Skip to Content
0
Aug 21, 2013 at 03:35 PM

BO 4.0 SSO - External Forest Manual AD Works, SSO Does Not

44 Views

Hello everyone, I've been researching this for weeks now without a solution. Basically, we have a multi-forest AD architecture and would like to use SSO on the BI Launchpad for all domains. Manual and SSO AD Authentication is working for the default domain and all child domains, however, ONLY manual AD authentication works on external forests (which have a two-way transitive trust, btw).

This tells me that the general SSO config is correct, plus the KRB5.ini file must be correct because manual authentication is also working to the external forests. I've tried using AD groups in the default domain (with the external forest users) and using AD groups WITHIN the external forest as well - in other words, I've mapped into BOBJ CMC using both methods, neither of which work for SSO (but DO work for manual AD auth). Kinit works for all domains and domain users as well.

I've looked at the following notes and documents as well and haven't found a solution. Has anyone else gotten external forest SSO authentication working in this scenario? Thanks!!

SAP Articles -

https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3131393939393526

https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3133323333393126

https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3132343531373826

https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3136333137333426

Threads

http://scn.sap.com/thread/2044457