Skip to Content
0
Former Member
Apr 15, 2014 at 08:37 AM

SAP BI 4.1 SP3 - Issue on WinAD/SSO

38 Views

Hello All,

I need some idea where to investigate and solve my issue on SAP BI 4.1 SP3 using WinAD with SSO authentification.

Normally, all is correctly setup :

  • Service Account is created (already used on another service)
  • Service Account is running TomCat and SIA
  • We create ServiceAccount.keytab
  • We setup kbr5.ini

[libdefaults]

default_realm = REALM

dns_lookup_kdc = true

dns_lookup_realm = true

default_tgs_enctypes = rc4-hmac

default_tkt_enctypes = rc4-hmac

udp_preference_limit = 1

[realms]

REALM = {

kdc = DCHOSTNAME.REALM

default_domain = REALM

}

  • and bscLogin.conf files

com.businessobjects.security.jgss.initiate {

com.sun.security.auth.module.Krb5LoginModule required debug=true ;

};

  • We create *.properties files

global.properties

sso.enabled=true

siteminder.enabled=false

vintela.enabled=true

idm.realm=REALM

idm.princ=SPN

idm.allowUnsecured=true

idm.allowNTLM=false

idm.logger.name=simple

idm.logger.props=error-log.properties

idm.keytab=C:/Windows/ServiceAccount.keytab

idm.allowS4U=true

  • We change the TomCat Java option

-Djava.security.auth.login.config=C:\Windows\bscLogin.conf

-Djava.security.krb5.conf=C:\Windows\krb5.ini

-Dcom.wedgetail.idm.sso.password=*****

-Djcsi.kerberos.debug=true

  • During Tomcat Boot, we obtain Credentials
  • kinit is ok
  • AD/SSO connection is OK using Designer (for instance)
  • AD/SSO connection is not working on launchPad :

I need some idea, to control and solve this issue.

Best regards

Laurent