Having SSRS 2008R2SP1 CU5 installed and validated at baseline, I began engineering a Authentication Extension to "passthru" SMSESSION cookies from SiteMinder.
Understanding that SSRS now operates under HTTP.SYS which doesn't play nice with the SiteMinder WebAgent, what is the best way to validate a current SMSESSION and obtain the SM_USER from the parent portal running on IIS? Since these are two different platforms
how should this be solved?
1. User clicks SSRS link (bookmark or other site).
2. SMSESSION Cookie not found--user presented with Unauthorized--must log into portal.
3. With valid session, user clicks on link...
Q. What should the Extension do to take the SMSESSION [On the SAME domain] and SMUSER to the SSRS session?
Hopefully, this makes sense--any tips/clues would be extremely helpful!
In Reporting Services, the primary way to authenticate against a report server in Reporting Services is the
LogonUser method which is used to pass user credentials to a report server for validation. Here are the authentication flow:
A client application calls the Web service LogonUser method to authenticate a user.
The Web service makes a call to the LogonUser method of your security extension, specifically, the class that implements IAuthenticationExtension.
Your implementation of LogonUser validates the user name and password in the user store or security authority.
Upon successful authentication, the Web service creates a cookie and manages it for the session.
The Web service returns the authentication ticket to the calling application on the HTTP header.
Thanks Mike for your quick reply! It is appreciated.
Understood on LogonUser--however, my custom authorization is very much so... ;-) My users will only be using a Smart Card certificate--no username/password. So, I assume that I will be sending in "approved" "dummy" credentials for the LogonUser
method. My dilema is how to pass in the SMSESSION cookie "authorization token" received after the user's SmartCard credentials are verified... Just not sure how to package that to be passed around for the followon reporting requests
during the session. I've seen some blogs where this is being done, but I've not been successful thus far.