on 10-17-2013 2:25 PM
Hello Experts,
I have recently installed BI4.1 SP1 on Win 2008 R2 server and implemented Windows AD authentication along with Single Sign On.
I'm able to logon to the BI LaunchPad and CMC using Win AD authentication/SSO from the server as well as client machine.
I'm able to logon to the server through the client tool using Win AD authentication/SSO when I'm on the Server.
But when I try to login to the Client Tool on the Client Machine, I'm not able to login using Win AD authentication.
I'm not able to understand why. I follow the Win AD and SSO steps from the Admin guide. What else do I need to configure to connect to the servers using the client tools?
Thanks in advance.
Edit the file: install_dir\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win32_x86\InformationDesignTool.ini.
Add the following lines to the end of the file:
-Djava.security.auth.login.config=path-to-bsclogin/bscLogin.conf
-Djava.security.krb5.conf=path-to-kerberos/krb5.ini
Copy the two files bscLogin.conf and krb5.ini from the server or the other Working Client Machine.
Now try login to IDT with AD Authentication.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We have 4.0 environment and we have not done anything for windows AD authentication. I guess same would work on 4.1 as well ( in process of implementing 4.1).
Make sure windows firewall is disabled or set correctly
make sure to login with user@domain_name
Is it working fine with enterprise id ?
Thanks!
Hi,
can you logon on the Server with an Enterprise User?
I guess we have a Firewall issue here. Please consider also the Windows Firewall if your BI 4.1 is running on Windows.
Go to the CMC and assign the CMS a request Port (Lets say 6401). Open Port 6400 and 6401 on all Firewalls betwees your Client and the BI 4.1 Server. If you are now able to logob continue with the Request Port assignment on all BI 4.1 Services. Also let these Ports open.
Regards
-Seb.
Go to Control Panel and look out for firewall. Check whether its ON. Look into the settings for network. Select OFF and find whether it works out.
Look for alternatives such as Anti-virus. Ensure that the site has been updated on exception list. This should help.
Do update the hosts file to ensure proper communication.
In addition to this, now that you mentioned Enterprise login is not working, can we confirm that the CMS Db is available and you are able to login at server level.
The steps mentioned above should help to resolve the communication problem.
Message was edited by: Arvind Pandalai
Hi Jawahar,
We have same problem with SAP BI4.1 SP01.
After using your recommendations I got the AD working and I can log in with AD user.
The problem is non working SSO connection.
For example: every time when I want to open session, I have to provide password.
Does anyone have solution for this problem?
BR,
Jana
This message was moderated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Experts,
Please help me, as when i restart my CMS server it is showing me on Stopping state since last night.
Please suggest me with the steps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This post should be closed. What this user wants is SSO with IDT and as mentioned above by myself and supported by Arvind this is not possible currently as of SAP BI 4.1 SP1.
Mr Izak, could you please mark the replies as correct answer so this post can be closed?
Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ha I see, seems to be a two different cases here.
Mr. Izak: In your case, if I read the above properly, the IDT is not working either for AD or Enterprise is that correct?
I guess IDT is working fine on the server?
Here is an easy test you can do to see if there are any firewall issues:
1- On the workstation, try to do this in the command prompt:
telnet server_name 6400
telnet server_name XXXX (that port is the requestport. You can find it in the Metrics of the CMS in the CMC.
If telnet returns an error, then there is no communication.
If telnet goes to a black screen and does nothing, then it's working.
Let me know and sorry for the confusion with Jana.
Hi Patrick,
It is not just IDT, but all the client tools....I can login to any client tools on the server but not on the client machine..
I did the telnet command and it returned blank screen...Still not able to log on to client machine..
It errors out with message " Server servername not found or server may be down".
I even tried adding the IP address and Server name of the BOE Server on my local machine in the host file...But still no luck...
Neither the Enterprise authentication nor the win AD is working..
any idea?
If those 6400-6410 ports are opened, you will still need to do what Seb suggested: go to CMC > Servers > CMS > Properties and change the reply port to, say, 6401 and restart the CMS. As you authentication process from the client will call on 6400 and do a handshake on 6401. If you dont set that port, it will a random different port which will be blocked by the firewall.
The above will just confirm that you can log on.
Do not try to import or export anything from the FRS as they have their own ports which will need to be set to a unique value - say 6402 for the input FRS and 6403 for the output FRS.
This message was moderated.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Which client tools do you have problem with?
Some are JAVA: IDT, RCT, more
Some are Web Services: Widgets, QAAWS, Live Office, more
Some are Windows: Designer, more
If they all fail they I agree with Arun, it's likely a firewall issue.
If some do work, then let's take it from there!
Thanks,
Pat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Unfortunately, you can't have silent AD SSO with the IDT.
You will have to write your AD username / password manually.
Somebody has already created a post on SAP Idea Place. Let's see where that takes us!
I found a note which mentions that AD SSO in IDT is not supported presently.
Refer: 1865952 - Unable to perfrom a Windows AD Single Sign-On login to
Information Design Tool
The note was created in May '13. You may raise a ticket with SAP support with the latest inputs for this issue.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.