Configuring SAP BI Authentication

To configure the server for SAP BI authentication, edit the cluster configuration file and the csi_boe.xml file.

During installation Event Stream Processor creates a cluster configuration file, called node1.xml by default. This file contains security information for the cluster, including a reference to the file that determines the authentication type. If you created a different cluster name during installation, the name of your cluster configuration file takes the form <node-name>.xml.

Event Stream Processor provides a default csi_boe.xml file in the ESP_HOME/security directory that you can use as a template and modify based on your specific SAP BI implementation.

If you selected SAP BI authentication at installation time, the installation program modified the <node-name>.xml file to refer to csi_boe.xml, and modified csi_boe.xml with the configuration information for SAP BI authentication. If you installed with a different authentication type, perform these steps to enable and configure SAP BI authentication:

  1. Use a text editor to open the cluster configuration file, ESP_HOME/cluster/nodes/<node-name>/<node-name>.xml.
  2. In the Security section, specify csi_boe.xml as the CSI configuration file. For example:
        <Security>
        <Csi>
            <!-- The File node is macro expanded by default. -->
            <!-- To disable expansion, set attribute expand="false". -->
            <!-- This node specifies the CSI configuration file to use. -->
            <!-- There are currently 5 distributed CSI config examples. -->
            <!-- csi_native_nt.xml uses a CSI supplied LoginModule that provides native OS authentication on Windows. -->
            <!-- csi_native_unix.xml uses a CSI supplied LoginModule that provides native OS authentication on Unix. -->
            <!-- csi_ldap.xml uses a CSI supplied LoginModule that provides LDAP authentication. -->
            <!-- csi_kerberos.xml uses an ESP supplied LoginModule that provides Kerberos authentication. -->
            <!-- csi_rsa.xml uses an ESP supplied LoginModule that provides RSA authentication. -->
            <!-- csi_boe.xml uses an ESP supplied LoginModule that provides SAP BI authentication. -->
            <File>${ESP_HOME}/security/csi_boe.xml</File>
            <!--Policy>${ESP_HOME}/security/policy.xml</Policy-->
        </Csi>
  3. Save and close the cluster configuration file.
  4. Go to the ESP_HOME/security folder and open the SAP BI configuration file, csi_boe.xml in a text editor.
    <?xml version="1.0" encoding="UTF-8"?>
<config:configuration xmlns:config="http://www.sybase.com/csi/2.5/config"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <config:authenticationProvider controlFlag="sufficient" name="com.sybase.esp.cluster.security.BoeLoginModule">
                <config:options name="cmsUri" value="SAP_HOST_PLACEHOLDER:SAP_PORT_PLACEHOLDER"/>
                <config:options name="authenticationMethod" value="secEnterprise"/>
        </config:authenticationProvider>
        <config:provider name="com.sybase.security.core.NoSecAttributer" type="attributer"/>
        <config:provider name="com.sybase.security.core.RoleCheckAuthorizer" type="authorizer"/>
        <config:provider name="com.sybase.security.core.XMLFileRoleMapper" type="roleMapper">
                <config:options name="RoleMapFile" value="${esp.home}/security/csi_role_mapping.xml"/>
        </config:provider>
</config:configuration>
  5. Change SAP_HOST_PLACEHOLDER to the name of the host where you are running SAP BI.
  6. Change SAP_PORT_PLACEHOLDER to the port to use when communicating with that host. Be careful not to remove the colon separating the host name and the port number.
  7. Save and close the csi_boe.xml file.
  8. Restart the server and all of the cluster managers.
Parent topic: User-Name-Password Authentication