cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO on WinAD not working with full name

Former Member

on ‎11-02-2015 10:29 AM

0 Kudos

Hi,

I've successfully configured the SSO on a new BI4.1 SP6.3, but it works only with the hostname (eg http://boxi:8080/BOE/BI ), not with the FQDN (http://boxi.domain.fr:8080/BOE/BI ), not with an alias on the server ( http://alias.otherdomain.priv:8080/BOE/BI), and not with the IP.

Is it supposed to work, is there a hope, am I missing some configuration? Putting the FQDN in the trusted zone in IE does not work.

We hope to make it work with IE and Firefox...

Any idea? Thanks!

I've setup the setspn this way:

setspn -a BOEXI40SIABOXI/adminbo.domain.fr adminbo
setspn -a HTTP/boxi adminbo
setspn -a HTTP/10.1.2.3 adminbo
setspn -a HTTP/boxi.domain.fr adminbo

setspn -a HTTP/alias.otherdomain.priv adminbo

Config : BI 4.1 SP6.3

Windows AD

IE10, last Firefox ESR

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎11-03-2015 6:03 AM
0 Kudos

Hi Christophe,

Please follow the KBA 1311166 to find the duplicate SPNs in the netwrok.

If it does not work even after following Raunak's suggestion then follow the steps below.

- Delete the SPN: HTTP/boxi.domain.fr

- Create the SPN: HTTP/BOXI.DOMAIN.FR

- Restart the application server and test the SSO.

~SwapnilY

Show replies
Show replies
Former Member
‎11-04-2015 10:37 AM
0 Kudos

I have no duplicate.

We've tried recreated the FQDN SPNs as uppercase. This is not clear if it really works or not, I'll have to check nect time that I am on customer premises.

Thanks for the answer anyway.

Former Member
‎11-04-2015 10:56 AM
0 Kudos

Hi Christophe,


Yes, it works absolutely fine with the FQDN,IP and alias. We have configured this many a time and it worked for us.


If we have HTTP SPNs for the IP, FQDN and alias then it should work. At the time of launching SSO it looks for the HTTP SPNs for the URL specified in the browser.


There are many other things which come into the picture for SSO. You would need to investigate it further.


Since the SSO is working fine with the hostname then it should work with IP and FQDN as well. You may get issues with alias though.


~SwapnilY





former_member205064
Active Contributor
‎11-03-2015 5:40 AM
0 Kudos

check if you have any duplicate SPN for

HTTP/boxi.domain.fr

HTTP/alias.otherdomain.priv


registered with any other ID

Show replies
Show replies
Ask a Question