Single Signon using Trusted Authentication - version 3.0

Similar Messages

• Invalid Login Using Trusted Authentication

  My productive database server always report "Invalid Login Using Trusted Authentication" in udump. Could you tell me what is mean? would it influent oracle running?

  Can we test a single connection using SQL authentication and If still persist, you have to double check that credential
  if it is still trying to connect SQ Server and identify if it is hitting the
  same DB on the same server or other DBs  since I do think this errors is related to other DBs
  Kindly work out  it and please let know me your feedback                                               
  Shehap (DB Consultant/DB Architect) Think More deeply of DB Stress Stabilities

• SSO in Clustered Environment using Trusted Authentication

  Hi All,
  We have setup a clustered BOE 3.1. Our setup is clustered CMS's and remaining servers clustered on 2 separate machines. A cluster of 2 Weblogic managed servers as the web tier. We are using Novel Access Manger to load the balance between to Weblogic managed servers.
  Now how to setup Single Sign-on in this environment. Can we simply do the trusted authentication. For this do we just have to enable the trusted authentication and give the shared secret in CMS1. And change the web.xml at <DeployedLocation>\Business Objects\BusinessObjects Enterprise 12.0\warfiles\WebApps\InfoViewApp\WEB-INF at CMS1.
  Please advice.
  Thanks,
  Rakesh

  Trusted auth will not work without a shared secret. You specify it once in the CMC > authentication, Enterprise and on each web/app in a TrustedPrincipal.conf file. This is only half the battle as you have to select the method you are supplying the username and then provide the username via 3rd party (these steps are not documented except for remote_user and query_string)
  Regards,
  Tim

• Open document SSO using trusted authentication.

  Hi ,
  I have a issue,
  We configured trusted authentication with SSO and it is working fine.
  Now we want to configure open document SSO for trusted authentication.
  We are using Remote _ user method for trusted authentication.
  Any one please help me on this.
  Thanks for your help advance.
  Thanks & Regards,
  Collin.

  The same settings in the infoviewapp web.xml must be applied on the opendocument web.xml. Also you must be on XI 3.1 FP1 or higher. There is currently an Edge issue being investigated.
  Regards,
  Tim

• LDAP Trusted Authentication XI 3.1

  Does anyone have updated documents for XI 3.1 to use Trusted Authentication with LDAP.  We are looking into the Configuring Trusted Authentication using the IIS/Tomcat Bridge, but the document is designed for XIR2.  On page 6 it says the Trusted Authentication will work with any authentication method but while trying to configure it with LDAP I am getting the error: LDAP Authentication has not been configured to use single sign on. Please contact your system administrator. (FWM 00008)
  Thanks for the help.

  Does anyone have updated documents for XI 3.1 to use Trusted Authentication with LDAP.  We are looking into the Configuring Trusted Authentication using the IIS/Tomcat Bridge, but the document is designed for XIR2.  On page 6 it says the Trusted Authentication will work with any authentication method but while trying to configure it with LDAP I am getting the error: LDAP Authentication has not been configured to use single sign on. Please contact your system administrator. (FWM 00008)
  Thanks for the help.

• Cluster and trusted authentication

  I am using trusted authentication to log into BO server. Everything is set up correctly and working fine even with BO cluster.
  Recently, we created another cluster with separate set of servers. When try to connect to this cluster (using the cluster name) very weird thing is happening.
  When I try to log in using token - first attempt succeeds, second attempt fails, third succeeds, fourth fails..and so on.
  My doubt is that somehow two servers on the cluster are not communicating properly. So, if a token was generated for one server, it doesn't connect to another server. Has anyone seen anything like this before?  Where should I start looking in the cluster setup?

  Tokens aren't cluster member specific.
  You've mentioned Trusted Authentication and tokens, but token generation is separate from authentication, so what's the exact workflow going from Trusted Auth to token generation to token use?
  Sincerely,
  Ted Ueda

• Trusted Authentication possible with Wed Sevices SDK? BOE - 3.1

  Hi,
  We are planning to upgrade to BOE 3.x. We have integrated our application with BOE using Wed Services SDK. I'd like to know if we can implement the trusted authentication using the web services APIs in BOE 3.x.
  Apparently the question was posted here before but no answers -
  Re: trusted authentication.
  Thanks
  Manas

  XI 3.1 Service Pack 2.
  Configure Trusted Authentication on the CMC.   Ensure TrustedPrincipal.conf file with the shared secret is in the <INSTALL>/BusinessObjects Enterprise 12.0/win32_x86 folder.
  If you look in dswsbobje/WEB-INF/classes/dsws.properties, you'll see a property trustedAuthentication.enabled set to false.
  Set it to true, then restart the dswsbobje Java Web Application Server.
  Then you only need to pass in domain (CMS name) and username to the Session Web Services for logon.
  Note that if you do the above, it'll use Trusted Authentication for all requests coming into dswsbobje - i.e., no longer need to pass in passwords.
  So you really need to put something in front of dswsbobje, to authenticate any requests going in.
  Sincerely,
  Ted Ueda

• Trusted Authentication

  Is it possible to open session with BO server using Trusted Authentication?
  Regards,
  Aleksejs

  Yes, you can.  (I only have the java code summary - but it should give you an idea for what to do in .NET)
  SYNOPSIS:
  How to use Trusted Authentication with SSO to InfoView using Enterprise Session?
  There may be a situation where only the enterprise username is known in the custom application. Trusted Authentication can come pretty handy.
  SOLUTION:
  Setup the Trusted Authentication first:
  I. Enable Trusted Authentication in BOE.
  1. Logon to Central Management Console with Administrator
  2. Click on "Authentication"
  3. Check the "Trusted Authentication is enabled"
  4. Enter the "Shared secret"
  5. Click Update
  II. Create/edit TrustedPrincipal.conf
  1. Create or open C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\plugins\auth\secEnterpise\TrustedPrincipal.conf
  2. Type in u201CSharedSecret=<shared secret value>u201D (without double quotes)
  3. Save the file.
  III. Deploy custom JSP
  1. Create a JSP in <webapps>/businessobjects/enterprise115/desktoplaunch/InfoView/logon.
  2. Cody and paste in the following code:
  <%@ page import = "com.crystaldecisions.sdk.framework.CrystalEnterprise"%>
  <%@ page import = "com.crystaldecisions.sdk.framework.ISessionMgr"%>
  <%@ page import = "com.crystaldecisions.sdk.framework.IEnterpriseSession"%>
  <%@ page import = "com.crystaldecisions.sdk.occa.security.ILogonTokenMgr"%>
  <%@ page import = "com.crystaldecisions.sdk.framework.ITrustedPrincipal" %>
  <%
  // Logon to CMS using without password
  ISessionMgr sessionMgr = CrystalEnterprise.getSessionMgr();
  ITrustedPrincipal trustedPrincipal = sessionMgr.createTrustedPrincipal("<username>", "<CMS>");
  IEnterpriseSession enterpriseSession = sessionMgr.logon(trustedPrincipal);
  // Store Enterprise session in HttpSession     
  session.setAttribute("MyEnterpriseSession", enterpriseSession);
  // Construct URL and redirect to InfoView start page.
  // ivsEntSessionVar is the reference to the HttpSession variable.
  String url = "http://<server name>:<port>/businessobjects/enterprise115/desktoplaunch/InfoView/start.do?ivsEntSessionVar=MyEnterpriseSession";
  response.sendRedirect(url);
  %>
  3. Go to the URL http://<servername>:<port>/businessobjects/enterprise115/desktoplaunch/InfoView/logon/<JSP file>.jsp
  Note: JSP does not have to be in /desktoplaunch/InfoView/logon folder but JSP should be in >/businessobjects context.
  Extra Note -
  A new API method has been introduced with BEXI R2 MHF1 for Trusted Authentication that removes the need for the TrustedPrincipal.conf file.  You can now specify the shared secret using the following method:
  ISessionMgr.createTrustedPrincipal(java.lang.String userName, java.lang.String cmsName, java.lang.String sharedSecret)
  So, you can eliminate Part II from the steps above and use this method call:
  ITrustedPrincipal trustedPrincipal = sessionMgr.createTrustedPrincipal("<username>", "<CMS>", u201Csharedsecretu201D);
  instead of the old method:
  ITrustedPrincipal trustedPrincipal = sessionMgr.createTrustedPrincipal("<username>", "<CMS>");

• Trusted authentication from two systems to BOXI

  Hi,
  We have a system that currently uses trusted authentication to direct users to infoView.  Is it an option for us to use trusted authentication from SharePoint to BOXI at the same time? BOXI 3.1 SP5.
  Thanks,
  Sam

  Hi Sam,
  Looks like this is possible. Please refer
  http://help.sap.com/businessobject/product_guides/boexir31SP4/en/xi31_sp4_ivforsp_admin_en.pdf
  I can see tags related to trusted authentication in the guide.
  Hope it helps.
  Regards
  Chinmaya

• Trusted Authentication with Web Services SDK

  Hi,
  I have just configured my BO server to use Trusted Authentication (REMOTE_USER) and It works with Infoview so I don't need the logon page to enter user and password.
  I also have an .NET application that uses Web Services SDK and I would like to use Trusted Authentication on it.
  Is there any code to access to BO using Web Services SDK?
  Before the configuration, I was using this code:
  string m_strURL="http://server:8080/dswsbobje/services/Session";
  BusinessObjects.DSWS.Connection oConnection = new BusinessObjects.DSWS.Connection(m_strURL);
  BusinessObjects.DSWS.Session m_wiSession = new Session(oConnection);
  BusinessObjects.DSWS.Session.EnterpriseCredential oEC = new EnterpriseCredential();
  oEC.Login = strLogin;
  oEC.Password = strPassword;
  oEC.AuthType = "secLDAP";
  SessionInfo oSI = m_wiSession.Login(oEC);
  Now, I want to use Trusted Authentication in my .NET application so I wouldn't have to enter user and password.
  I have looking for some code, but I haven't found it yet. I hope you could help me.
  Thanks,
  Sandra

  Hi, Ted,
  I'm trying to use Trusted Authentication to access QaaWS (via WSDL/Axis, NOT Xcelsius).  I enabled it from CMC, put the shared secret in a correct location (win32_x86 directory) and made the change to dsws.properties file, then I restarted tomcat.  However, the system failed to login.  Below is the trace log.  Is Trusted Authentication supported for QaaWS?  Thanks!
  <br/>
  =======
  <br/>
  2010-02-18 14:09:20,781 [http-8080-Processor25] ERROR com.businessobjects.qaaws.internal.transport.QaaWSServlet () 297906 - invoke()
  java.lang.Exception: com.crystaldecisions.sdk.exception.SDKServerException: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
  cause:com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuse: IDL:img.seagatesoftware.com/OCA/oca_abuse:3.2
  detail:Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
  The server supplied the following details: OCA_Abuse exception 10498 at [.\secpluginent.cpp : 832]  42040 {}
       ...Invalid password
       at com.businessobjects.qaaws.internal.webi.WISessionMgr.makeSession(Unknown Source)
       at com.businessobjects.qaaws.internal.transport.QaaWSServlet.invoke(Unknown Source)
       at com.businessobjects.qaaws.internal.transport.QaaWSServlet.doPost(Unknown Source)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:873)
       at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
       at java.lang.Thread.run(Thread.java:595)
  Caused by: com.crystaldecisions.sdk.exception.SDKServerException: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
  cause:com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuse: IDL:img.seagatesoftware.com/OCA/oca_abuse:3.2
  detail:Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
  The server supplied the following details: OCA_Abuse exception 10498 at [.\secpluginent.cpp : 832]  42040 {}
       ...Invalid password
       at com.crystaldecisions.sdk.exception.SDKServerException.map(SDKServerException.java:107)
       at com.crystaldecisions.sdk.exception.SDKException.map(SDKException.java:196)
       at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:710)
       at com.crystaldecisions.sdk.occa.security.internal.LogonService.userLogon(LogonService.java:295)
       at com.crystaldecisions.sdk.occa.security.internal.SecurityMgr.userLogon(SecurityMgr.java:162)
       at com.crystaldecisions.sdk.framework.internal.SessionMgr.logon(SessionMgr.java:425)
       ... 19 more
  Caused by: com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuse: IDL:img.seagatesoftware.com/OCA/oca_abuse:3.2
       at com.crystaldecisions.enterprise.ocaframework.idl.OCA.oca_abuseHelper.read(oca_abuseHelper.java:106)
       at com.crystaldecisions.enterprise.ocaframework.idl.OCA.OCAs._LogonEx4Stub.UserLogonEx4(_LogonEx4Stub.java:80)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.crystaldecisions.enterprise.ocaframework.ManagedService.invoke(ManagedService.java:424)
       at com.crystaldecisions.sdk.occa.security.internal._LogonEx4Proxy.UserLogonEx4(_LogonEx4Proxy.java:222)
       at com.crystaldecisions.sdk.occa.security.internal.LogonService.doLogon(LogonService.java:347)
       at com.crystaldecisions.sdk.occa.security.internal.LogonService.doUserLogon(LogonService.java:684)
       ... 22 more
  org.apache.axis2.AxisFault: org.apache.axis2.databinding.ADBException: Unexpected subelement table
       at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
       at service.wsdl.heartFailure.HFReliabilityScoreStub.fromOM(HFReliabilityScoreStub.java:4131)
       at service.wsdl.heartFailure.HFReliabilityScoreStub.runQueryAsAService(HFReliabilityScoreStub.java:201)
       at org.apache.jsp.AuthTest_jsp._jspService(AuthTest_jsp.java:78)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
       at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
       at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
       at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:873)
       at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
       at java.lang.Thread.run(Thread.java:595)

• Server 2012 R2 no longer able to query objects in a trusted domain over a Forest Trust using Selective Authentication

  I have a scenario in which our enterprise activation servers exist in a domain that is in a separate forest than our offices.  Currently all our domain controllers are 2008 R2 with domain and forest functional levels at 2008 R2.  We have set
  up two-way forest trusts with our office domains using selective authentication.  We then give the domain controllers from our licensing domain the "Allowed to Authenticate" right to the domain controllers in the office domain.  On the
  server 2008 R2 domain controllers in the office domain, we can browse to the appropriate objects in the licensing domain after being presented with an authentication window that allows us to enter credentials for the licensing domain.  However, after
  installing a 2012 R2 domain controller in an office domain, we can not use the 2012 domain controller to browse to the objects in the licensing domain.  It never asks for credentials for the licensing domain when we specify the objects we want to add
  from the licensing domain.  I simply states that the object can not be found.  When I look at the domain controller in the licensing domain, I see that the domain controller in the office domain is attempting to pass the credentials of the user that
  is logged on and this is failing since this user has no rights in the licensing domain.  I can still use a 2008 R2 domain controller in the office domain to add the rights and it works like it always has.  Can somebody tell me why this is happening
  and how to correct it?

  Hi,
  Based on my research, this is a known issue in Windows Server 2012 R2.
  According to the article below: “The Selective Authentication feature of selective trusts is
  not functional. Access to resources enabled by “Allowed to Authenticate” will fail. There is no workaround at this time”.
  Release Notes: Important Issues in Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn387077.aspx
  Best Regards,
  Amy Wang

• 'authentication failed' using Microsoft ADSI version LDAP server

  Hi All,
  Now days i am facing some problem in authentication (i am using microsoft ADSI version LDAP Server) but am not able to authenticate the LDAP users.
  I have configured my LDAP server in the same manner as u mentioned in this blog.
  when I am trying to authenticate the user from the RPD itself i m gettig the following error:
  “authentication failed” (actually i forgot the exact message but it mean is same as i referred here)
  though i am able authenticate the bind user ( which i used to configure the LDAP Server)
  Please help me in this as i already wasted a lot of time in doing R&D to make it work..
  I have an urgent requirement to do the same..
  Your help will highly appreciated…
  thanks in advance
  PS: I have checked the 'ADSI' box in advance tab:

  Hi,
  Please have a look at the below link:
  Unknown certificate error when testing LDAP SSL connection
  Not sure whether it will help you. But have a look at it.
  Regards,
  Jithin

• Trusted Authentication using QUERY_STRING

  Hi All,
  We are trying to configure the Trusted Authentication using Query_String in XIR3.1
  We have customer portal ,where in login to custom web page and click on the link which routes to Infoview.We are configuring sso to bypass the credentials from webportal to Infoview home page.
  We have created a paramerter to pass the user information.We have made all the required changes for configuring trusted authentication,like:
  1) Enable Trusted Authentication in cmc.Enter shared secret in cmc
  2) Make changes to the web.xml file
  3) Create TrustedPrincipal.conf file
  In web.xml file we gave "trusted.auth.user.retrieval" as "QUERY_STRING" & "trusted.auth.user.param" as the parameter value we are using to pass the user information.
  If the parameter we are using is "MyUser" to pass the user information ,After configuring, we noticed that ,when we launch the url, "http://host:8080/InfoViewApp/logon/logon.do?MyUser=<username>"  we can directly login to Infoview without giving any credentials.We are not sure if we are moving in right direction? Is this how the QUERY_STRING work?
  We also noticed that,instead of giving any username if we give any other value the infoview home page opens up with Guest account?
  Thank you,
  Bill

  You should disable guest when using any method of SSO. Then anything placed in the URL other than a proper user would fail. And yes this is exactly how query string works (the username must be supplied in the URL). If looking for a more dynamic/secure method you will need to combine with a front end authenticator such as IIS, siteminder, etc and use one of our other methods such as remote_user, http_header, etc
  Regards,
  Tim

• How can i deploy macbooks and 802.1x authentication using PEAP/MSChap version 2

  How can i deploy macbooks and 802.1x authentication for wireless connectivity using PEAP/MSChap version 2. The Cert is generated by a 2008 Windows CA authority. I am trying to get to join but the MAC doesnt seem to want to accecpt the cert. Can i not validate the cert and still have it join the 802.1x wireless netqwotk? The wireless netwotk is using a Cisco 5508 wireless controller and Cisco 1142 access points. All works fine with Windows devices.

  Hi Tarik,
  Thanks for your answers,
  I've attached my configured AuthZ rules and AuthZ profile for provisioning,
  I want the process to be the same for iPhone, Android and Windows.
  1) Connect to the SSID
  2) Login using your AD credentials PEAP-MS-CHAP-v2
  3) Redirect to device registration portal (So I can set a limit of 3 devices per employee)
  4) As soon as the client click "register" no more redirects and PERMIT-ALL
  I think that I don't need to rely on profiling because In terms of AuthZ policies it should be something like this:
  1) if WIRELESS802.1x and PEAP-MS-CHAPV2 and BYODREGISTRATION=!YES(Unknown or not reg) then "Redirect to device registration(that is NSP right?)"
  2) if WIRELESS802.1x and PEAP-MS-CHAPV2 then PERMIT-ALL(no redirection)
  3) everything else = DENY-ALL
  But the NSP looks for Client Provisioning policies, so if I don't configure any policy it should Allow Network Access(See attachment photo3.png) but as I said on the post it shows that cannot retrieve the MAC-Address so the client can't register his device and don't have access to the network. (To grant access I've configured provisioning policies, that way the clients can register their devices but they are redirected to google play or are forced to install the profile at iOS and this is what I don't want because it is not necessary)
  What screenshoot do you need after the registration? the Auth report?
  Thank you very much for your time!

• Tutorial to Develope a Single-signon System using LDAP

  Folks,
  Hello. I have just started to develop a Single-signon security system using LDAP for FSCM and HRMS for my client.
  The only tutorial I get is Chapter 6, 7, and 8 in the document http://download.oracle.com/docs/cd/E05317_01/psft/acrobat/pt849sec-b0307.pdf. It seems it's regarding Oracle Database. But I am using MS SQL Server.
  Can any folks provide a case study or an example or some tutorial regarding developing a Single-signon security system using LDAP for FSCM and HRMS ?

  Connect an Ethernet cable from the Ethernet port in the hotel room to the WAN "O" port on the AirPort Extreme wireless router. An AirPort Express router will work as well for this. So will a Time Capsule.
  http://www.apple.com/wifi/
  Configure the AirPort Exteme to "create a wireless network".
  Configure the AirPort Extreme to operate as a router providing DHCP and NAT service, which is the default configuration of the AirPort Extreme.
  Connect your computer to the wireless network that the AirPort Extreme is producing
  Open your Internet browser. You are on the Internet. If the hotel's log in page appears, enter your credentials and agree to terms, etc.
  Connect any other wireless devices that you have to the same wireless network that the AirPort Extreme is providing
  The hotel network will charge you for one connection.
  This works in just about any hotel where I have ever stayed, but I cannot guarantee that it will work for you.