After passing userid and password in URL and page load it ask for user and password, seems pentaho server does not recognize the parameters. check here for the workaround (it's on the comments): http://jira.pentaho.com/browse/BISERVER-10708 Workaround is to edit the system/applicationContext-spring-security.xml file and change the parameters for the filterChainProxy. Lines 22 and 23 should be replaced by: /api/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,requestParameterProcessingFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS /plugin/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,requestParameterProcessingFilter,basicProcessingFilter,a...