Since R12, the Identity Manager and the report Server communicate over a non-secure HTTP protocol. There are requests received from the customers to support the reports viewing over a secure HTTP Channel (HTTPS)
- The IM Server Communicates with the Report Server over HTTP. The logon to the CABI Services is using the Business Objects Enterprise (BOE) SDK.
- The IM Server gets a logon token (to the Report Server) using createWCAToken() (Creates a logon token that can be used for multiple logons without increasing the session count.) . This token is then used to view the reports as URL’s(HTTP) using the Open Document Format. The Protocol (HTTP) is hardcoded in the code for viewing the reports.
- The Business Object services within CABI can communicate over SSL or without SSL.
- The Connection to database is over Non-Secure channel (IM to Snapshot DB and Report server to Snapshot DB)
[img]ALERT! SSL NOT maintained between IdM and BOXI Reports_Diag.bmp
Even in a Secure Identity Manager Environment, this communication to the Report Server is over HTTP (Non-Secure).
After reviewing the customer requests and discussing with support, we have concluded that the request is to make the IM to report server communication for viewing Reports Secure. (When we view a report, the SSL should be preserved on the browser throughout the delivery of the report so that no IE warnings show up indicating that we are viewing a non-secure frame within a secured IdM session.).
[img]ALERT! SSL NOT maintained between IdM and BOXI Reports_Diag2.bmp
This is currently being enhanced and will be release in a future version of IdM.
Please post with any questions or concerns.
Thank you.
Regards,
Chris Thomas
CA Technologies
Principal Support Engineer
Identity Manager Reporting Expert
Tel: +1-631-342-4360
Chris.Thomas@ca.com