Hi, we're currently doing a proof of concept with BOE XI R2, and want to structure it around a single sign on. What are the advantages/disadvantages of AD vs. LDAP?
We've currently got active directory over multiple domains, plus I'm told that novell uses LDAP, and I **think** that the Cognos side of the house is using LDAP as well.
Basically, I'm wanting to utilize single sign on w/ domain info, then do grouping inside BOEXI.
One thing that I would point out is that you can only do true single sign on with AD. This just means that if they go to the log on page, it will automatically log them on as the AD user that is logged into the machine and bring them right into InfoView.
With LDAP, it will bring you to the log on screen where the user would have to click the log on button to get in. It is not necessary for them to enter their password, but you can't get out of the box pass thru.
It will only log them automatically if they are using the .NET version of Infoview. The Java version is incapable.
We use the Java Infoview, because of PM, and I setup an ASP script in IIS that creates the LogonToken and redirects to the Java InfoView.
I believe there might be an issue with this method if you want straight-thru SSO (to DB) because NTLM is used. The DB SSO requires Kerberos. I don't believe you can use both.
I'm thinking that we're leaning more towards AD-based single sign on, and then managing groups inside of BOE. For my application alone, I have approximately 1500 users at 24 different facilities, with report coordinators at each facility- who will manage their own groups. Also, each facility has its own view to our oracle DSS, and access views are being set on a per-group basis, with filters allowing for views with their own data.
Also, regarding the web application server- we're actually using the websphere interface in an SOA/UCE cluster. Thankfully we've got some knowledgeable websphere people here!
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.