cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting up SSO for BO XI 3.1 after AD implemented

Go to solution
Former Member

on ‎10-15-2015 2:12 PM

0 Kudos

We just implemented Active Directory authentication, everything's working great. So we'd like to get Single Sign-on implemented.

Since AD is all set, I was thinking, "Hmmm, I bet there's a setting somewhere, I'll just set that properly, and we'll be good-to-go", and everyone would be exceedingly impressed.

the closest document I can find isBut the perspective in this doc seems like you're starting from scratch with AD.

Is there a document for "Implementing SSO in BO XI after you successfully implemented AD authentication", and maybe it says "flip this switch and you're all set" ????

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-15-2015 2:16 PM
0 Kudos

Hi Bill,

Configuring SSO is next step after you configure Windows AD authentication. You can follow the same document from section 5 page 13 to configure SSO.

Regards,

Hrishikesh

Show replies
Show replies
Former Member
‎10-15-2015 2:55 PM
0 Kudos

Hrishikesh,

ok, thank you for the tip, but  . . . . to me, the document is not really in the perspective of "setting up SSO after getting AD working", as far as I can tell. Such as "Step 2 - creating and preparing the service account for Kerberos delegation" - but I already HAVE a service account, so is this a new one or just modify the existing one ?

Pages 5 - 9 are very cryptic (as a non server type) and looks about as challenging as setting up AD itself, if not more so. We slogged through AD setup but it was moderately painful.

for Step 3 - configure the CMC and map in AD groups - again, I've already done all this, so is my only task to check "Enable Single Sign on" and THEN I can have a cup of coffee ? 



Configuring SSO is next step after you configure Windows AD authentication. You can follow the same document from section 5 page 13 to configure SSO.

So stop after Section 4 ends on pg 13 ?

On pg 15 it says "also set forwardable = true" only if using SSO to the DB - I suppose that's different than SSO to BO, right ?

amitrathi239
Active Contributor
‎10-15-2015 3:11 PM
0 Kudos

Hi,

As you mentioned Win AD authentication is already enabled.in this case are you able to login on inforview with your windows AD ID manually.

in this case reverify the the steps which are you have already implemented. according to that proceed further.

Amit

Former Member
‎10-15-2015 3:15 PM
0 Kudos

Hi Bill,

1) You can keep your existing service account.

2) Check "Enable Single-On..." in the CMC, and .... not a cup of coffee

but you have also to do :

3) In the JAVA properties of Apache Tomcat, add these commands :

-Dcom.wedgetail.idm.sso.password=[PASSWORD_OF_SERVICE_ACCOUNT]


4) Configure your server.xml file (follow the section 7 of the your documentation)

5) Configure your web.xml file (follow the section 7 of the your documentation)

After that, it will be good.

For a better security, you will encrypte your service account password in a keytab.

We'll see that after if you want.

Regards.

PLM



Former Member
‎10-15-2015 3:26 PM
0 Kudos

Pierre,

thank you, and that makes a lot of sense. I'll have a look at it and then inform management (how smart I am . . . )

Answers (0)

Ask a Question