Skip to Content
avatar image
Former Member

SAP BO 3.1 SP5 Manual AD Authentication works but SSO does not

We followed @tim.ziemba document SSO Kerberos XI 3.1 SP 3 or later

Issue :

InfoView Manual Authentication for all Windows AD Users but SSO Does not

Please help.

let me know if you need additional information.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Apr 25, 2017 at 05:50 PM

    did you get the credentials obtained in the tomcat logs? Is SSO failing with a login screen, or is there an error. An error indicates SSO is actually enabled, and your AD configuration is probably incorrect (SPN's delegation, DNS, values in global.properties, etc), login screen can mean SSO isn't enabled (check for credentials obtained) or sometimes also means the AD configuration is incorrect.

    Regards,

    Tim

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 08, 2017 at 06:49 AM
    Hi Tim, No failing error messages, it is prompting to main page, after entering windows ad credentials manually it is working fine. But sso is enabled in CMC and also correct DNS values in properties files. I have verified the logs and not showing credentials obtained. Please suggest other any settings need to check. thanks
    Add comment
    10|10000 characters needed characters exceeded

  • May 17, 2017 at 02:48 PM

    no credentials obtained means that the value for idm.princ@IDM.REALM in your global.properties is not working, or you don't have

    -Djcsi.kerberos.debug=true in your tomcat java options. With that tracing enabled, tomcat restarted (preferably delete any old logs) KBA 1631734 instructs to look for credentials obtained. If that fails the values in the global.properties are not correct (lok for typos, spaces, etc)

    Regards,

    Tim

    Add comment
    10|10000 characters needed characters exceeded