on 10-06-2014 5:18 PM
I am workinig on setting up SSO for BO4.0 in the following environment:
Windows 2008 Server
Apache Tomcat 7.0
BusinessObjects BI Platform 4.0
The instructions from http://scn.sap.com/docs-DOC-26314 have been followed along with the instructions at http://scn.sap.com/blogs/josh_fletcher/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4 AND Steve Fredell's document referenced at http://alteksolutions.com/sp/index.php/2012/02/active-directory-andsso-bi4/.
I receive an error when testing the manual logon to the BI Launchpad (step 8 on the first two documents, section 6 of the S. Fredell document). When trying to navigate to the BI Launchpad, the logon page displays but it automatically displays the error:
Account Information Note Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a vald mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006).
And, I do not get a 'commit succeeded' entry in the tomcat7-stdout log. Instead, I get:
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false [Krb5LoginModule] user entered username: @ABC.ABC
[Krb5LoginModule] authentication failed Generic error (description in e-text) (60)
(NOTE: ABC.ABC is in place of the actual domain info.)
However, it will allow me to manually tupe in my AD credentials. Once I do this, even though I got the FWM 0006 error, then I get the 'commit succeeded' entry in the tomcat7-stdout log file.
I have also tried continuing on with the instruction with step 9, however, I continue to get the FWM 00006 error on the BI Launchpad logon screen and I do not get the 'credentials obtained' in the stdout log file. At this point after implementing the items in step 9, since the Tomcat (java tab) now knows the service account password, it should log me on automatically and it does not. I can't help but think it is related back to the FWM 00006 error.
I've, along with coworkers, have checked the syntax of the krb5.ini, bscLogin.conf, and global.properties files and all are good. The spns on the AD service account also appear to be good.
Any suggestions or recommendations? I'm under a time crunch, so if I can't get this working, I may be looking at a SiteMinder soultion for SSO in BO.
Thanks!
Tim A:
I received an email response from you concerning this but I don't see it here.
My response: Yes, if you would please. It would be greatly appreciated.
Thanks,
Mary
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi Mary,
did you ever found a solution on this? I got stuck at step 8 as well.
thanks for your feedback.
mike
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mike:
I did not. I worked with SAP tech support on this for a couple of weeks and we never could get it to work. I'm now looking at SiteMinder as a SSO solution but I'm waiting on support from my company's side for assistance with that.
I would like to know if anyone else got this to work and what was done to get past this step. So, if you get something to work, Mike, please share!
Thanks,
Mary
Hi,
Have you evaluated the option to run BusinessObjects BI Platform 4.0 on SAP AS Java instead of Tomcat 7? BusinessObject 4.0 can be configured in a trusted authentication mode, which means that the authentication will be performed by the application server. Setting up SPNEGO/Kerberos authentication to SAP AS Java is trivial and could be done in minutes. It is used by most of our Portal customers.
Regards,
Dimitar
Mary,
I got it working last night
I found a typo in the Tomcat configuration - java section. The path contained a double / (so // instead of /). So if you succeed with all the previous points in the setup list then check all the settings again or check the delegation options at the AD. But having problems with the AD settings would lead into a different error and not into (FWM 00006).
br,
mike
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.