to see if this data is available publically, or even contact the data holder to find out for sure. in any case, you'll need to have a cross-domain policy file to access data that is not hosted on your own domain.
You cannot load variables or XML data
into a Flash movie from another
domain. For example, a Flash movie
loaded from
http://www.yourserver.com/flashmovie.swf
can access data residing at
http://www.yourserver.com/data.txt.
The text file is located within the
same domain as the SWF.
However, an attempt to load data from
http://www.NotMyServer.com/data.txt
will fail and no error messages are
displayed. The load action will cause
a warning dialog to appear.
Note: This security feature does not
affect Flash movies playing in
stand-alone projectors.
if the data is publicly available, there is probably a way to bypass this security restriction by using JavaScript and ExternalInterface to capture the data, but i'm not well versed with such routines.
this security restriction is not applicable to AIR applications.
more: Cross-domain policy for Flash movies