Handling Enterprise Session Management and other issues related with URL Reporting or OpenDocument

Applies to: BusinessObjects Enterprise XI 3.1 BI 4.0

Summary URL reporting or openDocument.jsp or openDocument.aspx can be conveniently used to view crystal reports, WebI documents, full client or DeskI documents, OLAP-Analysis documents, Voyager workspaces, InfoView dashboards, Xcelsius documents published as SWF files. This document reviews the session management aspect of openDocument.jsp, frequent issues seen URL reporting which are not covered in detail in OpenDocument document.

Author: Aasavari Bhave Company: SAP Americas Inc. Created on: 3 October 2011

Author Bio Aasavari works as Consultant III in Developer Support in Customer Assurance of SAP Americas Inc. She has been supporting customers on Custom SDK development for Business Objects Enterprise, Crystal Reports and BusinessObjects Web Services for over five years. The support on SDK includes, creating samples that show how to use APIs, create documentation on SDK usage and troubleshoot and track SDK related product bugs.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com © 2011 SAP AG 1 Handling Enterprise Session Management and other issues related with URL Reporting or OpenDocument

Table of Contents Introduction ...... 3 Session Management ...... 3 Methods of Bypassing logon for openDocument using Enterprise SDK ...... 3 Default Token ...... 3 CreateLogonToken ...... 3 CreateWCAToken ...... 4 Serialized Session ...... 4 Single Sign-On ...... 4 Issues with OpenDocument ...... 5 No Customization ...... 5 Number of Sessions ...... 5 Closing Browser ...... 5 Timeout ...... 5 CreateWCAToken Issue ...... 5 How to logoff the session explicitly ...... 5 Using Same Browser Sessions or Tabs in same Browser ...... 5 Behavior in Different Service Packs, Fix Packs ...... 5 Viewing WebI Vs Crystal Reports ...... 5 Viewing Crystal Reports ...... 5 Limitation of OpenDocument ...... 6 InfoView Preferences ...... 6 Transition from XI 3.1 to BI 4.0 ...... 6 Related Content ...... 7 Copyright...... 8

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com © 2011 SAP AG 2 Handling Enterprise Session Management and other issues related with URL Reporting or OpenDocument

Introduction URL reporting or openDocument.jsp or openDocument.aspx can be conveniently used to view  Crystal Reports  WebI documents  full client or DeskI documents  OLAP-Analysis documents  Voyager workspaces  InfoView dashboards  Xcelsius documents published as SWF files. This document reviews the session management aspect of openDocument.jsp, frequent issues seen URL reporting which are not covered in detail in openDocument document.

Session Management After launching openDocument.aspx or openDocument.jsp URL, the user is prompted to logon to CMS. To bypass the logon at this stage, pass a logon token or serialized session in the URL. This logon token or serialized session is generally created in a JSP or ASPX page using BusinessObjects Enterprise SDK. The JSP or ASPX page then redirects to openDocument. Redirect to openDocument.jsp or openDocument.aspx regardless of how the token or serialized session is created.

Methods of Bypassing logon for openDocument using Enterprise SDK

Default Token IEnterpriseSession es = CrystalEnterprise.getSessionMgr().logon(“”,”,””,”” );String token = es.getLogonTokenMgr().getDefaultToken(); response.sendRedirect("http://:&token=" + token);

Pros  Lasts for 12 hours or when the original session that created it is logged off, whatever occurs first.  This token can be used to re-logon into a timed out\ expired session.

Cons  Every use of default token consumes one session on enterprise.

CreateLogonToken

IEnterpriseSession es = CrystalEnterprise.getSessionMgr().logon(“”,”,””,”” ); String token = es.getLogonTokenMgr().createLogonToken("",5,20); response.sendRedirect("http://:&token=" + token); Pros  Has more flexibility, can specify client machine where it is valid or valid number of usages or valid number of minute. It can be used for whatever is specified or when the original session that created it is logged off explicitly, whatever occurs first. It is logged off, whatever occurs first.  This token can be used to re-logon into a timed out\ expired session.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com © 2011 SAP AG 3 Handling Enterprise Session Management and other issues related with URL Reporting or OpenDocument

Cons  Every use of the token consumes one session on enterprise.

CreateWCAToken

IEnterpriseSession es = CrystalEnterprise.getSessionMgr().logon(“”,”,””,”” ); String token = es.getLogonTokenMgr().createWCAToken("",5,20); response.sendRedirect("http://:&token=" + token); Pros  Token created this way has more flexibility; can specify client machines where it is valid or valid number of usages or valid number of minute. It can be used for whatever is specified or when the original session that created it is logged off explicitly, whatever occurs first.  Every use of this token will not consume one session on enterprise. This token is really meant to be used by BO applications /InfoViewApp, /InfoViewAppActions, /CrystalReports, /Analytical Reporting for sending requests to one another so that the request can be sent out without session count increase. Cons  Token created this way cannot be used to re-logon an expired or timed out session.

Serialized Session

IEnterpriseSession es = CrystalEnterprise.getSessionMgr().logon(“”,”,””,”” ); String serializedSession = es.getSerializedSession(); response.sendRedirect("servername:port/OpenDocument/opendoc/openDocument.jsp?&serses=" + java.net.URLEncoder.encode(serializedSession)); Pros  This is a serialized session that is passed in URL, and it doesn't consume an additional enterprise session. Thus, it is a good alternative to using WCA token which is more prone to errors.  It can be used to re-logon into timed out or expired session. Cons  Serialized session can be used only as long as the original session that created it is not explicitly logged off. Its validity period cannot be extended beyond that.

Single Sign-On Use Site Minder or Vintela Single Sign-On Configuration in web. of /OpenDocument Java application to allow SSO entry without having to use token or serialized session.

Pros  Easy session management, no coding is required. Cons  Less flexibility. Cannot be used for external end-users or customers.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com © 2011 SAP AG 4 Handling Enterprise Session Management and other issues related with URL Reporting or OpenDocument

Issues with OpenDocument

No Customization OpenDocument.jsp or openDocument.aspx do not have logoff buttons. Customization of openDocument.jsp or openDocument.aspx pages to add logoff buttons and mechanism to logoff is not supported.

Number of Sessions Using token created with getDefaultToken() or createLogonToken once, will consume two sessions in total: one for the original logon() call in the JSP or ASPX page and one when using the token in the URL to bypass logon. Every additional use of token will consume one session each.

Closing Browser Simply closing browser or tabs does not close or release the consumed sessions or does not even prompt the user to close the session like in InfoView.

Timeout If not explicitly log the sessions off, they will timeout after 20 minutes of inactivity. This 20-minute is a default timeout for idle CMS session and separate from HTTP timeout.

CreateWCAToken Issue If creating a token with createWCAToken, use it to view report with openDocument and wait for about 20 minutes before doing any further actions on the viewer, such as page navigation or export. A logon prompt will appear and there may be an error as the original Enterprise Session that created the token would have timed out and a token created with createWCAToken will not be used to re-logon a timed out session.

How to logoff the session explicitly To explicitly log the sessions off use JavaScript page on unload event. In the event handler, log off the session.

The section explains how to do this.

Using Same Browser Sessions or Tabs in same Browser From the JSP or ASPX page, logon as user1, create token and launch in browser. Keep the browser session open and re-run the page to logon as different user and to redirect to openDocument again. There may be a challenge for logon or an error will appear if the session created by user1 is logged off since openDocument ignores the new session created and keeps using the old session for user1. This is an issue in the product and will be fixed in Service Pack 5.

Behavior in Different Service Packs, Fix Packs OpenDocument is known to exhibit different behavior in different service packs, so if any issues are encountered during migration to a newer service pack or fix pack, always try various methods listed above of bypassing logon. Always check the behavior in latest service packs and fix packs. Check articles, notes on various known or fixed issues related to OpenDocument.

Viewing WebI Vs Crystal Reports OpenDocument can exhibit different behavior when viewing a WebI report versus that of a Crystal report, because the request is processed by two separate servers in the backend.

Viewing Crystal Reports For Crystal Reports use the URL:

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com © 2011 SAP AG 5 Handling Enterprise Session Management and other issues related with URL Reporting or OpenDocument

 http://:/CrystalReports/viewrpt.cwr?

OR

 http:///CrystalReports/viewrpt.aspx? Please refer to the BI 4.0: URL Reporting for Crystal Reports guide for details on using viewrpt.cwr or viewrpt.aspx.

Limitation of OpenDocument OpenDocument is meant for quick and easy viewing of report and is not equipped with detailed session management like viewing in InfoView or in a custom application. For more control over viewing it is recommended to use InfoView or the custom application.

InfoView Preferences If viewing preferences are set for a user in InfoView (for example, preferred viewing locale, viewer for WebI), then the same preferences are used when viewing the report with openDocument for the same user. The Locale preferences can be overridden by setting specific locale for the user in JSP or ASPX code.

Transition from XI 3.1 to BI 4.0 The openDocument.jsp link is changed to: http://:/BOE/OpenDocument/opendoc/openDocument.jsp The viewrpt.cwr link is changed to: http://:/BOE/CrystalReports/viewrpt.cwr

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com © 2011 SAP AG 6 Handling Enterprise Session Management and other issues related with URL Reporting or OpenDocument

Related Content XI 3.1 SP3 OpenDocument Reference Document BI 4.0 OpenDocument Reference Document BI 4.0: URL Reporting for Crystal Reports

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com © 2011 SAP AG 7 Handling Enterprise Session Management and other issues related with URL Reporting or OpenDocument

Copyright © Copyright 2011 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. , Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Oracle Corporation. JavaScript is a registered trademark of Oracle Corporation, used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BA - boc.sap.com | UAC - uac.sap.com © 2011 SAP AG 8