emilly

i am using SSO to login to jasper server from my web application. As of now i am using token based authentication where i am passing token from my webapp to jasper server which jasper server validates and let the user log in. But i want to move to WSO2 SAML authentication for SSO (as my all other apps are already using this) for SSO. Is there a way where i can integrate Japser server with WSO2 SAML authentication? Any sample code or hint in this direction will really be helpful. My understanding to proceed As per my understanding basically i dont have to pass token from my main web app instead needs to do some configuration at jasper side where it contacts the WSO2 server to get the token and rest works in same fashion. I think it should be feasable as Jasper server is based on spring security. But i am not getting what is the starting point and is it really feasable?

hozawa Thanks. I know that technically we can change logo and theme of default jasper server. But my question is it legal to do it in both community or professional version?

I am planning to use Jasper server. But its not decided whether i will go with community or proffesional version. See www.jaspersoft.com/editions I have few question about AGPL license(for JS community edition) and Commercial license(for JS professional version) As of now most of the requirements are fullfilled with community edition except that i want to change theme and logo of default jasper community edition. But i am not sure whether i am allowed to do this in which version(community or commercial or both ) if required as i am layman in this field ? For information :- My product is similar to e retailing product where users can purchase product online

No it does not work. I get the error message in pom " Missing artifact com.jaspersoft.jasperserver:jasperserver-api-common:jar:6.0.1 - ArtifactTransferException: Could not transfer artifact com.jaspersoft.jasperserver:jasperserver-api- common:jar:6.0.1 from/to Jasper-Repository (http://mvnrepo.jaspersoft.com:8081/artifactory/repo): mvnrepo.jaspersoft.com"

Hey nthapa do you have any idea about https://community.jaspersoft.com/questions/847381/jasper-server-maven-repository-url ?

I am trying to get below dependency from jasper server. <dependency> <groupId>com.jaspersoft.jasperserver</groupId> <artifactId>jasperserver-api</artifactId> <version>6.0.1</version> </dependency>[/code] But when i try to open jar its says. I am not sure why corrupt jar is provided by jasper repository. Is jasper maven repository correct? "The archive is either in unknown format or damaged"[/code] Here is my POM <project ...> <modelVersion>4.0.0</modelVersion> .... <name>jasperProject</name> <url>http://anonsvn:anonsvn@jasperforge.org/svn/repos/maven2</url> <dependencies> <dependency> <groupId>com.jaspersoft.jasperserver</groupId> <artifactId>jasperserver-api</artifactId> <version>6.0.1</version> </dependency> </dependencies></project>[/code]

I have a report(with parameter named as param1) with input control(named as param1). When i run the report , i am taken to input control screen to enter param1 and then report results are displayed What i am looking for is pass the input control parameter with url and report result is displayed I tried this with below url with adding input control parameters in url but it takes me to input control screen filled with value passed in url(test in this case).Is there a way i can directly navigate to report result screen(bypassing the input controls screen)? http://localhost:8080/jasperserver/flow.html?_flowId=viewReportFlow&standAlone=true&_flowId=viewReportFlow&ParentFolderUri=%2Freports%2FMyReports&reportUnit=%2Freports%2FMyReports%2FUserReport2&param1=test[/code]

I am planning to integrate jasper server with my web application as Single Sign on. I went through Jasper Authentication cookbook and jasper suggest two solutions 1) Token based authentication 2)External DB authentication I believe Token Based authentication is better here provided it is properly encrypted which makes it secured as user has already been verified once. But looking for expert advice?

Yes samples/externalAuth-sample-config/sample-applicaitonContext-externalAuth-db.xml f files are there under community edition. So it means community edition provides external DB authentication. One quick question :- I have already authenticated the user in my web application. Now when user is navigated to jasper server as part of SSO from my webapplication, which mechanism out of Token based authentication or External DB authentication is better? I believe Token Based authentication as user has already been verified once. But looking for your expert advice?

You said "JRS does not do any authentication, it just takes the token as-is". I think you meant JRS does not do any authentication with any external system. But yes it does the authentication in way i.e if format of token received does not match with token format configured at jasper side, it does not authenticate the user. So its also a way of authentication.Right?

Yes i am also thinking the same that encryption using shared key would be safe bet. But i did not get where timestamp will help. Do you mean encryption using timestamp. If yes, how jasper server will get the same timestamp to decrypt the token.

Thanks . I already got the authentication cook book. I believe token based authentication is the way

I am planning to integrate jasper server with my web application as Single Sign on. I went throug Jasper Authentication cookbook(http://community.jaspersoft.com/system/files/restricted-docs/jasperreportsserver-auth-cookbook_2.pdf) and jasper suggest Token based authentication as one of the solution (as authentication is already done by my web application) What Jasper suggests is this you pass the token in specific format to jasper server (as defined below under tokenFormatMapping), jasper will authenticate the request. So valid tokens can be u=user|r=role1|o=org1|pa1=PA11|pa2=PA21|exp=2001404150601 [/code]Invalid token can be u1=user|r=role1|o=org1|pa1=PA11|pa2=PA21|exp=2001404150601r=role1|u=user|o=org1|pa1=PA11|pa2=PA21|exp=2001404150601[/code] <beanclass="com.jaspersoft.jasperserver.api.security.externalAuth.wrappers.spring.preauth.JSPreAuthenticatedAuthenticationProvider">.................... <property name="tokenPairSeparator" value="|" /> <property name="tokenFormatMapping"> <map> <entry key="username" value="u" /> <entry key="roles" value="r" /> <entry key="orgId" value="o" /> <entry key="expireTime" value="exp" /> <entry key="profile.attribs"> <map> <entry key="profileAttrib1" value="pa1" /> <entry key="profileAttrib2" value="pa2" /> </map> </entry> </map> </property> <property name="tokenExpireTimestampFormat" value="yyyyMMddHHmmssZ" /> </bean> </property></bean>[/code] My question is this really a secured process because as soon hacker knows the pattern under tokenFormatMapping, he can simply login to jasper server . Is not it? To me looks like security can be compromised here. Am i m issing something here? Also cookbook says that I did not get what does it mean actually. Can't user login to jasper server if token is in correct format?

I have my web application(has credentials stored in say webAppDB) where i am planning to integrate Jasper server as Single Sign on(SSO). I am going through Jasper Authentication cookbook(http://community.jaspersoft.com/system/files/restricted-docs/jasperreportsserver-auth-cookbook_2.pdf) where it provides the External Database authentication. Is External Database authentication valid for Jasper server community Edition or professional edition

I am new to jasper. I have my web application(has credentials stored in say webAppDB) where i am planning to integrate Jasper server as Single Sign on(SSO). I am going through Jasper Authentication cookbook..(http://community.jaspersoft.com/system/files/restricted-docs/jasperreportsserver-auth-cookbook_2.pdf) and found Token Based authentication can be a good option. I have few doubts on this. Here are they :- A) I will be passing the user name and role as part of request to to jasper server(JS) where it will validate the credentials. My question is from which source JS will validate the credentials. (I mean as credentials are stored in webAppDB , how jasper server will them)? B) As per my understanding i need to create internal role along with predefined permissions at jasper server side where administrator will map the roles coming from webApp with internal roles. Now when resquest is coming from webapp, jasper will get permissions thru External role >Internal Role > permission. If valid permission is found, access will be given. Is that correct?