Understanding Techniques and Considerations For Embedding Business Intelligence

An important developer consideration for an embedded BI application is how to implement single sign-on (SSO) between the embedded application and WebFOCUS so that the user is not required to provide credentials on multiple occasions. There are several options to consider, including:

• Windows Authentication
• SAML 2.0
• Web SSO Products
• Custom Solutions

In this content and accompanying embedded BI demo application, you will learn how the Trusted Ticket Authentication feature in WebFOCUS can be used to implement SSO.

As shown in the following diagram, the embedded BI demo application authenticates the user (1) with a simple method, as described in Registering User Names and then makes a trusted ticket request (2) to WebFOCUS. This is typically referred to as a back channel request because the connection is established directly between the server hosting the embedded application and the server hosting WebFOCUS, and is therefore not seen by the network where the web browser of the user is running.

WebFOCUS verifies that the trusted ticket request originates from a trusted host and returns a trusted authentication ticket. The application then presents this ticket in a trusted sign-on request (3), originating from the web browser of the user, in order to obtain a WebFOCUS session cookie. Moving forward from this point, the embedded BI demo application can request content from WebFOCUS using URL requests or the WebFOCUS RESTful Web Services API.

If the embedded application will be making POST requests that create or update WebFOCUS resources, then a Cross-Site Request Forgery (CSRF) token must be obtained from WebFOCUS and submitted with these requests. The trusted sign-on request can include an option to obtain a CSRF token. The embedded BI demo application receives a CSRF token, but does not use it.

Another important consideration is the deployment topology, which relates to where the embedded application and WebFOCUS reside. Often times both are deployed on or behind a single web host. This includes when both are deployed on the same application server (as depicted by Case 1 in the following diagram) and when they are deployed on different servers, but accessed from a single web server or load balancer (Case 2). In addition, a proxy method can also be used (as depicted by Case 3 in the following diagram), where the browser communicates to a proxy, which acts as an intermediary to WebFOCUS.

These are referred to as same origin scenarios.

At times it may be necessary for the user to access the embedded application and WebFOCUS from different web hosts as depicted by Case 4 in this diagram. This is referred to as a cross-origin scenario. Due to security controls built into modern web browsers, you will need to configure the WebFOCUS iframe embedding and Cross-Origin Request Sharing (CORS) features before the embedded BI demo application can be used in a cross-origin scenario. For more information on configuring and using cross-origin settings in WebFOCUS, see the WebFOCUS Security and Administration content.

Other considerations for embedded BI include branding/rebranding and responsive web design. The embedded BI demo application shows how you can restyle WebFOCUS content and BI Portal pages so that they blend in visually with the host application in order to provide an improved user experience. The sample BI Portals that are included with the demo have responsive page layouts, which require the hosting iframe height to be dynamically adjusted as required by the portal page. This can be accomplished by setting the Broadcast height for embedding option in the BI Portals and adding an event listener to the embedded BI demo. For more information on these settings and options, see Additional Considerations for Embedded Business Intelligence.

As you can see, WebFOCUS provides robust support for embedded BI. This enables customers to extend commercial and custom web applications with the extensive business intelligence and analytics capabilities available in WebFOCUS with minimal effort and with an exceptional user experience.