on 05-08-2014 4:09 PM
Hi all,
i'm configuring SSO Vintela on a new SAP BO 4.1 SP3.1.
I'm following the SAP note 1631734 and the article of Steve Fredell at this link
I've a trouble at the 11 point; after executing this step the silent SSO doesn't work anymore.
I start the BI LaunchPad and it asks the credential to login.
In the tomcat log i don't see any errors and also I don't see the ‘credentials obtained’ that before I saw in the same file.
I think it could be a problem about SPN?
I execute the kinit.exe on the keytab file and on the user and all is good has suggested by the SAP Note 1359035 - How to test a keytab file external to Business Objects
Anyone could suggest me what to do?
regards,
Paolo
It is clearly a problem with the keytab. How did you create it? What is in the idm.realm and princ fields from the global.properties file?
-Josh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, Josh, may be you can help me. As I can see you you have a huge experience in this kind of problems. I saw your answers in many forums here.
i'm configuring SSO Vintela on a new SAP BO 4.1 SP2
I'm also following the Steve Fredell at this link Active Directory SSO for SAP BusinessObjects BI4.
I've a trouble at the 9point; After executing this step my silent SSO doesn't work. I cant see ‘credentials obtained’ in logs.
I can generate ticket with kinit
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin>kinit Auto_EPMS-BASA_BO
Password for Auto_EPMS-BASA_BO@M****.****.COM:
New ticket is stored in cache file C:\Users\Denys_Telepenko\krb5cc_denys_telepenko
there are no SPN dublicates:
C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin>setspn -X
Checking domain DC=m****,DC=****,DC=com
Processing entry 93
found 0 group of duplicate SPNs.
global properties file :
sso.enabled=true
siteminder.enabled=false
vintela.enabled=true
idm.realm=M****.****.COM
idm.princ=Auto_EPMS-BASA_BO
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties
krb5.ini :
[libdefaults]
default_realm = M****.****.COM
dns_lookup_kdc = true
dns_lookup_realm = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
udp_preference_limit = 1
[realms]
****.****.COM = {
kdc = EPBYMINSA0014.M****.****.COM
default_domain = M****.****.COM
}
BIlaunchpad.properties
authentication.default=secWinAD
authentication.visible=true
sso.types.and.order=vintela
stdout.log
2014-06-04 15:44:45 Commons Daemon procrun stdout initialized
com.businessobjects.webpath.rebean3ws.Activator
stderr.log
It is huge one but I can see here that
Resolving KDC for realm: M***.****.COM
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: Available KDC found: /10.6.0.6:88
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: Sending message to KDC: /10.6.0.6:88
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: Sending TCP request: /10.6.0.6:88
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: connected; sending length and request...
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: sent request; reading response length...
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: read length; reading 1438-byte response...
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: --- got 1438-byte response, initial byte = 0x6d
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: Message sent sucessfully to KDC: /10.6.0.6:88
[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: ** credentials obtained .. **
Credential
client: Auto_EPMS-BASA_BO@M****.****.COM
Is it ok that I can see information in stderr instead og stdout ?
What I need to do to login successfuly to BI lauch pad without entering a credential?
My IE options "Enable Integrated Windows Authentication" is selected
best regards,
Denis
Hi Paolo,
Even I face the exact problem. Not able to perform a silent SSO. The only case here is after referring to Steve Fredell Video, His setup is a single box environment wherein both the tomcat and BOE are in the same machine. Our setup is a distributed setup. Maybe if you had found out a solution by now, plz do let me know
Thanks,
Skugan V
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.