Skip to Content
Former Member
Jan 30, 2014 at 06:39 AM

SSO in BI 4.1 is not loading users from Windows AD


Hello SAP Gurus!,

I have working on setting up a SSO using the document "Configuring Active Directory Manual Authentication and SSO for BI4" and BI 4.1, SP2 and patch 1, but unfortunately I could not make it work. I will explain you my situation and where I got stuck starting presenting the scenario we have:

· MS Windows Server 2012 Standard

· Oracle 11g ( clients 32 and 64 bits installed.

· Java 6.1 32 and 64 bits

· BI platform 4.1 SP2 patch 1 up and running

· Client tools 4.1 SP2 installed and working (basically, we can connect to the universes and repos).

· Cluster in a separate server up and running with the same BI platform and patches.

The servers are running properly after applying the sizing and we test them without any major issue. Then, we started the SSO implementation by creating the services account following the document mentioned. Once we had the service account set up in AD we went to the CMC in order to fill the information needed for the Windows AD authentication. By following the document, we filled all the info. Properly and we saved it and updated it.

After that, the issue came up (page 8); in the authentication panel you can see how the CMC could resolve the “group name” which is in the AD, but when you go to the Window AD group in CMC there are no users. In addition, the AD server has a different encryption that the one mentioned in the document attached which is AES and not RC4 (page 4, Prerequisites). I have been trying many things to solve this issue, but none worked.

· Open CMC and some other ports in the Windows AD Server

· Try to load a different group

· Give full read right to our Service account

· We have changed the Kerberos encryption from AES to RC4

· We queried window AD from BO’s server manually from the console and it was retrieving the group and the users inside.

· We have changed the Java version; previously it was 7.45 and now is 6.1

· As always, restarting the SIA and restart the whole server.

Finally, we went to see the Window Events and we could observe that the CMC was fetching the group and the users, but it did not load them in the application. At this point, I ran out of ideas. For this reason, I would like to ask you if someone has faced this issue before or could give some advices or tricks or places to look at.

Any idea will be more than welcome.