cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enable SAP BI 4.2 IDT for Windows AD login

former_member604818
Explorer

on ‎03-28-2019 4:17 PM

0 Kudos

Hi,

My current environment is SAP BI 4.2 SP5 (Edge). I have enabled SAML SSO with Azure AD and also enabled Windows AD authentication for AD groups mapping. I have followed all the steps and can successfully login to client tools UDT, Wrbi Rich Client but CAN NOT login to IDT wih AD authentication. I get the below error message

Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)

I have also followed the below steps for enabling IDT for Windowd AD login:

  • Updated the InformationDesignTool.ini file in the server with the

-Djava.security.auth.login.config=C:\Windows\bscLogin.conf

-Djava.security.krb5.conf=C:\Windows\Krb5.ini

  • Updated the Tomcat JAVA option
  • Copied the bscLogin.conf and Krb5.ini to client machine
  • Amened the InformationDesignTool.ini filein the client by including the above statements
  • Followed all the online steps and SAP KB articles

After following all the steps IDT doesnt work with Windows AD. Please could you help me with the issue.

Regards,

Avinash

Show replies
Show replies
denis_konovalov
Active Contributor
‎03-28-2019 4:50 PM
0 Kudos

I have fixed your tag, please select more careful next time.

BasicTek
Advisor
Advisor
‎04-01-2019 12:38 PM
0 Kudos

To note both IDT and tomcat send manual AD logon attempts through the java SDK. So unlike UDT, WRC, you must have the java files (bsclogin.conf and krb5.ini). If those files are indeed working on tomcat (you can login manually to CMC, launchpad, etc) then they will work for IDT as the java logon part is the same.

The main reasons that it would fail are...

  1. (typo) either the file(s) or the paths in the informationdesigntool.ini have a typo, it only requires 1 to cause the working files to fail (a missing -, incorrect character, .txt extension added when a file was saved, etc)
  2. if the IDT client cannot reach the same KDC/domain as tomcat. If you are in a multidomain environment or the IDT client is not properly attached to the domain, this could cause DNS resolution issues when attempting to use the correct configuration (while possible this is much less likely than #1

-Tim

Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member456023
Contributor
‎03-28-2019 4:49 PM
0 Kudos

Hi,

Can you follow below SAP note.
Try changing slash \ in file path to the one mentioned in note.

https://launchpad.support.sap.com/#/notes/1621106

Restart IDT

Hope it helps.

Thanks
Ashraf

Show replies
Show replies
Joe_Peters
Active Contributor
‎03-28-2019 4:33 PM
0 Kudos

You have to modify the files locally -- on the machine that IDT is running on, not the BO server.

If you're still having trouble, the error log might provide more info. Before you log on, hit Alt+Shift Q L. Try the logon, then check the error log tab. You might find more useful info here.

Show replies
Show replies
Ask a Question