Logon

You access the Dashboard, Studio, Explorer, and ADMIN tabs from the main logon page.

Note Only users with the required permissions can view specific tabs.

When you have completed your session, it is recommended that you log out to prevent unauthorized entry.

You access the IT Business Analytics application using a supported web browser, from any computer with a network connection (intranet or Internet) to the servers. It is recommended to restore your browser settings to default.

The level of access granted to a user depends on the user’s permissions. For details, see Users and Roles - User Management.

You can initially access the ADMIN tab through the IT Business Analytics logon page, using your administrator user name and password, created during installation.

ClosedAccess the logon page

To access the logon page, enter:

  • https://<Fully Qualified Domain Name>:<port>/ba. For details, see Apache Web Server.

The ADMIN tab is configured by default with Lightweight Single Sign-On (LW-SSO). LW-SSO enables you to log on and automatically have access to LW HP applications, without needing to log on to those applications. For details, see LW-SSO .

ClosedChange the default session timeout of the automatic Log out

Business Analytics automatically performs a security log out of the ITBA session. When the application is idle for a set amount of time the session times out, an automatic log out occurs, and the logon screen is displayed within the ITBA application. The timeout is set by default to 30 minutes.

Note The automatic log out works in conjunction with the ITBA ping interval, configured in Settings - Website. You must select the Enable Keepalive Session check box to enable the automatic session timeout. An automatic log out occurs only after the session timeout has been attained and only on a ping request. If the ping mechanism has been turned off, then no automatic log out occurs. If a user-initiated request comes in between the time of the timeout and the ping, then the session idle time will be reset and the timer will start over again.

Limitation: The session-timeout value cannot be larger than the default expirationPeriod value that is set at 60 minutes .

To configure a session-timeout value to more than 60 minutes, proceed as follows:

  1. Configure the session-timeout value. Go to:

    $HPBA_Home/glassfish/glassfish/domains/BTOA/applications/fndwar/WEB-INF/web.xml, and replace 30 below with the new session-timeout value:

    <session-config>
      <session-timeout>
        30
      </session-timeout>
    </session-config>
  2. Go to the $HPBA_Home/glassfish/glassfish/domains/BTOA/config/settings/sso/lwssofmconf.xmlxs_ file and replace 120 in the string below with the new value:

    <lwssoCreationRef id="ID000002" useHTTPOnly="true" secureHTTPCookie="true">             
             <lwssoValidationRef refid="ID000001"/>           
             <expirationPeriod>120</expirationPeriod>     
    </lwssoCreationRef>
    
  3. Restart ITBA.
  4. Open the ITBA portal and let it sit idle. It will log out after 1 hour instead of the default 2 hours.

If you want to configure the interval to less than 1 hour, you only need to:

  1. Set the session timeout in the web.xml. Go to:
  2. $HPBA_Home/glassfish/glassfish/domains/BTOA/applications/fndwar/WEB-INF/web.xml, and replace 30 below with the new session-timeout value:

    <session-config>
      <session-timeout>
        30
      </session-timeout>
    </session-config>
  3. Restart ITBA,
  4. Open the ITBA portal and let it is idle. It will log out after less than 1 hour.

ClosedConfigure the default lockout on log on

ITBA logon allows you, by default, 5 consecutive logon attempts before a 15 minute lockout. You can configure the lockout parameters using the following properties file.

To configure the lockout parameters:

  1. Access the following file: $HPBA_Home/glassfish/glassfish/domains/BTOA/config/conf/bsf.properties.
  2. Search for the following parameters: 

    • accountLockoutMaxAttempts=5
    • accountLockoutLockoutPeriod=15
  3. Change the default logon attempts and lockout period. 0 means that there is no lockout time configured.
  4. Save and restart the Glassfish service.

ClosedAccess the logon page and all tabs

  1. In a web browser, enter the https://<Fully Qualified Domain Name>:<port>/ba URL.

  2. Enter the username and password, and click Log On. After a successful logon, the user name appears at the top right of the application page.

  3. Click the ADMIN tab to navigate the admin pages. Only users with the required permissions can view the ADMIN tab.

Note To log on for the first time, use your administrator password created during installation.

ClosedUser Authentication

User authentication depends on your configuration. For details, see Users and authentication when working with SAP BusinessObjects and LDAP or without.

ClosedUser Passwords

Passwords can be changed in the User Details pane of the User Management page. Click Edit Details to change a user's password. For details, see Users and Roles - User Management.

Note Depending on your configuration (working with or without SAP BusinessObjects and with or without LDAP), the handling of the password can be different. For details, see Users and authentication when working with SAP BusinessObjects and LDAP or without.

A password must contain the following:

  • At least 6 characters.

  • Characters in upper and lower case or numbers.

  • Must be different from username.

    For example: the user name "Jhon" cannot have a "Jhon11" or "11Jhon" password.

Note  

  • Logon parameters are case-sensitive.
  • If a password does not follow the correct conventions then the user is still created in SAP BusinessObjects Enterprise, however the password is not valid and must be changed.

ClosedWorking with Secure Sockets Layer (SSL) in a Production Environment

You need to use https protocol to access the ITBA application.

https. When you use the https format:

  • IE and Chrome.

    1. When you use the https format to access the ITBA application, the security certificate issue is displayed. Click the security certificate. In the Certificate dialog box that opens, click the View Certificate link. In the wizard that opens, select the Place all certificates in the following store, select the Trusted Root Certification Authorities location, and click OK. Continue running the wizard. This warning message is not displayed again. The Data Warehouse application opens in SSL mode. After performing the logon operation, you can add the Business Analytics certificate in the successfully launched ITBA application page, not in the application page itself. When the Java security warning contains the correct publisher (Hewlett-Packard Company) you should accept the Java security warning by marking the Always trust content from this publisher check box in order for this popup not to be displayed again.
  • Firefox. 

    When you use the https format to access directly the ITBA application, and you work with Firefox, you must perform the following procedure:

    1. Open the server using https. The following screen opens:

    2. Click I Understand the Risks. The following page opens:

    3. Click Add Exception. The following screen opens:

    4. Click Confirm Security Exception.

Note When you use the https format and you want to access SAP BusinessObjects Enterprise reports, the reports are displayed using the http format.

ClosedShared Secret Key

ITBA functionality requires a connection to SAP BusinessObjects Enterprise through a trusted authentication. In order to configure the trusted authentication policy you must define the shared secret key.

Note To change the shared secret key you must change the key in SAP BusinessObjects Enterprise, run the Maintenance Tool to update the BOE linkage and enter the absolute path of the new shared secret key including the file name. For details, see ..

ClosedLog out

You can log out by clicking Logout (in the top right corner of the application). The session closes. To log on again, you must provide the user and password.