on 10-15-2015 2:12 PM
We just implemented Active Directory authentication, everything's working great. So we'd like to get Single Sign-on implemented.
Since AD is all set, I was thinking, "Hmmm, I bet there's a setting somewhere, I'll just set that properly, and we'll be good-to-go", and everyone would be exceedingly impressed.
the closest document I can find isBut the perspective in this doc seems like you're starting from scratch with AD.
Is there a document for "Implementing SSO in BO XI after you successfully implemented AD authentication", and maybe it says "flip this switch and you're all set" ????
Hi Bill,
Configuring SSO is next step after you configure Windows AD authentication. You can follow the same document from section 5 page 13 to configure SSO.
Regards,
Hrishikesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hrishikesh,
ok, thank you for the tip, but . . . . to me, the document is not really in the perspective of "setting up SSO after getting AD working", as far as I can tell. Such as "Step 2 - creating and preparing the service account for Kerberos delegation" - but I already HAVE a service account, so is this a new one or just modify the existing one ?
Pages 5 - 9 are very cryptic (as a non server type) and looks about as challenging as setting up AD itself, if not more so. We slogged through AD setup but it was moderately painful.
for Step 3 - configure the CMC and map in AD groups - again, I've already done all this, so is my only task to check "Enable Single Sign on" and THEN I can have a cup of coffee ?
Configuring SSO is next step after you configure Windows AD authentication. You can follow the same document from section 5 page 13 to configure SSO.
So stop after Section 4 ends on pg 13 ?
On pg 15 it says "also set forwardable = true" only if using SSO to the DB - I suppose that's different than SSO to BO, right ?
Hi Bill,
1) You can keep your existing service account.
2) Check "Enable Single-On..." in the CMC, and .... not a cup of coffee
but you have also to do :
3) In the JAVA properties of Apache Tomcat, add these commands :
-Dcom.wedgetail.idm.sso.password=[PASSWORD_OF_SERVICE_ACCOUNT]
4) Configure your server.xml file (follow the section 7 of the your documentation)
5) Configure your web.xml file (follow the section 7 of the your documentation)
After that, it will be good.
For a better security, you will encrypte your service account password in a keytab.
We'll see that after if you want.
Regards.
PLM
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.