Skip to Content

Enabling end-to-end SSO and ktpass

I am currently using Active Directory SSO for BI lauch pad, having followed Steve Fredell's document "Configuring Active Directory Manual Authentication and SSO for BI4".

I have now been tasked with enabling end-to-end SSO for some Oracle data sources.

Based on Steve's document, the configuration is slightly different for end-to-end SSO. Specifically, the execution of ktpass includes the mapuser option:

ktpass -out bosso.keytab -princ BICMS/service-account-name@REALM.COM –mapuser service-account-name@REALM.COM –pass service-account-password -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

instead of:

ktpass -out bosso.keytab -princ service-account-name@REALM.COM –pass service-account-password -kvno 255-ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

There are also two related changes in

My question is this: having already set up SSO, what will happen when I execute ktpass again with the mapuser option? From what little I've read, ktpass will update the service account in AD in addition to generating the file. I'm afraid that at the moment ktpass is executed, my running BI environment will fail to perform SSO, until the changes are made and the services restarted. If this is the case, I will need to schedule downtime for my BI system in order to have the ktpass command executed and the configuration changes made.

Can anyone confirm if my fears are valid?

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Best Answer
    Posted on Jul 22, 2016 at 08:48 AM

    You will have to take downtime to perform this activity.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.