Skip to Content

Enable SAP BI 4.2 IDT for Windows AD login

Hi,

My current environment is SAP BI 4.2 SP5 (Edge). I have enabled SAML SSO with Azure AD and also enabled Windows AD authentication for AD groups mapping. I have followed all the steps and can successfully login to client tools UDT, Wrbi Rich Client but CAN NOT login to IDT wih AD authentication. I get the below error message

Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)

I have also followed the below steps for enabling IDT for Windowd AD login:

  • Updated the InformationDesignTool.ini file in the server with the

-Djava.security.auth.login.config=C:\Windows\bscLogin.conf

-Djava.security.krb5.conf=C:\Windows\Krb5.ini

  • Updated the Tomcat JAVA option
  • Copied the bscLogin.conf and Krb5.ini to client machine
  • Amened the InformationDesignTool.ini filein the client by including the above statements
  • Followed all the online steps and SAP KB articles

After following all the steps IDT doesnt work with Windows AD. Please could you help me with the issue.

Regards,

Avinash

Add comment
10|10000 characters needed characters exceeded

  • I have fixed your tag, please select more careful next time.

  • To note both IDT and tomcat send manual AD logon attempts through the java SDK. So unlike UDT, WRC, you must have the java files (bsclogin.conf and krb5.ini). If those files are indeed working on tomcat (you can login manually to CMC, launchpad, etc) then they will work for IDT as the java logon part is the same.

    The main reasons that it would fail are...

    1. (typo) either the file(s) or the paths in the informationdesigntool.ini have a typo, it only requires 1 to cause the working files to fail (a missing -, incorrect character, .txt extension added when a file was saved, etc)
    2. if the IDT client cannot reach the same KDC/domain as tomcat. If you are in a multidomain environment or the IDT client is not properly attached to the domain, this could cause DNS resolution issues when attempting to use the correct configuration (while possible this is much less likely than #1

    -Tim

  • Follow
  • Get RSS Feed

2 Answers

  • Mar 28 at 04:33 PM

    You have to modify the files locally -- on the machine that IDT is running on, not the BO server.

    If you're still having trouble, the error log might provide more info. Before you log on, hit Alt+Shift Q L. Try the logon, then check the error log tab. You might find more useful info here.

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 28 at 04:49 PM

    Hi,

    Can you follow below SAP note.
    Try changing slash \ in file path to the one mentioned in note.

    https://launchpad.support.sap.com/#/notes/1621106

    Restart IDT

    Hope it helps.

    Thanks
    Ashraf

    Add comment
    10|10000 characters needed characters exceeded