BI Platform REST SDK (RWS) in BOE 4.2

former_member230921 · ‎12-15-2017

This blog describes:-

BI Platform REST Webservices (biprws) BOE 4.2 SP05,

Configure REST Service for Fiorified BI Launchpad,

BI Platfrom Web-services on Web Server (Apache Tomcat),

Configuration of biprws.properties on Web Server,

Authentication Support and configurations

BI Platform RWS:

BOE 4.2 SP04 BI Platform REST Webservices deployment supports only WACS (Web Application Container Server).

From BOE 4.2 SP05 onwards, biprws deployment supports:

WACS(Web Application Container Server) and

Apache Tomcat

BI Platfrom REST Services URL

http://<host>:<port>/biprws/

where

<host> - the name of the web server for BI platform.

<port> - the port number for the platform.

Version1 of biprws is introduced in 4.2SP03.

Supported Servers : WACS, Tomcat (4.2 SP05+)

BIP RWS APIs URI v1 : http://<host>:<port>/biprws/v1/

Data Formats : XML and JSON

Configure REST Service for Fiorified BI Launchpad:

Fiorified BI Launchpad completely depends on REST SDK.

why to set REST URL in CMC?

Answer : The REST SDK URL mentioned in CMC will be used by Fiorified BI Launchpad.

How to set REST URL in CMC?

Answer: Navigate in CMC Applications -> RESTful Webservices -> Right click and select properties and Change the URL.

Web Application deployment on Apache Tomcat:

name : biprws

BI Platform REST services will be deployed as webapp in web server (tomcat) like AdminTools, biodata, BOE, dswsbobje…..

webapp is also available in below path of installed machine: \warfiles\webapps

Configuring BI Platform RESTful Web Services on Web Server:

Admin needs to configure biprws.properties file .

To customize the configuration for RESTful web services, follow the steps below:

Copy the file: <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps \biprws\WEB-INF\config\default\biprws.properties to <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps \biprws\WEB-INF\config\custom\biprws.properties and then open it for editing.

Modify the parameters as required and Restart Tomcat Server.

Given below is a table describing the properties shown in the screenshot.

Property	Description	Default Value
Default_Number_Of _Objects_On _One_Page	The number of entries that will be listed per page. You can override this setting with the&pageSize=<m> parameter in the RESTful Web Services SDK.	50
Enterprise_Session_ Token_Timeout_In_Minutes	The expiry time a logon token will remain valid for. Beyond this time, you need to generate a new logon token.	60
Session_Pool_Size	The number of cached sessions that can be stored at any point in time. The session pool caches active RESTful web service sessions so they can be reused when a user sends another request that uses the same logon token in the HTTP request header.	1000
Session_Pool_Timeout_In_Minutes	The time in minutes after which the cached sessions will expire.	2
LogLevel	Enables logging and sets the level of severity and detail to None (only critical eventslogged), Low (startup, shutdown, start and end request messages), Medium(error, warning and most status messages) or High (Nothing excluded. It is used for debugging only. The CPU usage may increase, thereby impacting performance). The available menu choices are: Unspecified None Low Medium High	Unspecified
Retrieving_Method	This setting is a menu that sets which query method will be used to retrieve trusted authentication logon tokens when using the RESTful web service API /logon/trusted. · HTTP_HEADER is used for GET queries with the request header accept=application/xml (or application/json). · QUERY_STRING is used to add a logon name to the end of a URL query using the RESTful Web Service API, for example /logon/trusted/?user=johndoe. · COOKIE is used when the login name is retreived from a web browser cookie. The domain, name, value and path must be stored in the cookie.	HTTP_HEADER
User_Name_Parameter	The label used to identify the trusted user for the purposes of retrieving a logon token.	X-SAP-TRUSTEDUSER
Trusted_Auth_Shared_Secret	The string value generated by following the steps mentioned in the sectionGenerating a Shared Secret Value	Unspecified

Trusted Authentication for RESTful Web Services on Web Server:

The topic provides instructions to enable trusted authentication for RESTful web services on Tomcat application server.

Follow the steps below to enable trusted authentication:

Generate a shared secret key. Refer to Generating a Shared Secret Value for more information.

Save the shared secret key at <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\java\pjs\container\bin in Windows.

Open the shared secret key in a text editor.

Copy the shared secret key.

Copy the file <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\biprws.properties to <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps \biprws\WEB-INF\config\custom\biprws.properties.

Open the biprws.properties file in a text editor.

Paste the shared secret key against the value Trusted_Auth_Shared_Secret=.

Add the Retrieving Method and User Name Parameter. Refer the table above to add the Retrieving Method and User Name Parameter.

Save the biprws.properties file.

Restart the web server.

X.509 Authentication for RESTful Web Services on Tomcat:

In public key cryptography, X.509 is a standard that defines the requirements for a secure digital certificate. An X.509 certificate verifies the possession of the public key by a user or a services identity.

You can now enable X.509 authentication for RESTful web services on Tomcat application server by following the steps below:

Enable SSL on Tomcat. Refer to Configuring SSL on Tomcat for more information.

Generate a shared secret key. Refer to Generating a Shared Secret Value for more information.

Open the shared secret key in a text editor.

Copy the shared secret key.

Edit the biprws.properties file.

Restart Tomcat.

Vintela single sign-on for RESTful Web Services:

Some client tools require authentication through RESTful web services. Follow these steps to enable single sign-on (SSO) for web services.

Copy the file <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps\biprws.properties to <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps \biprws\WEB-INF\config\custom\biprws.properties, and then open it for editing.

To enable Kerberos SSO for Windows Active Directory (secWinAD) authentication, set sso.enabled to true.
Specify the following mandatory options:

Use WDeploy to redeploy the WAR file on the web application server. For information on using WDeploy, see the SAP BusinessObjects Business Intelligence Platform Web Application Deployment Guide.

Restart Tomcat.

To test your settings, on the client machine, open any browser and launch the URL: http://<WebAppServer>:<portnumber>/biprws/v1/logon/adsso.The REST token must appear as a response to the API.

More Info: https://launchpad.support.sap.com/#/notes/1646920

Learn More:

https://blogs.sap.com/2017/05/16/fiorified-bi-launchpad-in-boe-4.2/

https://blogs.sap.com/2017/05/10/query-the-businessobjects-repository-using-bi-platform-rest-sdk-rws...

https://blogs.sap.com/2017/04/16/bi-platform-rest-sdk-version1/

https://blogs.sap.com/2017/04/21/session-management-in-bi-platform-rest-sdk-rws/

https://help.sap.com/viewer/product/SAP_BUSINESSOBJECTS_BUSINESS_INTELLIGENCE_PLATFORM/

former_member230921 · ‎12-15-2017

What’s New in SAP BOE 4.2 SP05:

https://www.sap.com/documents/2017/12/529564fc-e47c-0010-82c7-eda71af511fa.html#

former_member230921 · ‎12-20-2017

What's new in SAP BOE 4.2 SP05 Video:

https://www.youtube.com/watch?v=zYRIx4S9gW0&list=PLufF7pZxICBhpoEF3TNcCvwscm5_7zgHP

former_member309335 · ‎12-22-2017

Hi Bharath, thanks for a great post. We did configure Restful web services in CMC as mentioned and we get response in XML format when we open the browser with restful web services URL http://servername:6405/biprws. However, we can't find any folder "biprws" in both locations

<INSTALL_DIR>:\BOE4\SAP BusinessObjects Enterprise XI 4.0\warfiles\webapps

<INSTALL_DIR>BOE4\tomcat\webapps

Hence, we are unable to proceed further with rest of configuration steps. Could you help?

former_member230921 · ‎12-22-2017

Hi Santhosh,

Please share the BOE product version.

War file is available from BOE 4.2 SP05.

-

Bharath

former_member309335 · ‎12-22-2017

We are on BOE 4.2 SP03.

former_member309335 · ‎12-22-2017

Will deploy SP05 on Sandbox, update you. What's the advantage of V1 - http://<host>:<port>/biprws/v1/ ?

former_member230921 · ‎12-22-2017

https://blogs.sap.com/2017/04/16/bi-platform-rest-sdk-version1/

former_member230921 · ‎01-19-2018

https://answers.sap.com/questions/402417/sap-bi-42-sp5-fiori-bilaunchpad.html?

jemstar · ‎03-06-2018

Hi there,

have you ever received the error below trying to install the web tier on a web server. We have eliminated any firewall or security issues. We try to authenticate against the CMS, but get the error when we enter administrator name and password

Either the remote CMS cannot be reached, or the logon credentials are incorrect INS00013

regards

James

former_member456023 · ‎03-08-2018

Hi James,

Check if the CMS machine host is reachable from web tier machine.

If not, then make host entries of the machines and try again.

Thanks

Ashraf

kromkar · ‎03-29-2018

Hello,

I get a 404 Unable to access the current page when following the link to generate a new shared key. I am logged on using my OSS id, and haven’t had this happen before. Anyone else see this and is there something I may be doing wrong?

Found the updated link here:

https://help.sap.com/viewer/2e167338c1b24da9b2a94e68efd79c42/4.2.5/en-US/e5f17b389eea4402844ac5d759a...

If that's not working, it can be found in the BI Platform Administrators guide on help.sap.com.

These are the steps as of this posting:

Launch Central Management Console.
Go to Authentication Enterprise.
Under Trusted Authentication, check the box against Trusted Authentication is enabled.
Choose New Shared Secret. This will generate the shared secret key.
Choose Download Shared Secret and then Update.
Copy the downloaded file TrustedPrincipal.conf to <INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\java\pjs\container\bin in Windows.

Rick

former_member230921 · ‎03-31-2018

Right steps. 🙂

For which page you are getting 404 error ?

kromkar · ‎04-04-2018

Any of the links in the main thread for “Generate a shared secret value”. I logon using my OSS id, which I use for everything in the SAP world, and it gives me that 403 error (my bad .. it was a 403 error, not 404 as originally posted).

former_member230921 · ‎04-05-2018

This link you are getting 403 ?

https://help.sap.com/viewer/2e167338c1b24da9b2a94e68efd79c42/4.2.5/en-US/e5f17b389eea4402844ac5d759a...

DellSC · ‎09-17-2018

A couple of comments for configuring Trusted Authentication for the RESTful Web Services on Tomcat in 4.2 SP6 (based on info I received from a ticket I had to open to get this working):

You actually have to update the default biprws.properties file in addition to creating the custom biprws.properties file in order to get this to work.
Check your TrustedPrincipal.conf file. The original one from our system (after upgrading from 4.2 SP5) appeared to have line-feed characters in it so it didn’t work. I had to re-generate the Shared Secret in order to get this to work.
In addition to putting the TrustedPrincipal.conf file in the folder indicated above, also put it in the w64_x64 folder.

-Dell

Former Member · ‎10-19-2018

Hello,

I m tryig to make a secure connection to Fiori Laucnhpad. But i get restful service error. Does it support ssl on webshere or not? I couldnt find any post about that.

regards,

former_member230921 · ‎10-26-2018

check CMC-> Applications -> RESTFull Webservices

which URL it is pointing to and check the URL is responding.

Joe_Peters · ‎12-20-2018

In WACS we can enable an error stack trace for REST. How is this done in Tomcat?

rpuranik · ‎01-10-2020

Bharath, What port numbers are used by the SDK that open up connections to the CMS server? Thanks

sgbd · ‎05-07-2020

Hello,

we have a problem with RESTful service (fiori logon, live office) since the migration from 4.2 SP5 to SP7.

We think the problem is linked with the configuration of the logger properties of the biprws.properties at 4.2 SP5,

This was : LogLevel=High

But now at SP7 this is :

Log_Level=Medium

Log_Location=

We have tried with Log_Location=E:/LOGS but can't make it work .. (we have checked the permissions, url restful...).

Could you help me ?

Thank you

former_member238350 · ‎07-25-2022

Hi Bharath,

Please forgive me posting to an old article.

We've just upgraded to BO 4.3 SP2 Patch 3, and we use a split Apache/Tomcat deployment on our web server (Apache version 2.4.52). We now have the RESTful web service configured to use biprws on Tomcat, NOT in the WACS. There are multiple URLs for accessing the web server. When someone logs into the launchpad using one URL (let's call it URL1), then that blocks any other URL (such as URL2 or URL3) from being able to log in, and the error "Logon failed for RESTful Web Services. Contact system administrator."

If we look at the F12 console, then we can see the following:

"Access to XMLHttpRequest at 'http://XXXX/biprws/internal/v1/settings/allsettings?appCuid=Ac7UIwmYafpFuhiiw6FRXLQ&_=1658770162670' from origin 'http://URL2' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'URL1,URL2', but only one is allowed.

As far as I can tell, I can see 2 SAP notes which seem to relate to this:

SAP note 3013405 asks me to amend the biprws.properties file to add in the "cors.enable=true" parameter, and we have done this, but the problem remains.

SAP note 3048101 also seems to resemble this, but if we select the "use relative URL path" box in the RESTful web service configuration option, then we simply get a 404 not found error when logging in. I am assuming that this may be because Apache is using port 80, and Tomcat is using port 8080.

Does our split deployment mean that we can't use the relative URL path mentioned in SAP note 3048101? Do we need to revert to a unified deployment, and stop using Apache? Or is there a way that we can get round this problem, and still continue to use the split deployment?

denis_konovalov · ‎07-25-2022

If you're getting 404 after setting "use relative URL" , then your apache is not redirecting calls correctly.

PS
Have you done any tests to see if split deployment provides any actual benefits with new fiori BI launchpad ?

former_member238350 · ‎07-25-2022

Hi Denis,

Many thanks for your very quick reply.

When I select "use relative URL", then we get a 404 not found page. I am assuming that this is because the relative URL is still trying to communicate with port 80 (the Apache port), rather than port 8080 (Tomcat)

former_member238350 · ‎07-25-2022

We have not compared split vs combined deployment with the new Fiori launchpad. We have used the split deployment for several years, and I carried on using it during the course of this upgrade. as we hadn't been advised otherwise.

denis_konovalov · ‎07-25-2022

Yes, Apache needs to route restful calls correctly.

Fiori is a different architecture, so the benefits of split should be re-evaluated.

former_member238350 · ‎07-25-2022

Duly noted on point 2. With regard to point 1, is there any documentation which covers this?

denis_konovalov · ‎07-25-2022

check KBA https://launchpad.support.sap.com/#/notes/2699221

former_member238350 · ‎07-25-2022

Many thanks - reading and following now.

former_member238350 · ‎07-26-2022

Thank you again Denis - that worked perfectly. Much appreciated.