Skip to Content
avatar image
Former Member

SSO on WinAD not working with full name

Hi,

I've successfully configured the SSO on a new BI4.1 SP6.3, but it works only with the hostname (eg http://boxi:8080/BOE/BI ), not with the FQDN (http://boxi.domain.fr:8080/BOE/BI ), not with an alias on the server ( http://alias.otherdomain.priv:8080/BOE/BI), and not with the IP.

Is it supposed to work, is there a hope, am I missing some configuration? Putting the FQDN in the trusted zone in IE does not work.

We hope to make it work with IE and Firefox...

Any idea? Thanks!

I've setup the setspn this way:

setspn -a BOEXI40SIABOXI/adminbo.domain.fr adminbo
setspn -a HTTP/boxi adminbo
setspn -a HTTP/10.1.2.3 adminbo
setspn -a HTTP/boxi.domain.fr adminbo

setspn -a HTTP/alias.otherdomain.priv adminbo

Config : BI 4.1 SP6.3

Windows AD

IE10, last Firefox ESR

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Nov 03, 2015 at 05:40 AM

    check if you have any duplicate SPN for

    HTTP/boxi.domain.fr

    HTTP/alias.otherdomain.priv


    registered with any other ID

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 03, 2015 at 06:03 AM

    Hi Christophe,

    Please follow the KBA 1311166 to find the duplicate SPNs in the netwrok.

    If it does not work even after following Raunak's suggestion then follow the steps below.

    - Delete the SPN: HTTP/boxi.domain.fr

    - Create the SPN: HTTP/BOXI.DOMAIN.FR

    - Restart the application server and test the SSO.

    ~SwapnilY

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Christophe,


      Yes, it works absolutely fine with the FQDN,IP and alias. We have configured this many a time and it worked for us.


      If we have HTTP SPNs for the IP, FQDN and alias then it should work. At the time of launching SSO it looks for the HTTP SPNs for the URL specified in the browser.


      There are many other things which come into the picture for SSO. You would need to investigate it further.


      Since the SSO is working fine with the hostname then it should work with IP and FQDN as well. You may get issues with alias though.


      ~SwapnilY