1 Checklist
2 App and Tab Configuration 

    a.Create Tab
3 Application Connection 

    a. Confguration

        i. Report list example

    b. Link Examples 

        i. Report List

        ii. Report
        iii. Report Parameters
        iv.  SA=Account={!$Account.mdtEAppCore_Federated_Id_c} 

        v. Drill Down Link

4. Pages

5. Dashboards

6. Components

7. Adding a tab to SalesForce1 Mobile Menu

8. Authentication Methods

    a. Canvas

        i. On the SFDC side:

            1.. Create a Canvas app

                a. App Setup > Create > Apps > Connected Apps > New

                b. Basic Information needed

                c. API (Enable OAuth Settings)

                d. Canvas App Settings

            2. Configure Canvas App Security

                a. Edit Settings

                b. OAuth Policies

                c. Preview Canvas App

                d. Create a Package

                e. Configure package Developer Settings

                f. Create Report Launch App

                g. Create Reports Visualforce Page

                h. Create Reports Visualforce Tab 

                i. Create Admin Custom Objects and Tab 

        ii. On the LaunchWorks side:

            1.Dispatcher App

            2. Report Launch App

    b. Post Installation Configuration
        i. Manage Apps

        ii. Manage Users

        iii. Manage Settings

    c. SAML Connected App

        i..Setup a Domain

        ii. Salesforce as an Identity Provider

        iii. Connected App

            1. Create a new connected App

        iv. SAML Subject Type

        v. Report Launch (SAML) in Salesforce Create a Connected App for callreport using SAML Edit the ACS Url to embed.

        vi. Supported report_identifier values are ReportTitle= (for BO report name) and ID= (for BO Report ID).

        vii. Supported viewer values = html, pdf, or xls

    d. PING - SAML

    e. OAuth

        i. SFDC Setup Steps

            1. Create a connected app in SFDC

            2. Set up the oauth user settings

            3. Create a folder in SFDC for Reports

            4. Create an Oath web tab in SFDC

        ii. DMZ requirements for Report Launch - Networking

        iii. Firewall Port Openings

            1. DNS Entry/Entries

            2. Creation of external Point of Entry


SalesForce.com Deployment Guide

LaunchWorks' Report Launch easily integrates into your SalesForce.com environment with just a few steps. This document allows you to follow the steps for implementing report list and report part functionality.
Additional configuration such as end-to-end security integration, firewall configuration, data filtering, caching and administration training are part of the QuickLaunch Implementation during your software installation.

1. Checklist


Prerequisites to SalesForce.com Environment Setup:

  • Access to the LaunchWorks application via an SSL configured firewall


  • Privileges to create tabs, pages and dashboards in your salesforce.com or devforce.com account.


  • Network Access between the LaunchWorks server and the BusinessObjects Server (See Section 7)


  • Trusted Authentication Key from BOE GEnerated from CMC by "Administrator" account


  • Primary BusinessObjects Project Folder


  • Primary BusinessObjects Project Group


  • Security Scheme to match SalesForce User to BOE User (email, AD user, etc) (See Section 6)

2. App and Tab Configuration

The two top levels of the SalesForce.com application stack are the App and the Tab. In addition to creating custom screens, workflows, and data fields the App allows you to setup multiple sets of tabs for showing pages, dashboards and other content.

 2.a. Create Tab

Using the account drop down list, select the Setup link and open the App Setup panel. If you do not see the setup option or the App Setup panel, contact your system administrator to request the correct privileges.

Once the App Setup is visible click on the Tabs link and then click on New in the Web Tabs Section.



 
 


3. Application Connection


3.a. Configuration


Step 1


Step 2


Step 3

Fill teh Link URL with your desired link. Continue to the following sections to see the various links that can be placed in this field.









3.a.i. Setting up Report List


To view your report list in the tab, set your link in the following manner:


http://<launch_server>/launch/reports.jsp?AppName=launch&amp;SfdcSessionId={!API.Session_ID}&amp;Sf dcUrl={!API.Partner_Server_URL_220}


launch_server = Launch Tomcat URL including the port number



  • Click on the Preview Web Tab below the "Button or Link URL" field to test this link . A successful setup test will result in the following screen:
  • Depending on your security you will have the options to apply the tab to one or more profiles and apps in Step 4 and Step 5 of the  Tab addition process.



  • The final step is to save the tab under the Apps that the tab should be presented.


   

Notes: The URL does not contain any BOE username. Only the SF API session and API URL are passed to Launch Application.
Launch Application picks up the Federation ID in the user profile and uses that to login BOE security layer. For more information on setting this up and other methods view Section. 6.1.3.2

 


3.b. Link Examples



3.b.i. 

Report List


http://<launch_server>/launch/reports.jsp?AppName=launch&SfdcSessionId={!API.Session_ID}&SfdcUrl={!API.Partner_Server_URL_220}


Note: launch_server = Launch Tomcat URL including the port number


3.b.ii. 

Report
http://<launch_server>/launch/callreport.jsp?viewer=HTML&amp;AppName=launch&amp;&amp;ID=10530810&amp;refresh=Y&amp;SfdcSessionId={!API.Session_ID}&amp;SfdcUrl={!API.Partner_Server_URL_220}launch_server = Launch Tomcat URL include the port number


3.b.iii. 

Report (Tab Specific)


http://<launch_server>/launch/callreport.jsp?viewer=HTML&amp;AppName=launch&amp;ID=10530810&amp;refresh=Y&amp;tab=<tab_index>&amp;SfdcSessionId={!API.Session_ID}&amp;SfdcUrl={!API.Par tner_Server_URL_220}
launch_server – Launch Tomcat URL include the port number tab_index – report tab index starting from 1 (e.g. tab=2)


3.b.iv. 

Report Parameters


SA is the Launch URL Parameter for sending in the names/value pairs for prompts. E.g. SA=Account={!$Account.mdtEAppCore_Federated_Id_c}
Account is a Webi report parameter, the dynamically updated value out of salesforce.com is {!$Account.mdtEAppCore_Federated_Id_c} http://<launch_server>/launch/callreport.jsp?viewer=HTML&amp;AppName=launch&amp;ID=10485515&amp;refresh=Y&amp;SA=Account={!Account. mdtEAppCore__Accountl_Id__c\}&amp;SfdcSessionId=\{!$Api.Session_ID}&amp;SfdcUrl={!$Api.Partner_Serve r_URL_220}


3.b.v. 

Drill Down Link
To create a drill down report in a Webi, the following formula value needs to be inserted in Webi report.
="<a href=\"javascript:callreport('callreport.jsp?ReportTitle=<ReportTitle>&amp;Mode=Direct&amp;viewer=HTML&amp;SA=<Parameter key value pair>\">"[<Link Column>]+"</a>"


E.g.="<a href=\"javascript:callreport('callreport.jsp?ReportTitle=Purchasing Drill Down ­ Net
rchases&amp;Mode=Direct&amp;viewer=HTML&amp;SA=Enter Chain ID="URLEncode(""[Account Chain Id])"')\">"[Net Purchases]+"</a>"

4 Pages

To show report parts in dashboards and inserted into screens, connect the reports to show into SalesForce.com pages.


  1. In the App Setup panel click on the Pages link.
  2. Click on the New button below the alphabetic filter.



  1. Enter a Label for the page
  2. Enter a Name (Make sure to use underscores if you have spaces in the Label for the Page).
  3. Enter or paste the code below into the Visual Force Markup field.
  4. Click on the Save button.



Default Code


<apex:page>
<!-- Begin Default Content REMOVE THIS -->
<h1>Congratulations</h1>
This is your new Page
<!-- End Default Content REMOVE THIS -->
</apex:page>


Change to the following


<apex:page >
<!-- Launch Works Call to call a report tab content -->
<apex:iframe
src="http://<launch_server>/launch/callreport.jsp?viewer=HTML&amp;AppName=launch&amp;ID=10555602 &amp;refresh=Y&amp;SfdcSessionId={!$Api.Session_ID\}&amp;SfdcUrl=\{!$Api.Partner_Server_URL_220}" scrolling="true" id="theIframe"/>
</apex:page>


Parameters


E.g. Retrieve custom field called Federated id from my profile and pass the value as Account variable in Webi report.
 
SA=Account={!Account.mdtEAppCore_Federated_Id_c}
Full Code:
<apex:page standardController="Account" extensions="AccountBOLW">
<apex:form >
<apex:pageBlock title=" " mode="view">
<apex:pageBlockSection title=" " columns="1">
<iframe width="100%" height="400" src="http://<launch_server>/launch
/callreport.jsp?viewer=HTML&amp;AppName=launch&amp;ID=10485515&amp;refresh=Y&SA=Account={!Account.mdtEAppCore_Federated_Id_c}&SfdcSessionId={!$Api.Session_ID}&SfdcUrl={!$Api.Partner_Server_URL_220}">
//scrolling="no" frameborder="0"
</iframe>
</apex:pageBlockSection>
</apex:pageBlock>
</apex:form>
</apex:page>


5 Dashboards

To take the Page just created into a dashboard click on the New Dashboard button. If there are no dashboards created yet it will send you to the Reports and Dashboard screen.


  • Click on New Dashboard button.

  • Drag a Visual Force Component (vf) into a column on the right.

  • Click on the Data Sources tab.
  • Click on the Visualforce pages to show the pages created previously.
  • Drag a data source onto the Visualforce component in the dashboard.

  • Click on the Header to give the component a title.
  • Click on the footer to give the component a reference such as the data and/or source.
  • Add additional components from reports and data sources created within your organization to create a mash-up dashboard.
  • Click on  Save button.

  • Give it a Title and Dashboard Unique Name. 



6 Components

Multiple report parts can also be connected to multiple pages, screens and tabs using components . The process is the same as creating a page.
  


Default Code 
<apex:component>
<!-- Begin Default Content REMOVE THIS -->
<h1>Congratulations</h1>
This is your new Component
<!-- End Default Content REMOVE THIS -->
</apex:component>


Launch Code


<apex:page >
<!-- Launch Works Call to call a report tab content -->
<apex:iframe
src="http://<launch_server>/launch/callreport.jsp?viewer=HTML&amp;AppName=launch&amp;ID=10555602 &amp;refresh=Y&amp;SfdcSessionId={!$Api.Session_ID\}&amp;SfdcUrl=\{!$Api.Partner_Server_URL_220}" scrolling="true" id="theIframe"/>
</apex:page>



7 Adding a tab to SalesForce1 Mobile Menu

Updated Instructions here: 


https://help.salesforce.com/articleView?id=customize_sf1_visualforce.htm&language=en_US&type=0


To view your reports on a mobile device you need to do the following steps.


7.a Make your reports Mobile Ready



  • Log into the SalesForce.com application and navigate to the Create > Tabs menu just as you did in section 1.2.

  • From the Visualforce Tabs select the action of Edit of the Label you want to make visible on your mobile device.

  • Click in the Mobile Ready box

  • Next you must go to Administration Setup > Mobile Administration

  • Select the reports that you wish to have available on your mobile device and Add them to the Selected side, then Save.

To view on a mobile device you must have the SalesForce 1 app downloaded and installed.
  • Enter in your SalesForce.com username/password.
  • Click on the upper left corner to get a menu of reports.


Your menu will look similar to this
Content from each tab is accessible from the side bar in SalesForce1


 
 

8 Authentication Methods


8.a Canvas


You can use the SFDC Canvas when you want Report Launch to authenticated and access SFDC resources (e.g.
User's Federation ID to be used as Role Id / BOE User Id). This is using Report Launch as Salesforce's Connected App.


8.a.i. On the SFDC side:


8.a.i.1 Create a Canvas app


8.a.i.1.a App Setup > Create > Apps > Connected Apps > New


8.a.i.1.b Basic Information needed


Connected App Name: Report Launch Canvas
API Name: Report_Launch_Canvas
Contact Email: sales@launchworks.com 


8.a.i.1.c  API (Enable OAuth Settings)


Enable OAuth Settings: Checked
Callback URL: https://test.server.name.com:port/launch/salesforce/oauth/oauth_callback.jsp 
Selected OAuth Scopes
❏ Access and manage your data (api)
❏ Access your basic information (id, profile…)


8.a.i.1.d  Canvas App Settings


Force.com Canvas: Checked
Canvas App URL: https://test.server.name.com:port/launch/ 
Access Method: Signed Request (POST)
Locations: Selected All
* Ensure that user's Federation Id is configured *


8.a.i.2 Configure Canvas App Security


** This needs be done even after installing the app on a different org **


8.a.i.2.a Edit Settings 
Administration Setup > Manage Apps > Connected Apps > Edit Report Launch Canvas


8.a.i.2.b  OAuth Policies

Permitted Users: Admin approved users are pre­authorized Save
Administration Setup > Manage Users > Profiles > Edit System Administrator >Connected App Access > Report Launch Canvas: Checked


8.a.i.2.c  Preview Canvas App 
First, make sure that https://test.servername.com:port/launch/index.jsp is properly configured


8.a.i.2.d Create a Package


App Setup > Create > Packages > New
Package Name: [Package Name]


8.a.i.2.e Configure package Developer Settings


App Setup > Create > Packages > Developer Settings > Edit
Namespace Prefix: [Package Name]
Package to be managed: [Package Name]


8.a.i.2.f  Create Report Launch App

App Setup > Create > Apps > Apps > New
App Label: [App Label Name]
App Name: [App Name]
Only include [Home tab] and set the Default Landing Tab to Home accept defaults and save.
Visible to Standard Platform User, Standard Users and System Administrators


8.a.i.2.g  Create Reports Visualforce Page

App Setup > Develop > Pages > New
Label / Name: [Reports]
Source:
<apex:page >
<apex:canvasApp applicationName="Report_Launch_Canvas" namespacePrefix="ReportLaunch1" height="500px" width="1000px" border="0" scrolling="yes"/>
</apex:page>


8.a.i.2.h Create Reports Visualforce Tab

App Setup > Create > Tabs
Visualforce Tab
Visualforce Page: Reports [ReportLaunch1Reports]
Label / Name: [Reports] 
Only include this tab in Report Launch App


8.a.i.2.i  Create Admin Custom Objects and Tab 

App Setup > Create > Objects


Name: [Setting]
Plural Name: [Settings]
Fields:
Setting Name (auto­generated)
App URL (Type URL)
Data:
Setting Name : Demo App
App URL: https://test.servername.com:port/launch/entry.jsp 


8.a.ii On the LaunchWorks side:


8.a.ii.1. Dispatcher App


This app does the following:

  • Get the Signed Request object and gets the OAuth token
  • Using OAuth token, queries "Setting" custom object and gets the "App URL" field value
  • POST submit to App URL passing the Signed Request parameter


URL: https://test.servername.com:port/launch/index.jsp


8.a.ii.2.Report Launch App

This app does the following:

  • Get the Signed Request object and gets the OAuth token
  • Using OAuth token, retrieves FederationIdentifier for the logged in SFDC user
  • POST ajax to savevaluetosession.jsp with roleid key­value pair ●Redirects to report.jsp and renders the report list


URL: https://test.servername.com:port/launch/entry.jsp


8.b. Post Installation Configuration


8.b.i. Manage Apps


  • Administrator Setup > Manage Apps > Manage Connected Apps ­ 
  • Edit OAuth Policies
  • Permitted Users: Admin approved users are pre­authorized
  • Save




8.b.ii. Manage Users

  • Administration Setup > Manage Users > Profiles
  • System Administrator >Profile Edit
  • Connected App Access > Check [AppName]
  • Save



8.b.iii. Manage Settings





8.c. SAML Connected App


Security Assertion Markup Language is an XML­based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.


8.c.i. Setup a Domain


Administration Setup > Domain Management > My Domain

 reportlaunch1­dev­ed.my.salesforce.com

This process may take from 10 minutes to 24 hours



 

8.c.ii. Salesforce as an Identity Provider

Administration Setup > Security Controls > Identity Provider> click Enable Identity Provider


 


8.c.iii. Connected App


8.c.iii.1. Create a new connected App


  • App Setup > Create > Apps > Connected Apps > New
  • Service Providers are now created via Connected Apps. Click here.

  • SAML URL is in this format: https:/<app>/launch/callswf.jsp?AppName=launch&amp;{parameter= value}
  • Example: https:/demo.launchworks.com/launch/callswf.jsp?AppName=launch&amp;name=example.swf 






8.c.iv. SAML Subject Type 


  • Chose the Field that represents the user account
  • Click save


 
SAML Response will enclose different fields of user object based on Subject Type selected.

  • Username

user's usersname
e.g.

  • Federation ID. This id is the users business objects user name and must be unique.
  • User's Federation ID e.g.
  • User ID

User's User ID ­ Unique Identifier e.g.
005F0000002hvnG

  • Custom Attribute

A custom attribute can be any custom field added to the User object in the organization, as long as it is one of the following data types: Email, Text, URL, or Formula (with Text Return Type). After you select Custom Attribute for the Subject Type, Salesforce displays a Custom Attribute field with a list of the available User object custom fields in the organization.
Customize | Users
 
When you select Custom Attribute, you need to select a Custom Attribute field.

  • Persistent ID

Algorithmically calculated persistent ID. Not the same as Session ID e.g.
439a335d8434afc41078c63a797cc701799ec9adf3e8f1f6decdddd6176b6422


8.c.v. Grant permission for newly connected app


Administration Setup > Manage Users > Profiles
System Administrator >Profile Edit
Connected App Access > Check [AppName]


8.c.vi. Report Launch (SAML) in Salesforce

Click on newly created Connected App and click "Manage"
 
IdP­Initialed Login URL is what we are interested in.
Right mouse click and copy the URL
App Setup > Create > Tab
, create a New Web Tab
Full Page width
Label , name, Style, Description
Paste the IdP­Initiated Login URL into the Button or Link URL area 
e.g.  {+}https://reportlaunch1­dev­ed.my.salesforce.com/idp/login?app=0spC0000000XZCS+
Define which Roles see the tab
Click Next
Define which Apps i.e. Sales
Click Save
Under the Launch Application console make sure that the auth_mode attribute for your AppName=SAML (case in-sensitive)Callreport (SAML) in Salesforce


8.c.vii. Create a Connected App for callreport using SAML

Edit the ACS Url to embed. https://\{url}/{install_name}/callreport.jsp?{report_identifier}={report_value}&amp;AppName={app_na me}&amp;viewer={viewer}


8.c.vii.1. Supported report_identifier values are ReportTitle= (for BO report name) and ID= (for BO Report ID). 


8.c.vii.2. Supported viewer values = html, pdf, or xls


8.c.viii PING ­ SAML

To configure SAML with Ping as the Identity provider
The following Launchworks attribute settings must be configured on the Launchworks server before continuing. You should get these attribute values from your PING Administrator.


Attribute Name
Required
Example
auth_mode
Yes
PING
ping_acs_id
No
1
ping_server
Yes
https://test.server.name.com/idp/startSSO.ping?PartnerSpId=urn:ssoplugin



8.d OAuth


The following Launchworks attribute settings must be configured on the Launchworks server before continuing. You should get these attribute values from your SFDC Administrator and login to the Launchworks admin console to set for the AppName to be used in SFDC.


Attribute Name
Required
Examples
auth_mode
Yes
OAUTH
sfdc_callback_url
Yes
https://test.servername.com:port/launch/salesforce/oauth_callback.jsp
sfdc_consumer_key
Yes
3MVG9zeKbAVObYjPRRmRw_kJs8MKGow0QI_9cYwa4v.np9168S0
Dm0qey3Qzi2MKrugeKN.GBl9WiYdkY5qxx
sfdc_consumer_secret
yes
4662292310041195743
sfdc_login_url
Yes
https://login.salesforce.com
sfdc_root_folder
Yes
LW SFDC Reports



8.d.i SFDC Setup Steps


8.d.i.1 create a connected app in SFDC


From the initial Create Connected App page:

  1. Define Callback URL:  {+}https://test.servername.com:port/launch/salesforce/oauth_callback.jsp+

a. HTTPS is required for the Callback URL. Please confirm this is setup/configured

  1. Define Selected OAuth Scope: Full Access (full)
  2. Save App : Note: Can take 2­10 minutes for application creation to complete.



8.d.i.2. Set up the oauth user settings


From Connected App Home Screen:
 
Select Manage, then select Edit

Set OAuth Policies Dropdown box for Permitted Users to "Admin approved users are pre­authorized"
 


For profiles requiring access (e.g. System Administrators, Standard Users …), allow connected app access.


Setup | Administration Setup | Manager Users | Profiles | Edit


 



8.d.i.3. Create a folder in SFDC for Reports

  1. Click on the Reports tab in SFDC
  2. Click on the New Icon to the right of the Search bar above the report folders


  1. Give the folder a name
  2. move any unfiled reports into the folder



8.d.i.4. Create an Oath web tab in SFDC


See section App and Tab Configuration e.g. https://test.servername.com:port/launch/reports.jsp?AppName=launch 


8.d.ii. DMZ requirements for Report Launch - Networking 


For some Enterprise Architecture Setups, the requirement of the LaunchWorks web servers to be hosted in the DMZ will be a requirement.
LaunchWorks can be setup using this architecture environment, assuming that the following networking and firewall rules are setup and in place.


8.d.iii. Firewall Port Openings 


To properly setup/run a Report Launchportal in the DMZ, at a minimum, the following ports will need to be opened for access to major systems and servers. The list below should be considered a guideline, as unique environmental requirements may require more ports to be opened.
SQL Server(s) for backend LaunchDB: Port 1433
SQL Server(s) for application DB (Grouping/User Profile DB's): Port 1433
Business Objects CMC Connection: Port 6400
Business Objects Webi Servers: Port(s) 5000-5005 Business Objects Return Communication: Port 4088 winAD Authentication: Port 88

8.d.iii.1. DNS Entry/Entries 


For each ReprotLaunch web server that will be used in the portal, an external DNS will need to be created and pointed to each server. This will serve as the external facing URL that external users will access. A record will need to be created for each server, and is usually assigned at the IP address level. The below information will generally need to be provided to the network team for a DNS creation request.


DNS
Report Launch Server
IP
Portal.yourcompany.com
123-reprotlaunch-x-001.dmz.y ourcompany.com
e.g. 12.123.12.12
Portal.yourcompany.com
123-reprotlaunch-x-002.dmz.y ourcompany.com
e.g. 24.246.24.24



8.d.iii.2. Creation of external Point of Entry 


Along with the creation of the DNS, a separate ticket is usually required to handle the point of entry access for external. Many options need to be taken into consideration in terms of setting up a point of entry, including but not limited to the list below. These should be discussed during the discovery portion of the requirements phase, and should include the Enterprise Architecture, Networking, and Server teams.


Load Balancing Decision: Single server vs. Load Balanced Servers
Session Persistence: None/Source IP/Cookie/Other
IP's to allow: Certain set of IP's to allow access or allow access to all external reqeusts
Protocol Type: TCP/UDP/other
Will an HTTP to HTTPS rediterct be required: Y/N
Will the portal requrie a maintainence page: Y/N
Will the portal offer Fail-over recovery: Y/N