Hi,
We have a Java web application that calls some Reporting Server reports via URL access. However, each time a user accesses a report the first time in the browser session, they are prompted for user id and password by Reporting Services. This is annoying, as thy already have logged into the application. Is there any way we could configure/implement the setup so that we somehow evaluate the Java session cookie and tell Reporting Services the user is authenticated without prompting?
As this is the Reporting Services forum, I would mainly be interested on the Reporting Services side, but not mind getting a hint how to determine if a Java session cookie refers to a valid Tomcat session or not.
We have IIS already set up as a proxy for the Java application server and Reporting Services, which handles SSL connections with the client browser and passes the request on - depending on the requested URL - either to the Java application server or the Reporting Services server via Application Request Routing (depending on the URL). Hence if there is a way to do this in IIS, this would be ok. I saw that there is a possibility to implement a custom security extension. But as I understand, this would not resolve the issue, as then an authentication form would still be shown to the user.
We are using Reporting Services 2008R2 SP3 if that matters. The server uses its own users, which are local Windows users of the server, and not technically connected to the domain user names of the users accessing the system in any way.
TIA for any suggestion
Frank