cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO with Analysis for Office using OLAP on BI LaunchPad?

Go to solution
kelly_stone1
Participant

on ‎12-12-2013 6:16 PM

0 Kudos

I have learned a lot about Analysis for Office and SSO for BW and the BI Launch Pad in the past year.  Now I just need to put them all together.

I am using Analysis for Office (A4O) 1.4.2 and Business Object for Enterprise (BOE) 4.0 SP4 Patch11.  I am using SAP BW for the backend.

I am starting a blank A4O workbook and I insert a data source via the BOE login using a (OLAP) connection on BOE to get to BW.  I save the A4O to the BI Launch Pad.  Now…when I open the BI Launch Pad and open the A4O from the BI Launch Pad…I get a sign on screen for BOE.  How/what do I need to set up to not get that sign on screen for BOE (I am already signed on to the BI Launch Pad)? 

On a side note…I do not have to sign on to BW. That is taken care of via a token between BOE and BW.  And I have SSO set up so that when I go to the BI Launch Pad…I do not see the sign on screen.  I am authenticated via Windows AD.  And my OLAP connection to BW on the BOE system is set up with SSO authentication.

For the BOE sign on screen I have checked the “Enable Single Sign for Windows Active Directory” but I can’t get it to work unless I uncheck the box and put in my password (See below).  The error I get when I check the box and leave the PW blank is below also.

Any help would be much appreciated.

Kind regards,

Kelly

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member189884
Contributor
‎12-12-2013 7:26 PM
0 Kudos

Have you followed the steps from KBA 1646920 - How to configure Web Services Single Sign-On (dswsbobje) with Tomcat for SAP BusinessObjects Business Intelligence platform 4+?

Show replies
Show replies
kelly_stone1
Participant
‎12-12-2013 9:17 PM
0 Kudos

Thanks Josh.  That looks like it would work...but I must admit that I am web.xml illiterate and stuck.  Any help to offer would be great.

Kind regards,

Kelly

Former Member
‎12-13-2013 6:40 AM
0 Kudos

It is  not a rocket science to edit the web.xml

Just right click on the web.xml and open with notepad/wordpad.

Backup and edit the file: ...\Tomcat6\webapps\dswsbobje\WEB-INF\web.xml

Uncomment the Kerberos Proxy Filter and the Kerberos Filter sections to enable Kerberos SSO for Windows Active Directory (secWinAD) authentication. The following options

idm.realm (check global.properties)

idm.princ (check global.properties)

idm.keytab (the same as specified for idm.keytab in the global.properties located at ..\Tomcat6\webapps\BOE\WEB-INF\config\custom) Please note, if you are using the hardcoded password set in Tomcat's Java Options do not make any changes to the keytab lines in the web.xml

If SSL is not in use with the Java application server, then set the idm.allowUnsecured paramet

AS mentioned by Josh, check the SAP note to have the complete details.1646920

kelly_stone1
Participant
‎12-13-2013 6:34 PM
0 Kudos

Hello Josh - I have figured out the web.xml stuff (had to stare at it for a while ).  Now the steps after that (6-13 below).  Are those steps needed for "every" client?  This seems a little drastic to install the client tools on every PC and then do some configuring...   Am I missing something or is there an easier way?  Have you implemented this?  It works up to this point but I still get the BOE sign-on screen that I have to click OK on (I do not have to enter a pw).

6. On the client machine with the client tools installed, launch Query as a Web Service Designer.

7. Add a new Managed Host.

8. Enter the application server name

9. Enter the Web Services URL: http://<WebAppServer>:<portNumber>/dswsbobje/services/Session(for example: http://GVBI4:8080/dswsbobje/services/Session).

10. Enter the CMS hostname

11. Change Authentication to Windows AD

12. Select Enable Windows Active Directory Single Sing On.

13. At the login prompt, leave User and Password blank and click OK

Kind regards,

Kelly

kelly_stone1
Participant
‎12-18-2013 8:35 PM
0 Kudos

Hello Josh - this did not work the way I was expecting.  You still get the sign-on screen and you still have to click "OK" although you do not need your password (or your ID for that matter).

Kind regards,

Kelly

former_member189884
Contributor
‎12-19-2013 12:25 PM
0 Kudos

that's because it's a client tool and you have to tell it you'd like to connect, at that point you need to select where you are connecting to. There is no way to default this action for the client tool.

former_member136842
Employee
Employee
‎12-19-2013 2:14 PM
0 Kudos

Hi,

Josh is right here. Thats how the product Work. You have to tell the Product what to do. In this case pressing the "OK" Button.

A customer of mine had the same requirement, they didnt want to have that Screen. The deployed a 3rd Party Solution called Citriy Password Manager. This little Tool (It was installed on each Client) noticed the Analysis for Office Log On screen and pressed the "OK" Button automatically as soon as the Log On screen was shown.

But, as alread mentioned, that is a 3rd Party product and out of Scope within the SAP BI Product Line.

Regards

-Seb.

kelly_stone1
Participant
‎12-19-2013 8:09 PM
0 Kudos

Thanks for your answers Josh and Seb.  So it is kind of SSO...but not really.  Plus it looks like you do not have control of the URL that is populated on that sign-on screen.  Thus not end user friendly and not ready for prime time. 

I have also tried tweaking the BOESystems.xml file to no avail.

This is very bad news and I hope SAP will rectify this in the near future.

Kindest regards,

Kelly

Answers (0)

Ask a Question