Infoview can not login with windows AD kerberos
Can not login to infoview:
Account Information Not Recognized: Enterprise authentication could not log you on. Please make sure your logon information is correct. (FWB 00008)
Able to login to cmc with windows AD.
created krb5.ini and bsclogin.conf saved in c:\winnt
modified web.xml in infoviewapp & opendocument folders
Tim Ziemba replied
"I created SPN called spncrystal"
This statement is incorrect, and SPN is in the format principal/host:port. In our product usually just principal/host is needed.
It looks like you meant to say you created a service account (not SPN). The SPN will be added by running the setspn -a BOBJCentralMS/serverFQDN spncrystal. But there is no point in troubleshooting this until the bsclogin is loaded properly.
Regardless of SPN, or service account your issue is that tomcat is NOT loading the bsclogin.conf. If it does the rest of the configuration can be completely wrong or missing but 1 thing is for sure the debug=true option will force tracing of the username when AD authentication is selected when logging into infoview. You need to resolve that before anything else is possible.
You may be able to catch the error that tomcat is throwing when trying to load the bsclogin.conf.
you need to enable the verbose tracing in tomcat, run tomcat under a service account with local admin (the one you mentioned is fine)
the log should be generated under C:\Documents and Settings\spncrystal\.businessobjects\jcesomething.log (default or basic)
the tracing requires an AD login attempt to generate errors (enterprise logins are not expected to report errors as they occur and are traced in the CMS not java SDK.