cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[XI 3.1] WinAD for CMC (InfoView works fine, CMC doesn't work)

Go to solution
Former Member

on ‎12-11-2012 9:16 AM

0 Kudos

Hello!
 
I made WInAD for InfoView. InfoView works fine.
I want to make WinAD for CMC.
I saw KB "Configuring Vintela SSO in Distributed_Environments-Complete", but I had not found necessary settings (in web.xml)
for access to CMC via Windows AD autthentication.
If I adding in CMC web.xml information (Vintela enabled = true, authFilter and etc), then I getting error in IE - not found CMC\logon.faces.
 
Please help!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-14-2012 5:57 AM
0 Kudos

Hi Sergey,

The settings that need to be configured in the web.xml file like 'vintela.enabled' and others are for Windows AD SSO using InfoView.
Using CMC, you could only perform manual authentication using Windows AD because SSO is not available for CMC as it is an administrative console. For manual Windows AD authentication in CMC there is no configuration required in the web.xml file of CmcApp.

Let us know if the manual AD authentication for CMC is working or not. If it works for Infoview then it also work for CMC nonetheless you are using WACS for CMC.

HTH,

Shafi

Show replies
Show replies
Former Member
‎12-14-2012 7:25 AM
0 Kudos

Hi!

Thank you for your answer.

When I try to log on CMC via manual AD authentication, I have error:

  • Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)

When I try to log on InfoView via manual AD authentication, I have error:

  • Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)

When I try to log on InfoView via automatic AD authentication, I don't have error.

former_member183789
Active Participant
‎12-14-2012 7:52 AM
0 Kudos

Hi Sergey,

I beleive that the Windows AD was not configured properly.

As said earlier, try to replace the default web.xml (without any modifications) file for the CmcApp application and try restarting the application server (assuming it as Tomcat) and test the manual login using the Windows AD credentails (assuming that you have mapped all the AD users) for CMC Application.

As said by you, you were able to login to infoview using SSO with out any problems.

In order to manually logon to InfoView when Single Sign-On is configured use the following URL and manually enter the credentails and test the issue.

http://server:8080/InfoViewApp/logonNoSso.jsp

And also search for key word "FWM 00006" from the SAP xSearch option from the SAP Service Market Place:  http://service.sap.com --> Help & Support where you would get many SAP notes realted to the issue.

Please do keep us updated with your findings.

Regards,

Niranjan.

Former Member
‎12-14-2012 8:12 AM
0 Kudos

Niranjan,

When I try to log on CMC (and InfoView via manual AD authentication) under DOMAIN\user_name - I have any errors.

When I try to log on CMC (and InfoView via manual AD authentication) under user_name@MY.DOMAIN.COM - I don't have any errors.

It's possible to make access through DOMAIN\user_name for all domain (in multi-domain) or it's work only for default domain?

Former Member
‎12-14-2012 8:46 AM
0 Kudos

Hi Sergey,

From BO XI R3 version, it is always suggestible to use the format "username@DOMAIN" and "DOMAIN\username" doesn't work mostly.

In case of multi-forest domain, make sure the AD domain and the BO domain have 2-way full (2-way transitive) trust between them.

If trust is present and the AD plugin is configured appropriately, then even if you only specify the "username" while logging in, it should work.

Please try to specify only the username to login and check to if you able to login.

Else, provide us with the details of the windows AD plugin configuration in CMC and the krb5.ini file.

Thanks,

Shafi

former_member183789
Active Participant
‎12-14-2012 9:28 AM
0 Kudos

Hi Sergey,

As said, if the Windows AD is configured properly specifying only the Username should work..

Also please refer the section "To configure the Windows AD security plug-in for Kerberos" in xi3-1_bip_admin_en document for better understanding....

Regards,

Niranjan.

Former Member
‎12-14-2012 10:31 AM
0 Kudos

Yes, you are right. For default domain - just "username". For others - username@FQDN.

Thank you!

Answers (1)

Answers (1)

former_member183789
Active Participant
‎12-14-2012 5:40 AM
0 Kudos

Hi Sergey,

Try to revert back the changes in the web.xml file or else if you have the back of the original copy replace it in the CmcApp folder and restart the Tomcat and test whether you are getting the CMC page or not.

Once you got the CMC page use the authentcation drop down and select the WindowsAD authentication and try to logon to the CMC with the AD credentails.

I beleive accessing CMC with SSO, it's not recomended because CMC is the application only a BO Server Admin have the access but not all the users.

Regards,

Niranjan.

Show replies
Show replies
Ask a Question