on 05-12-2011 2:59 PM
Hi experts,
I need some advice on integration SAP SSO and AD SSO.
I have setup SAP SSO and AD SSO seperately. I need to go through infoview with AD SSO and open a Xcelsius dashboard directly. The dashboard is populated with data from SAP BW hence the SAP SSO.
How do i couple this AD SSO with SAP SSO so that i through a link to a dasboard opens the dashboard without getting the login screen and at the same time get the access to SAP BW data?
My server is windows 2003 SP2, BOBJ 3.1 XI SP2 FP2.9
Any help og clues is much appreciated.
Thanks in advance.
Rgds,
Hi,
this will require what is called server side trust and user mapping leveraging SNC.
Ingo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
client side vs server side depends on the workflow you are trying to realize.
Client Side SNC - and lets be specific - THICK Client - for example logon into Crystal Reports DEsigner with Windows AD / SAP and still get SSO - that is where client side SNC can help (just one example)
Server Side SNC can help when we are talking about web based authentication.
and yes - server side trust is in the product documentation.
ingo
hi Kim,
when you say "when users login in to their computer using their daily day AD Login they can open a link" so that means that you would like that the browser is leveraging the AD credentials that the user used to logon to the actual computer ?
If so for sure you will need client side SNC where you combine Windows AD with SAP credentials and more important you need software on each client system.
regards
Ingo
Hi,
>
> SNC is an interface and you can see a list of certified solutions in the EcoHub.
>
> There is software from several companies like Secude, RSA, TFS, ...
Actually, Secude is not on EcoHub anymore, since they were acquired by SAP and their SNC library is not using Kerberos, so won't do what is described in this thread. I suggest you look at http://ecohub.sdn.sap.com/irj/ecohub/solutions/trustbrokersecureclient product to solve this problem.
Edited by: Tim Alsop on May 21, 2011 8:30 AM
Hi,
SECUDE as company wasn't acquired. "assets" were acquired.
http://www.sap.com/corporate-en/press/newsroom/press.epx?pressid=14606
SECUDE does very well have solutions that more than capable of solving the above problem - and others as well ...
Ingo
If you are using AD sso with infoview (vintela or IIS) then you can still use the server trust with secude libraries, KB 1500150 has all the links and troubleshooting steps. If you need help with AD SSo to infoview all KB's can be found from [here|http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes_boj/sdn_oss_boj_bi/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/scn_bosap/notes%7B6163636573733d36393736354636443646363436353344333933393338323636393736354637333631373036453646373436353733354636453735364436323635373233443330333033303331333433373336333333373334%7D.do]
Regards,
Tim
If you are using AD sso with infoview (vintela or IIS) then you can still use the server trust with secude libraries, KB 1500150 has all the links and troubleshooting steps. If you need help with AD SSo to infoview all KB's can be found from [here|http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes_boj/sdn_oss_boj_bi/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/scn_bosap/notes%7B6163636573733d36393736354636443646363436353344333933393338323636393736354637333631373036453646373436353733354636453735364436323635373233443330333033303331333433373336333333373334%7D.do]
>
>
> Regards,
>
>
> Tim
If (as I believe is the case here) the SAP BI system has an SNC/Kerberos library installed, and being used for SAP GUI SSO with SNC, then the connection between BOBJ and BI cannot be done using the Secude SNC library. This is because the SAP BI system can only use one SNC library at a time, so cannot support authentication requests form SAP GUI using SNC/Kerberos and from BOBJ using SNC/x.509.
Thanks,
TIm
hi Tim,
your point is correct that the SAP Server can only handle on SNC library and in the case where the customer is looking for an actual CLIENT SIDE SNC (= SAP GUI = THICK CLIENT) then the library mentioned before wouldn't work but as mentioned before there are several vendors out there - including SECUDE - which have solutions for thick client / thin client or the combination of both.
regards
Ingo Hilgefort
If (as I believe is the case here) the SAP BI system has an SNC/Kerberos library installed, and being used for SAP GUI SSO with SNC
I didn't see the customer reference this, only that they login to their workstations with AD. I was going by the assumption that they didn't mention what type of SNC was inplemented or hadn't decided on one yet.
Regards,
Tim
Hi,
I have now enabled server side trust and the user AD to SAP BW user mapping.
I have following various kinds of documention herunder below to links.
/people/ingo.hilgefort/blog/2009/07/03/businessobjects-enterprise-and-client-side-snc-part-1-of-2
/people/ingo.hilgefort/blog/2009/07/03/businessobjects-enterprise-and-client-side-snc-part-2-of-2
I the last bit where i need to put in the SNC Account Name under tab entitlement systems i gives me an error when trying to start a dashboard from infoview. "Cannot access external data - session is closed"
If i dont fill out the SNC Account Name field it gives me the following error:
"Unable to connect to SAP BW server incomplete logon data.."
The busines objects server has been installed with SAP Cryptographics software, certificates on both sides. Env. variables has been set so the users automatically maps to eachother.
Do you have any suggestion what could be wrong? am i missing something?
Further, when i press the link to infoview it does not automatically transfer me to infoview it leads me the login screen, why is that? my intention was to go directly to infoview without login.
Thanks.
Rgds,
Kim
Hi Kim,
not sure which documentation you are reading but assuming we are talking about Server Side Trust configuration then this configuration does NOT include a SNC user on the Entitlement page.
Server Side trust is explained and documented as part of the installation guide for the SAP Integration Kit
regards
Ingo
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.