cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP BO 4.1 - Problem on SSO Vintela configuration

Go to solution
Former Member

on ‎05-08-2014 4:09 PM

0 Kudos

Hi all,

i'm configuring SSO Vintela on a new SAP BO 4.1 SP3.1.

I'm following the SAP note 1631734 and the article of Steve Fredell at this link

I've a trouble at the 11 point; after executing this step the silent SSO doesn't work anymore.

I start the BI LaunchPad and it asks the credential to login.

In the tomcat log i don't see any errors and also I don't see the ‘credentials obtained’ that before I saw in the same file.

I think it could be a problem about SPN?

I execute the kinit.exe on the keytab file and on the user and all is good has suggested by the SAP Note 1359035 - How to test a keytab file external to Business Objects

Anyone could suggest me what to do?

regards,

Paolo

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member189884
Contributor
‎05-08-2014 5:54 PM
0 Kudos

It is clearly a problem with the keytab. How did you create it? What is in the idm.realm and princ fields from the global.properties file?

-Josh

Show replies
Show replies
Former Member
‎06-04-2014 2:34 PM
0 Kudos

Hi, Josh, may be you can help me. As I can see you you have a huge experience in this kind of problems. I saw your answers in many forums here.

i'm configuring SSO Vintela on a new SAP BO 4.1 SP2


I'm also following the Steve Fredell at this link Active Directory SSO for SAP BusinessObjects BI4.


I've a trouble at the 9point; After executing this step my silent SSO doesn't work. I cant see ‘credentials obtained’ in logs.


I can generate ticket with kinit


C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin>kinit Auto_EPMS-BASA_BO

Password for Auto_EPMS-BASA_BO@M****.****.COM:

New ticket is stored in cache file C:\Users\Denys_Telepenko\krb5cc_denys_telepenko

there are  no SPN dublicates:


C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\bin>setspn -X

Checking domain DC=m****,DC=****,DC=com

Processing entry 93

found 0 group of duplicate SPNs.

global properties file :

sso.enabled=true

siteminder.enabled=false

vintela.enabled=true

idm.realm=M****.****.COM

idm.princ=Auto_EPMS-BASA_BO

idm.allowUnsecured=true

idm.allowNTLM=false

idm.logger.name=simple

idm.logger.props=error-log.properties

krb5.ini :

[libdefaults]

default_realm = M****.****.COM

dns_lookup_kdc = true

dns_lookup_realm = true

default_tgs_enctypes = rc4-hmac

default_tkt_enctypes = rc4-hmac

udp_preference_limit = 1

[realms]

****.****.COM = {

kdc = EPBYMINSA0014.M****.****.COM

default_domain = M****.****.COM

}

BIlaunchpad.properties

authentication.default=secWinAD

authentication.visible=true

sso.types.and.order=vintela

stdout.log

2014-06-04 15:44:45 Commons Daemon procrun stdout initialized

com.businessobjects.webpath.rebean3ws.Activator

stderr.log

It is huge one but I can see here that

Resolving KDC for realm: M***.****.COM

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: Available KDC found: /10.6.0.6:88

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: Sending message to KDC: /10.6.0.6:88

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: Sending TCP request: /10.6.0.6:88

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos:     connected;  sending length and request...

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos:     sent request;  reading response length...

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos:     read length;  reading 1438-byte response...

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: --- got 1438-byte response, initial byte = 0x6d

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: Message sent sucessfully to KDC: /10.6.0.6:88

[DEBUG] Wed Jun 04 09:32:07 VET 2014 jcsi.kerberos: ** credentials obtained .. **

Credential

client: Auto_EPMS-BASA_BO@M****.****.COM

Is it ok that I can see information in stderr instead og stdout ?

What I need to do to login successfuly to BI lauch pad without entering a credential?

My IE options "Enable Integrated Windows Authentication" is selected

best regards,

Denis

Former Member
‎06-19-2014 10:49 AM
0 Kudos

i always see the information in stderr not in stdout

Answers (1)

Answers (1)

skugan_venkatesan
Explorer
‎08-19-2014 11:43 AM
0 Kudos

Hi Paolo,

Even I face the exact problem. Not able to perform a silent SSO. The only case here is after referring to Steve Fredell Video, His setup is a single box environment wherein both the tomcat and BOE are in the same machine. Our setup is a distributed setup. Maybe if you had found out a solution by now, plz do let me know

Thanks,

Skugan V

Show replies
Show replies
former_member189884
Contributor
‎08-19-2014 12:51 PM
0 Kudos

I have replied to another thread you posted on. Please stick to one thread. if you'd like to start a new thread and provide actual information from your environment that would be most helpful.

Ask a Question