Skip to Content
0
Jun 29, 2020 at 10:16 PM

Chrome SSO - global.properties

158 Views

Hello

We will be setting up SSO for Chrome browser, one of the pre-requisites is to have constrained delegation (we have unconstrained delegation)

I was going through the SAP notes 2182400 - Setting up constrained delegation in BI 4.x

Which states that in global.properties we have to provide idm.princ with SPN values (one setup in CMC > Windows AD) for example idm.princ=BICMS/serviceaccount.domain.com

However as per 2629070 - How to Securely Integrate BI 4.x with Windows Active Directory and SSO in Distributed Environments - Master KBA and Best Practice

We have to provide service account name, example idm.princ=serviceaccount (this is how we are currently setup with SSO working in IE)

  1. Which one of above should be used ?
  2. Are there any known issues of SSO2DB (we use E2E SSO to SQL Server) breaking due to constrained delegation ?

Tim Ziemba your insight would be appreciated