Skip to Content
avatar image
Former Member

Business Objects trusted authentication with shibbolet

Dear all

I was trying to implement trusted auth following this blog

https://blogs.sap.com/2015/07/21/apache-shibboleth-sso-with-tomcat-for-bi-platform-using-trusted-authentication/

At the moment I'm stuck in the final step of of making trusted auth really working.

Integration between apache, shibboleth, and ADFS works. But when I run the page

https:\\mybobjsvil.fqdn\BOE\BI it gives error that my user is not recognized.

ADFS admin told me that he is passing the user ad UPN (name.surname@domain.com), I have created an enterprise account with the same reference and I try to logon but i receive the error.

It seems like shibbolet it's not passing the user in a right way. If I test it with QUERY_STRING it works but not with REMOTE_USER.

Any hint or help? something to change on shibbolet side and how?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Mar 14, 2017 at 06:14 PM

    remote_user requires BI to prompt the browser to perform spnego such as in KBA 1965433

    I'm not sure your username will be available in the same field but if so that KBA shows how to use the vintela libraries to force spnego. You are using a completely new way of trusted auth, but if the username is in the same place it might work... In that KBA you should only be concerned with the vintela piece and confirming trusted auth is setup properly with the query_string test.

    Regards,

    Tim

    Add comment
    10|10000 characters needed characters exceeded