Skip to Content
Aug 21, 2013 at 03:35 PM

BO 4.0 SSO - External Forest Manual AD Works, SSO Does Not


Hello everyone, I've been researching this for weeks now without a solution. Basically, we have a multi-forest AD architecture and would like to use SSO on the BI Launchpad for all domains. Manual and SSO AD Authentication is working for the default domain and all child domains, however, ONLY manual AD authentication works on external forests (which have a two-way transitive trust, btw).

This tells me that the general SSO config is correct, plus the KRB5.ini file must be correct because manual authentication is also working to the external forests. I've tried using AD groups in the default domain (with the external forest users) and using AD groups WITHIN the external forest as well - in other words, I've mapped into BOBJ CMC using both methods, neither of which work for SSO (but DO work for manual AD auth). Kinit works for all domains and domain users as well.

I've looked at the following notes and documents as well and haven't found a solution. Has anyone else gotten external forest SSO authentication working in this scenario? Thanks!!

SAP Articles -