cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BW SSO to BO - No longer working for new users

Former Member

on ‎04-08-2016 8:44 AM

0 Kudos

Hi experts,

We are currently facing a strange behavior in our BI environments.

We have set up SAP authentication and SSO from BW to BO according to this documentation "How to setup SSO against SAP BW with SAP BO BI4.0"

And it worked fine according to KBA 1767629.

However, since a few days, all the new users for which we have created an Enterprise account aliased with an SAP account fail to leverage the SSO connection to BW data through BICS.

Strangely, we are still able to leverage SSO with all the accounts created a few months ago.

So far, we've checked roles in BW and permissions in BO (all users have the exact same profile) and almost all the steps from note 1976414 seem to be fine.

Any lead on what could be wrong?

Thanks in advance for your expertise.

Regards,

Elodie

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (7)

Answers (7)

Former Member
‎04-21-2016 1:54 PM
0 Kudos

Last update on this post before closing it.

I used the BIsupportTool to reconfigure SSO from scratch and it did trick.

So thanks all for your support.

Regards,

Elodie

Show replies
Show replies
sateesh_kumar1
Active Contributor
‎04-21-2016 2:56 PM
0 Kudos

HI Elodie,

Just curios to know ,Can we configure SSO using BI Support Tool ?  can you explain / point me how to do it ?

Thank you .

Former Member
‎04-22-2016 7:15 AM
0 Kudos

Hi Sateesh,

I think it is a fairly recent feature of the tool (version 2.0.3).

All you need to do log on to your CMS, and perform an analysis on authentication ("create report" tab). This will tell you if a certificate or a keystore is found. (however, there are records on the SNC saying that the analysis can be bugged).

Then, go to "Authentication wizards" tab and choose SAP. Then select the appropriate wizard and just follow the instructions and spam the "next" button

For the STRUST part, the wizard generates an email and a word tutorial telling your basis team what to do.

I could however find one little negative point to the tool, you cannot set a custom validity for your certificate. But, I am okay with it being a 10-year validity.

Regards,

Elodie

sateesh_kumar1
Active Contributor
‎04-22-2016 8:04 AM
0 Kudos

Thank you very much Elodie for explaining .

Former Member
‎04-21-2016 8:16 AM
0 Kudos

Hi again,

I checked STRUSTSSO2 in BW just to make sure that it wasn't the certificate expiring or something alike.

I noticed that for QA and DEV, there is an error message when I try to switch from Display to Edit mode : "PSE missing on database".

For Production, I can switch mode.

Could that be a new lead?

Thanks for your help.

Elodie

Show replies
Show replies
Former Member
‎04-21-2016 12:16 PM
0 Kudos

Hi Elodie,


You can follow the link below to configure SSO.


https://wiki.scn.sap.com/wiki/display/BOBJ/How+to+setup+SSO+against+SAP+BW+with+SAP+BO+BI4.0+Common+...

~Swapnil

Former Member
‎04-19-2016 11:44 AM
0 Kudos

Hi Elodie,

can you check whether BW sso is working for sap users without assigning / before assigning alias to enterprise user.

if sso is working then there is a problem in assigning alias.

else if sso is not working for sap users then it a problem with configuration.

can you also try assigning alias after updating the entitlement and roles section in sap authentication.

Thanks

Ashraf

Show replies
Show replies
Former Member
‎04-19-2016 2:55 PM
0 Kudos

Hi Ashraf,

Yes, SSO is working fine when I connect through SAP authentication with user without enterprise alias and with alias.

I mention again that for the users I created last November, SSO works fine with Enterprise accounts. Only newer users have the issue.

Thanks

Elodie

sateesh_kumar1
Active Contributor
‎04-18-2016 12:02 PM
0 Kudos

HI Elodie ,

Can you try log in using SAP authentication with the user ?

Check connection type using for the OLAP connection ? it could be other than SSO!

I wonder why enterprise alias not getting created for SAP users ? It should work .

any updates happened to your BW systems recently ? If yes , try re configuring SSO as suggested by team .

Show replies
Show replies
Former Member
‎04-18-2016 12:35 PM
0 Kudos

Hi Sateesh,

OLAP connection works perfectly fine when using SAP authentication.

As for the second point you mentionned, we actually had maintenance on the BO server recently as we installed add-ons (analysis, lumira). However, the issue is only happening on Dev and QA environment, Prod works fine.

I've asked the admin to reconfigure SSO from scratch and will keep you posted.

Regards

Elodie

sateesh_kumar1
Active Contributor
‎04-18-2016 1:14 PM
0 Kudos

If there is no update at BW , we could better step back and raise incident to SAP.

updating BO addins shouldn't cause SSO issue !!

Did you log in with the same user using SAP authentication which has problem in refreshing the report ?

Former Member
‎04-12-2016 10:50 AM
0 Kudos

Hi Elodie,

On top of all the suggestion made by others can you check once for the Timestamp between your BO and BW systems and make sure both are in sync.

Rgds,

Sethu.

Show replies
Show replies
Former Member
‎04-14-2016 2:39 PM
0 Kudos

Hi Sethu,

No sync problem between the systems.

Regards,

Elodie

former_member205064
Active Contributor
‎04-08-2016 10:38 AM
0 Kudos

Does the new user has "initail" password set at BW.?

Are these user able to login in sap gui and then SSO failing for them in BO?

What is the password policy for these user on BW?

Update the SAP Authentication tab and then try SSO

Show replies
Show replies
Former Member
‎04-08-2016 11:00 AM
0 Kudos

Hi Raunak kumar,

Please find the answers to your questions:

Does the new user has "initail" password set at BW.?

No, users have been using BW for a while so their passwords have already been changed via SAP LOGON.

Are these user able to login in sap gui and then SSO failing for them in BO?

Actually, connection to BO via SAP authentication works fine. But SSO fails when using AOLAP after a connection via Enterprise authentication.

What is the password policy for these user on BW?

Password never expires

Update the SAP Authentication tab and then try SSO

Pushed "update" button in SAP authentication tab, then updated roles in last tab (though this task is scheduled every hour on our servers).

Hope it helps!

Thanks

Elodie

former_member205064
Active Contributor
‎04-08-2016 11:02 AM
0 Kudos

I understand it works as per 1767629.

I will still suggest to re configure from scratch.

Former Member
‎04-08-2016 11:24 AM
0 Kudos

Hi Elodie,

I would sugegst to try the following steps.

Note: Follow the steps below for only one enterprise user at first.

- Delete the SAP alias of a single problematic user.

- Go to SAP Roles tab and update it.

- Check the same user's properties whether the update of SAP plugin has added an SAP alias to that user or not.

- If added then test the report and connection with SSO.

If you still face the same issue then go with what Rauni has suggested.

~Swapnil

Former Member
‎04-08-2016 12:46 PM
0 Kudos

Hi again,

I'm not quite sure I understand the 3rd step.

Check the same user's properties whether the update of SAP plugin has added an SAP alias to that user or not.

Does it mean that the alias should be automatically added to the Enterprise User?

Currently, updating the SAP roles re-creates the BW user with sec:SAP. I have to assign it manually to the Enterprise user.

What am I missing here?

Elodie

Former Member
‎04-08-2016 5:56 PM
0 Kudos

Hi,

Yes that's correct, update the SAP plugin and assign an enterprise alias to the SAP user(Make sure you perform these steps for the problematic user only).

~Swapnil

Former Member
‎04-14-2016 2:58 PM
0 Kudos

Hi Swapnil,

I cannot assign an enterprise alias to the SAP user. I can only do it the other way arround.

Maybe this is the issue. The account manager tab in the user properties panel is not responsive.

Elodie

Former Member
‎04-18-2016 10:06 AM
0 Kudos

Hi Elodie,


So did you try to add an SAP alias to enterprise user? If is not allowing you to add an eterprise alias to SAP user.


~Swapnil

Former Member
‎04-18-2016 10:15 AM
0 Kudos

Hi Swapnil,

This is exactly what I did.

I assigned a SAP alias to the Enterprise account.

The SSO worked for a while, then when my colleague logged off, the SSO for BICS connection just wouldn't work anymore.

Maybe it's a matter of cache?

Regards,

Elodie

Former Member
‎04-18-2016 10:41 AM
0 Kudos

Hi Elodie,

Well in that case I would suggest you to reconfigure SSO.

~Swapnil

Former Member
‎04-08-2016 10:23 AM
0 Kudos

Hi Elodie,


Could you please share the screenshots for the below workflows? Also please ensure that you have assigned SAP aliases to the problematic enterprise users.


  1. Test the reports with SSO connections for the same problematic user.
  2. Test the connection with the same problematic user.

~Swapnil

Show replies
Show replies
Former Member
‎04-08-2016 10:52 AM
0 Kudos

Hi Swapnil,

Thanks for the reply.

Here's the result of the tests performed as per your request.

Hope it helps!

Feel free to ask for more info if needed.

Thanks

Elodie

Ask a Question