Hi Guys,
Hope you can help me with this issue.
I have BI 4.1 SP5 deployment on Tomcat with SSO for BI Launchpad fully working.
I installed Live Office on a Windows 7 client.
NOTE: I have also setup SSO for Live Office by following SAP Note:
1646920 - How to configure Web Services Single Sign-On (dswsbobje) with Tomcat for SAP BusinessObjects Business Intelligence platform 4+
When I try to connect to BI server through Enterprize authentication it is working. Can connect , browse content , embed reports into Excel.
BUT, when I try to connect with Windows AD with "Enable Windows Active Directory Single Sing On" option, I get below error:
The user account through which I try to do SSO login is a member of appropriate AD Group and CAN SSO to BI Launchpad with no problems.
With Live Office SSO I get above errors.
Any clues as to the cause of this error ?
Thank you for your feedback.
Regards,
Davor Mitrasevic
- SAP Managed Tags:
Accepted Solutions (1)
Hi Josh,
Thanks for your prompt reply.
No, manual AD Logins do not work. LO Enterprize login does work.
Attached is my web.xml Filter section with my setup (sanitized domain):
In the above, please note idm.princ setting. At the moment, it is set as just my service account CMS41SVC2.
Now, SAP recommendations are contradictory in this respect:
SAP NOTE 1646920 states:
"idm.princ (the same as specified for idm.princ in the global.properties located at ..\Tomcat6\webapps\BOE\WEB-INF\config\custom"
BUT, the description for this setting in the web.xml itself states that:
"Set to the Kerberos service principal to use.This will be a name of the form HTTP/fully-qualified-host.ie. HTTP/example.vintela.com"
How should I actually set idm.princ setting ? .
Also, importantly, my client's network implement Reverse Proxy. The SAP Note 1203218 states that:
Note: In case there exists Proxy/Reverse Proxy in the network (which is likely to exist), you need to change ..\Tomcat\webapps\dswsbobje\WEB-INF\classes\dsws.properties to provide complete web service resource URL as follows:
wsresource1=ReportEngine|reportengine web service alone|http://server:port/dswsbobje/services/reportengine
wsresource2=BICatalog|bicatalog web service alone|http://server:port/dswsbobje/services/bicatalog
wsresource3=Publish|publish web service alone|http://server:port/dswsbobje/services/publish
wsresource4=QueryService|query web service alone|http://server:port/dswsbobje/services/queryservice
wsresource5=BIPlatform|BIPlatform web service|http://server:port/dswsbobje/services/biplatform
wsresource6=LiveOffice|Live Office web service|http://server:port/dswsbobje/services/liveoffice
wsresource7=SaveService|Save web service|http://server:port/dswsbobje/services/saveservice
Do I need to do these adjustments for Reverse Proxy ? Is this contributing to the problem I described above ?
Answers (1)
| User | Count |
|---|---|
| 82 | |
| 11 | |
| 10 | |
| 8 | |
| 6 | |
| 6 | |
| 6 | |
| 6 | |
| 5 | |
| 5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.