Using Restful SDK “logon/adsso” in cluster architecture causes CORS issues

We are developing a « custom extension » in Design Studio that uses “Restful Web Service” calls to retrieve WebI document data.  To test, we save the Design Studio application on the BI LaunchPad and execute it from IE.

One of the steps of the “custom extension” is to authenticate via Restful calls with the BI Platform before running any other Restful calls to retrieve document data.

Our first test was the use the http://<baseURL>/logon/longcall to retrieve the token (this is successful).

Ref: 4.3.1 To get a logon token from a user name and password from sbo41_bip_rest_ws_en.pdf

Then we replaced it with http://<baseURL>/logon/adsso call to leverage the AD SSO with IE (this is successful).

Ref: 4.3.3 To get a logon token using an Active Directory Single Sign-On (AD SSO) account from sbo41_bip_rest_ws_en.pdf

We have successfully tested everything on the Sandbox which is a single server deployment.  The system baseURL is the same as the Restful baseURL.

We migrate everything to a DEV environment which is a clustered environment.  So we have 2 servers. https://vmboserver1:8443/BOE/BI and https://vmboserver2:8443/BOE/BI

We will have load balancers associated later.  Ex:  https://vmboserver:8443/BOE/BI and https://resfulboserver:6443/biprws

Currently, we are waiting for the load balancers, but we would still like to test doing the following.

When we call https://vmboserver1:6443/biprws/logon/adssofrom https://vmboserver1:8443/BOE/BI, it is successful.

When we call https://vmboserver2:6443/biprws/logon/adssofrom https://vmboserver1:8443/BOE/BI, we get CORS and access denied error message.  The application is launched from vmboserver2 server but calls the restful on vmboserver1 server.

We have applied following steps but still error occurs and calling Restful services to a different server.

• http://scn.sap.com/docs/DOC-61118

1. setRequestHeader('X-Requested-With', 'XMLHttpRequest'); 
   • http://scn.sap.com/docs/DOC-61231
1. setRequestHeader('X-PINGARUNER', 'pingpong'); 

We have also applied following instructions from sbo41_bip_rest_ws_en.pdf:

Ref: 5.11 To configure cross-origin resource sharing (CORS)

And

Ref: 3.2 Using Ajax and JavaScript with RESTful web services across domains

We have also applied following instructions from sbo41sp3_bip_admin_en.pdf:

Ref: 12.1.8.2.1 To configure Methods and Headers command line parameters

And

Ref: 12.1.8.2.3.1 To configure cross-origin resource sharing (CORS)

And

Ref: 12.1.8.2.4.1 To configure web.xml to enable WinAD SSO

We cannot seem to remove this CORS error from the architecture.  Please any suggestions?

Thanks,

Windows Server

BI 4.1 SP3