Introduction
CXO cockpit support SSO mode for Essbase connections but it works for single Essbase server only. In case of multiple essbase servers used in one application, SSO is possible to only the first essbase server. It should be possible to connect to other Essbase servers using the username of the currently logged on user without requirement to know the password of the currently logged on user.
In this scenario Essbase Server 1 is used for authentication and can also be used for SSO but Essbase server 2 is not used for authentication so the SSO mode is not possible. In this case, Impersonation mode can be used.There are 2 ways to apply Essbase security in the CXO-Cockpit:
- Essbase Authentication plugin with SSO mode enabled
- Use User Impersonation
Essbase Authentication plugin with SSO mode enabled
In this scenario, the username and password the end user enters to login to CXO are used to connect to Essbase server. The limitations of this scenario are:
- Impossible to use any other authentication adapter (SAML, Windows etc)
- Impossible to connect to more than one Essbase Server
- Impossible to use CXO API to generate or export reports
Read more about Essbase Authentication Plugin.
User Impersonation
The user impersonation scenario can be used to overcome the limitations of the Essbase Authentication plugin scenario.
In this case, the connection to Essabase servers is made using the username and password configured in CXO Cockpit on behalf of the the end user logged in to CXO. In this case the Essbase API function "LoginAs" is used to open the connection.
To turn on Essbase impersonation:
- Start the Source system manager
- Select the Essbase source sytem
- Click Connector Properties
- Under SSO Login, check Impersonate User
