on 06-03-2015 7:31 AM
Hi Guys,
Hope you can help me with this issue.
I have BI 4.1 SP5 deployment on Tomcat with SSO for BI Launchpad fully working.
I installed Live Office on a Windows 7 client.
NOTE: I have also setup SSO for Live Office by following SAP Note:
1646920 - How to configure Web Services Single Sign-On (dswsbobje) with Tomcat for SAP BusinessObjects Business Intelligence platform 4+
When I try to connect to BI server through Enterprize authentication it is working. Can connect , browse content , embed reports into Excel.
BUT, when I try to connect with Windows AD with "Enable Windows Active Directory Single Sing On" option, I get below error:
The user account through which I try to do SSO login is a member of appropriate AD Group and CAN SSO to BI Launchpad with no problems.
With Live Office SSO I get above errors.
Any clues as to the cause of this error ?
Thank you for your feedback.
Regards,
Davor Mitrasevic
Do manual AD logins work with LO?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Josh,
Thanks for your prompt reply.
No, manual AD Logins do not work. LO Enterprize login does work.
Attached is my web.xml Filter section with my setup (sanitized domain):
In the above, please note idm.princ setting. At the moment, it is set as just my service account CMS41SVC2.
Now, SAP recommendations are contradictory in this respect:
SAP NOTE 1646920 states:
"idm.princ (the same as specified for idm.princ in the global.properties located at ..\Tomcat6\webapps\BOE\WEB-INF\config\custom"
BUT, the description for this setting in the web.xml itself states that:
"Set to the Kerberos service principal to use.This will be a name of the form HTTP/fully-qualified-host.ie. HTTP/example.vintela.com"
How should I actually set idm.princ setting ? .
Also, importantly, my client's network implement Reverse Proxy. The SAP Note 1203218 states that:
Note: In case there exists Proxy/Reverse Proxy in the network (which is likely to exist), you need to change ..\Tomcat\webapps\dswsbobje\WEB-INF\classes\dsws.properties to provide complete web service resource URL as follows:
wsresource1=ReportEngine|reportengine web service alone|http://server:port/dswsbobje/services/reportengine
wsresource2=BICatalog|bicatalog web service alone|http://server:port/dswsbobje/services/bicatalog
wsresource3=Publish|publish web service alone|http://server:port/dswsbobje/services/publish
wsresource4=QueryService|query web service alone|http://server:port/dswsbobje/services/queryservice
wsresource5=BIPlatform|BIPlatform web service|http://server:port/dswsbobje/services/biplatform
wsresource6=LiveOffice|Live Office web service|http://server:port/dswsbobje/services/liveoffice
wsresource7=SaveService|Save web service|http://server:port/dswsbobje/services/saveservice
Do I need to do these adjustments for Reverse Proxy ? Is this contributing to the problem I described above ?
Hi Josh,
I've fixed the problem with LO Single Sign On.
Cause of the error:
In the web.xml both Kerberos Proxy Filter (set the same settings in your global.properties) AND Kerberos Filter (filter mapping) lower in the document need to be commented in.
I did not have Kerberos Filter (filter mapping) commented in , hence the real configuration under the node of Kerberos Proxy Filter was not activated at all although it was correct !!!
Once I commented in the node Kerberos Filter (filter mapping) it all worked fine.
Thanks for your help guys.
check SAP note :-
1204819-How to troubleshoot LiveOffice Single Sign-On with Tomcat by using traces
1203218-How to configure Web Services Single Sign-On (dswsbobje) with Tomcat for clients such as Live Office, QaaWS and BI Widgets
1197361-Prerequisites for configuring LiveOffice Single Sign-On
Most importantly as mentioned by Josh Make Manual AD work first.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Raunak,
I've fixed the problem with LO Single Sign On.
Cause of the error:
In the web.xml both Kerberos Proxy Filter (set the same settings in your global.properties) AND Kerberos Filter (filter mapping) lower in the document need to be commented in.
I did not have Kerberos Filter (filter mapping) commented in , hence the real configuration under the node of Kerberos Proxy Filter was not activated at all although it was correct !!!
Once I commented in the node Kerberos Filter (filter mapping) it all worked fine.
Thanks for your help..
User | Count |
---|---|
82 | |
11 | |
10 | |
8 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.