There have been a significant change in how the shared secret is generated from version XI 3.1 to BI 4.0. In XI 3.1 the shared secret value was configured manually and the same key has to be entered in the TrustedPrincipal.conf file. However in BI 4.0/4.1, the shared secret key is generated internally and then the same is is passed in the TrustedPrincipal.conf file when you click Download Shared Secret.

Let me first bring out the diference between setting Trusted Authentication for XI 3.1 and BI 4.0 first.

To configure the server to use Trusted Authentication in XI 3.1

1. Log on to the Central Management Console with administrative rights.
2. Go to the Authentication management area of the CMC.
3. Click the Enterprise tab.
4. Enable Trusted Authentication.
5. Create a shared secret for your users
6. Create a file with name TrustedPrincipal.conf with the same shared secrect value set in the avoove step and place it at the following location
<BusinessObjects Installation Directory>/Business Objects/BusinessObjects Enterprise XI 12.0/win32_x86

So, in XI 3.1 we have the option to set our own shared secret.

Now Lets understand the work flow of BI 4.0
To configure the server to use Trusted Authentication in BI 4.0

1. Log on to the CMC with administrative rights.
2. Go to the Authentication management area.
3. Click the Enterprise option.
4. The "Enterprise" dialog-box opens.
5. Scroll down until you see "Trusted Authentication".
a. Click Trusted Authentication is enabled.
b. Click New Shared Secret.
The following message is displayed:
Shared secret key is generated and ready for download
c. Click Download Shared Secret.
Note: The shared secret is used by the web server and the CMS to establish trust.
The "File Download" dialog opens.
d. Click "Save" and point to following directory to save the TrustedPrincipal.conf file:
<INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\win32_x86

In BI 4.0, the shared secrect is created internally and you do not have an option to manually enter a custom shared secret.

Lets suppose, you need to have a custom shared secret value which should be configured in CMC and the TrustedPrincipal.conf file in BI 4.0. How to do it?
It can be done using BusinessObjects Enterpripse Platform Java SDKs.

Here are the steps how to do it.
1. Run the sample below and set the value of the custom shared secret you would need.
2. Go to CMC/Authentication/Enterprise and download the shared secret.
Note: If you again click on New Shared Secret then it will override the custom shared secret created through the sample.
3. Click "Save" and point to following directory to save the TrustedPrincipal.conf file:
<INSTALLDIR>\SAP BusinessObjects Enterprise XI 4.0\win32_x86

Below is the sample to set the custom shared secret value.

For more scripts and information on how to run these scripts refer to the blog avaiable here:

shawn.penner/blog/2013/06/04/scripts-and-samples

Below is the Java Server Pages (JSP) sample

Notes:

•You would need to change the userName, password, cmsName and the shared secret to the values specific to your enterprise server in the provided sample code.

• The sample code is tested with BI 4.0 version of SAP BusinessObjects Platform